> Privacy Policy

Privacy Policy

Buzzreach Inc. (Hereinafter the “Company”) does hereby establish a privacy policy (Hereinafter this “Policy”) as set forth below in relation to the handling of user personal information and other personal information in the provision of services (Including but not limited to MiiLike, VOICE powered by MiiLike, and puzz. Hereinafter collectively referred to as the “Services”) via this Website, Etc. (Defined below). The preceding notwithstanding, in cases where separate private policies are established for individual services provided by the Company, the separately established privacy policies shall take precedence. In addition, unless otherwise specified elsewhere within this Policy, the definitions of the terms used in this Policy shall be in accordance with the definitions stipulated in the Act on the Protection of Personal Information.

1.Personal Information

    Personal information herein applies to “personal information” as defined in the Act on the Protection of Personal Information, and refers to information relating to a living individual which can be used to identify the specific individual by name, date of birth, address, telephone number, contact information, health information, or other descriptions included in said information, as well as information containing individual identification codes.

    In addition to personal information, the Company may also collect activity history on communication services, information generated or stored in relation to communications with users, and any other information related to users. In detail, this applies to the following types of information.

    1. Services used, page and advertisement view history, keywords searched by users, usage dates and times, usage methods, and usage environments
    2. User IP addresses, cookie information, location information, and device identifying information
    3. Credit card, bank account, etc. related information 
    4. Information input or posted by users on this Website

    2.Personal Information Collection Methods

      The Company may ask for personal information such as names, date of birth, address, telephone numbers, email addresses, health information, bank account number, credit card number, and driver’s license number when users register to use the Services. The Company may also collect from business partners, etc. (Including information providers, advertisers, advertisement distributors, etc. Hereinafter collectively referred to as “Business Partners”) records of transactions which include user personal information and information related to payments between users and Business Partners. 

      The Company collects user history information and characteristic information, such as used services and software, purchased products, page and advertisement view history, searched keywords, usage dates and time, usage methods, usage environments (Including device communication conditions and other various settings information when using mobile devices to access services or websites.), IP addresses, cookie information, location information, device identifying information, etc., when users utilize services of or view websites from the Company or our Business Partners. The Company’s personal information database will not be supplemented with information obtained offline (Such as information on business cards, or other information obtained by methods other than the Internet.) nor information obtained from third parties.

      The Company shall only acquire personal information via appropriate and proper means and shall not never acquire personal information through deceit or other inappropriate or illegitimate means.  

      The Company shall never acquire “sensitive personal information” (As defined in Article 2 Item 3 of the Act on the Protection of Personal Information.) without prior consent from the identifiable person, excluding where required by law.

      3.Personal Information Collection and Usage Purposes

        The purposes for which the Company shall collect and utilize user personal information are as follows. The Company shall not use personal information for any reasons outside of the required scope of the stated usage purposes without the consent of the identifiable person, excluding cases where expressly permitted according to the Act on the Protection of Personal Information and/or other relevant laws and regulations.

        1. For the purpose of displaying names, addresses, contact information, health information, and other registered information and information related to services used in order to allow for viewing, revision, and confirmation of usage status of registered information
        2. For the purpose of using names, addresses, and other contact information to notify users of changes in the terms of service or other conditions of the Services, or to otherwise contact users by email or when otherwise necessary
        3. For the purpose of using information including names, dates of birth, addresses, telephone numbers, health information, bank account number, credit card number, driver’s license number, delivery status of certified mail, etc., in order to verify identities and carry out billing related to the Services
        4. For the purpose of displaying information registered with the Company on input screens to allow for easier data input, and to transfer information to other services (including services provided by Business Partners) in accordance with the instructions of the individuals who are the subjects and owners of the personal information (Hereinafter the “Identifiable Person”) 
        5. For the purpose of using information including usage methods, names, addresses, etc., to identify individual users who violate the terms of service of the Services, and to prevent use by users who attempt to use the Services for unauthorized, illegal, or otherwise inappropriate purposes
        6. For the purpose of using information necessary for the Company to provide the Services, such as inquiry details; information on user service usage conditions; contact information; etc. in order to respond to inquiries 
        7. For the purpose of sending materials, distributing email magazines, and providing other notices and information related to the Services
        8. For the purpose of measuring user traffic and behavior 
        9. For the purpose of distributing, displaying, and measuring the effectiveness of advertisements through the analysis of collected browsing history, purchase history, and other information
        10. For the purpose of analyzing information on user usage conditions of the Services, etc., for review, data accumulation, research and development, improvement, development of new services, etc. related to the Services provided by the Company 
        11. For the purpose of distributing rewards, etc. for rewards applied for through the Services or through other services related to the Services
        12. Sensitive information related to healthcare input by users through the Company’s Services is collected for the following usage purposes. 
          1. To determine participation in clinical trials and other services
          2. To carry out statistical aggregation and analysis without identifying individuals
          3. To conduct sequential surveys 
        1. For the purpose of use for employment management and internal procedures (for personal information of officers and employees), and for the purpose of selection and contact in hiring activities (for personal information of applicants) 
        2. For the purpose of stock management, and compliance with the procedures of the Companies Act and other relevant laws and regulations (for personal information of shareholders, stock acquisition rights holders, etc.)
        3. For the purpose of creation of anonymized information or statistical data which is collected within the scope of the usage purposes and does not identify specific individuals (number of registrants for Company Services, number of registered illnesses and related information, and access data, gender, area, age, etc. information)
        4. For other purposes incidental to the above-noted usage purposes

