◆Personal Data Protection Policy◆

1. Our Statement Regarding Privacy Protection Policy

Drecom Co., Ltd. (hereinafter, the “Company,” “we,” “us,” or “our”) and the Company’s affiliates (hereinafter, the “Company Group”) process the personal data of customers to whom the below mentioned regulations apply (referred to as the “Customer” or “you”) in accordance with the applicable regulations of the EU, member countries of the European Economic Area (“EEA”), and the UK relating to data protection, in particular the General Data Protection Regulation 2016/679 (the GDPR) and the GDPR as it is incorporated into UK law by the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications(Amendments etc) (EU Exit) Regulations 2019 (the UK GDPR) (hereinafter the GDPR and the UK GDPR shall collectively be referred to as the “GDPR”). This Privacy Policy explains how we, as the data controller, process your personal data and your rights in relation to our processing.

2. Categories of Personal Data We Process and the Purpose of Use

We process the following categories of Customers’ personal data.

Purpose of processing personal data Category of personal data Retention period Legal basis

* To confirm identity to dispatch awards and provide authentication services

* To offer rewards and campaigns

* To send messages in relation to the purchases as well as important notices including amendments to the Company's terms and conditions and this Privacy Policy

1 Information to be collected directly from users To be deleted after 3 months from achieving the purpose of processing, such as the shipment of goods, or from users’ withdrawal Contract fulfillment
To charge fees and calculate bills

1 Information to be collected directly from users

4 Payment information

To be deleted after 3 months from users’ withdrawal Contract fulfillment
To provide our services

1 Information to be collected directly from users

3 Geolocation data

4 Payment information

5 Information related to users’ actions

7 Information collected through

interaction with External Services

To be deleted after 3 months from users’ withdrawal Contract fulfillment
To provide technical support and respond to inquiries from users

1 Information to be collected directly from users

2 Terminal information

3 Geolocation data

5 Information related to users’ actions

To be deleted after 3 months from users’ withdrawal Contract fulfillment
To conduct questionnaires 1 Information to be collected directly from users To be deleted after 3 months from users’ withdrawal Users’ consent
For marketing research, statistics, and analysis

1 Information to be collected directly from users

5 Information related to users’ actions

6 Collection of information using Cookie, etc.

To be deleted after 3 months from users’ withdrawal Users’ consent
To distribute advertisements and check the outcome

1 Information to be collected directly from users

2 Terminal information

3 Geolocation data

5 Information related to users’ actions

To be deleted after 3 months from users’ withdrawal Users’ consent

* To respond to system maintenance and failures

* To apply it to the development, provision, maintenance, and improvement of our applications, website, services, contents, and advertisements

* To prevent misconduct and potential illegal acts and implement the Terms of Use

1 Information to be collected directly from users

3 Geolocation data

To be deleted after 3 months from users’ withdrawal Our legitimate interest in providing services such as the sale of games and NFT art
To conduct IR activities 1 Information to be collected directly from users To be deleted after 3 months from users’ withdrawal Our legitimate interest to operate as a business corporation

We also process personal data other than as described above in case we provide a notice separately.

Provision of your personal data is mandatory in some cases for statutory reasons, requirements necessary to enter into a contract, or to fulfill contractual obligations. We may be unable to provide our service to you, if you fail to provide such mandatory personal data.

3. Legal Basis for Processing Personal Data of Customers

We process your personal data based on the legal basis provided for in the GDPR (Articles 6 and 7) as set forth below. Further, we do not obtain your personal data of a sensitive nature, such as your religious beliefs and health status.

(1) When processing is required for the pursuit of legitimate interests

We process Customers’ personal data for the purposes set forth in Paragraph 2 as it is required to pursue our legitimate interests (for details with respect to the balancing test for legitimate interests, please contact us at the contact details set forth below).

(2) When processing is required for the performance of contractual obligation with Customers

We will obtain and process Costumers’ personal data for the purposes set forth in Paragraph 2, as it is required to perform contractual obligations with Customers. In the event you fail to provide the personal data processed based on these legal basis, we may be unable to provide our application software that we deliver as well as any additional contents related thereto and other services to you.

