- Privacy Policy -

This privacy policy (“Privacy Policy”) provides you with a comprehensive description of the practices of AIDIS Inc., a Japanese corporation (“Company”, “We”) regarding the processing of your personal data while using our websites, our games and other products and services provided by us as well as your rights granted under the European General Data Protection Regulation (“GDPR”) and under the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2018 (the “UK GDPR”).

We take the protection of your Personal Information very seriously and strictly adhere to the rules of the applicable data protection laws. The following Privacy Policy gives you an overview of how we ensure data protection and what types of personal data are processed for what purpose.

With regard to the terminology used in this Privacy Policy, e.g. "personal data" or "processing", we refer to the definitions in Article 4 of the GDPR and corresponding Article of the UK GDPR.

Please read the following information regarding the Privacy Policy carefully. In case you have further questions, please do not hesitate to contact us at any time at the contact points mentioned in Section A.

A. Who is responsible for the data processing and who can you contact?

Responsible as controller for the processing of your personal data is:

Name: AIDIS Inc.
Address: 6th floor Sumitomo Fudosan Aoyama Bldg, 1-7-7 Shibuya, Shibuya-ku, Tokyo, Japan.

You can reach our data protection officer under the following contact information:

Address: DPO, AIDIS Inc., 6th floor Sumitomo Fudosan Aoyama Bldg, 1-7-7 Shibuya, Shibuya-ku, Tokyo, Japan.
Email: gdpr@aidis.co.jp

General Data Protection Regulation (GDPR) – European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), AIDIS, Inc. has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

UK General Data Protection Regulation (GDPR) - UK Representative

Pursuant to the UK GDPR, AIDIS, Inc. has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/
by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom

B.How do we process personal data?

We process various personal data you provide to us when using our products and services. This may include our websites and our games as well as other products and services (in the following together defined as “Products”).

In principle, the following can be considered as the purposes of the processing: the processing for the initiation of contractual relationships and the performance of contracts (Art. 6 (1) lit. b GDPR and corresponding Article of the UK GDPR), the processing for the protection of legitimate interests (Art. 6 (1) lit. f GDPR and corresponding Article of the UK GDPR), the processing based on your consent (Art. 6 (1) lit. a GDPR and corresponding Article of the UK GDPR) and/ or the processing subject to statutory provisions (Art. 6 (1) lit. c GDPR and corresponding Article of the UK GDPR).

You can find in the following further information on the specific personal data and the purposes we process such personal data for as well as the legal basis for such processing.

  • I. Collection of Log Data

    While visiting our website, the following specific data is stored during every retrieval: Name of your internet provider, IP-address, time and date of your visit, browser information, referral-URL (previous visited website.

    The processing of the personal data is based on Art. 6 (1) lit. f GDPR and corresponding Article of the UK GDPR. Purpose and our legitimate interest are administration and improved functionality of our website as well as preventing security issues (e.g. hacking).

  • II. Use of Cookies and similar Technologies

    In order to make the use of our Products more attractive and to enable the use of certain functions, we use so-called cookies. Cookies are small text files that are stored on the user’s end device when he/she visits a website and thereby enable the user to be assigned with his/her device.

    You can set your browser to refuse the acceptance of cookies in certain cases or generally. You can also delete cookies which are already set. However, please note that we use certain cookies which are technically necessary for proper operation of certain functions on our website. If these cookies are not accepted, the functionality of our website may be limited.

    There are various types of cookies, depending on their characteristics and functions:

    Cookies can have various functions, for example for electronic authentication, monitoring of sessions and storage of information regarding your activities when accessing a website.

    Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser the next time you visit us (so-called persistent cookies). Furthermore, some of the cookies used on our website are provided by third party providers (so-called third party cookies).

    In addition, we may also use similar technologies, which provide the same functions as cookies, for example, to identify devices. Such similar technologies can include fingerprinting techniques, HTML 5 local storage and Local Shared Objects as well as scripts, tracking pixels and plugins.

