MENU

English

Japanese

EN

JA

DATA &

PRIVACY

By using our services, you agree to follow our guidelines and maintain a fair, seamless experience for all.

DATA &

PRIVACY

By using our services, you agree to follow our guidelines and maintain a fair, seamless experience for all.

May 2025

Personal Information Protection Policy / Privacy Policy

Personal Information Protection Policy /
Privacy Policy

THE CORE Inc.

To ensure the proper handling of personal data in accordance with the Act on the Protection of Personal Information (Act No. 57 of 2003; hereinafter referred to as the “Personal Information Protection Act”), THE CORE Inc. has established this Personal Information Protection Policy / Privacy Policy.


1. Company Name, Address, and Name of Representative

Company Name: THE CORE Inc.

Address: 3-15 Kanda Nishikicho, Chiyoda-ku, Tokyo 101-0054, Japan

Representative Director and President: Hiroaki Yura


2. Compliance with Relevant Laws, Regulations, Guidelines, etc.

The Company shall comply with the Personal Information Protection Act, other applicable laws and regulations, guidelines issued by the Personal Information Protection Commission, and other relevant guidelines, and shall handle personal data appropriately.


3. Acquisition and Use of Personal Information

When acquiring personal information, the Company shall publish or notify the purpose of use, including publication through this Policy. When acquiring personal information directly from the individual through contracts or other documents, including electronic records, the Company shall clearly state the purpose of use in advance and acquire such information by lawful and fair means.

The Company shall use personal information appropriately within the scope necessary to achieve the stated purpose of use.


4. Purpose of Use of Personal Information

The Company shall use personal information for the following purposes.

(1) Personal Information Concerning Customers


Purpose of Use

  • Customer identity verification and personal authentication

  • Shipment of products, goods, invoices, and prizes to winners of campaigns in which customers participated

  • Responding to, confirming, and recording customer inquiries, consultations, complaints, and support requests

  • Development of products and improvement/enhancement of other services

  • Improvement and enhancement of the customer experience in digital services provided by the Company, such as websites and mobile applications

  • Advertising and provision of information regarding products, services, campaigns, etc. by direct mail, email, and other means (*1)(*2)

  • Delivery of behavioral targeting advertisements using advertising distributors such as Google and Yahoo! (*1)(*2)

  • Analysis of attribute information, behavioral history, etc. acquired by the Company in order to understand customer interests, preferences, etc. (*2)

  • To provide the Company’s products and services safely to customers, including detecting users who violate the Terms of Use and notifying such users, and investigating, detecting, preventing, and responding to fraudulent acts such as fraud or unauthorized access through misuse of the services, etc.


Notes

(*1) The Company may analyze information obtained from customers, such as website browsing history and purchase history, for the purpose of providing services and delivering advertisements.

(*2) The Company may obtain information regarding customers’ interests, preferences, browsing history, and similar data from third parties and link such information with personal information already held by the Company. In such cases, the Company will obtain the customer’s prior consent and use such information only within the scope of the purposes set forth above.

(*3) A technology used to record and manage information about customers who use the Company’s website on computers or application software is known as a “Cookie.” The Company uses Cookies on its website to provide customers with a more convenient browsing experience. For details regarding the handling of Cookies, please refer to the Company’s Cookie Policy.

(*4) The Company uses Google Analytics, a web analytics service provided by Google LLC (“Google”), to understand how visitors use the Company’s website.

When Google Analytics is used on the Company’s website, Google collects, records, and analyzes information regarding visitors’ use of the website based on Cookies issued by the Company. The Company receives reports from Google regarding the analysis results and uses such information to better understand visitor activity on the website.

Information collected, recorded, and analyzed through Google Analytics does not include any information that directly identifies a specific individual. Such information is managed by Google in accordance with Google's Privacy Policy.

Customers may prevent the collection of their information through the Company’s use of Google Analytics by disabling Google Analytics through their browser settings. Google Analytics can be disabled by downloading and installing the Google Analytics Opt-out Add-on provided by Google and changing the browser’s add-on settings.


Please note that if Google Analytics is disabled, it will also be disabled on other websites visited by the customer that use Google Analytics. However, customers may re-enable Google Analytics at any time by changing their browser add-on settings.

For more information, please refer to the following resources:

Google Analytics Terms of Service

http://www.google.com/analytics/terms/jp.html


Google Privacy Policy

https://policies.google.com/privacy


Google Analytics Opt-out Add-on

https://tools.google.com/dlpage/gaoptout


(2) Personal Information Concerning Business Partners

(In the case of corporate customers, this includes their officers and employees.)

