FFRI yarai Information Collection Policy

 

The FFRI yarai Information Collection Policy ("Policy") explains how information collected by FFRI Security, Inc. ("FFRI") via "FFRI yarai" (including FFRI yarai monthly edition; hereinafter, "Product") from a user of this Product ("user") is handled.

The contents of this policy are subject to revision without an agreement from an individual user. Please refer to the web page, https://www.ffri.jp/information/privacy/yarai_eng_privacy_policy.htm, for the latest policy contents.

It is deemed that a user agrees to the latest version of this Policy.

 

I. Collection of information by Product

1. Information to be Collected

FFRI shall collect the following information from a user using this Product in a form that does not identify a specific individual.  The information shall be collected via this Product and transmitted to FFRI server ("Server").

1-1 User Attribute Information Registered Upon Initial Usage of Product

Attribute Information that cannot specify an individual shall be transmitted to the Server.

 

1-2 Use Environment of This Product

Information related to the hardware environment in which this Product is installed, Operating System, and applications concurrently running shall be transmitted to the Server.

 

1-3 Information Pertaining to Detected Files

Information pertaining to files detected as malware or vulnerability attacks will be transmitted to the Server.

 

1-4 Application Operation Logs

Operation logs of the application shall be transmitted to the Server. Operation logs include information that could be useful for quality improvement of the application. While this may include personal information, in no case shall FFRI identify a user based on such information.

 

2. Purposes of Usage of Information Collected By This Product

2-1 Improvement of usability of this Product operated on users' machines

2-2 Addressing problems occurred from the system operation

2-3 Improvement of products and FFRI's business development

   Other purposes of usage shall be as described in Article VI.

 

3. Provision of Information Collected Via This Product to A Third Party

In no case shall FFRI collect personal information that may identify a user via this Product or provide the collected information to a third party without a user's consent. Information collected via this Product will only be provided to a third party upon consent of the user after specifying the destination and the purpose of the provision; provided that the above will not be applicable in any of the following cases or in case of the following "4. Provision of Information Collected Via Product To Business Alliance Party/Business Outsourcing Party".

3-1 In case there is a legal inquiry from a judicial or administrative organization, such as courts or police departments, or other entities equivalent thereto;

3-2 In case FFRI deals with breach of laws, regulations, the terms and conditions provided by FFRI or issues of normal social conventions;

3-3 In case it is necessary for protection of safety, rights and interests of users and other third parties; and

3-4 In addition to the above, in case provision or disclosure to a third party is admitted by the laws and regulations.

 

4. Provision of Information Collected Via Product To Business Alliance Party/Business Outsourcing Party

Notwithstanding the above provisions, FFRI may provide the information collected via this Product to its business alliance parties or business outsourcing parties and allow the same to be used for the alliance business or outsourced business to the extent of the above "2. Purposes of Usage of Information Collected By This Product". In such case, FFRI will include all terms and conditions required by applicable laws and regulations (including guidelines) in the relevant agreements made with aforesaid parties and will make all reasonable effort to perform necessary and proper supervision.

 

 

II. Detection Review Setting

A user may submit a scanned file or a file detected by this Product as malware or vulnerability attack ("Target File") using "Detection Review setting" ("Setting") of FFRI AMC based on this Policy to determine if it is a legitimate software (over-detection) or malware and receive the result on FFRI AMC.

1. Information Transmitted When Using This Setting

Following information ("Transmitted Information") shall be transmitted to FFRI server from a user ("Target User") who submits the inquiry based on the preceding paragraph. FFRI shall perform the review set forth in the preceding paragraph using Transmitted Information and transmit the review result to Target User when it becomes available. Other purposes of usage of the Transmitted Information shall be as described in Article VI. FFRI will not provide Transmitted Information to third parties in any format that could be identified by other third parties, unless otherwise specified by laws and regulations.

 

1-1. Target File

This includes information pertaining to the Target File that is required for the review process.

 

1-2. Information To Identify Target User

This includes user attributable information registered upon initial usage of this Product, FFRI AMC and this Setting which shall be used for the aforesaid review process and sending back the review result.

 

1-3. Target User's User Environment For This Product

This includes information pertaining to this Product managed by FFRI AMC (software version information, the hardware environment in which this Product is installed, Operating System, applications concurrently running, etc.) that is required for the review of Target File.

 

1-4. Target User's Product Operation Logs Managed By FFRI AMC

This information is used for Target File review.

 

 

III. Cloud Collaboration Feature

 

In addition to this Setting, a user may submit a Target File using "Cloud Collaboration Feature" ("Feature") through FFRI AMC or not through FFRI AMC based on this Policy to determine if it is a legitimate software (over-detection) or malware and receive the result on the Product.

 

1. Information Transmitted When Using This Feature

 

Hash values relating to a Target File ("Hash Values") shall be transmitted from a User who submits a Target File based on the preceding paragraph ("Target User of this Feature") to the FFRI server. FFRI shall perform the review set forth in the preceding paragraph using the Hash Values and transmit the result to a Target User of this Feature when it becomes available. Other purposes of usage of Hash Values shall be as described in Article VI.

 

IV. Log Collection Feature

FFRI uses the "Log Collection Feature", which is used to manually distribute log collection commands via FFRI AMC to collect user information, in order to collect the information required to provide the Support Service, etc.

 

1. Information collected when using the Log Collection Feature

FFRI may collect information regarding the user's system information (information about the system, services, tasks, network, drivers, installed software, etc.), Product log information and setting information managed by the system and FFRI AMC, Microsoft Defender information, special folder information, information stored in the browser, registry information, and other information. Other purposes of usage of this information shall be as described in Article VI.

 

V. Support Service

FFRI shall provide a Support Service to a user who has purchased the Product, for the objectives of ensuring the proper and suitable use of the Product and assisting in the resolution of any issues that occur and are confirmed in use of the Product.

 

1. Information collected in the Support Service

In conducting the Support Service, FFRI may collect user system information for the environment where FFRI AMC is installed (information about the system, services, tasks, network, drivers, installed software, etc.), log information regarding the system and FFRI AMC, information on FFRI AMC settings, and other information in addition to the information described in I-IV above. Other purposes of usage of this information shall be as described in Article VI.

 

VI. Purpose of Usage of the Information Collected

FFRI shall be able to view and use the information collected through I-V above at any time for the following purposes:

(1) For user support such as updates and maintenance of FFRI products

(2) For improvement, development, etc. of FFRI product functions and quality

(3) For improvement in quality of FFRI services

(4) For external disclosure including research pertaining to detected malware or @vulnerability attacks and commercial usage such as statistical data and malware analysis information

However, FFRI shall never provide user attributable information to third parties in any format that could be identified by other third parties.

Moreover, FFRI shall take the necessary and appropriate safety control measures to manage the information that is collected in I-V above.

 

VII. Disclaimer

Malware and vulnerability attacks continuously become more sophisticated and complicated on a daily basis and in no case shall FFRI guarantee to Target User, etc., that this Setting and this Feature work perfectly. Target User, etc., hereby agrees that FFRI shall not be liable for any damages incurred by Target User, etc., with respect to usage of the Setting and the Feature.

 

VIII. Reference On Information Collected via Product

All inquiries, such as questions and complaints, related to the information collected via the Product shall be directed to FFRI at [email protected].

 

Revised on March 30, 2023