  • III. Use of Device Identifiers

    When you install our Products on your mobile device, we collect the device ID for your mobile device, such as Android’s of ADID. The device ID is a unique terminal identification number which allows to identify an individual smartphone or tablet. The device ID is stored on the mobile device and can be retrieved by an application which is downloaded and installed.

    We use the device ID for tracking and identifying a user who is using our Products (without revealing personal information) in order to see user’s interaction with our Products, inter alia in-app events a user triggers, as well as user’s interaction with a mobile advertising campaign, inter alia if a user clicks on an advert.

    You can find further information when and for which purposes we use device IDs for in the following sections.

  • IV. Registration and User Account

    In order to use the full functions of our Products you have to create a user account. In this context, we process the following personal data: account name, device ID (IDFA, ADID). We may also collect the account ID of the social networking service you are using and has connected with our Products, e.g. for logging in.

    We process the personal data on the basis of Article 6 (1) lit. b GDPR and corresponding Article of the UK GDPR. The purpose of the data processing is the conclusion of the contract on the use of the Products (Terms of Use) and, in connection with this, the provision of the functions and services available in the Products.

  • V. Collection of In-Game Data

    In order to provide you with the full functionality of our Products, we need to process various data about your use of our Products. This includes information about your game settings, your progress in the games, your participation in and performance in certain events as well as your in-game interactions, inter alia purchase of in-game items.

    The legal basis for such processing is Article 6 (1) lit. b GDPR and corresponding Article of the UK GDPR. The purpose of the data processing is the performance of the functions and services as part of the contract on the use of the Products (Terms of Use).

  • VI. Social Networking Activities

    We use social networks, like Facebook and Twitter, to provide you with information about our Products, for example updates, new functions and release of new items for our games as well as in-game and live streaming events. We also use these social networks to carry out marketing measures, for example to provide giveaways (see below).

    We may also analyze your behavior when using a certain social network that we also use based on a specific ID given to you by the respective social network. This includes information about which website you came from before visiting our social network accounts and from which page a user moves from our social network account to another website. We use these information to understand users of our Products and to improve our game-related marketing. We also use the data for checking the number of followers, lists of followers who apply for our marketing campaigns and collect keywords that generate high interest among users. For this purpose, we use the service Social Insight from User Local, Inc. based in Japan (https://sns.userlocal.jp/). Please note that the service does not track the individual log-in activity.

    Legal basis for the processing of personal data is Art. 6 (1) lit. f GDPR (legitimate interests) and corresponding Article of the UK GDPR . Our legitimate interest for the processing is to improve our Products and marketing activities relating to our Products.

  • VII. Giveaway Campaigns

    When using our Products we may offer you to participate in our giveaway campaigns. For this purpose, we process the following personal data: name, address, postcode, country, email-address, phone number, SNS account ID.

    Participation in our giveaway campaigns require that you accept the applicable terms and conditions.

    The legal basis for such processing is Article 6 (1) lit. b GDPR and corresponding Article of the UK GDPR. The purpose of the data processing is the performance of the contract on the giveaway (term of use).

  • VIII. Tracking and Web Analytics

    We use the following tools provided by external service providers to measure the success of our marketing campaigns, for our own market research and to optimize our Products.

