1. Compliance with Laws and Regulations
The Company will handle personal information appropriately, in compliance with the Act on the Protection of Personal Information (“Personal Information Protection Act”), the Telecommunications Business Act, other related laws and regulations, the “Guideline Concerning the Act on the Protection of Personal Information (General Rules)”, the “Guideline on Protection of Personal Information in Telecommunications Business”, and those matters in other government-stipulated guidelines with which our compliance is required.
2. Obtainment of Personal Information
The Company will obtain the following information when providing Services, and such information will include personal information that can identify a specific individual. The Company will obtain personal information in an appropriate manner and will not obtain such information through deception or other wrongful means.
(1) Account Information
When a Passenger creates or updates a user account, the Company will obtain information associated with such Passenger’s account (including, without limitation, the following information).
• Email address
• Mobile phone number
• Login/user name
• Login/user password
• Facial photograph of a Passenger or icon graphically expressing such Passenger’s appearance etc., enabling identification of a specific individual (optional)
(2) Log Information
When a Passenger uses the Services, the Company will obtain a server log (containing information such as device IP address, access date/time, app characteristics or accessed pages, app crashes and other system activity, browser type, and any third-party sites, services or the like that the Passenger was using prior to the Services).
(3) Location Information
When the app is being used by a Passenger and is running in the foreground, the Company will be entitled to obtain Passenger location information determined via GPS, IP address, or Wi-Fi. In cases where, even when the app is running in the background on a Passenger device, it is possible to obtain such information by means of Passenger app settings or device permissions, the Company will be entitled to obtain such information. Passengers can set their devices to prevent the Company from collecting location information. In such cases, Passengers must input their pickup location addresses manually.
(4) Trip Information
The Company will obtain information on departure location, destination, position, journey time, and trip distance by recording a Passenger trip route. Drivers will be unable to provide taxi services if a Passenger does not provide departure location and destination. Passengers can set their devices to prevent the Company from accessing their positions; however, in such cases, the Company will be unable to track a Passenger’s actual route and will be unable to safeguard such Passenger’s interests with precision.
(5) Transaction Information
The Company will obtain the details of any transaction related to use of the Services by Customers. This will include the date/time at which Services were provided, the amount billed, the trip distance, and other related details of the transaction.
(6) Cookie Information
The Company will obtain information on how Passengers use the Services and on such Passengers’ indicated preferences and selected settings. The Company is entitled to obtain such information using cookies, pixel tags, and other similar features. It is possible for Passengers to disable cookies by changing browser settings; however, Passengers should be advised that if cookies are disabled, it will become impossible to utilize some website functions, and some pages may not be displayed correctly.
(7) Device Information
The Company will obtain information concerning devices that Passengers use to access the Services (hardware model, operating system, and version), software, selected language, file names and versions, unique device identifiers, advertising identifiers, serial numbers, device motion information, and mobile network information.
(8) Voice and Text Messages
When Passengers and drivers communicate via the app, the Company will obtain some information relating to voice messages or text messages (including the date/time of voice messages and text messages and the content of text messages). In addition, the Company will be entitled to use such information for customer support services and dispute resolution.
(9) Evaluation Information
Passengers can evaluate drivers anonymously using the app, and the Company will obtain such evaluation information.
(10) Credit Card Information and Information Concerning Other Methods of Payment
In cases where a Passenger uses a third party-provided settlement means to make payment on the platform, the Company will obtain information pertaining to such Passenger’s method of payment, payment amount, and payment status, but will not obtain any other personal information except that to complete the transaction with the Company, a Passenger may need to provide certain account information, such as credit, debit or other card number, card expiration date, and CVV code for identification and verification. Such information is collected by the Company, encrypted and sent to the payment institution pursuant to its request. The Company does not store such information.
(11) Communication channel information (Wi-Fi, LTE, etc.)
(12) Other personal information that is necessary in conjunction with provision of the Services
3. Purpose of Use of Personal Information
The Company will obtain Passenger personal information in an appropriate manner, and except where deemed unnecessary under laws and regulations, will give notification or announce the purpose of use of Passenger personal information and will use such information within the scope of such purpose of use.
The purposes of use of personal information obtained by the Company will be as indicated below. The Company may amend the following purposes of use to an extent reasonably determined to be relevant, and when such an amendment is made, will provide a personal notification or public announcement to Passengers concerning the amended purposes of use.
