ORPHE

PRIVACY POLICY

This Privacy Policy (this “Policy”) stipulates matters relating to the handling of information of user (“User”) of websites operated, products sold, and applications distributed (collectively referred to as the “Services”) by no new folk studio Inc. (the “Company”). If there is a separate agreement between the Company and a User, that agreement shall take precedence.

1. Definitions

The definitions of terms used in this Policy are stated below.

(1) Applicable Privacy Laws and Regulations

The Act on the Protection of Personal Information of Japan (the “Personal Information Protection Act”), the General Data Protection Regulation of the EU (the “GDPR”), and other relevant laws and regulations including related laws enacted by individual countries, guidelines, and so on.

(2) EU

The European Union including European Union member states and Iceland, Liechtenstein, and Norway pursuant to the European Economic Area (EEA) agreements.

(3) Personal Data

Data that falls under either of the following:

  1. Personal Information defined in Article 2, Paragraph 1 of the Personal Information Protection Act; or
  2. Name, identification number, technical information (GPS data, IP address, cookie identifiers, etc.), factors relating to physical, physiological, genetic, psychological, economic, cultural, or social characteristics, or one or more distinctive identifiers and the like that can identify a natural person, whether directly or indirectly.

(4) Personal Information Requiring Careful Consideration

Personal Data that includes the descriptions and so on provided for in Article 2, Paragraph 3 of the Personal Information Protection Act as information that requires special consideration in handling to avoid improper discrimination, prejudice, or other disadvantage based on an individual’s race, beliefs, social status, medical history, criminal history, status as the victim of a crime, or otherwise. In cases where Personal Data provided pursuant to a certification of adequacy in the EU contains information relating to an individual’s sex life, sexual orientation, or labor union membership as defined as special categories of Personal Data in the GDPR, the Company handles that information as Personal Information Requiring Careful Consideration.

(5) Data Subject

A natural person identified or identifiable from Personal Data. 

(6) Controller

A natural person, legal person, public authority or other body which, alone or jointly with others, determines the purposes and means of use of Personal Data.

(7) Processor

A natural person, legal person, public authority, or other body which processes Personal Data on behalf of the controller.

(8) Recipient

A natural person, legal person, public authority, or body that receives disclosure of Personal Data; however, a public authority that is authorized to receive Personal Data to the extent of special surveys pursuant to EU laws or the domestic laws of EU member countries does not constitute a Recipient. The Processing of such data by public agency shall comply with operational data protection provisions in accordance with the purpose of Processing.

(9) Processing

Any operation or set of operations which is performed on Personal Data or onsets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(10) Restrictions on Processing

The marking of stored Personal Data with the aim of limiting their Processing in the future.

(11) Profiling

Any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a Data Subject, in particular, to analyze or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that Data Subject.

(12) Consent of the Data Subject

Any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, by a clear affirmative-action, signifies agreement to the Processing of Personal Data relating to him or her.

2. Scope of Application

  1. This Policy applies to the use of the Services by User and the handling of information through the Services to which Applicable Privacy Laws and Regulations apply.
  2. In cases where User use websites or services and the like operated by third parties that are accessible through the Services (“External Services etc.”), the Company shall not be responsible regarding the handling of personal information acquired by the operators of those External Services etc. Accordingly, it is recommended that User confirm the terms of use, privacy policies, and so on of the relevant third party services and so on with regards to the handling of personal information by those External Services etc.

3. Controller

The Company is the Controller relating to the handling of information and is responsible for the Services.

  • Name: no new folk studio Inc.
  • Address: Kandaneribei-cho 3, Chiyoda-ku, Tokyo
  • Telephone number: 03-4405-5083
  • Email: info@no-new-folk.com

4. Acquisition Methods, Acquired Information, Purposes of Use, and Legal Basis of Processing

The items of Personal Data to be acquired, acquisition methods, specific information to be acquired, purposes of use, legal basis of Processing, and so on are as provided in the following tables.

In cases where the legal basis for Processing Personal Data is determined to be that it is necessary for the performance of a contract, if consent to handle the relevant personal information is not obtained, the Company may not be able to provide the Services to the relevant User.

In cases where the legal basis for Processing Personal Data is the Consent of the Data Subject, the Data Subject shall give consent to the Company regarding the Processing of Personal Data in accordance with this Policy by expressing consent to this Policy.

In cases where a Data Subject is less than 16 years old, the prior consent of the user’s parent or guardian is required.

The relevant Data Subject has the right to withdraw consent.

