Privacypolicy

DIIIG Corporation ("DIIIG"), the operator of 49mrc, acknowledges the importance of protecting the personal information of its customers and other parties, and is committed to complying with the Personal Information Protection Act. The Company will handle and protect personal information appropriately in accordance with this Privacy Policy. The interpretation of the Service and the Terms of Use shall be governed by the laws of Japan, and any judicial proceedings shall be exclusively brought in the court having jurisdiction over the location of the Company's head office. Unless otherwise specified, the definitions of terms used in this Privacy Policy shall follow the provisions of the Personal Information Protection Law.

1.Definition of Personal Information

In this Privacy Policy, "personal information" refers to personal information as defined in Article 2.1 of the Personal Information Protection Law.

2.Purpose of Use of Personal Information

We will use personal information for the following purposes:
(1) To generate profiles as a content generator
(2) To provide customized content for each user
(3) To enable users to smoothly use the services provided by the Company (hereinafter referred to as the "Services")
(4) To provide information on the Services and to respond to inquiries from users
(5) To develop and provide new plans for future Services
(6) To announce information related to the Services or advertising information for which a business other than the Company is the advertiser
(7) For employment management and internal procedures (regarding personal information of executives and employees), and for selection and communication in recruitment activities (regarding personal information of applicants)
(8) To manage shareholders and to comply with procedures required by the Companies Act and other laws and regulations (regarding personal information of shareholders, stock acquisition right holders, etc.)
(9) For other purposes incidental to the above purposes of use

3.Changes to the Purposes of Use of Personal Information

The Company may change the purposes of use of personal information within the scope that is reasonably deemed to be relevant, and in the event of such a change, the Company will notify the individual who is the subject of the personal information (hereinafter referred to as "the Individual") or make a public announcement.

4.Use of Personal Information

4.1: We will not use personal information beyond the scope necessary to achieve the purpose of use without the consent of the individual, except as permitted by the Personal Information Protection Law or other laws and regulations. However, this does not apply in the following cases:
(1) When required by law
(2) When it is necessary for the protection of a person's life, body, or property, and it is difficult to obtain the consent of the person
(3) Cases in which the provision of personal information is particularly necessary for improving public health or promoting the sound growth of children and in which it is difficult to obtain the consent of the person
(4) Cases in which the provision of personal information is necessary for cooperating with a national agency, a local government, or an individual or entity entrusted by either a national agency or local government to execute affairs prescribed by law, and in which obtaining the consent of the individual is likely to impede the execution of the affairs concerned
(5) When providing personal data to academic research institutions, etc., and such academic research institutions, etc. need to handle such personal data for academic research purposes (including cases in which part of the purpose of handling such personal data is for academic research purposes, but excluding cases in which there is a risk of unjustified infringement on the rights and interests of individuals).
4.2: We will not use personal information in a manner that may encourage or induce illegal or unjust acts.

5. Proper Acquisition of Personal Information:

5.1: We will acquire personal information in an appropriate manner and will not acquire personal information through deception or other wrongful means.
5.2: When we receive personal information from a third party, we will confirm the following items in accordance with the Rules of the Personal Information Protection Committee. However, this excludes cases in which the provision of personal information by the third party falls under any of the items in Section 4.1 or Section 8.1.
(1) The name and address of the Third Party and, in the case of a juridical person, the name of its representative (in the case of an organization that is not a juridical person and has a designated representative or manager, the name of its representative or manager)
(2) The process through which the third party obtained the personal information in question.

6. Security Management of Personal Information

We, as a company, ensure the safe management of personal information by our employees to mitigate risks such as loss, destruction, alteration, and leakage of personal information. We exercise necessary and appropriate supervision over our employees for this purpose. Furthermore, when we entrust the handling of all or part of personal information to a third party, we also exercise necessary and appropriate supervision to ensure the safe management of personal information by the entrusted party. The specific security measures regarding our retained personal data are as follows:

