Privacy Policy
timespace Inc. (hereinafter "the Company") recognizes the importance of protecting personal information, complies with the Act on the Protection of Personal Information (hereinafter "the Personal Information Protection Act"), and strives for appropriate handling and protection of personal information in accordance with the following Privacy Policy (hereinafter "this Privacy Policy"). Unless otherwise specified in this Privacy Policy, the definitions of terms used herein shall follow the provisions of the Personal Information Protection Act.
1. Definition of Personal Information
In this Privacy Policy, personal information refers to information about a living individual that falls under any of the following categories:
(1) Information that can identify a specific individual through names, dates of birth, or other descriptions contained therein (including documents, drawings, or electromagnetic records, or anything expressed by voice, action, or other means), including information that can be easily cross-referenced with other information to identify a specific individual.
(2) Information that contains personal identification codes.
2. Purpose of Use of Personal Information
The Company uses personal information for the following purposes:
(1) To provide the service named "ZINE," which primarily enables users to post columns created by analyzing photos taken by users, and to view "ZINE" posts made by other users (including any service whose name or content is changed for any reason, and hereinafter referred to as "the Service").
(2) To respond to inquiries and provide guidance regarding the Service.
(3) To provide information about the Company's products and services.
(4) To respond to violations of the Company's terms, policies, and other rules related to the Service (hereinafter "Terms, etc.").
(5) To notify users of changes to Terms, etc. related to the Service.
(6) To improve the Company's services and develop new services by analyzing information on users' service usage.
(7) For employment management and internal procedures (regarding personal information of officers and employees), and for selection and communication in recruitment activities (regarding personal information of applicants).
(8) For shareholder management and procedures required under the Companies Act and other laws (regarding personal information of shareholders, stock option holders, etc.).
(9) To create statistical data processed in a format that does not identify individuals in connection with the Company's services.
(10) For other purposes incidental to the above purposes.
3. Changes to the Purpose of Use of Personal Information
The Company may change the purpose of use of personal information within a scope reasonably recognized as having relevance, and if changed, will notify or publicly announce the change to the individual who is the subject of the personal information (hereinafter "the data subject").
4. Use of Personal Information
4.1 Except as permitted by the Personal Information Protection Act or other laws and regulations, the Company will not handle personal information beyond the scope necessary to achieve the purpose of use without the consent of the data subject. However, this does not apply in the following cases:
(1) When required by law.
(2) When necessary to protect the life, body, or property of a person and it is difficult to obtain the consent of the data subject.
(3) When particularly necessary to improve public health or promote the sound growth of children, and it is difficult to obtain the consent of the data subject.
(4) When cooperation is necessary for a national or local government agency or its entrusted party to carry out duties prescribed by law, and obtaining the consent of the data subject is likely to impede the performance of such duties.
(5) When providing personal data to an academic research institution, and such institution needs to handale the personal data for academic research purposes (including cases where part of the purpose for handling such personal data is for academic research, excluding cases where there is a risk of unjustly infringing on the rights and interests of individuals).
4.2 The Company will not use personal information in a manner that encourages or induces illegal or unjust acts.
5. Proper Acquisition of Personal Information
5.1 The Company acquires personal information properly and will not acquire it through deception or other improper means.
5.2 Except in the following cases, the Company will not acquire sensitive personal information (as defined in Article 2, Paragraph 3 of the Personal Information Protection Act) without obtaining prior consent of the data subject:
(1) When falling under any of the items in Article 4.1, items 1 through 4.
(2) When acquiring sensitive personal information from an academic research institution, and such acquisition is necessary for academic research purposes (including cases where part of the purpose for acquiring such sensitive personal information is for academic research, excluding cases where there is a risk of unjustly infringing on the rights and interests of individuals) (limited to cases where the Company conducts joint academic research with such academic research institution).
(3) When the sensitive personal information has been made public by the data subject, a national or local government agency, an academic research institution, a person listed in each item of Article 57, Paragraph 1 of the Personal Information Protection Act, or other persons specified by the Personal Information Protection Commission rules.
(4) When acquiring sensitive personal information that is externally apparent by visually observing or photographing the data subject.
(5) When receiving the provision of sensitive personal information from a third party and such provision by the third party falls under any of the items in Article 8.1.
5.3 When receiving the provision of personal information from a third party, the Company will confirm the following items in accordance with the rules of the Personal Information Protection Commission, except when the provision of such personal information by the third party falls under any of the items in Article 4.1 or Article 8.1:
(1) The name and address of the third party, and in the case of a corporation, the name of its representative (or in the case of a non-corporate organization with a representative or manager, the name of such representative or manager).
