Stroly

[Disclaimer]
This Privacy Policy is translated from the original Japanese version. In the event of any discrepancy or inconsistency between the Japanese version and the English version, the Japanese version shall prevail.

Established: February 21, 2017
Revised: November 2, 2021
Revised: May 17, 2022
Revised: March 9, 2023
Revised: February 19, 2026
Stroly Inc.

Stroly Privacy Policy

This Privacy Policy (hereinafter referred to as "this Policy") sets forth the policy regarding the handling of personal information or personal data (hereinafter referred to as "User Information") of individuals (hereinafter referred to as "Users") who use the website and application software "Stroly" (hereinafter referred to as "this Service") provided by Stroly Inc. (hereinafter referred to as "the Company"). The terminology used in this Policy is based on the Act on the Protection of Personal Information (hereinafter referred to as the "APPI") and the General Data Protection Regulation (hereinafter referred to as the "GDPR").

1. User Information Obtained During Use of the Service (Without Registration) 1 - Common

1.1. Acquisition of Location Information/Usage History and Identification of User Devices

1.1.1. User Information to be Obtained

The Company obtains the User's location information and usage history of this Service (hereinafter referred to as "Location Information, etc.") when the User uses this Service. In addition, the Company assigns uniquely generated identification information (hereinafter referred to as "Uniquely Generated ID") to the User's device as a Cookie to identify said device.

1.1.2. Purpose of Use

(1) Use of location information to implement basic functions
The Location Information, etc. listed in 1.1.1. will be used to implement the following functions in this Service:

  • a) A function to provide the User's current location and information on nearby facilities and other spots in conjunction with the maps displayed on this Service.
  • b) A function to provide information on maps related to the User's current location on this Service.
  • c) A function to share the User's current location with other Users selected by the User on this Service.

(2) Use of Location Information, etc. for statistical analysis of User stay time and movement trends
Location Information, etc. listed in 1.1.1. is used in combination with Uniquely Generated IDs to statistically analyze the stay time in each area and movement trends between areas. The results obtained from such analysis are used to understand the usage status of this Service and to improve its specifications.

1.1.3. Joint Use

This Service may be provided in collaboration with services provided by other companies (hereinafter referred to as "Third-Party Services"). In such cases, the providers of the Third-Party Services will jointly use the Location Information, etc. and Uniquely Generated IDs listed in 1.1.1. for the same purposes of use as described in 1.1.2.(2). The Company shall be the party responsible for the management of this joint use.

1.1.4. Necessity of Obtaining User Information and Disadvantages to Users

(1) Use of location information to implement basic functions
The use of location information for the purposes listed in 1.1.2.(1) is indispensable for implementing the basic functions of this Service. Furthermore, if high-precision location information is not required for the implementation of such functions, we adopt specifications that reduce the granularity of the location information collected, ensuring that any privacy disadvantages to the User are minimized.

(2) Use of Location Information, etc. for statistical analysis of User stay time and movement trends
The use of Location Information, etc. and Uniquely Generated IDs for the purposes listed in 1.1.2.(2) is highly necessary to achieve the objective of improving the specifications of this Service. Furthermore, the information stored by the Company to achieve this purpose consists only of statistical information that cannot uniquely identify a specific individual, ensuring that any privacy disadvantages to the User are minimized.

1.1.5. Retention Period

Location Information, etc. listed in 1.1.1. is stored temporarily for the duration required to convert it into the statistical information listed in 1.1.2.(2). Additionally, Uniquely Generated IDs assigned as Cookies to a User's device will be deleted one year after the date of the last access from said device.

1.1.6. Information Provision for Users Residing in Regions where GDPR Applies

(1) Legal basis for handling User Information under GDPR
The legal bases for handling User Information listed in 1.1.1. under GDPR are as follows:

  • a) Use of location information to implement basic functions:This processing is based on GDPR Article 6(1)(b), as it is necessary for the performance of a contract to provide this Service.
  • b) Use of Location Information, etc. for statistical analysis of User stay time and movement trends:This processing is based on GDPR Article 6(1)(f), as it is necessary for the Company's legitimate interests (see 1.1.4.(2)) and the disadvantage to the User is minimal.

