Privacy Policy

Basic Policy 1

InnoJin Co., Ltd. (hereinafter referred to as “the Company”) will comply with laws and regulations concerning personal information and will strive for the proper handling and safe management of personal information.
The Company will act in accordance with the following items regarding the handling of personal information. Unless otherwise specified in this personal information protection policy, the definitions of terms in this personal information protection policy shall be in accordance with the provisions of the Personal Information Protection Act.

Company Name, Address, and Representative Name
InnoJin Co., Ltd.
2-14-10 Hongo, Bunkyo-ku, Tokyo 113-0033, Japan
Representative Director: Takenori Inomata

1. About the collection of personal information

We collect personal information in a lawful and fair manner. When we receive personal information from third parties, we will confirm and record it in accordance with the laws concerning the protection of personal information (Law No. 57 of 2003) (hereinafter referred to as the 'Personal Information Protection Law'). However, this does not apply in cases based on the provisions of the Personal Information Protection Law and other regulations.

2. Regarding the use of personal information

We will use the personal information we collect for the purposes we have specified in advance, or for the purposes publicly announced in advance, such as by posting our privacy policy on our website, and we will not use it beyond the necessary scope of achieving these purposes without the individual's consent. Furthermore, when using it, we will comply with applicable laws and regulations, and we will properly use personal information in a lawful and fair manner. Please note that we may change the purpose of use within the scope that is reasonably recognized as relevant to the purposes of use, and if changes are made, we will notify the individual or announce it on our website.

3. Provision of personal data to third parties

Our company will not provide personal data to third parties except in the following cases:
1) Where we have obtained prior consent from the individual.

2) When required by laws and regulations, or in cases where cooperation is necessary to carry out the duties established by law for national agencies, local governments, or their commissioned entities, and obtaining the individual's consent might hinder the performance of those duties.

3) In addition to the above, in cases where joint use with other companies is permitted by law.
When we disclose or provide personal data to third parties located abroad, we will comply with regulations such as the Personal Information Protection Act.
Furthermore, when we outsource the whole or part of the handling of personal data to a third party, we will select a contractor that can appropriately manage the personal data, establish necessary matters for personal information protection with the contractor, and ensure adequate supervision and management regarding the handling of personal data to ensure sufficient protection of personal information. When sharing personal data with third parties, we will notify the individual in advance of the range of those jointly using the data and other matters stipulated by law, or announce them on our website.

Our company will not provide personal data to third parties except in the following cases:
1) Where we have obtained prior consent from the individual.

4. Regarding the safe management of personal data

We will retain personal data for as long as is reasonably necessary to achieve the purpose of use, and we will strive to maintain the accuracy of the personal data and manage it securely. We will also take appropriate security measures to prevent loss, destruction, alteration, leakage to outside parties, and unauthorized access from external sources.

5. Requests for notification of the purposes of use of retained personal data, disclosure, correction, addition, deletion, suspension of use, erasure, and requests to stop providing it to third parties.

We will respond without delay and within a reasonable scope to requests for notification of the purpose of use of the personal data we hold, or requests for notification of the measures taken for safety management in relation to understanding external environments, as well as requests for disclosure, correction, addition, deletion, suspension of use, erasure, or discontinuation of provision to third parties, after confirming that the request or claim is from the individual concerned, in accordance with the provisions of the Personal Information Protection Law and other relevant regulations.

6. About Cookies

Our company uses cookies and similar technologies to analyze user trends and statistics on our website [and our application] in order to provide better products and services to our users. We utilize the following tools when using cookies.
① Google Analytics
Our website uses Google Analytics. The information collected, recorded, and analyzed by Google Analytics does not contain any information that can identify specific individuals. Furthermore, this information is managed by Google in accordance with the company's privacy policy. Users can also stop the collection of their information by Google Analytics by disabling Google Analytics in their browser's add-on settings. However, disabling cookies may result in some features of our services being unavailable.
<＜Terms of Use for Google Analytics＞　
http://www.gogle.com/analytics/terms/jp.html
＜Google's Privacy Policy＞
http://www.google.com/intl/ja/policies/privacy/
＜Google Analytics Opt-out Add-on＞
https://tools.google.com/dlpage/gaoptout?hl=ja

7. About Inquiries

We strive to take appropriate measures promptly when we receive inquiries or complaints regarding the handling of personal information. Inquiries or complaints about the handling of personal information are accepted via email.

