Privacy Policy
Company: Kyash Inc.
Please see the link for the address and representative director.
Kyash Inc. (hereinafter referred to as "the Company") aims to propose a new way of value exchange and contribute to the further development of a cashless society and social contribution by providing Kyash (hereinafter referred to as "the Service") to the world. For the Company, the information of our users and information from individuals related to our business are important. The Company will handle the personal data, personal information, and personally identifiable information (hereinafter referred to as "Personal Information, etc.") obtained from individuals in a proper manner based on the Act on the Protection of Personal Information (Act No. 57 of 2003, hereinafter referred to as the "Personal Information Protection Law") and related guidelines, and will sincerely implement this Privacy Policy (hereinafter referred to as "this Policy").
The Company has obtained certification from the TRUSTe Privacy Program, a globally recognized personal information protection and authentication standard. TRUSTe is an independent organization that promotes fair information practices on the Internet and works to build stronger trust and credibility between customers and businesses. In order to fulfill the commitment to the protection of personal information for customers, the Service discloses the following information regarding its use and agrees to be audited by TRUSTe regarding the use of personal information.
TRUSTe: iOS Link: https://www.truste.or.jp/hssl/validate/sp/00315.php
TRUSTe: Android Link: https://www.truste.or.jp/hssl/validate/sp/01418.php
TRUSTe: web Link: https://www.truste.or.jp/hssl/validate/01419.php
1. Collection Policy for Personal Information
The Company collects information through the following two methods:
(1) Information Provided by Users
When using the Service, users are requested to provide certain information. This information may include names, addresses, email addresses, occupations, genders, ages, dates of birth, mobile phone numbers, company names, company addresses, information about representatives, business details, credit card information, bank account information, and any other information provided by users to the Company in relation to the provision of the Service or transactions with the Company.
(2) Technological and Payment Information Collected during the Use of the Service
When using the Service, the following information is collected and recorded:
- Device information (hardware model, OS version, device settings, device-specific IDs, crash information, mobile network information, etc.)
- Log information (IP address, browser type and settings, date and time of actions, and other history including the usage history of the Kyash app)
- Cookie information
- Payment-related information
- Any other information deemed necessary by the Company for using the Service
In this Policy, "Personal Information" refers to the definition of "Personal Information" in the Act on the Protection of Personal Information and refers to information about a living individual, including names, dates of birth, addresses, phone numbers, email addresses, or any other information that can identify specific individuals through voice, movement, or other means (including information that can easily be matched with other information to identify specific individuals).
Furthermore, "Personal Identifier Codes" as defined in the Act on the Protection of Personal Information are also included, referring to information that can identify specific individuals solely from that information, such as driver's license numbers or insurer numbers on health insurance cards.
The Company collects information through the following two methods:
(1) Information Provided by Users
When using the Service, users are requested to provide certain information. This information may include names, addresses, email addresses, occupations, genders, ages, dates of birth, mobile phone numbers, company names, company addresses, information about representatives, business details, credit card information, bank account information, and any other information provided by users to the Company in relation to the provision of the Service or transactions with the Company.
(2) Technological and Payment Information Collected during the Use of the Service
When using the Service, the following information is collected and recorded:
- Device information (hardware model, OS version, device settings, device-specific IDs, crash information, mobile network information, etc.)
- Log information (IP address, browser type and settings, date and time of actions, and other history including the usage history of the Kyash app)
- Cookie information
- Payment-related information
- Any other information deemed necessary by the Company for using the Service
In this Policy, "Personal Information" refers to the definition of "Personal Information" in the Act on the Protection of Personal Information and refers to information about a living individual, including names, dates of birth, addresses, phone numbers, email addresses, or any other information that can identify specific individuals through voice, movement, or other means (including information that can easily be matched with other information to identify specific individuals).
Furthermore, "Personal Identifier Codes" as defined in the Act on the Protection of Personal Information are also included, referring to information that can identify specific individuals solely from that information, such as driver's license numbers or insurer numbers on health insurance cards.
