Privacy Policy

The purposes of use of the personal information we handle are as follows.

• 1 Personal information provided by the customers who concluded a contract for the kaonavi service

  1.1 Employee information stated by the customer in the contract documents, such as the application form

  ・Provide, manage, and operate the kaonavi service

  ・Provide the necessary communication to the customer for using the kaonavi service

  ・Provide information about services, events, and seminars related to the kaonavi service

  1.2 Customer employee information provided by the customer through the kaonavi service

  ・Perform the contracted service

  The storage period shall be for the duration of the contract, and deletion shall take place after contract ends.

• 2 Personal information provided by the member through the kaonavi campus online

  * Includes information directly input by the member in the kaonavi campus online, as well as information about the actions taken through use by the member.

  • ・Provide, manage, and operate the kaonavi service and the kaonavi campus online
  • ・Provide the necessary communication to the member for using the kaonavi campus online
  • ・Provide information about our products, services, events, and seminars by postal mail, telephone, email, and advertisement distribution
  • ・Marketing activities, customer engagement activities, and other sales activities, such as usage proposals to members

• 3 Personal information about customers who are interested in our services and events

  3.1 Personal information about customers who participated in our PR activities, such as an event, seminar, or campaign

  ・Operate and manage the provision of our services (including event and seminar co-sponsors, provision of participant information and questionnaire information to supporting companies and operation and management of campaigns)

  ・Provide information about our products, services, events, and seminars by postal mail, telephone, email, and advertisement distribution (In the course of providing you with information, we may outsource a part of the handling of personal data to external contractors, such as ad-serving companies.)

  ・Create, use, disclose, and provide statistical data about our services to the extent it is not possible to identify specific individuals

  ・Improve and enhance our services and create, use, and provide marketing materials using data that has been processed so it can no longer be used to identify specific individuals

  3.2 Personal information about customers who are considering using our services

  ・Provide information about our services and respond to inquiries from customers

  ・Perform work duties in relation to the above and contact the potential customers

  ・Provide information about our products, services, events, and seminars by postal mail, telephone, email, and advertisement distribution (In the course of providing you with information, we may outsource a part of the handling of personal data to external contractors, such as ad-serving companies.)

  ・Create, use, disclose, and provide statistical data about our services to the extent that it is not possible to identify specific individuals

  ・Improve and enhance our services and create, use, and provide marketing materials using data that has been processed so it can no longer be used to identify specific individuals

• 4 Personal information about business partners, such as sales partners, introduction partners, contractors, and other cooperative and affiliated companies

  ・Appropriately manage the details of the contracts concluded with our business partners (“Appropriately manage the details of the contracts” includes “the use of information prior to concluding the contract” and “the use of information after termination of the contract”).

• 5 Personal information about persons who consider joining our company

  ・Provide information about employment and job opportunities and communicate with applicants and persons who are interested in joining our company

  ・Employment screening

• 6 Personal information about our executive officers and employees

  • ・Business related communication, creation of employee registries, other procedures required by law (including after resignation of the employee), and other employment management.
  • ・Personnel evaluations and deciding where the employee will be assigned, loaned, or dispatched
  • ・Decide and pay the consideration, perform the tax and social insurance related procedures, and provide the benefit program
  • ・Take security management measures through surveillance cameras or online monitoring
  • ・Our PR activities, PR in advertising materials or advertising activities
  • ・Our sales activities and customer support
  • ・Appropriate health management (health information about workers, such as the results of the health checkup, will not be acquired, used, or provided unless such is based on law)
  • ・Acquire licenses, permissions, and certification and perform audit procedures

• 7 Personal information about the family of our executive officers and employees

  ・Emergency contact

  ・Perform the social insurance related procedures and provide the benefit program

• 8 Personal information about resigning employees

  ・Create personnel data and communication after resignation

• 9 Personal information about shareholders

  ・Exercise the rights and perform duties under the Companies Act and commercial law

  ・Implement various measures for securing a better relationship with our shareholders

  ・Create shareholder data in accordance with the designated standards based on the laws and regulations and other shareholder management.

