Privacy Policy

1. Compliance with Laws and Regulations (Basic Principles)

GMO Insight Inc. (hereinafter referred to as the "Company") is acutely aware of the importance of protecting customers' personal information and will strive to appropriately protect such personal information in accordance with this Privacy Policy (hereinafter referred to as this "Policy").

Please note that, in addition to this Policy, separate policies established by GMO Internet, Inc. apply to the handling of personal information in connection with the Company's recruitment activities.

In this Policy, "personal information" means information about a living individual which can identify a specific individual by name, date of birth or other description contained in such information (including information which can be readily collated with other information and thereby identify a specific individual, information containing personal identification codes, "personal data" and "retained personal data"; the same shall apply hereinafter).

Shibuya Fukuras, 1-2-3 Dogenzaka, Shibuya-ku, Tokyo
GMO Insight Inc.
President and Representative Director: Shinichiro Tokunaga

2. Acquisition of Personal Information

On the websites and applications for the services operated and provided by the Company (hereinafter collectively referred to as the "Services"), the Company will, as far as possible, specify and publicly announce the purposes of use in advance and will acquire personal information appropriately and fairly.

The Company will handle all information related to the Services in accordance with the laws and regulations of Japan. The Company may restrict access to the Services from outside Japan. Accordingly, when the Services are used from outside Japan, the layout of the website, characters, advertisements and other displays may differ from those provided within Japan. Please be advised in advance.

3. Types of Personal Information Acquired

The Company acquires the following personal information:

  1. Account information: Name, email address, password
  2. Communication information: IP address, browser information, device information
  3. Usage history: Access logs, page browsing history, search history
  4. Recruitment information: Name, address, telephone number, email address, educational background, employment history, qualification information
  5. Inquiry information: Name, email address, and contents of inquiries

4. Purposes of Use and Legal Bases (Specification and Publication)

The purposes of use and legal bases for personal information acquired by the Company are as follows.

(1) Purposes of Use and Legal Bases in Relation to the Services

[Performance of a contract]

  1. To receive applications for, cancellations of, registrations for, identity verifications relating to, and confirmations and procedures for renewal and continuation of contracts relating to the Services
  2. To provide the Services and to manage customers using the Services and provide support to such customers
  3. To bill for fees for use of the Services and for products sold by the Company
  4. To send products, prizes, gifts and similar items
  5. To smoothly operate and provide services entrusted to the Company
  6. To enable the Company's contractors to achieve their business purposes relating to the smooth operation and provision of the Services

[Legitimate interests]

  1. To confirm, investigate and respond to inquiries regarding the Services
  2. To provide information regarding changes, additions or discontinuations of the Services, and information regarding service failures, maintenance and other matters relating to the Services

[Consent of the data subject]

  1. To use, as statistical data, information processed so that individual customers cannot be identified, for the purpose of improving the quality of the Services and developing new products and services
  2. To provide information, deliver advertisements and conduct promotions relating to products and services of the Company or third parties such as partner companies (including providing information, delivering advertisements and conducting promotions tailored to interests and preferences based on analysis of browsing history, purchase history and other information)
  3. To conduct questionnaire surveys and similar activities for the purpose of improving the quality of products and services of the Company or third parties such as partner companies
  4. To implement various events and benefits relating to products and services of the Company or third parties such as partner companies

(2) Purposes of Use for Recruitment Applicants

[Performance of a contract]

  1. To manage recruitment applicants and to receive, confirm and respond to applications and conduct screening
  2. To communicate interview schedules, hiring results, decisions on remuneration and similar matters
  3. To manage employment after hiring

[Consent of the data subject]

  1. To register recruitment applicants as business partners and communicate regarding business transactions

(3) Other Purposes of Use

[Consent of the data subject]

  1. For purposes of use that are individually indicated and consented to at the time of acquiring personal information

[Performance of a contract or legitimate interests]

  1. To seek customers' consent regarding the use of personal information

5. Use within the Scope of the Purposes of Use

The Company will handle customers' personal information only to the extent necessary to achieve the purposes of use specified and publicly announced in advance. However, the Company may handle personal information beyond the extent necessary to achieve such purposes of use in any of the following cases:

  1. When required by laws and regulations;
  2. When it is necessary for the protection of the life, body or property of a person and it is difficult to obtain the consent of the individual;
  3. When it is particularly necessary for the improvement of public health or the sound development of children and it is difficult to obtain the consent of the individual; or
  4. When it is necessary to cooperate with a state organ, a local government or a person entrusted by them in performing affairs prescribed by laws and regulations, and obtaining the consent of the individual is likely to impede the performance of such affairs.

