Rakuro Privacy Policy

Rakuro Inc. (“we,” “our” or “us”) shall handle the information (“User Information, etc.”) regarding the users (including persons in charge at Registered Users defined in the Terms of Use of Rakuro (“Terms of Use”) and holders of Accounts to be Analyzed, etc.) in the cloud attendance management services “Rakuro” (“Services”) as follows. Unless otherwise provided herein, the capitalized terms used in this Rakuro privacy policy (“Policy”) shall be in accordance with the Terms of Use.

Article 1 (General provision)

  1. 1. To ensure the protection of personal information, we will comply with Act on the Protection of Personal Information of Japan (Act No. 57 of May 30, 2003 of Japan)(“Act”) and other related applicable laws and regulations and endeavor to appropriately handle and protect User’s information including personal information.
  2. 2. This policy shall apply to all users who use the Services. In addition, in the event we establish privacy policy or other personal information protection policy in our website or there is a provision regarding the handling of User’s information in the agreement between the user and us and such provision conflicts with this Policy, this Policy shall prevail.
  3. 3. This Policy shall not apply to the allied service provided by the other service providers or any other service provided by a person other than us ("Allied Service"). For the handling of User’s information in the Allied Service, please refer to the privacy policy provided by the provider of the Allied Service.

Article 2 (Information to be collected and the method of collection)

  1. 1. In relation to the Services, we will collect User Information, etc. that contains personal information (which means “Personal Information” defined in paragraph 1 of Article 2 of the Act; the same applies hereinafter) as follows:
    1. Information regarding user
      1. Information of User
        • We will collect the user’s name, department, e-mail address, telephone number, information regarding the user’s organization and bank account information, and other information specified by us.
      2. Terminal information
        • When a user uses the Services on a terminal or mobile terminal, we may collect the information of the terminal used by the user (ID information that can identify the terminal) to maintain or improve the Services or prevent from improper use of the Services. We may also collect the information of the IP address automatically generated and stored when the user uses the Services, the date and time of the request from the Registered User, the operation history of the use of the Services and information on user’s use situation of the Services (hereinafter collectively referred to as "Log Information").
      3. Cookie
        • In the use of the Services, the Company may use technologies called "Cookie" and similar technologies. Cookie is a standard technique in the industry by which web servers identify user’s web browser. Cookie can identify user’s web browser, but it cannot identify the individuals or specific Register’s User. Note that it is possible to disable the Cookie by changing the settings of the terminal. However, in such cases, there is a possibility that the user cannot use all or part of the Services.
    2. Allied Data and Transmission Data
      • We will collect the Allied Data collected or transmitted through the Services (including but not limited to login history of computers, email transmission history and other internal system usage history, text, images, videos and other data) and Transmission Data (personal names, departments, telephone numbers, arrival and departure times and other data) (Allied Data and Transmission Data include titles of scheduler, but do not include subjects and texts of e-mail, chat and social media messages, or contents of files attached thereto ).
  2. 2. When we collect personal information designated in the preceding paragraph, we will properly collect such information without falsifying or using other improper means. In addition, if we collect user’s personal information by method other than user’s use of the Services, we shall notify or publish the purpose of use of such information.

Article 3 (Purpose of use)

  1. We will appropriately handle personal information obtained through the use of the Services within the scope of the following purposes:
  2. Purpose of use Description of purpose of use Information to be used
    Provision, maintenance and improvement of the Services
    • For the purpose of application and provision of the Services
    • For the purpose of identification and the prevention of unauthorized use of the Services
    • For the smooth provision, maintenance and improvement of the Services
    • User’s name, department, e-mail address, telephone number, information regarding the user’s organization and bank account information, and other information specified by us, login ID and password
    • Terminal Information, IP address, Log Information
    • Cookie
    • Transmission Data
    • Allied Data
    Notification and response to users, etc.
    • For the purpose of guidance or responding to inquiries about the Services
    • For the purpose of notifying User of any change in the Terms of Use or this Policy, suspension or cancellation of the Services, termination of the agreement or any other important notices relating to the Services
    • User’s name, department, e-mail address, telephone number, information regarding the user’s organization and bank account information, and other information specified by us, login ID and password
    Notification of related services
    • For the purpose of notifying users of services related to the Services such as a service contributing to improvement of Users' business based on their usage situation
    • Information regarding the name, department, e-mail address, telephone number and organization of the person in charge at a Registered User
    • Allied Data
    • Transmission Data
  3. We may change the purpose of use set forth in the preceding section to the extent reasonably considered relevant to the purpose set forth in the preceding section, and in the event of such change, we shall notify the User of or publish such change in a manner that is easily understandable, such as by posting it on the Services or on the website.
  4. In addition to the paragraph 1 of this Article, we may process Allied Data, Transmission Data and other User Information, etc. into statistical information (“statistical information” means data obtained by extracting items concerning common element from information of a number of people and gathering the items for the same classification) so as none to be able to identify a specific company, organization or individual who is a user, and use them.