• 10 Personal information of persons who submitted an inquiry

  ・Reply to and communicate in relation to the inquiry

  ・Improve the quality of telephone support and accurately grasp the details of the inquiry

* Above information other than 1.2 is personal data in our possession.

• 1. Name, address, and name of the representative of the entity responsible for handling personal information

  kaonavi, inc.
  2-24-12 Shibuya, Shibuya-ku, Tokyo
  Representative Director, President & Co-CEO
  Hiroyuki Sato

• 2. Title, affiliated division and contact information of Personal Information Protection Administrator

  Division Manager, Corporate Division
  Please click here to contact us with any inquiries concerning personal information.

• 3. Purpose of use of the personal data in our possession

  Of the purposes of use indicated in the above paragraph 1 “Purpose of use of personal information,” items other than 1.2 are the purposes of use of the personal data in our possession.

• 4. Provision of personal information to third parties

  • (1) Provision of personal information to third parties when holding an event or seminar

    When holding an event or seminar and we plan to provide personal information to a third party, such as a co-sponsor, we will do so after obtaining prior consent.

    [a] Information recipients

    Co-sponsors of the event or seminar

    [b] Purpose of use at the recipients

    • 1）Provide information about our services and the services provided by the recipients
    • 2）Provide information about the products, services, events, and seminars of our company or the recipient by postal mail, telephone, and email
    • 3）Perform work duties in relation to the above, provide communication, carry out procedures, and respond to inquiries

    [c] Details of the personal information to be provided

    • 1）Company name, name of the affiliated organization, name of the affiliated division, job title, such as the name of the position, name, address, telephone number, email address, and other contact information
    • 2）Other information acquired through events and seminars
      The above items do not include data stored by kaonavi.

    [d] Method of third-party provision

    Provide as a written document or data

    [e] In the event any matters not stipulated above occur, when obtaining consent for the third-party provision of personal information, the specific matters will be individually indicated in advance.

  • (2) In addition to the above, unless consent is obtained from the subject person or provision is conducted in accordance with the laws and regulations, acquired personal information will not be provided to third parties.

• 5. Contracting the handling of personal information

  All or part of the handling of acquired personal information may be contracted. External contractors will be an entity that conforms to the criteria set forth by the company. By concluding an agreement concerning the handling of personal information and grasping the status of handling of personal information by the contractor, the necessary and appropriate supervision will be provided for the security management of personal information.

• 6. Security management measures for the personal data in our possession

  As stated in the “Matters concerning security management measures for personal data” below.

• 7. Point of contact for complaints concerning the handling of personal data in our possession

  “Point of contact for complaints and consultations regarding personal information” (stated at the end of the document)

• 8. Name of the accredited personal information protection organization and point of contact for complaint resolution

  The company is a target entity of an accredited personal information protection organization of the Japan Institute for Promotion of Digital Economy and Community (JIPDEC).
  Name of the accredited personal information protection organization: JIPDEC
  Point of contact for complaint resolution: Personal Information Protection Consultation Service Office
  Address
  Roppongi First Building, 1-9-9 Roppongi, Minato-ku, Tokyo 106-0032
  Telephone number:
  03-5860-7565
  0120-700-779

• 9. Procedure for responding to requests for disclosure

  • (1) Point of contact for requesting disclosure

    “Point of contact for complaints and consultations regarding personal information” (stated at the end of the document)

  • (2) Forms to be submitted when requesting disclosure and other procedures for requesting disclosure

    Submit the following documents to the “Point of contact for complaints and consultations regarding personal information.” We will process your request as quickly as possible.

    [a] Disclosure request form designated by our company

    Person requesting disclosure

    [b] Identity verification document

    • 1）When requested by the subject person

      The subject person’s public certificate (copy)

    • 2）When requested by a proxy

      Of the documents listed below, all that apply.

