Privacy Policy
GIRAFULL Inc. recognizes that protecting the personal information and specific personal information of customers, users, and employees is an important social responsibility.
We have established the following personal information and specific personal information protection policy and declare that we will make a company-wide effort to ensure the appropriate handling of personal information.
1. Personal information and specific personal information, etc. will be acquired and provided by appropriate means only to the extent necessary for the commissioned business and for employee employment and personnel management. In addition, we will not handle the information beyond the scope necessary to achieve the specified purposes of use (use for purposes other than those specified), and will take measures to ensure this.
2. We will take reasonable safety measures through education, audits and improvements regarding risks such as unauthorized access to personal information and specific personal information, or the loss, destruction, falsification and leakage of personal information, and will continuously improve our system for protecting personal information and specific personal information.
3. We will comply with applicable laws, regulations and other standards regarding personal information and specific personal information, etc. held by our company.
4. The Company will respond appropriately and promptly to questions and complaints regarding personal information and specific personal information, etc.
5. We will review and continually improve our personal information and specific personal information protection system in a timely and appropriate manner, taking into account social needs, individual requests, and the latest IT trends.
May 1, 2024 (established)
GIRAFULL Co., Ltd.
Representative Director Kazuki Shigehashi
Handling of personal information and specific personal information, etc.
GIRAFULL Inc. will handle personal information and specific personal information, etc. used for business purposes as follows, based on the "Personal Information and Specific Personal Information Protection Policy."
1. Purpose of use of personal information, specific personal information, and other personal-related information
(1) Personal information handled by our company will be handled appropriately within the scope of the following purposes of use.
| Personal information name | Purpose of use |
| Your personal information | To provide services To contact you for after-sales service To introduce new products and services To send quotations, purchase orders, and invoices |
| Personal information of business partners | Sending quotations, purchase orders, and invoices Contacting you about quotations, purchase orders, and invoices |
| Personal information of job applicants | Notification regarding interviews for employment selection Notification of results of employment selection |
| Employee personal information | Personnel and labor management (specified in a separate agreement) |
| Personal information obtained through inquiries | Contact to respond to inquiries |
| Personal information acquired through commissioned work | To fulfill contracts in the course of commissioned work |
(2) The specific personal information, etc. handled by our company will be handled appropriately within the scope of specific administrative tasks related to social security, taxes, and disaster prevention measures.
(3) When we acquire personal information as personal data, we will handle it appropriately within the scope of the following purposes of use.
| Personal information | Purpose of use |
| IP address | Identity verification |
2. Provision of personal information and specific personal information to third parties
(1) We will not disclose or provide personal information to third parties except for the purposes of conducting business and for the following reasons ① to ⑦.
① When the individual has given their consent
② When permitted by laws and regulations, etc. ③ When it is necessary to protect a person's life, body, or property, and it is difficult to obtain the consent of the individual. ④ When it is particularly necessary to improve public health or promote the healthy development of children, and it is difficult to obtain the consent of the individual. ⑤ When the personal information handling business operator is an academic research institution, etc., and the provision of the personal data is unavoidable for the purpose of publishing the results of academic research or for teaching (excluding cases where there is a risk of unjustly infringing on the rights and interests of individuals).
⑥ When the personal information handling business operator is an academic research institution, etc., and it is necessary to provide the personal data for academic research purposes (including when part of the purpose of providing the personal data is academic research purposes, excluding cases where there is a risk of unduly infringing on the rights and interests of individuals) (limited to cases where the personal information handling business operator and the third party conduct academic research together).
⑦ When the third party is an academic research institution, etc., and it is necessary for the third party to handle the personal data for academic research purposes (including when part of the purpose of handling the personal data is academic research purposes, excluding cases where there is a risk of unjustly infringing on the rights and interests of individuals).
3. Joint Use of Personal Information In order to achieve the purposes of use set out in Section 1, we may jointly use personal information entrusted to us as follows. If we revise the "purpose of use with joint users" and "handling of personal data," we will make public the details in advance.
