Basic privacy policy on the protection of personal data(For residents outside Japan)

Basic policy

Privacy statement

GREE, Inc.(hereinafter referred to as the "Company") recognises the importance of personal data and considers the thorough protection of such information to be a social responsibility. We promise to comply with the Act on the Protection of Personal Data and other relevant laws, regulations, and guidelines, and to handle the personal data we obtain from our business partners, shareholders, employees and others (hereinafter referred to as "business partners") for the purpose of our business operations (hereinafter referred to as "our business operations") properly in accordance with this policy. We promise to handle it properly in accordance with this policy.

Subject

This policy applies to all our services and business operations provided by us. Please also note that the personal data we collect for each of our services and the purposes for which it is used are specifically set out in the individual privacy policies for each of our services.

Handling of personal data

Acquisition of personal data in our services

In the operation of our services, we will acquire the personal data required for the provision of our services, etc., by legal and fair means, after clarifying the purpose of use in our Privacy Policy and other relevant documents.

Acquisition of personal data in the operation of our business

In the conduct of its business, conducting stock-related business, conducting transactions with business partners, organizing events, receiving enquiries, and responding to public relations or personnel procedures, etc., we may obtain personal information relating to contact details such as name, email address, address, telephone number and other necessary information. In such cases, the Company will acquire such personal data by lawful and fair means, including acquisition by disclosure from Group companies.

Purpose of use

Purpose of use in our services

The Company shall use the personal data it has acquired, We shall only use it for the purpose of improving the quality of our services, delivering advertisements and other purposes of use as set out in our Privacy Policy, etc. and shall not use it for any other purpose without the consent of the data subject or as stipulated by law.

Purposes of use in the operation of our business

The personal data acquired by the Company is, The Company shall use the personal data it acquires only within the scope of the purposes of use , such as business management, internal management, stock management, execution and management of transactions with the Company, research and analysis of the Company's business activities, business improvement, guidance on the Company's business, services and events, response to enquiries, execution of administrative contact and communication, execution of PR correspondence or procedures on personnel matters, The information shall not be used for any other purposes without the consent of the business partner or other parties or as stipulated by law.

Legal basis for the handling of personal data.

Your personal data will be handled on one of the following legal bases.

  • Consent to purpose of use
  • Performance of contracts
  • Legal obligations to which controller is subject
  • Protection of vital interests
  • Public interest, exercise of official authority

... legitimate interests.
Please note that the data subject has the right to withdraw their consent to the 'consent to use' at any time. For information on how to withdraw consent, please refer to the privacy policy of the individual apps and services.

Policy on children

As a rule, we do not handle the personal data of children under 16 years of age.

If personal data of a child under 16 years of age is to be handled by consent for the purpose of use, the handling will only commence after the consent or approval of a responsible person with parental authority has been obtained.

Security control measures for personal data

Formulation of basic policy

A basic policy has been formulated to ensure the proper handling of personal data as an organization (refer to e.g. '1. Basic policy').

Discipline on the handling of personal data.

Handling regulations have been established for the methods of handling personal data at each stage of acquisition, use, storage, provision, deletion and disposal, as well as for the responsible person/persons in charge and their duties.

Organizational security control measures

The Group Personal Data Protection Manager is appointed as the person responsible for the management of personal data and clearly defines the responsibilities and authority of employees in relation to the safe management of personal data.

Employees (including temporary staff) are supervised and a system is in place for reporting to the responsible person in the event of a breach of the law or handling rules or signs of such a breach.

Internal regulations and manuals on safety management have been established, and employees are required to comply with them, while appropriate audits are carried out to ensure compliance.

Personnel security management measures

We provide our employees (regardless of their employment status) with education and training at the time of joining the company and on a regular basis regarding the safe management of personal data. We also obtain written pledges regarding confidentiality, including personal data.

Physical security control measures

Access control is implemented in areas where personal data is handled.

Measures are also taken to prevent theft, loss or prying eyes from equipment, electronic media and documents that handle personal data.

In addition, when electronic media containing personal data are disposed of, processing is carried out to ensure that the data is completely erased.

Technical security control measures

In information systems that handle personal data, access management is implemented, such as limiting access authorisation holders, immediately deactivating the accounts of employees who have transferred or left the company, as well as monitoring access status.

In addition, measures such as the installation of firewalls have been implemented to prevent unauthorized access from outside.