Establishment of Basic Policy	To ensure the appropriate management of personal information, we have established this Privacy Policy as our fundamental policy concerning "compliance with relevant laws and guidelines," "contact for inquiries and complaints," and other related matters.
Establishing rules for the proper handling of personal data.	Establishing rules for the handling of personal data at every stage, including acquisition, usage, storage, provision, deletion/disposal, etc., is necessary. These rules should outline the methods of handling, responsible individuals, their roles and responsibilities.
Measures for safety management within the organization.	(1) Designate a person responsible for the handling of personal data, clearly define the employees who handle personal data and the types of personal data they handle, and establish a reporting system to notify the responsible person of any detected violations of laws or handling regulations. (2) Perform regular self-assessments of the handling of personal data, and also undergo audits conducted by other departments or external parties.
Humansecurity management measures	(1) Conduct regular training for employees on how to handle personal data appropriately. (2) Incorporate provisions related to the confidentiality of personal data into the company's employment regulations
Physical security management measures	(1) Access to areas where personal data is handled is restricted to authorized employees, and measures are taken to prevent unauthorized persons from viewing personal data. Restrictions are also placed on equipment and other items brought into the office. (2) Measures are taken to prevent theft or loss of equipment, electronic media, and documents that handle personal data. Additionally, measures are taken to prevent personal data from being easily discovered when such equipment, electronic media, etc. are transported within the business location.
Technical security management measures	(1) Implement access controls to limit the scope of individuals in charge and personal information databases being handled. (2) Implement mechanisms to protect information systems handling personal data from unauthorized external access or unauthorized software.

7.Reporting in the case of a leak, etc.

In the event of a leak, loss, damage, or any other issues involving personal information handled by the Company, the Company will report to the Personal Information Protection Committee and notify the individual in accordance with the provisions of the Personal Information Protection Law.

8.Provision to third parties

8.1: We will not provide personal information to third parties without obtaining prior consent from the individual, except in cases where disclosure is permitted under the Personal Information Protection Law or other laws and regulations. However, the following cases do not fall under the provision of personal information to third parties as stipulated above.
(1) When we outsource all or part of the handling of personal information within the scope necessary to achieve the purpose of use.
(2) When personal information is provided as a result of the succession of business due to a merger or other reasons.
(3) When personal information is jointly used in accordance with the provisions of Section 9.
8.2: Notwithstanding the provisions of Section 8.1, we will not provide Personal Information to any third party (except for countries designated by the Rules of the Personal Information Protection Commission under Article 28 of the Personal Information Protection Law) located outside Japan (except for countries designated by the Rules of the Personal Information Protection Commission under Article 28 of the Personal Information Protection Law), except in cases falling under any of the items in Section 4.1. (excluding those who have established a system that conforms to the standards designated by the Rules of the Personal Information Protection Commission based on Article 28 of the Personal Information Protection Law).
8.3: In accordance with Section 8.2, when obtaining consent from individuals for the provision of their personal information to third parties located abroad, we shall provide the following information to the individuals. However, if it is not possible to specify the first item, we shall provide information indicating the inability to specify the first item and the reasons for it, as well as any alternative information that may be relevant to the individuals in place of the first item:
(1) The name of the foreign country in question.
(2) Information regarding the system related to the protection of personal information in the foreign country.
(3) Information about the measures taken by the third party for the protection of personal information (in cases where this information cannot be provided, an explanation as to why it cannot be provided will be given).
8.4: When we provide personal information to a third party, we will create and preserve records in accordance with Article 29 of the Personal Information Protection Law.
8.5: When we receive personal information from a third party, we shall perform the necessary confirmation in accordance with Article 30 of the Personal Information Protection Law and shall prepare and preserve records related to such confirmation.

9.Joint use

When a business partner is required to work with us in providing the Service, we may share the personal information of users of the Service with that business partner. In this case, we will announce the purpose of use, the name of the business partner, the type of information, the name of the administrator, etc., to the users of the Service before sharing the information.

10.Disclosure of personal information, etc.

10.1: When we receive a request for the disclosure of personal information from an individual in accordance with the provisions of the Personal Information Protection Law, we will disclose such information to the individual without delay after confirming that the request is made by the individual. If such personal information does not exist, we will notify the individual to that effect. However, this shall not apply in cases where we are not obligated to disclose the information under the Personal Information Protection Law or other laws and regulations.
10.2: The preceding paragraph shall apply mutatis mutandis to records of provision to third parties made in accordance with Section 8.4 and records of provision from third parties made in accordance with Section 8.5 with respect to personal information that identifies the person in question.

11.Correction of personal information

If the Company is requested by an individual to correct, add, or delete his/her personal information (hereinafter referred to as "Correction, etc.") in accordance with the provisions of the Personal Information Protection Law on the grounds that the personal information is not true, the Company will correct,

12.Suspension of Use of Personal Information, etc.