(2) Necessity of provision
While the provision of User Information listed in 1.1.1. is not a statutory or contractual obligation, it is essential for the use of this Service. Therefore, the Service cannot be used without its provision.

(3) Joint Controllers
In cases where "1.1.3. Joint Use" applies, the Company and the Third-Party Service provider are "Joint Controllers" as defined by the GDPR.

1.2. Use of Cookies for Maintaining Settings, etc.

1.2.1. Information to be Obtained and Purpose of Use

The Company saves and refers to Cookies on the User's device to maintain settings from previous accesses to this Service and to maintain the access status within this Service (hereinafter referred to as "Maintenance of Settings").

1.2.2. Necessity of Obtaining User Information and Disadvantages to Users

The use of Cookies for the purposes in 1.2.1. is essential for the provision of this Service, and any potential disadvantage to the User is limited.

1.2.3. Retention Period

Regarding Cookies for the purposes in 1.2.1., no specific retention period is set, in consideration of the necessity to maintain settings.

1.2.4. Information Provision for Users Residing in Regions where GDPR Applies

(1) Legal basis for handling User Information under GDPR
The handling of User Information listed in 1.2.1. is based on GDPR Article 6(1)(b), as it is necessary for the performance of a contract to provide this Service.

(2) Necessity of provision
While the provision of User Information listed in 1.2.1. is not a statutory or contractual obligation, it is essential for the use of this Service. Therefore, the Service cannot be used without its provision.

1.3. Use of Cookies via Google Tag Manager

1.3.1. Information to be Obtained

The Company uses Google Tag Manager provided by Google LLC in this Service and may accordingly save and refer to Cookies on the User's device. Information obtained by Google from this Service does not include anything that leads to the identification of an individual User.

The Company obtains only statistical information from Google through the use of Google Tag Manager that does not lead to the identification of a specific User, and uses this without cross-referencing it with other User Information.

1.3.2. Purpose of Use by the Company

The Company uses the statistical information obtained from Google to analyze the access status of this Service and to improve its specifications.

1.3.3. Purpose of Use by Google

For the purpose of use of information obtained by Google through the use of Google Tag Manager, please refer to the Google Tag Manager Terms of Service, Google Terms of Service, and Google Privacy Policy.

(1) Google Tag Manager Terms of Service:
[URL]https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

(2) Google Terms of Service:
[URL]https://policies.google.com/terms

(3) Google Privacy Policy:
[URL]https://policies.google.com/privacy

2. User Information Obtained During Use of the Service (Without Registration) 2 - When the Service Intends to Use Google Analytics and the User Consents

If the User chooses to consent to the use of Google Analytics on this Service, the Company will use the following information in addition to those listed in Section 1.

2.1. User Information to be Obtained

The Company uses Google Analytics provided by Google LLC in this Service and may accordingly save and refer to Cookies on the User's device.

The Company obtains only statistical information from Google through the use of Google Analytics that does not lead to the identification of a specific User.

2.2. Purpose of Use by the Company

The Company uses the statistical information obtained from Google to analyze the access status of this Service and to improve its specifications.

2.3. Purpose of Use by Google

For the purpose of use of information obtained by Google through the use of Google Analytics, please refer to the Google Analytics Terms of Service, Google Terms of Service, and Google Privacy Policy.

(1) Google Analytics Terms of Service:
[URL]https://marketingplatform.google.com/about/analytics/terms/

(2) Google Terms of Service:
[URL]https://policies.google.com/terms

(3) Google Privacy Policy:
[URL]https://policies.google.com/privacy

2.4. Information Provision for Users Residing in Regions where GDPR Applies

(1) Legal basis for handling User Information under GDPR
The User Information listed in 2.1. is handled only after obtaining prior consent; therefore, the legal basis is GDPR Article 6(1)(a).

