PVP
Information Security Policy 1st Edition
July 9, 2020
PVP Inc
President and CEO Keiichi Ishida
We at PVP Inc believe that our mission is to meet the expectations of all stakeholders, including customers, employees and their families, and contribute to society through the provision of cloud services and bilingual support, system development, and multilingual education.
In our business activities, we utilize a lot of information assets including personal information entrusted to us by our customers, and in order to meet the expectations of all stakeholders, it is the best management to protect these information assets. We recognize that this is an important issue.
Therefore, we formulate an information security policy, build and operate an ISMS (Information Security Management System) based on this policy, and make company-wide efforts for continuous improvement in light of changes in the environment surrounding our company. I declare that here.
In addition, we have set the following security objectives and will implement various measures to achieve these objectives.
Respect and comply with customer contracts and legal or regulatory requirements.
Prevent information security accidents.
In the unlikely event of an information security incident, minimize the impact.
The following privacy policy is translated from Japanese into English for your convenience. Please keep in mind that the Japanese version is canonical.
MeetMinder
MeetMinder
Application Privacy Policy
Version 1.1 (2024/04/04)
Article 1 (Definitions)
This Application’s Privacy Policy (hereinafter referred to as “Privacy Policy”) is an application provided by PVP Co., Ltd. (+ SHIFT Shiba Daimon, 2-1-16 Shiba Daimon, Minato-ku, Tokyo, Japan – Representative Director Keiichi Ishida). MeetMinder (hereinafter referred to as this application) and
the services related to this application (hereinafter referred to as this service) stipulates the handling of information acquired.
Article 2 (Compliance with laws and regulations)
This application and this service comply with the Act on the Protection of Personal Information (Japan), the Telecommunications Business Act (Japan), Japanese related laws and regulations, guidelines, and this privacy policy regarding the acquisition, use, and other handling of information.
Article 3 (Security Management Measures)
We strive to keep the information handled by this application and this service accurate and up-to-date, and take necessary and appropriate measures to protect it from unauthorized access, falsification, leakage, loss, and damage. We will take the following safety management measures.
● Measures (1) Formulation of basic policy
○ In order to ensure proper handling of retained personal data, we have established a “Personal Information Protection Policy” with regard to “compliance with relevant laws, guidelines, etc.”, “point of contact for handling questions and complaints”, etc.
● Measures (2) Establishment of regulations regarding the handling of retained personal data ○ We have established personal information protection regulations regarding handling methods, persons in charge and their duties, etc. for each stage of retained personal data, such as acquisition, use, storage, provision, deletion/disposal, etc.
● Measures (3) Organizational security control measures ○ ①In addition to appointing a person responsible for handling retained personal data, clarify the employees who handle retained personal data and the scope of retained personal data handled by those employees, and identify facts or signs of violations of
laws or handling regulations. We have established a system for reporting to the person in charge in the event of an incident.
○ ②We regularly conduct self-inspections regarding the handling status of retained personal data, and conduct audits by other departments and external parties.
● Measures (4) Personnel safety management measures
○ ①We provide regular training to employees regarding important points regarding handling of retained personal data.
○ ②All employees have submitted written pledges regarding confidentiality, including personal data held.
● Measures (5) Physical safety control measures
○ ①In areas where retained personal data is handled, we control the entry and exit of employees, restrict the devices they bring in, and take measures to prevent unauthorized persons from viewing retained personal data.
○ ② Take measures to prevent the theft or loss of equipment, electronic media, documents, etc. that handle retained personal data, and when carrying such
equipment, electronic media, etc., including when moving within the workplace, it is easy to prevent retained personal data from being stolen or lost. We are taking measures to prevent this from becoming obvious.
● Measures (6) Technical safety control measures
○ ① We implement access control to limit the scope of personnel and personal information databases, etc. handled.
○ ② We have introduced a mechanism to protect information systems that handle retained personal data from unauthorized external access or software.
Article 4(Items of information to be acquired, purpose of use, acquisition method)
When using this application and this service, the following information will be automatically acquired via the application for the following purposes.
