Chapter 1. General Policy
Article 1 (Definition)
Unless otherwise defined in this policy,
(1) definitions of terms in Chapter 2. accord with definitions in “Act on the Protection of Personal Information” of Japan (hereinafter referred to as “APPI”); and
(2) definitions of terms in Chapter 3. accord with definitions in “REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the Free movement of such data, and repealing Directive 95⁄46 / EC” (the General Data Protection Regulation, hereinafter referred to as “GDPR”).
“Information” means the operation and status records of a specific individual’s device(s) (including but not limited to PC, tablet and smartphone, hereinafter collectively referred to as “Device(s)”) and application software (hereinafter referred to as “Apps”) downloaded to the Device(s).
“SDK” refers to the automatic means of software development kit used by Fuller to collect Information from those Devices.
Article 2 (Collection of Information)
In order to practice data science as part of our business, we collect Information of the Apps users (hereinafter referred to as the “Apps Users”) subject to app marketing research and analysis from Devices of specific Apps Users in the following ways.
(1) We use SDK to collect the Information directly from the Devices.
(2) If necessary, we may collect Information indirectly via scientists or enterprises that cooperate with Fuller, such as app developers, data science research institutions and companies.
We use pseudonymization (refer to the GDPR Article 4 Paragraph 5 “pseudonymisation”) to ensure that Information we collect cannot be attributed to a specific individual without use of additional information, in which case the collected Information is no longer considered personal information. Provided, however, if such Information is readily collated with additional information so that a specific individual can be identified, such Information will be treated as personal.
Processing of Information related to Data Subjects in the European Economic Area (EU member states, Norway, Iceland and Liechtenstein, hereinafter collectively referred to as the “EEA”) is declared in the Chapter 3.
Article 3 (Organization and System)
We assign a manager of information protection, and strive to manage personal information and personal data appropriately.
We train our officers and employees to protect and manage personal information and personal data to assure appropriate handling as a matter of routine.
Article 4 (Compliance Program)
In order to comply with the Applicable Laws, such as APPI and GDPR, we have established a compliance program (including this Policy, our “Personal Information Protection Rules”, and other rules and regulations), and strive for full understanding by our employees and affiliates. We will enforce, maintain, and improve this compliance program continually.
Article 5 (Amendment of This Policy)
We will announce amendment to this Policy and the effective date on our website.
Article 6 (Inquiries)
Chapter 2. Protection of Personal Information
Article 7 (Collection of Personal Information)
We collects personal information by lawful and fair methods.
We use SSL to keep the personal information encrypted when collecting and sending it over the Internet.
We collect and handle personal information for various purposes as follows:
(1) to serve our customers;
(2) to research and analyze markets for ourselves or our customers, including but not limited to:
a. gathering user characteristics and usage patterns that clarify the use of our services or smart phones;
b. optimizing adverting;
(3) to operate, maintain and improve our services; and
(4) to comply with laws, regulations, legal processes, or enforceable government requests;
(5) to solicit opinions, requests, and information regarding our providing of services.
Article 8 (Use of Personal Information)
If we share personal information with or entrust it to third parties under the preceding Section, we rigorously examine and supervise those parties to keep personal information in strict confidence.
Article 9 (Providing Personal Information to Third Parties)
We obtain your prior consent before providing your personal information to third parties for purposes other than stated in this Policy.
Notwithstanding the policy of the preceding Section, we may provide your personal information beyond purposes stated in this Policy, without your prior consent for
(1) cases based on law and regulation;
(2) cases involving protection of human life, body, or fortune and when it is difficult to obtain your consent;
(3) cases involving a special need to enhance public hygiene or promote children’s health and when it is difficult to obtain your consent;
(4) cases in which there is a need to cooperate with a central government organization or local government or a person entrusted by them acting as prescribed by law and regulation and when obtaining your consent might interfere with their performance of those duties.
We require parties to whom we entrust personal information under Section 1 of this Article to operate an appropriate security system for personal information.
Article 9-2 (Advertisement Distribution by Third-Party)
We use advertisement distribution means provided by the following third parties to distribute our advertisements to websites on the Internet.
(1) Yahoo! Japan Corporation
(2) Google LLC
(3) Facebook, Inc.
(4) Twitter, Inc.
The third parties listed in each item of Paragraph 1 provide advertisement distribution by their own remarketing tools. Commonly, these advertisement distribution means function as follows:
(1) obtain a code that cannot identify an individual, such as cookie, advertisement identifier (hereinafter collectively referred to as the “Code”), from a person (hereinafter referred to as the “User”) who has accessed the website operated by Fuller; then,
(2) use the Code to distribute advertisements based on the User’s access records on Fuller’s website; and,
(3) the Code will be processed in accordance with the respective policies of the third parties.
To inactivate an active Code, the User needs to access the opt-out page listed as follows.
