Personal Information Protection Policy
ELEMENTS, Inc. (“We”) recognizes that personal information obtained from customers and related parties through our business activities is both an important asset for customers and related parties, and an important asset for us as a source of our business activities, and we shall appropriately protect personal information in accordance with the following basic policy.
1. We shall comply with Act on the Protection of Personal Information and related laws and regulations, and guidelines and other standards established by the government of Japa
2. We shall handle personal information appropriately within the scope of the stated purpose of use and shall take measures to ensure that personal information is not used for purposes other than those stated. The personal information will not be disclosed or provided to any third party, unless otherwise agreed or when there are legitimate reasons to do so.
3. We shall strive to prevent unauthorized access to personal information, and personal information leaks, loss, or damage, and we shall continuously improve and correct our information security measures.
4. When outsourcing the handling of personal information in whole or in part, we shall manage and supervise the contractor as necessary and appropriate to ensure the secure management of the outsourced personal information.
5. We shall respond sincerely and promptly to personal information related inquiries and disclosure, etc. requests from customers.
Enacted: December 24, 2013
Revised: April 1, 2020
Representative Director: Yasuhiro Kuda
Handling Personal Information by ELEMENTS
1.Name and address of the entity handling the personal information
ELEMENTS, Inc. Representative Director: Yasuhiro Kuda
1-6-1 Otemachi Chiyoda-ku,Tokyo
2.Definition of Personal Information and Personal Data
Personal information means information relating to a living individual, which falls under any of the following:
・Name, date of birth, telephone number, and e-mail address included in such information; biometric information (including information on the user’s facial image); information on the device used by the user (including information on the device and information on the IP from which access is made); and other information that may identify a specific individual by its description, etc.
・Information that, by itself, cannot identify a specific individual, but that can easily be verified against other information to identify a specific individual.
・Information that contains individual identification codes (Article 2, Paragraph 2 of the Act on the Protection of Personal Information (“Personal Information Protection Act”)).
Personal data means personal information that constitutes a personal information database, etc. (Article 2, Paragraph 4 of the Personal Information Protection Act).
3.How We Collect Personal Information and Data and Purpose of Its Use
We may collect your personal information in connection with our website, apps, and other Company services.
The purposes of use of the personal information provided by our customers are clearly stated as follows in advance, and the personal information provided by the customers will be used appropriately within the scope of the following purposes of use.
■ Use of personal information from customers in our services
・To provide our services
・To verify and authenticate identities in association with the provision of our services
・To develop our technologies (including facial recognition engine machine learning, random action automatic determination machine learning, machine learning to detect forged documents and spoof registrations, and fraudulent registration detection)
・To respond to inquiries and complaints and provide support relating to our services
・ To provide information on our services, events, and seminars, etc.
・To notify customers of changes, etc. to the terms and conditions of our services and policies, etc.
・ To perform tasks and handle communications, procedures, and inquiries incidental to the above
・For other purposes specified individually for each of our services
・To provide personal information and personal data to a third party in order to achieve the above-stated purposes of use
■ Personal information handled in the course of business entrusted to us by business partners
・To perform and properly manage contracts
■ Personal information from business partners
・ To perform and properly manage contracts
■ Personal information from people who contact us
・To accurately understand and respond to inquiries and communications
■ Personal information from people who wish to work for us
・To provide recruiting information, etc. and to contact regarding employment interviews and hiring decisions, etc.
■ Personal information on our employees
・To contact for business purposes, to prepare lists of employees, for various procedures required by law (including after retirement), and for other employment management related purposes
・To determine performance evaluations, assignments, and transfers
・To determine and pay compensation, process taxes, perform social insurance related procedures, and to provide benefits
・For security control measures in video and online monitoring, etc.
・To appropriately manage health (we do not acquire, use or provide health information on workers, such as the results of medical examinations, except in cases pursuant to laws and regulations)
・To promote and advertise, etc. the Company in PR or advertising materials, etc.
If we need to use customers’ personal information beyond the specified purpose of use, we shall inform customers of such fact and obtain their consent before using their personal information. We shall use personal information entrusted by other companies within the scope of the contract with the outsourcer.
4.Provision of Personal Information and Personal Data
We shall not disclose or provide customer’s personal information to third parties, except in the following cases:
・When the customer’s consent has been obtained
・When pursuant to laws and regulations
・When necessary for the protection of the human life, body, or property, and it is difficult to obtain the customer’s consent.
・When particularly necessary to improve public health or to promote the sound development of children, and it is difficult to obtain consent from the customer
・When there is a need to cooperate with a government agency or local government, or a person entrusted by them to perform affairs stipulated in laws and regulations, and there is a possibility that obtaining consent from the customer will interfere with such performance.