6. Automated Decision-Making and Profiling

The Company may conduct automated decision-making (including profiling) for the following purposes:

  1. Detection of unauthorized access and fraudulent use
  2. Provision of functions according to service usage conditions
  3. Display of personalized content
  4. Optimization based on analyses of usage frequency

These processes do not produce legal effects concerning Users or similarly significant impacts on Users.

7. Retention Period

In handling personal information, the Company shall, in principle, determine a retention period to the extent necessary for the purposes of use and shall erase such personal information without delay after the lapse of such retention period or after the purposes of use have been achieved. However, the Company may refrain from erasing personal information after the lapse of the retention period or after the achievement of the purposes of use in any of the following cases:

  1. When the personal information must be retained pursuant to laws and regulations;
  2. When the individual has given separate consent;
  3. When the Company retains personal information to the extent necessary for the execution of its business and there is a reasonable ground not to erase such personal information; or
  4. When the personal information is retained in anonymized form or as statistical data.

8. Security Control Measures

The Company will endeavor to keep customers' personal information accurate and up to date and will implement encryption, access controls, log audits, vulnerability management, physical access control and other necessary and appropriate security control measures to protect personal information against unauthorized access, alteration, leakage, loss and damage.

When handling personal information in a foreign country, the Company will, in accordance with legal requirements, ascertain the legal systems for personal information protection in such foreign country and implement necessary and appropriate measures for security control.

If you wish to obtain details of the Company's security control measures, the Company will promptly respond upon your request. Please contact the inquiry desk specified in "Contact Information" below.

9. Supervision of Employees and Contractors

When allowing its officers and employees to handle customers' personal information, the Company will exercise necessary and appropriate supervision over such officers and employees to ensure the security control of personal information. The Company will also provide necessary training and education to employees who handle personal information to ensure appropriate handling of personal information.

When entrusting all or part of the handling of customers' personal information to a third party, the Company will exercise necessary and appropriate supervision over such contractor to ensure the security control of the personal information.

10. Provision to Third Parties

The Company will not provide customers' personal information to any third party without obtaining the customers' consent. However, the Company may disclose or provide personal information to third parties without the individual's consent in any of the following cases:

  1. When required by laws and regulations;
  2. When it is necessary for the protection of the life, body or property of a person and it is difficult to obtain the consent of the individual;
  3. When it is particularly necessary for the improvement of public health or the sound development of children and it is difficult to obtain the consent of the individual; or
  4. When it is necessary to cooperate with a state organ, a local government or a person entrusted by them in performing affairs prescribed by laws and regulations, and obtaining the consent of the individual is likely to impede the performance of such affairs.

11. Outsourcing and Joint Use

If any recipient of personal information falls under any of the following items, the Company will treat such recipient as not being a "third party" and may, without obtaining customers' consent, entrust the handling of personal information to such recipient, provide personal information to such recipient, or jointly use personal information with specific parties:

  1. When the Company entrusts all or part of the handling of personal information within the scope necessary to achieve the purposes of use;
  2. When personal information is provided in connection with a succession of business due to a merger or other reasons; or
  3. When personal information is jointly used with specific parties and, in advance, the individual has been notified of, or the individual is in a state where the individual can easily know, the fact of joint use, the items of personal information to be jointly used, the scope of parties jointly using the information, the purposes of use of the parties jointly using the information, and the name or title of the party responsible for the management of such personal information.

The scope of parties with whom the Company jointly uses customers' personal information is mainly companies belonging to the GMO Internet Group, but the Company may also jointly use personal information with other specific parties. In the case of joint use, the Company will notify the customer in advance or post on the Company's website the items of personal information to be jointly used, the purposes of use and the name of the person responsible for the management of such personal information.

Scope of joint users
GMO Internet Group, Inc. and its group companies (subsidiaries and affiliates listed at the URL https://group.gmo/company-profile/groupinfo/; collectively, the "GMO Internet Group").

