プライバシーポリシー

株式会社EventHub（以下「当社」といいます。）は、お客様の個人情報保護の重要性について認識し、個人情報の保護に関する法律（以下「個人情報保護法」といいます。）を遵守すると共に、以下のプライバシーポリシー（以下「本プライバシーポリシー」といいます。）に従い、適切な取扱い及び保護に努めます。

1. 個人情報の定義

本プライバシーポリシーにおいて、個人情報とは、個人情報保護法第2条第1項により定義された個人情報、すなわち、生存する個人に関する情報であって、当該情報に含まれる氏名、生年月日その他の記述等により特定の個人を識別することができるもの（他の情報と容易に照合することができ、それにより特定の個人を識別することができることとなるものを含みます。）を意味するものとします。

2. 個人情報の利用目的

当社は、お客様の個人情報を、以下の目的で利用いたします。

(1) ログイン時、ログイン後における本人認証、各種画面におけるお客様の情報の自動表示など当社サービスの利用に必要なお客様の管理のためのシステム運営

(2) 当社サービス上でのプロフィールページ（氏名、会社名、役職を含みます。以下同じ）の作成、プロフィールページ記載の情報の全部又は一部を、お客様の公開設定に従い、当社サービス上で他のお客様又やイベント主催者の閲覧に供すること、及び他のお客様からのメッセージの送信等のコミュニケーションを可能とすることなど当社チャット・商談予約サービスの提供

(3) イベントチケットの販売プラットフォームサービスの提供

(4) お客様の同意の範囲で、当社サービス上でプロフィールページ記載の情報の全部又は一部を、お客様の公開設定に従い、お客様の閲覧に供すること、並びにお客様からのメッセージの送信等のコミュニケーションを可能とすることなど当社サービスの提供

(5) メンテナンス情報、重要なご連絡など当社サービスを運用する上で必要な事項に関するお知らせ

(6) お客様皆様の氏名、会社名、役職を含む個人情報、当社サービス内でのアクセス履歴、商談予約履歴、商談予約時のメッセージ内容、イベント当日の行動履歴などの統計を用いたイベント運営支援の実施、マーケティングやイベント運営の効率化

(7) 個人を特定できない範囲においてのお客様皆様の行動、当社サービス内でのアクセス履歴などを用いた、趣味・嗜好に応じた新商品・サービスに関するターゲティング広告の配信

(8) 個人を特定できない範囲においての当社サービスに関する統計情報の作成及び利用

(9) 個人を特定できない範囲内での当社掲載企業、提携先その他第三者へのマーケティング資料としての情報の提供

3. 個人情報利用目的の変更

当社は、個人情報の利用目的を相当の関連性を有すると合理的に認められる範囲内において変更することがあり、変更した場合にはお客様に通知又は公表します。

4.　個人情報の利用

当社は、個人情報保護法その他の法令により許容される場合を除き、お客様の同意を得ず、利用目的の達成に必要な範囲を超えて個人情報を取り扱いません。但し、次の場合はこの限りではありません。

(1) 法令に基づく場合

(2) 人の生命、身体又は財産の保護のために必要がある場合であって、お客様の同意を得ることが困難であるとき

(3) 公衆衛生の向上又は児童の健全な育成の推進のために特に必要がある場合であって、お客様の同意を得ることが困難であるとき

(4) 国の機関もしくは地方公共団体又はその委託を受けた者が法令の定める事務を遂行することに対して協力する必要がある場合であって、お客様の同意を得ることにより当該事務の遂行に支障を及ぼすおそれがあるとき

(5)　学術研究機関等に個人データを提供する場合であって、当該学術研究機関等が当該個人データを学術研究目的で取り扱う必要があるとき（当該個人データを取り扱う目的の一部が学術研究目的である場合を含み、個人の権利利益を不当に侵害するおそれがある場合を除く。）

5. 個人情報の適正な取得

当社は、適正に個人情報を取得し、偽りその他不正の手段により取得しません。

6. 個人情報の安全管理

当社は、個人情報の紛失、破壊、改ざん及び漏洩などのリスクに対して、個人情報の安全管理が図られるよう、当社の従業員に対し、必要かつ適切な監督を行います。また、当社は、個人情報の取扱いの全部又は一部を委託する場合は、委託先において個人情報の安全管理が図られるよう、必要かつ適切な監督を行います。当社の保有個人データに関する具体的な安全管理措置の内容は、以下のとおりです。

＜基本方針の策定＞

個人データの適正な取扱いの確保のため、「関係法令・ガイドライン等の遵守」、「質問及び苦情処理の窓口」等についての基本方針として、本プライバシーポリシーを策定

＜個人データの取扱いに係る規律の整備＞

取得、利用、保存、提供、削除・廃棄等の段階ごとに、取扱方法、責任者・担当者及びその任務等について個人データの取扱規程を策定

＜組織的安全管理措置＞

1）個人データの取扱いに関する責任者を設置するとともに、個人データを取り扱う従業者及び当該従業者が取り扱う個人データの範囲を明確化し、法や取扱規程に違反している事実又は兆候を把握した場合の責任者への報告連絡体制を整備

2）個人データの取扱状況について、定期的に自己点検を実施するとともに、他部署や外部の者による監査を実施

＜人的安全管理措置＞

1）　個人データの取扱いに関する留意事項について、従業者に定期的な研修を実施

2）　個人データについての秘密保持に関する事項を就業規則に記載

＜物理的安全管理措置＞

1）　事業所内において、個人データを取り扱う区域において、従業者の入退室管理及び持ち込む機器等の制限を行うとともに、権限を有しない者による個人データの閲覧を防止する措置を実施

