May 2025
THE CORE Inc.
To ensure the proper handling of personal data in accordance with the Act on the Protection of Personal Information (Act No. 57 of 2003; hereinafter referred to as the “Personal Information Protection Act”), THE CORE Inc. has established this Personal Information Protection Policy / Privacy Policy.
1. Company Name, Address, and Name of Representative
Company Name: THE CORE Inc.
Address: 3-15 Kanda Nishikicho, Chiyoda-ku, Tokyo 101-0054, Japan
Representative Director and President: Hiroaki Yura
2. Compliance with Relevant Laws, Regulations, Guidelines, etc.
The Company shall comply with the Personal Information Protection Act, other applicable laws and regulations, guidelines issued by the Personal Information Protection Commission, and other relevant guidelines, and shall handle personal data appropriately.
3. Acquisition and Use of Personal Information
When acquiring personal information, the Company shall publish or notify the purpose of use, including publication through this Policy. When acquiring personal information directly from the individual through contracts or other documents, including electronic records, the Company shall clearly state the purpose of use in advance and acquire such information by lawful and fair means.
The Company shall use personal information appropriately within the scope necessary to achieve the stated purpose of use.
4. Purpose of Use of Personal Information
The Company shall use personal information for the following purposes.
(1) Personal Information Concerning Customers
Purpose of Use
Customer identity verification and personal authentication
Shipment of products, goods, invoices, and prizes to winners of campaigns in which customers participated
Responding to, confirming, and recording customer inquiries, consultations, complaints, and support requests
Development of products and improvement/enhancement of other services
Improvement and enhancement of the customer experience in digital services provided by the Company, such as websites and mobile applications
Advertising and provision of information regarding products, services, campaigns, etc. by direct mail, email, and other means (*1)(*2)
Delivery of behavioral targeting advertisements using advertising distributors such as Google and Yahoo! (*1)(*2)
Analysis of attribute information, behavioral history, etc. acquired by the Company in order to understand customer interests, preferences, etc. (*2)
To provide the Company’s products and services safely to customers, including detecting users who violate the Terms of Use and notifying such users, and investigating, detecting, preventing, and responding to fraudulent acts such as fraud or unauthorized access through misuse of the services, etc.
Notes
(*1) The Company may analyze information obtained from customers, such as website browsing history and purchase history, for the purpose of providing services and delivering advertisements.
(*2) The Company may obtain information regarding customers’ interests, preferences, browsing history, and similar data from third parties and link such information with personal information already held by the Company. In such cases, the Company will obtain the customer’s prior consent and use such information only within the scope of the purposes set forth above.
(*3) A technology used to record and manage information about customers who use the Company’s website on computers or application software is known as a “Cookie.” The Company uses Cookies on its website to provide customers with a more convenient browsing experience. For details regarding the handling of Cookies, please refer to the Company’s Cookie Policy.
(*4) The Company uses Google Analytics, a web analytics service provided by Google LLC (“Google”), to understand how visitors use the Company’s website.
When Google Analytics is used on the Company’s website, Google collects, records, and analyzes information regarding visitors’ use of the website based on Cookies issued by the Company. The Company receives reports from Google regarding the analysis results and uses such information to better understand visitor activity on the website.
Information collected, recorded, and analyzed through Google Analytics does not include any information that directly identifies a specific individual. Such information is managed by Google in accordance with Google's Privacy Policy.
Customers may prevent the collection of their information through the Company’s use of Google Analytics by disabling Google Analytics through their browser settings. Google Analytics can be disabled by downloading and installing the Google Analytics Opt-out Add-on provided by Google and changing the browser’s add-on settings.
Please note that if Google Analytics is disabled, it will also be disabled on other websites visited by the customer that use Google Analytics. However, customers may re-enable Google Analytics at any time by changing their browser add-on settings.
For more information, please refer to the following resources:
Google Analytics Terms of Service
http://www.google.com/analytics/terms/jp.html
Google Privacy Policy
https://policies.google.com/privacy
Google Analytics Opt-out Add-on
https://tools.google.com/dlpage/gaoptout
(2) Personal Information Concerning Business Partners
(In the case of corporate customers, this includes their officers and employees.)
Purpose of Use
To communicate with business partners as necessary for business operations, contract performance, negotiations, and other business-related matters
To manage information relating to business partners
(3) Personal Information Concerning Shareholders
(In the case of corporate shareholders, this includes their officers and employees.)