2. Purposes of Using Personal Information
(1) The Company collects information from the following individuals for the purposes specified below:
- Individuals and corporations who are users of the Service
- Employees and officers of partner and collaborative companies
- Employees and officers of other business partners
The information collected from the aforementioned individuals will not be used beyond the scope necessary to achieve the following purposes:
1. For registration at the start of using the Service.
2. For identity verification in using the Service.
3. For the provision, improvement, and development of new features of the Service.
4. For understanding and analyzing the usage status of the Service.
5. For notifying necessary matters related to the operation of the Service.
6. For detecting, preventing, and addressing fraudulent activities, security and technical issues, and other related matters.
7. For responding to inquiries related to the Service.
8. For providing information to financial institutions, credit card companies, and partner companies as required for using the Service.
9. For delivering and providing advertisements, campaign information, and conducting surveys by the Company and partner companies.
10. For utilizing purchase history information to analyze and provide advertisements related to services based on users' interests and preferences.
11. For dealing with fraudulent use.
12. For resolving disputes between users or with member stores and for other purposes related to the above purposes.
(2) Our company collects information from the following individuals:
- Employees and officers of business partners
- Shareholders
- Employees, job applicants, and retirees of our company
- Individuals who have made inquiries
- Individuals participating in seminars or events
The information collected from the individuals mentioned above will not be used beyond the scope necessary to achieve the following purposes:
1. For fulfilling obligations, exercising rights, providing necessary information, and communicating regarding transactions with our company.
2. For fulfilling obligations, exercising rights, providing necessary information, and communicating in accordance with company law.
3. For personnel and labor management purposes.
4. For recruitment selection and onboarding procedures.
5. For necessary notifications and information provision as required by our company.
6. For responding to inquiries.
(1) The Company collects information from the following individuals for the purposes specified below:
- Individuals and corporations who are users of the Service
- Employees and officers of partner and collaborative companies
- Employees and officers of other business partners
The information collected from the aforementioned individuals will not be used beyond the scope necessary to achieve the following purposes:
1. For registration at the start of using the Service.
2. For identity verification in using the Service.
3. For the provision, improvement, and development of new features of the Service.
4. For understanding and analyzing the usage status of the Service.
5. For notifying necessary matters related to the operation of the Service.
6. For detecting, preventing, and addressing fraudulent activities, security and technical issues, and other related matters.
7. For responding to inquiries related to the Service.
8. For providing information to financial institutions, credit card companies, and partner companies as required for using the Service.
9. For delivering and providing advertisements, campaign information, and conducting surveys by the Company and partner companies.
10. For utilizing purchase history information to analyze and provide advertisements related to services based on users' interests and preferences.
11. For dealing with fraudulent use.
12. For resolving disputes between users or with member stores and for other purposes related to the above purposes.
(2) Our company collects information from the following individuals:
- Employees and officers of business partners
- Shareholders
- Employees, job applicants, and retirees of our company
- Individuals who have made inquiries
- Individuals participating in seminars or events
The information collected from the individuals mentioned above will not be used beyond the scope necessary to achieve the following purposes:
1. For fulfilling obligations, exercising rights, providing necessary information, and communicating regarding transactions with our company.
2. For fulfilling obligations, exercising rights, providing necessary information, and communicating in accordance with company law.
3. For personnel and labor management purposes.
4. For recruitment selection and onboarding procedures.
5. For necessary notifications and information provision as required by our company.
6. For responding to inquiries.
(3) Change of Purpose
Our company may change the purpose of using personal information only if it is reasonably determined to be relevant to the original purpose. In the event of a change in the purpose, we will notify users through the designated methods specified by our company or disclose the revised purpose on this website.
Our company may change the purpose of using personal information only if it is reasonably determined to be relevant to the original purpose. In the event of a change in the purpose, we will notify users through the designated methods specified by our company or disclose the revised purpose on this website.
(4) Provision of Personal Information to Third Parties
Unless otherwise specified below, our company will not provide personal information to third parties without obtaining prior consent. However, providing personal information to contractors, business successors, or joint users within the scope of the intended use of personal information does not fall under the category of third-party provision of personal information.
