Payments via JCB and various QR codes (through DGFT) are now supported

Privacy Policy

  1. Introduction

    This Privacy Policy sets forth the policy of KPay Japan 株式会社 (hereinafter referred to as the "Company") regarding the protection of personal information. When you use our services, we collect your personal information through technologies such as cookies (including live chat services but not limited to these), or when you subscribe to our newsletters or promotional offers.
    We respect your privacy rights and, as part of that commitment, provide you with the opportunity to opt out of receiving email communications from us or from third parties to whom we may disclose your personal information.
    We may revise this Privacy Policy to reflect new services, changes in our practices for handling personal information, or amendments to relevant laws and regulations. The "Last Updated" date at the bottom of this Policy indicates when it was last revised. Any updates will take effect once the revised Privacy Policy is posted on our services.
    We may notify you of significant changes to this Privacy Policy or to how we handle your personal information by posting notices on our website, and—if you are a Merchant—through your Merchant Dashboard or by contacting you via the email address and/or mailing address registered with us.
    If you have any questions or requests regarding this Privacy Policy, please contact us via email or postal mail at the address below:
    KPay Japan 株式会社
    5F, FRONTIER Higashinihonbashi, 2-chōme−7−1 Higashinihonbashi, Chuo-ku, Tokyo 103-0004
    Email: cs.jp@kpay-group.com

  2. Collection of Personal Information

    1. Personal Information We Collect

      "Personal information" refers to any information relating to a living individual that can identify that individual, either by itself or in combination with other easily accessible information. Specifically, we may collect the following information:

      1. When you subscribe to our newsletter: your name, email address, preferred language, etc.
      2. When you reply to our emails or answer surveys: your name, email address, and any information contained in your replies or survey responses.
      3. When you contact us by telephone: your phone number.
      4. When you contact us by phone as a Merchant: additional information for identity verification.
      5. When using our payment services: credit card company, card issuing country, payment method, transaction result, transaction amount and time, and the first 6 and last 4 digits of your card number.
      6. If you are a Merchant: your name, address, phone number, and email address. We may also collect financial information and official documents related to your business or identity (e.g., driver's license, passport, health insurance card, bank statements).
      7. For the purposes of fraud monitoring, prevention, and investigation: your name, address, phone number, nationality, and other identity verification information obtained from business partners, financial institutions, identity verification services, and publicly available sources. We may also use technology to assess transaction risks via Merchant websites or data-collecting applications.
      8. In the course of marketing or business interactions: your contact information as provided through business cards, participation in events, or social media/online chats related to our campaigns or proposals.

    2. Information Collected Automatically on Our Website

      We use cookies and other technologies to enhance your experience and improve efficiency. These technologies may collect the following data:

      1. Browser and device data: IP address, device type, operating system and version, browser type, screen resolution, language settings, plugin and add-on data, device manufacturer and model, and the language version of the site being visited.
      2. Usage data: pages viewed, time spent on the site, clicked links, referral pages, language settings, etc.

    3. Handling of Sensitive Information and Specific Personal Information

      In accordance with guidelines for the protection of personal information in the financial sector, we do not collect, use, or disclose your sensitive personal information unless permitted under those guidelines.

  3. Provision of Personal Information to Third Parties

    We do not provide your personal information to third parties except in the following circumstances:

    1. When we have obtained your prior consent;

    2. When required by law;

    3. When we reasonably determine that disclosure is necessary to protect our rights, property, or services due to your violation of our Terms of Service;

    4. When it is necessary to protect an individual's life, body, or property, and obtaining your consent is difficult;

    5. When it is particularly necessary to improve public health or promote the sound development of children, and obtaining your consent is difficult;

    6. When it is necessary to cooperate with a national or local government agency (including authorities outside your country of residence) or their contractors in the execution of their legally mandated duties, and obtaining your consent may interfere with the execution of such duties;

    7. In the case of a corporate restructuring, merger, sale, joint venture, transfer, or other disposition of all or part of our business, assets, or shares;

    8. In any other case permitted under the Act on the Protection of Personal Information.

  4. Joint Use of Merchant Information

    The Company engages in joint use of merchant information under Article 27, Paragraph 5, Item 3 of the Act on the Protection of Personal Information, as follows:

    1. (1) About the Merchant Information Exchange System

      The Japan Consumer Credit Association (the "Association") is accredited by the Minister of Economy, Trade and Industry under Article 35-18 of the Installment Sales Act. The Association collects, organizes, and provides necessary information to protect the interests of credit users through the Merchant Information Exchange Center ("JDM Center").