Purpose of Use
To exercise rights and fulfill obligations under the Companies Act and other applicable laws
To manage shareholder information, including the preparation of records required by applicable laws and regulations
To communicate with shareholders in response to requests for disclosure of information
(4) Personal Information Concerning Job Applicants
Purpose of Use
To contact applicants, provide information regarding recruitment opportunities, and carry out other activities necessary for recruitment and hiring processes
(5) Personal Information Concerning Employees
Purpose of Use
To communicate with employees regarding business operations and employment matters
To pay compensation, including salaries, bonuses, and allowances, and to carry out human resources and labor management functions and provide employee benefits
To administer employee tax obligations, including income tax and resident tax withholding and reporting
To manage and maintain employee health and welfare
5. Joint Use of Personal Information
The Company may jointly use customers’ and users’ personal information as follows.
(1) Categories of Personal Information Subject to Joint Use
Name
Address
Postal code
Telephone number
Fax number
Email address
Other information provided by customers and users
(2) Scope of Joint Users
SAFEHOUSE Inc.
3-15 Kanda Nishikicho, Chiyoda-ku, Tokyo 101-0054, Japan
Representative Director and President: Hiroaki Yura
AREA35 Inc.
3-15 Kanda Nishikicho, Chiyoda-ku, Tokyo 101-0054, Japan
Representative Director and President: Hiroaki Yura
WHISTLER Inc.
3-15 Kanda Nishikicho, Chiyoda-ku, Tokyo 101-0054, Japan
Representative Director and President: Hiroaki Yura
(3) Purpose of Joint Use
Personal information will be jointly used within the scope of the purposes set forth in Section 4(1), “Personal Information Concerning Customers.”
(4) Party Responsible for the Management of Personal Data
THE CORE Inc. is responsible for the management of all personal data subject to joint use.
For the Company's address and representative information, please refer to Section 1 above.
For inquiries regarding the joint use of personal information, please contact:
Personal Information Protection Consultation Desk
Attn: Kotaro Kadota
Contact Information
THE CORE Inc.
Administration Department
Personal Information Protection Consultation Desk
3-15 Kanda Nishikicho, Chiyoda-ku, Tokyo 101-0054, Japan
Tel: +81-3-6285-0000
Business Hours: Monday to Friday (excluding public holidays and year-end/New Year holidays)
9:30 a.m. – 12:00 p.m.
1:00 p.m. – 4:30 p.m.
---
6. Disclosure of Personal Information to Third Parties
The Company will not provide personal information entrusted to it to any third party except in the following circumstances:
Where the customer has given prior consent;
Where disclosure is necessary to outsource operations within the scope required to achieve the stated purpose of use;
Where disclosure is required by applicable laws or regulations;
Where disclosure is necessary to protect the life, body, or property of an individual and obtaining the customer’s consent would be difficult;
Where disclosure is particularly necessary for the improvement of public health or the promotion of the sound development of children and obtaining the customer’s consent would be difficult; or
Where cooperation with a national government agency, local government authority, or a party entrusted by such authority is necessary for the performance of duties prescribed by law, and obtaining the customer’s consent may impede the execution of such duties.
7. Security Management Measures
The Company implements necessary and appropriate security measures to protect personal data against unauthorized access, leakage, loss, destruction, alteration, or damage, and to ensure the proper management of such data.
The Company also exercises necessary and appropriate supervision over its employees and service providers (including subcontractors) who handle personal data.
The Company's security management measures for personal data are further defined in its internal regulations concerning the handling of specific personal information and other personal data. The principal measures include the following:
(Establishment of a Basic Policy)
The Company has established a basic policy to ensure the proper handling of personal data, including compliance with applicable laws, regulations, and guidelines, as well as procedures for handling inquiries and complaints.
(Development of Rules Governing the Handling of Personal Data)
The Company has established internal regulations governing the handling of personal information. These regulations define handling procedures, responsible personnel, and their respective duties at each stage of the data lifecycle, including collection, use, storage, provision, deletion, and disposal.
(Organizational Security Measures)
The Company has appointed a person responsible for the administration of personal data handling and clearly defines both the employees authorized to handle personal data and the scope of personal data they may access. The Company has also established reporting procedures for situations in which violations of the Personal Information Protection Act or internal data handling regulations are identified or suspected.
The Company conducts regular self-assessments of its personal data handling practices and performs audits conducted by other departments and external parties.
(Personnel Security Measures)
The Company provides regular training to employees regarding the proper handling of personal data and related compliance requirements.
