Add us on LINE and get a discount

Privacy policy

Vitalogue Health., Inc (hereinafter referred to as "the Company") recognizes the importance of protecting personal information, complies with the Act on the Protection of Personal Information (hereinafter referred to as the "Personal Information Protection Act"), and strives to handle and protect personal information appropriately in accordance with the following privacy policy (hereinafter referred to as the "Privacy Policy"). Unless otherwise specified in this Privacy Policy, the definitions of terms used herein shall be in accordance with the provisions of the Personal Information Protection Act.

 

1. User information collected

In this Privacy Policy, "User Information" means information related to the identification of customers, behavioral history on communication services, and other information generated or accumulated in relation to customers or their terminals, which the Company collects based on this Privacy Policy. "Personal information" means personal information as defined in Article 2, paragraph 1 of the Personal Information Protection Act.

 

The user information collected by the Company in this service will be as follows, depending on the method of collection:

 

  1. Information provided by the customer:
  • Email address
  • Date of birth
  • Information that the customer inputs or submits through input forms or other methods designated by the Company
  • Information collected by the Company when the customer uses this service
  • Access status
  • Terminal information
  • Log information
  • Cookies
  • IP address
  • Customer agent
  • Referrer
  • History information generated by using this service and communication history information such as inquiries
  1. Information obtained with the customer's consent:
  • Answers to questionnaires

 

2. Purpose of Use of Personal Information

The Company will use personal information for the following purposes:

 

  1. Providing the Company's services
  2. Recommending medical institutions
  3. Providing information to partner medical institutions
  4. Supporting proposals and sales of appropriate drugs for customers by physicians
  5. Responding to inquiries and providing information regarding the Company's services
  6. Providing information regarding the Company's or third-party products, services, seminars, campaigns, etc.
  7. Responding to acts that violate the Company's terms, policies, etc. (hereinafter referred to as “terms, etc”)
  8. Notifying changes in terms, etc.
  9. Analyzing information on the use of services by users to improve the Company's services and develop new services
  10. Creating statistical data processed in a manner that cannot identify individuals for academic or commercial purposes
  11. Contacting customers regarding the Company's services
  12. Disclosing personal information to payment companies for personal identification, confirmation of billing address, and credit investigation in the payment company
  13. Other purposes related to the above purposes

 

3. Changes in the Purpose of Use of Personal Information

The Company shall not change the purpose of use of personal information beyond the scope reasonably deemed relevant. If the Company changes the purpose of use, it shall notify the customer of the new purpose of use and obtain consent if necessary.

 

4. Restriction on Use of Personal Information

Unless permitted by the Personal Information Protection Act or other applicable laws, we will not handle personal information beyond the scope necessary to achieve the purpose of use without obtaining your consent. However, this restriction does not apply in the following cases:

 

  1. When required by law
  2. When necessary for the protection of a person's life, body, or property, and obtaining your consent is difficult
  3. When necessary for promoting public health or ensuring the healthy development of children, and obtaining your consent is difficult
  4. When cooperation with a national government agency, local public entity, or person entrusted by such entity is necessary to perform duties prescribed by law, and obtaining your consent may hinder the performance of such duties.

 

5. Proper Acquisition of Personal Information

5.1 Except as permitted by the Personal Information Protection Act and other applicable laws, we do not handle personal information beyond the scope necessary to achieve the purpose of use without obtaining the customer's consent.

5.2 We will not acquire sensitive personal information (defined in Article 2, Paragraph 3 of the Personal Information Protection Act) without obtaining the customer's consent in advance, except in the following cases.

 

  1. When it falls under any of the items of Paragraph 4 above
  2. When the sensitive personal information is already made public by the customer, a government agency, local government, or a person specified in the items of Paragraph 1 of Article 57 or in the Personal Information Protection Commission regulations
  3. When we acquire sensitive personal information that is clearly visible from the external appearance by visually observing or photographing the customer
  4. When we receive the provision of sensitive personal information from a third party, and when the provision by the third party falls under any of the items of Paragraph 7.1

 

5.3 When we receive personal information from a third party, we confirm the following items in accordance with the provisions of the Personal Information Protection Commission Regulations. However, this does not apply when the provision of such personal information by the third party falls under any of the items in paragraph 4 or paragraph 7.1.

 

  1. The name and address of the third party, and the name of the representative in the case of a corporation (in the case of a non-corporate organization with a designated representative or administrator, the name of the representative or administrator)
  2. The circumstances of the acquisition of the personal information by the third party

6. Management of Personal Information Security

We supervise our employees to ensure that appropriate and necessary measures are taken to manage the security of personal information and prevent risks such as loss, destruction, alteration, and leakage of personal information. In cases where we entrust all or part of the handling of personal information to a third party, we also supervise the entrusted party to ensure that appropriate and necessary measures are taken to manage the security of personal information. The specific measures we take to manage the security of personal information we hold are as follows.