(1) To provide the Services to Passengers;
(2) For Passenger identity verification;
(3) To enable Passengers to use accounts on terminals;
(4) To enable communication between Passengers and drivers via the app;
(5) To update the Company app;
(6) To respond to inquiries from Passengers;
(7) For customer support services and dispute resolution;
(8) To introduce procedures concerning the use of Services, and for Passenger support for same;
(9) To monitor Company systems or the Company app, and to detect and respond to unauthorized use or abuse of same;
(10) For quality improvement and optimization of Company systems and the Company app, products and other services;
(11) To conduct surveys of Passengers;
(12) For marketing research and analysis;
(13) To provide information on products and services of, and campaigns and seminars by, the Company and other companies;
(14) To tabulate anonymized statistical information in connection with the Services;
(15) To calculate charges;
(16) To invoice for fares etc. or service use fees;
(18) For other operations necessary for provision of the Services.
4. Joint Use of Personal Data
The Company may provide obtained passenger personal data to DiDi Mobility Pte. Ltd. and use such data jointly with said company.
(1) Scope of persons engaged in joint use
Company Name: DiDi Mobility Pte. Ltd.
Location: 152 Beach Road #14-02 Gateway East, Singapore
(2) Items of personal data to be jointly used
Personal information as set forth in Article 2 above (personal data)
(3) Purposes of use of persons engaged in joint use
Improving the quality of Company products and services, or carrying out data processing
(4) Person responsible for management of joint use
DiDi Mobility Japan Corp.
5. Supervision of Employees
The Company will provide education to ensure that its employees understand the importance of personal data and handle personal data appropriately, and when causing employees to handle Passenger personal data, the Company will provide necessary and appropriate supervision to ensure the secure management of such personal data.
6. Outsourcing of Handling of Personal Data
In cases where the Company outsources the handling of Passenger personal data, the Company will outsource such services to persons who satisfy the Company’s service provider selection criteria; to ensure the secure management of Passenger personal data, the Company will execute agreements with such service providers and provide necessary and appropriate supervision.
7. Implementation of Security Measures
The Company will endeavor to prevent unauthorized access, divulgence, destruction, damage or the like of Passenger personal data, and will implement the organizational, personnel-related, physical and technical security measures necessary for the management of personal data.
In addition, in order to protect personal data appropriately, the Company will have a Personal Information Protection Officer, will have in place the organization and standards necessary for Company information security operations, and will clearly define the roles and functions of systems and allocate appropriate authority and responsibility.
8. Third-Party Provision of Personal Data
Except where deemed unnecessary under laws and regulations, when the Company has provided personal data to a third party or received personal data from a third party, the Company will properly carry out the duties of verification and recording set forth in laws and regulations.
9. Handling of Incidents of Divulgence etc.
In cases where incidents of divulgence etc. of personal information have occurred, the Company, giving top priority to personal information protection, will respond swiftly to minimize damage and will undertake efforts to prevent recurrence.
10. Continuous Review of Management Systems
The Company will continuously review and conduct regular evaluations of the management systems for personal information protection and the measures undertaken for personal information protection, and will make efforts for the continuous improvement thereof.
11. Queries Concerning Disclosure, Correction etc., Suspension of Use etc. of Retained Personal Data
The following is an overview of Company procedures for cases in which an individual Passenger has directly requested, with respect to retained personal data contained in personal information, a notice of purpose of use; disclosure; correction, addition or deletion (“Correction etc.”); or suspension of use or deletion (“Suspension of Use etc.”).
(1) The relevant individual must submit a request for a “notice of purpose of use” or a “disclosure”, “Correction etc.” or “Suspension of Use etc.” of retained personal data, indicating the following items in all cases.
• Name (furigana)
• Email address
• Subject: “Query Concerning Personal Information”
(2) After receiving such a request, the Company will send a Procedural Manual (if there is any) and an application to the individual concerned.
(3) Said individual must enter the required matters on the application and send same by mail to the Company together with Company-designated identity verification documents (or, in the case of a representative, right-of-representation verification documents in addition to such identity verification documents).
(4) The Company will respond once it has verified the content of the submitted documents and has verified that the applicant is the individual identified in the relevant information. In cases where an individual’s request is not accepted, the reason will be communicated without delay.
(5) As a fee for notices of purpose of use and for disclosures of retained personal data, the Company will charge 1,000 yen (small-value postal money order) per request.
12. Contact Point for Opinions and Inquiries Concerning Handling of Personal Information
Please direct any opinions or inquiries concerning the handling of personal information to the contact point indicated below.
Contact Point for Inquiries Concerning Personal Information
(1) Contact: DiDi Mobility Japan Corp.
(2) Address: 1-9-1 Shinbashi, Minato-ku, Tokyo 105-7303
(3) Email: email@example.com
Enacted: September 19, 2018