4-1. Information We Collect
4-1-1 User Data: The extension securely stores your Access token and Email ID in the local storage of your browser. Additionally, your Access token is securely transmitted to our backend server for the generation of a JSON Web Token (JWT), facilitating integration with your Google Workspace
account.
4-1-2 Calendar Event Data: The extension periodically fetches calendar events from the connected account. These events include information such as event name, conference details, attendee list (with emails), and RSVP status.
4-2 How We Use Your Data
4-2-1 Local Processing:
All data collected, including Access tokens and calendar event information, is processed locally within your browser. However, it’s important to note that your Access token is securely transmitted to our backend server for authentication purposes.
Important Note: While we emphasize our commitment to safeguarding your data, it’s essential to acknowledge that your Access token is transmitted to our backend server for the sole purpose of generating a unique and secure token (JWT) to authenticate your access to our services. This transmission is conducted over secure channels and is necessary to facilitate seamless authentication without requiring an additional authentication system.
4-2-2 Authentication and Authorization:
Your Access token is never stored on our servers in any form. Instead, it is utilized momentarily to retrieve your Google account ID on our backend. This ID is then used solely for the purpose of generating a JWT, which is subsequently employed to authorize your requests to our backend server.
4-2-3 Event Conditions: The extension checks calendar events against specified conditions based on event properties. If these conditions are met, it may open a new tab with the meeting link. We do not send this Calendar events data to any external servers or third parties.
4-3 API Permissions
4-3-1 https://www.googleapis.com/auth/calendar.readonly: Used to read calendar events you are invited to.
4-3-2 https://www.googleapis.com/auth/userinfo.email: Used to fetch a user’s email for the purpose of displaying it as an indicator in case use has multiple Google accounts logged in, in order to identify the accurate Google account to sign in with.
4-4 Data Storage and Retention
4-4-1 Local Storage: User data, including Access tokens and calendar event details, is securely stored in your browser’s local storage. PVP Inc. does not have access to your password related information.
4-4-2 Data Discard: The extension discards all data stored in local storage when it is not actively processing events or when the extension is not in use.
4-5 Data Sharing
4-5-1 Limited Sharing:
We are committed to protecting your privacy, and as such, we limit the sharing of your data to essential processes. While we do not share your data with external parties, it’s important to note that certain data processing activities, including authentication processes, require limited sharing within our internal systems.
Important Clarification: Your data is not shared with any external parties. However, to ensure seamless authentication and authorization for our services, we securely transmit only the encrypted Access token, to our backend servers. This transmission occurs over secure channels and is solely for the purpose of generating authorization tokens. Rest assured, all data processing and storage beyond this point continue to occur locally within your browser, maintaining the highest standards of data privacy and security.
Article 5 (Publication matters regarding consent)
● Please read this privacy policy and understand its contents before using this application and this service. This privacy policy is posted at the point where you download this application, and is deemed to have been made public as of this posting. Users should check this privacy policy when installing this application.
● When acquiring items enumerated in article 4, we will obtain consent for the acquisition of individual information. If you do not consent, you cannot use this app
● When providing information to a third party, we will prepare a dedicated web page and obtain consent in advance.
Article 6 (method of user involvement)
With this service, you can stop acquiring, change, delete, or stop using all or part of your information based on your operations or requests, including the following:
● Among the information registered by the user, the name, e-mail address, user name, password, and place of residence can be changed from the user information confirmation and change screen of this application.
● The acquisition of detailed location information can be stopped by the user turning off the GPS function of the device. will be stopped. In this case as well, approximate location information is collected by the carrier’s base station. Map viewing and navigation are available at your convenience.
● Information about the user’s friends and acquaintances is automatically obtained through this application and this service can be deleted or changed from the friend list settings of this application. If it is deleted, it will be deleted from the server of this service during regular maintenance under appropriate management.
● Regarding handling such as suspension of acquisition of user information for advertising purposes, please refer to each company’s application privacy policy listed in Article 5.
Article 7 (Termination of service and handling of information)
If the user deletes (uninstalls) the application or does not use it for more than two years (24 months), use of this application and this service shall be deemed terminated.
