Legal

Privacy Policy

プライバシーポリシー (個人情報保護方針)

Privacy Policy

Last updated 01-06-2023

This privacy policy ("Policy") outlines how GIG-A Co., Ltd. ("Company", “we” ”us”, ”our”) collects, uses, and processes your personal data ("Personal Data") when you use our mobile apps and websites (collectively, the "Services"), and how you can manage your Personal Data.
We advise you to read this Policy carefully as it is legally binding when you use our Service.
Protecting your personal data is one of our most important priorities, and we are committed to protecting Personal Data in accordance with this Policy and in compliance with the legal requirements of the countries or regions in which we operate.
By continuing to interact with us, such as providing Personal Data to us or using our Services, you fully understand and consent to the handling of your personal data in accordance with this Policy.

1. Who we are

Company name
GIG-A Co., Ltd.
Address
Global Business Hub Tokyo
3F, Otemachi Financial City Grand Cube,
1-9-2 Otemachi, Chiyoda-ku, Tokyo, 100-0004
Name of Representative
Raul Allikivi
If you have any questions regarding how we protect or use your Personal Data, please do not hesitate to contact us at support@gigabank.jp.

2. Explanation of how we use your Personal Data

In this section, we describe the Personal Data that we collect and the purposes for which we use it. Personal Data is defined as information and data that can be used to directly or indirectly identify an individual. It does not include anonymous data that cannot be associated with an individual.
1. We obtain Personal Data from you when you use our Service. The Personal Data we collect includes:
  • Information entered or uploaded by you, or received by us on your behalf:
    • Telephone number and email address at the time you register for the waiting list and apply for an Invite Code.
    • Name, telephone number, address, date of birth, email address, as well as identification documents uploaded by you when you open a GIG-A account.
    • Details of your transactions when you make an inquiry.
    • Information requested by partner companies when you use their services:
      • Additional information requested by partner companies (such as the purpose of use of bank account)
      • Information needed for ID and authentication of the services provided by partners.
      • Transaction information of the services provided by partners (e.g., bank account information, including account information of individuals to whom transfers are made).
    • Information collected for security purposes and for identification and authentication.
      • Personal information such as an address, telephone number, date of birth, financial information (e.g., credit card and bank account information), the purpose of the transaction, geographic location, description of the individual, photograph, and identification documents, etc
    • At the time of legality verification.
      • Authentication information, the purpose of the transaction, facial photograph, identification documents, and documents related to individual transactions, etc.
  • Information that is automatically collected by us when you use our Service
    • When you make an inquiry
      • We collect the content of your communication such as online chats, emails, direct messages, and other means.
    • When you access and use our Service
      • Details of your transactions (including geographic location information at the time of the transaction)
      • Information on-screen transitions, clicks, and other activity on the Service
      • Your device information (including operating system, platform, time zone, language, and other settings),
      • Technical information such as Internet Protocol (IP) addresses used to connect to the Internet
      • Information about your network provider
    • Information that we collect or receive from other sources
      • When we verify the information you have provided us
        • Personal information that is publicly available or published
        • Information provided by database providers
        • Information provided by credit reference agencies and the results of their inquiries,
        • Information provided by fraud prevention agencies and the results of their inquiries.
Purpose of Use of Acquired Personal Data
  • To manage the operation of our Service and provide it to you.
  • To provide your information to partner companies based on your requests.
  • To provide guidance and support regarding our Services and to respond to your inquiries, complaints, disputes, and lawsuits.
  • To ensure the security of the Service, including the prevention and detection of fraud and financial crime.
  • To integrate and analyze customer data and develop credit scoring models.
  • To provide information on our and our partners' products, services, and events through notifications on mobile applications, emails, and other means.
  • To analyze the acquired information and provide customized information according to each customer's needs.
  • To notify you of changes to the Service, terms, policies, etc.
  • To manage the operations like campaigns, etc.
  • To perform tasks, communications, and procedures associated with the above, and to respond to inquiries.
  • To analyze the acquired information and use it to improve and enhance the Service and to develop new services
  • To improve the quality of response to inquiries and to accurately understand the content of inquiries.
  • To create, use, disclose, or provide statistical data related to the Service to the extent that individuals cannot be identified.
  • To create, use, disclose, or otherwise provide data processed in such a way that individuals cannot be identified, for the purpose of improving or enhancing the Service, or for marketing materials.
(2) [Personal data to be obtained]
When you make inquiries, comments, or complaints
  • We may ask you to enter or upload details of your transactions.
  • We may collect the contents of communications through online chat, e-mail, direct messages, or other means.
[Purpose of use of acquired personal data]
  • To respond to inquiries
  • To improve the quality of customer support
  • To improve and develop services
(3) Personal data that is publicly available or publicly disclosed and personal data provided by database operators
[Personal data to be obtained]
  • News articles or press coverage concerning individuals
  • Contact information such as email addresses
  • Contents of postings on social networking services.
[Purpose of use of acquired personal data]
  • To provide information on our and our partners' products, services, events, etc. through various means of communication such as notifications on our mobile application and e-mails. This may include analyzing the acquired information for the purpose of providing relevant information to our customers.
  • To integrate and analyze customer data to build a credit scoring model.
  • To perform tasks, communications, and procedures associated with the above purposes, as well as to respond to inquiries from our customers.
In addition to the purposes of use specified in (1) through (3) above, we may use your Personal Data for other purposes that have been notified to you at the time the Personal Data is acquired and to the extent necessary to fulfill those purposes.