Confidentiality obligations concerning personal data are included in the Company's employment rules and regulations.
(Physical Security Measures)
The Company implements access controls for areas where personal data is handled, including managing employee entry and exit and restricting the equipment that may be brought into such areas. Measures are also implemented to prevent unauthorized persons from accessing personal data.
The Company takes measures to prevent theft, loss, or unauthorized removal of devices, electronic media, documents, and other materials containing personal data. When such devices or media are transported, including within Company facilities, appropriate safeguards are applied to prevent personal data from being easily identified or accessed.
(Technical Security Measures)
The Company implements access control measures to restrict access to personal information databases and other systems containing personal data to authorized personnel only.
The Company has implemented mechanisms to protect information systems handling personal data from unauthorized external access and malicious software.
(Understanding of External Environments)
Where the Company handles personal data in foreign jurisdictions, it implements appropriate security measures after assessing and understanding the personal information protection laws and systems applicable in those jurisdictions.
The Company utilizes Amazon Web Services (AWS) cloud servers. All AWS services used by the Company are configured within regions located in Japan, and the Company does not use overseas cloud server regions for the storage of personal data.
8. Overseas Service Providers Handling Personal Information
The Company handles highly sensitive personal information, including customers’ names, addresses, dates of birth, member IDs, passwords, credit card information, and payment information, appropriately in accordance with Japanese laws and the Company’s data governance standards.
However, the Company outsources part of the development of its services to AREA34, Inc. (“A34”), a wholly owned subsidiary of the Company located in the United States. To the extent necessary for development monitoring purposes, A34 is permitted to access customers’ personal information stored on servers located in Japan.
The measures implemented by the Company in connection with the handling of personal information by A34 are as follows:
(1) Method of Providing Personal Information to A34
The Company provides personal information to A34 pursuant to a written outsourcing agreement concluded between the Company and A34.
(2) Measures Implemented by A34
Under the outsourcing agreement, A34 is required to:
Handle personal data only within the scope of the specified purposes of use;
Implement necessary and appropriate security management measures;
Properly supervise employees handling personal data;
Refrain from further subcontracting the handling of personal data without authorization;
Refrain from providing personal data to third parties; and
Comply with other obligations concerning the proper protection of personal information.
(3) Personal Information Protection Framework Applicable to A34
The Company has confirmed that no legal framework applicable to A34 imposes broad obligations on businesses to cooperate with government information-gathering activities in a manner that would permit extensive governmental collection of personal information held by such businesses.
The Company has also confirmed that no legal framework applicable to A34 imposes domestic data localization requirements that would prevent businesses from responding to requests by individuals for deletion or similar actions concerning their personal information.
(4) Frequency and Method of Verification
The Company verifies the measures implemented by A34 as described in Section (2) above once per year by obtaining a written report from A34.
The Company verifies the personal information protection framework applicable to A34 as described in Section (3) above once per year through an inquiry conducted by the person responsible for personal information protection.
(5) Suspension of the Provision of Personal Information
If the Company determines that A34 is handling personal information in violation of the outsourcing agreement, including the measures described in Section (2) above, and A34 fails to remedy such violation within a reasonable period after being requested to do so, making it difficult to ensure the continued implementation of appropriate safeguards, the Company will suspend the provision of personal information to A34.
The Company will also suspend the provision of personal information to A34 if it confirms that changes have been made to the applicable legal framework in a manner inconsistent with the conditions described in Section (3) above.
9. Requests for Disclosure, Correction, Suspension of Use, or Deletion of Personal Information
The Company will respond promptly to requests for the disclosure, correction, suspension of use, deletion, or other actions concerning personal information after confirming the identity of the individual through the prescribed procedures.
If you have any questions regarding this Privacy Policy or wish to exercise your rights concerning your personal information, please contact the inquiry desk set forth in Section 10 below.
10. Contact Information
For any questions or complaints regarding the handling of personal data by the Company, please contact the following:
Address
THE CORE Inc.
3-15 Kanda Nishikicho, Chiyoda-ku, Tokyo 101-0054, Japan
Contact Person
Personal Information Protection Consultation Desk
Administration Department
THE CORE Inc.
Attn: Kotaro Kadota
Telephone
+81-3-6285-0000
Business Hours
Monday to Friday (excluding public holidays and year-end/New Year holidays)
9:30 a.m. – 12:00 p.m.
1:00 p.m. – 4:30 p.m.