Even after consenting to the handling of User Information listed in 2.1., the User may withdraw their consent at any time through the same display screen.

(2) Necessity of provision
The provision of User Information listed in 2.1. is not a statutory or contractual obligation, nor is it essential for the use of this Service.

3. User Information Obtained Upon User Registration

If a User registers for this Service, the Company will use the following User Information in addition to those listed in Sections 1 and 2.

3.1. User Information to be Obtained

When a User registers for this Service, the Company obtains the ID arbitrarily set by the User, the User's email address, and Google authentication information.

3.2. Purpose of Use

The User Information listed in 3.1. is used to identify the User when they log into this Service. Logging into the Service is necessary to provide customized services to each User.

3.3. Necessity of Obtaining User Information and Disadvantages to Users

The User Information listed in 3.1. is necessary to provide customized services for each registered User. The Company uses said information only within the scope necessary for logging into the Service and ensures that any privacy disadvantages to the User are minimized.

3.4. Retention Period

The Company stores the User Information listed in 3.1. for the period the User maintains their registration and for one week after the cancellation of said registration. The reason for continued storage after cancellation is to accept requests for reversal from Users who may have canceled their registration by mistake.

3.5. Information Provision for Users Residing in Regions where GDPR Applies

(1) Legal basis for handling User Information under GDPR
The handling of User Information listed in 3.1. is based on GDPR Article 6(1)(b), as it is necessary for the performance of a contract to provide services to registered Users.

(2) Necessity of provision
While the provision of User Information listed in 3.1. is not a statutory or contractual obligation, it is essential for utilizing services intended for registered Users.

4. Security Management Measures for User Information

4.1. Storage Method of User Information

The Company stores User Information managed by itself on cloud servers of Google LLC or Amazon.com, Inc. located in Japan or the State of Virginia, USA. The cloud services provided by Google and Amazon maintain robust information security standards and are compliant with GDPR.

4.2. Security Management Measures at the Company

The security management measures undertaken by the Company, other than those listed in 4.1., are as follows:

(1) Formulation of basic policies and internal regulations
We have formulated basic policies regarding the handling of User Information, as well as internal regulations concerning the handling methods, responsible persons/personnel, and their duties, and have disseminated them within the Company.

(2) Organizational security management measures
We have appointed a person responsible for the handling of User Information, clarified the scope of employees handling User Information, and established a reporting and communication system to the responsible person in the event of an information leak or other incidents (or suspicion thereof).

(3) Human security management measures
We impose confidentiality obligations on all employees and provide necessary education.

(4) Physical security management measures
We implement measures for access control at locations where devices handling User Information are installed, as well as measures to prevent theft or unauthorized removal of devices.

(5) Technical security management measures
We implement access controls to User Information and other necessary technical security management measures.

(6) Understanding the external environment
In relation to the handling of User Information in foreign countries, we collect information regarding the personal information protection systems in said countries and strive to implement necessary security management measures.

5. Procedures for Disclosure, etc. of Retained Personal Data

5.1. Method for Procedures of Disclosure, etc.

For requests or demands (hereinafter referred to as "Requests") for notification of the purpose of use, disclosure, correction/addition/deletion, or suspension of use/erasure/suspension of third-party provision (hereinafter collectively referred to as "Disclosure, etc.") regarding User Information that falls under Retained Personal Data, please send an email to the contact point below, accompanied by image data of the documents listed below. Requests for Disclosure, etc. by any other method cannot be accepted.

Please note that User Information of Users who have not registered for this Service does not fall under Retained Personal Data and is therefore not subject to Requests for Disclosure, etc.

5.1.1. In case of a Request from the individual

A copy of a driver's license, health insurance card, or other identification document that can confirm the identity of the individual.

5.1.2. In case of a Request by an agent

All of the following documents:

(1) A copy of the individual's driver's license, health insurance card, or other identification document.