If we receive a complaint from an individual that (1) his/her personal information is being handled in a manner that exceeds the scope of the purpose of use publicly announced in advance, or is being used in a way that encourages or may encourage illegal or unjust acts, or (2) his/her personal information has been obtained through deception or other wrongful means, we will suspend its use or delete it (hereinafter referred to as "Suspension of Use, etc.") in accordance with the provisions of the Personal Information Protection Law. (2) If a request for suspension of use or deletion (hereinafter referred to as "suspension of use, etc.") is made pursuant to the provisions of the Personal Information Protection Law on the grounds that the personal information is being used in a manner that promotes or may promote or induce illegal or unjust acts, or that the personal information was obtained by false or other wrongful means (2) If the provision of personal information to a third party is suspended pursuant to the provisions of the Personal Information Protection Law (hereinafter referred to as "suspension of provision") on the grounds that the personal information has been provided to such third party without the consent of the individual concerned, or (3) When we no longer need to use the personal information of the person in question, when the situation stipulated in the main clause of Article 26, Paragraph 1 of the Personal Information Protection Law concerning the personal information of the person in question arises, or when there is a risk that the rights or legitimate interests of the person may be impaired by the handling of the personal information of the person in question. In cases where the suspension of use or provision of personal information is requested in accordance with the provisions of the Personal Information Protection Law, and the request is found to be reasonable, the Company will, after confirming that the request is made by the individual concerned, suspend the use or provision of the personal information without delay and notify the individual concerned to that effect. However, this shall not apply in cases where we are not obligated to suspend the use or provision of personal information under the Personal Information Protection Law or other laws and regulations.

13.Provision of Personal Information to Third Parties

13.1: We will not provide Personal Information to any third party unless such third party has agreed to receive Personal Information from us, which is defined as information that falls under Article 2.7 of the Personal Information Protection Law and is limited to the information that constitutes the Personal Information Database defined in Article 16.7 of the same Law. However, if we need to provide personal data, which includes personally identifiable information, to a third party, we will first confirm the following matters in accordance with the rules set by the Personal Information Protection Commission, unless the cases listed in Section 4.1 apply:
(1) We have obtained consent from the individual concerned allowing the third party to receive the personally identifiable information from us and use it as personal data that identifies the individual concerned.
(2) In the case of providing information to a third party located in a foreign country, we will obtain consent from the individual concerned as set forth in the preceding item, and we will also confirm the system concerning the protection of Personal Information in the foreign country, the measures taken by the third party to protect Personal Information, and other information that may be helpful to the individual concerned.
13.2: When we provide personal information to a third party, we will create and maintain records in accordance with Article 31 of the Personal Information Protection Law.
13.3: When we receive personally identifiable information from a third party, we will perform necessary confirmation procedures in accordance with Article 31 of the Personal Information Protection Law, and we will also create and maintain records of such confirmation.