        4.Changes to Personal Information Usage Purposes

        The Company may change the personal information usage purposes within a scope which is reasonably determined to be relevant and will notify Identifiable Person and/or publicly announce any such changes.

        5.Personal Information Safety Management

        The Company shall carry out required and appropriate oversight of Company employees in order to ensure the management of the safety of personal information against personal information loss, destruction, tampering, disclosure, and other risks. In addition, in cases where the Company outsources of consigns the all or any part of the handling of personal information, the Company shall carry out the required and appropriate supervision of all entrusted parties. Specific safety management measures for the personal data held by the Company are set forth below.

        In addition, the Company shall endeavor to destroy all collected personal information in accordance with the Act on the Protection of Personal Information upon any cancellation of membership registration for the Services by a user, and when the Company otherwise deems the information is no longer reasonably necessary in the context of normal Company business operations.

        Establishment of basic policyThis Privacy Policy is established as the basic policy for the handling of personal information in order to ensure the appropriate handling of individual data
        Establishment of regulations related to the handling of personal dataPersonal data handling regulations shall be established covering handling methods; responsible personnel, supervisors and their duties, and other pertinent items for each stage of handling of personal data including, but not limited to, acquisition, usage, storage, provision, deletion, and disposal.
        Organizational safety control measuresIn addition to assigning personal data handling related supervisors, the scope of employees who may handle personal data, and the scope of the personal data which may be handled by said employees shall be clarified, and in addition a reporting system shall be established for reporting to the relevant supervisors in the event any violation of laws or handling regulations is discovered or suspected. Self-inspections and audits by other divisions and external auditors shall be implemented periodically regarding personal data handling conditions.
        Personnel safety control measuresPeriodic training on the important points of handling of personal data shall be implemented for all employees.Items related to the duty to maintain the confidentiality of personal data shall be included in the company’s employment regulations.
        Physical safety control measuresEntry and exit management and restrictions on introduction of information devices, etc. shall be implemented for areas where personal data is handled, and other appropriate measures shall be implemented to prevent the viewing of personal data by any unauthorized individuals.Measures shall be implemented to prevent the theft, loss, etc. of devices, electronic storage media, documents, etc. which handle or contain personal data, and further measures shall be implemented to prevent easy access to said personal data when the relevant devices, electronic storage media, etc. are relocated or moved.
        Technical safety control measuresAccess controls shall be implemented and the scope of personal information supervisors and access to databases of handled personal information shall be restricted.Measures shall be implemented to protect systems which handle personal data from any external unauthorized access or malicious software.
        Determination of external environmentsSafety management measures are implemented based on an understanding of systems related to protection of personal information in Japan, the United States, and Europe, where personal data is stored.Note that the Company cannot specify the country where servers for some personal data are located as entrusted parties (subcontractors) select appropriate servers from among servers located in the United States or Europe in order to maintain the performance of management services. 

        6.Provision of Personal Information to Third Parties

        1. The Company does not provide personal information to third parties without the prior consent of the Identifiable Person, excluding in the cases listed below. However, this excludes cases where such provision is permitted under the Act on the Protection of Personal Information and/or other applicable laws and regulations. 

