Privacy Policy

Exawizards Inc. and its subsidiaries and affiliates (hereinafter referred to as the "our group ") are based on the philosophy of "Solving social issues through Artificial Intelligence for future generations," we hope to solve social issues by providing services and solutions that make use of AI technology and ICT.

Our group handle the personal identifiable information (including our customers and all other business partners) of our stakeholders (hereinafter referred to as "PII (Personally Identifiable Information)") in Japan and other multinational markets. In order to fulfill our social responsibility to protect PII, we have established this basic policy and will strive to implement and raise awareness of appropriate protection and management measures for PII.

1. We will comply with laws, guidelines, and other norms regarding the handling of personal information established by the government, international data protection laws (hereinafter referred to as "laws and regulations") including GDPR, and contracts with customers.
2. We will clarify the purpose of use of PII, acquire and use PII appropriately in accordance with the purpose of use stipulated by laws and regulations. PII will not be provided to third parties without the consent of the individual or in accordance with laws and regulations.
3. We will not handle PII beyond the scope of the purposes of use and will take measures to ensure this.
4. We will strive to keep the PII in our possession accurate and up to date.
5. We will take reasonable security control measures to protect PII from unauthorized access, leakage, loss or damage, and will take corrective and preventive measures as necessary.
6. In case of consigning the PII handling to a third party, we will select and supervise a business partner with a sufficient management system.
7. In the case of contracted PII processing and functioning as a PII processor (PII processor), appropriate control measures are taken.
8. We will sincerely answer the requests of notifying the purpose of use, disclosing, correcting, adding, or deleting the contents, suspending the use, erasing, and suspending the provision to the third party about PII immediately except the cases specified by laws and regulations.
9. We will correspond promptly and honestly to complaints and requests for consultation regarding PII.
10. We shall build structures for information security and protection of Personal Information, shall establish a Chief Privacy Officer (CPO), and shall make efforts towards the protection of Personal Information and engage in the continued improvement of the structure.
11. We will build an information security and personal information protection system, assign a personal information protection manager, and continually strive to protect and improve PII.

Adopted on November 15, 2018.
Revised on October 01, 2024.
ExaWizards Inc.
Makoto Haruta, Representative Director & President

General contact for PII

• 5F, Sumitomo Realty & Development Mita Twin Building East,4-2-8 Shibaura, Minato-ku, Tokyo 108-0023
• ExaWizards Inc.
• Chief Information Security Officer and Chief Privacy Officer: Masato Saito
• 

Handling of PII

1. Acquisition of personal information and purpose of use

   We will acquire and use PII within the scope of the following purposes of use. We will not use personal information beyond the following purpose of use (However, this also includes purposes of use that are separately indicated in the terms and conditions of use of our products and services.), unless we have obtained the consent of the individual in advance or are permitted to handle it as an exception under laws and regulations (Personal Information Protection Law, Number Use Law, General Data Protection Regulation, other laws and regulations, etc.).

   1. Acquire directly from the person in writing or by electromagnetic record, etc.

      1. Customer information
         To provide and manage products and services
         To inform customers about products and services (including related products and services newly offered by our products and services offered by its business partners), and to respond to inquiries and complaints from customers
         To identify and authenticate the customer
         To improve, research and develop our products and services, or for marketing research etc.
         To conduct campaigns and questionnaires related to our products and services, etc.
      2. Information on employees, etc.
         (Officers, employees, temporary/contingent employees, etc.)
         To perform labor and personnel management, tax-related and social security-related administrative procedures.
         To perform administrative procedures for disaster countermeasures, etc.
         
      3. Applicant information
         For recruitment and hiring procedures
      4. Information on business partners
         (Trading partner information)
         For business contact, office management, and tax-related administrative procedures (sole proprietors only)
      5. Information on inquiries, etc.
         (Web, etc.)
         For replies related to inquiries and contacting the customer.
   2. Acquire by methods other than (1) above.
      1. Information obtained from third parties
         Purposes of use as set forth in part (i) of the preceding paragraph
      2. Information about inquiries, etc.
         (mail, telephone, etc.)
         For replies related to inquiries and contacting the customer.
      3. Monitoring camera information
         For use in physical security implementation.
2. Provision of PII

   PII will not be provided to third parties except in the following cases. Information pertaining to personal numbers will not be provided except as permitted by laws and regulations, even with the consent of the individual.

   1. When the individual concerned has given consent
   2. When required by law or regulation
   3. When entrusting the handling of PII to a third party in order to carry out the purpose of use
   4. When disclosure or provision of the information is necessary for the protection of human life, body, or property, and an emergency is required.
   5. When we receive an official inquiry from a court of law, the police, or other public institution, and respond to the request for disclosure or provision.

   6. When we provide hashed PII data (e-mail address, etc.) to an advertising distributor (including those located outside Japan) with your consent in order to deliver or display advertisements regarding products and services tailored to your needs.

      Applicable ad-serving providers

      1. Meta Platforms, Inc.
      2. Google LLC (California, U.S.A.)
      3. X Corp (California, U.S.A.)
      4. LINE Yahoo Japan Corporation (Japan)
      5. Microsoft Corporation (Washington, U.S.A.)
3. Disclosure of PII, etc.