Purpose of Use

  • To communicate with business partners as necessary for business operations, contract performance, negotiations, and other business-related matters

  • To manage information relating to business partners


(3) Personal Information Concerning Shareholders

(In the case of corporate shareholders, this includes their officers and employees.)

Purpose of Use

  • To exercise rights and fulfill obligations under the Companies Act and other applicable laws

  • To manage shareholder information, including the preparation of records required by applicable laws and regulations

  • To communicate with shareholders in response to requests for disclosure of information


(4) Personal Information Concerning Job Applicants


Purpose of Use

  • To contact applicants, provide information regarding recruitment opportunities, and carry out other activities necessary for recruitment and hiring processes


(5) Personal Information Concerning Employees


Purpose of Use

  • To communicate with employees regarding business operations and employment matters

  • To pay compensation, including salaries, bonuses, and allowances, and to carry out human resources and labor management functions and provide employee benefits

  • To administer employee tax obligations, including income tax and resident tax withholding and reporting

  • To manage and maintain employee health and welfare


5. Joint Use of Personal Information

The Company may jointly use customers’ and users’ personal information as follows.

(1) Categories of Personal Information Subject to Joint Use

  • Name

  • Address

  • Postal code

  • Telephone number

  • Fax number

  • Email address

  • Other information provided by customers and users


(2) Scope of Joint Users

SAFEHOUSE Inc.

3-15 Kanda Nishikicho, Chiyoda-ku, Tokyo 101-0054, Japan

Representative Director and President: Hiroaki Yura


AREA35 Inc.

3-15 Kanda Nishikicho, Chiyoda-ku, Tokyo 101-0054, Japan

Representative Director and President: Hiroaki Yura


WHISTLER Inc.

3-15 Kanda Nishikicho, Chiyoda-ku, Tokyo 101-0054, Japan

Representative Director and President: Hiroaki Yura


(3) Purpose of Joint Use

Personal information will be jointly used within the scope of the purposes set forth in Section 4(1), “Personal Information Concerning Customers.”


(4) Party Responsible for the Management of Personal Data

THE CORE Inc. is responsible for the management of all personal data subject to joint use.

For the Company's address and representative information, please refer to Section 1 above.

For inquiries regarding the joint use of personal information, please contact:


Personal Information Protection Consultation Desk

Attn: Kotaro Kadota


Contact Information

THE CORE Inc.

Administration Department

Personal Information Protection Consultation Desk


3-15 Kanda Nishikicho, Chiyoda-ku, Tokyo 101-0054, Japan

Tel: +81-3-6285-0000


Business Hours: Monday to Friday (excluding public holidays and year-end/New Year holidays)

9:30 a.m. – 12:00 p.m.

1:00 p.m. – 4:30 p.m.


---


6. Disclosure of Personal Information to Third Parties

The Company will not provide personal information entrusted to it to any third party except in the following circumstances:

  • Where the customer has given prior consent;

  • Where disclosure is necessary to outsource operations within the scope required to achieve the stated purpose of use;

  • Where disclosure is required by applicable laws or regulations;

  • Where disclosure is necessary to protect the life, body, or property of an individual and obtaining the customer’s consent would be difficult;

  • Where disclosure is particularly necessary for the improvement of public health or the promotion of the sound development of children and obtaining the customer’s consent would be difficult; or

  • Where cooperation with a national government agency, local government authority, or a party entrusted by such authority is necessary for the performance of duties prescribed by law, and obtaining the customer’s consent may impede the execution of such duties.


7. Security Management Measures

The Company implements necessary and appropriate security measures to protect personal data against unauthorized access, leakage, loss, destruction, alteration, or damage, and to ensure the proper management of such data.

The Company also exercises necessary and appropriate supervision over its employees and service providers (including subcontractors) who handle personal data.

The Company's security management measures for personal data are further defined in its internal regulations concerning the handling of specific personal information and other personal data. The principal measures include the following:


(Establishment of a Basic Policy)

  • The Company has established a basic policy to ensure the proper handling of personal data, including compliance with applicable laws, regulations, and guidelines, as well as procedures for handling inquiries and complaints.


(Development of Rules Governing the Handling of Personal Data)

  • The Company has established internal regulations governing the handling of personal information. These regulations define handling procedures, responsible personnel, and their respective duties at each stage of the data lifecycle, including collection, use, storage, provision, deletion, and disposal.


(Organizational Security Measures)

  • The Company has appointed a person responsible for the administration of personal data handling and clearly defines both the employees authorized to handle personal data and the scope of personal data they may access. The Company has also established reporting procedures for situations in which violations of the Personal Information Protection Act or internal data handling regulations are identified or suspected.

  • The Company conducts regular self-assessments of its personal data handling practices and performs audits conducted by other departments and external parties.


