Privacy Policy (under the Japanese Act on the Protection of Personal Information)

LAST UPDATED: 1 April 2022

This privacy policy is originally prepared in the Japanese language, which language shall control, and any translation in any other language shall be for reference only and shall not bind you or the Company.

DeNA Co., Ltd. (the "Company") collects personal information in certain cases for the provision of Company services.
Through this Privacy Policy the Company hereby publicly announces its policy for handling personal information.

In this Privacy Policy "Company Services" shall refer to the following:

For some services the Company may apply a service-specific privacy policy. In the event of any conflict between the service-specific privacy policy and this Privacy Policy, the service-specific privacy policy shall prevail.

1. Acquisition of Personal Information

The Company acquires personal information primarily in the following situations (The following are examples, and the Company may acquire information using methods other than those indicated below.).

Provision by Customers

The Company obtains necessary information such as the name, address, telephone number, age, e-mail address, and content, etc. when customers use Company Services, apply to enter campaigns, purchase products, etc., post products, etc., or register their work, text, images, or video content, etc.

For Company Services that require identification and age verification, the Company may obtain identification documents such as a driver’s license.

In healthcare and other businesses, the Company may obtain personal information such as height, weight, and the results of medical checkups. The Company may acquire sensitive personal information if the Company obtains prior consent thereof from the individual concerned or if permitted by law.

Provision from Third Parties

The Company may acquire personal information from third parties, including group companies and business partners, to the extent necessary to achieve the purpose of use.

Provision from Partner Companies, Shareholders, Etc.

The Company may acquire the name, telephone number, e-mail address, and other information to contact partner companies (including potential business partners with whom the Company has only exchanged business cards, the same shall apply hereinafter), shareholders, and others necessary for the operation of the Company’s business.

In addition, in order to provide Company Services to customers smoothly, the Company may collect information related to individuals such as product models, device identifiers, OS versions, IP addresses, advertising identifiers, cookies and other device-specific identifiers, and service usage history from customers’ information terminals.

Please refer to the Company Privacy Policy on Recruitment Activities for information on personal information collected in recruitment activities.

2. Purpose of Use

The Company acquires and uses personal information only to the extent necessary to achieve the following purposes of use.

To Propose/Provide/Operate Services

The Company may use personal information for the purpose of proposing, providing, and operating services in accordance with the following purposes of use:

To Monitor/Take Measures Against Unauthorized Use/Access, Etc.

In order to ensure the safe and secure use of Company Services, the Company may use personal information in accordance with the following purposes of use:

For Research, Statistics, and Analysis of Marketing Data

In order to provide better services, the Company may use personal information in accordance with the following purposes of use:

To Contact Those Who Need to be Contacted in Order to Operate the Company business The Company may use personal information to contact partners, shareholders, and others to make proposals or negotiate contracts in order to promote Company business or transactions, or to introduce the Company’s products, etc. or services to them.

3. Provision of Information to Third Parties

The Company may provide personal information to third parties in the following cases:

Provision to Third Parties

The Company may provide a third party with personal information and information about an individual from which the third party is expected to be able to identify the specific individual, with the consent of the individual concerned (except as otherwise provided herein).

Outsourcing to Third Parties

In order to provide better Customer Services to customers, the Company may outsource the handling of personal information to subcontractors to the extent necessary to achieve the purposes of use, such as to support the operation of Company Services.

The Company has established standards and procedures for supervising subcontractors when outsourcing the handling of personal information.

Provision to Foreign Third Parties

The Company may provide personal information to third parties located in foreign countries in the following cases. When personal information is handled by a third party in a foreign country, the Company will keep abreast of the regulations for the protection of personal information in that foreign country and regularly check the security management systems, etc. for that service.

