Privacy Policy

Handling of personal information

GMO Cybersecurity by Ierae, Inc. (the “Company”) endeavors to handle and protect personal information appropriately by recognizing the importance of protecting personal information and complying with related laws and regulations such as the Act on the Protection of Personal Information and this privacy policy (this “Privacy Policy”).

1. Acquisition of personal information

The Company will acquire personal information by lawful and fair means. You will provide the following personal information as needed when you make inquiries to the Company, apply for the registration and use of the services of the Company, or for the employment screening process of the Company, conduct procedures concerning entering the Company, or the like.

1. Inquiries, registration and use of the services of the Company:

  1. Matters to be provided in forms or applications, etc. designated by the Company (such as the company name, your name, email address, or details of the inquiry).
  2. Any other matters that can be easily collated with other information and thereby used to identify an individual applicant.

2. Employee recruitment and procedures concerning entering the Company

  1. Matters stated in documents submitted to the Company such as resumes or curricula vitae (such as your name, gender, address, date of birth, phone number, and email address).
  2. Any other matters that can be easily collated with other information and thereby used to identify an individual applicant.

2. Acquisition of Cookies

The site (the “Site”) uses a technology called “Cookies” that does not contain any information that can identify a specific individual for the purpose of statistical analysis such as your browsing status, market analysis, or marketing.

A retargeting function such as remarketing advertisement that uses Cookie information (including advertisements for sales or recruiting) is utilized, and for this reason, any advertisement of the Company or companies that enter into business alliances with the Company may be posted on various sites on the Internet through third-party companies.  In addition, these third-party companies may provide various advertisements based on records of your access to the website of the Company.  Cookie information will be used within the scope stated on the website of each third-party company in accordance with the privacy policy, etc. of each third-party company.  You may disable Cookies by changing the browser settings.

You also may suspend the use of acquired visit or action history information for advertisement distribution by the following opt-out means of advertisement distribution services provided by third parties.

Google
https://myadcenter.google.com/personalizationoff

Yahoo!JAPAN
https://btoptout.yahoo.co.jp/optout/index.html

Meta
https://www.facebook.com/help/109378269482053

Microsoft
https://account.microsoft.com/privacy/ad-settings/signedout?lang=en-US

The Site utilizes these Cookies, etc., and uses Google Analytics, Account Engagement, Microsoft Clarity, and LogRocket as analytics tools.

Please refer to the following link for further information concerning Google Analytics and its privacy policy.
https://policies.google.com/privacy?gl=jp&hl=en

Please refer to the following link for further information concerning Account Engagement and its privacy policy.
https://www.salesforce.com/au/company/privacy/

Please refer to the following link for further information concerning Microsoft Clarity and its privacy policy.
https://privacy.microsoft.com/ja-jp/privacystatement/

Please refer to the following link for further information concerning LogRocket and its privacy policy.
https://logrocket.com/privacy/

3. Purpose of use

The Company will use personal information for the following purposes.

1. Your personal information

  1. to order projects in the Company’s business;
  2. to make work requests related to the Company’s business, or to contact you for other reasons;
  3. to send contracts regarding the Company’s business;
  4. to notify you of advertisements, etc. regarding the Company’s business, or to provide services of the Company’s business;
    The description of the Company’s business is as stated in “Business Description” in the following link.
    https://gmo-cybersecurity.com/en/company/about/
  5. to notify you of advertisements, etc. concerning services provided by the Company’s group companies (meaning the parent company, subsidiaries, and affiliate companies described in https://www.gmo.jp/company-profile/groupinfo/; the same hereinafter);
    *Changes may be made to the Company’s group companies in the future due to the establishment, merger or dissolution, etc. of companies. Please refer to the above URL for the latest status.
  6. to provide your personal information to third parties for the purpose of distributing advertisements or confirming the advertisement effectiveness with you;
  7. to prepare various materials used within the Company.
  8. to perform operations in connection with the purpose of the foregoing items; and
  9. other than those above, to use within the scope for which the Company has obtained prior consent from you.

2. In addition to the foregoing purposes, the Company will use your account using the service of the Company for the following purposes.

  • (a) to conduct personal identity authentication necessary for the provision of the services of the Company’s business (personal identity authentication at and after log-in), automatic display of your information on the service display, and management operations;
  • (b) to process admission procedures, update registered member information, and process withdrawal procedures; and
  • (c) to provide personal information to GMO Internet Group, Inc. that provides GMO ID or other third party which is a business alliance partner based on your application when providing, etc. the services of the Company’s business.

3. Personal information related to applicants for recruitment

  1. to provide and manage information related to recruiting, and to communicate regarding recruiting

4. Personal information related to shareholders or investors

  1. to exercise rights and to perform obligations under laws and regulations;
  2. to provide various information on the status of shareholders;
  3. to manage shareholders under laws and regulations; and
  4. to appropriately respond to various inquiries or requests.