        1. When required by law
        2. When required for the preservation of human life, wellbeing, or assets, and it is difficult or impossible to obtain the consent of the Identifiable Person
        3. When specifically required for the improvement of public health or the promotion of the healthy development of children, and it is difficult or impossible to obtain the consent of the Identifiable Person
        4. When required for cooperation and compliance with administrative work which is legally required or otherwise legally authorized by national authorities, local public authorities, or other parties commissioned by said authorities, and where obtaining the consent of the Identifiable Person may hinder or impede the execution of the relevant activities
        5. When personal data is provided to academic organizations, etc., and said academic organization, etc., must handle the relevant personal data for academic research purposes. (Including cases where only part of the purpose of the handling of the relevant personal data is for academic research purposes, but excluding cases where there is an unjustifiable risk of infringing upon the rights and interests of individuals.)

        2. The provisions of the preceding items notwithstanding, the following cases shall not apply as “third parties”.

        1. When handling of personal information is partially or fully outsourced to an entrusted party within the scope necessary for the achievement of the usage purposes
        2. When personal information is provided as part of the succession of business due to mergers or other reasons
        3. When personal information is to be used with specific individuals, and when the Identifiable Person is notified in advance of this fact; the personal information items to be used; the scope of individuals who will use the information; the usage purposes of the specific individuals; and the name, address, and representative name of the party responsible for the management of the relevant personal information, or when all of the aforementioned items of information are made readily available to the Identifiable Person in advance

        3. The Company will provide personal information (name, address, contact information, health information, etc.) received from users to third parties via the Company’s management systems or other means in the following cases when the approval of the user is obtained in advance. 

        1. When users apply for participation in the healthcare related Services via this Website, or other means
          [Recipients]
          1. Clinical trial conducting medical institutions, institutions which support facilities which conduct clinical trials, universities, various research institutions, etc. (Hereinafter collectively referred to as “Medical Institutions, etc.”)
          2. Businesses and various research institutions, etc. with which personal information handling related agreements have been concluded
          3. Businesses or organizations, etc. with which personal information handling related agreements have been concluded
          4. Other than the above, personal information shall not be provided to any third parties without the consent of the user (Identifiable Person) except when required by law or when necessary for the preservation of human life or wellbeing.
        2. When there is a addition or other change in the clinical trial coordinator or Medical Institutions, etc. which are in charge of the user’s clinical trials
          [Recipients]
          1. Added or changed clinical trial implementing Medical Institutions, etc.

        4. Excluding the cases applicable under any of the terms set forth in Item 1, in cases where personal information will be provided to third parties (Excluding third parties who have established systems which conform to the standards set forth in the Regulations of the Personal Information Protection Commission as set forth in Article 28 of the Act on the Protection of Personal Information.) located in foreign countries (Excluding countries specified in the Regulations of the Personal Information Protection Commission as set forth in Article 28 of the Act on the Protection of Personal Information.), the Company shall obtain the consent of the Identifiable Person in advance regarding the provision of the personal information to the third parties in foreign countries, and shall also provide the following information to the Identifiable Person at that time. The preceding notwithstanding, in cases where the items of Item 1 are unable to be identified, in lieu of the items in Item 1 and Item 2 the fact that the items in Item 1 cannot be identified, the reasons for this inability, and any other relevant information which should be reviewed by the Identifiable Person, if any, shall be provided instead.  

        1. The names of the relevant foreign countries
        2. Information on systems related to protection of personal information in the relevant foreign countries
        3. Information on measures enacted by the relevant third parties to protect personal information (or if this information cannot be provided, notice that the information cannot be provided and the reasons why)

        7.Disclosure of Personal Information

          1. In the event the Company is requested by the Identifiable Person to disclose personal information or records in accordance with Article 29 and/or Article 30 of the Act on the Protection of Personal Information pertaining to personal data which identifies the Identifiable Person, the Company shall disclose said information to the Identifiable Person without delay. The preceding notwithstanding, if disclosure would result in any of the following, the Company may not disclose parts or all of the information, and when it is decided not to disclose information, the Company shall notify the Identifiable Person of said decision without delay. Note that a fee of ¥1,000 will be charged for each case of disclosure of personal information.
            1. When disclosure would harm the life, wellbeing, assets, or other rights and interests of the Identifiable Person or any third parties, or poses a risk of such
            2. When disclosure would present significant obstacles to the appropriate implementation of the Company’s business, or poses a risk of such
            3. In any other cases which would violate applicable laws or regulations
          2. The provisions of the preceding Item notwithstanding, in principle, the Company shall not disclose history information, characteristic information, and other information other than personal information; and information other than the information required to be disclosed in accordance with the Act on the Protection of Personal Information.