 

Establishment of Basic Policy

In order to ensure the proper handling of personal data, we have established this Privacy Policy as our basic policy regarding "Compliance with Laws and Guidelines" and "Inquiries and Complaints Handling."

Establishment of Rules Regarding Handling of Personal Data

We have established basic handling methods for acquiring, using, and storing personal data.

Organizational Security Measures

 

1) The person in charge confirms that personal data is being handled in accordance with the established handling methods, and regularly reviews access permissions.

2) A reporting and communication system is established from employees to the person in charge.

Human Security Measures

 

We provide regular training to employees on important considerations related to handling personal data.

 

Physical Security Measures

 

1) Measures shall be taken to prevent individuals other than employees and the data subject who can handle personal data from easily viewing personal data

2) Measures shall be taken to prevent theft or loss of devices, electronic media, documents, etc. that handle personal data, and when carrying such devices, electronic media, etc., including during movement within the workplace, measures shall be taken to prevent personal data from being easily identified.

Technical security measures

 

1) We clarify the devices capable of handling personal data and the employees handling them, and prevent unnecessary access to personal data.

2) We limit the personal data being handled.

 

7. Third-Party Provision

7.1 Except in cases falling under any of the items in Paragraph 4, we will not provide personal information to third parties without the customer's prior consent. However, the following cases are not considered as provision to third parties as defined above.

  1. When we provide personal information as part of entrusting all or part of the handling of personal information within the scope necessary to achieve the purpose of use.
  2. When personal information is provided due to the succession of business resulting from mergers or other reasons.
  3. When personal information is jointly used based on the provisions of the Personal Information Protection Act.
  4. When personal information is disclosed to payment companies for personal identification, verification of billing information, and credit investigation.

 

7.2 Notwithstanding the provisions of paragraph 7.1, except where any of the items in paragraph 4 apply, when providing personal information to a third party in a foreign country (excluding countries specified in the rules of the Personal Information Protection Commission based on Article 28 of the Personal Information Protection Act), the Company shall obtain the customer's prior consent to such provision to a third party in a foreign country (excluding those who have established a system that conforms to the criteria specified in the rules of the Personal Information Protection Commission based on Article 28 of the Personal Information Protection Act).

7.3 When the Company provides personal information to a third party, it shall create and maintain records in accordance with Article 29 of the Personal Information Protection Act.

7.4 When the Company receives personal information from a third party, it shall conduct necessary verification in accordance with Article 30 of the Personal Information Protection Act, and create and maintain records related to such verification.

 

8. Disclosure of Personal Information

When requested by the customer based on the provisions of the Personal Information Protection Law, we will promptly disclose the personal information to the customer after confirming that the request is made by the customer himself/herself (we will notify the customer if the personal information does not exist). However, this does not apply if we are not obligated to disclose the information under the Personal Information Protection Law or other laws and regulations. Please note that we charge a fee of 500 yen per request for disclosure of personal information.

 

9. Correction of Personal Information, etc.

If a customer requests correction, addition, or deletion (hereinafter referred to as "correction, etc.") of their personal information based on the provisions of the Personal Information Protection Law due to the reason that the personal information is not true, we will promptly investigate within the necessary range to achieve the purpose of use after confirming that the request is from the customer himself/herself. Based on the results of the investigation, we will correct, etc. the contents of the personal information and notify the customer of the action taken (If we make a decision not to correct, etc. the information, we will notify the customer of that fact). However, this does not apply if the Personal Information Protection Law or other laws and regulations do not require us to make such correction, etc.

 

10. Suspension of Use, etc. of Personal Information

In the event that a customer requests the suspension or erasure (hereinafter referred to as "suspension, etc.") of the use of their personal information based on the provisions of the Personal Information Protection Act, on the grounds that their personal information is being handled beyond the scope of the pre-disclosed purpose of use or that it was obtained through fraudulent or other illegal means, or if a customer requests the suspension (hereinafter referred to as "suspension of provision") of the provision of their personal information based on the provisions of the Personal Information Protection Act on the grounds that their personal information has been provided to a third party without their consent, we will promptly confirm that the request is made by the customer themselves and, if it is found that there is a reason for the request, we will promptly suspend, etc. the use or provision of the personal information and notify the customer of such action. However, this does not apply if the Personal Information Protection Law or other laws and regulations do not require us to make such suspension, etc.