When personal information is provided in connection with the use of cloud services in a foreign country
For example, the Company stores and uses personal information that can identify specific individuals in the following cloud services:

When the Company provides personal information to third parties in foreign countries, the Company checks the security control systems at the time of provision and regularly thereafter. At the time of updating this Privacy Policy, the Company confirms that the third parties are located in foreign countries defined by the Rules of the Personal Information Protection Commission as those that have systems for the protection of personal information that are recognized as being of a standard similar to that in Japan in protecting the rights and interests of individuals, countries that have been certified as adequate under the GDPR, or countries that are members of the CBPR system, and that the third parties have obtained and maintain third-party security certification (SOC2, ISO27001, etc.).

4. Customer Rights

Request Disclosure, Correction, or Cessation of Use

To the extent permitted by law, customers may request to the Company the disclosure, correction, or cessation of use of their own personal information (hereinafter referred to as "disclosure, etc.").
To request disclosure, etc., please contact the Company through the URL below.
To request disclosure, etc., documentation that verifies the identity of the individual or their representative shall be required.

If a service-specific contact point has been established, please contact that service-specific contact point.

For inquiries:

Submitting Requests and Complaints

Please submit an inquiry for any requests or complaints regarding the handling of customer personal information through the URL below.
If a service-specific contact point has been established, please contact that service-specific contact point.

For inquiries:

5. Security Measures

The DeNA Group has established a Personal Information Management Committee/Information Security Management Committee chaired by the Representative Director & President to develop and operate a group-wide personal information and information security management system.

In accordance with the policy of the Information Security Management Committee, an Information Security Management Supervisor is appointed by the committee to oversee information security management operations. The Information Security Management Supervisor leads DeNA CERT, which consists of a cross-functional team from several departments, including the Security Division, Information Systems Division, Legal Division, and Corporate Planning Division, and works to improve security measures on a daily basis.

6. Handling of Personal Information by Linked Websites, Etc.

The websites, e-mail newsletters, social media and other platforms operated by the Company may include links to external websites. The Company has no control over any personal information that is registered on such external websites, so the Company will not be responsible for such information. When registering personal information on an external website, it is encouraged that you review the privacy policy for the said website.

7. Request to Customers

On the websites operated by the Company, a customer’s registered information may be protected by a user ID and a password. It is the customer’s responsibility to manage his or her user ID and password.
To ensure that the websites operated by the Company can be used in a safe manner, customers shall not post personal information of themselves or others on the websites operated by the Company.

8. Behavioral Targeting Advertising

"Behavioral targeting advertising" is advertisement that analyzes the behavior of customers in a website and delivers advertisements that are likely to be of interest to those customers according to their attributes and other factors.

In order to deliver advertisements that match the interests and concerns of the Company’s customers, the Company uses cookies, ad identifiers, etc. to acquire the browsing history of customers who have visited Company Services, their response history to advertisements, and their usage history of Customer Services (hereinafter collectively referred to as "behavioral history information"), and categorizes and stores this information according to the interests of customers based on the Company’s own standards.

The Company then provides this information together with attribute information that does not identify individuals for ad delivery service providers. Based on the categorized information, the ads are distributed to customers by the ad delivery service providers within Company Services and in the ad delivery service providers’ ad networks.

Customers’ behavioral history information acquired by the Company and provided for ad delivery service providers for the purpose of delivering behaviorally targeted advertisements is limited to information that does not identify individuals (i.e., information that does not include names, addresses, telephone numbers, etc.).

When You Wish to Stop Delivery

What Customers Can Do

In behavioral targeting advertising, cookies and ad identifiers, etc. are used. Customers can stop delivery of such ads by limiting the use of cookies and ad identifiers.

Device Identifier Settings (Smart Devices)

Action by the Ad Delivery Service Provider

Customers shall ask their ad delivery service providers to unsubscribe from behavioral targeting advertising.

The Company uses different ad delivery services for each of its services. Customers shall refer to the privacy policy or terms of use for each Company Service that clearly states the ad delivery service used, and stop delivery of the ads accordingly.


9. Changes to Privacy Policy

The Company may make changes to this Privacy Policy from time to time.
If a material change is made to this Privacy Policy, the Company will announce such change on its website.
Please check this webpage on a regular basis and ensure that you understand the Company’s Privacy Policy.