This Privacy Policy (hereinafter referred to as “this Policy”) sets forth our policy on how duhhh Inc. (hereinafter referred to as “the Company”) handles the personal information and personal data (hereinafter collectively referred to as “Personal Information”) of users of “duhhh School” (hereinafter referred to as “this Service”). This Privacy Policy is based on the “Act on the Protection of Personal Information” (hereinafter referred to as the “Personal Information Protection Law”) of Japan, and, the Company complies with the General Data Protection Regulation (hereinafter referred to as “GDPR”) of the EU and the UK.

(1) Corporate name: duhhh Inc.
(2) Location: R3Aoyama 3F, 1-3-1 Kita-Aoyama, Minato-ku, Tokyo
(3) Representative: Daisuke Yukita

2.1. Compliance with the Personal Information Protection Law
The Company handles users’ Personal Information in accordance with the  Personal Information Protection Law and its related guidelines.

2.2.  Compliance with the GDPR
The Company processes the Personal Information of users located in the European Economic Area (EEA) and the United Kingdom (UK) (hereinafter collectively referred to as “the users in the EEA and the UK”) in accordance with the GDPR and related guidelines.

3.1. Types of Personal Information collected
The Personal Information the Company collects when registering to use this Service is as follows.
(1) Name
(2) E-mail address
(3) Address
(4) Place of work
(5) Credit card information

3.2. Purpose of use
The Company uses the Personal Information listed in 3.1. for the following purposes.
(1) Purpose of providing content such as teaching materials related to this Service
(2) Purpose of providing information such as guidance related to this Service
(3) Purpose of responding to inquiries from users
(4) Purpose of charging usage fees for this Service
(5) Purpose of providing information on the services or events of our company or businesses affiliated with our company

3.3. Grounds that can be treated under the GDPR
For the purposes listed in 3.2. (1) through (4), this is necessary to fulfill the contract to provide this Service to the user. The processing of personal data from the users in the EEA and the UK for these purposes is lawful under Article 6.1.(b) of the GDPR.For the purpose of 3.2.(5), it is necessary for the legitimate interests of our company and affiliated businesses, and the disadvantage caused to users is minor. For this purpose, processing of personal data from the users in the EEA and the UK  is lawful under Article 6.1.(f) of the GDPR.

3.4. Whether it is necessary to provide Personal Information
If the user does not provide the Company with the Personal Information listed in 3.1., the user will not be able to receive this Service (however, providing such Personal Information is not a legal obligation).
‍
3.5. How to manage Personal Information
The Company outsources the handling of Personal Information listed in 3.1. to Stripe, Inc. (hereinafter referred to as “Stripe”). Stripe manages Personal Information securely and in compliance with the GDPR based on our contract with Stripe. For more details, please refer to the linked page below.
Link: https://stripe.com/en-jp/legal/privacy-center

3.6. Retention period of Personal Information
The Company will retain the Personal Information listed in 3.1. for the period necessary to provide the user with this Service and other services related to this Service.

4.1. About Google Analytics and Google Tag Manager
The Company uses Google Analytics and Google Tag Manager provided by Google LLC (hereinafter referred to as “Google”). In conjunction with the use of Google Analytics and Google Tag Manager, cookies may be stored and used on the user’s device to collect, record, and analyze the user’s visit history.

4.2. Purpose of use of Google Analytics and Google Tag Manager
The Company receives statistical information on user behavior from Google. The Company uses this information to analyze user interests and improve services. This information does not include information that can identify a specific individual.

4.3. Opting out of Google Analytics and Google Tag Manager
Users can opt-out of Google Analytics and Google Tag Manager by selecting "No" in the "Cookie Consent" section of this Service or by using the add-ins provided on the following websites: https://tools.google.com/dlpage/gaoptout/

4.4. Google Privacy Policy and Terms
Google manages the information collected in Google Analytics and Google Tag Manager as set forth in the following Privacy Policy and Terms of Use.
(1) Privacy policy: https://policies.google.com/privacy
(2) Terms and Conditions: https://marketingplatform.google.com/about/analytics/terms/jp/

4.5. Grounds that can be treated under the GDPR
The handling of users’ Personal Information in connection with the use of Google Analytics and Google Tag Manager is necessary for the Company’s legitimate interests, and the disadvantages to users are minor. Such processing is lawful according to Article 6.1.(f) of the GDPR.

4.6. Whether it is necessary to provide Personal Information
If the user refuses to provide Personal Information handled by the Company or Google in connection with the use of Google Analytics and Google Tag Manager, the user may not be able to use this Service (however, providing such Personal Information is not a legal obligation).