● If the user uses the deletion (uninstall) function of this application to delete (uninstall) the application from the device, all of the user’s information acquired and saved from the user will be immediately deleted from the device. The servers on this service will be disposed of during regular maintenance under appropriate management.
● If a user does not use this application or this service for two years or more, the Company will assume that the use has been terminated, and the information acquired and stored from the user will be appropriately managed from the server of this service. We will dispose of it accordingly. In this case, the user information stored in this application and the device will not be deleted.
Article 8 (Link to personal information protection policy (privacy policy), etc.)
■For our company’s personal information protection policy (privacy policy), please see the end of this privacy policy.
Article 9 (Disclosure and provision of information)
The Company will not disclose or provide information acquired and stored from users through this application and this service to third parties other than those specified in this privacy policy without obtaining the consent of the users. there is no. However, the following cases are excluded.
● When based on laws and regulations.
● When it is necessary to protect a person’s life, body, or property, and it is difficult to obtain the consent of the person.
● In cases where it is necessary to cooperate with national institutions, local governments, or those entrusted by them in carrying out their duties pursuant to the provisions of laws and regulations, and obtaining the consent of the person concerned may impede their execution.
case.
● In other cases, the Company deems it necessary based on social norms, but it is difficult to obtain the consent of the person concerned.
Article 10 (Disclosure and sharing of acquired information)
If the user uses the function to communicate and share information with friends and acquaintances through this service, the user’s location information obtained from this application (if the location information function is enabled) , text, photos, videos, audio, and URL links contained in your messages may be notified or shared with friends and acquaintances with whom you communicate or share information.
Additionally, if you set all of these functions to public, all users of this service will be able to view them. The disclosure range can be changed from the settings function of this application.
Article 11 (Inquiry)
For inquiries and consultation regarding the handling of user information in this application and this service, please contact the following contact point.
■How to contact us: From the inquiry form below
■Inquiry form: https://pvp.co.jp/contact/
Article 12 (Changes)
● If there are any changes or additions to information acquisition items, changes in the purpose of use, or changes in provision to third parties due to version upgrades of this application, we will notify you before downloading and installing (update) important items. ) or at the time of installation (update).
● In addition, if there are any changes or additions to information acquisition items, changes to the purpose of use, or changes to provision to third parties, etc., we will notify you through the message function and registered email, and at the same time, you will be asked to consent again to important items. We will obtain it.
General Privacy Policy
Day of Drafting 2024/4/4
Most Recent Update 2024/4/4
PVP Inc.
CEO, Keiichi Ishida
We are fully aware of our social mission in protecting all personal information we handle, and comply with the protection of the rights of individuals and laws and regulations regarding personal information. In addition, we have established a personal information protection management system to embody the policies listed below, and strive to continuously improve it while always being aware of the latest IT technology trends, changes in social demands,
changes in the business environment, etc. We hereby declare that the entire company will work together to achieve this goal.
a) Personal information will be limited to the scope necessary for the legitimate business execution of our company in the IT technical support call center operation business, call center construction consulting business, web/system development service business, and entertainment service business, as well as for employee employment and personnel management. We will acquire, use, and provide personal information based on the following principles, and will not handle personal information beyond the scope necessary to achieve the specified purpose of use (use for other purposes). We will also take measures to prevent personal information from being used for other purposes.
b) We will comply with laws and regulations regarding personal information protection, guidelines established by the government, and other norms.
c) To prevent risks such as leakage, loss, or damage of personal information, we will continuously improve our personal information security system by investing management resources that match the actual circumstances of our business and taking reasonable safety measures to prevent it. Masu. In addition, if we determine that there is a problem with the protection of personal information, we will promptly take corrective measures.
d) We will promptly, honestly, and appropriately respond to complaints and consultations regarding the handling of personal information.
e) We will review our personal information protection management system in a timely and appropriate manner and continually promote improvements in light of changes in the environment surrounding our company.
【Inquiries】
For inquiries regarding our personal information protection policy, please use the inquiry form below.
https://pvp.co.jp/contact/