SUMMARY OF PRIVACY NOTICE
This summary Privacy Notice ("Summary Notice") will provide you with a summary of the accompanied, detailed Privacy Notice (hereafter "Full Notice", together "Summary and Full Notice") on the data processing activities of Xenoma Inc., located at #303 Technofront Morigasaki 4-6-15 Omoriminami, Ota-ku, Tokyo 143-0013, Japan ("Xenoma" or "we", "us", "our") with respect to individually identifiable information ("Personal Data") about:
- app subscribers ("App Subscribers") registered with our apps related to "e-skin" products ("Apps"), including users of "e-skin" products and trainers of such users;
- visitors ("Visitors") of our website ("Sites"); and
- those who buy our product from Sites (i.e. e-commerce site)("Shoppers", together with App Subscribers and Visitors, hereinafter referred to as "Users").
Scope of applicability
This Summary and Full Notice applies to you if you are an App Subscriber, Visitor or Shopper.
Processing of your Personal Data (categories of Personal Data)
We process the following of your Personal Data collected during your use of Apps or Sites: contact details, technical data, body motion data, biological information and usage history. For more details see 1. of the Full Notice.
We process your Personal Data for the following purposes: (1) providing App Subscribers with Apps; (2) recommending the best training for App Subscribers; (3) to pay trainers for referring Apps to someone else; (4) performing the contract between Shoppers and us; (5) marketing communications; (6) research and development; and (7) handling complaints. For more details see 2. of the Full Notice.
Legal justifications for the processing of your Personal Data
One of the key privacy law requirements is that any processing of Personal Data must have a legal justification. We generally use the following legal justifications: (1) You have given your consent to the processing (Art. 6(1)(a) GDPR; "Consent Justification"), (2) the processing is necessary for (a) the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR; "Contract Justification"), (b) compliance with a legal obligation (Art. 6(1)(c) GDPR; "Legal Obligation Justification") and (c) realizing a legitimate interest (Art. 6(1)(f) GDPR; "Legitimate Interest Justification"). For more details and the matching of purposes and corresponding legal justifications see 3. of the Full Notice.
Data transfers and recipients and legal justification for such transfers
We transfer your Personal Data to our service providers, and, in accordance with applicable law, other governmental authorities, courts, external advisors, and similar third parties. Some of the aforementioned recipients are located in jurisdictions outside the EU. For more details see 4. of the Full Notice.
Retention periods for and deletion of your Personal Data
Your Personal Data will be deleted once it is no longer needed for the purposes motivating their original collection or as required by applicable law. For more details see 5. of the Full Notice.
Your statutory rights
You have a number of rights with regard to the processing of your Personal Data per the conditions defined in applicable law, such as the right to have access to your Personal Data, to have them corrected, erased or handed over. Please refer any questions to this link. For more details see 6. of the Full Notice.
Changes of this Summary and Full Notice as well as further notices
This Summary and Full Notice are subject to change. You will be notified adequately of any such changes. Further, you will be notified adequately of any further relevant privacy notices (e.g. for specific purposes) in case such is not covered by this Summary and Full Notice.
How to contact Us
If you wish to exercise your Persona Data subject rights or if you have any other questions concerning this Summary and Full Notice, please address your request to us, and/or our data protection officer, who can be contacted at the following addresses:
Our contact information
Company name: Xenoma Inc.
Address: #303 Technofront Morigasaki 4-6-15 Omoriminami, Ota-ku, Tokyo 143-0013, Japan
Inquiry form: https://xenoma.com/inquiry/
We are delighted about your interest in our services. Your privacy is important to us. Hereafter we provide you with detailed information on dealing with your personal data on Apps and Sites. This Full Notice applies to information you provide to us or that we collect automatically when you access, use, or register with our Apps and/or Sites.