1. Cases based on laws and regulations.
2. Cases where it is necessary to protect the life, body, or property of an individual and obtaining consent is difficult.
3. Cases where it is necessary for the improvement of public health or the promotion of sound growth of children and obtaining consent is difficult.
4. Cases where it is necessary to cooperate with a national agency, local government, or a person entrusted by them in performing tasks prescribed by laws and regulations, and obtaining consent may interfere with the performance of such tasks.
5. Cases where the third party is an academic research institution, etc., and it is necessary for the third party to handle the personal data for academic research purposes (excluding cases where part of the purpose of handling the personal data is for academic research and there is a risk of unduly infringing on the rights and interests of individuals).
Unless otherwise specified below, our company will not provide personal information to third parties without obtaining prior consent. However, providing personal information to contractors, business successors, or joint users within the scope of the intended use of personal information does not fall under the category of third-party provision of personal information.
1. Cases based on laws and regulations.
2. Cases where it is necessary to protect the life, body, or property of an individual and obtaining consent is difficult.
3. Cases where it is necessary for the improvement of public health or the promotion of sound growth of children and obtaining consent is difficult.
4. Cases where it is necessary to cooperate with a national agency, local government, or a person entrusted by them in performing tasks prescribed by laws and regulations, and obtaining consent may interfere with the performance of such tasks.
5. Cases where the third party is an academic research institution, etc., and it is necessary for the third party to handle the personal data for academic research purposes (excluding cases where part of the purpose of handling the personal data is for academic research and there is a risk of unduly infringing on the rights and interests of individuals).
(5) Outsourcing of Business Operations
Our company may outsource certain tasks to third parties for the provision of the Service, and in such cases, it may be necessary to provide some or all of the personal information held by our company to the outsourcing party. In such cases, our company will appropriately manage and supervise the outsourcing party to ensure that proper security measures for personal information are implemented.
Our company may outsource certain tasks to third parties for the provision of the Service, and in such cases, it may be necessary to provide some or all of the personal information held by our company to the outsourcing party. In such cases, our company will appropriately manage and supervise the outsourcing party to ensure that proper security measures for personal information are implemented.
(6) Provision to Foreign Business Operators
Our company may entrust a portion of our business operations to foreign business operators through outsourcing contracts and provide necessary personal information such as names, email addresses, and Kyash IDs. For specific information regarding the countries/regions and personal data protection systems of the recipients of the provision or outsourcing, please refer to the Kyash Personal Information Cross-Border Transfer page. The following conditions apply to the foreign business operators:
1. They handle personal information within the scope necessary for the performance of the tasks entrusted by our company.
2. They comply with applicable local laws.
3. They have implemented measures that conform to the eight principles of the OECD Privacy Guidelines.
4. They have implemented measures that are generally at the same level as those required of personal information handling businesses in our country regarding the handling of personal data.
Our company may entrust a portion of our business operations to foreign business operators through outsourcing contracts and provide necessary personal information such as names, email addresses, and Kyash IDs. For specific information regarding the countries/regions and personal data protection systems of the recipients of the provision or outsourcing, please refer to the Kyash Personal Information Cross-Border Transfer page. The following conditions apply to the foreign business operators:
1. They handle personal information within the scope necessary for the performance of the tasks entrusted by our company.
2. They comply with applicable local laws.
3. They have implemented measures that conform to the eight principles of the OECD Privacy Guidelines.
4. They have implemented measures that are generally at the same level as those required of personal information handling businesses in our country regarding the handling of personal data.
(7) Information Management
1. Ensuring Accuracy of Information
We strive to maintain the information you provide to us as accurate and up-to-date at all times.
2. Security Measures
Our company has established internal regulations that define appropriate handling methods in accordance with relevant laws and regulations, and we rigorously implement them for information management.
3. Supervision of Employees
Based on our internal regulations, we enforce strict operation and provide appropriate employee training for information management.
