Privacy Policy (under the Japanese Act on the Protection of Personal Information)

LAST UPDATED: 1 April 2022

This privacy policy is originally prepared in the Japanese language, which language shall control, and any translation in any other language shall be for reference only and shall not bind you or the Company.

DeNA Co., Ltd. (the "Company") collects personal information in certain cases for the provision of Company services.
Through this Privacy Policy the Company hereby publicly announces its policy for handling personal information.

In this Privacy Policy "Company Services" shall refer to the following:

• system usage services and information provision services related to games, auctions, shopping malls, content, etc.
• Services related to sales of products, etc. (including travel, insurance, and other financial products, the same shall apply hereinafter) of the Company and a third party
• Payment processing services
• Logistics services

For some services the Company may apply a service-specific privacy policy. In the event of any conflict between the service-specific privacy policy and this Privacy Policy, the service-specific privacy policy shall prevail.

1. Acquisition of Personal Information

The Company acquires personal information primarily in the following situations (The following are examples, and the Company may acquire information using methods other than those indicated below.).

Provision by Customers

The Company obtains necessary information such as the name, address, telephone number, age, e-mail address, and content, etc. when customers use Company Services, apply to enter campaigns, purchase products, etc., post products, etc., or register their work, text, images, or video content, etc.

For Company Services that require identification and age verification, the Company may obtain identification documents such as a driver’s license.

In healthcare and other businesses, the Company may obtain personal information such as height, weight, and the results of medical checkups. The Company may acquire sensitive personal information if the Company obtains prior consent thereof from the individual concerned or if permitted by law.

Provision from Third Parties

The Company may acquire personal information from third parties, including group companies and business partners, to the extent necessary to achieve the purpose of use.

Provision from Partner Companies, Shareholders, Etc.

The Company may acquire the name, telephone number, e-mail address, and other information to contact partner companies (including potential business partners with whom the Company has only exchanged business cards, the same shall apply hereinafter), shareholders, and others necessary for the operation of the Company’s business.

In addition, in order to provide Company Services to customers smoothly, the Company may collect information related to individuals such as product models, device identifiers, OS versions, IP addresses, advertising identifiers, cookies and other device-specific identifiers, and service usage history from customers’ information terminals.

Please refer to the Company Privacy Policy on Recruitment Activities for information on personal information collected in recruitment activities.

2. Purpose of Use

The Company acquires and uses personal information only to the extent necessary to achieve the following purposes of use.

To Propose/Provide/Operate Services

The Company may use personal information for the purpose of proposing, providing, and operating services in accordance with the following purposes of use:

• To provide information on Company Services and the products, etc. and services of the Company’s business partners
• Advertisement or promotion of the Company’s and third parties’ products, etc. (including sending direct mail and e-mails)
• To provide Company Services
• To post member descriptive information on Company Services
• To identify, confirm the identity of, and authenticate customers using Company Services
• To store the usage status of Company Services for each customer
• To improve the convenience of Company Services
• To conduct sweepstakes, campaigns, point services, questionnaires and the like
• To arrange for or ship products, etc., free gifts, and the like
• To provide after-sales services and maintenance or to respond to inquiries and complaints about Company Services
• To investigate/respond to problems with Company Services
• For billing and billing calculations
• For other purposes as individually determined for each of the Company’s services

To Monitor/Take Measures Against Unauthorized Use/Access, Etc.