3. When personal data is provided to third parties

We may provide personal data to third parties in the following cases:
(1) When required by the terms of service of our partner services that you have started using through our Services
(2) In the event of a failure of our Services, we may provide information obtained from our Services to our partners to investigate and resolve the issue and to improve our Services. (We may also receive personal data from our partners to respond to such failures.)
(3) When we use the ad-serving services of ad-serving companies (including foreign ad-serving companies), personal information such as email addresses and cookies obtained by us may be provided to the ad-serving companies in a hashed format that does not contain personal identifying information. This is done to deliver more customer-relevant advertisements to the customer.
*Information on foreign ad-serving providers' measures for protecting personal information and relevant foreign systems can be found on the respective links.
Meta Platforms, Inc. (Facebook): United States (California)
(Facebook)
Google LLC: California, United States of America
(プライバシー ポリシー – ポリシーと規約 – Google )
Twitter, Inc.: California, United States of America
(Twitterのプライバシーポリシー )
LinkedIn Corporation: California, United States
https://jp.linkedin.com/legal/privacy-policy
(4) When we provide your information to our partners in accordance with the Terms and Conditions of our Services.
Other than the above, we will not provide your information to third parties except with your consent or in accordance with laws and regulations.

4. Data Storage & Outsourcing

(1) We store the personal data of our Japanese customers in Japan, unless outsourcing is required for the performance of our Services. In such cases, we may access customer data stored in Japan from countries other than Japan through outsourcing.
(2) We take all necessary measures to ensure the security of your data and to comply with this Policy. We will also ensure that appropriate security measures are taken.
(3) Our subcontractor is G-Bank Technologies OÜ (Pärnu maakond, Saarde vald, Kilingi-Nõmme linn, Koidu tn 3, corp nr16135676), located in Estonia, an EU member state. While personal data is generally not accessed by our subcontractor for the development and operation of our Services, there is a possibility that personal data may be accessed in order to resolve issues such as system failures. However, any personal information handled by the company is stored on servers located in Japan and is not transferred to servers in other countries.

5. Your Rights

(1) Providing personal data is voluntary, but if you do not provide the required personal data, you may not be able to use some or all of the Services.
(2) You have certain rights with respect to the information that we hold about you, which you may exercise in accordance with relevant data protection laws. Depending on applicable law, you may be entitled to some or all of the following rights:
  • The right to be informed about the purposes for which your personal data will be used.
  • The right to request a copy of the personal data that we hold about you.
  • The right to request the correction, supplementation, or deletion of personal data held by us about you. In such cases, we may need to verify the accuracy of any new data you provide.
  • The right to request that we stop using or delete your personal data if the collection or use of your personal data is in violation of applicable law.
  • The right to request that we stop direct marketing to you.
  • The right to request that we stop providing your personal data to third parties. However, if you object to the provision of necessary data, we may have to close your account.
  • The right to request disclosure of personal data provision records to third parties.
(3) Exceptions may apply when you exercise these rights due to public interest protection (including crime prevention or detection) and our interests (such as maintaining legal privileges).
(4) When you exercise these rights, we may require certain information from you to verify your identity and to secure your right to access (or exercise other rights with respect to) your personal data.

