◆Personal Data Protection Policy◆
1. Our Statement Regarding Privacy Protection Policy
Drecom Co., Ltd. (hereinafter, the “Company,” “we,” “us,” or “our”) and the Company’s affiliates (hereinafter, the “Company Group”) process the personal data of customers to whom the below mentioned regulations apply (referred to as the “Customer” or “you”) in accordance with the applicable regulations of the EU, member countries of the European Economic Area (“EEA”), and the UK relating to data protection, in particular the General Data Protection Regulation 2016/679 (the GDPR) and the GDPR as it is incorporated into UK law by the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications(Amendments etc) (EU Exit) Regulations 2019 (the UK GDPR) (hereinafter the GDPR and the UK GDPR shall collectively be referred to as the “GDPR”). This Privacy Policy explains how we, as the data controller, process your personal data and your rights in relation to our processing.
2. Categories of Personal Data We Process and the Purpose of Use
We process the following categories of Customers’ personal data.
| Purpose of processing personal data | Category of personal data | Retention period | Legal basis |
|---|---|---|---|
* To confirm identity to dispatch awards and provide authentication services * To offer rewards and campaigns * To send messages in relation to the purchases as well as important notices including amendments to the Company's terms and conditions and this Privacy Policy |
1 Information to be collected directly from users | To be deleted after 3 months from achieving the purpose of processing, such as the shipment of goods, or from users’ withdrawal | Contract fulfillment |
| To charge fees and calculate bills | 1 Information to be collected directly from users 4 Payment information |
To be deleted after 3 months from users’ withdrawal | Contract fulfillment |
| To provide our services | 1 Information to be collected directly from users 3 Geolocation data 4 Payment information 5 Information related to users’ actions 7 Information collected through interaction with External Services |
To be deleted after 3 months from users’ withdrawal | Contract fulfillment |
| To provide technical support and respond to inquiries from users | 1 Information to be collected directly from users 2 Terminal information 3 Geolocation data 5 Information related to users’ actions |
To be deleted after 3 months from users’ withdrawal | Contract fulfillment |
| To conduct questionnaires | 1 Information to be collected directly from users | To be deleted after 3 months from users’ withdrawal | Users’ consent |
| For marketing research, statistics, and analysis | 1 Information to be collected directly from users 5 Information related to users’ actions 6 Collection of information using Cookie, etc. |
To be deleted after 3 months from users’ withdrawal | Users’ consent |
| To distribute advertisements and check the outcome | 1 Information to be collected directly from users 2 Terminal information 3 Geolocation data 5 Information related to users’ actions |
To be deleted after 3 months from users’ withdrawal | Users’ consent |
* To respond to system maintenance and failures * To apply it to the development, provision, maintenance, and improvement of our applications, website, services, contents, and advertisements * To prevent misconduct and potential illegal acts and implement the Terms of Use |
1 Information to be collected directly from users 3 Geolocation data |
To be deleted after 3 months from users’ withdrawal | Our legitimate interest in providing services such as the sale of games and NFT art |
| To conduct IR activities | 1 Information to be collected directly from users | To be deleted after 3 months from users’ withdrawal | Our legitimate interest to operate as a business corporation |
We also process personal data other than as described above in case we provide a notice separately.
Provision of your personal data is mandatory in some cases for statutory reasons, requirements necessary to enter into a contract, or to fulfill contractual obligations. We may be unable to provide our service to you, if you fail to provide such mandatory personal data.
3. Legal Basis for Processing Personal Data of Customers
We process your personal data based on the legal basis provided for in the GDPR (Articles 6 and 7) as set forth below. Further, we do not obtain your personal data of a sensitive nature, such as your religious beliefs and health status.
(1) When processing is required for the pursuit of legitimate interests
We process Customers’ personal data for the purposes set forth in Paragraph 2 as it is required to pursue our legitimate interests (for details with respect to the balancing test for legitimate interests, please contact us at the contact details set forth below).
(2) When processing is required for the performance of contractual obligation with Customers
We will obtain and process Costumers’ personal data for the purposes set forth in Paragraph 2, as it is required to perform contractual obligations with Customers. In the event you fail to provide the personal data processed based on these legal basis, we may be unable to provide our application software that we deliver as well as any additional contents related thereto and other services to you.