Contact
InnoJin Inc. Personal Information Office
Email address: privacy@innojin.co.jp

8. Review of the Privacy Policy

Our company may review and change the contents of the privacy policy as necessary. However, when changes to the privacy policy require the consent of the individual under the law, the revised privacy policy will only apply to individuals who have agreed to the changes in the manner specified by our company. When changing the privacy policy, we will notify the individuals in advance of the contents and effective date of the revised privacy policy through posting on our website or other appropriate methods.

Handling of Personal Information 2

Our company will obtain personal information for the purpose of utilizing IT for "medical and healthcare-related businesses" as well as for other businesses specified in our articles of incorporation, after identifying the purpose of use. We will properly retain and utilize personal information within the necessary scope for each business. The information we obtain (hereinafter referred to as "acquired information") may include the following information based on its attributes and collection methods. Additionally, the purposes for which we use acquired information, the circumstances under which we may provide acquired information to third parties, and the handling of anonymized processed information are as follows.
Please note that information that can identify specific individuals and health-related information may include sensitive personal information as defined in Article 2, Paragraph 3 of the Personal Information Protection Act. Our company will not obtain such sensitive personal information without the user's consent. Users are requested to review and accept this privacy policy and agree to the acquisition of information that can identify specific individuals and health-related information, and to perform settings such as inputting that information and sharing it.

Information obtained by the user themselves through input methods
- User's name, date of birth, gender, address, workplace, department affiliation, user ID, and other identification numbers necessary in connection with the use of our applications and other products and services handled by us (hereinafter collectively referred to as

Information obtained by the user themselves through input methods
- User's name, date of birth, gender, address, workplace, department affiliation, user ID, and other identification numbers necessary in connection with the use of our applications and other products and services handled by us (hereinafter collectively referred to as

Provision, collection, examination, and communication of information for the proper use and utilization of our services, etc.
Verification of user identity, authentication, and accuracy of the information obtained
Claims and payments regarding our services, etc., and their confirmation
Research and analysis regarding the use status and manner of our services, etc.
Provision, collection, examination, and communication of information related to the quality, safety, or efficacy of our services, etc.
Provision, collection, examination, communication, and research of medical-related information
Examination, investigation, and response to inquiries and contacts
Investigation and understanding of the usage status, user needs, etc. of medical applications and other services of our company
Proposing services, etc. tailored to the needs of individual users by analyzing their usage status, and customizing the contents of our services, etc. for each user
Requests and implementation of clinical trials and other investigations
Sending rewards, etc., for cooperation in various surveys, etc.
Maintenance of our services, etc., and response to defects
Improvement and enhancement of our services, etc.
Planning, proposal, and research and development of our services, etc.
Contact and information provision regarding our services, etc.
Conducting surveys regarding our services, etc.
Information about campaigns
Surveys, analysis, and information regarding marketing purposes
Notification of changes to the terms of use and other changes related to our services, etc.
Advertising and promotion of our services, etc.
Advertising and promotion of third-party products or services in our services, etc.
Verification of compliance with the terms of use by users
Investigation, detection, and prevention of fraudulent activities such as fraud and unauthorized access using our services, etc., and responses to such fraudulent activities
Response to users suspected or confirmed to have violated the terms of use, and resolution of operational troubles related to our services, etc.
Aggregation of information processed statistically from the obtained information and publication of survey results
Requests and management of lectures, advisory services, etc.
Research and investigation in the fields of medicine and pharmacy
Provision, collection, examination, and communication of information for opening support, management support, medical collaboration support, etc.
Notifications and reports to government agencies and public institutions
Use for purposes for which prior consent was obtained via contracts or other documents
If the provision of obtained information to third parties is planned, provision to the described third parties
If sharing obtained information is planned, shared use with the parties described