(3) When processing is required for compliance with our legal obligations

We will obtain and process Customers’ personal data for the purposes set forth in Paragraph 2, as it is required that we comply with the legal obligations set forth upon us.

(4) When Customers’ consent is obtained in advance

Lastly, we will obtain and process Customers’ personal data for the purposes set forth in Paragraph 2, if Customers’ consent is obtained in advance.

You have the right to withdraw your consent at any time by the method we will separately designate upon obtaining your consent. However, the withdrawal of your consent will not affect the legality of processing conducted based on your consent before the withdrawal.

4. Sources of Personal Data

We obtain your personal data directly from you or indirectly through third parties such as those set forth below:

- Mobile platform operators

- Analysis/advertisement businesses

- Disclosed information based on SNS accounts

For the details of acquired information, purpose of use, and provision to third parties, please check the privacy policies of each business.

Name of SDK Provider Purpose of use Privacy policy
Tapjoy SDK Tapjoy Advertising revenue, push notification https://www.tapjoy.com/legal/general/privacy-policy/
AdMobSDK Google Advertising revenue https://policies.google.com/privacy
Audience Network SDK Meta Advertising revenue https://www.facebook.com/about/privacy
Firebase Cloud Messaging Google Push notification https://policies.google.com/privacy
Growth Push SIROK Inc. Push notification https://sirok.co.jp/privacy-policy
Firebase Crashlytics Google Crush analysis https://policies.google.com/privacy
Firebase Dynamic Links Google Dynamic link https://policies.google.com/privacy
Firebase Authentication Google Data coordination https://policies.google.com/privacy
Sign in with Apple Apple Data coordination https://www.apple.com/legal/privacy/jp/
X API X Corp. Data coordination https://x.com/ja/privacy
Facebook SDK Meta Data coordination https://www.facebook.com/about/privacy
AdjustSDK Adjust Effect measurement https://www.adjust.com/terms/privacy-policy/
AppsFlyerSDK AppsFlyer Effect measurement https://www.appsflyer.com/legal/services-privacy-policy/
GameGuard for Mobile SDK

TechnoBlood Inc.

&Inca Internet

Code obfuscation

https://www.technoblood.com/contact/policy

https://nprotect.com/kr/pri_supp/pri_supp.html

IronSourceSDK IronSource Advertising revenue https://developers.is.com/ironsource-mobile/air/ironsource-mobile-privacy-policy/
MaioSDK Maio Advertising revenue https://www.i-mobile.co.jp/privacy.html
PangleAdsSDK Pangle Advertising revenue https://www.pangleglobal.com/jp/privacy/enduser-ja
UnityAds Unity Advertising revenue https://unity3d.com/jp/legal/privacy-policy
Vungle publisher-sdk Vungle Advertising revenue https://vungle.com/privacy/
AppCenterSDK Microsoft Crush analysis https://privacy.microsoft.com/en-us/privacystatement
LINE AD (Five) SDK LINE Advertising revenue https://adsnetwork-docs.linebiz.com/fivesdk-ios/store-release/app-store-disclosure.html
AppLovinSDK AppLovin Advertising revenue https://www.applovin.com/privacy-jp/
Google Analytics for Firebase Google Effect measurement https://firebase.google.com/support/privacy?hl=ja

5. Retention Period of Personal Data

To determine the appropriate retention period of personal data, we consider the volume, nature, and sensitivity of the personal data, the risk of potential harm from unauthorized use or disclosure of the personal data, the purposes for which we process the personal data, and whether we can achieve those purposes by other means, as well as applicable legal requirements.

6. Sharing and Disclosure of Personal Data

We will share with and disclose Customers’ personal data to the following third parties in accordance with the GDPR for the purposes stated in this Privacy Policy:

- Google Analytics

As a result of the aforementioned sharing and disclosure, your personal data may be transferred to the following third party countries outside the EEA and the UK:

- Japan

With respect to the personal information we obtain, we use cloud services provided by a U.S. company. However, third parties located overseas do not handle personal information and we do not perform cross-border transfers.