5. Personal information related to managements, officers and employees

  1. to manage personnel and security;
  2. to calculate and pay salaries, to process social insurance procedures, or the like;
  3. for business execution; and
  4. for the operations related to the foregoing items.

6. Personal information related to retired employees

  1. to provide information to retired employees.

7. Personal information outsourced from business partners

  1. to perform contracts related to outsourced services.

4. Provision of personal information to a third party

The Company shall not provide personal information to a third party except in the following cases.  However, this shall not apply in the case where permitted by the Personal Information Protection Act or other laws and regulations.

1. Cases where there is a need to protect a human life, body, or property, and when it is difficult to obtain your consent

2. Cases where there is a special need to improve public health or promote healthy child development, and when it is difficult to obtain your consent.

3. Cases where there is a need to cooperate with a national government organ, a local government, or any party delegated thereby performing affairs prescribed by laws and regulations, and when obtaining the your consent is likely to impede the performance of those affairs.

4. Cases where the Company outsources the handling of the personal information, in whole or in part, to a third party within the scope necessary to achieve the purposes of use after executing an appropriate outsourcing agreement.

5. Cases where the Company considers projects or conducts promotions (only for portfolios) when an applicant enters the Company.

6. Cases where you wish to use GMO ID provided by GMO Internet Group, Inc. when using the services of the Company’s business (in this case, the Company will provide GMO Internet Group, Inc. with identification information, etc. that the Company added to your account for the purpose of the Company and GMO Internet Group, Inc. providing any service to you by using the email address log-in and GMO ID.)

7. Cases where the Company analyses personal information through collation, and uses it for distributing advertisements, etc.

The Company may provide your personal information managed by the Company to a third party (meaning any alliance partner that executed a contract with the Company and provides the advertisement distribution service, etc.*) for the purpose of distributing advertisements, etc.  For example, the Company may be able to distribute more customized advertisements for you by providing such third party with the personal information the Company manages (such as advertising identifiers, email addresses, and phone numbers) for the purpose of distributing advertisements to you, and collating and analyzing the advertising identifiers, etc., and other personal information or information relating to personal information managed by such third party.  In this case, such third party will use your personal information in order to distribute advertisements requested by the Company.

*The list of alliance partners that provide advertisement distribution services and the name of foreign countries, etc. when the alliance partners are located outside Japan are explained below, so please also refer to the following.

The Company may provide a third party (including a person placing advertisements (advertiser)) with your personal information such as advertising identifiers, etc. managed by the Company for the purpose of confirming, etc. the result of the advertisements, and such third party may provide your personal information to the Company together with condition fulfilment information, etc. after linking the personal information with the advertising identifiers, etc. and other personal information or information relating to personal information managed by the third party.  The Company uses the received information by linking personal information managed by the Company in order to confirm, etc. the result of the advertisements to you.

The Company has confirmed that the alliance partners take the same level of measures for handling personal information as the measures that are required for the business operator handling personal information in Japan.

*Country and region names of alliance partners outside Japan that provide advertisement distribution services

Google LLC [United States]
Meta Platforms, Inc. [United States]
X Corp. [United States]
The Trade Desk, Inc. [United States]
MediaMath, Inc. [United States]
Microsoft [United States]

Please refer to the following website of Personal Information Protection Commission for systems, etc. for protecting personal information in countries outside Japan that may receive personal information:
Research into systems, etc. for protecting personal information in foreign countries https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/#gaikoku

8. Any other cases where you have given prior consent to disclose or provide your personal information.

5. Security management of personal information

In order to prevent the divulgence, loss, or data corruption of personal information, the Company will take appropriate legal action, organizational and technical measures to protect personal information in accordance with the Act on the Protection of Personal Information.  In addition, the Company conducts appropriate supervision of employees with respect to the handling of personal information.

The Company will store personal information for two years starting from the last day of December of the year in which the application date belongs to reexamine whether or not to hire an applicant in the future and manage application histories, etc.  The Company shall responsibly destroy personal information that has exceeded the storage period in an appropriate manner, and will not return the information to the applicant.

The contents of the Company’s specific security management measures for personal information are as follows.

Formulation of basic policy: To ensure appropriate handling of personal information, the Company will form this Privacy Policy as a basic policy regarding the “compliance with related laws and regulations, guidelines, and the like,” and the “inquiry desk for processing questions and complaints”, or the like. Preparation of rules related to handling personal information: For each step of acquiring, using, storing, providing, deleting, disposing, and the like of personal information, the Company will form handling regulations for personal information regarding handling methods, persons responsible, persons in charge, the duties of such persons, and the like .