    • 1. Adjust
      We use the analytics technology Adjust by Adjust GmbH. Saarbrücker Str. 37A 10405 Berlin, Germany. ("Adjust").
      Adjust processes certain information about users’ in-app behavior, such as the time and installation and first opening of the app on their device, their interactions within the app, and information about which ads users have seen or clicked on based on a unique device ID.
      Adjust uses this data on our behalf, to create analytics and evaluations about the use of our Products and the success of our campaigns. We use the information obtained through this to better understand the application, function and use of the Products, for example, to determine through which marketing measure users became aware of our Products, i.e. specifically, which link or banner on social networks and elsewhere on the internet, users clicked on before downloading our app.
      The legal basis for data processing is your consent pursuant to Art. 6 (1) lit. a GDPR and corresponding Article of the UK GDPR.
      Users can object to tracking by Adjust at https://www.adjust.com/forget-device/.
    • 2. Repro
      We use the analytics technology Repro by Repro Inc. Zenriren Building 4F,1-36-4 Yoyogi, Shibuya-ku,Tokyo, 151-0053 Japan ("Repro").
      Repro processes event and device data collected by Adjust (see afore). This includes information about users’ in-app behavior, such as their interactions within the Products (e.g. performance of searches and purchases, viewing of certain content) and information about which ads users have seen or clicked on. In addition, Repro also processes unique device IDs and user IDs. Thereby, the information collected by Repro can be aggregated to the same user even when the user is using multiple devices
      The legal basis for data processing is your consent pursuant to Art. 6 (1) lit. a GDPR and corresponding Article of the UK GDPR.
    • 3. Google Analytics
      We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses several cookies to analyze your use of the website. The data created by the cookie is usually transferred to a server of Google in the USA and stored there.
      Please note that on this website, the IP anonymization function in Google Analytics is activated. In this case IP addresses are anonymized (so called IP masking). Only in exceptional cases the user’s full IP-address will be transmitted to a server of Google in the US and shortened there.
      On behalf of us, Google will process this data in order to analyze your use of our website, to generate reports on website activity and to render further services regarding the use of our website. The IP-address transmitted by your browser will not be associated with other data in possession of Google.
      When using Google Analytics, the following cookies are placed on your device:
      Name Type Functionality Duration Provider
      _ga Web Analytics Cookie Cookie provided by Google to collect and analyze information on how visitors use the website. 2 years Google
      _gid Web Analytics Cookie Cookie provided by Google to collect and analyze information on how visitors use the website. 24 hours Google
      _gat_*** Web Analytics Cookie Cookie provided by Google to collect and analyze information on how visitors use the website. 1 minute Google
    • You may refuse the use of cookies by selecting the appropriate settings in your browser. Depending on the browser you use, you can prevent Google's collection and use of data (cookies and IP address) by setting certain options in your browser.

      We only use Google Analytics if have given us your prior consent pursuant to Art. 6 (1) lit. a GDPR and corresponding Article of the UK GDPR.

  • IX. Contacting us via email or contact form

    When you contact us by e-mail or via the contact forms provided in our Products, your e-mail as well as any other details provided by you will be processed by us in order to best answer any questions or issues you may have.

    Legal basis for the processing of personal data is Art. 6 (1) lit. f GDPR and corresponding Article of the UK GDPR (legitimate interests). Our legitimate interest for the processing is the offering of good customer care and optimal handling of your requests.

C.Are you obliged to provide personal data?

There is no legal or contractual obligation to provide us with your personal data, except for such personal data which are required for registering and login in the respective Products (e.g. in-game). Otherwise, we only ask you to provide us with the data necessary for providing our services. Without these personal data, we are not able to offer you the full functionalities of our Products and our Products may be limited.

D.With whom do we share personal data?

We use external service providers to process personal data when providing the website and its functionalities and services to you. Processing of personal data by such service provider is carried out on our behalf and in accordance with our instructions (so-called “Processors”, see Art. 4 (8) GDPR and corresponding Article of the UK GDPR). We engage the following service providers or categories of services providers:

  • ・IT Service Providers (including hosting, administration and security reviews).
  • ・Service Providers of Online Tracking Tools (Adjust, Repro, Google)
  • ・SEZAX Corporation (2-9-7, Unoki, Ota Ku, Tokyo To, 146-0091, Japan) to support us when carrying out giveaway campaigns (e.g. sending the gifts to participants.