(1) Yahoo!: https://accounts.yahoo.co.jp/privacy/optout/ads?.done=https%3A%2F%2Fwww.yahoo.co.jp
(2) Google: https://adssettings.google.com/authenticated
(3) facebook: https://ja-jp.facebook.com/policies/cookies/
(4) twitter: https://help.twitter.com/ja/rules-and-policies/twitter-cookies
Article 10 (Management of Personal Information)
We strive to maintain the accuracy and security of personal information.
To prevent loss, damage, falsification, and leaks of personal information, we take appropriate security measures against unauthorized access, computer viruses, and other hazards.
We prohibit any unauthorized take-out or out-put of personal information from our security system.
Article 11 (Usage Restrictions, Disclosures, Corrections and Erasure of Personal Information)
We respect your right to claim the disclosure, correction, usage restriction, and erasure of your personal information, and we will process your claims promptly per to our procedures. Provided, however, we reserve the right to decline your request related to any other person’s personal information, or any claims that may disrupt our operations.
Please contact the department specified in Article 6 to make comments or ask questions about our handling of personal information. Chapter 3. Protection of Personal Data
Chapter 3. Protection of Personal Data
Article 12 (Policy for Data Subjects Defined by GDPR)
In this Chapter, we declare policies for processing personal data of Data Subjects in the EEA according to GDPR. If you are currently residing or staying at the EEA, please peruse all the contents of this Chapter to confirm our processing of your personal data.
Article 13 (Lawfulness of Personal Data Processing)
We obtain and process your personal data specified below to provide you with our “App Ape” service under the contract.
For registering a new user account / Name, Email, Company, Department of Company, Occupation For behavior analysis and service improvement / App Ape operation history.
To practice data science as part of our business, we may collect and process data and/or Information listed in the following items from the Apps Users subject to app marketing research and analysis.
(1) gender and year of birth
(2) install/uninstall history of Apps
(3) current status and activity log of Apps
(4) language and time zone
(5) OS version and the Device unique ID generated by the OS
(6) advertising ID
(7) temporary visit history generated by cookie technology
(8) information regarding SIM card used for communication of the Device
(9) information given when the Device was manufactured, such as manufacturer and model
In case it is legally necessary to treat data or Information listed in each item of the preceding Section as personal, we obtain prior consent to collect and process it from the Apps User to whom it pertains. We will not collect personal data without prior consent.
We may use information specified in Sections 1 or 2 of this Article for profiling (meaning defined in Article 4, Paragraph 4 of the GDPR, the same shall apply hereinafter). However, our profiling neither produces legal effects concerning the Data Subject, nor similarly significantly affects.
Article 14 (Request for Processing Personal Data)
If you submit the following claims to us, we will process them within a reasonable time and scope in compliance with the GDPR or Applicable Laws regarding processing of personal data. However, please be understood that your claim may make it impossible to continue your service.
(1) a claim for right of access by the Data Subject
(2) a claim for right to rectification
(3) a claim for right to erasure (right to be forgotten)
(4) a claim for right to restriction of processing
(5) a claim for right to withdraw consent
(6) a claim for data portability
(7) a claim for the right to object
Please contact our data protection officer (see Article 18) to submit claims listed in the preceding Section. We will ask your consent for our identification procedure and will process your claim will only when your identity is confirmed.
Article 15 (Lodging a Complaint with Legal or Regulatory Authorities)
You have the right to lodge a complaint about the processing of your personal data with the data protection authority having jurisdiction over your residence. Please use this URL to contact that authority: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Article 16 (Offer, Transfer and Storage of Personal Data outside the EEA)
We may disclose/offer pseudonymized personal data or Information collected under Article 13 to the following third parties.
(1) individuals or companies that use our services
(2) our business partners or entities that process personal data on our behalf
(3) educational or research institutions engaged in data science
We obtain prior consent from Data Subjects when transferring personal data outside the EEA except when a specific authorization in accordance with the GDPR is not required.
We process and store personal data within the purposes of processing, and deleted it within a reasonable period after it is no longer needed.
We manage collected personal data and store it in data centers in the following countries.
(2) the United States of America
Article 17 (Child’s Consent)
Data Subject under age 16 must have prior permission from a parent or guardian to use our services and initiate actions prescribed in this Policy.
Article 18 (Data Protection Officer)
For your contact, we assign the following person as an internal data protection officer:
Yuichi Nagai, Fuller, Inc., KOIL, 148-2 Kashiwa-no-ha Campus, 178-4 Wakashiba, Kashiwa, Chiba 277-0871, Japan
History of Updates
Amendments to this Policy as of June 5, 2020 will take effect from June 25, 2020.
Established and enforced August 1, 2012
Amended October 1, 2014
Amended May 21, 2018
Amended January 16, 2019
Amended October 9, 2019