In order to ensure the safe and secure use of Company Services, the Company may use personal information in accordance with the following purposes of use:

• To monitor and investigate illegal activities, deviations from the terms of use, unauthorized access and other activities misusing customers’ accounts, etc.
• To confirm the results of investigations into illegal activities, deviations from the terms of use, unauthorized access and other activities misusing customers’ accounts, etc. and to appropriately inform the concerned customers of the possibility, etc. of such misconduct
• To take measures to prevent illegal activities, deviations from the terms of use, unauthorized access and other activities misusing customers’ accounts, etc., or to correct or remedy such activities when they occur

For Research, Statistics, and Analysis of Marketing Data

In order to provide better services, the Company may use personal information in accordance with the following purposes of use:

• For surveys, statistics and analysis of the usage of Company Services
• To measure the effectiveness of marketing activities
• To improve the quality of Company Services, such as by enhancing the convenience of Company Services (including surveys, statistics, and analysis of marketing data conducted for this purpose)
• To plan and develop new services or new features and content, etc. for Company Services (including surveys, statistics, and analysis of marketing data conducted for such purposes)

To Contact Those Who Need to be Contacted in Order to Operate the Company business The Company may use personal information to contact partners, shareholders, and others to make proposals or negotiate contracts in order to promote Company business or transactions, or to introduce the Company’s products, etc. or services to them.

3. Provision of Information to Third Parties

The Company may provide personal information to third parties in the following cases:

Provision to Third Parties

The Company may provide a third party with personal information and information about an individual from which the third party is expected to be able to identify the specific individual, with the consent of the individual concerned (except as otherwise provided herein).

• When users of Company Services are published in the media, etc.
  For example, if the Company publishes a game player or live streaming broadcaster in a magazine, the Company may provide personal information such as names, photos, etc. of the player/broadcaster to media outlets.
• When it is necessary to use personal information for joint projects with business partners
  For example, the Company may provide names, contact information, etc. for business partners in order to plan joint business events for customers such as one in which the Company sells goods signed by celebrities at charity auctions and includes the winning bidder’s name on the goods afterwards.
• When disclosing information to payment processing providers (including agents)
  In order to settle fees and other amounts owed to the Company or exhibitors, the Company may provide the information for financial institutions, credit card companies, collection agencies, and other businesses that process payments or provide payment gateway services.
• When disclosing information to insurance companies for the purpose of insurance claims
  When making a claim to an insurance company for compensation of an insurance, the Company may provide the insurance company with information such as the name and contact information of the victim to whom the insurance payment is to be made.
• When permitted by law
  The Company may provide personal information to third parties without the consent of the individual concerned when permitted by law.
• When otherwise separately stipulated by the Company for each service

Outsourcing to Third Parties

In order to provide better Customer Services to customers, the Company may outsource the handling of personal information to subcontractors to the extent necessary to achieve the purposes of use, such as to support the operation of Company Services.

The Company has established standards and procedures for supervising subcontractors when outsourcing the handling of personal information.

Provision to Foreign Third Parties

The Company may provide personal information to third parties located in foreign countries in the following cases. When personal information is handled by a third party in a foreign country, the Company will keep abreast of the regulations for the protection of personal information in that foreign country and regularly check the security management systems, etc. for that service.

When personal information is provided in connection with the use of cloud services in a foreign country
For example, the Company stores and uses personal information that can identify specific individuals in the following cloud services:

• Cloud services that provide inbound marketing
• Cloud services that provide automated task management
• Cloud services for managing customer inquiries

When the Company provides personal information to third parties in foreign countries, the Company checks the security control systems at the time of provision and regularly thereafter. At the time of updating this Privacy Policy, the Company confirms that the third parties are located in foreign countries defined by the Rules of the Personal Information Protection Commission as those that have systems for the protection of personal information that are recognized as being of a standard similar to that in Japan in protecting the rights and interests of individuals, countries that have been certified as adequate under the GDPR, or countries that are members of the CBPR system, and that the third parties have obtained and maintain third-party security certification (SOC2, ISO27001, etc.).

4. Customer Rights

Request Disclosure, Correction, or Cessation of Use

To the extent permitted by law, customers may request to the Company the disclosure, correction, or cessation of use of their own personal information (hereinafter referred to as "disclosure, etc.").
To request disclosure, etc., please contact the Company through the URL below.
To request disclosure, etc., documentation that verifies the identity of the individual or their representative shall be required.

If a service-specific contact point has been established, please contact that service-specific contact point.