The composition of the GMO Internet Group may change in the future due to establishment of new companies, reorganizations or other reasons. Please check the above URL for the latest information.

Purposes of use
The purposes of use shall be as set forth in "Purposes of Use of Personal Information" specified by each company in the GMO Internet Group, and such purposes shall be common purposes of use for all companies participating in the joint use.

Items of personal information jointly used
Name, address, email address, telephone number, contract information and other items within the scope necessary for the above purposes of use.

Party responsible for management
GMO Internet Group, Inc.
(Representative: Masatoshi Kumagai, Chairman and Group CEO, President and CEO)

12. Anonymously Processed Information

"Anonymously processed information" means information about an individual obtained by processing personal information in accordance with measures prescribed by laws and regulations so that a specific individual cannot be identified, and so that the personal information cannot be restored.

  1. The Company will properly process personal information in accordance with standards prescribed by laws and regulations.
  2. The Company will implement security control measures in accordance with standards prescribed by laws and regulations to prevent leakage of deleted information and information regarding processing methods.
  3. The Company will publicly announce the items of information included in the anonymously processed information it has created.
  4. The Company will not collate anonymously processed information with other information in order to identify the individual whose personal information was used as the basis for creation.

When providing anonymously processed information to a third party, the Company will, in advance, publicly announce the items of information about individuals included in the anonymously processed information to be provided and the method of provision, and will clearly indicate to the third party receiving the information that the information provided is anonymously processed information.

13. Pseudonymously Processed Information

"Pseudonymously processed information" means information about an individual obtained by processing personal information in accordance with measures prescribed by laws and regulations so that a specific individual cannot be identified unless the information is collated with other information.

  1. The Company will create pseudonymously processed information by properly processing personal information in accordance with standards prescribed by laws and regulations.
  2. The Company will implement security control measures in accordance with standards prescribed by laws and regulations to prevent leakage of information that has been deleted during the creation process and information regarding processing methods (collectively, "Deleted Information, etc.").

When acquiring pseudonymously processed information and Deleted Information, etc.

  1. The Company will implement security control measures in accordance with standards prescribed by laws and regulations to prevent leakage of Deleted Information, etc.
  2. In particular, when the Company acquires pseudonymously processed information that constitutes personal information, unless the purposes of use have been previously disclosed, the Company will promptly disclose the purposes of use in "Purposes of Use of Personal Information."
  3. The Company will implement necessary and appropriate security control measures to protect pseudonymously processed information from unauthorized access, alteration, leakage, loss and damage.
  4. The Company will not collate pseudonymously processed information with other information for the purpose of identifying the individuals whose personal information was used as the basis for creation.
  5. The Company will not use contact details or other information included in pseudonymously processed information for the purpose of making telephone calls, sending by post or letter mail, sending telegrams, sending by facsimile or electronic means, or visiting residences.
  6. Except where exempted by laws and regulations, other handling of pseudonymously processed information will be in accordance with the policies set out in this Policy.

14. Personally Referable Information

"Personally referable information" means information relating to a living individual which does not fall under personal information, anonymously processed information or pseudonymously processed information.

The Company may collate personal information acquired from customers with personally referable information provided by third parties, and such personally referable information may thereby become personal information by which the individual can be identified. The items of personally referable information concerned and the purposes of use thereof are as follows:

  1. Items of personally referable information concerned: All personally referable information.
  2. Purposes of use after acquisition: In accordance with "Purposes of Use of Personal Information."

The Company may provide personally referable information to third parties (hereinafter, "Recipients"). Recipients may collate personally referable information provided by the Company with personal information already held by them and thereby acquire such personally referable information as personal information by which individuals can be identified. In such cases, the Company will provide personally referable information to Recipients after confirming, among other things, that the Recipients have obtained the consent of the individuals concerned. The Recipients will notify or publicly announce the purposes of use after acquiring the information as personal information.

15. Continuous Improvement

The Company will continuously improve its practices to ensure the appropriate handling of personal information.

16. Disclosure, Correction and Deletion

If a customer requests disclosure of his or her personal information, the Company will disclose such information to the customer without delay, except where such disclosure is likely to significantly hinder the execution of the Company's business, cause harm to the life, body, property or other rights or interests of the customer or a third party, or otherwise violate laws and regulations. A separate fee may be charged for disclosure. For details of the fees, please contact the inquiry desk specified in "Contact Information" below.

