VARYTEX Co., Ltd (hereinafter referred to as "the company") recognizes the importance of personal information, and to ensure the protection of such personal information, the company has established the following privacy policy regarding the handling of personal information, etc. obtained from registered users of the KAMPO X. We declare that we will comply with this policy and handle personal data, including users' personal information, in accordance with applicable laws and regulations. Furthermore, this policy applies to the company only. 

 

Article 1: Compliance with Laws, Regulations, Guidelines, etc., Concerning Personal Information

The Company shall comply with the Personal Information Protection Act, guidelines regarding the Personal Information Protection Act, and other laws and regulations related to our company's business. In this policy, "personal information" refers to information about living individuals, as defined in Article 2.1 of the Personal Information Protection Law. Personal data" refers to all information that can directly or indirectly identify a user as an individual, including personal information.

 

Article 2: Acquisition of Personal Data

(1) Method of Acquisition

We will acquire your information in the following manner:

A) Directly from the user himself/herself

B) Collected when the user uses or browses the Service (through the user's smartphone or PC)

C) Obtained from an external linked service with the user's consent

D) Provided by a medical institution on behalf of the user with the user's consent

​

(2) Information that will be acquired 

A) Name, date of birth, gender, phone number, pregnancy status, ID for message applications linked to this service, and other information that can identify a specific individual

B) Information on the user's own medical care and health (user symptoms, frequency, medical history, course of treatment, medications and their dosage, etc.) (including information about the user's symptoms, frequency, history, treatment history, medications and their status, and prescriptions)

C) Information related to medical examination tickets (including medical examination ticket number, ID, and medical examination ticket image information)

D) Information regarding the medical institution to which the user submitted the contents of the medical interview for this service and the user's family medical institution (including the name of the medical institution, department, and information regarding the doctor).

E) Information related to the use and browsing of the Service by the User, such as the contents of the service used by the user, the date, time, and the number of times the user used the service, and the user's online behavior when using the service (this includes cookie information, access logs and other information related to usage conditions, your terminal information, OS information, location (This includes cookie information, access logs, and other information related to your use of the service, including your device information, OS information, location information, and information related to your communications, including IP address, browser information, browser language, etc.)

F) Account information (e.g., login ID and password)

Article 3: Purpose of Collecting and Using Personal Data

We will use acquired personal data in accordance with the applicable laws and regulations and this Policy.

Except for cases in which the company has obtained the consent of the user or is permitted by law to treat personal data as an exception, our company will use personal data acquired from the user only for use that were clearly indicated to the user in advance at the time of acquisition or that have been publicly announced. In addition, we may outsource a part of our business to a third party to facilitate the smooth operation of our business, and provide such third party with the personal data of the user to the extent permitted by applicable laws and regulations.

In such cases, as described in Section 7, SBM will exercise legally necessary and appropriate supervision over the relevant subcontractor.

(1) To provide our service to users and user authentication  

(2) To provide the use with reference information (information provided by the company for the users' reference in our service, including information on diseases)

(3) To provide users with information regarding medical institutions

(4) To facilitate the provision and communication of necessary information to medical institutions at the time of medical treatment by the user

(5) To enable the user to view information about himself/herself on our service 

(6) To facilitate the users' entry of information on the affiliated services used by the user, or to provide our service to the user 

(7) For research, improvement, and research and development of our services (including new services)

(8) For marketing and business development by the company

(9) For linking information between services provided by the company in relation to user applications

(10) For sending information and communications about services provided by our company

(11) For responding to inquiries from users

(12) To notify any changes made to our service or policies 

(13) To distribute, display, or measure the effectiveness of advertisements of the company or third parties

(14) To respond to violations of the company's terms and conditions or policies (the "Terms and Conditions") regarding the Service

(15) To manage shareholders and to respond to procedures required by the companies' policies and other laws and regulations (with respect to personal information of shareholders, stock acquisition right holders, etc.) 

(16) When necessary for the performance of other operations related to or incidental to the preceding items.

 

Article 4: Changes in the Purposes of Use of Personal Information

In the event of a change, the company shall notify the individual who is the subject of the personal information or make a public announcement.

