Morgenrot Inc. (the “Company”) understands the importance of protecting personal information, and will observe the Act on the Protection of Personal Information (the “Act”) and endeavor to handle and protect personal information in an appropriate manner in accordance with this Privacy Policy (the “Privacy Policy”). Unless otherwise provided herein, the definitions of the terms used herein shall be in accordance with the Act.
1. DEFINITION OF PERSONAL INFORMATION
For the purpose of the Privacy Policy, “personal information” shall mean personal information defined in Paragraph 1 of Article 2 of the Act.
2. PURPOSE OF USE OF PERSONAL INFORMATION
The Company shall use personal information for the following purposes:
- Provision of service regarding the distributed GPU render service or other services provided by the Company (collectively referred to as the “Service”);
- Notifications and responses to customer inquiries, with respect to the Service;
- Announcement regarding the Company’s products or services, etc.;
- Dealing with breach of the Company’s terms of use, policy, etc. (the “Terms”), with respect to the Service;
- Notifications of amendment to the Terms of the Service;
- ユImprovement of the Company’s service and development of new services, etc. by analyzing information on the status of use of the Service by users;
- Labor management and the Company’s internal procedures (with respect to personal information of directors, officers and employees of the Company);
- Shareholder management and procedures under Companies Act and other applicable laws (with respect to personal information of shareholders, holders of share options, etc.)
- Creation of statistics data which is processed so that no particular individuals shall be identified, in connection with the Company’s service; or other purposes related to the above purposes.
3. CHANGE OF PURPOSE OF USE OF PERSONAL INFORMATION
The Company may change the purpose of use of personal information to the extent that the purpose of use after the change is reasonably recognized to be related to the original purpose of use. When the purpose of use has been changed, the Company shall notify the person which can be identified by the personal information (the “Principal”) of, or publicly announce, the purpose of use after the change.
4. USE OF PERSONAL INFORMATION
4.1
The Company shall not use personal information, without the consent of the Principal, beyond the scope necessary for the achievement of the purpose of use, unless permitted by the Act or other laws or regulations; provided, however, that this provision shall not apply if such use is:
-
-
- based on laws and regulations;
- necessary for the protection of the life, body or property of an individual and it is difficult to obtain the consent of the Principal;
- specially necessary for improving public health or promoting the sound growth of children and it is difficult to obtain the consent of the Principal
- necessary for cooperating with a national government, a local government, or a person or entity entrusted thereby in executing the affairs prescribed by laws and regulations and acquisition of the consent of the Principal may impede the execution of the affairs concerned; or
- providing personal data to academic research institutes, where such academic research institutes need to handle personal data for academic research purposes (including cases where a part of the purposes of handling personal data is for academic research purposes, and excluding cases with a likelihood of unjustly infringing the rights and interests of Principal
-
4.2
The Company shall not use personal information in a manner likely to encourage or induce illegal or unjust acts.
5. PROPER ACQUISITION OF PERSONAL INFORMATION
5.1
The Company shall acquire personal information by proper means, and shall not acquire it by a deception or other wrongful means.
5.2
Except in the following cases, the Company shall not acquire special care- required personal information (defined in Paragraph 3 of Article 2 of the Act) without obtaining a prior consent of the Principal.
-
-
- cases where such acquisition falls under any of Items 1. through 4. of Article 4.1;
- cases where special care-required personal information is acquired from academic research institutes, and if such academic research institutes need to acquire special care-required personal information for academic research purposes (including cases where a part of the purposes of acquiring special care-required personal information is for academic research purposes, and excluding cases with a likelihood of unjustly infringing the rights and interests of individuals/Principals) (limited to cases where the entities handling personal information and the academic research institutes jointly conduct academic research);
- cases where the special care-required personal information is being made available to the public by the Principal, a government organization, a local government, an academic research institute, etc., a person set forth in Items of Paragraph 1 of Article 57 of the Act or other persons prescribed by the rules of the Personal Information Protection Commission;
- cases where the Company acquires special care-required personal information clearly recognized from the Principal’s appearance by seeing or taking pictures; or
- cases where the Company receives special care-required personal information from a third party and such provision of the information by the third party falls under any of Items of Article 8.1.
