Skip to content
GaleiraGALEIRA
Log inGet started

Japan & South Korea addendum (APPI + PIPA)

Last updated: May 25, 2026

This addendum supplements our baseline Privacy Policy for users in Japan under the Act on the Protection of Personal Information (APPI, Act No. 57 of 2003 as amended in 2020/2022), and users in South Korea under the Personal Information Protection Act (PIPA, Act No. 10465 of 2011, as amended).

Japan — APPI

1. Notification of utilisation purpose (APPI Art. 21)

We use your personal information for the purposes set out in our baseline Privacy Policy: delivering the service, fraud / abuse prevention, customer support, and (with consent) analytics and product improvement. We will give prior notice and obtain consent before using your data for any materially different purpose.

2. Special-care-required personal information (Art. 2(3))

Biometric data (face vectors) constitutes "special care-required personal information" under APPI. We process it only with affirmative consent collected by the event host.

3. Cross-border transfers (Art. 28)

We obtain consent before transferring your personal information to a third party in a foreign country, except where a transfer mechanism recognised under Art. 28(1) applies (e.g. the foreign country has a personal-information-protection system recognised by Japan's PPC as substantially equivalent — the EU/EEA, the UK, the US Privacy Shield successor framework). We provide information about the receiving country's data-protection regime on request.

4. Rights (Arts. 33–35)

  • Right to be notified of utilisation purpose.
  • Right to request disclosure of retained personal data.
  • Right to correction, addition, deletion.
  • Right to request the suspension of use or third-party provision.

5. Personal Information Protection Commission

Complaints to the PPC: ppc.go.jp.

South Korea — PIPA

1. Mandatory notice items (PIPA Art. 17)

  • Recipient: Galeira (and processors named in our Privacy Policy).
  • Purpose: provision of the gallery service, billing, security, abuse-prevention, and (with consent) analytics.
  • Items provided: see our baseline policy.
  • Retention period: per host plan tier and our retention schedule.
  • Right to refuse: you may refuse consent; refusing necessary processing may make some service features unusable, refusing optional processing does not affect service.

2. Sensitive information & biometric data (Arts. 23, 24-2)

Korean PIPA treats biometric data used for the purpose of identifying a natural person as "sensitive information". Our face-grouping feature requires affirmative, separate consent and is off by default.

3. Cross-border transfer (Arts. 28-8 to 28-11)

We notify and obtain consent before transferring personal information overseas (or rely on the alternative bases in the 2024 amendments: standard contractual clauses certified by the PIPC, or a finding by the PIPC that the destination country provides an equivalent level of protection).

4. Data subject rights (Art. 35–39)

  • Right to be notified, access, correct, delete, and to suspend processing.
  • Right to damages for breach.

5. Personal Information Protection Commission of Korea

Complaints to the PIPC: pipc.go.kr/eng or the Personal Information Dispute Mediation Committee at kopico.go.kr.

Contact

For APPI / PIPA requests: [email protected], subject "APPI" or "PIPA". We respond within 30 days.