4. Supervision of Outsourcing Parties
Based on our internal regulations, we only entrust tasks to outsourcing parties that meet the requirements within the scope of the intended use, and we ensure proper management.
5. Retention Period and Disposal
We store the information you provide us in accordance with prescribed methods and promptly dispose of it when it is no longer needed.
1. Ensuring Accuracy of Information
We strive to maintain the information you provide to us as accurate and up-to-date at all times.
2. Security Measures
Our company has established internal regulations that define appropriate handling methods in accordance with relevant laws and regulations, and we rigorously implement them for information management.
3. Supervision of Employees
Based on our internal regulations, we enforce strict operation and provide appropriate employee training for information management.
4. Supervision of Outsourcing Parties
Based on our internal regulations, we only entrust tasks to outsourcing parties that meet the requirements within the scope of the intended use, and we ensure proper management.
5. Retention Period and Disposal
We store the information you provide us in accordance with prescribed methods and promptly dispose of it when it is no longer needed.
(8) External Cookies and Local Storage
We utilize cookies and behavioral history information (referred to as "cookies" hereinafter) to improve convenience, identify users who violate our respective service terms and conditions, and detect fraud, unauthorized access, and other misuse of services.
About Cookies
Cookies are small data files (text files) that browsers request to store on a user's device to remember information about the user when they access websites or use applications.
There are cookies called "third-party cookies" (cookies from a domain different from the website you are accessing) that collect information for third parties to use for advertising and marketing purposes, but we do not use third-party cookies.
The cookies we use are first-party cookies, which are small data files (text files) that browsers and applications request to store on your device to remember information about you, such as display language and login information, when you access our website or use our applications. These cookies are set by us and primarily used to provide more convenient and secure services.
Disabling Cookie Usage
If you wish to stop information collection through cookies, please follow the procedure to disable cookie usage by each operator through the links below. Note that if cookies are disabled, the service may not function as intended.
Names of Recipient Operators, Purposes of Use, etc.
Please refer to the following for the names of recipient operators to whom we send first-party cookies, the information transmitted, the purposes of our use of the information, the recipient's privacy policy, and settings for disabling external transmissions.
We utilize cookies and behavioral history information (referred to as "cookies" hereinafter) to improve convenience, identify users who violate our respective service terms and conditions, and detect fraud, unauthorized access, and other misuse of services.
About Cookies
Cookies are small data files (text files) that browsers request to store on a user's device to remember information about the user when they access websites or use applications.
There are cookies called "third-party cookies" (cookies from a domain different from the website you are accessing) that collect information for third parties to use for advertising and marketing purposes, but we do not use third-party cookies.
The cookies we use are first-party cookies, which are small data files (text files) that browsers and applications request to store on your device to remember information about you, such as display language and login information, when you access our website or use our applications. These cookies are set by us and primarily used to provide more convenient and secure services.
Disabling Cookie Usage
If you wish to stop information collection through cookies, please follow the procedure to disable cookie usage by each operator through the links below. Note that if cookies are disabled, the service may not function as intended.
Names of Recipient Operators, Purposes of Use, etc.
Please refer to the following for the names of recipient operators to whom we send first-party cookies, the information transmitted, the purposes of our use of the information, the recipient's privacy policy, and settings for disabling external transmissions.
Target Service / Website
Recipient Operator / Service Name
Information Transmitted
Purposes of Our Use of the Information
Recipient's Privacy Policy, etc.
Settings for Disabling External Transmissions
Kyash (iOS/Android App)
Google LLC. /Firebase Analytics
- Identifier information (client ID, etc.)
- Device information (browser, OS, etc.)
- Network information (IP address, etc.)
- Access/behavioral history information (referrer, etc.)
- Device information (browser, OS, etc.)
- Network information (IP address, etc.)
- Access/behavioral history information (referrer, etc.)
Analysis of service usage status
Kyash (iOS/Android App)
Appsflyer, Inc. /AppsFlyer
- Identifier information (client ID, etc.)
- Device information (browser, OS, etc.)
- Network information (IP address, etc.)
- Access/behavioral history information (referrer, etc.)