Organizational security management measures:

  1. In addition to appointing persons responsible for the handling of personal information, the Company will clarify which employees will handle personal information and the scope of personal information such employees will handle, and maintain a system to report to and communicate with persons responsible for cases where any instance or indication of a violation of any laws or handling regulations is discovered.
  2. The Company will regularly conduct self-examination as well as audits by other departments or external persons in respect of the handling status of personal information.

Human security management measures:

  1. The Company will conduct regular training for employees in relation to important matters regarding the handling of personal information.
  2. The Company will set out matters regarding confidentiality of personal information in the Company’s Work Rules.

Physical security management measures:

  1. In areas where personal information is handled, the Company will take measures to prevent access to personal information by unauthorized persons, in addition to managing employees’ access of rooms and limiting devices and the like brought into those rooms.
  2. The Company will take measures so that personal information is not readily identified when carrying devices, electronic media, and the like for handling personal information (including when moving to a different area inside the office), in addition to taking measures to prevent robbery, loss, and the like of those devices, electronic media, documents, and the like.

Technical security management measures:

  1. The Company will implement access control to limit the scope of persons in charge and of personal information databases and the like handled.
  2. The Company will install systems to protect information systems that handle personal information from externally originating unauthorized access and unauthorized software.

6. Outsourcing of personal information handling

The Company may outsource all or part of personal information handling to a third party within the scope necessary to achieve the purposes of use. If the Company outsources all or part of personal information handling to a third party, in order to ensure the security management of the outsourced personal information, the Company will appropriately select the third party to which the handling of personal information is outsourced and provide appropriate supervision to such third party.

7. Information relating to personal information

1.  Cases where the Company acquires information relating to personal information received from a third party, a provider of such information, as personal data.

The Company will acquire information relating to personal information (meaning “information relating to personal information” as defined in Article 2, paragraph 7 of the Personal Information Protection Act and limited to those constituting a personal related information database, etc. as defined in Article 16, paragraph 7 of the same act; the same hereinafter) received from a third party as personal data as follows.

1) Cases where you wish to use GMO ID provided by GMO Internet Group, Inc. when using the services of the Company’s business.

The Company will acquire your email address registered in GMO ID operated by GMO Internet Group, Inc., identification information, etc. added to the GMO ID, or other information relating to personal information, and acquire and use such information, etc. for the purpose of issuing an account and providing services by using the GMO ID after linking such information, etc. to your personal data.

2) Cases where the Company receives information related to you (information relating to personal information), such as identifiers or behavior history, from a third party who does not hold information specifying you (for example, your name), acquires the information related to you as personal information by linking such information to your personal information managed by the Company, and uses such information pursuant to the purpose explained in above “3-1 Purpose of use” unless a separate purpose is prescribed.

Specifically, the Company may acquire Cookies, etc., mobile advertisement identifiers, email addresses and phone numbers (including those that have undergone irreversible conversion processing), logs related to distributing advertisements such as the number of times an advertisement is viewed, or website browsing or search history, etc., and use such information by linking personal information managed by the Company. In this case, the Company will appropriately handle such information as personal information in accordance with applicable laws and regulations.

3) In addition to the provisions prescribed in the two preceding paragraphs, cases where information relating to personal information received from a third party becomes personal data identifying principals as a result of a collation with personal information that the Company acquires from you.

The Company will acquire and use all information relating to personal information for the purpose of the matters stated in “3. Purpose of use.”

2.  Cases where the Company provides information relating to personal information to a third party as a database.

1) The Company will not provide the information relating to personal information to the third party without confirming the matters set forth as follows pursuant to provisions prescribed in the Rules of the Personal Information Protection Commission in advance.

  • (a) The consent of the principal has been obtained to the effect that the principal approves of the third party acquiring information related to personal information as personal data that can identify the principal received from the Company.
  • (b) In respect to provision to a third party in a foreign country, when the Company intends to obtain the consent of the principal referred to in the preceding item, information on the systems for the protection of personal information in such foreign country, information on the measures such third party takes for the protection of personal information, and other information that serves as a reference to the principal, has been provided to the principal in advance pursuant to provisions prescribed in the Rules of the Personal Information Protection Commission.

2) When the Company provides information relating to personal information to the third party pursuant to the provisions of the preceding paragraph, the Company will create and store a record in accordance with Article 31 of the Personal Information Protection Act.

3) When the Company acquires information relating to personal information from the third party as personal data, the Company shall conduct the necessary confirmation in accordance with the Personal Information Protection Act, and create and store a record pertaining to such confirmation.

