Privacy Policy

Privacy Policy

GMO Internet, Inc. (hereinafter referred to as "the Company") recognizes that, due to the nature of the internet industry, we are entrusted with vast amounts of personal and other critical information. Therefore, we acknowledge the necessity of not only complying with all applicable laws and regulations but also conducting our business with high ethical standards to earn the trust of society. Accordingly, in acquiring, using, and handling customers' personal information, we comply not only with relevant personal data protection laws but also with guidelines established by regulatory authorities, industry associations, and country-specific regulations. Furthermore, we actively engage in personal information protection initiatives in cooperation with distributors, industry associations, and administrative agencies related to the businesses operated by our services to earn and maintain the trust of our customers.

Through strict protection of personal and other critical information, we aim to safeguard our services, customers, and partners (employees), while continuing to create "smiles" and "inspiration" for everyone involved and striving for continuous growth.

Privacy Policy of GMO Internet, Inc.

GMO Internet, Inc. (hereinafter referred to as "the Company") recognizes its significant role in protecting personal information when operating its Internet infrastructure and Internet advertising & media businesses. Accordingly, we have established the following "Policy on the Handling of Personal Information" and are committed to ensuring company-wide compliance.

Furthermore, we actively collaborate with distributors, industry associations, and administrative agencies related to the Internet infrastructure and Internet advertising & media businesses operated by the Company to earn customer trust and strengthen our efforts in personal information protection.

• 1. Policy on the Handling of Personal Information
• 2. Usage Purposes of Personal Information
• 3. Provision of Information to Third Parties and Shared Usage
• 4. Proper Acquisition of Personal Information
• 5. Disclosure of Personal Information
• 6. Anonymous Processed Information
• 7. Pseudonymized Information
• 8. Personal Related Information
• 9. Claims and Inquiries

1. Policy on the Handling of Personal Information

Our company complies with applicable laws, the "Guidelines for the Protection of Personal Information in Telecommunications Business" (hereinafter referred to as "the Guidelines"), and internal regulations. We appropriately manage and protect personal information handled in the course of business activities to ensure that our customers, business partners, shareholders, and our executives and employees (hereinafter referred to as "employees")—as well as all other related stakeholders (hereinafter referred to as "customers, etc.")—can trust and rely on our personal information protection system. Accordingly, we have established the following privacy policy to enhance and operate this system effectively.

Compliance with Laws and Regulations

We comply with the Act on the Protection of Personal Information (hereinafter referred to as "the Act"), the provisions of the Telecommunications Business Act related to the confidentiality of communications, other related laws and regulations, the Guidelines, and this Privacy Policy in the acquisition, use, and handling of personal information.

Specification and Publication of Purpose of Use

We specify the purposes for which we use the personal information we obtain as much as possible and disclose them in advance. The purposes of use of personal information collected in each service are listed in Section 2, "Purposes of Use of Personal Information," for each service.

Use Within the Scope of the Purpose of Use

We handle personal information only within the scope necessary to achieve the predetermined and disclosed purposes of use. However, if the case falls under any of the provisions of Article 18, Paragraph 3 of the Act and Article 5, Paragraph 3 of the Guidelines, personal information may be handled beyond the scope necessary to achieve the predetermined and disclosed purposes of use.

Retention Period

Unless otherwise stipulated by law, we will determine the retention period of personal information within the scope necessary for the purposes of use and will promptly delete personal information after the expiration of the retention period or upon achieving the purposes of use. However, this does not apply in cases that fall under any of the provisions of Article 10, Paragraph 1 of the Guidelines.

Security Management Measures

We take necessary and appropriate security management measures to maintain personal information accurately and up to date and to protect it from unauthorized access, alteration, leakage, loss, or damage. When handling personal information in foreign countries, we understand the personal information protection systems of those countries and implement necessary and appropriate security management measures.