14.Handling of Pseudonymized Information

14.1: We will not provide any pseudonymized information (as defined in Article 2.5 of the Personal Information Protection Law and limited to those that constitute the Pseudonymized Information Database, etc., as defined in Article 16.5 of the same law) to any third party, except as required by law. When creating Pseudonymized Personal Information (as defined in Article 2, Paragraph 5 of the Personal Information Protection Law), SBI will process personal information in accordance with the standards set forth in the Rules of the Personal Information Protection Commission.
14.2: When creating Processed Pseudonymized Information, or when deleting Processed Pseudonymized Information and Deleted Information, etc. (as defined in Article 41.2 of the Personal Information Protection Law), we will take measures for the secure management of the Deleted Information, etc. in accordance with the standards set forth in the Rules of the Personal Information Protection Commission as necessary to prevent the leakage of the Deleted Information, etc.
14.3: Our company adheres to the following provisions regarding pseudonymized information (limited to cases where it constitutes personal information, as described in the following Section 14.3):
(1) Except where required by law, our company shall not handle pseudonymized information beyond the scope necessary for the achievement of the specified purposes, notwithstanding the provisions of Section 4.1.
(2) Concerning the application of Section 3 with respect to pseudonymized information, we shall interpret the phrase "change within the reasonable range deemed to be relevant" as "change," and the phrase "notify or disclose" as "disclose."
(3) Except as required by law, our company shall not provide pseudonymized personal data to third parties, notwithstanding the provisions of Sections 8.1 through 8.3. However, the provisions of Section 8.1 shall not apply to cases listed in each item of Section 8.1.
(4) In handling pseudonymized information, our company shall not match pseudonymized information with other information to identify the individuals related to the personal data used in creating the pseudonymized information.
(5) In handling pseudonymized information, our company shall not use the contact information or other information contained in the pseudonymized information to make phone calls, send mail or postal parcels, send telegrams, transmit faxes or electronic communications, or visit residences.
(6) Pseudonymized information shall not be subject to the provisions of Sections 7 and 10 through 12.
14.4: Our company adheres to the following provisions regarding pseudonymized information (excluding personal information, as stated in Section 14.4):
(1) Except as required by law, our company shall not provide pseudonymized information to third parties. However, the provisions of Section 8.1 shall not apply to cases listed in each item of Section 8.1.
(2) In order to ensure the secure management of pseudonymized information and mitigate risks such as leakage, our company will exercise necessary and appropriate supervision over its employees. Additionally, when our company entrusts all or part of the handling of pseudonymized information, we will exercise necessary and appropriate supervision to ensure the safe management of personal information by the entrusted party.
(3) In handling pseudonymized information, our company shall obtain deletion information or similar data in order to prevent the identification of individuals related to the personal data used in creating the pseudonymized information. We shall not match the pseudonymized information with other information for this purpose.
(4) In handling pseudonymized information, our company shall not use the contact information or other information contained in the pseudonymized information to make phone calls, send mail or postal parcels, send telegrams, transmit faxes or electronic communications, or visit residences.

15.The handling of anonymized data.

15.1: We will not process any anonymized processed information (as defined in Article 2, Paragraph 6 of the Personal Information Protection Law, and limited to those constituting the anonymized processed information database, etc. stipulated in Article 16, Paragraph 6 of the same law). This also applies to all subsequent references in this document.
15.2: When creating anonymized processed information (as defined in Article 2, Paragraph 6 of the Personal Information Protection Law, and limited to those constituting the anonymized processed information database, etc. stipulated in Article 16, Paragraph 6 of the same law), SBM shall process personal information in accordance with the standards set forth in the Rules of the Personal Information Protection Commission, and will take measures for security control as required by these standards.
15.3: Once we have created anonymized processed information, we will disclose the items of information about individuals contained in such anonymized processed information in accordance with the Rules of the Personal Information Protection Commission.
15.4: We will not disclose anonymized processed information (including those created by us and those provided by a third party) to any third party without the prior written consent of the relevant third party. However, when we provide anonymized processed information (including information created by us and information provided by third parties), we will disclose the items of personal information included in such anonymized processed information, and publicly announce in advance the items of information concerning individuals contained in the anonymized processed information to be provided to the third party and the method of providing such information, pursuant to the Rules of the Personal Information Protection Commission. We will also clearly indicate to the third party that the information to be provided is anonymized processed information.
15.5: In handling anonymized data, our company shall refrain from (1) matching anonymized data with the original individual information used for its anonymization in a way that identifies the data subject, and (2) obtaining information about the descriptions removed from such individual information or the methods of processing performed in accordance with the provisions of Article 43, Paragraph 1 of the Personal Information Protection Act (limited to anonymized data obtained from third parties).
15.6: We will take necessary and appropriate measures for the secure management of anonymized processed information, handle complaints regarding the creation or other handling of anonymized processed information, and take other measures necessary to ensure the proper handling of anonymized processed information. We will also make efforts to publicly announce the details of such measures.

16.Use of Cookies and Other Technologies The Service may utilize cookies

and similar technologies. Users who wish to disable cookies may do so by changing the settings on their web browsers. However, disabling cookies may result in certain features of the Service being unavailable.

17.Inquiries For requests concerning disclosure, opinions, questions,

complaints, or other inquiries regarding the handling of personal information, please contact the following.

Name, address, and name of representative of the business handling personal information.
7F, 1-6-18 Sannomiya-cho, Chuo-ku, Kobe, Hyogo 650-0021, Japan
DIIIG Corporation (Representative Director: Hiroshi Akikuni)
E-mail: info@diiig.net

18.Continuous Improvement DIIIG will periodically review the status of its

handling of personal information and strive for continuous improvement. As necessary, DIIIG may make changes to this Privacy Policy.

Established March 10, 2023