5.1. About Mailchimp
The Company uses “Mailchimp”, a service provided by Intuit Inc. to send e-mail to the e-mail address registered by the user at the time of registration, for the following purposes.
  (1) Purpose of providing content such as teaching materials related to this Service
  (2) Purpose of providing information such as guidance related to this Service

5.2. How to manage e-mail addresses in Mailchimp
In connection with the use of Mailchimp, the Company entrusts Intuit Inc. with the handling of users’ e-mail addresses. Intuit Inc.  securely manages users’ e-mail addresses in accordance with our agreement and in compliance with the GDPR. For details, please refer to the linked page below.
Link: https://www.intuit.com/privacy/
‍
5.3. Use of web beacons
　5.3.1. Information collected through the use of web beacons
　E-mails delivered to users by the Company using Mailchimp contain web beacons (single-pixel GIF file embedded in e-mail). Intuit Inc. may use web beacons to understand user behavior with respect to reading e-mail, including whether users open e-mail and the type of e-mail client users use.

　5.3.2. Purpose of use
　Intuit Inc. will use the information set forth in 5.3.1. for the purpose of improving the functionality of Mailchimp, and to provide the Company with statistical information based on an analysis of the user’s behavioral history regarding the reading of e-mails.

　5.3.3. Grounds that can be treated under the GDPR
　The information set forth in 5.3.1. is necessary for the legitimate interests of the Company and Intuit Inc. and the disadvantages caused to the user are minor. The processing of such information is lawful according to Article 6.1.(f) of the GDPR.

　5.3.4. Whether providing information is mandatory or not
　If the user refuses to provide the Company with Personal Information set forth in 5.3.1, the user will not be able to receive an e-mail from the Company in connection with the user’s use of this Service (however, providing such Personal Information is not a legal obligation).

5.4. Intuit Inc. Privacy Policy
　For more information about how Intuit Inc. handles Personal Information, please refer to the following Privacy Policy.
  [Link]
  Privacy Policy: https://www.intuit.com/privacy/
  About web beacons: https://mailchimp.com/legal/cookies/

6.1. About Certifier
The Company uses “Certifier”, a service provided by Certifier sp. z o.o. to send e-mail to the e-mail address registered by the user at the time of registration, for the following purposes.
  (1) Purpose of issuing Certificate of Completion of this Service

6.2. How to manage e-mail addresses in Certifier
In connection with the use of Certifier, the Company entrusts Certifier sp. z o.o. with the handling of users’ e-mail addresses. Certifier sp. z o.o. securely manages users’ e-mail addresses in accordance with our agreement and in compliance with the GDPR. For details, please refer to the linked page below.
Link: https://certifier.io/privacy
‍
6.3. Use of Cookies
　6.3.1. Information collected through the use of Cookies
　E-mails delivered to users by the Company using Certifier contain Cookies. Certifier sp. z o.o. may use Cookies to understand user behavior with respect to reading e-mail, including whether users open e-mail and the type of e-mail client users use.

　6.3.2. Purpose of use
　Certifier sp. z o.o. will use the information set forth in 6.3.1. for the purpose of improving the functionality of Certifier, and to provide the Company with statistical information based on an analysis of the user’s behavioral history regarding the reading of e-mails.

　6.3.3. Grounds that can be treated under the GDPR
　The information set forth in 6.3.1. is necessary for the legitimate interests of the Company and Certifier sp. z o.o. and the disadvantages caused to the user are minor. The processing of such information is lawful according to Article 6.1.(f) of the GDPR.

　6.3.4. Whether providing information is mandatory or not
　If the user refuses to provide the Company with Personal Information set forth in 6.3.1, the user may not be able to receive a Certificate of Completion from the Company in connection with the user’s use of this Service (however, providing such Personal Information is not a legal obligation).

6.4. Certifier sp. z o.o. Privacy Policy
　For more information about how Certifier sp. z o.o. handles Personal Information, please refer to the following Privacy Policy.
  [Link]
  Privacy Policy: https://certifier.io/privacy

In order to use this Service, users must register to Discord and other services designated by the Company. The Personal Information to be provided upon registration for each service is described in the privacy policy of each service.

The procedures regarding the retained personal data of users (referring to “retained personal data” as defined in the Personal Information Protection Act; the same hereafter) are as follows.