1. Cases where Personal Data is directly acquired from the User

  Personal Data to be acquired Time of acquisition Purpose of use Legal basis
a Name, email address, telephone number At the time of user registration To register the User for the Services, to enable User verification, to provide the Services, and to distribute notifications and information and to conduct other communications in conjunction with use of the Services Necessary to perform a contract, necessary for the objectives of legitimate interests
b Name, email address, user account, details of inquiries When making inquiries relating to the Services  To respond to inquiries Necessary to perform a contract

2. Cases where Personal Data is indirectly acquired from the user

  Personal Data to be acquired Time of acquisition Purpose of use Legal basis
a Internet domain name, IP address, query information for searches within the site, other information relating to viewing the Services When using the Services  To improve the Services through analysis of User use environments, to develop new services of the Company, to prevent use by methods contrary to the Terms of Use and so on and other improper use of the Services Necessary to perform a contract, necessary for the objectives of legitimate interests
b Cookies relating to User’s use of the Services When using the Services To enhance the convenience of saving User settings and the like, to maintain and protect sessions, to determine the number of uses and use formats of use of the Services by User in order to promote efficient use of the Services Consent of the Data Subject, necessary for the objectives of legitimate interests
c Terminal information, location information, and sensor data (including the number of steps, stride, pronation, and other data calculated based on sensor data) when a User uses the Services When using the Services  To provide the Services, to improve the Services and develop new services of the Company (including provision to the Company’s partners), to improve the services of the Company’s partners and to develop new services of those partners (including provision to the Company’s partners) Consent of the Data Subject, Necessary to perform a contract, necessary for the objectives of legitimate interests

3. Cases where Personal Data is acquired other than from the User

  Information to be acquired Source Time of acquisition Purpose of use Legal basis
a Information provided by the User to an external service such as Facebook that is identified by the relevant external service or the Company to the User when approving collaboration with the external service External services such as Facebook If collaboration with external services is approved when the User uses the Services (acquisition from the external service) To collaborate with external services (to register the User for the Services, to enable User verification, to provide the Services, to use external services and the Services in tandem with each other) Consent of the Data Subject, Necessary to perform a contract
b The payment information provided by the User to a settlement business operator or the like  Settlement business operator, etc. When User pays use fees and the like for the Services, when payments are processed by a settlement business operator To settle, bill, and pay use fees for the Services  Necessary to perform a contract
c Terminal information and location information when a User uses the Services Service providers that provide location information relating to the relevant terminal When using the Services To provide the Services according to the terminal used by the User and location Necessary to perform a contract, necessary for the objectives of legitimate interests

5. Restrictions on Processing

  1. Except in the following cases, the Company shall not process Personal Data beyond the scope necessary to achieve the purposes of use set forth above.
    1. When the Consent of the Data Subject is obtained;
    2. When necessary to protect the life, body, or property of a person and it would be difficult to obtain the Consent of the Data Subject;
    3. When there is a specific necessity to improve public sanitation or to promote the sound development of children and it would be difficult to obtain the Consent of the Data Subject;
    4. When it is necessary for cooperating with a state institution, a local public body, or an individual or entity entrusted by such institution or public body in executing operations specified by laws and regulations and obtaining the Consent of the Data Subject might impede the execution of those operations;
    5. When pursuant to other laws and regulations.
  2. Except in the cases provided for in Article 17, Paragraph 2 of the Personal Information Protection Act, the Company shall not process Personal Information Requiring Careful Consideration without obtaining the Data Subject’s prior consent.

6. Provision to Third Parties, etc.

  1. Except in the following cases, the Company shall not provide Personal Data to third parties. 
    1. When the Consent of the Data Subject is obtained;
    2. When the acquisition of personal information is outsourced, in whole or in part, to the extent necessary to achieve the Company’s objective;
    3. When disclosure is made to dealers, service providers, and others that owe a duty of confidentiality to the Company to the extent necessary to achieve the purposes of use;
    4. When individual personal information is aggregated or analyzed and processed in a form that does not allow for the identification of individuals, and statistical data is disclosed for the purpose of providing statistical information;
    5. When User personal information is provided to external services for the purpose of collaboration with external services or verification of use of external services;
    6. When personal information is provided in accordance with an assumption of business pursuant to a merger or for other reasons; and
    7. In other cases pursuant to laws and regulations.
  2. In cases where the Company outsources Processing of acquired Personal Data to a processor, the Company shall enter into necessary agreements with such processor regarding the handling of personal information and shall perform supervision to ensure appropriate management of Personal Data by the processor.
  3. In cases where the Company provides Personal Data to a third party in a foreign country, except when pursuant to laws and regulations, the Company shall obtain the prior Consent of the Data Subject regarding the provision to a third party in a foreign country; provided, however, that this shall not apply in cases where consent is not required pursuant to Article 24 of the Personal Information Protection Act.
  4. The Company may transfer Personal Data from within the EU to its offices in Japan. The Personal Data transferred may include the Personal Data of User. Such transfers are pursuant to certification of adequacy regarding cross-border transfers of data acquired by Japan.

7. Rights of Data Subjects

Data Subjects including User have the following rights pursuant to Applicable Privacy Laws and Regulations.

(1) Right to receive information

In cases where the Company collects Personal Data from Data Subjects, certain information must be provided to Data Subject at the time of acquisition of the Personal Data.

(2) Right of access

If a Data Subject requests access to his or her own individual data handled by the Company, the Company must provide a copy of the relevant Personal Data.

