Privacy Policy
Terra Drone Corporation (hereinafter referred to as the “Company“) establishes the following Privacy Policy (hereinafter referred to as the “Policy“) regarding the handling of personal information of the Company’s customers, business partners, and website users (hereinafter referred to as the “Users“). The Company will promote the protection of personal information by building a system for protecting personal information, ensuring that all employees recognize the importance of protecting personal information, and thoroughly implementing these measures.
Article 1 (Personal Information)
“Personal Information” refers to “personal information (kojin joho)” as defined by the Act on the Protection of Personal Information (Act No. 57 of 2003, hereinafter referred to as the “Personal Information Protection Act“), which means information relating to a living individual that can identify a specific individual by name, date of birth, or other descriptions contained in such information, or that includes an individual identification code.
Article 2 (Personal Information Acquired and Methods of Acquisition)
1.Information Acquired from Users by the Company
(1) Contact information such as name, age, date of birth, gender, address, phone number, and email address
(2) Information regarding products purchased or intended to be purchased by Users, as well as information related to the Company’s services
(3) Information generated when Users use the services or websites provided by the Company (hereinafter collectively referred to as “Company Services”), including the content of the Company Services used, dates and times of use, frequency of use, information related to the use and browsing of the Company Services, User location information, cookie information, and access logs
(4) Opinions, requests, and inquiries provided by Users
(5) Other information separately disclosed or notified by the Company
2.Methods of Acquisition
(1) By Users providing information via email, postal services, written correspondence, telephone, or other relevant means
(2) By Users directly inputting information on the Company Services
(3) By collecting information during Users’ use or browsing of the Company Services
(4) By indirectly acquiring information from third parties, such as the Company’s business partners or alliances
Article 3 (Purpose of Use of Personal Information)
The Company will obtain and use Users’ Personal Information within the scope necessary for the following purposes. If the Company needs to use Personal Information beyond the scope of the following purposes, it will do so within the limits of the law and will take the necessary legal measures such as notifying or publicly announcing the changes.
(1) To provide the Company’s products and the Company Services
(2) To communicate and provide information regarding the Company’s products and the Company Services
(3) To investigate and analyze the usage status of the Company’s products and the Company Services
(4) To resolve operational issues related to the Company’s products and the Company Services
(5) To conduct satisfaction surveys regarding the Company’s products and the Company Services
(6) To improve or enhance the Company’s products and the Company Services, or to develop new services
(7) To conduct marketing activities and analysis related to the Company’s products and the Company Services
(8) To provide notifications, operation, management, and information regarding events, campaigns, and other activities related to the Company
(9) To provide customer support
(10)To confirm applications for email distribution services and to deliver emails
(11) To process acquired information statistically and publish the results as survey findings
(12) For other purposes incidental to the above purposes
Article 4 (Management and Protection of Personal Information)
1. The Company will appropriately manage Personal Information and, except in the following cases, will not disclose or provide Personal Information to third parties (excluding third parties located in foreign countries, the same applies in this and the next section) without the consent of the User. Additionally, the Company will take preventive and corrective measures against risks such as unauthorized access to Personal Information, loss, destruction, falsification, and leakage of Personal Information, considering safety.