2）　個人データを取り扱う機器、電子媒体及び書類等の盗難又は紛失等を防止するための措置を講じるとともに、事業所内の移動を含め、当該機器、電子媒体等を持ち運ぶ場合、容易に個人データが判明しないよう措置を実施

3)　個人データを取り扱う区域については就業規則に規定の通り、事業所以外では、テレワーク先（自宅など）に限定する措置を実施。万が一、事前に許可されたテレワーク先以外での業務が必要となる場合には、当該業務遂行にあたって個人情報が他人から閲覧出来ないような環境であることを、上長と事前に確認するプロセスを実施

＜技術的安全管理措置＞

1）　アクセス制御を実施して、担当者及び取り扱う個人情報データベース等の範囲を限定

2）　個人データを取り扱う情報システムを外部からの不正アクセス又は不正ソフトウェアから保護する仕組みを導入

＜外的環境の把握＞

個人データを保管している日本国における個人情報の保護に関する制度を把握した上で安全管理措置を実施

なお、当社は外部サーバー（2022年3月末時点では、AWS）を外部利用しているところ、情報保存については日本国でのサーバーを利用していると説明を受けているものの、AWS側の事情により外国のサーバーが利用される可能性もありうる他、別の外部サーバーに切り替える可能性も今後想定される。かかる場合において、現行の規定が不適切だと判断された場合には、速やかにプライバシーポリシーにおける当該規定を変更する。

7.　漏洩時の報告等

当社は、当社の取り扱う個人情報の漏洩、滅失、毀損等の事態が生じた場合において、個人情報保護法の定めに基づき個人情報保護委員会への報告及び本人への通知を要する場合には、かかる報告及び通知を行います。

8. 第三者提供

8.1 当社は、個人情報保護法その他の法令に基づき開示が認められる場合を除くほか、あらかじめお客様の同意を得ないで、個人情報を第三者に提供しません。但し、次に掲げる場合は上記に定める第三者への提供には該当しません。

(1) 当社が利用目的の達成に必要な範囲内において個人情報の取扱いの全部又は一部を委託する場合

(2) 合併その他の事由による事業の承継に伴って個人情報が提供される場合

(3) 個人情報保護法の定めに基づき共同利用する場合

8.2 第8.1項の定めにかかわらず、当社は、第4項各号のいずれかに該当する場合を除くほか、外国（個人情報保護法第28条に基づき個人情報保護委員会規則で指定される国を除きます。）にある第三者（個人情報保護法第28条に基づき個人情報保護委員会規則で指定される基準に適合する体制を整備している者を除きます。）に個人情報を提供する場合には、あらかじめ外国にある第三者への提供を認める旨の本人の同意を得るものとします。

8.3 第8.2項に基づき外国にある第三者への提供につき本人の同意を得る場合、以下の事項について本人に情報を提供するものとします。但し、第1号の事項が特定できない場合、第1号及び第2号の事項に代えて、第1号の事項が特定できない旨及びその理由、並びに当該事項に代わる本人に参考となるべき情報があれば当該情報を提供するものとします。

(1)　当該外国の名称

(2)　当該外国における個人情報の保護に関する制度に関する情報

(3)　当該第三者が講じる個人情報の保護のための措置に関する情報（当該情報を提供できない場合は、その旨及びその理由

9. 個人情報の開示

当社は、お客様から、個人情報保護法の定めに基づき個人情報及び個人情報保護法の定めに基づき当社が作成した第三者への提供にかかる記録及び第三者からの提供にかかる記録の開示を求められたときは、お客様ご本人からのご請求であることを確認の上で、お客様に対し、遅滞なく開示を行います（当該個人情報が存在しないときにはその旨を通知いたします。）。但し、個人情報保護法その他の法令により、当社が開示の義務を負わない場合は、この限りではありません。

10. 個人情報の訂正等

当社は、お客様から、個人情報が真実でないという理由によって、個人情報保護法の定めに基づきその内容の訂正、追加又は削除（以下「訂正等」といいます。）を求められた場合には、お客様ご本人からのご請求であることを確認の上で、利用目的の達成に必要な範囲内において、遅滞なく必要な調査を行い、その結果に基づき、個人情報の内容の訂正等を行い、その旨をお客様に通知します（訂正等を行わない旨の決定をしたときは、お客様に対しその旨を通知いたします。）。但し、個人情報保護法その他の法令により、当社が訂正等の義務を負わない場合は、この限りではありません。

11. 個人情報の利用停止等

当社は、お客様から、(1)お客様の個人情報が、あらかじめ公表された利用目的の範囲を超えて取り扱われているという理由、若しくは違法若しくは不当な行為を助長し、若しくは誘発するおそれがある方法により利用されているという理由により、又は本人の個人情報が偽りその他不正の手段により取得されたものであるという理由により、個人情報保護法の定めに基づきその利用の停止又は消去（以下「利用停止等」といいます。）を求められた場合、(2)個人情報がご本人の同意なく第三者に提供されているという理由により、個人情報保護法の定めに基づきその提供の停止（以下「提供停止」といいます。）を求められた場合、又は(3)当社が本人の個人情報を利用する必要がなくなった場合、本人の個人情報にかかる個人情報保護法第26条第1項本文に規定する事態が生じた場合その他本人の個人情報の取扱により本人の権利又は正当な利益が害されるおそれがある場合に該当するという理由により、個人情報保護法の定めに基づきその利用停止等又は提供停止を求められた場合において、そのご請求に理由があることが判明した場合には、お客様ご本人からのご請求であることを確認の上で、遅滞なく個人情報の利用停止等又は提供停止を行い、その旨をお客様に通知します。但し、個人情報保護法その他の法令により、当社が利用停止等又は提供停止の義務を負わない場合は、この限りではありません。