If a customer requests correction or deletion of his or her personal information, the Company will promptly investigate the matter. If there is a reason requiring correction or deletion, the Company will promptly correct or delete the personal information.

If a customer requests suspension of use of his or her personal information on the grounds that the personal information is being used beyond the scope of the purposes of use, has been acquired improperly, or is being provided to third parties contrary to the customer's wishes, the Company will promptly investigate the matter. If the request is found to be well-grounded, the Company will promptly suspend the use of the personal information. However, if suspension of use would involve excessive costs or otherwise be difficult, the Company may take alternative measures necessary to protect the customer's rights and interests instead of suspension of use.

If you wish to request disclosure, correction, deletion or other actions concerning your personal information, please contact the inquiry desk specified in "Contact Information" below. To prevent leakage of personal information, the Company will only respond to such requests after confirming that the requester is the customer himself/herself or a duly authorized agent, and will take steps to fulfill the customer's request within a reasonable period of time. For the purpose of identity verification, the Company may request submission of the following documents:

  1. In the case of a request by the individual: A copy of one of a driver's license, passport or health insurance card
  2. In the case of a request by an agent: In addition to the above, a power of attorney or public document evidencing legal representative authority, and identification documents of the agent

The scope of personal information in respect of which the Company will carry out disclosure and other procedures at the customer's request is limited to the following:

  1. Personal information recorded in databases on computers managed by the Company; and
  2. Personal information recorded on paper in a searchable state and managed by the Company.

If you wish to request disclosure, correction, deletion or other actions concerning personal information, please print out the following forms, complete the required items, and mail them together with the documents for identity verification to the inquiry desk specified in "Contact Information" below:

  1. Request Form for Disclosure of Personal Information
  2. Request Form for Correction of Personal Information

17. Contact Information

The Company will appropriately respond to the exercise of rights by customers and to complaints and other inquiries regarding the handling of personal information within one (1) month (or within two (2) months where an extension is reasonably necessary). Customers' rights relating to the handling of personal information include the following:

Right of access
The Company will provide customers with their personal information and related information at no cost to the customers.

Right to rectification
The Company will correct inaccurate personal information and supplement incomplete information.

Right to erasure
Customers may request the Company to delete their personal information. However, where the Company is required by law to retain personal information, where retention is necessary for the public interest, or where retention is necessary for the exercise of rights, the Company may, within the scope permitted by laws and regulations, restrict deletion requests by explaining that there are legitimate grounds for such restriction.

Right to restriction of processing
Customers may request partial suspension of the use or other processing of their personal information.

Right to data portability
Customers may request to receive their personal information in a machine-readable format and to have such data transmitted to another service. This right is limited to personal information provided by the customer and used based on the customer's consent or for the performance of a contract.

Right to object
Where personal information is used or processed on the legal basis of legitimate interests or performance of a task carried out in the public interest, customers may request the suspension of the use of their personal information. However, except where the Company uses personal information for direct marketing, the Company may continue to use or process personal information if it has compelling legitimate grounds.

Right not to be subject to automated decision-making, including profiling
Customers may request not to be subject to decisions based solely on automated processing, including the use of artificial intelligence, machine learning tools or other automated means, which produce important effects; may request an explanation of the reasons for important decisions; and may request human intervention or otherwise object to processing solely by machines.

Right to withdraw consent
Customers may withdraw their consent to the use of their personal information.

Contact for exercising rights and for complaints and other inquiries regarding personal information:
GMO Insight Inc.
Attn: Privacy Policy Administrator
Shibuya Fukuras, 1-2-3 Dogenzaka, Shibuya-ku, Tokyo
Contact: https://us.estart.jp/inquiry

18. Changes to this Policy

When changing the types of personal information acquired, the purposes of use, or other contents of this Policy, the Company will make such changes public by amending this page. The amended Policy will take effect at the time it is posted on the Company's website.

The Company will not, without obtaining the prior consent of the individual, change this Policy and apply the amended Policy retroactively to personal information already acquired.

Established: June 2017
Amended: July 2017
Amended: July 2018
Amended: April 2022
Amended: September 2022
Amended: December 2025