-
5.3
When the Company receives personal information from a third party, the Company shall confirm the following matters pursuant to the rules of the Personal Information Protection Commission, except where such provision of the personal information by the third party falls under any of Items of Article 4.1 or any of Items of Article 8.1.
-
-
- the name or appellation and address of the third party and, for a corporate body, the name of its representative (for a non-corporate body having appointed a representative or administrator, such representative or administrator)
- circumstances under which the personal information was acquired by the third party
-
6. SECURITY CONTROL OF PERSONAL INFORMATION
The Company shall sufficiently and appropriately supervise the Company’s employees to ensure the security control of personal information to protect it from the risk of loss, destruction, alteration or leakage. When the Company entrusts a third party with the handling of personal information in whole or in part, the Company shall sufficiently and appropriately supervise the third party to ensure the security control of personal information. Specific details of the security control measures on personal data held by the Company are as follows:
Development of basic policy | n order to ensure proper handling of personal data, the Privacy Policy is developed as a basic policy on “compliance with relevant laws and regulations/guidelines, etc.” and “contact for questions and complaint handling,” etc. |
Establishment of disciplines on handling of personal data | Develop personal data handling rules on handling methods, persons in charge/persons responsible, and their duties, etc. for each stage, such as acquisition, use, storage, provision, deletion, and/or disposal. |
Systematic security control measures | 1) In addition to designating persons responsible for handling personal data, clarify the employees to handle personal data and the scope of personal data handled by those employees, and establish a system for reporting to and communicating with the persons responsible in case of discovering facts or signs of violations of the laws or handling rules. 2) Regarding the status of personal data handling, in addition to periodically implementing self-inspections, implement audits by other departments and sections or external parties. |
Personal security control measures | 1) Implement periodic training for employees regarding matters to be noted in handling personal data. 2)Enter the matters regarding confidentiality of personal data in work rules. |
Physical security control measures | 1) In areas where personal data is handled, in addition to managing entry and departure of employees, and limiting devices to be brought in, implement measures to prevent inspection of personal data by persons without authorization. 2) In addition to implementing measures to prevent theft, loss, etc. of devices, electronic media, documents, etc. that contain personal data, implement measures so that personal data is not easily identifiable, in case of carrying such devices, electronic media, etc., including when moving them within business offices. |
Technical security control measures/td> | 1) Implement access control and limit the scope of persons in charge and personal information databases, etc. handled. 2) Introduce a mechanism to protect information systems handling personal data from external unauthorized access and malware. |
Understanding of external environment | Implement security control measures after gaining an understanding of the system on protection of personal information in Country A, where personal data is stored. |
7. REPORTS IN CASE OF DIVULGENCE
In case of occurrence of events such as divulgence or loss of, or damage to, personal information handled by the Company, the Company shall make reports to the Personal Information Protection Commission and give notice to the Principal, pursuant to the provisions of the Act, if such reports and notices are required.
8. PROVISION TO A THIRD PARTY
8.1
The Company shall not provide personal information to a third party without the prior consent of the Principal, except where such provision falls under any of Items of Article 4.1; provided, however, that the following cases shall not be regarded as provision to a third party stated above:
- Cases where the Company provides personal information accompanied by entrustment to a third party with the handling of personal information within the scope necessary for the achievement of the purpose of use;
- Cases where personal information is provided as a result of the succession of business in a merger or otherwise; or
- Cases where personal information is used jointly with others in accordance with the provisions of the Act.
8.2
Notwithstanding Article 8.1, in cases where the Company provides personal information to a third party (excluding a party establishing a system conforming to the standards specified by the rules of the Personal Information Protection Commission based on Article 28 of the Act) in a foreign country (excluding countries specified by the rules of the Personal Information Protection Commission based on Article 28 of the Act), the Company shall obtain the Principal’s prior consent to the effect that the Principal approves the provision to a third party in a foreign country, except where such provision falls under any of Items of Article 4.1.