- Device information (browser, OS, etc.)
- Network information (IP address, etc.)
- Access/behavioral history information (referrer, etc.)
Analysis of service usage status
N/A
Kyash Corporate Website
Google LLC. /Google Analytics
- Identifier information (client ID, etc.)
- Device information (browser, OS, etc.)
- Network information (IP address, etc.)
- Access/behavioral history information (referrer, etc.)
- Device information (browser, OS, etc.)
- Network information (IP address, etc.)
- Access/behavioral history information (referrer, etc.)
Analysis of service usage status
Kyash Corporate Website
Google LLC. /Google Tag Manager
- Identifier information (client ID, etc.)
- Device information (browser, OS, etc.)
- Network information (IP address, etc.)
- Access/behavioral history information (referrer, etc.)
- Device information (browser, OS, etc.)
- Network information (IP address, etc.)
- Access/behavioral history information (referrer, etc.)
Analysis of service usage status
(9) Joint Use of Personal Information
Our company does not engage in the joint use of personal information received from individuals.
Our company does not engage in the joint use of personal information received from individuals.
(10) Information of Minors
If minors (below 18 years old) use the Service, they must obtain the consent of their legal guardian or other statutory representative before using it. If personal information of a minor is received, it will be assumed that consent has been obtained from the legal guardian.
If minors (below 18 years old) use the Service, they must obtain the consent of their legal guardian or other statutory representative before using it. If personal information of a minor is received, it will be assumed that consent has been obtained from the legal guardian.
(11) Disclosure of Personal Information
When we receive a request for the disclosure of personal information (including disclosure of records of third-party provision), we will promptly disclose the information after confirming that the request is from the individual concerned (we will notify if the personal information does not exist). However, this does not apply if disclosure could:
1. Endanger the life, body, property, or other rights and interests of the individual or a third party.
2. Significantly hinder the proper execution of our business operations.
3. Violate other laws and regulations.
When we receive a request for the disclosure of personal information (including disclosure of records of third-party provision), we will promptly disclose the information after confirming that the request is from the individual concerned (we will notify if the personal information does not exist). However, this does not apply if disclosure could:
1. Endanger the life, body, property, or other rights and interests of the individual or a third party.
2. Significantly hinder the proper execution of our business operations.
3. Violate other laws and regulations.
(12) Correction, Addition, and Deletion of Personal Information
If we receive a request for correction, addition, or deletion ("Correction, etc.") of personal information due to the inaccuracy of the information, we will promptly conduct a necessary investigation within the scope required to achieve the intended purpose and make corrections based on the results. We will notify the individual of the correction, etc. (If a decision is made not to make the correction, etc., we will notify accordingly.) However, this does not apply if our company is not obligated to make corrections, etc. under the Personal Information Protection Act or other laws and regulations.
If we receive a request for correction, addition, or deletion ("Correction, etc.") of personal information due to the inaccuracy of the information, we will promptly conduct a necessary investigation within the scope required to achieve the intended purpose and make corrections based on the results. We will notify the individual of the correction, etc. (If a decision is made not to make the correction, etc., we will notify accordingly.) However, this does not apply if our company is not obligated to make corrections, etc. under the Personal Information Protection Act or other laws and regulations.
(13) Suspension of Use, Erasure, or Suspension of Third-Party Provision of Personal Information
If we receive a request for the suspension of use or erasure of personal information ("Suspension of Use, etc.") due to the following reasons:
1. Handling of personal information beyond the scope of the publicly announced purpose of use.
2. Acquisition through unlawful means.
3. Inappropriate use is being conducted.
4. No longer necessary for our use.
5. Serious leakage or other incidents that should be reported to the Personal Information Protection Commission.
6. Handling of personal information that may harm the individual's rights or legitimate interests due to identification of the individual, we will promptly suspend the use, etc., of the personal information or suspend its provision (hereinafter referred to as "Provision Suspension") after confirming that there are grounds for the request. We will notify the customer of the action taken. However, this does not apply if our company is not obligated to suspend the use, etc., or provision suspension under the Personal Information Protection Act or other laws and regulations.