          8.Revision and Deletion of Personal Information

          1. Identifiable Person shall have the right to request that the Company revise, add to, or delete personal information in accordance with the Act on the Protection of Personal Information via procedures stipulated by the Company in cases where the personal information of the Identifiable Person held by the Company is incorrect.
          2. In the event the Company receives a request from the Identifiable Person and deems it necessary to comply with said request, the Company shall make revisions, additions, or deletions to the relevant personal information without delay, and notify the Identifiable person of such. (In cases where it has been decided that no revisions, etc. will be carried out, then the Identifiable Person shall be notified of such.)

          9.Cessation of Use, Etc. of Personal Information

          The Company shall conduct an investigation, and based upon the results of said investigation Cease Use, etc. or Suspend Provision, etc. of the personal information and notify the Identifiable Person without delay in the event (1) the Company receives a request for the cessation of use or deletion of personal information (Hereinafter “Cessation of Use, etc.”) from the Identifiable Person on the grounds that the personal information is being used outside the scope of the usage purposes, that that the personal information is being used in a manner which promotes or encourages illegal or unjust acts or poses a risk of inducing such, or that the personal information was obtained through deception or other unjust means; (2) the Company receives a request for suspension of provision (Hereinafter “Suspension of Provision, etc.”) of the personal information in accordance with the provisions of the Act on the Protection of Personal Information on the basis that the personal information is being provided to third parties without the consent of the Identifiable Person; or (3) if the Company no longer requires the use of the personal information of the Identifiable Person, if the circumstances prescribed in Article 26 Item 1 of the Act on the Protection of Personal Information arise in relation to the personal information of the Identifiable Individual, or if the Company receives a request for the Cessation of Use, etc. or the Suspension of Provision, etc. of the personal information in accordance with the provisions of the Act on the Protection of Personal Information on the grounds that the handling of the personal information of the Identifiable Person infringes upon the rights or legitimate interests of the Identifiable Person. The preceding notwithstanding, in cases where the Cessation of Use, etc. of the personal information would incur significant expenses or would otherwise prove significantly difficult or impossible, and where alternative measures can be taken to protect the rights and interests of the Identifiable Person, he alternative measures may be implemented.

          10.Reporting of Leaks, Etc.

          In the event that any leak, loss, destruction, etc. of personal information handled by the Company should occur, the Company shall report to the Personal Information Protection Commission and notify the Identifiable Person where required. 

          11.Provision of Information Related to Personal Information to Third Parties

          In cases where third parties are expected to acquire Information Related to Personal Information as personal data, the Company shall not provide such Information Related to Personal Information to the relevant third parties without carrying out the verification set forth in the Act on the Protection of Personal Information and other relevant laws and regulations except in cases where such provision is permitted in accordance with the Act on the Protection of Personal Information and other relevant laws and regulations. 

          12.Handling of Pseudonymized Personal Information

          1. The Company shall not handle pseudonymized personal information (Limited to personal information.) outside the scope required to achieve the usage purposes except as required by law. 
          2. When creating pseudonymized personal information, the Company shall process personal information in accordance with the standards set forth in the Regulations of the Personal Information Protection Commission, and shall handle pseudonymized personal information in accordance with relevant legal provisions.
          3. With respect to the application of Article 4 to pseudonymized personal information, the phrasing “change the personal information usage purposes within a scope which is reasonably determined to be relevant” shall be interpreted as “change the personal information usage purposes” and the phrasing “and will notify Identifiable Person and/or publicly announce any such changes” shall be interpreted as “and will publicly announce any such changes”.
          4. The provisions of Articles 7 through 10 shall not apply to pseudonymized personal information.
          5. The Company shall not provide pseudonymized personal information (Regardless of whether or not said pseudonymized personal information is personal information.) to third parties except as required by law.