(3) Right to rectification

If the Personal Data of a Data Subject is inaccurate, the Data Subject may request that the Company rectify the Personal Data.

(4) Right to erasure

In certain cases, a Data Subject may request that the Company erase Personal Data concerning the Data Subject.

(5) Right to restrict Processing

In certain cases, a Data Subject may request that the Company restrict Processing of Personal Data. 

(6) Right to receive notice regarding rectification and erasure of Personal Data and Restriction of Processing

In the cases set forth in (3) to (5) above, the Company must provide notice to the recipient of the relevant Personal Data that Personal Data was rectified or erased or that Processing was restricted. Upon request from a Data Subject, the Company must provide notice to the Data Subject regarding recipients of the relevant personal information.

(7) Rights to data portability

A Data Subject shall have the right to request that the Company provide Personal Data concerning the Data Subject in a structured, commonly used and machine-readable format. Further, the Data Subject may request that they relevant Personal Data be transferred from the Company to a different controller.

(8) Right to object

The Data Subject shall have the right to object to the handling Personal Data concerning the Data Subject based on the necessity of Processing for the legitimate interests of the Company or a third party.

(9) Right not to be subject to decision-making pursuant to automated Processing including Profiling

A Data Subject shall have the right not to be subject to decision-making pursuant to automated Processing including Profiling that gives rise to legal effects concerning the Data Subject or a material impact on the Data Subject.

(10) Right to withdraw the Consent of the Data Subject regarding handling of Personal Data 

A Data Subject may at any time withdraw the Consent of the Data Subject regarding Personal Data handled by the Company on the grounds that the Data Subject of the Personal Data consented.

8. Cookies, Google Analytics, and Email

Cookies

The Services use a technology referred to as cookies in order to save basic settings, verify logins and accounts, and enhance User convenience as well as for marketing purposes. The Services are provided premised on the use and approval of cookies.

Settings relating to cookies can be managed by changing your browser settings. For details, please refer to the help menu of the browser that you use.

If your browser is set not to accept cookies, it may not be possible to use some or all functions of the Services.

Google Analytics

The Company uses Google Analytics in order to analyze the status of access and use of the Services by User. Google Analytics uses cookies to collect information relating to use of the Services in a format that does not identify individuals.

The methods of collecting access information and the methods of its use are stipulated in the Google Analytics Service Terms of Use and Google Privacy Policy.

If you do not want to use Google Analytics, please install the browser add-on from the page indicated below

Google Analytics

http://www.google.com/analytics

Google Analytics Terms of Use

http://www.google.com/analytics/terms/jp.html

Google Privacy Policy

http://www.google.com/intl/ja/policies/privacy/

Google Analytics Opt-out Add-on

https://tools.google.com/dlpage/gaoptout

Email from the Company

The Company sends marketing emails that contain information relating to the Services. If you do not wish to receive such emails, you can change the email receipt settings on the settings modification page linked in an email.

9. Retention Period

The retention period for Personal Data is the statutory retention period of individual EU member states and Japan. When the statutory retention period expires, Personal Data is promptly and securely deleted to the extent it is not necessary in relation to contracts or other Processing objectives.

10. Security Management Measures 

  1. The Company strives to maintain accurate and up-to-date Personal Data to the extent necessary to achieve the objectives of use and to delete Personal Data when it is no longer needed for use.
  2. The Company takes adequate technical and organizational security management measures to securely manage Personal Data against the risks of loss, destruction, falsification, and breach of Personal Data.
  3. When the Company allows its employees to handle Personal Data, it thoroughly informs employees regarding the proper handling of Personal Data, conducts appropriate training, and performs necessary and appropriate supervision to ensure the secure management of Personal Data.

11. Disclosure, Correction, and Cessation of Use of Personal Information

If the Company receives a request from a Data Subject to disclose, correct, supplement, delete, or cease the use of Personal Data (referred to as “Disclosure etc.”) pursuant to Applicable Privacy Laws and Regulations, after confirming that the request is from the Data Subject using methods prescribed by the Company, the Company shall without delay perform such Disclosure etc.; provided, however, that this shall not apply in cases where the Company is not obligated to perform such Disclosure etc. pursuant to Applicable Privacy Laws and Regulations. Please note that a handling fee of ¥1,500 per request shall be collected for the Disclosure etc. of Personal Data.

12. Disclaimers

The Company shall not bear any liability whatsoever regarding the acquisition of Personal Data from third parties in the following cases. 

  1. If a Data Subject discloses personal information to a third party using the functions of the Services or by other means; or
  2. If a Data Subject is identified by information or the like input to the Services by the Data Subject.

13. Revision

The Company may revise this Policy in whole or in part without the provision of prior notice. If this Policy is revised, notice shall be provided within the Services.

14. Contact Information

Please contact the Company at the following email address for all inquiries relating to the handling of personal information.

no new folk studio Inc.
Business Management Division
E-mail: info@no-new-folk.com

Supplementary Provisions
Established July 1st, 2019
Revision date Dec. 18th, 2020