Provision, collection, examination, and communication of information for the proper use and utilization of our services, etc.
Verification of user identity, authentication, and accuracy of the information obtained
Claims and payments regarding our services, etc., and their confirmation
Research and analysis regarding the use status and manner of our services, etc.
Provision, collection, examination, and communication of information related to the quality, safety, or efficacy of our services, etc.
Provision, collection, examination, communication, and research of medical-related information
Examination, investigation, and response to inquiries and contacts
Investigation and understanding of the usage status, user needs, etc. of medical applications and other services of our company
Proposing services, etc. tailored to the needs of individual users by analyzing their usage status, and customizing the contents of our services, etc. for each user
Requests and implementation of clinical trials and other investigations
Sending rewards, etc., for cooperation in various surveys, etc.
Maintenance of our services, etc., and response to defects
Improvement and enhancement of our services, etc.
Planning, proposal, and research and development of our services, etc.
Contact and information provision regarding our services, etc.
Conducting surveys regarding our services, etc.
Information about campaigns
Surveys, analysis, and information regarding marketing purposes
Notification of changes to the terms of use and other changes related to our services, etc.
Advertising and promotion of our services, etc.
Advertising and promotion of third-party products or services in our services, etc.
Verification of compliance with the terms of use by users
Investigation, detection, and prevention of fraudulent activities such as fraud and unauthorized access using our services, etc., and responses to such fraudulent activities
Response to users suspected or confirmed to have violated the terms of use, and resolution of operational troubles related to our services, etc.
Aggregation of information processed statistically from the obtained information and publication of survey results
Requests and management of lectures, advisory services, etc.
Research and investigation in the fields of medicine and pharmacy
Provision, collection, examination, and communication of information for opening support, management support, medical collaboration support, etc.
Notifications and reports to government agencies and public institutions
Use for purposes for which prior consent was obtained via contracts or other documents
If the provision of obtained information to third parties is planned, provision to the described third parties
If sharing obtained information is planned, shared use with the parties described

・To provide to third parties such as delivery companies, payment service providers, outsourcing partners, and others for payment processing, delivery, responding to inquiries from users to us, responding to inquiries from us to users, and other operations of our business and the provision of our services, if necessary.
・If it is deemed necessary to provide obtained information to protect our rights, property, and our services, in the event that the user violates the terms of use, privacy policy, or other contractual provisions established with us.
・If it is deemed necessary to provide obtained information to protect the rights and interests of users of our services and other third parties or to resolve disputes with third parties.
・In the event that obtained information needs to be disclosed during the execution of transactions such as the transfer of our shares, organizational restructuring acts such as mergers, business transfers, and other similar transactions, as well as during preceding investigations or negotiations.
・If it is deemed necessary to provide obtained information for the delivery or display of advertisements from us or third parties.
・If it is deemed necessary to provide obtained information to deliver or display information about our services within services provided by us or third parties.
・If obtained information is provided to information collection module providers in accordance with Section 1 "6. Utilization of Cookies and Other Technologies."

We may jointly use the acquired information to the following extent.
(1) Items of personal data jointly utilized
< Among the acquired information described in > Among the acquired information described in <取得情報>, the items of personal information necessary for the purposes of use listed below.

(2) Scope of persons with whom the information is jointly used
Medical institutions or physicians who have prescribed our services to the user.

(3) Purpose of use for the persons utilizing the information
For the diagnosis, treatment, prescription, and other medical acts related to the user’s injuries or illnesses.

(4) Person responsible for managing the personal information
InnoJin Co., Ltd. (For our address and representative, please refer to “Section 1 Personal Information Protection Policy.”)

1. Creation of Anonymized Processed Information
(1) When we create anonymized processed information as defined in Article 2, Paragraph 6 of the Personal Information Protection Act, we will take the following measures.

To perform appropriate processing in accordance with the standards prescribed by laws and regulations
To implement safety management measures to prevent the leakage of deleted information or information regarding processing methods in accordance with the standards prescribed by laws and regulations
To publicly announce the items of information contained in the created anonymized processed information
To identify the individuals whose personal information was used to create the anonymized processed information, we will either acquire information deleted from the personal data or information regarding the processing methods, or not match the anonymized processed information with other information.

