RegistART Inc. (the "Company," "we," "us" or "our") has established the
japan ART EX Privacy Policy ("Privacy Policy") to ensure the appropriate
collection, use, protection, and safe management of personal information
and information ("User Information") related to individuals obtained
through the use of japan ART EX (the "Application") by our customers.
Your use of the Application constitutes your agreement to the privacy
practices disclosed in this Privacy Policy.
In providing the Application, we may acquire and store the following user
information by directly providing it to us through your use of the
Application or by automatic means, after publicly announcing or notifying
you in advance of the purpose for which the information will be used.
If you do not provide us with your user information, you may not be able
to use various functions of the Application.
(1) Usage and activity history of various functions and services in the
Application;
(2) Location information based on GPS, Wi-Fi, Bluetooth functions, or base
station information of the terminal using the Application;
(3) User registration information such as login ID, account name, e-mail
address, and password;
(4) Type of handset using the Application, handset identifier, carrier
information, and OS;
(5) Notification tokens and notification settings information for the
Application;
(6) Other information entered or transmitted by the customer through the
Application.
We will use your User Information for the following purposes. We will not
use personal information beyond the scope necessary to achieve the purpose
of use without obtaining the prior consent of the customer or unless
otherwise stipulated by law.
(1) To provide various functions, services, and push notifications through
the Application;
(2) To manage registration, authentication, recording, confirmation, etc.
of users who use the Application;
(3) To distribute information related to galleries, museums, and other
art-related information posted on the application;
(4) To conduct questionnaires, surveys, analysis and to consider related projects
related to galleries, museums, and other art-related information posted on the application;
(5) To measure behavior, analyze data, conduct surveys, and consider new
developments for the purpose of maintaining the quality of the Application
and improving its functions;
(6) To provide user information to third parties;
(7) To notify customers of matters related to the Application, to confirm
the contents of customer opinions and inquiries, and to respond to them.
The Company shall take necessary and appropriate security control measures to prevent leakage, loss, or damage of User Information. In addition, we will enter into contracts with employees and contractors (including subcontractors) who handle personal information that requires them to manage personal information appropriately, and provide necessary and appropriate guidance and supervision.
We will not provide personal information among user information to third
parties without obtaining prior consent from the customer or without prior
notification to the Personal Information Protection Committee. However, we
may provide your user information to a third party when we provide it to a
joint user or in the following cases.
(1) When required by law;
(2) When it is necessary for the protection of the life, body, or property
of an individual and it is difficult to obtain the customer's consent;
(3) When it is especially necessary to improve public health or promote
the sound growth of children, and it is difficult to obtain the customer's
consent;
(4) When it is necessary for us to cooperate with a national agency, a
local government, or an individual or entity entrusted by either a
national agency or local government to execute affairs prescribed by law,
and obtaining consent from the customer is likely to impede the execution
of such affairs;
(5) When the Company entrusts all or part of the handling of user
information to an outside contractor to the extent necessary to achieve
the purpose of use, and the Company provides such user information to such
contractor;
(6) When providing personal information in connection with the succession
of business due to merger or other reasons.
(7) When providing user information to the operator of an external service
in order to link with the external service or authenticate using the external service.
If a customer requests disclosure of personal information, correction of,
addition to, deletion of, suspension of use or erasure of, or notification
of the use purpose of, personal information ("Disclosure etc."), we will
verify that it is a request from the customer (or the customer’s
representative), conduct necessary investigations without delay, and based
on the results of such investigations, respond to the customer’s request;
provided, however, that the foregoing will not apply if the Company owes
no duty of disclosure, etc. under the Act on the Protection of Personal
Information or other laws and regulations.
The customer will be separately notified of the results of the
investigations, and as to whether there will be any response. Further,
there may be cases where payment of fees as expenses required for
procedures will be necessary. With respect to specific procedural methods,
please contact the person in charge set forth in the following
paragraph.
For requests for disclosure, etc., as stipulated in the preceding
paragraph, or for complaints, consultations, etc., regarding the handling
of personal information in the Application, please contact the contact
person below.
Personal information obtained in response to a request or contact will be
handled only to the extent necessary for the purpose of responding to such
request or contact, and will be deleted by an appropriate method after
such response is completed.
Name of company handling the information: RegistART Inc.
Representative: Hiroki Nakagawa, Representative Director
Address: Lexington Aoyama 4F, 5-11-9 Minami-Aoyama, Minato-ku, Tokyo
107-0062
Contact: Hiroki Nakagawa
Contact: app_info@reg-art.com
The Company may revise this Privacy Policy as necessary. However, in the
event that the Company revises this Privacy Policy in such a way that the
consent of the customer is required by law, the revised Privacy Policy
shall apply only to those customers who have agreed to the revision in the
manner prescribed by the Company.
The effective date and content of the revised Privacy Policy will be
announced and made known by displaying the revised Privacy Policy on the
Application or by other appropriate means.