(2) The circumstances under which the third party acquired the personal information.
6. Security Management of Personal Information
The Company shall provide necessary and appropriate supervision of its employees to ensure the security management of personal information against risks such as loss, destruction, falsification, and leakage. Additionally, when entrusting all or part of the handling of personal information, the Company shall provide necessary and appropriate supervision to ensure that the entrusted party also maintains security management of personal information.
The specific security management measures for personal data held by the Company are as follows. Note that for technical security management measures, understanding of the external environment, and supervision of subcontractors, necessary and appropriate measures will be taken, but for specific details, please contact the inquiry desk specified in Section 15.
**Formulation of Basic Policy** As a basic policy regarding "compliance with relevant laws, guidelines, etc." and "desk for questions and complaints," this Privacy Policy has been established to ensure appropriate handling of personal data.
**Establishment of Disciplines for Handling Personal Data** Handling methods, persons responsible, personnel in charge, and their duties have been established in personal data handling regulations for each stage of acquisition, use, storage, provision, deletion/disposal, etc.
**Organizational Security Management Measures** 1) A person responsible for the handling of personal data has been appointed, the scope of employees who handle personal data and the personal data they handle has been clarified, and a reporting system to the person responsible has been established when facts or signs of violation of laws or handling regulations are discovered. 2) Self-inspections of the status of personal data handling are conducted regularly, and audits by other departments and external parties are also conducted.
**Personnel Security Management Measures** 1) Regular training for employees on matters to be noted regarding the handling of personal data. 2) Matters related to confidentiality of personal data are included in employment regulations.
**Physical Security Management Measures** 1) In areas where personal data is handled, entry and exit management of employees and restrictions on devices brought in are implemented, and measures to prevent unauthorized persons from viewing personal data are in place. 2) Measures are taken to prevent theft or loss of equipment, electronic media, and documents handling personal data, and measures are implemented to prevent personal data from being easily identified when such equipment and electronic media are carried, including movement within the office.
7. Reporting in Case of Leakage, etc.
In the event that leakage, loss, damage, or other incidents involving personal information handled by the Company occur, when reporting to the Personal Information Protection Commission and notification to the data subject are required under the provisions of the Personal Information Protection Act, the Company will make such reports and notifications.
8. Provision to Third Parties
8.1 Except when falling under any of the items in Article 4.1, the Company will not provide personal information to third parties without obtaining prior consent of the data subject. However, the following cases do not constitute provision to third parties as defined above:
(1) When personal information is provided in connection with entrusting all or part of the handling of personal information within the scope necessary to achieve the purpose of use.
(2) When personal information is provided in connection with the succession of business due to merger or other reasons.
(3) When jointly used in accordance with the provisions of the Personal Information Protection Act.
8.2 When the Company provides personal information to a third party, it will create and retain records in accordance with Article 29 of the Personal Information Protection Act.
8.3 When the Company receives the provision of personal information from a third party, it will conduct the necessary confirmations in accordance with Article 30 of the Personal Information Protection Act, and create and retain records of such confirmations.
9. Disclosure of Personal Information
9.1 When a data subject requests disclosure of personal information in accordance with the provisions of the Personal Information Protection Act, the Company will confirm that the request is from the data subject themselves, and then disclose the information to the data subject without delay (if the personal information does not exist, the data subject will be notified to that effect). However, this does not apply when the Company is not obligated to disclose under the Personal Information Protection Act or other laws and regulations. Please note that a handling fee (1,000 yen per case) will be charged for the above disclosure.
9.2 The provisions of the preceding paragraph (including provisions regarding handling fees) shall apply mutatis mutandis to records of provision to third parties created pursuant to Article 8.2, and records of provision from third parties created pursuant to Article 8.3, regarding personal information by which the data subject is identified.
10. Correction, etc. of Personal Information
When a data subject requests correction, addition, or deletion (hereinafter "Correction, etc.") of personal information on the grounds that it is not accurate, in accordance with the provisions of the Personal Information Protection Act, the Company will confirm that the request is from the data subject themselves, conduct the necessary investigation without delay within the scope necessary to achieve the purpose of use, correct the content of the personal information based on the results, and notify the data subject accordingly (if a decision is made not to make the Correction, etc., the data subject will be notified to that effect). However, this does not apply when the Company is not obligated to make Correction, etc. under the Personal Information Protection Act or other laws and regulations.