12.　個人関連情報の第三者提供

当社は、第三者が個人関連情報（個人情報保護法第2条第7項に定めるものを意味し、同法第16条第7項に定める個人関連情報データベース等を構成するものに限ります。以下同じ。）を個人データとして取得することが想定されるときは、第4項各号に掲げる場合を除くほか、次に掲げる事項について、あらかじめ個人情報保護委員会規則で定めるところにより確認することをしないで、当該個人関連情報を当該第三者に提供しません。また、当社は、個人関連情報を第三者に提供したときは、個人情報保護法第31条に従い、記録の作成及び保存を行い、第三者から個人関連情報の提供を受けるに際しては、個人情報保護法第31条に従い、必要な確認を行い、当該確認にかかる記録の作成及び保存を行うものとします。

(1)　当該第三者が当社から個人関連情報の提供を受けて本人が識別される個人データとして取得することを認める旨の本人の同意が得られていること。

(2) 外国にある第三者への提供にあっては、前号の本人の同意を得ようとする場合において、個人情報保護委員会規則で定めるところにより、あらかじめ、当該外国における個人情報の保護に関する制度、当該第三者が講ずる個人情報の保護のための措置その他本人に参考となるべき情報が本人に提供されていること。

13.　仮名加工情報の取扱い

13.1 当社は、仮名加工情報（個人情報保護法第2条第5項に定めるものを意味し、同法第16条第5項に定める仮名加工情報データベース等を構成するものに限ります。以下同じ。）を作成するときは、個人情報保護委員会規則で定める基準に従い、個人情報を加工するものとします。

13.2 当社は、仮名加工情報を作成したとき、又は仮名加工情報及び当該仮名加工情報に係る削除情報等（個人情報保護法第41条第2項に定めるものを意味します。以下同じ。）を取得したときは、削除情報等の漏えいを防止するために必要なものとして個人情報保護委員会規則で定める基準に従い、削除情報等の安全管理のための措置を講じるものとします。

13.3 当社は、第4項の規定にかかわらず、法令に基づく場合を除くほか、利用目的の達成に必要な範囲を超えて、仮名加工情報（個人情報であるものに限ります。以下本13.3、13.4、13.5において同じ。）を取り扱いません。

13.4 仮名加工情報についての第3条の適用については、同項中「相当の関連性を有すると合理的に認められる範囲内において変更する」とあるのは「変更する」と、「通知又は公表します」とあるのは「公表します」と、それぞれ読み替えるものとします。

13.5　仮名加工情報については、第7項及び第9項から第11項までの規定を適用しないものとします。13.6 当社は、第8.1項から第8.3項までの規定にかかわらず、法令に基づく場合を除くほか、仮名加工情報（個人情報であるものか否かを問いません。）を第三者に提供しません。但し、第8.1項各号に掲げる場合は上記に定める第三者への提供には該当しません。

14. Cookie（クッキー）その他の技術の利用

当社サービスは、Cookie及びこれに類する技術を利用することがあります。これらの技術は、当社による当社サービスの利用状況等の把握に役立ち、サービス向上に資するものです。Cookieを無効化されたいユーザーは、ウェブブラウザの設定を変更することによりCookieを無効化することができます。但し、Cookieを無効化すると、当社サービスの一部の機能をご利用いただけなくなる場合があります。

15. メール

利用規約に同意いただいたユーザーには来場者が参加しているイベントでの弊社サービスのご利用に関する情報を弊社サポートアドレスからお送り致しますが、イベントでの利用に関する情報以外のダイレクトメールは送信致しません。なお、メール配信を希望しないユーザーは、メール記載の連絡先あるいは「16.お問い合わせ」に記載の連絡先にコンタクトいただくことで、メール配信を停止していただけます。

16. 外部送信ポリシー

＜外部送信の目的＞

外部送信を行なう主な目的には以下の種類があります。

(1) 利用者による閲覧の傾向や履歴分析、不正や異常の監視を行うため。

(2) ウェブサイトやサービスを適正かつ安全に提供、利便性を向上させるため。

＜外部送信する情報＞

外部送信を行なう主な情報には以下の種類があります。

(1) 閲覧ページに関するデータ

(2) 閲覧の履歴

(3) 行動の履歴

(4) ユーザー識別子（cookie、端末識別子等）

＜外部送信先一覧＞

当サービスを利用される方に関する情報を送信している外部のサービスは以下のとおりです。

事業者名: Google LLC

利用目的:

(1) 利用者による閲覧の傾向や履歴分析、不正や異常の監視を行うため。

(2) ウェブサイトやサービスを適正かつ安全に提供、利便性を向上させるため。

送信情報:

(1) 閲覧ページに関するデータ

(2) 閲覧の履歴

(3) 行動の履歴

(4) ユーザー識別子（cookie、端末識別子等）

17. お問い合わせ

開示等のお申出、ご意見、ご質問、苦情のお申出その他個人情報の取扱いに関するお問い合わせは、下記の窓口までお願い致します。

東京都中央区東日本橋2-24-9 LIT HIGASHI NIHOMBASHI WEEK 6階
株式会社EventHub (EventHub Co., Ltd.)　代表取締役　吉越理恵
E-mail：info@eventhub.jp
（なお、受付時間は、平日10時から18時までとさせていただきます。）

18. 継続的改善

当社は、個人情報の取扱いに関する運用状況を適宜見直し、継続的な改善に努めるものとし、必要に応じて、本プライバシーポリシーを変更することがあります。

EventHub Co., Ltd. Privacy Policy

This version is EventHub’s company privacy policy translated into English. Please note that the Japanese version is the legally bound version overseen by our lawyers and Japanese law. When you’re agreeing to the terms of this document you’re agreeing to the terms written in the original version in Japanese.