    2. (2) Reporting and Use of Information Collected from Merchants

      Members of the Merchant Information Exchange System ("JDM Members") collect and use the types of information specified in Section (3)(ii) below when evaluating merchant applications, conducting investigations after contract execution, taking measures against merchants, and assessing the continuation of transactions. This information is reported to the JDM Center and jointly used among JDM Members.

    3. (3) Joint Use of Merchant Information
      1. 1) Purpose of Joint Use

        The Merchant Information Exchange System, operated as part of the activities of the certified installment sales associations defined under the Installment Sales Act, aims to improve the accuracy of screening at the time of entering into or during merchant agreements and to eliminate malicious merchants. It also promotes the appropriate management of credit card numbers and helps prevent their fraudulent use (hereinafter referred to as "proper management of credit card numbers, etc.").

        To achieve this, JDM Members report and jointly use the following types of information via the JDM Center:

        • Information on merchant conduct that lacks protection for users (including suspected cases and cases that are difficult to evaluate),
        • Information necessary for user protection,
        • Information on conduct by merchants that may hinder the proper management of credit card numbers, etc., and
        • Information necessary for such proper management.

        The purpose of this system is to support the sound development of credit transactions and to enhance consumer protection.

      2. 2) Types of Information Subject to Joint Use
        The information jointly used includes the following:
        • ① Facts and reasons discovered through investigations necessary to resolve complaints involving the relevant merchant in individual credit purchase intermediation transactions.
        • ② Facts and reasons for termination of individual credit purchase intermediation contracts due to actions by the merchant deemed lacking in user protection.
        • ③ Facts and reasons identified through investigations necessary for ensuring appropriate management of credit card numbers under credit card number handling contracts.
        • ④ Facts and reasons concerning actions taken against a merchant—such as contract termination—when the merchant's measures for proper management of credit card numbers are found to be non-compliant or potentially non-compliant with the requirements of the Installment Sales Act.
        • ⑤ Objective facts related to actions causing unjust harm to JDM Members or users, associated with behavior deemed (or suspected to be, or difficult to assess as) lacking in user protection.
        • ⑥ Complaints received from users (including prospective users) by JDM Members and information determined to relate to conduct lacking in user protection (including suspected or unverified cases).
        • ⑦ Information related to actions by merchants that hinder appropriate management of credit card numbers.
        • ⑧ Facts and details published by administrative authorities concerning violations or potential violations of laws such as the Act on Specified Commercial Transactions.
        • ⑨ Other information related to conduct by merchants deemed lacking in user protection.
        • ⑩ Identifying details of the relevant merchant associated with any of the above items: name, address, telephone number, and date of birth (in the case of corporations, company name, address, telephone number, corporate number, and representative's name and date of birth). However, for Item ⑥ above, if it is difficult to determine whether the conduct occurred, name and date of birth (or, for corporations, the representative's name and date of birth) will be excluded.
      3. 3) Retention Period

        The information listed in section 2) will be retained for no more than five years from the date of registration (for items ③ and ⑦, from the date of completion of the corresponding action listed in item ④ or the date of contract termination).

    4. (4) Scope of Joint Users

      This includes JDM Members who are also Association Members: comprehensive and individual credit providers, credit card contract holders, and the JDM Center itself.

      ※ A list of JDM Members is available on the Association's website: https://www.j-credit.or.jp/

    5. (5) Inquiries

      For inquiries regarding the Merchant Information Exchange System or to request disclosure, please contact the JDM Center:


    Administrator:

    Japan Consumer Credit Association — Merchant Information Exchange Center (JDM Center)

    Address: 14-1 Nihonbashi Koamicho, Chuo-ku, Tokyo 103-0016 Sumisei Nihonbashi Koamicho Building

    Representative Director: Tetsuo Matsui

    Tel: 03-5643-0011

  5. Outsourcing the Handling of Personal Information

    We may outsource all or part of the handling of personal data to third-party service providers to the extent necessary to achieve the stated purposes of use. When doing so, we evaluate the service provider's compliance with applicable laws and regulations, require contractual confidentiality obligations, and ensure they implement security measures equivalent to those required under the Personal Information Protection Law and associated guidelines.

  6. Purposes of Use of Personal Information

    We use personal information for the following purposes and will not process it beyond the stated scope unless you have consented or it is permitted by law. We also take appropriate steps to prevent unauthorized use.