(3) When processing is required for compliance with our legal obligations
We will obtain and process Customers’ personal data for the purposes set forth in Paragraph 2, as it is required that we comply with the legal obligations set forth upon us.
(4) When Customers’ consent is obtained in advance
Lastly, we will obtain and process Customers’ personal data for the purposes set forth in Paragraph 2, if Customers’ consent is obtained in advance.
You have the right to withdraw your consent at any time by the method we will separately designate upon obtaining your consent. However, the withdrawal of your consent will not affect the legality of processing conducted based on your consent before the withdrawal.
4. Sources of Personal Data
We obtain your personal data directly from you or indirectly through third parties such as those set forth below:
- Mobile platform operators
- Analysis/advertisement businesses
- Disclosed information based on SNS accounts
For the details of acquired information, purpose of use, and provision to third parties, please check the privacy policies of each business.
| Name of SDK | Provider | Purpose of use | Privacy policy |
|---|---|---|---|
| Tapjoy SDK | Tapjoy | Advertising revenue, push notification | https://www.tapjoy.com/legal/general/privacy-policy/ |
| AdMobSDK | Advertising revenue | https://policies.google.com/privacy | |
| Audience Network SDK | Meta | Advertising revenue | https://www.facebook.com/about/privacy |
| Firebase Cloud Messaging | Push notification | https://policies.google.com/privacy | |
| Growth Push | SIROK Inc. | Push notification | https://sirok.co.jp/privacy-policy |
| Firebase Crashlytics | Crush analysis | https://policies.google.com/privacy | |
| Firebase Dynamic Links | Dynamic link | https://policies.google.com/privacy | |
| Firebase Authentication | Data coordination | https://policies.google.com/privacy | |
| Sign in with Apple | Apple | Data coordination | https://www.apple.com/legal/privacy/jp/ |
| X API | X Corp. | Data coordination | https://twitter.com/ja/privacy |
| Facebook SDK | Meta | Data coordination | https://www.facebook.com/about/privacy |
| AdjustSDK | Adjust | Effect measurement | https://www.adjust.com/terms/privacy-policy/ |
| AppsFlyerSDK | AppsFlyer | Effect measurement | https://www.appsflyer.com/legal/services-privacy-policy/ |
| GameGuard for Mobile SDK | TechnoBlood Inc. &Inca Internet |
Code obfuscation | |
| IronSourceSDK | IronSource | Advertising revenue | https://developers.is.com/ironsource-mobile/air/ironsource-mobile-privacy-policy/ |
| MaioSDK | Maio | Advertising revenue | https://www.i-mobile.co.jp/privacy.html |
| PangleAdsSDK | Pangle | Advertising revenue | https://www.pangleglobal.com/jp/privacy/enduser-ja |
| UnityAds | Unity | Advertising revenue | https://unity3d.com/jp/legal/privacy-policy |
| Vungle publisher-sdk | Vungle | Advertising revenue | https://vungle.com/privacy/ |
| AppCenterSDK | Microsoft | Crush analysis | https://privacy.microsoft.com/en-us/privacystatement |
| LINE AD (Five) SDK | LINE | Advertising revenue | https://adsnetwork-docs.linebiz.com/fivesdk-ios/store-release/app-store-disclosure.html |
| AppLovinSDK | AppLovin | Advertising revenue | https://www.applovin.com/privacy-jp/ |
5. Retention Period of Personal Data
To determine the appropriate retention period of personal data, we consider the volume, nature, and sensitivity of the personal data, the risk of potential harm from unauthorized use or disclosure of the personal data, the purposes for which we process the personal data, and whether we can achieve those purposes by other means, as well as applicable legal requirements.
6. Sharing and Disclosure of Personal Data
We will share with and disclose Customers’ personal data to the following third parties in accordance with the GDPR for the purposes stated in this Privacy Policy:
As a result of the aforementioned sharing and disclosure, your personal data may be transferred to the following third party countries outside the EEA and the UK:
- Japan
With respect to the personal information we obtain, we use cloud services provided by a U.S. company. However, third parties located overseas do not handle personal information and we do not perform cross-border transfers.
In this case, the transfer to Japan shall be based on the adequacy decision. At this moment, as for data transfer from the UK to the EEA as well as from the EEA to the UK, there is no need to take any legal measures. For transfer to other countries, we will implement appropriate safeguards by executing with the transferee the standard data protection clauses (Article 46(2)(c) and (5) of the GDPR) approved by the European Commission. If you wish to receive a copy of the documentation related to these safeguards, please contact us at the contact details set forth below.
