This Privacy Notice (hereinafter “this notice”) explains how SB Payment Service Corp. (“SB Payments”, “we” or “us”)) collects, uses, and discloses information about you. Please read this notice carefully as it contains important information regarding the methods and reasons we collect, store, handle, and share (hereinafter “process”) the personal information of our customers, partners, etc. This notice also explains the rights of our customers, partners, etc. regarding the use of their personal information.
In addition to this notice, which applies to all of our customers, partners, etc., we have prepared exhibits that may also apply to you depending on the area in which you reside or are located. In such case, please refer to the applicable exhibits. If this notice conflicts with the country-specific exhibits, such exhibits will prevail.
Personal information processed
Purpose and legal basis for processing personal information
Disclosure of personal information
Protection of personal information
Personal information retention period
Overseas transfer of personal information
Rights of data subjects
Revisions to this notice
We process the personal information of the following data subjects. (hereinafter “Data Subjects”).
The categories of personal information we process regarding the above Data Subjects are as follows.
We process your personal information in accordance with applicable data privacy laws and regulations. Please refer to the country-specific exhibits regarding our legal basis for processing.
If you do not provide us with the personal information that is necessary for use of the services, we may not be able to provide our services to you.
We process the personal data of Data Subjects for the purposes listed in the table below, and other purposes permitted under applicable laws and regulations:
i. To process contracts and introduce services;
ii. To respond to inquiries;
iii. To maintain/improve business operations and quality;
iv. To provide information related contracts, services, etc.;
v. To send email newsletters, etc.; and
vi. To detect and prevent fraud in contract processing, provision of services, etc.
i. To execute payment processing;
ii. To maintain/improve business operations and quality; and
iii. To detect and prevent fraudulent payment processing, etc.
i. To conclude partner contracts;
ii. To respond to inquiries;
iii. To send email newsletters, etc.;
iv. To maintain/improve business;
v. To maintain/improve business operations and quality; and
vi. To detect and prevent fraud in contract processing, partner operations, etc.
i. To respond to inquiries by online form or phone;
ii. To send email newsletters, etc.;
iii. To detect and prevent fraudulent use of our website;
iv. To improve quality through surveys on the use of our website, etc.; and
v. Delivery of targeted advertisements, etc.
We disclose the personal information of Data Subjects to the extent necessary for the above purposes as shown in the table below.
|Categories of personal information disclosed||Categories of recipients|
|Contact data, contract data||
Group companies as listed below (hereinafter “Group companies”), cloud service providers, system vendors, settlement institutionsGroup companies:
SB C&S Corp.
Cybertrust Japan Co．，Ltd．
|Inquiry data, payment data, technical data, behavioral data||Group companies, cloud service providers, system vendors|
We ensure appropriate data protection measures with third parties (hereinafter “Processors”) who process personal information on our behalf by entering into data processing contracts with Processors.
We may also share personal information of Data Subjects with other parties, including as follows.
- As part of a corporate sale, merger, or acquisition, or other transfer of all or part of our assets, including as part of a bankruptcy proceeding;
- Cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain a principal's consent;
- With your consent; or
- Other cases permitted under applicable laws and regulations.
We have implemented appropriate security measures to ensure that personal information of Data Subjects is not accidentally lost, used or accessed without permission, modified, or exposed. In accordance with the fact that we process important personal information of Data Subjects such as payment data, we also conduct audits through external organizations and obtain relevant certifications (ISO/IEC 27001: 2013, PCI DSS, etc.). In addition, we appropriately restrict access to the personal information of our Data Subjects by employees, agents, contractors, and other third parties with a business need to know it. They only handle personal information of Data Subjects based on our instructions and under the obligation of confidentiality.
We have procedures in place to address any suspected breach of personal information and will further notify Data Subjects and the necessary legal authorities where required by law.
We will retain personal information of Data Subjects for the period required according to the purposes for which the personal information is processed. Once the personal information of Data Subjects no longer needs to be retained, we will take necessary measures such as deleting or anonymizing the personal information.
We retain personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for compliance and protection purposes.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the personal information we have collected about you, we will either delete or anonymize it. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.
We will not transfer your personal information outside Japan.
For those of you who reside outside Japan, upon transferring your personal information to Japan, we will take appropriate measures in accordance with provisions set forth in applicable laws and ordinances. For the protection measures of each country, please refer to the country-specific exhibits.
We will respect the rights you hold regarding data protection laws applicable to you. You may require disclosure of personal information, correction, addition, and elimination of content, suspension and erasure of usage, and suspension of provision to third parties in accordance with Japanese laws regarding protection of personal information. In addition, in data protection laws of each country that will be applied, rights may be granted to Data Subjects. For rights granted in each country, please refer to the country-specific exhibits. If you wish to exercise your rights, please make an inquiry using the contact in Section 12 (Contact Details) of this notice. You may assert your rights as long as you meet requirements applicable to you under data protection laws.
We may, in making changes to this notice (including country-specific exhibits), revise this notice by publishing on our website, sending email, or giving notice by any other method that we deem appropriate (subject to applicable laws and regulations, if any). The revised content is issued from the date of revision indicated at the top of this notice.
Should you have any questions regarding this notice or the personal information on Data Subjects that we retain, please contact us by mail or email at the following address.
SB Payment Service Corp.
Tokyo Portcity Takeshiba Office Tower, 1-7-1 Kaigan, Minato-ku, Tokyo 105-7529
For the name of the representative director, please refer to the Company Profile page.