 

11. Use of Cookies and Other Technologies

Our services may use cookies and similar technologies. These technologies help us understand usage patterns of our services and contribute to service improvement. Customers who wish to disable cookies can do so by changing their web browser settings. However, disabling cookies may prevent access to some features of our services.

 

12. Inquiries

For requests for disclosure, opinions, questions, complaints, and other inquiries regarding the handling of personal information, please contact us at the following address:

 

YAZAWA Building UCF3F, 3-1-9 Shibuya, Shibuya-ku, Tokyo

Vitalogue Health Co., Ltd. (Representative Director Ayako Hasegawa)

E-mail:info@vitalogueinc.com

 

13. Continuous Improvement

We will periodically review our operations regarding the handling of personal information and strive for continuous improvement. We may change this Privacy Policy as necessary.

 

 

 

 

GDPR PRIVACY POLICY

This GDPR PRIVACY POLICY (this “Privacy Policy”) states the policy for processing of personal data obtained from persons (the “User” or “Users”) residing in EU that use the service  of our company (the “Company”) (the “Service”). Upon the User’s agreement to this Privacy Policy, the User shall be deemed to have given a voluntary and express consent to the subject matters of the User’s consent stipulated in this Privacy Policy (including, without limitation, the purposes of processing of personal data and transfer of personal data to third countries).

1. Definitions

The following terms as used herein shall have the meanings as set forth below.  Definitions of the terms that are not defined herein shall be subject to the applicable definitions provided in GDPR.

    (1)      “EU” means European Union that includes the member states of European Union, as well as Iceland, Lichtenstein and Norway under Agreement on the European Economic Area (EEA).

    (2)      “GDPR” means REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ECGeneral Data Protection Regulation.

    (3)      “Applicable Privacy Laws” means applicable privacy laws including GDPR and domestic laws related thereto of relevant countries.

    (4)      “personal data” means “personal data” as defined in GDPR.

    (5)     “processing” means “processing” as defined in GDPR.

    (6)      “Controller” means  “controller” as defined in GDPR.

    (7)      “Representative” means “representative” as defined in GDPR.

 

2. Scope of this Privacy Policy

This Privacy Policy shall be applied to the processing of the personal data of the Users in relation to the Service that shall be governed by the Applicable Privacy laws.

 

3. Users under the age of 16

If any User under the age of 16 uses the Service, it shall make sure to obtain the guardian’s consent to this Privacy Policy or to give the consent to this Privacy Policy under the guardian’s permission thereto.

 

4. Controller

The Controller for the processing of the personal data shall be the Company, whose contact details are as follows.

YAZAWA Building UCF3F, 3-1-9 Shibuya, Shibuya-ku, Tokyo

Vitalogue Health Co., Ltd. (Representative Director Ayako Hasegawa)

 

5. Personal Data to be Collected

5.1     The Company may obtain the following personal data from the Users.

         (i)  Information provided by the customer:

  • Email address
  • Date of birth
  • Information that the customer inputs or submits through input forms or other methods designated by the Company
  • Information collected by the Company when the customer uses this service
  • Access status
  • Terminal information
  • Log information
  • Cookies
  • IP address
  • Customer agent
  • Referrer
  • History information generated by using this service and communication history information such as inquiries

(ii) Information obtained with the customer's consent:

  • Answers to questionnaires

5.2     The Company may collect the personal data in the following cases.

         (1)     When the User subscribes for the Service

         (2)     When the User otherwise uses the Service

         (3)     When the Company receives from affiliated parties information regarding transaction record or payment between the User and the Company or the affiliated parties

 

6. Purpose and legal basis of Data Processing

6.1     The Company shall process the personal data only for the purposes as set forth below.

         (1)     Performance of contract, or response to requests of Users prior to executing contract

                   The Company may process the personal data of the User entering into a contract with the Company regarding the Service, for the purpose of performing the contract.  The Company may also process the personal data of the User prior to entering into such contract, for the purpose of taking steps in response to the Users requests.

         (2)     Communication and others

                   The Company may use the personal data of the User for the purpose of (i) communication regarding the Service, (ii) notification of information important for the User’s account and/or use of the Service, (iii) responding to complaints, and (iv) providing any other customer services.  In addition, the Company saves and uses relevant personal data for the purpose to release the User from entering the account information  each time when it uses the Service, and to otherwise facilitate the use of the Service.  Such processing of the personal data is necessary for performance of contracts or legitimate interests pursued by the Company, namely, for performing the Company’s normal operation.

         (3)     Marketing

                   If the Company contacts the User by email for the purpose of marketing, the Company shall obtain the User’s prior consent.  Such processing of the personal data is (i) necessary for legitimate interests pursued by the Company, namely, to communicate with the User and provide similar products or services, or (ii) based on the User’s prior consent. 