EventHub Co., Ltd. (“EventHub”, “we” and/or “us”) acknowledge the importance of protecting “users’” (Customer using our services, “EventHub” and/or “CommunityHub”) personal information and will make all efforts necessary to abide by Japan’s Personal Information Protection Laws according to the following privacy policies.

1. Definition

We define “personal information” as information defined by Japan’s personal information protection law Article 2 Item 2, which defines personal information as any information about a person including his or her name, date of birth, or other information that is unique to his or her identity.

2. Purpose of Use

We will use your personal information for the following purposes and functions of our service:

(1) Our product’s user management operations, such as identification of users upon and after log-in, and automatic display of users’ personal information on application screens.

(2) User profile pages within our application, where users can display their information to other users or event organizers, as well as communicate with other users via our messenger platform. They are able to disclose all or part of their personal information (e.g., name, affiliation, title, etc.) to the extent that they choose in their account settings.

(3) Provision of event ticket selling platform

(4) Provision of messenger services within the application, where users can view each other’s personal information to the extent that each user has disclosed under his or her account settings.

(5) Notification (through email) of important information regarding use of our service.

(6) Event operation support, consultation and marketing services based on information collected from data analysis using users’ personal information, access and meeting reservation history, meeting reservation messages, and behavior during the event period (while keeping each user account anonymous and undistinguishable).

(7) Targeted advertisements and notifications, regarding new products or service offerings, based on users’ behavior, access history and personal information (while keeping each user account anonymous and unidentifiable).

(8) Use and creation of statistical analysis regarding our service (while keeping each user account anonymous and undistinguishable).

(9) For marketing materials and information to share with partner companies (while keeping each user account anonymous and undistinguishable).

3. Changes in purposes of personal information use

We have the right to change purposes written above insofar as it is deemed appropriate, and will notify you or publicly announce in case of such changes.

4. Use of personal information

We will not use your personal information without your approval beyond the level that we need to deliver our services, except for in the following circumstances.

(1) When it is legal to do so

(2) When the information is necessary for safety or security and it is difficult to obtain your approval beforehand

(3) When the information is necessary for public health and child development and it is difficult to obtain your approval
beforehand

(4) When the government, municipal organizations or any organization working for them mandate disclosure of personal information for them to carry out their governmental duties, and when it is not possible for them nor us to notify you as it will counter their duties

(5) When the information is used by academic research organizations or other institutions for the purpose of academic research, including cases where a part of the purpose of handling said personal information is for academic research purposes, while excluding cases that may unreasonably infringe the rights and interests of individuals.

5. Obtainment of personal information

We will obtain personal information through appropriate, and never fraudulent, means.

6. Proper management of personal information

We commit to making all measures possible and will supervise all employees and external parties (under contract) involved in the management of personal information as to prevent any loss, damage and leakage of information. Details regarding specific security control measures of personal information held by EventHub can be found below:

Establishment of Privacy Policy

To ensure the proper handling of personal information, we have established this Privacy Policy as our basic policy regarding “Compliance with related laws and guidelines,” and “Contact for questions and complaints”.

Discipline for the handling of personal information

Establish Personal Information Handling Guidelines at each stage of acquisition, use, storage, provision, deletion/disposal, etc., including handling methods, responsible person/persons in charge, and their duties.

Organizational data management and security protocols

1) Designate a board member or an employee responsible for the handling of personal information, clarify the scope of personal data handled to the employees who handle personal information, and establish a management escalation reporting system in case the fact or signs of violation of the law or handling regulations are detected.

2) Conduct periodic self-inspections of the status of personal information handling, as well as audits by other departments and outside parties.

Employee data management and security protocols

1) Provide regular training to employees on matters to be considered in handling personal information.

2) Include confidentiality of personal information in Labor Regulations.

Physical data management and security protocols

1) Inside the business office, where personal information is handled, access control for employees and restrictions on equipment, etc. that they may bring into the office are implemented, as well as measures to prevent unauthorized persons from accessing personal information.

2) Measures are taken to prevent theft or loss of equipment, electronic media, and documents that handle personal information. Measures are taken to ensure personal information is not easily browsed when such equipment, electronic media, etc. are carried, including within the office.

3) Measures are taken to limit the areas where personal information is handled to telework destinations (e.g., home) outside of the business office, as stipulated in the employment contract. In the unlikely event that work is required at a location other than the pre-approved telework location, the supervisor will confirm and approve in advance that such an environment is sufficient to handle personal information and personal information cannot be viewed by others.

Technical security management and security protocols

1) Implement access control to limit the scope of persons in charge and the personal information databases that they handle.

2) Implement mechanisms to protect information systems that handle personal information from unauthorized external access or unauthorized software

Observing the external environment

Following the personal information protection regulations of Japan, implement safety control measures to protect personal information.