 

Article 5: Provision of Personal Data to Third Parties

1. We will not provide personal information collected from customers to third parties without obtaining the prior consent of the customer, except in cases where disclosure is permitted under the Personal Information Protection Law or other laws and regulations. However, this does not apply in the following cases

When required by law

When necessary to protect the life, body, or property of an individual and it is difficult to obtain the consent of the individual When especially necessary to improve public health or promote the sound growth of children

When it is difficult to obtain the consent of the individual

When it is necessary to cooperate with a government agency, a local government, or an individual or entity entrusted by either of the former two and obtaining the user's consent would interfere with the execution of such affairs.

 

2. If the Company receives a request from a customer to disclose the information provided to a third party, the company shall promptly disclose the information in accordance with the stipulations.  

To the extent permitted by applicable laws and regulations, the company may create statistical data that does not identify individuals based on the personal data, etc. of users that the company has acquired. In addition to providing such non-personally identifiable statistical data to third parties, the company may use such data in accordance with applicable laws and regulations. 

​

Article 7: Personal Data Management

We ensure that our customer's personal data is strictly managed within the company and by some of our contractors.

Specific security control measures for customers' personal data managed by the company are as follows.

(1) The company shall manage access to personal data, restrict the means of transporting personal data, take measures to prevent unauthorized access from outside the company, and take other necessary and appropriate measures to prevent leakage, loss, or damage of personal data and to otherwise securely manage personal data 

(2) The company may outsource all or part of its personal data handling operations to a third party. In such cases, the company will select a party that is deemed to handle personal data appropriately as the consignee, and will properly stipulate in the consignment contract the security control measures, confidentiality, conditions for re-consignment, return of personal data at the end of the consignment contract, and other matters related to the handling of personal data, and implement necessary and appropriate supervision.

(3) The company will endeavor to accurately process the personal data provided. However, the user is responsible for ensuring that the personal data provided is accurate and up-to-date.

(4) The company shall establish a system in which matters related to the handling of personal data are stated in its employment regulations, the scope of the handling of personal data is clarified to the company's employees, and regular training and reporting to the chief administrator regarding the matters to be considered are provided. (5) The company shall ensure the safety management against the risk of leakage, loss, or damage of customers' personal information, and shall make efforts to promptly erase relevant personal information when it is no longer necessary to use it. When handling existing personal information in a foreign country, we will implement safety control measures based on our understanding of the systems for the protection of personal information in that foreign country.    

 

Article 8: Reporting of Leakage, Loss, Damage, etc.

In the event of leakage, loss, damage, etc. of personal information handled by the company, the company will report to the Personal Information Protection Committee and notify the individual in accordance with the provisions of the Personal Information Protection Law.  

 

Article 9: Disclosure of Personal Information, etc.

1. When we are requested to disclose personal information by an individual, we will disclose such information to the individual without delay. However, if disclosure would result in any of the following cases, we may decide not to disclose all or part of the information, and if we decide not to disclose the information, we will notify the person to that effect without delay. A fee of 1,000 yen (excluding tax) will be charged for each case of disclosure of personal information.

(1) If there is a risk of harm to the life, body, property, or other rights or interests of the person concerned or a third party

(2) If there is a risk of significant hindrance to the proper conduct of our business

(3) If it would violate other laws or regulations

 

2. Notwithstanding the preceding paragraph, in principle, the company will not disclose information other than personal information, such as historical information and characteristic information.

​

Article 10: Correction and Review of Personal Information

In the event that the Company receives a request from an individual for disclosure, correction, addition, deletion, suspension of use, elimination, or suspension of provision to a third party of his/her personal information, the company shall, after fully confirming that the individual makes the request, conduct the necessary investigation without delay to the extent necessary to achieve the purpose of use, and based on the results of the investigation, correct the content of the personal information under the Personal Information Protection Law and other applicable laws and regulations. Based on the results of the investigation, the company will correct the content of the personal information following the provisions of the Personal Information Protection Law and other laws and regulations, and notify the person to that effect. (If we decide not to make such corrections, we will notify the person to that effect.) However, this shall not apply in cases where the company is not obligated to make such corrections, etc. under the Personal Information Protection Law or other laws and regulations.

 

With respect to personal information in its possession, the Company will comply with the Personal Information Protection Law and other laws and regulations and will review and improve the contents of this policy as appropriate. Any changes to this policy will be publicly announced by posting the changes on our website.

 

Article 11: Deletion of Account

If a user deletes his/her account, the company will stop using the user's personal data, and after a certain period of time, the company will delete the personal data managed by the company. However, in accordance with applicable laws, regulations, and internal rules, the company may retain and use personal data in a form in which individuals cannot be identified.