If you wish to request disclosure of details, we will promptly respond to your request. Please contact the inquiry desk listed in Section 9, "Inquiries and Complaints Contact."

Supervision of Employees

We conduct necessary and appropriate supervision of employees to ensure the secure management of personal information. Additionally, we provide necessary training and education to employees to ensure the proper handling of personal information.

Supervision of Contractors

We may entrust the handling of personal information, in whole or in part, to third parties within the scope of the purposes of use. When selecting contractors, we verify that they properly handle personal information and require them to do so. Furthermore, we implement necessary and appropriate supervision of contractors, including incorporating provisions related to audits on the handling of personal information in contracts.

Provision to Third Parties and Shared Use

Except in cases where stipulated in Article 27, Paragraph 1 of the Act, Article 15, Paragraph 1 of the Guidelines, and other applicable laws, we do not provide personal information to third parties without obtaining your consent. We also create and retain records of the provision of personal information to third parties and records of confirmation when receiving personal information from third parties (hereinafter collectively referred to as "Records of Third-Party Provision"). If you wish to request disclosure of these records, please make your request in accordance with the procedures described in Section 5, "Disclosure of Personal Information."

However, disclosure does not apply in cases that fall under Article 9 of the Enforcement Ordinance of the Act on the Protection of Personal Information.

If the recipient of the personal information falls under the provisions of Article 27, Paragraph 5 of the Act and Article 15, Paragraph 10 of the Guidelines, we may entrust, provide, or jointly use personal information with specified parties without obtaining prior consent. Details regarding jointly used personal information, purposes of use, and responsible managers for the jointly used personal information are listed in Section 3, "Provision of Information to Third Parties and Shared Use."

Requests for Disclosure, etc.

If you wish to be informed of the purpose of use of your personal information, request disclosure, correction, addition, deletion, suspension of use, or suspension of provision to third parties, or request disclosure of records related to the provision to third parties, please make your request in accordance with our prescribed procedures. The procedures for requesting disclosure of personal information are described in Section 5, "Disclosure of Personal Information."

Handling of Complaints

We will respond promptly and appropriately to complaints and other inquiries from customers regarding the handling of personal information. The contact details for complaints and inquiries are listed in Section 9, "Inquiries and Complaints Contact."

Response to Leakage Incidents

In the event of a leakage or other incident involving personal information, we will promptly notify the affected customers of the facts and take swift and appropriate action.

Continuous Improvement

We strive for continuous improvement in our internal handling of personal information through the enhancement of internal regulations regarding personal information protection, employee training, and internal audits.

2. Usage Purposes of Personal Information

Our company discloses the purposes of use of personal information for each of the following products and services. [Japanese version only]

3. Provision of Information to Third Parties
and Shared Usage

We provide and share personal information with third parties in cases stipulated by laws and regulations and in the cases disclosed below. When providing personal information to third parties located in foreign countries, we also disclose the name of the country, the personal information protection system in that country, and the measures taken by the recipient third party to protect personal information in accordance with Article 28, Paragraphs 1 and 2 of the Act.

When Personal Information is Shared

In the Case of Group Companies

1. Scope of Shared Use

   Our group companies
   https://www.gmo.jp/en/company-profile/groupinfo/ ※This refers to the affiliated companies and subsidiaries listed at the above URL. The same applies hereinafter.
   ※Group companies may be newly established, consolidated, or reorganized in the future. Please check the above URL for the latest information.

2. Purpose of Use

   The purposes of use shall be within the scope defined by each group company and shall be common to all companies utilizing shared data.

3. Items of Personal Information to be Shared

   Name, address, email address, phone number, contract information, and other items necessary for the above purposes of use.

4. Managing Entity

   GMO Internet Group, Inc. (Representative: Group CEO Masatoshi Kumagai)

In the Case of Non-Group Companies

The required disclosures are listed below. [Japanese version only]

Currently, there are no applicable cases.