      ●1 In the case of a person with parental authority (or minor ward)

      ・A copy of a public certificate that can be used to confirm the subject person’s current address and permanent address

      ・A copy of the family register (certificate of all matters)

      ・A copy of a public certificate that can be used to confirm the proxy’s current address and permanent address

      ●2 In the case of an adult guardian (legal representative of an adult ward)

      ・A copy of a public certificate that can be used to confirm the subject person’s current address

      ・A copy of the certificate of registered matters (that indicate the proxy is the legal representative of the subject person)

      ・A copy of a public certificate that can be used to confirm the proxy’s current address

      ●3 In the case of a proxy with letter of attorney

      ・A copy of the seal-impression certificate

      ・Letter of attorney designated by the company (impressed with the subject person’s registered seal)
      A letter of attorney

      ・A copy of a public certificate that can be used to confirm the proxy’s current address (in the case of a lawyer, the registration number is also acceptable). “Public certificate” refers to a driver’s license, health insurance card or pension booklet, basic resident’s registration card with photo, passport, special permanent resident certificate, residency card, seal impression certificate, certified copy of the resident register, copy of the family register or a partial excerpt of the family register, copy of the certificate of information recorded in the foreign resident registration file, and other documents. The submitted identity verification document will be used as follows. Please send such documents only when you consent to the following use.

      ・The personal information will be used for responding to requests for disclosure from the subject person.

      ・Depending on the identity verification document submitted, the company may acquire personal information requiring special care.

      ・Unless required by law or regulation, the personal information will not be provided to a third party without consent from the subject person.

      ・When the identity of the subject person cannot be verified using the identity verification document, the company may not be able to fulfill the request for disclosure.

    [c] Fees

    Requests for the notification of the purpose of use or disclosure will be charged a fee of 1,000 yen per request. Please enclose a 1,000-yen postal money order along with the above documents. When the fee is not enclosed as instructed above, the requestor will be notified to that effect, and if the requestor fails to make the payment within the designated period of time, the request for disclosure will be deemed not to have been made. The submitted documents will not be returned, in principle.

  • (3) When disclosure is unable to be made

    In the event any of the following applies, the disclosure will not be made. When it is decided not to disclose the information, such decision will be reported to the requester in writing. Please note that even in the case of nondisclosure, the designated fee will be charged.

    • [a] When it is likely to harm the life, physical well-being, property, or other rights and interests of the subject person or a third party
    • [b] When it is likely to significantly hinder the proper operation of the company’s business
    • [c] When another law or regulation will be violated
    • [d] When there is an omission in the designated request form or some of the designated documents are not submitted
    • [e] When the fee is not paid in full

• 1. Formulation of a privacy policy

  In order to secure the proper handling of personal data, the company has formulated a privacy policy for compliance with the related laws, regulations, and guidelines, as well as the formulation and operation of a personal information protection management system in conformity to the Japanese Industrial Standards Personal Information Protection Management System – Requirements (JIS Q 15001) and acceptance of complaints and consultations.

• 2. Establishment of guidelines concerning the handling of personal data

  The company has formulated standards and rules concerning the handling method, responsible persons and persons in charge, and the assigned work duties for each phase of acquisition, use, storage, provision, deletion, and disposal.

• 3. Organizational security management measures

  • (1) Establishment of organizational structures

    The company has appointed a Personal Information Protection Administrator for the handling of personal data and clarified the responsibilities.
    The company has clarified the scope of personal data handling by the employees and business partners who handle personal data.

  • (2) Operation in accordance with the rules concerning the handling of personal data

    The company acquires a log of the use of the personal database and status of output.
    In addition to conducting regular self-inspections concerning the status of personal data handling, the company conducts an internal audit or certification audit by an external institution at least once a year.

  • (3) Establishment of means for confirming the status of personal data handling

    The personal data items, responsible person, purpose of use, and other handling status are recorded in a ledger.

  • (4) Establishment of a system for responding to incidents, such as information leaks

    The company has established a flow for responding to incidents, as well as a reporting line to the Personal Information Protection Administrator in the event of an accident, violation, or the risk thereof set forth in our laws and regulations, such as Personal Information Protection Act and company rules.

  • (5) Grasping the status of handling and reviewing the security management measures

    In addition to conducting regular self-inspections concerning the status of personal data handling, the company conducts an internal audit or certification audit by an external institution at least once a year.

