Schoozy Privacy Policy
Privacy Policy
Last updated: April 13, 2026
This document has been translated from Japanese. In the event of any discrepancy between this translation and the Japanese original, the Japanese version shall prevail.
ELT Education, Inc. (hereinafter referred to as “the Company”) hereby establishes this Privacy Policy (hereinafter referred to as “this Policy”) regarding the handling of users’ personal information in connection with the international school information portal site “Schoozy” (https://schoozy.com; hereinafter referred to as “the Service”) operated by the Company.
1. Personal Information Handling Business Operator
Company name: ELT Education Inc.
Representative Director: Tatsuya Tanaka
Address: 5-32-12 Shiba, Minato-ku, Tokyo 108-0014, Japan
Contact: Contact form on the Service
2. Types of Personal Information Collected
The Company collects the following personal information in the course of providing the Service.
2-1. Information Directly Provided by Users
- User registration information: email address, password (stored in hashed form), display name, age information
- For registered users aged 16 or older but under 18: email address of a legal guardian
- Review submission information: content of the review, rating scores, date and time of submission, attributes such as year of attendance
- Inquiry information: name, email address, content of the inquiry
- Rights infringement report information: name or designation of the reporter, contact information, content of the report
- Official responses from listed schools: affiliation and title of the respondent, content of the response
- Payment information for paid services: credit card information, etc. (processed through a payment processing service provider; the Company does not directly hold card numbers)
2-2. Information Collected Automatically
- Access logs: IP address, browser type, operating system, date and time of access, referring URL
- Information collected through cookies and similar technologies: session ID, user preferences, language settings
- Usage data: pages viewed, search keywords, time spent on pages, click history
- Device information: device type, screen resolution, time zone
For details on cookies and similar technologies, please refer to the Cookie Policy separately established by the Company.
3. Purpose of Use of Personal Information
The Company uses the personal information collected within the scope of the following purposes.
If the Company changes the purposes of use described above, the Company will publicly announce the revised purposes of use on the Service or notify users individually.
4. Provision of Personal Information to Third Parties
The Company will not provide users’ personal information to third parties, except in the following cases.
- When the user has given consent
- When required by laws and regulations
- When it is necessary for the protection of a person’s life, body, or property and it is difficult to obtain the consent of the individual
- When it is particularly necessary for the improvement of public health or the sound development of children and it is difficult to obtain the consent of the individual
- When it is necessary to cooperate with a national government agency, a local government, or an entity entrusted by either in performing duties prescribed by laws and regulations, and obtaining the consent of the individual may impede the performance of such duties
- When responding to a court order or a sender information disclosure request based on laws and regulations
4-1. Provision to Subcontractors
The Company may entrust all or part of the handling of personal information to external service providers to the extent necessary for achieving the purposes of use. In such cases, the Company exercises necessary and appropriate supervision over the subcontractors to ensure the safe management of personal information. The main categories of subcontractors are as follows.
- Cloud infrastructure providers (server hosting, database management)
- Payment processing service providers (payment processing for paid services)
- Email delivery service providers (notification emails, newsletter distribution)
- Analytics service providers (Google Analytics, etc.)
4-2. Joint Use
The Company does not currently engage in the joint use of personal information. If the Company begins joint use, this Policy will be revised in advance to specify the purpose of joint use, the categories of personal information to be jointly used, the scope of joint users, and the administrator responsible for management.
5. Provision to Third Parties in Foreign Countries (Cross-border Data Transfer)
Part of the infrastructure of the Service may be provided using servers located outside of Japan. In such cases, users’ personal information may be stored on servers in those countries.
When the Company provides personal information to a third party in a foreign country, the Company will take one of the following measures in accordance with Article 28 of the Act on the Protection of Personal Information (APPI).
- When the third party is located in a country recognized as having a level of protection of personal information equivalent to that of Japan (EU/EEA member states and other countries designated by the Personal Information Protection Commission)
- When the third party continuously takes measures equivalent to those required of a Personal Information Handling Business Operator
- When the user has given consent
Japan has received an adequacy decision from the European Commission; therefore, transfers of personal data from the EU/EEA to Japan may be conducted without additional safeguards under the GDPR.
6. Security Measures
The Company takes the following measures to prevent the leakage, loss, or damage of personal information and to ensure its safe management.
Organizational Security Measures
- Appointment of a person responsible for the handling of personal information
- Establishment of internal rules regarding the handling of personal information
- Regular inspection and auditing of the status of personal information handling
Personnel Security Measures
- Provision of education and training on personal information protection for employees
- Execution of confidentiality agreements regarding personal information
Physical Security Measures
- Management of areas where personal information is handled
- Prevention of theft of equipment and electronic media containing personal information
Technical Security Measures
- Access control and identification/authentication of persons accessing personal information
- Prevention of unauthorized external access to information systems handling personal information
- Encryption of communications (SSL/TLS)
- Storage of passwords in hashed form
7. Retention Period of Personal Information
The Company retains personal information only for the period necessary to achieve the purposes of use, and after such purposes have been achieved, the Company will delete or anonymize the information in a safe manner within a reasonable period. The main retention periods are as follows.
8. Users’ Rights (Rights Under Japanese Law)
Users may make the following requests to the Company pursuant to the Act on the Protection of Personal Information (APPI). The Company will respond within the period prescribed by law after verifying the identity of the requester.