For inquiries: https://dena.com/jp/contact

Submitting Requests and Complaints

Please submit an inquiry for any requests or complaints regarding the handling of customer personal information through the URL below.
If a service-specific contact point has been established, please contact that service-specific contact point.

For inquiries: https://dena.com/jp/contact

5. Security Measures

The DeNA Group has established a Personal Information Management Committee/Information Security Management Committee chaired by the Representative Director & President to develop and operate a group-wide personal information and information security management system.

In accordance with the policy of the Information Security Management Committee, an Information Security Management Supervisor is appointed by the committee to oversee information security management operations. The Information Security Management Supervisor leads DeNA CERT, which consists of a cross-functional team from several departments, including the Security Division, Information Systems Division, Legal Division, and Corporate Planning Division, and works to improve security measures on a daily basis.

6. Handling of Personal Information by Linked Websites, Etc.

The websites, e-mail newsletters, social media and other platforms operated by the Company may include links to external websites. The Company has no control over any personal information that is registered on such external websites, so the Company will not be responsible for such information. When registering personal information on an external website, it is encouraged that you review the privacy policy for the said website.

7. Request to Customers

On the websites operated by the Company, a customer’s registered information may be protected by a user ID and a password. It is the customer’s responsibility to manage his or her user ID and password.
To ensure that the websites operated by the Company can be used in a safe manner, customers shall not post personal information of themselves or others on the websites operated by the Company.

8. Behavioral Targeting Advertising

"Behavioral targeting advertising" is advertisement that analyzes the behavior of customers in a website and delivers advertisements that are likely to be of interest to those customers according to their attributes and other factors.

In order to deliver advertisements that match the interests and concerns of the Company’s customers, the Company uses cookies, ad identifiers, etc. to acquire the browsing history of customers who have visited Company Services, their response history to advertisements, and their usage history of Customer Services (hereinafter collectively referred to as "behavioral history information"), and categorizes and stores this information according to the interests of customers based on the Company’s own standards.

The Company then provides this information together with attribute information that does not identify individuals for ad delivery service providers. Based on the categorized information, the ads are distributed to customers by the ad delivery service providers within Company Services and in the ad delivery service providers’ ad networks.

Customers’ behavioral history information acquired by the Company and provided for ad delivery service providers for the purpose of delivering behaviorally targeted advertisements is limited to information that does not identify individuals (i.e., information that does not include names, addresses, telephone numbers, etc.).

When You Wish to Stop Delivery

What Customers Can Do

In behavioral targeting advertising, cookies and ad identifiers, etc. are used. Customers can stop delivery of such ads by limiting the use of cookies and ad identifiers.

Action by the Ad Delivery Service Provider

Customers shall ask their ad delivery service providers to unsubscribe from behavioral targeting advertising.

The Company uses different ad delivery services for each of its services. Customers shall refer to the privacy policy or terms of use for each Company Service that clearly states the ad delivery service used, and stop delivery of the ads accordingly.

Caution

• If you limit the use of cookies, Company Services may not function properly and customers’ use of Company Services may be restricted.
• Even after the delivery of behavioral targeting advertising is suspended, advertisements that are not based on behavioral targeting will continue to be displayed.
• It may take some time for non-behavioral targeted advertisements to be displayed after the ad serving service is suspended.
• If you have only unsubscribed from the provision of behavioral history information and have not configured settings to unsubscribe from behavioral targeting advertising, you may receive behavioral targeting advertising based on the behavioral history information that was acquired and provided before you configured settings to unsubscribe from the provision of behavioral history information. If you do not wish to receive behavioral targeting advertising, please also unsubscribe from delivery of this advertising.

9. Changes to Privacy Policy

The Company may make changes to this Privacy Policy from time to time.
If a material change is made to this Privacy Policy, the Company will announce such change on its website.
Please check this webpage on a regular basis and ensure that you understand the Company’s Privacy Policy.