1. Categories of Personal Data
In relation to Apps, we process the following Personal Data about App Subscribers (hereinafter jointly "App Subscribers’ Data"):
- name, nickname, email address, date of birth, gender or any other registration information of App Subscribers (hereinafter jointly "App Subscribers’ Account Data");
- body motion and posture of App Subscribers (excluding trainers) (hereinafter jointly "App Subscribers’ Biological Information");
- training record, including selected exercise mode and intensity, of App Subscribers (excluding trainers) (hereinafter jointly "App Subscribers’ Training Data");
- name, address, telephone number, email address, and bank account information of App Subscribers (limited to trainers) (hereinafter jointly "App Subscribers’ Payment Data"); and
- identifier for Hub, unique identifier for App Subscribers’ device (including smartphone and tablet), and IP address of Hub and App Subscribers’ device (hereinafter jointly "App Subscribers’ Technical Data").
In relation to Sites, we process the following Personal Data about Visitors (hereinafter jointly "Visitors’ Data"):
- cookies and IP address of the Visitors’ device that accessed the Sites ("Visitors’ Technical Data").
In relation to Sites, we process the following Personal Data about Shoppers (hereinafter jointly "Shoppers’ Data", and together with App Subscribers’ Data and Visitors’ Data, referred to as "Your Data"):
- name, address, telephone number, email address, customer number, information relating to recipients, and payment information of Shoppers (hereinafter jointly "Shoppers Account Data");
- purchase history of Shoppers (hereinafter jointly "Shoppers’ Purchase History")
- cookie and IP address of the device that accessed the Sites ("Shoppers’ Technical Data").
2. Processing purposes
We process Your Data to the extent permitted or required under applicable law, for the following purposes:
- to enable App Subscribers to register with Apps and provide them with services, including displaying training record, sharing the same with trainers, and providing advice, via Apps ("Application Purposes");
- to recommend the best training for App Subscribers, including recommendation of the best training menu and training content video based on the transition of exercise intensity ("Recommendation Purposes");
- to pay trainers ("Payment Purposes");
- to provide functionality to communicate with trainers and Usars;
- to perform the contract between App Subscribers and us, including providing paid content and receiving payment from App Subscribers;
- to manage Shoppers and to perform the contract between Shoppers and us, including delivering our product to Shoppers and receiving payment from Shoppers ("Shopping Purposes");
- to analyze trends, usage, and activities in connection with Apps and/or Sites for optimizing marketing communications and to have marketing communications (“Marketing Purposes ");
- to improve our products or services, and to research and develop new products and services and develop related technologies ("R&D Purposes"); and
- to handle complaints, security, and fraud prevention (hereinafter jointly “Emergency Purposes").
In the future, we may conduct a behavioral analysis in relation to Apps/Sites based on CATEGORIES OF PERSONAL DATA.
3. Legal justification for the processing of Your Data
Generally, the processing of Personal Data is voluntary. However, if you do not provide Your Data, your user experience of Apps or Sites may be different, or the use may be impossible.
Furthermore, we rely on the following legal justifications for the processing of Your Data:
|Processing purposes||Categories of Your Data involved||Legal basis|
|Application Purposes||App Subscribers’ Account Data
App Subscribers’ Training Data
App Subscribers’ Technical Data
App Subscribers’ Biological Information
Legitimate Interest Justification. Our legitimate interest is to provide our Apps properly.
|Recommendation Purposes||App Subscribers’ Biological Information
App Subscribers’ Training Data
Legitimate Interest Justification. Our legitimate interest is to recommend the best training properly.
|Payment Purposes||App Subscribers’ Payment Data||Contract Justification
Our legitimate interest is to make settlements properly.
|Shopping Purposes||Shoppers Account Data||Contract Justification
Our legitimate interest is to deliver our product and make settlements properly.