8. Handling of pseudonymized personal information

1.  When the Company produces pseudonymized personal information (meaning “pseudonymized personal information” as defined in Article 2, paragraph 5 of the Personal Information Protection Act and limited to those constituting a pseudonymized personal information database, etc. as defined in Article 16, paragraph 5 of the same act; the same hereinafter), the Company shall process personal information in accordance with standards prescribed in the Rules of the Personal Information Protection Commission.

2.  When the Company produces pseudonymized personal information or obtains pseudonymized personal information, deleted information concerning the pseudonymized personal information, or the like (meaning information as defined in Article 41, paragraph 2 of the Personal Information Protection Act; the same hereinafter), the Company shall take measures for the security management of the deleted information, etc. in accordance with standards prescribed in the Rules of the Personal Information Protection Commission as those necessary to prevent the divulgence of the deleted information, etc.

3.  The Company will comply with the following provisions regarding pseudonymized personal information (limited to information that is personal information; the same applies in this item).

  • (a) Except in cases based on laws and regulations, the Company does not handle pseudonymized personal information beyond the scope necessary to achieve the purpose of use.
  • (b) Except in cases based on laws and regulations, the Company does not provide personal data that is pseudonymized personal information to a third party. However, the case prescribed in paragraph 9 will not fall under provision to third parties as prescribed above.
  • (c) In handling pseudonymized personal information, the Company does not collate the pseudonymized personal information with other information in order to identify a principal concerned with personal information used to produce the pseudonymized personal information.
  • (e) In handling pseudonymized personal information, the Company does not use contact addresses or other information contained in the pseudonymized personal information in order to telephone, send by mail or by correspondence delivery, deliver a telegram, transmit using a facsimile or electromagnetic means, or visit a person’s residence.

9. Joint use

The Company jointly uses personal information and pseudonymized personal information as follows, and provides personal information and pseudonymized personal information to be jointly used to users set forth below.

1.  Items of personal information and pseudonymized personal information that will be jointly used: Name, address, email address, phone number, contract information, and other items within the scope necessary for the above purpose of use.

2.  The scope of joint users: The Company’s group companies: the Company’s group companies are as stated in “Group Companies” in the following link: https://www.gmo.jp/company-profile/groupinfo/

3.  The purpose of use of those who will use the personal information and pseudonymized information.

  As stated in “3. Purpose of use.”

4.  The name of the person or entity responsible for the management of the personal information and pseudonymized personal information and its address and representative’s name.

Cases where the Company jointly uses personal information and pseudonymized personal information with GMO Internet Group, Inc., which is one of the Company’s group companies.

26-1 Sakuragaokacho, Shibuya-ku, Tokyo
GMO Internet Group, Inc.
Founder, Chairman and Group CEO: Masatoshi Kumagai

Cases where the Company jointly uses personal information and pseudonymized personal information with one of the Company’s group companies other than GMO Internet Group, Inc.

26-1 Sakuragaokacho, Shibuya-ku, Tokyo
GMO Cybersecurity by Ierae, Inc.
Chief Executive Officer : Makoto Makita

10. Disclosure, correction, suspension of use, or the like regarding personal information

If you wish to make a request concerning the disclosure, correction or suspension of use, or disclosure of records pertaining to third-party provision, and the like regarding your personal information, the Company will comply within a reasonable extent in accordance with laws and regulations after the Company has confirmed that the person who made such request was you (the Company will collect 1,000 yen as the fee for disclosure stipulated by the Company). Please contact the inquiry desk to make a request for disclosure, correction or suspension of use, or disclosure of records pertaining to third-party provision, and the like regarding personal information.

11. Inquiry desk

The following email address will be in charge of inquiries regarding the handling of personal information and this Privacy Policy.

GMO Cybersecurity by Ierae, Inc.
info@gmo-cybersecurity.com 

12. Changes to this Privacy Policy

The Company continuously endeavors to further enhance the system for protecting personal information, and the contents of this Privacy Policy may be modified and changed. The modified and changed Privacy Policy shall take effect at the time it is posted on the Site, unless otherwise prescribed by the Company.

Business operator handling personal information
26-1 Sakuragaokacho, Shibuya-ku, Tokyo
GMO Cybersecurity by Ierae, Inc.
Chief Executive Officer : Makoto Makita

Revision history of this Privacy Policy

Formulated on January 1, 2012
Revised on March 1, 2016
Revised on June 25, 2018
Revised on July 1, 2022
Revised on August 1, 2022
Revised on October 6, 2023
Revised on March 25, 202

経験豊富なエンジニアが
セキュリティの不安を解消します

Webサービスやアプリにおけるセキュリティ上の問題点を解消し、
収益の最大化を実現する相談役としてぜひお気軽にご連絡ください。

疑問点やお見積もり依頼はこちらから

お見積もり・お問い合わせ

セキュリティ診断サービスについてのご紹介

資料ダウンロード