Although EventHub use an external server (AWS as of the end of March 2022) externally and has been told that it uses a server in Japan for information storage, there is a possibility that a server in a foreign country may be used due to sole judgment of AWS, or that we may switch to a different external server. In such cases, if the current provisions are determined to be inaccurate, the relevant provisions in the Privacy Policy will be amended promptly.

7. Reporting

In the event of leakage, loss, damage, etc. of personal information handled by the Company, the Company will report to the Personal Information Protection Committee and notify the individual in accordance with the Personal Information Protection Law.

8. Disclosure to third parties

8.1 We will not share your personal information without prior notice and agreement in all cases, except for when we are legally mandated to disclose such information under personal information protection law. The following acts, however, are not regarded as “disclosure of information to third parties” and therefore do not follow the above clause:

(1) When we outsource part or all of our operations to another company under a legal contract

(2) Sharing of information upon mergers or acquisitions with another company

(3) Cases of joint use in accordance with the provisions of Personal Information Protection Law

8.2 Notwithstanding the provisions of Section 8.1, except in cases falling under any of the items of Section 4, we will not sell, rent, lease, or otherwise transfer personal information to any third party (excluding those who have established a system that conforms to the standards designated by the Rules of the Personal Information Protection Commission based on Article 28 of the Personal Information Protection Law) within a foreign country (excluding countries designated by the Rules of the Personal Information Protection Commission under Article 28 of the Personal Information Protection Law) unless EventHub has obtained the prior consent from the individual to the effect that the personal information may be provided to the third party located abroad.

8.3 When we obtain the consent as stated in Section 8.2, we will provide the individual with the following information. However, in cases where the item (1) cannot be specified, the following information shall be provided in lieu of the items (1) and (2): the fact that the first item cannot be specified, the reason, and any information that can be used as a reference for the person in lieu of the item (1).

(1) Name of the foreign country

(2) Information on systems for the protection of personal information in the foreign country

(3) Information on measures taken by the third party to protect personal information (if such information cannot be provided, a statement to that effect and the reason)

9. Disclosure of personal information

When we receive a request from a customer for disclosure of personal information and records of provision of personal information to or from a third party prepared by us in accordance with the provisions of the Personal Information Protection Law, we will verify that the request is made by the customer himself/herself and will notify the customer without delay. (If such personal information does not exist, we will notify you to that effect.) However, this does not apply to cases in which we are not obligated to disclose the information under the Personal Information Protection Law or other laws or regulations.

10. Editing personal information

In cases where users assert that their information is false and therefore request an update or deletion, we will abide by Personal Information Protection Laws and first conduct research to ensure that the claim is correct. If the claim is correct, we will update or delete his or her information accordingly and notify upon completion. If the claim is not correct, we will inform them of that fact and that we therefore do not need to delete or edit their information. We will also not edit or delete information in cases where we are deemed not responsible by Personal Information Protection Laws.

11. Termination of use

In cases where users assert that (1) their information is handled in a manner that exceeds the scope of the purpose of use that has been publicly announced in advance, our users’ personal information is used in a manner that may encourage or induce illegal or unjust acts, or users’ personal information is used incorrectly or misleadingly, or users’ information has been obtained by wrongful means, and therefore request a suspension of use or deletion of personal information, or (2) the personal information has been provided to a third party without the consent of the users’, and therefore request a suspension of use or deletion, or (3) we no longer need to use the personal information of the individual, or in the event of a situation stipulated in the main clause of Article 26-1 of the Personal Information Protection Law concerning the individual’s personal information or in the event that the rights or legitimate interests of the individual may be impaired by the handling of the individual’s personal information and therefore request a suspension of use or deletion of personal information,, and the background for such suspension or deletion request is found, we will conduct identity verification of such claims, and thereafter delete or modify personal information accordingly and notify upon completion. Nevertheless, we will not edit or delete information in cases where we are deemed not responsible by Personal Information Protection Laws or other applicable laws.

12. Sharing of personally identifiable information to third parties

EventHub shall not disclose to any third party any personally identifiable information (as stipulated in Article 2, Paragraph 7 of the Act on the Protection of Personal Information, and limited to those constituting the Personal Information Database, etc. stipulated in Article 16, Paragraph 7 of the said Act. The same shall apply hereinafter), when such personally identifiable information is expected to be obtained as personal data, without confirming the following matters in advance in accordance with the Rules of the Personal Information Protection Commission and conforming each objective listed in Paragraph 4 and conditions stated as below. In addition, when providing personally identifiable information to a third party, we shall create and preserve records in accordance with Article 31 of the Personal Information Protection Law, and when receiving personally identifiable information from a third party, we shall conduct the necessary confirmation in accordance with Article 31 of the Personal Information Protection Law, and create and preserve records related to such confirmation.

(1) The individual’s consent has been obtained to allow the third party to receive the personally identifiable information from us and to acquire it as personal data that identifies the individual.

(2) In providing any personally identifiable information to a third party in a foreign country and obtaining the personal consent set forth in the previous clause, as prescribed by the Rules of the Personal Information Protection Commission, the system for protection of personal information in the foreign country, the measures taken by the third party to protect personal information, and other information that should be of reference to the individual are provided in advance to the person in question.

13. Handling of Pseudonymized Processed Information

13.1 When creating Pseudonym Processed Information (meaning those set forth in Article 2 Paragraph 5 of the Personal Information Protection Law, and limited to those constituting the Pseudonymous Processed Information Database, etc. set forth in Article 16 Paragraph 5 of the said Law. The same shall apply hereinafter), we shall process personal information in accordance with the standards set forth in the Rules of the Personal Information Protection Commission.