(Personnel Security Measures)

  • The Company provides regular training to employees regarding the proper handling of personal data and related compliance requirements.

  • Confidentiality obligations concerning personal data are included in the Company's employment rules and regulations.


(Physical Security Measures)

  • The Company implements access controls for areas where personal data is handled, including managing employee entry and exit and restricting the equipment that may be brought into such areas. Measures are also implemented to prevent unauthorized persons from accessing personal data.

  • The Company takes measures to prevent theft, loss, or unauthorized removal of devices, electronic media, documents, and other materials containing personal data. When such devices or media are transported, including within Company facilities, appropriate safeguards are applied to prevent personal data from being easily identified or accessed.


(Technical Security Measures)

  • The Company implements access control measures to restrict access to personal information databases and other systems containing personal data to authorized personnel only.

  • The Company has implemented mechanisms to protect information systems handling personal data from unauthorized external access and malicious software.


(Understanding of External Environments)

  • Where the Company handles personal data in foreign jurisdictions, it implements appropriate security measures after assessing and understanding the personal information protection laws and systems applicable in those jurisdictions.

  • The Company utilizes Amazon Web Services (AWS) cloud servers. All AWS services used by the Company are configured within regions located in Japan, and the Company does not use overseas cloud server regions for the storage of personal data.


8. Overseas Service Providers Handling Personal Information

The Company handles highly sensitive personal information, including customers’ names, addresses, dates of birth, member IDs, passwords, credit card information, and payment information, appropriately in accordance with Japanese laws and the Company’s data governance standards.

However, the Company outsources part of the development of its services to AREA34, Inc. (“A34”), a wholly owned subsidiary of the Company located in the United States. To the extent necessary for development monitoring purposes, A34 is permitted to access customers’ personal information stored on servers located in Japan.

The measures implemented by the Company in connection with the handling of personal information by A34 are as follows:

(1) Method of Providing Personal Information to A34

The Company provides personal information to A34 pursuant to a written outsourcing agreement concluded between the Company and A34.


(2) Measures Implemented by A34

Under the outsourcing agreement, A34 is required to:

  • Handle personal data only within the scope of the specified purposes of use;

  • Implement necessary and appropriate security management measures;

  • Properly supervise employees handling personal data;

  • Refrain from further subcontracting the handling of personal data without authorization;

  • Refrain from providing personal data to third parties; and

  • Comply with other obligations concerning the proper protection of personal information.


(3) Personal Information Protection Framework Applicable to A34

  • The Company has confirmed that no legal framework applicable to A34 imposes broad obligations on businesses to cooperate with government information-gathering activities in a manner that would permit extensive governmental collection of personal information held by such businesses.

  • The Company has also confirmed that no legal framework applicable to A34 imposes domestic data localization requirements that would prevent businesses from responding to requests by individuals for deletion or similar actions concerning their personal information.


(4) Frequency and Method of Verification

  • The Company verifies the measures implemented by A34 as described in Section (2) above once per year by obtaining a written report from A34.

  • The Company verifies the personal information protection framework applicable to A34 as described in Section (3) above once per year through an inquiry conducted by the person responsible for personal information protection.


(5) Suspension of the Provision of Personal Information

  • If the Company determines that A34 is handling personal information in violation of the outsourcing agreement, including the measures described in Section (2) above, and A34 fails to remedy such violation within a reasonable period after being requested to do so, making it difficult to ensure the continued implementation of appropriate safeguards, the Company will suspend the provision of personal information to A34.

  • The Company will also suspend the provision of personal information to A34 if it confirms that changes have been made to the applicable legal framework in a manner inconsistent with the conditions described in Section (3) above.


9. Requests for Disclosure, Correction, Suspension of Use, or Deletion of Personal Information

The Company will respond promptly to requests for the disclosure, correction, suspension of use, deletion, or other actions concerning personal information after confirming the identity of the individual through the prescribed procedures.

If you have any questions regarding this Privacy Policy or wish to exercise your rights concerning your personal information, please contact the inquiry desk set forth in Section 10 below.


10. Contact Information

For any questions or complaints regarding the handling of personal data by the Company, please contact the following:


Address

THE CORE Inc.

3-15 Kanda Nishikicho, Chiyoda-ku, Tokyo 101-0054, Japan


Contact Person

Personal Information Protection Consultation Desk

Administration Department

THE CORE Inc.

Attn: Kotaro Kadota


Telephone

+81-3-6285-0000


Business Hours

Monday to Friday (excluding public holidays and year-end/New Year holidays)

9:30 a.m. – 12:00 p.m.

1:00 p.m. – 4:30 p.m.