Privacy policy
CoDaMa Co., Ltd. (hereinafter referred to as the “Operator”) hereby establishes the following Privacy Policy (hereinafter referred to as the “Policy”) regarding the handling of information (hereinafter referred to as “User Information”) pertaining to customers (hereinafter referred to as “Users”) who use the service “UNIS digital card” (hereinafter referred to as the “Service”) provided on the website operated by the Operator.
The definitions used in this Policy shall be in accordance with the Act on the Protection of Personal Information (Act No. 57 of 2003; hereinafter referred to as the “Personal Information Protection Act”).
1. Compliance with Relevant Laws and Regulations
The Operator shall comply with the Personal Information Protection Act and other relevant laws and regulations, guidelines established by the Personal Information Protection Commission, and this Policy, and shall handle User Information, including personal information, in a lawful and appropriate manner.
2. Items of Information Collected by the Operator and How It Is Collected
The Operator collects the user information specified below using the methods described below. The Operator collects this information through lawful and appropriate means.
Information Collected Directly from Users
Name
Email Address
Information necessary for identity verification, such as ID and password
Information entered via input forms, etc.
Information specified for each service
Other information related to the above items
Information necessary for payment and settlement, such as credit card information, is collected by the payment service provider. The Operating Company does not collect this information.
Information Collected Automatically
Information regarding devices, apps, and networks, such as cookies, online identifiers (e.g., IDFA/AAID), device type, OS, language and time zone settings, browser type, app version, IP address, and carrier name
Information regarding service usage and activity history, such as access logs
Information specified for each service
Other information related to the above categories
Information obtained from third parties
Information necessary for payment processing provided by the user to the payment processing company
Information regarding the user (personally related information), such as behavioral history including cookies, held by third parties that do not possess personally identifiable information such as the user’s name ※ ※ In this case, the operator obtains such personally related information as personal data by linking it to the user’s personal information managed by the operator.
Other information related to the above categories
3. Purposes of Use of Personal Information
The Operator shall collect and use users’ personal information within the scope of the following purposes of use (except where the purpose of use is evident from the circumstances of collection) and shall not use it for any other purposes unless the user has given consent or such use is permitted by law.
To register for the Service and verify the user’s identity
To provide the Service, offer user support within the Service, and provide after-sales service
To notify users of matters necessary for the operation of the Service
To distribute information regarding the Service and other business operations of the Operating Company via email or other means
To respond to inquiries from users
To analyze information such as users’ browsing history and purchase history in order to conduct marketing tailored to users’ interests and preferences
To conduct campaigns and prize promotions
For analysis and evaluation necessary for service improvement and the development of new services
For billing, refunds, payments, and related administrative processing regarding service usage fees
To address violations of the Terms of Service or other rules established by the operating company, and to investigate, detect, and prevent other forms of unauthorized use of the service
To provide personal data to third parties as specified in this Policy
To notify users of changes to this Policy
4. Providing Personal Data to Third Parties
The Company will not provide a user’s personal data to third parties without first obtaining the user’s consent, except in the cases specified in the following items:
When personal data is provided in connection with the outsourcing of all or part of the handling of such data to the extent necessary to achieve the purpose of use
When required by laws and regulations
When necessary to protect human life, physical safety, or property, and it is difficult to obtain the user’s consent
When particularly necessary for the improvement of public health or the promotion of the sound development of children, and it is difficult to obtain the user’s consent
When it is necessary to cooperate with a national agency, local government, or a party entrusted by them in performing duties prescribed by laws and regulations, and obtaining the user’s consent would likely hinder the performance of such duties
When the third party is an academic research institution or similar entity, and such third party needs to handle the personal data for academic research purposes (including cases where part of the purpose of handling the personal data is for academic research, excluding cases where there is a risk of unduly infringing upon the rights and interests of individuals)
When permitted by the Personal Information Protection Act or other laws and regulations
Notwithstanding the provisions of the preceding paragraph, the Operating Company may provide a user’s personal data to a third party for the purpose of analyzing information such as the user’s browsing history and purchase history to conduct marketing tailored to the user’s interests and preferences.
If the recipient of the personal information is a third party located in a foreign country, the personal information will be used within the scope specified in Paragraph 1.
Please refer to the following for the name of the recipient’s country and the personal information protection system of that foreign country.
United States:
https://www.ppc.go.jp/enforcement/infoprovision/laws/offshore_report_america/
The third party to whom the information is provided complies with the laws and regulations regarding personal information protection in that country.
5. Security Controls for Personal Data
The Operator shall take necessary and appropriate measures to prevent the leakage, loss, or damage of personal data it handles, and to ensure the security of such personal data.
6. Disclosures, Corrections, and Suspension of Use of Retained Personal Data
When the Operator receives a request from a user, pursuant to the provisions of the Act on the Protection of Personal Information, for the disclosure of retained personal data or records of provision to third parties, or for notification of the purpose of use of retained personal data (hereinafter referred to as “Notifications, etc.”), or when the Operator receives a request for the correction, addition, or deletion of the content of retained personal data (hereinafter referred to as “Corrections, etc.”) or the suspension of use, erasure, or cessation of provision to third parties of retained personal data (hereinafter referred to as “Suspension of Use, etc.”), the Operator shall verify that the request is from the user themselves, conduct the necessary investigation, and then carry out the Notification, etc., Correction, etc., or Suspension of Use, etc. However, this shall not apply if the Operator is not subject to these obligations under the Personal Information Protection Act or other laws and regulations.
Please note that a fee of 1,000 yen per request will be charged for notifications regarding personal information.
7. Cookies, Advertising Identifiers (IDFA/AAID), and Google Analytics
The Operator may use cookies, advertising identifiers (IDFA/AAID), or similar technologies to understand how the Service is used, improve the convenience of the Service, and deliver advertisements tailored to users. This information does not contain any data that identifies specific individuals.
The Operator may use Google Analytics, provided by Google, to understand how the Service is used and to improve its usability. Google Analytics uses cookies and other technologies to collect and analyze browsing history in a form that does not contain information identifying specific individuals. The Operator receives these results and may use them to understand user usage patterns for the development and improvement of the Service.
8. Contact Information
Please direct any requests regarding retained personal data or other inquiries about the operator’s handling of personal information to the following contact point:
CoDaMa Co., Ltd.
Personal Information Protection Manager
Email: support@codama.inc
9. Changes to This Policy
The operator may review the contents of this policy as appropriate and make changes as necessary. In such cases, the revised policy shall apply from the effective date separately specified by the operator.
CoDaMa Co., Ltd.
Address: 34F Atago Green Hills MORI Tower, 2-5-1 Atago, Minato-ku, Tokyo
CEO: Hiroki Nagai
Issued: April 25, 2026