(1) When it is necessary for the protection of a person’s life, body, or property, and it is difficult to obtain the User’s consent
(2) When it is particularly necessary for improving public health or promoting the sound growth of children, and it is difficult to obtain the User’s consent
(3) When it is necessary to cooperate with a government agency, local government, or an entrusted party in performing legally prescribed duties, and obtaining the User’s consent may interfere with the execution of those duties
(4) When otherwise permitted by law
2.Notwithstanding the provisions of the preceding paragraph, the following cases will not be considered as disclosure or provision to a third party:
(1) When the Company entrusts the handling of Personal Information, in whole or in part, within the scope necessary to achieve the purpose of use
(2) When Personal Information is provided as part of a business transfer due to a merger or other reasons
(3) When Personal Information is jointly used with the Company’s subsidiaries as follows:
(i) Information Subject to Joint Use
Information specified in Article 2, ” Personal Information Acquired and Methods of Acquisition”
(ii) Scope of Joint Use Parties
The subsidiaries of the Company listed below (excluding overseas subsidiaries):
https://terra-drone.net/company
(iii) Purpose of Joint Use
For achieving the purposes set forth in Article 3, “Purposes of Use of Personal Information”
(iv) Party Responsible for Joint Use
Terra Drone Corporation
For the Company’s address, representative, and other details, please refer to Article 11
3. Except in the following cases, the Company will not provide Personal Information to third parties located in foreign countries without obtaining the User’s prior consent:
(1) When the handling of Personal Information is carried out by a third party located in a foreign country that has implemented measures in line with the purpose of the provisions in Chapter 4, Section 1 of the Personal Information Protection Act, and the implementation of such measures is secured between the Company and the third party
(2) When any of the items in Article 4, Paragraph 1 apply
4. Notwithstanding the provisions of the preceding paragraph, the Company may provide Personal Information to the following third parties located in foreign countries:
(1) The Republic of Indonesia
(i) Information regarding the Personal Information protection system in the relevant foreign country, obtained by appropriate and reasonable means:
Please refer to the information on the system in the Republic of Indonesia published by the Personal Information Protection Commission.
https://www.ppc.go.jp/enforcement/infoprovision/laws/offshore_report_indonesia/
(ii) Information regarding the measures taken by the third party to protect Personal Information:
The Company handles Personal Information within the scope of the Company’s privacy policy.
(2) The European Union (Belgium and the Netherlands)
(i) Information regarding the Personal Information protection system in the relevant foreign country, obtained by appropriate and reasonable means:
These countries are recognized by the Personal Information Protection Commission as having a system for the protection of Personal Information that ensures a level of protection equivalent to that of Japan in safeguarding individual rights and interests.
https://www.ppc.go.jp/personalinfo/legal/guidelines_offshore/#a3
(ii) Information regarding the measures taken by the third party to protect Personal Information:
The Company handles Personal Information within the scope of the Company’s privacy policy.
(3) Malaysia
(i) Information regarding the Personal Information protection system in the relevant foreign country, obtained by appropriate and reasonable means:
Please refer to the information on the system in Malaysia published by the Personal Information Protection Commission.
https://www.ppc.go.jp/enforcement/infoprovision/laws/offshore_report_malaysia/
(ii) Information regarding the measures taken by the third party to protect Personal Information:
The Company handles Personal Information within the scope of the Company’s privacy policy.
Article 5 (Entrustment of Handling of Personal Information)
The Company may entrust the handling of Personal Information, in whole or in part, within the scope necessary to achieve the purpose of use. In such cases, the Company will thoroughly evaluate the eligibility of the entrusted party by checking whether the entrusted party has a system conforming to the standards designated by the Company and establish confidentiality obligations in the contract. The Company will also supervise the entrusted party as necessary and appropriate.
Article 6 (Disclosure of Personal Information)
When a User requests the disclosure of retained Personal Information or records of provision to third parties in accordance with the Personal Information Protection Act, the Company will confirm that the request is from the User themselves and will disclose the information without delay (if the Personal Information does not exist, the Company will notify the User to that effect without delay). However, the Company may choose not to disclose all or part of the information if any of the following conditions apply:
(1) if there is a risk of harm to the life, body, property, or other rights and interests of the User or a third party;
(2) if there is a risk of significant hindrance to the proper conduct of the Company’s business; or
(3) if disclosure would violate other laws and regulations.
Article 7 (Corrections of Retained Personal Information)
If the User requests the correction, addition, or deletion (hereinafter referred to as “Corrections”) of Personal Information in accordance with the provisions of the Personal Information Protection Act, and the information is found to be inaccurate, the Company will confirm that the request is from the User themselves, conduct the necessary investigation without delay within the scope necessary to achieve the purpose of use, and, based on the results, make the necessary Corrections to the retained Personal Information and notify the User without delay (if the Company decides not to make such Corrections, the Company will notify the User without delay). However, this does not apply if the Company is not obligated to make Corrections under the Personal Information Protection Act or other laws and regulations.