When Providing Personal Information to Third Parties

The required disclosures are listed below. [Japanese version only]

4. Proper Acquisition of Personal Information

We acquire personal information only as necessary and through appropriate measures.

5. Disclosure of Personal Information

1)

We will respond promptly and reasonably to requests from individuals seeking disclosure, correction, deletion, notification of the purpose of use of their personal information (excluding information obtained from shareholders), or disclosure of records of provision to third parties, in accordance with Article 37 of the Act. If no such personal information exists, we will notify the individual without delay. (For matters concerning personal information obtained from shareholders, such as name changes or dividend transfer instructions, please contact Sumitomo Mitsui Trust Bank, Limited, our shareholder registry administrator. For details, refer to the shareholder inquiry section in 9. Inquiries and Complaints Contact.)

2)

Requests for disclosure, etc., must be made using the procedures outlined below. Please note that we do not accept requests via telephone, fax, email, face-to-face meetings, or visits from our representatives.

Download and print the required form from the list below:

• Personal Information Disclosure Request Form
• Personal Information Correction/Deletion Request Form
• Notification of Purpose of Use Request Form
• Third-Party Provision Record Disclosure Request Form

Complete the required information on the downloaded form.

If you are making the request in person, please prepare the following documents:

1. An original copy of your Certificate of Residence or an original copy of your Alien Registration Record (issued within one month of the request date).

2. One of the following:

(ⅰ) Copy of Driver’s License
(ⅱ) Copy of Passport
(ⅲ) Copy of Health Insurance Card
(ⅳ) Copy of Pension Book
(ⅴ) Copy of Residence Card

If a proxy (other than a legal representative) is submitting the request, please prepare the following documents:

1. An original copy of the Certificate of Residence of the person making the request.

2. A Power of Attorney document.

3. An original copy of the Seal Registration Certificate used for the Power of Attorney.

If a legal representative is submitting the request, please prepare the following documents:

1. An original copy of the Certificate of Residence of the person making the request.

2. A document proving the legal representative’s qualifications (such as a complete or partial family register, a certificate from a family court, or a certificate of registered matters issued within one month of the request date).

3. One of the following:

(ⅰ) Copy of the proxy’s Driver’s License
(ⅱ) Copy of the proxy’s Passport
(ⅲ) Copy of the proxy’s Health Insurance Card
(ⅳ) Copy of the proxy’s Pension Book
(ⅴ) Copy of the proxy’s Residence Card

Send the documents from 2) and 3) (or 4) if a proxy is submitting the request) by registered mail to the address below.

Since the appropriate contact window varies depending on the product or service used, please clearly state which product or service you are or were using. If no product or service is specified, we may be unable to process your request.

■ Mailing Address
Cerulean Tower 4-14F, 26-1, Sakuragaokacho, Shibuya-ku, Tokyo 150-8512
GMO Internet, Inc.

■ Contact Window
(Product/Service Name) + "Personal Information Inquiry" Section

• For product and service names, please refer to the right column of the table in 2. Purposes of Use of Personal Information.

For inquiries unrelated to specific products or services, please use the contact information below.

Download Various Request Forms (PDF) [Japanese version only]

After verifying the identity of the sender based on the submitted documents, we will send an invoice for the handling fee to those requesting "Notification of Purpose of Use," "Disclosure of Retained Personal Data," or "Disclosure of Third-Party Provision Records." Please transfer the handling fee to the bank account specified on the invoice.

Please note that bank transfer fees are to be borne by the customer. A handling fee is charged for each service disclosure request. For those requesting anything other than "Notification of Purpose of Use," "Disclosure of Retained Personal Data," or "Disclosure of Third-Party Provision Records," we will proceed promptly after identity verification.

Details: Handling Fee
Cost: JPY 5,500 (including tax)

For those requesting "Notification of Purpose of Use," "Disclosure of Retained Personal Data," or "Disclosure of Third-Party Provision Records," we will send a response via certified mail or by providing an electronic record after confirming receipt of payment.