Article 4 (Transfer to third parties)

  1. In principle, we will not transfer personal information to a third party (excluding the consignee referred to Article 5, the same shall apply hereinafter) without the consent of the User. Provided, however, if it falls under any of the following, personal information may be transferred without the consent of the User to the extent that it does not violate the applicable laws and regulations:
    1. It is in accordance with laws and regulations;
    2. It is necessary for the protection of the life, body, or property of an individual and it is difficult to obtain the consent of the User;
    3. It is necessary for improving public health or promoting the sound growth of children and it is difficult to obtain the consent of the User;
    4. It is necessary to cooperate with a national or local government, or a person who is delegated by government in executing laws or regulations and obtaining the consent of the User is likely to impede the execution of such matters;
    5. The succession of business, including personal information of the User, due to merger, company split, transfer of business, or for any other reason.
  2. Where personal data (which means “Personal Data” defined by paragraph 3 of Article 16 of Act, the same shall apply hereinafter) is transferred to a third party based on the consent of the User, we shall prepare for and retain records relating to the following matters:
    1. The prior consent of the User has been obtained;
    2. (2) Name and address of the third party, or name of the representative of a corporate that is a juridical person (or the representative or administrator appointed for the applicant that is an unincorporated entity) (or the name of people if the Personal Data is provided to unspecified persons or multiple people);
    3. Information sufficient to identify the person, such as the name of the person identified by the personal data;
    4. Items of such personal data.

Article 5 (Delegation of the handling of personal information)

We may delegate the handling of all or part of personal information obtained from users to a third party within the scope necessary for the achievement of the purpose of use. In this case, we shall execute a confidentiality agreement with the consignee in accordance with this Policy and conduct necessary and appropriate supervision to ensure that the consignee appropriately manages the information securely.

Article 6 (Information collection module)

We may incorporate the following information collection modules selected by us into the Services to analyze information such as the usage of the Service and advertising effects related to the Service. Accordingly, we may provide User’s information to the provider of the following information collection modules. These information collection modules collect User’s information without including personally identifiable information, and the collected information is managed in accordance with the privacy policy and other regulations of each information collection module provider.

Name: Google Analytics
Privacy Policy: http://www.google.com/intl/ja/policies/privacy/

Article 7 (Security management system)

In order to prevent leakage, loss, or damage of the Personal Data, we implement necessary and appropriate measures for the security management of the Personal Data. When we provide the Personal Data to our employees or contractors (including subcontractors), we will conduct necessary and appropriate supervision. The following is the security control measure to be taken by us with regard to Personal Data.
  1. Formulation of the basic policy
  2. We formulate a basic policy to ensure the proper handling of Personal Data and to inform our employees of such handling.
  3. Establishment of rules for the handling of the Personal Data
  4. We establish rules for handling the Personal Data having the detail of the method, the responsible person and personnel, and their respective duties in handling Personal Data.
  5. Systematic security control
  6. We specify an employee who will handle the Personal Data and clarify the responsibilities and authorities of such employment. We conduct internal audits to ensure that the Personal Data is handled in accordance with the method for handling such data. In addition, we introduce the risk assessment to consider any possible risks and analyze the effect of each measure then establish a system of effective risk measures.
  7. Human security control measures
  8. We inform our employees of matters to be considered for the handling of the Personal Data in our work regulations or written pledge. In addition, we regularly provide our employees with training or conduct tests on information security.
  9. Physical security control measures
  10. We limit certain devices to be relocated and brought into the area where the Personal Data is handled. Also, we take measures so that no individuals or entities other than those who are entitled to handle Personal Data can easily view the Personal Data. Moreover, we develop procedures and build measures for the disposal of machines handling the Personal Data in order to prevent any leakage of the Personal Data.
  11. Technical security control measures
  12. We designate personnel and limit certain databases of the Personal Data by implementing access control. Also, we develop security requirements for handling Personal Data to protect the Personal Data from any illegal access and others.

Article 8 (Rights to disclose or correct the personal information)

For the disclosure, correction, deletion or suspension of use (hereinafter referred to as "disclosure, etc.") of personal information on the Service, please refer to the “Guidance on Application for Disclosure of Personal Information.” Provided, however, that if we do not assume these obligations under Act or other applicable laws or regulations, or if the same requests are repeated without due reason, or if excessive technical work is required, we may refuse the request

Article 9 (Changes to this Policy)

  1. We will review the operation of the handling of user’s information from time to time and make efforts for continuous improvements, and this Policy may be revised from time to time as necessary.
  2. The revised Policy shall be posted on the Service or on the website or in other ways which is easy to understand. Provided, however, if any revision that requires the consent of the user in accordance with applicable laws or regulations, we shall obtain the consent of the user in a manner we set forth.

Article 10 (Inquiry)

For comments, questions, requests for complaints and other inquiries regarding the handling of user’s information, please contact us by the following inquiry form:

Rakuro Inc.
Email: support@raku-ro.com
(The operation time shall be from 10:00 am to 5:00 pm on weekdays)

[Established on July 1, 2018]
[Revised on July 1, 2019]
[Revised on July 1, 2020]
[Revised on June 1, 2022]