13.2 When creating the Pseudonym Processed Information or acquiring the Pseudonym Processed Information or the Deleted Pseudonym Processed (meaning those set forth in Article 41, Paragraph 2 of the Personal Information Protection Law. The same shall apply hereinafter) we shall take measures for the secure management of the Deleted Pseudonym Processed Information in accordance with the standards prescribed by the Rules of the Personal Information Protection Commission as necessary to prevent leakage of the Deleted Pseudonym Processed Information.

13.3 Notwithstanding the provisions of Paragraph 4, except as otherwise required by laws and regulations, we will not use the Pseudonym Processed Information (limited to information that is Personal Information. The same shall apply hereinafter in this 13.3, 13.4, and 13.5.) beyond the scope of Purposes of Use.

13.4 With respect to the application of Paragraph 3 to the Pseudonym Processed Information, the terms “change purposes written above insofar as it is deemed appropriate” shall be deemed to be replaced with “change purposes” and
and “notify you or publicly announce” in Paragraph 3 shall be deemed to be replaced with “publicly announce” respectively.

13.5 Paragraphs 7 and 9 through 11 shall not apply to Pseudonym Processed Information.

13.6 Notwithstanding the provisions of Sections 8.1 through 8.3, except as otherwise required by law, we shall not provide the Pseudonymized Processed Information (whether or not said information will be deemed as personal information) to any third party.However, the cases listed in each item of Section 8.1 do not fall under the provision of providing the Pseudonymized Processed Information to third parties as set forth.

14. Use of cookie and other technologies

We use Cookie and other related technologies for continued tracking and improvement of our service. For those users who would like to disable the cookie on their browser, they may do so by changing their browser settings. However, please note that a part of our service will be unavailable for use once the cookie has been turned off.

15. Mail

EventHub will be sending the emails to users who agreed to the Terms of Use emails regarding the use of our service for the event that users are attending. We will not be sending them direct emails that are irrelevant to the use of our service. Users may unsubscribe from receiving emails by either contacting the support desk in the email or E-mail address stated in 16. Contact Us.

16. Contact Us

Please contact us at the following for inquiries and questions regarding our privacy policy or your personal information at the following: EventHub Co., Ltd.

15 Konyacho, Kanda, Chiyoda-ku, Tokyo JAPAN
EventHub Co., Ltd. CEO Yoshigoe Rie
E-mail:Info@eventhub.jp
(Offices are open on weekdays from 10AM to 6PM Tokyo time).

17. Continued improvement

We will take all measures possible to improve our personal information management and will regularly review and update this privacy policy as needed.

EventHub GDPR Privacy Policy (for citizens of the EU only)

This GDPR PRIVACY POLICY (this “Privacy Policy”) states the policy for processing of personal data obtained from persons (the “User” or “Users”) residing in the EU (as defined below) that use the service “EventHub” (the “Service”) of our company (the “Company”). Upon the User’s agreement to this Privacy Policy, the User shall be deemed to have given a voluntary and express consent to the subject matters of the User’s consent stipulated in this Privacy Policy (including, without limitation, the purposes of processing of personal data and transfer of personal data to third countries).

1. Definitions

The following terms as used herein shall have the meanings as set forth below. Definitions of the terms that are not defined herein shall be subject to the applicable definitions provided in GDPR.

(1) “EU” means the European Union that includes the member states of the European Union, as well as Iceland, Liechtenstein and Norway under the Agreement on the European Economic Area (EEA).

(2) “GDPR” means REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC(General Data Protection Regulation).

(3) “Applicable Privacy Laws” means applicable privacy laws including GDPR and domestic laws related thereto of relevant countries.

(4) “personal data” means “personal data” as defined in GDPR.

(5) “processing” means “processing” as defined in GDPR.

(6) “Controller” means “controller” as defined in GDPR.

(7) “Representative” means “representative” as defined in GDPR.

2. Scope of this Privacy Policy

This Privacy Policy shall be applied to the processing of the personal data of the Users in relation to the Service that shall be governed by the Applicable Privacy laws.

3. Users under the age of 16

If any User under the age of 16 uses the Service, it shall make sure to obtain the guardian’s consent to this Privacy Policy or to give the consent to this Privacy Policy under the guardian’s permission thereto.

4. Controller

The Controller for the processing of the personal data shall be the Company, whose contact details are as follows. EventHub Co., Ltd.
15 Konyacho, Kanda, Chiyoda-ku, Tokyo JAPAN
EventHub Co., Ltd.
E-mail:Info@eventhub.jp

5. Personal Data to be Collected

5.1　The Company may obtain the following personal data from the Users.

(1) Name

(2) Email address

(3) Username and password

(4) IP address, information of browser and OS, cookie information, history information of website access

(5) Company and/or affiliation

(6) Job title

(7) Self-Introduction

(8) Relevant keywords and industry information

(9) Number of times to contact

(10) Search history

(11) Other information that event organizer deemed necessary for event registration

5.2　The Company may collect the personal data in the following cases.

(1) When the User subscribes for the Service, including, but not limited to, through the registration form of the Company, the registration form of other companies via API linkage or CSV uploading

(2) When the User otherwise uses the Service

(3) When the Company receives from affiliated parties information regarding transaction record or payment between the User and the Company or the affiliated parties

6. Purpose and legal basis of Data Processing

6.1　The Company shall process the personal data only for the purposes as set forth below.

(1) Productʼs user management operations

The Company may process the personal data of the User for the Company’s product’s user management operations such as identification of Users upon and after log-in, and automatic display of Usersʼ personal information on application screens for the purpose of performing the contract.