• 4. Human security management measures

  Regarding the points to note in relation to the handling of personal data, the company provides educational training to its employees after initially joining the company and at least once a year.
  Matters concerning the confidentiality of personal data are included in the written pledge submitted when joining/ leaving the company and in the Work Rules.

• 5. Physical security management measures

  • (1) Control of the areas where personal data is handled

    Entry and exit to and from offices is controlled.
    The kaonavi service data center complies with the provisions of Amazon Web Services that serve as our data center.

  • (2) Measures implemented against the loss of a device or electronic media

    Personal data is stored in cloud storage, and measures are implemented against the theft or the loss of a device through HDD encryption.

  • (3) Prevention of information leaks when carrying around electronic media

    Devices are controlled to prevent storage of data using portable storage media, such as USB memory sticks.

  • (4) Deletion of personal data and disposal of devices and electronic media

    When disposing of personal data, the company selects an appropriate entity, implements logical deletion, and obtains a certificate of disposal.

• 6. Technical security management measures

  • (1) Access controls

    Accounts that can be used to access the data are only granted to the minimum necessary persons who are approved by the Personal Information Protection Administrator, and usage logs are monitored.

  • (2) Identification and authentication of users

    The company issues and authenticates accounts individually.

  • (3) Prevention of unauthorized access by external parties

    The company has installed a firewall and antivirus software on the devices.
    The infrastructure used for kaonavi service is equipped with access control by Firewall and intrusion detection by IDS.

  • (4) Prevention of leaks through the use of information systems

    The company uses antimalware and Web filtering.
    The company uses TLS(1.2) and VPN for encrypting the communication channels, and for the data storage area, the database data is encrypted at the storage layer.

• 7. Grasping the external environment

  For overseas countries where personal data in our possession is stored, the company understands the regulations concerning personal information protection in those countries and implements security management measures. Please refer to section 2 “Storage of personal data in our possession on overseas servers” in 4 below.

• 1. Contracting the handling of personal data overseas

  • (1) Method of establishing the system set forth in Article 28 (1) of the Personal Information Protection Act

    The company examines the details of the contract agreement, such as the contractor’s terms of use, in advance and determines whether or not to use the contractor.

  • (2) Outline of the corresponding measures taken by the contractor

    The agreement sets forth that the personal data will be used within the scope of the specified purpose of use, improper use is prohibited, the appropriate security management measures will be implemented, and the necessary and appropriate supervision will be implemented for the employees, as well as the criteria for selecting subcontractors and prohibition of third-party provision of personal data.

  • (3) Frequency and method of confirming system establishment

    Every time the terms of use are revised, the details of the terms of use are confirmed.
    The legal system is confirmed every year based on the information announced by the Personal Information Protection Commission and other government institutions in Japan.

  • (4) Names of the countries where contractors are located

    As shown in the list of contractors in ⑻ below.

  • (5) Existence and outline of the systems in overseas countries that may impact the implementation of the corresponding measures by the contractors

    There are no such systems.

  • (6) Existence and outline of the obstacles for the implementation of the corresponding measures by the contractors

    There are no such obstacles.

  • (7) Outline of the measures implemented by the company in the event there is an obstacle for the implementation of the corresponding measures

    When a contractor handles personal information in violation of the contract agreement, including the abovementioned corresponding measures, in accordance with the contract agreement, the contractor will be requested to promptly correct such handling.
    In the event such violation is not corrected within a reasonable period of time and it is deemed difficult to ensure continuous implementation of the corresponding measures, the company will suspend the provision of personal information to the contractor.
    When it is confirmed that a law is amended as described below in a foreign country where the contractor is located, the company will suspend the handling of personal information by the contractor.