If you have any questions regarding our response, please contact the 9. Inquiries and Complaints Contact. We will get back to you at a later date.

6. Anonymous Processed Information

Anonymous Processed Information refers to information obtained by processing personal information in such a way that a specific individual cannot be identified, in accordance with measures prescribed by laws and regulations, and ensuring that the original personal information cannot be restored.

Creation of Anonymous Processed Information

1. We process information appropriately in accordance with the standards set forth in laws and regulations.

2. We implement security control measures to prevent the leakage of deleted information and information regarding the processing method, in accordance with the standards set forth in laws and regulations.

3. We disclose the categories of information contained in the Anonymous Processed Information we create as follows.

4. We do not compare Anonymous Processed Information with other information to identify individuals whose personal information was the source of creation.

Providing Anonymous Processed Information to Third Parties

1. We publicly disclose in advance the categories of information concerning individuals included in the Anonymous Processed Information to be provided and the method of provision.

2. We clearly indicate to the third party receiving the information that it is Anonymous Processed Information.

7. Pseudonymized Information

Pseudonymized Information refers to information obtained by processing personal information in such a way that a specific individual cannot be identified unless cross-checked with other information, in accordance with measures prescribed by laws and regulations.

Creation of Pseudonymized Information

1. We create pseudonymized information by processing data appropriately in accordance with the standards set forth in laws and regulations.

2. We implement security control measures to prevent the leakage of deleted information and information regarding the processing method (hereinafter collectively referred to as "Deleted Information, etc.") in accordance with the standards set forth in laws and regulations.

Obtaining Pseudonymized Information and Deleted Information, etc.

1. We implement security control measures to prevent the leakage of Deleted Information, etc., in accordance with the standards set forth in laws and regulations.

2. If we acquire pseudonymized information that qualifies as personal information, we will promptly disclose its purpose of use in 2. Purpose of Use of Personal Information unless it has already been publicly announced in advance.

Handling Pseudonymized Information as a Database

1. We take necessary and appropriate security control measures to protect pseudonymized information against unauthorized access, falsification, leakage, loss, or damage.

2. We do not compare pseudonymized information with other information to identify the individual whose information was used to create the dataset.

3. We do not use contact or other information contained in pseudonymized information for making phone calls, sending postal mail or letters, delivering telegrams, transmitting via fax or electronic means, or visiting residences.

4. Except in cases exempted under Article 41, Paragraph 9 of the Act, all other handling of pseudonymized information will be in accordance with 1. Policy on the Handling of Personal Information.

8. Personal Related Information

Personal Related Information refers to information about a living individual that does not fall under the categories of Personal Information, Anonymous Processed Information, or Pseudonymized Information.

Cases in Which Personal Related Information Is Provided by a Third Party and Acquired as Personal Data

Personal Information obtained from customers may be matched with Personal Related Information provided by third parties, and as a result, the Personal Related Information may become personal data that identifies an individual.

• Items of Personal Related Information covered: All Personal Related Information
• Purpose of use after acquisition: In accordance with 2. Purpose of Use of Personal Information

Providing Personal Related Information to a Third Party as a Database

1. We provide Personal Related Information to third parties disclosed below.

The third party may match the provided Personal Related Information with the Personal Information it possesses, thereby creating personal data that identifies an individual. The recipients of the information and the items of Personal Related Information to be provided are listed below.

2. The purpose of use of Personal Related Information at the recipient after it is provided and acquired as personal data will be notified or announced by the recipient.

Currently, there are no applicable cases.

9. Claims and Inquiries

Please submit any complaints, requests for disclosure, or other inquiries regarding personal information obtained by our company to the Inquiry Contact listed below. Please note that we are unable to process complaints or inquiries received by any other means (including in-person visits to our offices).

Inquiry and Complaint Reception Contact URL

Last Revised: January 1, 2025