Article 8 (Suspension of Use of Personal Information)
If the User requests the suspension of use, deletion of retained Personal Information, or suspension of provision to third parties (hereinafter referred to as “Suspension of Use”) and there is a legitimate reason for such a request, the Company will conduct the necessary investigation without delay. If it is determined that the request is justified, the Company will make the Suspension of Use of the retained Personal Information within the necessary limits to correct the violation or to prevent the infringement of the User’s rights and interests and will notify the User of this without delay. However, if the Suspension of Use, requires a large amount of cost or is otherwise difficult to implement, and if alternative measures can be taken to protect the User’s rights and interests, the Company will take such alternative measures. If the Company decides not to make the Suspension of Use, the Company will notify the User without delay.
Article 9 (Procedure for Changing the Privacy Policy)
The Company will review the contents of this Policy as appropriate and strive for its improvement. The Company may change the contents of this Policy, except for matters otherwise provided for by law or in this Policy. The revised Privacy Policy will take effect when it is notified to Users in a manner prescribed by the Company or posted on the Company’s website.
Article 10 (Security Management Measures)
The Company will take organizational, physical, human, and technical measures to prevent unauthorized access to, loss, destruction, falsification, and leakage of Personal Information, which has been entrusted by Users, by implementing access restrictions to Personal Information files, recording access logs, and implementing security measures to prevent unauthorized access from outside. In the event of an incident such as a leakage of Users’ Personal Information, the Company will promptly report to the relevant supervisory authorities in accordance with the Personal Information Protection Act and related guidelines, and take necessary measures such as preventing similar incidents and recurrence, following the instructions of the supervisory authorities.
Article 11 (Company Address, Name, and Representative)
The Company’s address and the name of its representative are as follows:
Address: 3F, Totate International Building
2-12-19, Shibuya, Shibuya-ku, Tokyo
Company Name: Terra Drone Corporation
Representative: Toru Tokushige, Representative Director
Article 12 (Contact Information)
For inquiries regarding the handling of Personal Information by the Company, please contact:
Personal Information Desk, Terra Drone Corporation
3F, Totate International Building
2-12-19, Shibuya, Shibuya-ku, Tokyo, 150-0002
Email: info.jp@terra-drone.co.jp
Enacted: December 1, 2016
Revised: July 17, 2017
Revised: May 25, 2018
Revised: March 21, 2025
Special Provisions for Residents of the European Economic Area (EEA)
For the purposes of the EU General Data Protection Regulation 2016 (the “GDPR”), the Company is the controller of the Personal Information processed by us and we are responsible for our services, partner business transactions and websites (the “Site”).
“Controller” of personal information is defined as “person … which … determines the purposes and means of the processing of personal data” under Article 4(7) of the GDPR.
1. Personal Information We Collect
Please refer to the “Article 2 Personal Information Collected” in our Privacy Policy above.
We collect those Personal Information (i) by using cookies, server logs and other similar technologies, (ii) by in-person, telephone, mail and other communications methods, and (iii) through business transactions and their related communication. The content collected and recorded on access logs or other means is used for the purposes set out in “Article 3 Purpose of Use of Personal Information”) in our Privacy Policy above.
2. Disclosure of Personal Information and Transfer of Personal Information outside of the EEA
We will protect your Personal Information as being strictly confidential. We may share your personal information with the parties set out below for the purposes set forth in this Policy:
– Subsidiaries or other member of our corporate group;
– Our professional advisors such as auditing firms, accountants and lawyers, etc.;
– Companies that provide services to help us with our business activities, such as data storage, maintenance services, database management, web analytics and payment processing; and
– Companies that succeed to our business or assets due to an organizational restructuring or a business transfer or the like.
We may also disclose your Personal Information to the extent required by law and only to the extent such disclosure of Personal Information is necessary, such as to protect your safety or the safety of others, investigate crimes, or respond to a request by the government or any other third party.
Furthermore, we will notify you of any provision of your Personal Information to respond to a request by the government or a third party unless notification is prohibited by applicable laws and regulations.
As the Company’s headquarters are based in Japan, your Personal Information might be transferred in a country outside of the EEA.
Regarding Japan, the European Commission has adopted an adequacy decision on Japan on January 23, 2019 allowing personal data to flow freely between the two economies on the basis of strong protection guarantees.
If your Personal Information is transferred to a third party located in a country that has not received an adequacy decision by the European Commission, we will take appropriate security measures, such as use the European Commission-approved Standard Contractual Clauses. You can request details of the security measures (including a copy of the Standard Contractual Clauses) we took by email at info.jp@terra-drone.co.jp.