(2) We will publicly announce the items of information related to individuals contained in the anonymized processed information on our website. (https://innojin.co.jp/)
(3) In the previous section, if we continuously process the same items of information related to the same individual using the same processing methods, we will clarify our intention to continuously anonymize the same type of personal information at the time of public announcement regarding the information related to such individuals initially, allowing subsequent announcements regarding anonymized processing to be treated as made according to the prior announcement.

2. Provision of Anonymized Processed Information
(1) When we provide anonymized processed information to a third party, we will announce in advance on our website the items of information related to individuals contained in the anonymized processed information to be provided to the third party and the method of provision, as well as explicitly stating to the third party through methods such as sending an email or delivering a document, that the information related to that provision is anonymized processed information.
(2) In the previous section, if we repeatedly and continuously provide anonymized processed information with the same items of information related to individuals and the same processing methods to a third party in the same manner, we will clarify the intention to continuously provide by specifying the period of provision or the intent to continuously provide when we initially announce the items related to individuals in the anonymized processed information being provided to the third party, allowing the announcement concerning the later provision of such information to be treated as made according to the previous announcement.

To perform appropriate processing in accordance with the standards prescribed by laws and regulations
To implement safety management measures to prevent the leakage of deleted information or information regarding processing methods in accordance with the standards prescribed by laws and regulations
To publicly announce the items of information contained in the created anonymized processed information
To identify the individuals whose personal information was used to create the anonymized processed information, we will either acquire information deleted from the personal data or information regarding the processing methods, or not match the anonymized processed information with other information.

Section 3: Safety Management Measures

1. Formulation of Basic Policy

We have established a privacy policy regarding the proper handling of personal data to ensure compliance with laws and regulations, including a contact point for inquiries and complaints.

2. Organizational Security Management Measures

A person responsible for handling personal data is established, and the range of personal data handled by employees is clarified. The responsible person checks the status of operation and handling of personal data. We have established a reporting system to inform the responsible person in the event that facts or signs of violations of laws or internal regulations are identified.

3. Human Safety Management Measures

We conduct regular training for employees regarding the handling of personal data. Matters concerning confidentiality of personal data are outlined in our internal regulations.

4. Physical security management measures

We have taken measures to ensure that individuals other than the employees who handle personal data and the individuals themselves cannot easily access personal data. We have also implemented measures to prevent theft or loss of devices, electronic media, and documents that handle personal data.

5. Technical Security Management Measures

We limit the scope of the personnel who can handle personal data and the personal information databases they manage, ensuring that unauthorized personnel cannot easily access personal data. We have implemented measures to protect information systems handling personal data from unauthorized access or malicious software.

6. Understanding the external environment

Our company does not handle personal data abroad, so external environmental awareness regulations do not apply.

Article 4 Request for Disclosure of Retained Personal Data and Other Requests

(1) When a user requests notification regarding the purpose of use of their retained personal data, we will notify them without delay except in the following cases:
① When the purpose of use of the retained personal data that identifies the user is clear
② When there is a risk of harming the life, body, property or other rights and interests of the user or a third party
③ When there is a risk of harming our rights or legitimate interests
④ When it is necessary to cooperate with a national agency or local public body in the execution of duties stipulated by law, and there is a risk of hindering the execution of those duties.

(2) When a user requests disclosure of retained personal data or records provided to third parties, we will disclose it without delay except in the following cases:
① When there is a risk of harming the life, body, property or other rights and interests of the user or a third party
② When there is a significant risk of hindering the proper implementation of our business
③ When it would result in a violation of laws and regulations.

(3) When a user requests correction, addition, or deletion of their retained personal data, we will conduct an investigation without delay and take appropriate action based on the results.

(4) When a user requests the cessation or deletion of the use of their retained personal data or cessation of provision to third parties, if it is found that there is reason for the request, we will take appropriate action.

(5) We may charge a fee (1,000 yen per request) to the user for the notification of the purpose of use based on (1) or for the disclosure of retained personal data based on (2).

February 1, 2024