7. Rights of Customers
The GDPR gives certain rights with respect to Customers’ personal data. You may request us to take the following actions with respect to your personal data obtained and processed by us:
- Access to your personal data: You have the right to obtain confirmation from us as to whether your personal data is being processed, and, if so, the right to access your personal data and certain related information.
- Rectification of your personal data: You have the right to request correction of your inaccurate personal data without undue delay and to request us to complete any incomplete personal data.
- Deletion of your personal data: You have the right to request deletion of your personal data without undue delay.
- Restriction on processing of your personal data: You have the right to request restriction of processing of your personal data.
- Objection to processing of your personal data: You have the right to make objection to our reliance on our legitimate interests as the legal basis of our processing of your personal data that impacts your rights.
- Withdrawal of your consent: This right only exists if we are relying on consent to process your personal data (“Withdrawal of Consent”). In particular, you have the right to opt-out of direct marketing or profiling we carry out for direct marketing at any time.
- Data portability: You have the right to receive your personal data in a structured and generally machine-readable format as well as the right to transfer such data to another controller without our interference.
- Not to be subject to automated decision-making: Under certain conditions, you have the right not to be subject to any decision-making based solely on automated data processing (including profiling) that produces any legal or similarly material impact on you.
These rights may be limited if they infringe the rights of any third party (including our rights), in such cases where fulfilling your request may reveal personal data of another person, or you request us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in the GDPR as well as local data protection laws. We will inform you of relevant exemptions we rely upon when responding to any request you make.
If you intend to exercise any of the aforementioned rights, please contact us at the contact details at the end of this Privacy Policy. We may need to request specific information from you to help us confirm your identity. We may also contact you to ask you for further information in relation to your request to speed up our response.
You may also lodge a complaint in relation to our processing of your personal data directly to the relevant Supervisory Authority if you are in the EEA or to the Information Commissioner’s Office if you are in the UK.
8. Amendments to this Privacy Policy
We may amend this Privacy Policy from time to time. When we make any substantive or important amendments, we will contact you through this website and/or by e-mail as necessary.
9. Contact Details
For questions or inquiries relating to this Privacy Policy, please contact the data controller or the representative set forth below:
Data Controller
Drecom Co., Ltd.
141-6019
2-1-1, Osaki, Shinagawa-ku, Tokyo, Japan
E-mail address: privacy@drecom.co.jp
EU Representative
Data Rep.
UK Representative
Data Rep. UK
[Representative Address List]
| Country | Address |
|---|---|
| Austria | DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria |
| Bulgaria | DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria |
| Croatia | DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia |
| Cyprus | DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus |
| Czech Republic | DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic |
| Denmark | DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark |
| Estonia | DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia |
| Finland | DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland |
| France | DataRep, 72 rue de Lessard, Rouen, 76100, France |
| Germany | DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany |
| Greece | DataRep, 24 Lagoumitzi str, Athens, 17671, Greece |
| Hungary | DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary |
| Ireland | DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland |
| Italy | DataRep, BPM 335368, Via Roma 12, 10073 , Ciriè TO, Italy |
| Latvia | DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia |
| Lithuania | DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania |
| Luxembourg | DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg |
| Malta | DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta |
| Poland | DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland |
| Portugal | DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal |
| Romania | DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania |
| Slovakia | DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia |
| Slovenia | DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia |
| Spain | DataRep, Puerta de las Naciones, Ribera del Loira 46, Madrid, 28042, Spain |
| Sweden | DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden |
| United Kingdom | DataRep, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom |
[Representative Contact List]
- Contact via email: Include “Drecom Co., Ltd. “ in the subject and send to datarequest@datarep.com
- Contact via web form: Send inquiry via www.datarep.com/data-request
- Contact via postal mail: Send via postal to the most convenient DataRep address listed in the “Representative Address List”
We have also appointed a data protection officer. The data protection officer’s contact details are as follows.
Takewo Kawamura
Address: 2-1-1 Osaki, Shinagawa-ku, Tokyo
E-mail address: dpo@drecom.co.jp
Established on June 20, 2022
Updated on March 31, 2023
Updated on July 1, 2023
Updated on February 29, 2024