(2) A document clarifying that the agent has been delegated by the individual (limited to those created by the individual themselves).

[Contact Point]
109-1 Kanakane-cho, Shimogyo-ku, Kyoto-shi, Kyoto 600-8258
Stroly Inc. Privacy Policy Representative

5.2. Matters to be Stated in the Request for Disclosure, etc.

When making a Request for Disclosure, etc., please state "Request for Disclosure, etc. of Retained Personal Data" in the email subject line and format the body as follows:

  • (1) State the name and address of the individual.
  • (2) If the request is by an agent, state the name and address of the agent.
  • (3) State specifically the nature of the request.
  • (4) For disclosure requests, specify the scope of disclosure requested concretely and clearly.
  • (5) For requests for correction, addition, deletion, or suspension of use/erasure/suspension of third-party provision, clearly state the specific content of the request and the reason.
  • (6) For disclosure requests, state whether you prefer disclosure via digital data (email) or in writing (postal mail). Even if you request disclosure in writing, the Company may perform disclosure via digital data if it deems it appropriate.
  • (7) State any other matters separately designated by the Company on this Service.

5.3. Cases where Requests for Disclosure, etc. can be Fulfilled

Even if a Request for Disclosure, etc. is received, the Company may not be able to comply if there is a deficiency in the method of request, if the identity of the individual or agent cannot be confirmed, or if there are legitimate reasons for not complying with the procedures. In such cases, we will respond to that effect. When submitting a disclosure request, a fee of 500 JPY is required per corporate document in which the Retained Personal Information is recorded. No fee is required for requests for suspension of use.

6. Other Information Provision for Users Residing in Regions where GDPR Applies

Section 6 applies only to Users residing in regions where the GDPR is applicable.

6.1. Right of Access (GDPR Article 15)

Users have the right to obtain confirmation from the Company as to whether or not personal data concerning them is being processed. If so, they have the right to access certain information such as the purposes of processing and the categories of data.

6.2. Right to Rectification or Erasure (GDPR Articles 16 and 17)

Users have the right to have inaccurate information concerning them rectified by the Company without undue delay (GDPR Article 16). Furthermore, Users have the right to have their information erased without undue delay if the processing is no longer necessary, if they withdraw consent for processing based on GDPR Article 6(1)(a), or if other certain requirements are met.

6.3. Right to Restriction of Processing (GDPR Article 18)

Users have the right to obtain from the Company restriction of processing where the accuracy of the personal data is contested or under other certain requirements.

6.4. Right to Object to Processing (GDPR Article 21)

Users have the right to object to the processing of personal data concerning them under certain requirements.

6.5. Right to Data Portability (GDPR Article 20)

Users have the right to receive personal data concerning them, which is managed as a database, in a structured, commonly used, and machine-readable format under certain requirements. Users also have the right to transmit those data to another controller without hindrance from the Company.

6.6. Contact Point for the Company

The contact information for Users to assert the rights listed in 6.1. through 6.5. is as stated in "7. Contact Point for Inquiries." The procedures required to exercise these rights are the same as in "5.1. Method for Procedures of Disclosure, etc.," but please state "Request based on GDPR" in the email subject line.

6.7. Right Not to be Subject to Automated Decision-Making (GDPR Article 22)

The Company does not make decisions based solely on automated processing of User's personal data that produce legal effects or similarly significantly affect the User.

6.8. Right to Lodge a Complaint with a Supervisory Authority

If a User has an objection regarding the Company's processing of personal data, the User may lodge a complaint with a supervisory authority in the GDPR Member State of the User's habitual residence, place of work, or place of the alleged infringement.

7. Contact Point for Inquiries

For inquiries regarding the handling of User Information by the Company, please contact us via email at the following address:
[Contact Point]privacy@stroly.jp

8. Information Regarding the Company

Please refer to the following link:
https://corp.stroly.com/

9. Revision of this Policy

When this Policy is revised, the fact of the revision, the date of revision, and the updated content will be published on this Service.