8.3
When the Company obtains the Principal’s consent to provision to a third party in a foreign country pursuant to Article 8.2, the Company shall provide the Principal with information on the following matters; provided, however, that if the Company cannot identify the matter referred to in Item 1, the Company shall, instead of the matters referred to in Items 1 and 2, inform the Principal of the fact that the matter referred to in Item 1 cannot be identified and the reasons therefor, and provide information, if any, that is to serve as a reference for the Principal instead of such matter:
- name of the foreign country;
- information on personal information protection systems in the foreign country; and
- information on measures taken by the third party to protect personal information (if this information cannot be provided, that fact and the reasons therefor).
8.4
When the Company has provided personal information to a third party, the Company shall prepare and maintain a record pursuant to Article 29 of the Act.
8.5
When the Company receives personal information from a third party, the Company shall make the necessary confirmation pursuant to Article 30 of the Act and prepare and maintain a record concerning such confirmation.
8.6
In cases where the Company is requested by a third party, to which the Company has provided a personal information to submit a record certifying the obtainment of the Principal’s consent to the provision and utilization of such personal information to such third party, the Company would submit such record to such third party.
9. DISCLOSURE OF PERSONAL INFORMATION, ETC.
9.1
In cases where the Company is requested by a customer to disclose the personal information under the Act, the Company shall, after confirming that the request is made by the Principal itself, disclose the personal information to the Principal without delay (in cases where the Company does not have such personal information, the Company shall notify the Principal to that effect); provided, however, that this provision shall not apply to cases where the Company is not obliged to disclose such personal information under the Act or other laws or regulations.
9.2
The provisions of Article 9.1 shall apply mutatis mutandis to records concerning provision to a third party prepared under Article 8.4 and records concerning receipt from a third party prepared under Article 8.5 with respect to personal information that can identify the Principal.
10. CORRECTION, ETC. OF PERSONAL INFORMATION
In cases where the Company is requested by the Principal to correct, add or delete the personal information under the Act on the ground that such personal information is contrary to the fact, the Company shall, after confirming that the request is made by the Principal itself, conduct a necessary investigation without delay within the scope necessary for the achievement of the purpose of use, and on the basis of the result, correct, add or delete the personal information and notify the Principal to that effect (in cases where the Company decides not to make such correction, addition or deletion, the Company shall notify the Principal to that effect); provided, however, that this provision shall not apply to cases in which the Company is not obliged to make such correction, addition or deletion under the Act or other laws or regulations.
11. DISCONTINUANCE OF THE USE, ETC. OF PERSONAL INFORMATION
In cases where the Company is (i) requested by the Principal to discontinue using or to erase the personal information under the Act on the ground that such personal information (a)is being handled beyond the purpose of use publicly announced in advance, (b) is being used in a manner likely to encourage or induce illegal or unjust acts, or (c) has been acquired by a deception or other wrongful means, (ii) requested by the Principal to discontinue providing the personal information under the Act on the ground that such personal information is provided to a third party without the Principal’s consent, or (iii) is requested by the Principal to discontinue using, erase, or discontinue providing the personal information under the Act on the grounds that (a) it has become unnecessary for the Company to use the personal information of the Principal, (b) the situation prescribed in the main clause of Paragraph 1 of Article 26 of the Act has occurred in connection with the personal information of the Principal, or (c) there is a possibility that handling of the personal information of the Principal would harm the rights or legitimate interests of the Principal, and where it is found that the request has a reason, the Company shall, after confirming that the request is made by the Principal itself, discontinue the use of or erase the personal information, or discontinue the provision of the personal information, without delay and shall notify the Principal to that effect; provided, however, that this provision shall not apply to cases in which the Company is not obliged to make such discontinuance of use or erasure, or discontinuance of provision, under the Act or other laws or regulations.