・When entrusting the handling of personal information within the scope necessary to achieve the purpose of use
・When the business is succeeded due to a merger, company split, business transfer, or other reasons
・When the information is provided to the parties listed in the scope of co-users in 5 below
・When otherwise specified individually for each of our services
The following methods are used when providing information to third parties:
・Means and methods such as telephone, fax, paper, external storage media, via the internet (e-mail, server access, etc.)
5.Shared Use of Personal Information and Personal Data
Personal information and personal data obtained for the aforementioned purposes of use may be shared with our group companies.
■ Scope of group companies that share use:
■ Items of personal information to be shared
Name, date of birth, address, telephone number, e-mail address,, Personal appearance (image), fingerprints (image)
■ Purpose of use by shared users
Same as the purpose of use stated in 3 above
■Name and address of the responsible party for the management of such personal data, and the name of the representative of such party
ELEMENTS, Inc. Representative Director: Yasuhiro Kuda
Otemachi Bldg., 1-6-1 Otemachi Chiyoda-ku,Tokyo 100-0004
6.Implementation of Security Control Measures
We will appropriately manage personal information by implementing the following necessary and proper organizational, personnel, physical, and technical security control measures in order to prevent unauthorized access to personal information and personal data, as well as the loss, alteration, or leakage of personal information.
(1) Establishment of Basic Policy
We have established the “Personal Data Protection Policy” as a fundamental policy to ensure the proper handling of personal data.
(2)Establishment of Rules for Handling Personal Data
We have established rules for personal data handling for each stage including acquisition, use, storage, provision, deletion/disposal, etc., with respect to handling methods, responsible persons/persons in charge and their duties, etc.
(3) Organizational Safety Control Measures
We will appoint a person responsible for the handling of personal information, and clarify the scope of employees who handle personal information and the personal information handled by such employees. We will also establish a system for reporting to the person in charge any facts or signs of violation of the Personal Information Protection Law or internal rules concerning the handling of personal information.
(4) Personnel Security Control Measures
Periodic training will be provided to employees concerning the points to be considered in the handling of personal information.
(5) Physical Security Control Measures
We will implement access control for employees in areas where personal information is handled, as well as measures to prevent unauthorized persons from accessing personal information.
(6) Technical Security Control Measures
We will implement access control to limit the scope of persons in charge and the personal information database, etc. to be handled.
We shall execute outsourcing agreements with our contractors that includes confidentiality provisions, and we shall work to ensure the appropriate handling and protection of our customers’ personal information and personal data by contractors to prevent leaks, damage, further provision or disclosure to third parties, and use outside the scope of the above-stated purposes of use.
In the event of an incident such as a leakage of personal information, we will report the incident to the regulatory authorities in accordance with the Personal Information Protection Law and related guidelines. Upon receiving instructions from the relevant regulatory authorities, we will take necessary measures to prevent similar incidents from occurring and to prevent recurrence.
7.Contact for Complaints and Consultations Concerning Handling of Personal Information and Personal Data
Please contact the inquiries desk below if you have any questions, inquiries, or complaints about our handling of personal information.
【Contact for Complaints and Consultations Concerning Handling of Personal Information and Personal Data】
8.Procedures for Responding to Requests for Disclosure of Retained Personal Data and Suspension of Provision to third parties, etc.
If you wish to request disclosure (including disclosure of records of provision to third parties; the same applies hereafter), correction, addition, deletion, suspension of use, elimination, or suspension of provision to third parties of your personal data, please contact “Contact for Complaints and Consultations Concerning Handling of Personal Information and Personal Data” mentioned above. We will inform you of the procedures, costs, etc.
We will conduct necessary investigations without delay, except in cases where special procedures are stipulated by laws and regulations, from the viewpoint of preventing leakage of personal information and ensuring accuracy and safety of such personal information. And we will disclose, correct, add, delete, suspend use, erase, or suspend provision to a third party of retained personal data pertaining to a customer only when we are able to confirm that the request is made by the customer him/herself, in accordance with the provisions of laws and regulations. If the request is not based on the provisions of the law, we will not be able to respond to your request.
We reserve the right to change the contents of this document as necessary. Any changes to this document will not be individually notified, but will be publicly announced by posting on the Company’s website.
10.Acquisition of Personal Information by Means that Cannot Easily Identify the Person Concerned
We may automatically collect and store information such as customers’ IP addresses, browser types, and browser language. This information is used to analyze the user environment to provide better services, and to prevent fraudulent activities that interfere with the normal provision of services.
Enacted: December 24, 2013
Revised: April 1, 2020