    1. Products and Services
      • To register personal information and open accounts related to our services
      • To facilitate smooth use of our services
      • To execute transactions for the purchase of products or services via our platform
      • To process billing for purchases and paid services
      • To analyze service usage and prepare statistical data
      • To improve service levels
      • To send service-related materials
      • To verify identity when using our services or making inquiries
      • To respond to inquiries and provide customer support
      • To verify legal representatives of our merchants
      • To detect, investigate, and prevent fraud or unauthorized access
      • To manage and ensure the safety of personal data
    2. Marketing and Events
      • To send marketing information about our products and services via email
      • To invite participation in events or surveys
      • To follow up on contact made through trade shows or events
      • To send requested information about our products or services
      • To request participation in promotional campaigns

  7. Your Rights and Choices

    You have the right to make choices regarding the use and disclosure of your personal information by us.

    1. Opting Out of Electronic Communications

      If you do not wish to receive marketing-related emails from us, you may opt out by clicking the unsubscribe link included in those emails. We will respond to your request as promptly as reasonably practicable. Please note that even if you opt out of marketing emails, we may still send you important administrative messages necessary to provide our services.

    2. How to Review or Modify Your Account Information

      If you wish to review, correct, or update the personal information you previously disclosed to us, you may do so by contacting us directly.

    3. Your Data Protection Rights

      In accordance with applicable laws, you may have the following rights regarding personal information we hold about you:

      1. The right to confirm whether we are processing your personal data and, if so, to request a copy of it;
      2. The right to request correction or updates to your inaccurate, incomplete, or outdated personal information;
      3. The right to request the deletion of your personal information under specific circumstances as provided by law;
      4. The right to request restrictions on how we use your personal information—for example, while we are evaluating another request (such as a correction request);
      5. The right to request the transfer of your personal information to another organization, where technically feasible;
      6. If we are processing your personal information based on your consent, you have the right to withdraw that consent at any time. You also have the right to object to the processing of your personal information under certain circumstances based on your situation.

    4. Exercising Your Data Protection Rights

      To exercise your data protection rights, please contact us. We will handle your request with sincerity and respond to the extent required by law. If we do not hold your personal information, we may not be able to respond to your request. If you are not satisfied with our response, you may contact the relevant data protection authority. To protect your privacy, we may need to verify your identity before fulfilling your request, for example, by confirming that the email address used to submit the request matches the one we have on record.
      If we no longer need to process your personal data for service provision or other purposes, we will not retain, collect, or manage additional information solely for the purpose of responding to your request.

      Note: If you are a customer of one of our merchants and have questions about a payment, please contact the merchant directly before reaching out to us.

  8. Security Measures

    We take appropriate steps to ensure that your information is accurate and up to date, and we implement comprehensive security measures to protect your information from unauthorized access, loss, alteration, or leakage.

    (Formulation of Basic Policy)

    We have established a personal information protection policy to ensure proper handling of personal data, including compliance with laws and regulations, and processes for handling requests for disclosure, correction, and suspension of use.


    (Development of Internal Rules)

    We have established internal regulations covering how personal information is collected, used, and provided, including the designation of responsible persons and their duties.


    (Organizational Security Measures)

    • Internal rules have been established and are properly maintained.
    • We have appointed a personal information protection officer and maintain a system for monitoring data and responding to suspected or actual data breaches.
    • We periodically evaluate the handling of personal information to prevent leaks, loss, damage, and to ensure overall security.

    (Human Security Measures)

    • All personnel handling personal information have signed confidentiality agreements.
    • All personnel are educated on the importance of personal information protection, and their roles and responsibilities are clearly defined.
    • We verify compliance with internal procedures by all employees handling personal information.

    (Physical Security Measures)

    • We implement physical safeguards, including access control to areas where personal data is handled, prevention of theft of devices and media, secure transportation of media, and secure disposal of devices and media.

    (Technical Security Measures)

    • We implement access control in accordance with our internal rules.
    • We perform identification and authentication of individuals accessing personal information, manage access permissions, and have implemented systems to record and analyze access logs.
    • We record and analyze the operational status of the information systems that handle personal information.
    • We monitor and audit the information systems used to process personal information.
    • We implement technical safeguards to prevent leakage, loss, or other unauthorized access to personal information.

  9. Retention of Personal Data

    We retain personal data as required to comply with tax, accounting, and financial reporting obligations, or as required by contractual commitments with financial partners and payment methods we support. When we retain personal data, we do so in accordance with legally mandated retention periods and applicable regulations.

  10. Links to Third-Party Websites

    Our services may include links to other websites. These external sites operate independently and may have their own privacy notices or policies. If a linked website is not owned or controlled by us, we are not responsible for the content, usage, or privacy practices of that site.

Last Updated: 19 August 2024