6. How to protect your personal data:

We take the following measures to ensure the security of your personal data:
(1) Establishment of a basic policy:
  • We have established a basic policy for information security to ensure the proper handling of information assets, including personal data.
(2) Establishment of rules for handling personal data:
  • We have established internal rules that stipulate how to handle information assets, including personal data, at each stage of acquisition, use, storage, provision, deletion/disposal, etc.
  • We have also separately established detailed operating procedures to ensure that all employees who handle information assets can perform their duties in a more appropriate manner.
(3) Organizational safety control measures:
  • We have appointed a person responsible for the management of personal data and have clarified the employees who handle personal data, as well as the scope and authority of personal data to which they have access.
  • In addition, access privileges are reviewed on a regular basis.
  • A system is in place for reporting to the person in charge in the event that a violation of internal rules, etc., a leak or loss of personal data, or any other incident is detected.
  • A system is also in place for promptly responding to incidents.
  • Periodic audits of the handling of personal data by an external organization are conducted.
(4) Personnel safety control measures:
  • All employees are regularly trained, and their level of understanding is checked to further raise their awareness of the handling of information assets, including personal data, and of precautions regarding information security.
  • The confidentiality of information assets, including personal data, is stipulated in the employment regulations, and a written pledge is collected from employees when they join the company.
(5) Physical security control measures:
  • Prohibition of independent access to personal data and measures to restrict access.
  • In principle, personal data is stored on cloud servers in Japan, and access is restricted to only certain terminals and networks.
  • Downloading of personal data is monitored by logs.
(6) Technical security control measures:
  • Employees who handle personal data and the personal data they handle are limited. Systems that handle personal data are protected from unauthorized access from outside or unauthorized software, and access logs are monitored.
  • We regularly assess the security of our systems that handle personal data by conducting vulnerability assessments through external organizations, obtaining the latest security information, and taking appropriate measures to manage any risks.
(7) External environment:
  • When dealing with personal data outside of Japan, we implement necessary and appropriate security measures based on our knowledge of the personal information protection systems in other countries.