12. PROVISION OF PERSONALLY REFERABLE INFORMATION
12.1
If it is assumed that a third party will acquire personally referable information (defined in Paragraph 7 of Article 2 of the Act and limited to personally referable information constituting a personally referable information database, etc. prescribed in Paragraph 7 of Article 16 of the Act; hereinafter the same shall apply) as personal data, except in the cases set forth in the Items of Article 4.1, the Company shall not provide the personally referable information to the third party without confirming in advance the following matters pursuant to the rules of the Personal Information Protection Commission:
- the Principal’s consent has been obtained to the effect that he or she approves that the third party will receive personally referable information from the Company and acquire it as personal data that can identify the Principal; and
- for provision to a third party in a foreign country, in the case where the Principal’s consent referred to in the preceding Item is intended to be obtained, information on personal information protection systems in the foreign country and measures taken by the third party to protect personal information and other information that is to serve as a reference for the Principal have been provided in advance to the Principal pursuant to the rules of the Personal Information Protection Commission.
12.2
When the Company has provided personally referable information to a third party, the Company shall prepare and maintain a record pursuant to Article 31 of the Act.
12.3
When the Company receives personally referable information from a third party, the Company shall make the necessary confirmation pursuant to Article 31 of the Act and prepare and maintain a record concerning such confirmation.
13. Handling of Pseudonymously Processed Information
13.1
When the Company produces pseudonymously processed information (defined in Paragraph 5 of Article 2 of the Act and limited to pseudonymously processed information constituting a pseudonymously processed information database, etc. prescribed in Paragraph 5 of Article 16 of the Act; hereinafter the same shall apply), the Company shall process personal information in accordance with the standards prescribed by the rules of the Personal Information Protection Commission.
13.2
When the Company has produced pseudonymously processed information or has acquired pseudonymously processed information and deleted information, etc. (defined in Paragraph 2 of Article 41 of the Act; hereinafter the same shall apply) related to the pseudonymously processed information, the Company shall, in accordance with the standards prescribed by the rules of the Personal Information Protection Commission as those necessary to prevent leakage of deleted information, etc., take measures for the security control of deleted information, etc.
13.3
With respect to pseudonymously processed information (limited to personal information; hereinafter the same shall apply in this Article 13.3), the Company shall comply with the following:
- Notwithstanding the provisions of Article 4.1, the Company shall not handle pseudonymously processed information beyond the scope necessary to achieve the purpose of use, except where such handling is based on laws and regulations.
- With regard to application of Article 3 to pseudonymously processed information, the phrase “change the purpose of use of personal information to the extent that the purpose of use after the change is reasonably recognized to be related to the original purpose of use” in that Article shall be deemed to be replaced with “change the purpose of use of personal information,” and the phrase “notify the person which can be identified by the personal information (the “Principal”) of, or publicly announce, the purpose of use after the change” in that Article shall be deemed to be replaced with “publicly announce the purpose of use after the change to the person which can be identified by the personal information (the “Principal”).”
- Notwithstanding the provisions of Articles 8.1 to 8.3, the Company shall not provide personal data that is pseudonymously processed information to a third party, except where such provision is based on laws and regulations; provided, however, that the cases set forth in the Items of Article 8.1 shall not be regarded as provision to a third party stated above.
- When the Company handles pseudonymously processed information, the Company shall not collate the pseudonymously processed information with other information in order to identify the Principal of personal information used to produce the pseudonymously processed information.
- When the Company handles pseudonymously processed information, the Company shall not use contact information or other information contained in the pseudonymously processed information for the purpose of telephoning, sending by post or correspondence delivery, delivering a telegram, transmitting by facsimile or electronic or magnetic means, or visiting a residence.
- The provisions of Article 7 and Articles 9 to 11 shall not apply to pseudonymously processed information.
13.4
With respect to pseudonymously processed information (excluding personal information; hereinafter the same shall apply in this Article 13.4), the Company shall comply with the following:
- The Company shall not provide pseudonymously processed information to a third party, except where such provision is based on laws and regulations; provided, however, that the cases set forth in the Items of Article 8.1 shall not be regarded as provision to a third party stated above.