8.1. Inquiries regarding the purpose of use of retained personal data and security management measures
The User may inquire of the Company regarding the purpose of use or security control measures of his/her retained personal data handled by the Company. For these inquiries, please contact the Company by e-mail at the e-mail address below. The Company will respond to these inquiries based on the Personal Information Protection Act.
[E-mail address for inquiries] support@duhhh.co

8.2. Request for disclosure of retained personal data
The User or his/her representative may request the Company to disclose his/her own retained personal data handled by the Company. Our company will respond to requests from users based on the Personal Information Protection Act. Requests for disclosure of retained personal data are as follows:
　8.2.1. How to claim
　When a user personally requests disclosure of retained personal data, please attach a copy of a document that can verify the user’s identity, and indicate (a) what type of retained personal data the user are requesting disclosure of, (b) whether the user would like disclosure by data or mail, and (c) if the user would like disclosure by mail, the user’s mailing address, if the user wish to request disclosure by e-mail, please send an e-mail to the following e-mail address.If a representative of the user requests disclosure of retained personal data, please attach a copy of a document that can verify the identity of the user and a copy of a power of attorney that can verify the identity of the user’s representative to the above e-mail.
  [Billing e-mail address] support@duhhh.co

　8.2.2. Disclosure fee
　If the user wish to disclose retained personal data, the user will be required to pay a disclosure fee of JPY 3,000 per case in advance. If the disclosure of retained personal data is made by mail, the customer is required to pay the postage fee in advance, in addition to the disclosure fee. If these payments are not made, the Company will not be able to respond to disclosure of retained personal data.

8.3. Request for correction/addition/deletion of retained personal data, or suspension of use/discontinuation of provision to third parties
　The User or his/her representative may request the correction, addition, or deletion of his/her own retained personal data handled by the Company, or the cessation of use or provision of such data to third parties. Our company will respond to requests from users based on the Personal Information Protection Act.If the user makes these requests in person, please send an e-mail with the details of the request along with a copy of a document that can verify the user’s identity to the following e-mail address.If the user’s representative makes these requests, please attach a copy of a document that can verify the user’s identity and a copy of the power of attorney that can verify the user’s identity as the user’s representative to the above e-mail.Even if the Company receives a request from a user, the Company will not be able to respond to the request when there is no justification for the request or if the content of the request is unclear.
  [Billing e-mail address] support@duhhh.co

9.1. Obtaining information regarding the processing of Personal Information
The users in the EEA and the UK have the right to obtain from the Company all necessary information regarding the processing of personal data relating to them (Articles 13 and 14 of the GDPR).
‍
9.2. Access to Personal Information
The users in the EEA and the UK have the right to ask us whether the Company is processingPersonal Information related to them. The Company also reserves the right to access the Personal Information and related information that the Company handles (GDPR Article 15).

9.3. Rectification and erasure of Personal Information
The users in the EEA and the UK have the right to have inaccurate Personal Information relating to them corrected without undue delay and to have incomplete Personal Information made complete (GDPR Article 16). In addition, if certain requirements are met, the user have the right to have Personal Information relating to the user erased without an undue delay (GDPR Article 17).

9.4. Restrictions on the processing of Personal Information
The users in the EEA and the UK have the right to restrict the processing of their Personal Information if certain requirements are met (GDPR Article 18).

9.5. Objection to the processing of Personal Information
The users in the EEA and the UK have the right to object to the processing of personal data relating to them if certain requirements are met (GDPR Article 21).

9.6. Data portability of Personal Information
The users in the EEA and the UK have the right to receive personal data relating to them in a structured, commonly used, machine-readable format and the right to transfer it to another controller without hindrance from us, provided that certain requirements are met (GDPR Article 20).

9.7. Not be subject to automated decision-making
The users in the EEA and the UK have the right not to be subject to a decision based solely on automated processing (profiling includes) that has legal effects or similar significant consequences for them if certain requirements are met (GDPR Article 22). Please note that our company and the businesses to which the Company outsources the processing of Personal Information do not make such decisions.

9.8. Complaining to the Data Protection Supervisory Authority
The users in the EEA and the UK may object to the processing of their personal data by the Company to the Data Protection Supervisory Authority of the Member State of user’s habitual residence, place of work or place of the alleged infringement.

Our company will respond to inquiries regarding the processing of users’ Personal Information (this includes communications for exercising the rights set forth in 8.) will be accepted at the following e-mail address.
[E-mail address for inquiries] support@duhhh.co

The Company may revise this policy. In that case, the Company will announce the date of revision and the revised content on the web page providing this Service.

This policy is published in Japanese and English. If there is any conflict between the Japanese policy and the English policy, the Japanese policy shall take precedence.