What data do we collect from you?

We collect the following types of personal data through our websites: Internet activity information, IP address, iOS terminal ad identifier, Android terminal ad identifier, Terminal information (UserAgent, OS, Device, etc.), Transactional information (the online purchases and actions made by a consumer, Order ID, order information like products and services and online timestamp) unique personal identifier and online identifier. We also collect personal information you choose to provide to us when submitting an inquiry submission form, such as name, contact information, phone number, and address.
We take care to collect only the data that we need. The majority of the data we use is machine generated. It lets us single out a person but it does not reveal who that person is.
We store an individual sequence of figures in respect of a transaction that does not reveal the name of a particular end user and contains information on the Advertiser’s campaign, the Publisher, the end user action (i.e. a click or a view and in which country it occurred), and the device that is used.
We also receive limited transactional information via the Tag, to confirm that a transaction has occurred and carry out accurate commission allocating, billing and reporting. Such information includes the order value, whether a voucher has been used, product type, and sales channel.
* Our data processing activities relating to end user, do not require the direct identification of an individual and therefore we mostly hold what is known as “pseudonymous” data in this respect. Pseudonymisation is privacy-enhancing. It is the separation of data from direct identifiers so that data can no longer be attributed to a specific individual without the use of additional information. Pseudonymisation, therefore, reduces the risks associated with data processing, while also maintaining the data’s utility.

How do we collect your personal data?

We may collect some personal data on you automatically through the use of cookies and other technologies such as Tags. These features are designed to be a reliable mechanism for websites to remember useful information or to record your browsing activity to improve usability and functionality.
Personal data collected by these cookies and other technologies are used for the purposes of providing our services to our business customers. If you do not wish for such information to be gathered using our cookies and other technologies, please note that you can configure your internet browser settings to reject all cookies, accept only certain cookies, or notify you when a cookie is set.
* We will only place our own Cookies or otherwise access a consumer’s device directly if we have been provided with consent to do so, as required by the ePrivacy Directive and the UK Privacy and Electronic Communications Regulations (PECR). However, certain essential Cookies do not require consent. This includes Cookies that are essential to comply with the GDPR’s security principle as well as Cookies that help ensure that content of a page loads quickly and effectively by distributing the workload across numerous computers.

Purposes for Using Your Personal Data

We use your personal data for the below purposes to the extent permitted or required under applicable laws.

• Providing tracking service to our business customers: We collect, maintain, and use your personal data for the purpose of tracking a data subject from an affiliate marketing website (“Affiliate Site”) to an advertiser’s product or service website which are registered in the services (“Advertiser’s Site”). This tracking services include, but are not limited to, measurement of the number of advertisements displayed to unique visitors, verification of the location and quality of advertisements displayed, auditing of compliance with these specifications and other standards, provision of advertising network services or affiliate marketing services including affiliate advertisements, and provision of analysis services (detail as below).
  * Tracking enables us to see that a data subject has visited an Affiliate Site, found a product/service, and clicked the link to be taken to the Advertiser's Site to review or purchase the product/service. The purpose of tracking is to attribute sales and marketing effort by a publisher who operates the Affiliate Site (“Publisher”) to a particular transaction, to enable an advertiser who provide the product or service (“Advertiser”) to reward Publishers on a per transaction basis. Tracking also allows us to provide Publishers and Advertisers with related reports. The majority of these reports contain only aggregated statistical data, but we don’t know who the data subject is. We permit Publishers to enquire as to whether an action by a user ought to have generated a commission for that Publisher. This necessitates the sharing of information, between Publishers and Advertisers. Advertisers use the information provided by Publishers to verify against their own records. We enable this data sharing and the payment of any commission due to the Publisher as a result.
• Improving service quality: We may retain and use your personal data for our internal use to build or improve the quality of our services.
• To protect against security and fraud: We may retain and use your personal data to detect data security issues or to protect the security of data subjects, us, our platforms, our business customers, our agents and affiliates, and/or the public, rights, property or individuals from unauthorized or illegal acts.

We do not use your personal data;

• for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law);
• to make predictions or evaluations of a consumer’s interest; and
• to create advertising profiles.

Legal Basis

Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to provide tracking service to our business customers, improve service quality, and/or protect against security and fraud, as aforementioned.

Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.

Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you submit an inquiry submission form.

legitimate interests in using your personal data

We have carried out a balancing test and have identified legitimate interest as a basis for processing your personal data for the purposes set out in this section of the policy.
When assessing our reliance on legitimate interest, the interests of the full affiliate ecosystem were considered. A balancing test was carried out and it was confirmed that tracking carries a low risk of undue negative impact on the end user’s interests or fundamental rights and freedoms. Legitimate interests are not limited to the interests of Forit Group, but can be legitimate interests of a third party or to society as a whole. In the context of our service, we consider that:

• Advertisers have an interest in carrying on an online advertising campaign, paid for on a performance basis, whereby third party referrers of customers or potential customers of the Advertiser are compensated for referrals which generate revenue for the Advertiser or which undertake another act desired by the Advertiser.
• Publishers have an interest in monetizing their content, services or other aspects of the Publisher Site by generating advertising revenue which is paid on a performance basis.
• Advertisers and Publishers have an interest in obtaining reports relevant to their respective business revenue generation.
• We have an interest in operating an affiliate marketing platform, and to provide technology, services and reporting, in return for payment from Advertisers.
• Forit Group, Advertisers, Publishers and society at large have an interest in preventing fraud, misuse of services, or money laundering.

We may share your personal data where necessary with the parties set out below for the purposes set out in the previous article.

• Internal Third Parties: Other companies in the Forit Group
• External Third Parties: Advertisers and Publishers. Service providers who provide IT and system administration services. Subcontractors regarding our service. Professional advisers including lawyers, auditors and insurers who provide consultancy, legal, insurance and accounting services.
• Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets: Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Your personal data may be transferred to and processed outside of the country you are located in by Group Companies and/or our service providers/processors. We will take all steps that are reasonably necessary to ensure that your personal data is treated securely and in accordance with this policy as well as applicable data protection laws.

Forit utilizes the EEA’s or UK’s Standard Contractual Clauses for the purposes of transfers from Forit to its Group Companies and/or service providers/ processors located outside of the EEA and UK. Regardless of where your information is processed, we apply the same protections described in this policy.
Group Companies process personal data if necessary and appropriate for the business purposes (or legal basis) for which it was collected, and this may include if you have contacted the Group Companies directly for assistance or provide them directly with your information. Your consent to this policy and your submission of personal data represents your agreement to those transfers.

You have a number of rights under data protection laws in relation to your personal data.
You have the right to:

• Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
• You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes.
• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
  • If you want us to establish the data's accuracy;
  • Where our use of the data is unlawful but you do not want us to erase it;
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Where you wish to exercise any of these rights, please send us the request via email at [fujimura@for-it.co.jp]. For your own privacy and security, we may require evidence of your identity or to be provided with additional information before we are able to act on your request when the information we have is insufficient to accommodate your request. We will attempt to provide any requested information or make requested changes in accordance with applicable laws.
* Please note that, as described under Article 1, Forit Group mostly holds what is known as “pseudonymous” data in respect of end users. Pseudonymisation means that we may not be in a position to identify the individual behind the data we hold and that we therefore cannot provide them with access, rectification, erasure or data portability without the provision of additional data (for example your IP address or device ID etc.).

We generally retain personal data for as long as reasonably needed for the specific business purpose or purposes for which it was collected and the duration of your use of our websites. In some cases, we may be required to retain information for a longer period of time based on laws or regulations that apply to our business. Where possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the original retention period. Once personal data is no longer necessary, we delete or anonymize it subject to and as required by applicable data protection laws.

If you have any questions about this policy or about the use of your personal data or you want to exercise your privacy rights, please contact us in the following ways:

Personal Data Protection Officer contact details
Name: HIROKI FUJIMURA
Email: fujimura@for-it.co.jp
Postal Address: 9th floor E-Space Tower, 3-6, Maruyamacho, Shibuya-ku, Tokyo 150-0044 Japan

Company Information
Company Name: For it Inc.
Postal Address: 9th floor E-Space Tower, 3-6, Maruyamacho, Shibuya-ku, Tokyo 150-0044 Japan
Tel: +81 3-5728-5865
Monday to Friday
10:00-19:00
Regular holidays: Saturday and Sunday/National holidays (under Japanese holiday laws)/Year-End and New Year holidays

We have put in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

We may update this policy from time to time. We reserve the right to modify, add or remove portions of this policy. If we decide to change this policy, we will notify you of these changes via email and/or post an alert on the home page of this website.