Understanding the external environment

If the Company handles personal data in a foreign country, it will take the necessary and appropriate measures for the safe management of the personal data, having been made aware of the systems for the protection of personal data in that foreign country.

Disclosure.

Disclosure to third parties

The Company may disclose personal data to third parties in the following circumstances.

  • Where we outsource work to third parties to the extent necessary to achieve the purpose of use.
  • In other cases where the data subject is asked to consent to the provision of the information and the data subject complies with the request.
  • To introduce business partners to our group companies

However, information that has been statistically processed so that individuals cannot be identified may be used for purposes other than those mentioned above.

Disclosure at the request of government agencies, local authorities, public authorities, etc.

The Company may disclose personal data to public authorities in the following cases.

  • In accordance with laws and regulations (including laws outside the country of residence of the informant).
  • Where disclosure is necessary for the protection of the life, body or property of a person and it is difficult to obtain the consent of the data subject.
  • Where it is particularly necessary for the improvement of public health or the promotion of the sound development of children and it is difficult to obtain the consent of the data subject.
  • Where it is necessary to cooperate with a state body, a local authority or a person or entity entrusted by one of these bodies to carry out affairs prescribed by law, and where obtaining the consent of the data subject may impede the carrying out of such affairs.

Cross-border transfer

We may transfer personal data outside the EEA on the basis of

  • Adequacy Decision
  • Consent of the data subject
  • Standard contractual clauses with outsourcers
  • Where it is stipulated by law

Entrust (person with something)

The Company may outsource the handling of personal data to external organizations or other parties.

When selecting organizations, etc., the information security management system of the contractor is checked before the contract is concluded.

Even after the contract has been concluded, the information security management system of the contractor is regularly checked.

Joint controller

Name (actual name, creator name), address and contact details of performers and creators involved in content production (lyricists, composers, arrangers, video producers, illustrators, etc.) (e.g. the person and/or his/her office).

Cookies, information collection modules

Cookies are a mechanism whereby a website stores a small file inside the user's browser. For example, when a user visits the same website again, the stored cookie identifies a unique ID that identifies the browser and enables processing such as changing the display of web pages and advertisements for each browser.

You can refuse collection by disabling cookies in your browser settings, but this may limit the functions available on the website.

The following information collection modules are used on our corporate website to collect traffic data and analyze browsing history, etc. using cookies for the purpose of providing functions included on the corporate website, displaying advertisements and analyzing usage.

For information on data handling in the information collection module, see the websites of the respective providers.
Google LLC, 'Google Analytics'.
https://policies.google.com/privacy?hl=jp[TM1]

Data subject rights

Disclosure, rectification, erasure, restriction of handling, objection to handling, data portability, etc.

You have the right to access, rectify, erase, restrict processing and object to the processing and handling of your personal data obtained by us, as well as the right to data portability.

If a request is made by the data subject or his/her representative, the Company will respond to the request without delay to the extent possible in accordance with the law. For information on these requests, please refer to the " Privacy Policy " before contacting us.

You also have the right to lodge a complaint about the handling of your personal data with the supervisory authority having jurisdiction over your place of residence.

Automatic decision-making, including profiling.

The data subject has the right not to be subjected to a decision based solely on automated processes, such as profiling, which have legal effects or similarly significantly effects concerning him/her.

Enquiries.

Enquiries, consultations and complaints about the handling of personal data in our services can be made at: you can also contact the Data Protection Officer, but please contact the 'Contact us' first.

Contact us

https://corp.gree.net/jp/en/contact/

Personal data controller

GREE, Inc.
Roppongi Hills Gate, 6-11-1 Roppongi Minato-ku,
Tokyo, Japan

Data Protection Officer (DPO)

The company has appointed a Data Protection Officer who is appropriately and timely involved in all matters relating to the protection of personal data.

  • Position: data protection officer
  • GREE, Inc.
  • Roppongi Hills Mori Tower, 6-10-1 Roppongi, Minato-ku, Tokyo
  • Tokyo, Japan
  • dpo@gree.net

Management policy.

Retention period

Personal data obtained will be stored and managed appropriately if necessary for the purpose of using the respective service, to comply with applicable laws and regulations, or in accordance with orders from government, courts or other supervisory authorities.

Enacted: November 5,2024.
GREE, Inc.