RegistART Inc. (the "Company," "we," "us" or "our") handles personal
information in compliance with applicable EU and EU Member State data
protection regulations, in particular the General Data Protection
Regulation ("GDPR"). This GDPR Privacy Policy is the basis for the
Company's privacy policy.
This GDPR Privacy Policy is in addition to our japan ART EX Privacy Policy
and is intended to provide our policy regarding GDPR in particular.
This GDPR Privacy Policy applies to persons located in Iceland, Norway and
Liechtenstein, which are member states of the European Union and part of
the European Economic Area (EEA), who provide personal data to us through
the use of japan ART EX ("Application") (the user of the Application in
this case is specifically referred to as the "Data Subject").
Definition of Personal Data
In this GDPR Privacy Policy, "Personal Data" is defined as follows:
Any information relating to an identified or identifiable natural person
("Data Subject(s)"); an identifiable natural person is one who can be
identified, directly or indirectly, in particular by reference to an
identifier such as a name, an identification number, location data, an
online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of
that natural person.
Name: RegistART Inc.
Address: Lexington Aoyama 4F, 5-11-9 Minami-Aoyama, Minato-ku, Tokyo
107-0062, Japan
Contact: app_info@reg-art.com
Name: Hiroki Nakagawa, Representative Director
Address: Lexington Aoyama 4F, 5-11-9 Minami-Aoyama, Minato-ku, Tokyo
107-0062, Japan
Contact: app_info@reg-art.com
(1) Purpose of Use
As described in "3. Purposes of Use of Information" of the japan ART EX
Privacy Policy.
(2) Legal basis for use
The legal basis for the use of the Personal Data is as follows:
① When the Data Subject has given consent to the processing of his/her
Personal Data for one or more specific purposes. If the processing is
based on the consent of the Data Subject, the Data Subject has
the right to withdraw his or her consent.
② Where processing is necessary for the performance of a contract to which
the data subject is party, or where processing is necessary to take steps
at the request of the Data Subject prior to the conclusion of the
contract.
③ Processing is necessary to comply with a legal obligation to which the
Controller is subject.
④ Processing is necessary to protect the vital interests of the Data
Subject or another natural person.
⑤ Processing is necessary for the performance of duties performed in the
public interest or in the exercise of official authority granted to the
Controller.
(3) Term of use
The Company will promptly destroy the Personal Data of the Data Subject
after a period of time reasonably necessary for the purpose for which it
was collected.
Personal Data of Data Subjects collected for participation in an event,
etc., with which we cooperate will be retained until the deleation of such accounts,
etc. After the deleation of such accounts etc,, the
collected Personal Data will be destroyed or anonymized within a
reasonable period of time so that the Data Subject cannot be identified.
The Data Subject will not be identified, except in cases where the Data
Subject has given separate consent for the handling of Personal Data to
the Company.
(4) Sharing of Personal Data
We may share the online identifier of the Data Subject's Personal Data
with third parties for the purpose of outsourcing the analysis of this
Application. We will protect the rights of the Data Subject with respect
to his/her Personal Data by entering into a data processing agreement with
such third party in compliance with Article 28 of the GDPR and by imposing
data security and confidentiality obligations on such third party.
(5) Types of Personal Data Requiring Special Consideration
The Application will not collect special categories data as defined in
Articles 9 and 10 of the GDPR from users of the Application.
Data Subjects have the following rights under applicable privacy laws,
including the GDPR. To assert these rights, the Data Subject may contact
the Data Protection Officer (DPO) designated by the Company.
(1) Right of access (Art. 15 GDPR)
The Data Subject shall have the right to access Personal Data concerning
him/her that are being processed by the Controller.
(2) Right to rectification (Art. 16 GDPR)
The Data Subject shall have the right to obtain from the Controller the
rectification of the inaccurate personal data concerning him or her.
(3) Right to erasure ("right to be forgotten") (Art. 17 GDPR)
The Data Subject shall have the right to obtain from the Controller the
erasure of Personal Data concerning him or her without undue delay under
certain circumstances.
(4) Right to restriction of processing (Art. 18 GDPR)
The Data Subject shall have the right to obtain from the Controller
restriction of processing the Personal Data under certain
circumstances.
(5) Right to data portability (Art. 20 GDPR)
The Data Subject shall have the right to obtain Personal Data concerning
him or her from the Controller in a structured, commonly used and
machine-readable format. He or she shall also have the right to have such
data transferred to another controller without interference from the
Controller to whom the Personal Data was provided.
(6) Right to object (Art. 21 GDPR)
The Data Subject shall have the right to object to the processing of the
Personal Data concerning him or her under certain circumstances.
(7) Right to object to a supervisory authority (Art. 77 GDPR)
The Data Subject may object to our processing of Personal Data before a
supervisory authority established by an EU member state.
When processing the Personal Data of Data Subjects, we do not subject them to automated decision-making, such as profiling, as defined in Article 22 of the GDPR.