|Marketing Purposes||Visitors’ Technical Data
Shoppers’ Purchase History
Shoppers’ Technical Data
|R&D Purposes||App Subscribers’ Account Data
App Subscribers’ Biological Information
App Subscribers’ Training Data
App Subscribers’ Technical Data
|Emergency Purposes||App Subscribers’ Account Data
Shoppers Account Data
|Legitimate Interest Justification. Our legitimate interest is to detect and prevent any possible fraud.|
4. Data transfers and recipients and legal justification for such transfers
4.1 We share your Personal Data with the following affiliates or third parties:
- Amazon Web Services Japan K.K. and Amazon Web Services (USA), a Cloud hosting services provider;
- Ryosho Europe GmbH, a trading company in charge of delivering our products;
- Shopify Japan K.K. and Stripe, Inc., e-commerce platforms, and other third parties necessary to ensure the efficient business operation of our e-commerce site and Apps; and
- trainer if trainer is registered with Apps; and
- Google Inc. (USA), a provider of Google Analytics Services.
4.2 We may process Your Data outside the EEA, namely Japan and the US. In case where we transfer your Personal Data outside the EEA, we ensure the appropriate legal framework by the establishment of the Standard Contractual Clauses as defined by the European Commission decisions 2004/915/EC (“SCC Controller - Controller”) and 2010/87/EU (“SCC Controller - Processor”) pursuant to Article 46(2)(c) of the GDPR. You may obtain a non-confidential copy of the mentioned safeguards of transfers we carry out by contacting us via the contact details provided below. We transfer personal data to Amazon Web Services Japan K.K., Amazon Web Services (USA), Google Inc. (USA), Stripe, Inc. and Shopify Japan K.K.
4.3 It may be necessary for us to disclose your personal data to public authorities or courts in the context of investigations or legal proceedings, where we are obliged to do so under instructions of the public authorities or the courts. We may also disclose your personal data if we determine in good faith that the disclosure is reasonably necessary to protect our rights and pursue available remedies.
5. Retention periods for and deletion of Your Data
5.1 Your Data processed for the purposes hereunder will be stored only to the extent necessary. If a judicial action is initiated, Your Data may be stored until the end of such action, including any potential periods for appeal, and will then be deleted or archived as permitted by applicable law.
5.2 In principle, we will retain Your Data only as long as required to provide our services or permitted by applicable law, provided that the IP address and unique identifier for the App Subscribers’ device will be retained permanently. Afterwards, we will remove Your Data from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it.
6. Your statutory rights
Under the conditions set out under applicable law (i.e., the GDPR), you have the following rights:
6.1 Right of access: You have the right to obtain confirmation from us as to whether or not Personal Data concerning you is being processed, and, where that is the case, to request access to said Personal Data. The access information includes – inter alia – the purposes of the processing, the categories of Personal Data concerned, and the recipients or categories of recipients to whom the Personal Data have been or will be disclosed.
You have the right to obtain a copy of the Personal Data undergoing processing. For additional copies requested by you, we may charge a reasonable fee based on administrative costs.
6.2 Right to rectification: You have the right to obtain from us the rectification of inaccurate Personal Data concerning you. Depending on the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
6.3 Right to erasure (right to be forgotten): You have the right to ask us to erase your Personal Data.
6.4 Right to restriction of processing: You have the right to request the restriction of processing your Personal Data. In this case, the respective data will be marked and may only be processed by us for certain purposes.
6.5 Right to data portability: You have the right to receive the Personal Data concerning you which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit said Personal Data to another entity without hindrance from us.
6.6 Right to withdraw your consent: If you have given your consent regarding certain types of processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
6.7 Right to object:
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your Personal Data by Us and We can be required to no longer process your Personal Data. If you have a right to object and you exercise this right, your Personal Data will no longer be processed for such purposes by Us. Exercising this right will not incur any costs. Such a right to object may not exist if the processing of your Personal Data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
Please note that the aforementioned rights might be limited under applicable national data protection law. We remain the universal point of contact for your execution of these rights.
You also have the right to lodge a complaint with the competent supervisory authority in the member state of your habitual residence or in the member state wherein the alleged infringement of the GDPR took place.
7. Google Analytics
For further information, please see Google’s site:
- Google Analytics Terms of Service
Summary and Full Notice last updated: 15 March, 2021