In this case, the transfer to Japan shall be based on the adequacy decision. At this moment, as for data transfer from the UK to the EEA as well as from the EEA to the UK, there is no need to take any legal measures. For transfer to other countries, we will implement appropriate safeguards by executing with the transferee the standard data protection clauses (Article 46(2)(c) and (5) of the GDPR) approved by the European Commission. If you wish to receive a copy of the documentation related to these safeguards, please contact us at the contact details set forth below.

7. Rights of Customers

The GDPR gives certain rights with respect to Customers’ personal data. You may request us to take the following actions with respect to your personal data obtained and processed by us:

- Access to your personal data: You have the right to obtain confirmation from us as to whether your personal data is being processed, and, if so, the right to access your personal data and certain related information.

- Rectification of your personal data: You have the right to request correction of your inaccurate personal data without undue delay and to request us to complete any incomplete personal data.

- Deletion of your personal data: You have the right to request deletion of your personal data without undue delay.

- Restriction on processing of your personal data: You have the right to request restriction of processing of your personal data.

- Objection to processing of your personal data: You have the right to make objection to our reliance on our legitimate interests as the legal basis of our processing of your personal data that impacts your rights.

- Withdrawal of your consent: This right only exists if we are relying on consent to process your personal data (“Withdrawal of Consent”). In particular, you have the right to opt-out of direct marketing or profiling we carry out for direct marketing at any time.

- Data portability: You have the right to receive your personal data in a structured and generally machine-readable format as well as the right to transfer such data to another controller without our interference.

- Not to be subject to automated decision-making: Under certain conditions, you have the right not to be subject to any decision-making based solely on automated data processing (including profiling) that produces any legal or similarly material impact on you.

These rights may be limited if they infringe the rights of any third party (including our rights), in such cases where fulfilling your request may reveal personal data of another person, or you request us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in the GDPR as well as local data protection laws. We will inform you of relevant exemptions we rely upon when responding to any request you make.

If you intend to exercise any of the aforementioned rights, please contact us at the contact details at the end of this Privacy Policy. We may need to request specific information from you to help us confirm your identity. We may also contact you to ask you for further information in relation to your request to speed up our response.

You may also lodge a complaint in relation to our processing of your personal data directly to the relevant Supervisory Authority if you are in the EEA or to the Information Commissioner’s Office if you are in the UK.

8. Amendments to this Privacy Policy

We may amend this Privacy Policy from time to time. When we make any substantive or important amendments, we will contact you through this website and/or by e-mail as necessary.

9. Contact Details

For questions or inquiries relating to this Privacy Policy, please contact the data controller or the representative set forth below:

Data Controller

Drecom Co., Ltd.

141-6019

2-1-1, Osaki, Shinagawa-ku, Tokyo, Japan

E-mail address: privacy@drecom.co.jp

EU Representative

Data Rep.

UK Representative

Data Rep. UK

[Representative Address List]

Country Address
Austria DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Bulgaria DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
Croatia DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
Cyprus DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
Czech Republic DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic
Denmark DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark
Estonia DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
Finland DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
France DataRep, 72 rue de Lessard, Rouen, 76100, France
Germany DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
Greece DataRep, 24 Lagoumitzi str, Athens, 17671, Greece
Hungary DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary
Ireland DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland
Italy DataRep, BPM 335368, Via Roma 12, 10073 , Ciriè TO, Italy
Latvia DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
Lithuania DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania
Luxembourg DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
Malta DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
Poland DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
Portugal DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
Romania DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania
Slovakia DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
Slovenia DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
Spain DataRep, Puerta de las Naciones, Ribera del Loira 46, Madrid, 28042, Spain
Sweden DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden
United Kingdom DataRep, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom

[Representative Contact List]

- Contact via email: Include “Drecom Co., Ltd. “ in the subject and send to datarequest@datarep.com

- Contact via web form: Send inquiry via www.datarep.com/data-request

- Contact via postal mail: Send via postal to the most convenient DataRep address listed in the “Representative Address List”

We have also appointed a data protection officer. The data protection officer’s contact details are as follows.

Takewo Kawamura

Address: 2-1-1 Osaki, Shinagawa-ku, Tokyo

E-mail address: dpo@drecom.co.jp 

Established on June 20, 2022

Updated on March 31, 2023

Updated on July 1, 2023

Updated on February 29, 2024

Updated on June 3, 2024