3. Outsourcing
We may use third party vendors to assist us in carrying out certain operations necessary for providing our Services (for example, customer support, etc.). In doing so, all or part of the User’s Personal Information, including User Data, may be entrusted to such vendors, including service providers in the list as mentioned below. We require all third parties to process Personal Information in a secure manner in accordance with applicable laws and regulations. Furthermore, we require all third parties that process Personal Information on our behalf, to process such Personal Information in accordance with our instructions, to the minimum amount necessary to carry out their tasks and only for the purposes that we retained them for.
The Company shall be responsible for ensuring that vendors comply with obligations equivalent to those imposed on the Company under laws and the terms of use and other applicable contractual terms and provisions.
4. Retention Period of Personal Information
We will store your Personal Information, in a form which permits us to identify you, for no longer than is necessary for the purpose for which the Personal Information is processed. Furthermore, we will store your Personal Information as necessary to comply with our legal obligations, resolve disputes, or enforce our rights, or if it is technically difficult to remove it immediately.
5. Security Control Measures
Please refer to “Article 10 Security Management Measures” in our Privacy Policy above.
In addition, the security control measures we will take include executing appropriate agreements with outsourced parties or employees and supervising them. In case we process Personal Information overseas, we will confirm the systems of that foreign country and what protections it offers for Personal Information and we will take appropriate security control measures accordingly.
6. Legal Basis for Processing Personal Information
We process Personal Information about you only where we have the following legal basis for doing so:
– Agreement: where we need to process your Personal Information to perform an agreement we executed with you.
– Legal obligation: where we need to process your Personal Information to comply with a legal obligation.
– Legitimate interest: where we need to process your Personal Information for our legitimate interests or those of a third party, and they are not overridden by your interests and fundamental rights.
– Consent: where you give us consent to process Personal Information. You may withdraw your consent at any time, but withdrawing your consent will not affect the lawfulness of the processing of your Personal Information based on the consent you gave before your withdrawal.
If you have any questions regarding the legitimate interests’ details, please email us at info.jp@terra-drone.co.jp.
7. Your Rights
You have multiple legal rights in relation to your Personal Information we hold about you. These rights may change according to data protection laws and regulations applied in relation to your location and the relationship between you and the Company, but typically include the following.
– Right of access to personal information. You may have the right to request access to related information, including personal information we hold about you, the purposes for processing the personal information, the recipients or categories of recipients with whom the personal information has been shared, the period for which the personal information will be stored (if impossible, the basis used to determine that period), the right to object to competent authorities, the source of the personal information, and the existence of any automated decision making.
– Right to correct personal information. You may have the right to request that the Company correct any inaccurate or incomplete personal information about you.
– Right to erase personal information. You may have the right to request that the Company erase personal information about you under certain circumstances, including the following circumstances.
– If it is no longer necessary for the Company to store your personal information, in light of the purpose for collecting the personal information.
– If the Company may process personal information only on the basis of your consent, and you withdraw your consent.
– If you object to the Company’s processing of personal information on the grounds of legitimate interests, and those legitimate interests do not override your interests, rights and freedom.
– Right to request that the processing of personal information be restricted. You may have the right to restrict the processing of your personal information under certain circumstances, including the following circumstances.
– If you object to the accuracy of your personal information yourself (limited to the period necessary for the Company to confirm the accuracy of personal information).
– If it is no longer necessary for the Company to process personal information for purposes other than filing for or exercising legal claims, or to defend the same.
– If you object to the Company’s processing of personal information on the grounds of legitimate interests (limited to the period necessary to determine whether the legitimate interest overrides your interests, rights and freedom.).
– Right to object. You may have the right to object to the Company regarding the processing of your personal information.
– Right of data portability. If the Company processes personal information provided by you on the legal basis of consent or an agreement, you may have the right to request that you receive personal information in structured and generally used, and machine-readable form, or that the personal information be transferred directly to a third party to the extent this is technically feasible for the Company.
Where you believe that we have not complied with our obligations under this Policy or the GDPR, you have the right to make a complaint to the relevant data protection authorities.
Established and Enforced: March 21, 2025