(2) User profile pages

The Company may process the personal data of the User for User profile pages within the Company’s application, where Users can display their information to other Users or event organizers, as well as communicate with other Users via the Company’s messenger platform for the purpose of performing the contract. The receiving parties are able to disclose all or part of their personal information (e.g., name, affiliation, title, etc.) to the extent that they choose in their account settings for the purpose of performing the contract.

(3) Provision of messenger services

The Company may process the personal data of the User for provision of messenger services within the application, where the Users can view each otherʼs personal information to the extent that each User has disclosed under his or her account settings for the purpose of performing the contract.

(4) Notification

The Company may process the personal data of the User for notification of important information regarding use of the Service for the purpose of performing the contract.

(5) Event consultation services

The Company shall obtain the User’s prior consent if the Company processes the personal data of the User for event consultation services based on information collected from data analysis using Usersʼ personal information, access and meeting reservation history, meeting reservation messages, and behavior during the event period (while keeping each User account anonymous and undistinguishable).

(6) Targeted advertisements

The Company shall obtain the User’s prior explicit consent if the Company processes the personal data of the User for targeted advertisements and notifications based on Usersʼ behavior, access history and personal information (while keeping each User account anonymous and undistinguishable).

(7) Use and creation of statistical analysis regarding the Service

The Company shall obtain the User’s prior consent if the Company processes the personal data of the User for use and creation of statistical analysis regarding the Service (while keeping each User account anonymous and undistinguishable).

(8) For marketing materials and information to share with partner companies

The Company shall obtain the User’s prior consent if the Company processes the personal data of the User for marketing materials and information to share with partner companies (while keeping each User account anonymous and undistinguishable).

6.2 In cases where the Company intends to further process the personal data for a purpose other than that for which the personal data were collected, the Company shall provide the User prior to that further processing with information on that other purpose.

7. Provision of Information to Third Party

The Company may provide the personal data of the Users to the following parties, to the extent necessary for pursuing the purpose of processing. As set forth in Section 8.2, such third parties may include parties residing or located in countries outside the EU.

(1) Group companies and partner companies of the Company

(2) Accountants, lawyers and other professional advisers

(3) Providers of the services related to the Service, including, without limitation, data storage, maintenance and payment service

(4) Parties to whom the Company entrusts a whole or part of the handling of the personal data within the necessary scope to achieve purposes of processing

(5) Successors of business succession of the Company caused by a merger or any other reason

8. Transfer of Personal Data to Third Countries

8.1 When the Company receives personal data from the User, the personal data is transferred from the EU region to Japan.

8.2 In addition to the foregoing, the Company may, to the extent necessary for pursuing the aforementioned purposes of processing, transfer personal data of the Users to countries outside the EU, including, without limitation, Japan, and further process the same. The User may not have the right as a data subject same as that under GDPR in countries outside the EU, and the Company shall take steps regarding the User’s personal data in accordance with the Applicable Privacy Laws, by means such as execution of standard contractual clauses under GDPR.

8.3 Upon the User’s agreement to this Privacy Policy, the User shall be deemed to have given a voluntary and express consent to the transfer of personal data to third countries set forth in this Section 8.

8.4 Japan, to which the transfer stipulated in this Section 8 is made, has obtained an adequacy decision by the European Commission.

9. Storage Period

The Company shall store the personal data of the Users to the extent necessary for the purpose of processing thereof, and delete the personal data when the storage becomes unnecessary for such purpose.

10. Cookies

Cookies or similar technologies may be used in the Company’s service. Such technologies help the Company to recognize the status of use of the Company’s service, etc. and contribute to improvement of the service. When a User intends to disable cookies, the User may disable cookies by changing the web browser’s settings. Please note that when cookies are disabled, a part of the service may be unavailable.

11. Disclosure, Modification, Deletion, etc. of Personal Data

11.1 If a User that is the subject of the personal data requires any of the following, please notify the contact address of the Company of that effect. The Company will properly respond to that request pursuant to the User’s right under the Applicable Privacy Laws.

(1) Access to personal data

(2) Modification of personal data

(3) Deletion of personal data

(4) Restriction on processing of personal data

(5) Objection to processing

(6) Exercise of right to data portability

11.2 For the request under Section 11.1, please submit the following documents by mail or email.

(1) Request form specified by the Company

(2) Document for identification of the User as specified by the Company

(3) Document for identification of the representative of the User as specified by the Company

11.3 To avoid undue modification, divulge, etc. of the personal data of the User by a third party, the Company will respond to the request by mail or email, only if the identity confirmation is made by the submitted documents. Although the Company will make an effort to promptly respond, please note that it may take time until response, for the confirmation of the applicable registered personal data and for assuring accuracy.

11.4 The Company will not return the request form or identification documents received from the User or its representative. Please understand that the Company will keep the request form properly, and delete the identification documents in an appropriate manner when the purpose of use thereof is achieved.

12. Withdrawal of Consent

For the processing of the personal data based on the User’s consent, the User shall have the right to withdraw the consent for the personal data at any time.

13. Lodgment of Complaint with Supervisory Authority

In addition to the aforementioned rights, the User may lodge a complaint with a supervisory authority at any time. However, the Company appreciates a notification to the Company prior to contacting the supervisory authority, so that the Company may have the opportunity to respond to the complaint of the User.