    • 1）System that enables a wide range of information collection by the government concerning the personal information possessed by entities through the imposition of a broad obligation for entities to cooperate with the government’s information collection activities
    • 2）System concerning the obligation to store personal information within the country in a manner that may preclude entities from responding to requests for deletion of personal information from the subject person

  • (8) List of contractors

    Meta Platforms, Inc. (The United States)
    Zoom Video communications, Inc. (The United States)

• 2. Storage of personal data on servers overseas

  Service	Service provider	Server location	Information about the legal systems in server locations
  Facebook	Meta Platforms, Inc.	The United States of America	The United States of America (Federal) https://www.ppc.go.jp/files/pdf/USA_report.pdf
  Google workplace	Google LLC	The United States of America, Republic of Chile, Taiwan, Republic of Singapore,（*）	The United States of America (Federal) https://www.ppc.go.jp/files/pdf/USA_report.pdf Taiwan https://www.ppc.go.jp/files/pdf/taiwan_report.pdf Republic of Singapore https://www.ppc.go.jp/files/pdf/singapore_report.pdf
  Marketo Engage	Adobe Systems Software Ireland Limited	The United States of America, Commonwealth of Australia	The United States of America (Federal) https://www.ppc.go.jp/files/pdf/USA_report.pdf Commonwealth of Australia https://www.ppc.go.jp/files/pdf/australia_report.pdf
  Zendesk	Zendesk, Inc.	The United States of America	The United States of America (Federal) https://www.ppc.go.jp/files/pdf/USA_report.pdf
  Recruit Direct Scout	Recruit Co., Ltd.	The United States of America, India, Commonwealth of Australia, Canada, Republic of Singapore, Taiwan, Republic of Chile	The United States of America (Federal) https://www.ppc.go.jp/files/pdf/USA_report.pdf India https://www.ppc.go.jp/files/pdf/india_report.pdf Commonwealth of Australia https://www.ppc.go.jp/files/pdf/australia_report.pdf Canada https://www.ppc.go.jp/files/pdf/canada_report.pdf Republic of Singapore https://www.ppc.go.jp/files/pdf/singapore_report.pdf Taiwan https://www.ppc.go.jp/files/pdf/taiwan_report.pdf

  * Under the terms of use, storage is not limited to servers in Japan, and since Google LLC does not specify the location of the servers on which the data is stored, the possible countries are listed in this table.

  * The data stored in the kaonavi service is stored in the data center in Japan and not handled on servers located overseas.

  * The data stored in the kaonavi campus online is stored in the SFDC Tokyo Instance data center and not handled on servers located overseas.

When you call us or when we contact you, we may record the content of the call in order to accurately understand your request or inquiry and to improve our services in the future.

The company may acquire the status of use and attribute information of customers (limited to information that cannot be used to identify a specific individual through a combination with other such information) using Cookies, Web beacons, or similar technology (hereinafter referred to as “Cookies”) in order to protect the privacy of customers who use the services provided by our company and who use this homepage, improve usability, distribute advertisements and acquire statistical data. The company uses behavior targeted advertising services provided by the following companies through the use of Cookies in order to distribute optimum advertisements to customers. To invalidate these services, it is necessary to access the website of each company and follow the indicated instructions.

• Google LLC
  You may opt out of the advertising from the website below.
  https://www.google.com/intl/ja/policies/technologies/ads/
• Yahoo Japan Corporation
  You may opt out of the advertising from the website below.
  https://btoptout.yahoo.co.jp/optout/index.html
• Meta Platforms, Inc.
  You may opt out of the advertising from the website below.
  https://www.facebook.com/ads/website_custom_audiences
• Adobe Inc.
  You may opt out of the advertising from the website below.
  https://www.adobe.com/jp/privacy/policy.html?id=cookie-policy
• User Local, Inc.
  You may opt out of the advertising from the website below.
  https://ui.userlocal.jp/notice/
• Landscape Co., Ltd.
  You may opt out of the advertising from the website below.
  https://www.landscape.co.jp/privacy/optout.html

Use of Google Analytics

We use Google Analytics for the collection and analysis of access logs on our homepage. Google Analytics uses Cookies sent from this website to the user’s browser to collect the access log of the homepage without information that can be used to identify specific individuals. The access log collected in Google Analytics is managed in accordance with the Privacy Policy of Google. Cookies can be invalidated by changing your browser settings. Also, you can suspend the collection of customer information using Google Analytics by installing Google Analytics Opt-out Ad-on and changing your browser ad-on settings.
Google Analytics Terms of Use
Google Privacy Policy
Google Analytics Opt-out Ad-on