If we receive a request for the suspension of use or erasure of personal information ("Suspension of Use, etc.") due to the following reasons:
1. Handling of personal information beyond the scope of the publicly announced purpose of use.
2. Acquisition through unlawful means.
3. Inappropriate use is being conducted.
4. No longer necessary for our use.
5. Serious leakage or other incidents that should be reported to the Personal Information Protection Commission.
6. Handling of personal information that may harm the individual's rights or legitimate interests due to identification of the individual, we will promptly suspend the use, etc., of the personal information or suspend its provision (hereinafter referred to as "Provision Suspension") after confirming that there are grounds for the request. We will notify the customer of the action taken. However, this does not apply if our company is not obligated to suspend the use, etc., or provision suspension under the Personal Information Protection Act or other laws and regulations.
(14) Security Measures
To ensure the security of personal information provided by customers through the Service and to prevent unauthorized access by third parties, we take appropriate measures. Personal information is strictly managed based on our prescribed management standards, such as firewalls and unauthorized access detection. We also implement internal and external seminars on personal information protection to prevent loss, destruction, alteration, and leakage.
To ensure the security of personal information provided by customers through the Service and to prevent unauthorized access by third parties, we take appropriate measures. Personal information is strictly managed based on our prescribed management standards, such as firewalls and unauthorized access detection. We also implement internal and external seminars on personal information protection to prevent loss, destruction, alteration, and leakage.
(15) Changes to the Privacy Policy
This Policy may be revised as necessary. The latest version of the Policy disclosed on our website will apply. In the event of significant changes, we will notify you of the changes in an easily understandable manner.
This Policy may be revised as necessary. The latest version of the Policy disclosed on our website will apply. In the event of significant changes, we will notify you of the changes in an easily understandable manner.
(16) Procedures for Disclosure, Correction, and Suspension of Use of Personal Information
If you wish to make a request for disclosure, correction, addition, deletion, suspension of use, erasure, or suspension of third-party provision of personal information as described above, please follow the instructions provided here.
If you wish to make a request for disclosure, correction, addition, deletion, suspension of use, erasure, or suspension of third-party provision of personal information as described above, please follow the instructions provided here.
(17) Contact us
If you have any questions or comments regarding our compliance with this Policy, please contact us. We will promptly address your concerns after verifying the details. If you are not satisfied with our response to your inquiries, please contact TRUSTe (https://www.truste.or.jp/hssl/watchdog/). TRUSTe will act as an intermediary and work to resolve your inquiries regarding our company.
Regarding the personal information we have collected from you, you have the right to be notified of the purpose of use, request disclosure, correction, etc., request suspension of use, erasure, or suspension of third-party provision. For specific procedures, please contact us using the information below.
Contact Information:
Address: 12th Floor, 1-2-3 Kita Aoyama, Minato-ku, Tokyo, Japan
Kyash Inc. Personal Information Inquiry Desk
E-mail: privacy@kyash.co
Please note that a fee of 1,000 yen (plus any applicable taxes) will be charged for each request for notification of purpose of use or disclosure of personal information.
If you have any questions or comments regarding our compliance with this Policy, please contact us. We will promptly address your concerns after verifying the details. If you are not satisfied with our response to your inquiries, please contact TRUSTe (https://www.truste.or.jp/hssl/watchdog/). TRUSTe will act as an intermediary and work to resolve your inquiries regarding our company.
Regarding the personal information we have collected from you, you have the right to be notified of the purpose of use, request disclosure, correction, etc., request suspension of use, erasure, or suspension of third-party provision. For specific procedures, please contact us using the information below.
Contact Information:
Address: 12th Floor, 1-2-3 Kita Aoyama, Minato-ku, Tokyo, Japan
Kyash Inc. Personal Information Inquiry Desk
E-mail: privacy@kyash.co
Please note that a fee of 1,000 yen (plus any applicable taxes) will be charged for each request for notification of purpose of use or disclosure of personal information.