- Notification of the purpose of use: Users may request notification of the purposes for which the Company uses their personal information.
- Disclosure: Users may request disclosure of personal information held by the Company. Disclosure will, in principle, be provided by means of electronic records.
- Correction, addition, or deletion: Users may request correction, addition, or deletion of personal information held by the Company if its content is inaccurate.
- Suspension of use or erasure: Users may request the suspension of use or erasure of their personal information if the Company uses it beyond the scope of the stated purposes or if it was obtained through unlawful means.
- Cessation of provision to third parties: Users may request the cessation of provision of their personal information to third parties if the Company has unlawfully provided such information to third parties.
To make any of the above requests, please contact us through the contact form on the Service or at the contact information provided below. Please note that we will verify your identity when responding to your request.
9. Additional Rights for Users Residing in the European Economic Area (EEA), the United Kingdom, and Switzerland
When the Service processes personal data of users residing in the EEA, the United Kingdom, or Switzerland, the following rights are recognized in addition to those set forth in the preceding Article, pursuant to the EU General Data Protection Regulation (GDPR) and applicable data protection legislation.
9-1. Legal Basis for Processing
The Company processes personal data based on one of the following legal bases.
- Performance of a contract (Article 6(1)(b) GDPR): Processing necessary for the provision of the Service, such as user registration, review posting functionality, and account management
- Legitimate interests (Article 6(1)(f) GDPR): Service improvement and analysis, prevention of fraudulent use, and ensuring security. In such cases, processing is carried out to the extent that it does not override the rights and interests of users.
- Consent (Article 6(1)(a) GDPR): Email communications for marketing purposes, use of optional cookies. Consent may be withdrawn at any time.
- Compliance with a legal obligation (Article 6(1)(c) GDPR): Data retention required by law, response to sender information disclosure requests
9-2. Additional Rights
In addition to the rights set forth in the preceding Article, the following rights are recognized.
- Right to data portability: Users may request to receive the personal data they have provided to the Company in a structured, commonly used, and machine-readable format, or to have such data transferred directly to another controller where technically feasible.
- Right to restriction of processing: Users may request the restriction of the processing of their personal data under certain conditions.
- Right to object: Users may object to processing based on legitimate interests. Users may object to processing for direct marketing purposes at any time.
- Right not to be subject to automated decision-making: Users have the right not to be subject to a decision based solely on automated processing of personal data that produces legal effects or similarly significantly affects them. The Company does not currently engage in such automated decision-making.
- Right to lodge a complaint with a supervisory authority: Users may lodge a complaint with the data protection supervisory authority of the EU/EEA member state in which they reside regarding the Company’s handling of personal data.
9-3. Data Protection Officer
As the Company does not currently have an establishment within the EEA, the obligation to appoint a Data Protection Officer (DPO) under Article 37 of the GDPR does not apply. However, inquiries regarding the handling of personal data may be directed to the contact information provided below.
10. Privacy of Children and Minors
10-1. The Company does not knowingly collect personal information from individuals under the age of 16 without the consent of a parent or legal guardian. If the Company becomes aware that personal information has been provided by an individual under the age of 16, the Company will promptly take measures to delete such information.
10-2. When a user aged 16 or older but under 18 registers for the Service, the Company will confirm consent through the email address of a legal guardian (Article 4, Paragraph 3 of the Terms of Use).
10-3. When a current student aged 16 or older but under 18 submits a review, the Company will send an approval request to the legal guardian regarding the content of the review, and will publish the review only after obtaining the legal guardian’s approval (Article 9, Paragraph 2 of the Terms of Use). The legal guardian may request the deletion of the review even after approval has been granted.
10-4. For reviews submitted by current students, enhanced anonymization measures are applied in the display method to minimize the risk of identifying the reviewer within the school. The Company will not disclose information that identifies the reviewer of a current student to the listed school, except as required by law or by order of a court (Article 9, Paragraphs 3 and 4 of the Terms of Use).
11. Use of Cookies and External Transmission Technologies
The Company uses cookies and similar technologies (web beacons, local storage, etc.) in the provision of the Service. For details regarding the use of these technologies (types of technologies used, transmission destinations, purposes of use, opt-out methods, etc.), please refer to the Cookie Policy separately established by the Company.
The Company complies with the external transmission regulations under Article 27-12 of the Telecommunications Business Act and discloses in its Cookie Policy the content and destinations of information transmitted externally from users’ devices.
12. Contact Information
For inquiries, complaints, or requests for disclosure regarding the handling of personal information, please contact the following.
ELT Education Inc. — Personal Information Inquiry Desk
Address: 5-32-12 Shiba, Minato-ku, Tokyo 108-0014, Japan
Contact method: Contact form on the Service
The Company will endeavor to respond to inquiries within a reasonable period.
13. Amendments to This Policy
The Company may amend this Policy in response to changes in laws and regulations, changes in social conditions, changes in the content of the Service, and other relevant circumstances. The amended Policy shall take effect upon being posted on the Service. In the case of material changes, the Company will notify users by means such as posting a notice on the Service or sending an email notification.
14. Governing Law
This Policy shall be governed by and construed in accordance with the laws of Japan. However, for users residing in the EEA, the United Kingdom, or Switzerland, the GDPR and applicable data protection legislation shall also apply.