- The Company shall sufficiently and appropriately supervise the Company’s employees to ensure the security control of pseudonymously processed information to protect it from leakage and other risks concerning pseudonymously processed information. When the Company entrusts a third party with the handling of pseudonymously processed information in whole or in part, the Company shall sufficiently and appropriately supervise the third party to ensure the security control of pseudonymously processed information.
- When the Company handles pseudonymously processed information, the Company shall not acquire deleted information, etc. or collate the pseudonymously processed information with other information in order to identify the Principal of personal information used to produce the pseudonymously processed information.
- When the Company handles pseudonymously processed information, the Company shall not use contact information or other information contained in the pseudonymously processed information for the purpose of telephoning, sending by post or correspondence delivery, delivering a telegram, transmitting by facsimile or electronic or magnetic means, or visiting a residence.
14. HANDLING OF ANONYMOUSLY PROCESSED INFORMATION
14.1
When the Company produces anonymously processed information (defined in Paragraph 6 of Article 2 of the Act and limited to anonymously processed information constituting an anonymously processed information database, etc. prescribed in Paragraph 6 of Article 16 of the Act; hereinafter the same shall apply), the Company shall process personal information in accordance with the standards prescribed by the rules of the Personal Information Protection Commission.
14.2
When the Company has produced anonymously processed information, the Company shall take measures for the security control in accordance with the standards prescribed by the rules of the Personal Information Protection Commission.
14.3
When The Company has produced anonymously processed information, the Company shall disclose to the public the items of information relating to the individuals contained in the anonymously processed information pursuant to the rules of the Personal Information Protection Commission.
14.4
When the Company provides a third party with the anonymously processed information (including the same produced by the Company and the same received by the Company from a third party; hereinafter the same shall apply unless otherwise provided in the Privacy Policy), the Company shall disclose to the public the items of information concerning the individuals contained in the anonymously processed information to be provided to a third party and the method of provision thereof, and state to the third party explicitly that the information being provided is anonymously processed information, in advance pursuant to the rules of the Personal Information Protection Commission.
14.5
When the Company handles the anonymously processed information, the Company shall not (1) collate the said anonymously processed information with other information, or (2) acquire descriptions, etc. or individual identification codes deleted from personal information, or information relating to the processing method carried out pursuant to Paragraph 1 of Article 43 of the Act ((2) shall be applied only to the anonymously processed information provided by a third party) in order to identify the individuals concerned with the personal information used to produce the anonymously processed information.
14.6
The Company shall make efforts to take measures necessary to ensure the proper handling of the anonymously processed information, including measures necessary and appropriate for the security control of the anonymously processed information and dealing with complaints about the handling, including producing, of the anonymously processed information, and make efforts to disclose to the public the content of such measures taken.
15. USE OF COOKIES AND OTHER TECHNOLOGIES
Cookies or similar technologies may be used in the Company’s service. Such technologies help the Company to recognize the status of use of the Company’s service, etc. and contribute improvement of the service. When a user intends to disable cookies, the user may disable cookies by changing the web browser’s settings. Please note that when cookies are disabled, a part of the service may be unavailable.
16. CONTACT
With respect to requests for disclosure, etc., comments, questions, complaints and other inquiries regarding the handling of personal information, please contact the following:
Name, Address and Name of Representative of the Personal Information Handling Business Operator
Morgenrot Inc.
Pinex Kojimachi 6F, 4-4-3 Kojimachi, Chiyoda City, Tokyo 102-0083
Ryuei Morimoto, Representative Director
Inquiry Desk
Email: info_morgenrot@morgenrot.net
17. CONTINUOUS IMPROVEMENT
The Company shall endeavor to review timely the status of the operation regarding handling of personal information and to improve such operation continuously. The Company may amend this Privacy Policy as necessary.。
[Established on September 30, 2019]
[Amended on June 24, 2022]
[Amended on August 28, 2023]