 

Article 12: Review and Improvement of this Policy

The company will review and amend this policy from time to time. The company may also change this Policy in accordance with amendments to laws and regulations or for other reasons. However, in the event of a change that requires the user's consent in accordance with applicable laws and regulations, the changed policy shall apply only to those users who have consented to the change in the manner prescribed by the company. If this policy is changed, we will notify users of the changed policy, display it on our website, or otherwise make it known to users in an appropriate manner.

​

Article 13: Contact for Inquiries

Please direct any inquiries regarding this policy to the following contact.  

Name, address and name of representative of the business handling personal information

VARYTEX Corporation

3-4-24 Roppongi, Minato-ku, Tokyo

Roppongi Adachi Building 1F

Kiichiro Hirano, CEO, and Representative Director

TEL: 03-6804-3596

E-mail: info@varytex.co.jp  

Establishment date:  28 July, 2023

Revision date: 1 December, 2023 

​

Information Security Policy

VARYTEX CORPORATION (hereinafter referred to as "the company") is committed to protecting the information assets held by the company from leakage and unauthorized access. The company recognizes that it is extremely important for the continuity of its business to protect its information assets from risks such as leakage and destruction, and has established this Information Security Policy in order to properly manage and operate its information assets, and to maintain its information security management system. This Information Security Policy shall apply to all information assets owned by the company (information handled by the company in providing services to its users and the facilities necessary to handle such information). This Information Security Policy shall apply to all information assets owned by the company.

2. This Information Security Policy shall be applied to the company's officers, employees (regular employees, contract employees, etc.), temporary employees, contractors, part-time workers, and interns (hereinafter collectively referred to as "employees").

3. The Company shall establish an information security management system capable of complying with laws and regulations concerning information security and responding to various risks to information assets, and shall promptly implement measures necessary to monitor the status of information security and to maintain and improve the information security management system. The company shall also promptly implement measures necessary to assess the status of information security and to maintain and improve the information security management system.

4. The company shall establish internal rules based on this Information Security Policy, and make clear rules for proper management and operation of information assets known to all employees.

5. The company shall provide its employees with education and training on information security in order to properly manage and operate the information assets held by the company.

6. In the event of an information security-related incident, any employee who discovers such an incident shall immediately report it to the information security manager, who shall immediately report it to the relevant personnel and take emergency measures as necessary. The Information Security Manager shall immediately report the incident to the relevant personnel and take emergency measures as necessary. The company shall analyze the causes of such information security incidents and take appropriate measures to prevent a recurrence.

7. Employees shall understand the purpose and content of this Information Security Policy, laws, and regulations related to information security, and internal rules, and shall comply with them. The company shall take disciplinary action against any employee who violates these policies in accordance with the employment regulations.

8. We shall endeavor to maintain and improve information security by regularly evaluating and reviewing this Information Security Policy and the implementation status of information security.

​

Cookie Policy

VARYTEX uses cookies, software development kits (SDKs), and other tracking technologies  to collect certain information to manage member information, display optimal content to users, or deliver advertising on our behalf and measure its effectiveness. Cookies, software development kits (SDKs), and other tracking technologies are used to collect certain information to deliver advertisements on our behalf or to measure their effectiveness.

 

About Cookies

Cookies, etc., are functions that allow a user's computer (PC, smartphone, tablet, or other Internet-capable device) to store information about the user's visits to a website.

Cookies may be set by the company or by third parties affiliated with the company.

​

Purpose of Use of Cookies

(1) The company may use cookies, etc. to improve user convenience, for example, to prevent users from repeatedly entering the same information when browsing a website. In addition, we may use information collected through the use of cookies, etc. to analyze how users use the website (access status, traffic, routing, errors, etc.) and use it to improve the performance of the website itself and to improve and enhance the services we provide to users.

(2) The Company may use cookies, etc. for the delivery of behavioral targeting advertisements by affiliated ad-serving service providers.

(3) The Company may use cookies, etc. for the purpose of measuring advertising effectiveness.

​

3. External Transmission

In order to achieve the purpose of the preceding paragraph, the company's website may use cookies, etc. set by third parties. Third-party cookies, etc., may be used to achieve the purposes described in the preceding paragraph. Third-Party Cookies, etc. have the function of instructing the third party to send certain information about the user to the third party. The Third Party Cookies, etc. used by the company and the information transmitted are described below in accordance with the Company's purposes of use. Please refer to the privacy policy of such third party for the purpose of use of such third party's information.