7. Use of Modules, Cookies, etc.

We may use cookies and SDKs provided by other companies for the purposes described in this Policy. (1) Modules provided by other companies We may use modules such as software development kits (SDKs) provided by other companies in our services for the following purposes
  • To provide Services (personal identification, customer support, etc.)
  • To analyze how our Services are used, to distribute advertisements on behalf of us, and to measure the effectiveness of such advertisements.
The personal data handled by other companies through their modules, is governed by their own privacy policies. The third-party modules we are using include:
  • LIQUID Applicant SDK (Mobile App)
    Provider: Liquid Corporation (プライバシーポリシー - 株式会社Liquid(リキッド) ) Purpose of use: To perform identity verification (eKYC) Items obtained: Identification information (name, address and other input information, identification document ticket, photo and video, etc.) Provision to third parties: None
  • Intercom (mobile app)
    Provider: Intercom (Terms and Policies | Intercom ) Purpose of use: To provide customer support Items collected: Individual inquiries, transaction details, and other items entered by customers and our operators in online chat Disclosure to third parties: None A part of personal data such as transaction details may be stored in overseas servers A part of personal data such as transaction details may be stored in overseas servers managed by the company, located in Ireland, U.S.A., Australia.
  • Facebook SDK (Mobile App)
    Provider: Meta (Meta Privacy Policy - How Meta collects and uses user data ) Purpose of use: To measure advertising effectiveness tems collected: Anonymized identifiers (used solely for data exchange with Meta) and log data Disclosure to third parties: None A part of personal data, such as identifiers, may be stored on overseas servers managed by the company, located in U.S., Ireland, Denmark, and Sweden.
  • Survey Monkey (website)
    Provider: Momentive (Terms of Use | Momentive ) Purpose of use: To conduct research, create waiting lists, and issue Invite Codes Items collected: e-mail addresses, responses to surveys Some personal data, such as e-mail addresses, may be stored on overseas servers managed by us (in the United States, Canada, the United Kingdom, Ireland, Germany, the Netherlands, and Australia).
(2) Cookies and other analysis tools
A cookie is a small text file that is stored on your computer when you visit a website. This text file stores information that can be read by the site operator when you visit that website again at a later date.
We may use cookies and similar web tracking technologies (web beacons, pixels, etc.) to:
  • To improve convenience by storing information such as language preferences and the date and time of the last visit.
  • To provide better service by understanding the number of visits, usage patterns, etc.
We require our staff and third parties working on our behalf to adhere to appropriate compliance standards, including the obligation to safeguard information and to apply appropriate measures for the use and transfer of information.
You can control whether or not to accept cookies by using your browser settings or other tools. However, if you disable cookies or restrict the ability to set cookies, you may not be able to access all or some of the features of the website, thereby limiting your overall convenience.
(3) Information regarding the use of Google Analytics
We use Google Analytics provided by Google, Inc. to measure Services, including our website, for the purpose of improving its services. In order to acquire data, Google may set cookies or read existing cookies. As a result, we may automatically send Google information such as the URL and IP address of the page you accessed. We may use such information to understand how you use the site and our Services. For more information on how Google uses your data in connection with Google Analytics, please refer to the Google Analytics Terms of Service and Google's Privacy Policy.

8. Others

(1) Sensitive Personal Information:
We do not collect any sensitive personal information as defined by the Act on the Protection of Personal Information. We process a limited amount of biometric information for document verification purposes. If you give us permission to use your biometric data such as finger prints for accessing our application, it will be stored on your device and not transmitted tous.
(2) Data of Minors:
We do not collect any data from customers under the age of 18, as our Service is intended only for customers who are at least 18 years old. Any data collected without proper age verification will be deleted.
(3) Changes to our Privacy Policy:
We may revise this policy without prior notice to accommodate changes in the law, best practices, and processing of personal information. Please check our Privacy Policy periodically to stay informed of any changes.
(4) Disclosure of Personal Data:
  • As stated in Article 5, if you request to know how your personal data is used, to access, correct, or delete your personal data, to suspend or delete the use of your personal data, or to suspend the provision of your personal data to third parties (collectively referred to as "disclosure, etc."), we will respond to such requests in compliance with the Personal Information Protection Law within a reasonable scope.
  • To make such a request, you need to use our designated form and pay a prescribed fee. If you need to obtain the prescribed form for such purposes, please refer to the contact point specified in Article 9.
  • Once we have confirmed that the request for disclosure or other actions related to personal data has been made by the person themselves and that their identity has been verified, we will promptly disclose the relevant personal data and provide notice of such disclosure by providing electronic records, typically. If the request is made by a representative, we will verify the representative's legitimate authority using official documents, a letter of attorney, or other methods. However, if there is no personal data to be disclosed or if there are justifiable reasons for not disclosing the data, we will inform the person accordingly.
  • To obtain the disclosure of personal data and notification of purpose of use, a handling fee is required as specified by us, which is 1,000 yen per request and does not include consumption tax.

9. Contacts

If you have any questions, comments or requests related to this policy, please contact our Privacy Team at support@gigabank.jp. Our Data Protection Officer is Yoshihiko Sakamoto. You can also send written correspondence the following address:
GIG-A Co., Ltd.
Global Business Hub Tokyo
3F, Otemachi Financial City Grand Cube,
1-9-2 Otemachi, Chiyoda-ku, Tokyo, 100-0004
If you feel that your questions or concerns have not been adequately addressed, or that your data protection or privacy rights have been violated, you can file a complaint with the supervisory authority or other public agency responsible for enforcing privacy laws. In Japan, the responsible public authority is the Personal Data Protection Commissioner (個人情報保護委員会 - PPC |個人情報保護委員会 )..