          13.Handling of Anonymized Personal Information

          1. When creating anonymized personal information (Referring to the anonymized personal information defined in Article 2 Item 6 of the Act on the Protection of Personal Information, (Limited to such information compiled in an anonymized personal information database or the equivalent as set forth in Article 16 Item 6 of the same Act. The same applies hereinafter.), the Company shall process personal information in accordance with the standards set forth in the Regulations of the Personal Information Protection Commission. In addition, when the Company creates anonymized personal information, it shall enact measures for safety management in accordance with the standards set forth in the Regulations of the Personal Information Protection Commission, and shall also disclose any items of personal information included in the relevant anonymized personal information in accordance with the stipulations of the Regulations of the Personal Information Protection Commission.
          2. When providing anonymized personal information (Including information created by the Company and information provided by third parties. The same applies hereinafter unless otherwise specified.) to third parties, in accordance with the stipulations of the Regulations of the Personal Information Protection Commission, the Company shall disclose in advance the personal information items included in the anonymized personal information to be provided to third parties as well as the methods of supply of said information, and shall also clearly indicate to the relevant third parties that the information being provided is anonymized personal information.
          3. When handling anonymized personal information, the Company shall not (1) check anonymized personal information against any other information or (2) attempt to obtain any descriptions deleted from the relevant personal information or information on individual identification codes or the anonymization methods used in accordance with the prescriptions of Article 43 Item 1 of the Act on the Protection of Personal Information in order to identify any Identifiable Individuals whose personal information was used to create the anonymized personal information (Item (2) applies only to anonymized personal information supplied by third parties). 
          4. The Company shall endeavor to independently enact required measures and disclose the details of the relevant measures in order to establish appropriate measures required for the safe management of anonymized personal information, to process complaints related to the creation or other handling of anonymized personal information, and to ensure the appropriate handling of anonymized personal information in all other circumstances.

          14.Consequence of Not Providing Personal Information

          It is not mandatory for a user to provide personal information to the Company. In case where a user does not provide personal information, however, the Company may not provide the Services or respond to enquiries from the user.

          15.Cookies

          The Company uses cookies for the management, etc. of this Website. Collected log information is used only for statistical purposes and is not linked with personal information in anyway. In addition, the Company also utilizes third party programs to analyze access data for the same purposes, however also does not involve any collection or identification of personal information.

          The Company uses Google Analytics and receives analysis results from Google LCC (Hereinafter “Google”) to understand the status of users’ visits to our services. Data obtained by Google Analytics is collected anonymously and does not identify individuals. In addition, such information will be managed in accordance with Google’s privacy policies (https://policies.google.com/technologies/partner-sites?hl=en). To disable Google Analytics, download and install “Google Analytics opt-out browser add-on” from Google’s opt-out browser add-on download page (https://support.google.com/analytics/answer/181881?hl=en), and change the add-on settings of the browser.

          16.Matters to be Disclosed Concerning Information Transmission Order Communications (External Transmission))

          The Company’s services that may be subject to the external transmission regulations for information transmission order communications under Article 27-12 of the Telecommunications Business Act of Japan and the matters to be disclosed under such regulations for our services are as follows.

          Functions or services that use information transmission order communicationsInformation about the user to be sentName or company name of the recipient(The Company’s) purpose of use(The recipient’s) purpose of use
          Google AnalyticsInformation related to systems, devices, networks and communications typically used for Internet communications, location information, data related to behaviors on websites/apps, data related to browsing history, users’ identifications (cookies, device identifiers, etc.) Google and its affiliated companiesTo analyze users’ browsing trends and history

          17.Compliance with relevant laws and the Like.

          The Company shall comply with laws, national guidelines, other rules and social order relevant to personal information and endeavor to protect personal information appropriately.

          18.Establishment, Operation, Maintenance and Continuous Improvement of Personal Information Management Systems

          The Company shall establish management rules and management systems with respect to the protection of personal information, make all employees comply with such management rules and management systems thoroughly and regularly review such management rules and management systems, and endeavor to improve personal information management systems continuously. 

          19.Changes to this Privacy Policy

          The contents of this Policy are subject to change at any time without any notice to users or Identifiable Person.
          Unless otherwise stipulated by the Company, any changes to the Privacy Policy will come into effect upon posting of the changes on this Website, etc.

          20.Personal Information Handling Business and Inquiry Contact Information 

          The name, address, and name of the representative of, the personal information handling business are as follows.

          • Name: Buzzreach Inc.
          • Address: Kowa Shirokanedai Building, 3-19-1 Shirokanedai, Minato-ku, Tokyo, 108-0071
          • Representative: Takateru Inokawa

          Please direct any inquiries related to this Policy to the following.

          • Address: Kowa Shirokanedai Building, 3-19-1 Shirokanedai, Minato-ku, Tokyo, 108-0071
          • Company Name: Buzzreach Inc.
          • Email Address: info@buzzreach.co.jp
          • Title, department and contact details of chief privacy officer
            • Chief Privacy Officer: General Manager of Quality Management Department
            • Email  Address: info@buzzreach.co.jp
            • Telephone: 03-4590-0258

          Effective as of 1 April 2022

          Date of Final Revision: 1 March 2024

          Buzzreach Inc.

          CEO Taketeru Inokawa