4. Management of Outsourced Parties, etc. In order to achieve the purposes of use set forth in paragraph 1, we may entrust personal information and specific personal information, etc. that we have received to outsourced companies that have entered into contracts with us. We require these companies to handle, manage, and protect the information appropriately, and prohibit them from disclosing or providing it to third parties or using it for purposes other than those set forth in paragraph 1.
5. Measures taken by our company to ensure the safe management of personal information
(1) Formulation of basic policies In order to ensure the proper handling of personal data, we have formulated basic policies regarding "compliance with relevant laws, regulations, guidelines, etc." and "contact points for handling questions and complaints."
(2) Establishment of rules for handling personal data. Formulate rules for handling personal data, including the handling method, responsible persons and staff and their duties, for each stage of acquisition, use, storage, provision, deletion, disposal, etc.
(3) Organizational safety control measures We will appoint a person responsible for handling personal data, clarify the employees who handle personal data and the scope of personal data handled by said employees, and establish a reporting and communication system to the person responsible when we become aware of facts or signs of violations of laws or handling regulations. We will also conduct regular internal audits of the handling status of personal data, and undergo external audits for the JAPHIC mark, based on the guidelines for the Act on the Protection of Personal Information (Personal Information Protection Commission) as the audit criteria.
(4) Personnel safety management measures Regular training is provided to employees regarding important points to note regarding the handling of personal data. Matters regarding confidentiality of personal data are included in the work regulations.
(5) Physical security control measures In areas where personal data is handled, measures will be taken to manage employee entry and exit and to restrict the devices brought in, as well as to prevent unauthorized persons from viewing personal data. Measures will be taken to prevent theft or loss of devices, electronic media, documents, etc. that handle personal data, and measures will be taken to prevent personal data from being easily identified when carrying such devices, electronic media, etc., including when moving within the workplace.
6. Procedures for inquiries, disclosure, etc. regarding personal information and specific personal information, etc.
(1) If an individual or their representative requests notification of the purpose of use, disclosure, records of provision to a third party, correction, addition or deletion of content, suspension of use, erasure, or suspension of provision to a third party (hereinafter referred to as "Disclosure, etc.") regarding personal information and specific personal information, etc., we will respond in good faith.
(2) When making an inquiry, we will verify that you are the individual in question or their representative.
(3) If we are unable to verify your identity as the individual or as your representative, we may not be able to respond to your inquiries, requests for disclosure, etc.
(4) We will respond to requests for disclosure, etc. from the individual or their agent within a reasonable period of time.
[Procedures for disclosure, etc.]
(1) Please contact the following office by email or phone.
(2) We will send you a designated "Application for Disclosure of Personal Information, etc.", so please fill in the necessary information.
(3) We will verify your identity based on personal information held by our company.
(4) If an inquiry is made by a representative, we will verify the identity of the representative by submitting a letter of attorney or a seal certificate.
(5) Please mail the "Application for Disclosure of Personal Information, etc."
(6) Personal information received through the "Application for Personal Information Disclosure, etc." will be used to contact the customer who made the inquiry and to verify their identity. It will not be used for any other purpose. After we have responded to your request for disclosure, etc., we will store the documents you provided for one year and then destroy them.
*The procedures for disclosing specific personal information will be the same as above, but in order to comply with the Numbering Act, the specific personal information protection manager will determine whether disclosure is possible before disclosing the information.
[Shipping costs for requests for disclosure, etc. and collection method]
When making a "request for disclosure, etc.", you will be charged a shipping fee of 500 yen for each application. Please enclose 500 yen worth of postage stamps with your application documents.
GIRAFULL Co., Ltd.
Representative Director Shigehashi Kazuki Namba KH Building 13-13 Namba Sennichimae, Chuo-ku, Osaka City, Osaka Prefecture