   We will respond without delay to requests regarding the disclosure, etc. (notification of purpose of use, disclosure, correction, addition or deletion of contents, suspension of use, deletion and suspension of provision to third parties, disclosure of third parties provision records) of disclosed PII held by us. For more details please contact our "General Information Desk regarding PII".
   We will respond within reasonable limits through the prescribed procedures.

4. Joint use of PII

   We may use PII data jointly with our group companies within the scope of the purpose of use at the time of acquisition of PII (including the purpose of use changed in accordance with Article 17, Paragraph 2 of the Personal Information Protection Law) in order to provide comprehensive services within our group companies.

   1. Shared Personal Data Items

      1. Name, address, telephone number, e-mail address, gender, date of birth, and other contractual details stated in the application form, contract, etc., as well as details and history of services used
      2. Questionnaires and other information provided during business cards exchange, seminars, events, or exhibitions
      3. Service usage and product purchase history, action history, and images acquired through services provided by our group companies
   2. Scope of joint use

      • 4-2-8 Shibaura, Minato-ku, Tokyo
        Xware Corporation CEO, Kazutoshi Takimoto

      • 4-2-8 Shibaura, Minato-ku, Tokyo
        Exa Homecare Inc, Representative Director & President, Satoshi Ishino

      • 4-2-8 Shibaura, Minato-ku, Tokyo
        Exa Enterprise AI Inc, Representative Director & President, Takuma Oue

      • 4-2-8 Shibaura, Minato-ku, Tokyo
        ExaMD Inc, Representative Director & President, Koji Hazama

   3. Name and address of the person responsible for the management of the personal data to be shared

      • 4-2-8 Shibaura, Minato-ku, Tokyo
        ExaWizards Inc, Representative Director & President, Makoto Haruta

5. Security control measures

   We apply management measures of ISMS and PIMS (Information Security Management System and Privacy Information Management System) for risk reduction, prevention and mitigation measures regarding the data we plan to handle as PII data, which our group company has acquired or is trying to acquire.
   If the retention period stipulated by laws and regulations, contracts, etc. has passed, or if there is no longer a need to handle it, we will promptly delete the relevant PII data.
   We will present the main control measures that we are implementing below.

   1. Institutional Control Measures
      Maintenance of policies and related operational rules, maintenance of PII protection system and operational posture, classification and appropriate management of information including PII data, regular inspections and risk assessments including the handling status of PII data, appropriate supplier management, reporting and communication for incidents, etc
   2. Personnel Control Measures
      Regular education on information security including PII data protection, confidentiality pledges, etc
   3. Physical Control Measures
      Regulation of security perimeters and access control for offices and service sites, installation of surveillance cameras, prevention of theft, loss, and unauthorized access to equipment and media, proper disposal of equipment and media, etc
   4. Technological Control Measures
      Restrictions on access to appropriate information, user identification, authentication and history of information assets including PII data, anti-malware measures, backup of information including PII data, etc
   5. Understanding the external context
      Research and understand foreign systems that handle PII data (government access, data storage and processing regions)
6. Anonymized Data

   When creating and using anonymized information (information about individuals obtained by processing PII so that specific individuals cannot be identified and such PII cannot be restored), and when providing anonymized information to third parties, we will take the following actions.

   1. At the time of creation and use
      1. Conduct appropriate processing in accordance with the standards set forth in laws and regulations.
      2. Take Security control measures regarding information deleted as a result of processing, processing methods, etc
      3. Publicize without delay the details of the information contained in the anonymized processed information that has been created.
   2. When providing to third parties
      1. Disclose the items of information on individuals included in the anonymized processed information to be provided and the method of provision
      2. The third party to whom the information is provided must be clearly informed that the information is anonymized information.
7. Pseudonymized personal information

   When creating and using pseudonymized personal information (PII that has been processed in such a way that a specific individual cannot be identified unless it is cross-checked with other information), we will take the following actions (1) and use the information within the scope of (2) other announced purpose of use. We will not provide the pseudonymized personal information to any third party, except as required by law.

   1. At the time of creation and use
      1. Ensure proper processing in accordance with the standards set forth in laws and regulations
      2. Take security control measures regarding information deleted as a result of processing, processing methods, etc.
      3. Ensure that the individual to whom the personal information used to create the pseudonymized personal information pertains to cannot be identified.
      4. When there is no longer a need to use the pseudonymized personal information or deleted information, etc., efforts shall be made to delete such information without delay.
   2. Purpose of useing Pseudonymized personal information
      1. To research, plan, develop and improve products and services related to recruitment and human resources.
      2. To improve of work processes efficiency in our operations.
8. Inquiries about PII

   For any inquiries regarding PII handling or our general basic policy, please contact us at the PII Inquiry Desk.

General contact for PII

• 4-2-8 Shibaura, Minato-ku, Tokyo 108-0023
• ExaWizards Inc.
• Chief Information Security Officer and Chief Privacy Officer: Masato Saito
• 

External Transmission Policy

The services provided by our group use the following external services provided by third parties for the purpose of providing better services to our customers, and as a result, customer information may be transmitted from the customer's terminal to the provider of the external service. External services regarding the transmission of such information are provided below.

1. External services (non-advertising related)

2. External services (advertising related)