11. Suspension of Use, etc. of Personal Information
When a data subject requests suspension of use or erasure (hereinafter "Suspension of Use, etc.") of personal information on the grounds that: (1) the personal information is being handled beyond the scope of the publicly announced purposes of use, is being used in a manner that encourages or induces illegal or unjust acts, or has been acquired by deception or other improper means, in accordance with the provisions of the Personal Information Protection Act; (2) personal information is being provided to third parties without the consent of the data subject, and requests suspension of provision (hereinafter "Suspension of Provision") in accordance with the provisions of the Personal Information Protection Act; or (3) the Company no longer needs to use the data subject's personal information, an incident as specified in the main text of Article 26, Paragraph 1 of the Personal Information Protection Act has occurred regarding the data subject's personal information, or there are other grounds that the handling of the data subject's personal information is likely to harm the rights or legitimate interests of the data subject — if the request is found to be justified, the Company will confirm that the request is from the data subject themselves, and then conduct Suspension of Use, etc. or Suspension of Provision without delay, and notify the data subject accordingly. However, this does not apply when the Company is not obligated to conduct Suspension of Use, etc. or Suspension of Provision under the Personal Information Protection Act or other laws and regulations.
12. Provision of Personally Related Information to Third Parties
12.1 When it is anticipated that a third party will acquire personally related information (as defined in Article 2, Paragraph 7 of the Personal Information Protection Act, limited to those constituting a personally related information database, etc. as defined in Article 16, Paragraph 7 of the same Act; the same applies hereinafter) as personal data, the Company will not provide such personally related information to such third party without confirming the following items in advance in accordance with the rules of the Personal Information Protection Commission, except when falling under any of the items in Article 4.1:
(1) That the consent of the data subject has been obtained to the effect that the third party may receive the provision of personally related information from the Company and acquire it as personal data by which the data subject is identified.
(2) In the case of provision to a third party in a foreign country, that when seeking the consent of the data subject as set forth in the preceding item, information regarding the personal information protection system in the foreign country, the measures taken by the third party to protect personal information, and other information that may serve as a reference for the data subject has been provided to the data subject in advance, in accordance with the rules of the Personal Information Protection Commission.
12.2 When the Company provides personally related information to a third party pursuant to the provisions of the preceding paragraph, it will create and retain records in accordance with Article 31 of the Personal Information Protection Act.
12.3 When the Company acquires personally related information from a third party as personal data, it will conduct the necessary confirmations in accordance with the Personal Information Protection Act, and create and retain records of such confirmations.
13. Use of Cookies and Similar Technologies
The Company's services may use cookies and similar technologies. These technologies are useful for the Company to understand the usage status of its services and contribute to service improvement. Users who wish to disable cookies can do so by changing their web browser settings. However, disabling cookies may prevent the use of some features of the Company's services.
14. Disclosure Items Regarding Information Transmission Instruction Communications (External Transmission)
The Company's services that may be subject to the external transmission regulations regarding information transmission instruction communications based on Article 27-12 of the Telecommunications Business Act, and the disclosure items pursuant to such regulations for those services, are as follows:
(1) The Service
| Function or Service Using Information Transmission Instruction Communications | User Information Transmitted | Name of Transmission Recipient | Purpose of Use (Company) | Purpose of Use (Transmission Recipient) | |---|---|---|---|---| | Firebase Analytics | Device/OS information, app operation events, Firebase Installation ID, information related to systems, devices, networks, and communications normally used for internet communication, location information, data related to behavior on sites/apps, data related to pages viewed, user identifiers (cookies, device identifiers, etc.) | Google LLC and its affiliates | Understanding usage status, feature improvement, UX improvement | Provision and improvement of services, analysis of users' browsing trends and history (pursuant to Google Privacy Policy) | | Firebase Crashlytics | Crash information/diagnostic data, device information | Google LLC | Analysis of failure/defect causes, quality improvement | Same as above | | Firebase Authentication / Firebase Core | Authentication tokens, Firebase Installation ID | Google LLC | Detection of abuse/fraud | Same as above | | Location Information | GPS coordinates | Company server | Adding location information to ZINEs | - |
15. Contact
For requests for disclosure, opinions, questions, complaints, and other inquiries regarding the handling of personal information, please contact us at the following:
- Company Name: timespace Inc. - Representative Director: Takahito Iguchi - Head Office Location: 34 Suzaku Hozokura-cho, Shimogyo-ku, Kyoto City, Kyoto Prefecture 600-8846 - Contact (Email): timespace.zine@gmail.com
Continuous Improvement
The Company will periodically review the operation status of personal information handling, strive for continuous improvement, and may revise this Privacy Policy as necessary.
[Established on March 2, 2026]