6.2     In cases where the Company intends to further process the personal data for a purpose other than that for which the personal data were collected, the Company shall provide the User prior to that further processing with information on that other purpose.

 

7. Provision of Information to Third Party

The Company may provide the personal data of the Users to the following parties, to the extent necessary for pursuing the purpose of processing.  As set forth in Section 8.2, such third parties may include parties residing or located in countries outside EU.

    (1)      Group companies of the Company

    (2)      Accountants, lawyers and other professional advisers

    (3)      Providers of the services related to the Service, including, without limitation, data storage, maintenance and payment service

 

8. Transfer of Personal Data to Third Countries

8.1     When the Company receives personal data from the User, the personal data are transferred from EU region to Japan.

8.2     In addition to the foregoing, the Company may, to the extent necessary for pursuing the aforementioned purposes of processing, transfer personal data of the Users to countries outside EU, including, without limitation, Japan, and further process the same.  The User may not have the right as a data subject same as that under GDPR in countries outside EU, and the Company shall take steps regarding the User’s personal data in accordance with the Applicable Privacy Laws, by means such as execution of standard contractual clauses under GDPR.

8.3     Upon the Users agreement to this Privacy Policy, the User shall be deemed to have given a voluntary and express consent to the transfer of personal data to third countries set forth in this Section 9.

8.4     Japan, to which the transfer stipulated in this Section 8 is made, has obtained an adequacy decision by European Commission

 

9. Storage Period

The Company shall store the personal data of the Users to the extent necessary for the purpose of processing thereof, and delete the personal data when the storage becomes unnecessary for such purpose.

 

10. Cookies

Cookies or similar technologies may be used in the Company’s service.  Such technologies help the Company to recognize the status of use of the Company’s service, etc. and contribute to improvement of the service.  When a User intends to disable cookies, the User may disable cookies by changing the web browser’s settings.  Please note that when cookies are disabled, a part of the service may be unavailable.

 

11. Disclosure, Modification, Deletion, etc. of Personal Data

11.1   If a User that is the subject of the personal data requires any of the following, please notify the contact address of the Company of that effect.  The Company will properly respond to that request pursuant to the User’s right under the Applicable Privacy Laws.

         (1)     Access to personal data

         (2)     Modification of personal data

         (3)     Deletion of personal data

         (4)     Restriction on processing of personal data

         (5)     Objection to processing

         (6)     Exercise of right to data portability

11.2   For the request under Section 11.1, please submit the following documents by mail or email.

         (1)     Request form specified by the Company

         (2)     Document for identification of the User as specified by the Company

         (3)     Document for identification of the representative of the User as specified by the Company

11.3   To avoid undue modification, divulge, etc. of the personal data of the User by a third party, the Company will response to the request by mail or email, only if the identity confirmation is made by the submitted documents.  Although the Company will make effort to promptly respond, please note that it may takes time until response, for the confirmation of the applicable registered personal data and for assuring accuracy.

11.4   The Company will not return the request form or identification documents received from the User or its representative.  Please understand that the Company will keep the request form properly, and delete the identification documents in an appropriate manner when the purpose of use thereof is achieved.

 

12. Withdrawal of Consent

For the processing of the personal data based on the User’s consent, the User shall have the right to withdraw the consent for the personal data at any time.

 

13. Lodgment of Complaint with Supervisory Authority

In addition to the aforementioned rights, the User may lodge a complaint with a supervisory authority at any time.  However, the Company appreciates a notification to the Company prior to contacting the supervisory authority, so that the Company may have the opportunity to respond to the complaint of the User.

 

14. Necessity of Provision of Personal Data

Since the personal data to be provided by the User are necessary for the Company to provide the Service, the Service may be unavailable to the User that does not provide the data.

 

15. Inquiries

For questions or complaints, or for the exercise of the rights under Sections 11 and 12, please contact the following contact addresses.

YAZAWA Building UCF3F, 3-1-9 Shibuya, Shibuya-ku, Tokyo
Vitalogue Health Co., Ltd. (Representative Director Ayako Hasegawa)
Email: info@vitalogueinc.com

16. General Provisions

16.1   The Company shall retain the right to regularly amend this Privacy Policy.  The User shall regularly check and confirm the applicable provisions at its responsibilities.

16.2   In the event of conflict between the Applicable Privacy Laws and any provision of this Privacy Policy, the provision shall be deemed replaced by a provision of the same meaning that reflects the original intention, to the maximum extent permitted by laws.  In that case the remaining provision hereof shall continue to be applied without change.

 

 

[Established on November 4, 2020]
[Revised on April 1, 2022]
[Revised on August 4, 2022]
[Revised on November 18, 2022]
[Revised on May 17, 2023]