14. Necessity of Provision of Personal Data

Since the personal data to be provided by the User are necessary for the Company to provide the Service, the Service may be unavailable to the User that does not provide the data.

15.Behaviour Targeting

Upon the Users agreement to this Privacy Policy, the User shall be deemed to have given a voluntary and express consent to the profiling for targeting advertisement.

16. Inquiries

For questions or complaints, or for the exercise of the rights under Sections 11 and 12, please contact the following contact addresses.

15 Konyacho, Kanda, Chiyoda-ku, Tokyo JAPAN
EventHub Co., Ltd.
E-mail:Info@eventhub.jp
(The hours for inquiries are from 10AM to 6PM on weekdays (excluding Saturday, Sunday and holidays) Japan time and calendar)

17. General Provisions

17.1 The Company shall retain the right to regularly amend this Privacy Policy. The User shall regularly check and confirm the applicable provisions at its responsibilities.

17.2 In the event of conflict between the Applicable Privacy Laws and any provision of this Privacy Policy, the provision shall be deemed replaced by a provision of the same meaning that reflects the original intention, to the maximum extent permitted by laws. In that case the remaining provision hereof shall continue to be applied without change.

18 . Handling of Personal Data Provided on the Basis of an Adequacy Decision

In addition to the provisions of the laws of Japan and the EventHub Co., Ltd. Privacy Policy (https://eventhub.jp/privacy), the following provisions shall apply to personal data provided on the basis of an adequacy decision by European Commission under Article 45 of GDPR (the “Adequacy Decision”), and the provisions of this paragraph shall prevail if there is a conflict between the provisions of this paragraph and those of such policy.

18.1 In the event that personal data provided from the EU region on the basis of the Adequacy Decision contains information on sex life, sexual orientation, or trade union membership, as defined in the GDPR as “Special Categories of Personal Data”, such information shall be treated as special care-required personal information under the Act on the Protection of Personal Information, the law of Japan (the “the Personal Information Protection Law”).

18.2 Personal data that the Company has received from the EU region on the basis of the Adequacy Decision shall be treated as retained personal data as set forth in Article2, paragraph 7 of the Personal Information Protection Law, regardless of the period within which such information shall be deleted, unless such data falls under the category of “those prescribed by cabinet order as likely to harm the public or other interests if their presence or absence is made known” as set forth in the said paragraph.

18.3 When the Company receives personal data from the EU region on the basis of the Adequacy Decision, the Company shall confirm and keep a record of the circumstances under which the said personal data was acquired, including the purposes of processing specified at the time when personal data are obtained under the provisions of Article 26, paragraphs 1 and 3 of the Personal Information Protection Law.

18.4 In the event that the Company receives the personal data from another personal information handling business operator (as set forth in the Personal Information Protection Law) that has received the personal data provided from the EU region on the basis of the Adequacy Decision , the Company shall confirm and keep a record of the circumstances under which such
personal data was acquired, including the purposes of processing specified at the time when personal data are obtained based on the provisions of Article 26, paragraphs 1 and 3 of the Personal Information Protection Law.

18.5 With respect to personal data that has been confirmed and kept record of in accordance with 18.3 or 18.4, the Company shall specify the purposes of processing within the scope of the purposes of processing specified at the time of initial or when personal data are obtained and shall use such personal data within the scope of the purposes of processing.

18.6 In providing personal data provided from the EU region on the basis of the Adequacy Decision to a third party in a foreign country, the Company shall obtain the User’s prior consent to the effect that he or she approves the provision to the third party in a foreign country on the condition that the company provides information on the status of the receiving party necessary for the User to make a decision concerning the consent under Article 24 of the Personal Information Protection Law.

18.7 Personal data provided from the EU region on the basis of the Adequacy Decision shall be deemed to be the anonymously processed information provided in the Personal Information Protection Law provided that such personal data are processed not to be able to restore the personal information by deleting processing method information (individual identification codes deleted from personal information used to produce the anonymously processed information, individual identification code, and information on the processing method carried out pursuant to the provisions of Article 36, Paragraph 1 of the Personal Information Protection Law (limited to information that can be used to restore the personal information) ).

EventHub Australian Privacy Policy Addendum

This Australian Privacy Policy Addendum (this “Australian Addendum”) states the policy for processing of personal data obtained from persons (the “User” or “Users”) residing in the Australia (as defined below) that use the service “EventHub” (the “Service”) of our company (the “Company”), and Australian Privacy Policy constitutes of this Privacy Policy and Australian Addendum. Upon the User’s agreement to this Privacy Policy (including Australian Addendum), the User shall be deemed to have given a voluntary and express consent to the subject matters of the User’s consent stipulated in this Privacy Policy (including, without limitation, the purposes of processing of personal data and transfer of personal data to third countries).

1 . Definitions

Definitions of the terms that are not defined in this Privacy Policy shall be subject to the applicable definitions provided in Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (the Australian Privacy Act). A copy of the APP may be obtained from the website of the Office of the Australian Information Commissioner.

2 . Mail Unsubscriptions

You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing.

3 . Addendum to your Personal Information

3.1 You may access your Personal Information we hold and request for update, correction, deletion or actions as such, subject to certain exceptions, by contacting our email address. EventHub will not charge any fee for your access request, while an administrative fee may be charged for providing a copy of your Personal Information. In taking any actions requested, EventHub may require identifications from you.

3.2 EventHub will take proper actions internally to maintain your Personal Information up to date. If any information was not updated in a timely manner, please advise us as soon as practicable, and we will update our records accordingly.