We may also share personal data with recipients, which process personal data under their own responsibility for own purposes (see Art. 4 (7) GDPR and corresponding Article of the UK GDPR). This includes transfer to the following recipients or categories of recipients:

  • ・Financial institutions, cred card companies, collection agencies or other companies that perform settlements in order to settle payments or other monies due to us.
  • ・Supervisory and other public authorities to handle law enforcement requests or to enforce its rights.
  • ・Subsidiaries and affiliates of AIDIS Group.

E.Do we transfer personal data to third countries?

We may transfer personal data to service providers and recipients located in countries outside of the European Economic Area (EEA) and United Kingdom (UK), if such transfer is necessary for the purposes mentioned in this Privacy Policy. Such transmission takes place in the following cases:

  • ・Processing of personal data by services providers located in Japan acting on our behalf, including hosting and administration of our website.
  • ・Sharing of personal data with the service providers located in the USA and Japan for tracking and web analytics purposes (see SectionB.VIII.1 to 3).

Any transfer to a third country shall take place only in compliance with the applicable data protection regulations, in particular the assurance of an adequate level of data protection. We have implemented appropriate safeguards, i.e. standard contractual clauses according to Art. 46 (2) lit. c GDPR and corresponding Article of the UK GDPR, ensuring the safety of your personal data. For further information regarding this or a copy of said safeguards you can contact us under the contact information given in Section A.

F.How long do we store personal data?

We process your personal data as long as they are necessary for the specific processing purposes.

In general, we store your personal data for the duration of the usage process, unless storage beyond this period is necessary to fulfil the respective processing purposes. In this case we store your personal data as far as this is necessary for the fulfilment of the respective processing purpose.

In addition, we are subject to various statutory filing and documentation obligations. The retention periods for such storage and documentation obligations can be up to ten years.

In light of possible legal claims, the retention period is also determined by statutory time limitations, which can be up to thirty years, whereby the regular limitation period is three years.

G.How do we secure personal data?

We maintain up-to-date technical measures to safeguard data security, in particular to protect your personal information from threats when transferring data and from prior knowledge gained by third parties. These measures are constantly adapted to the latest state of the art.

In order to prevent unauthorised access by third parties to your personal data, the connection is encrypted using SSL technology.

H.Which rights do you have?

You have the right of access (Art. 15 GDPR and corresponding Article of the UK GDPR), the right to rectification (Art. 16 GDPR and corresponding Article of the UK GDPR), the right to erasure (Art. 17 GDPR and corresponding Article of the UK GDPR), the right to restriction of processing (Art. 18 GDPR and corresponding Article of the UK GDPR) and the right to data portability (Art. 20 GDPR and corresponding Article of the UK GDPR).

When personal data is processed based on your consent, you have the right to withdraw your consent according to Art. 7 (3) GDPR and corresponding Article of the UK GDPR. Please keep in mind that your withdrawal only affects future processing based on your consent.

As far as the personal data is processed for the purpose of our legitimate interest according to Art. 6 (1) lit. f GDPR and corresponding Article of the UK GDPR, you have the right to object according to Art. 21 GDPR and corresponding Article of the UK GDPR. You can find further information regarding your right to object at the end of this Privacy Policy.

To exercise the aforementioned rights, you can contact us, in particular via the email set forth in Section A. Please note that we may require you to present proof of identity to verify the eligibility of your rights execution.

If you are of the opinion that the processing of your personal data is unlawful, you have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR and corresponding Article of the UK GDPR). This right to complain is without any prejudice to any other administrative or judicial remedy.

Information about your right to object in accordance with Art. 21 General Data Protection Regulation (GDPR) and corresponding Article of the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2018 (the “UK GDPR”)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you on the basis of Art. 6 (1) lit. f GDPR and corresponding Article of the UK GDPR (processing of personal Data based on a balancing of interests); this includes profiling based on those provisions (Art. 4 No. 4 GDPR and corresponding Article of the UK GDPR).

Should you decide to object the processing, we will stop to process personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of establishment, exercise or defence of legal claims.

You also have the right to object at any time to processing of personal data concerning you for the purpose of advertising; this also applies to profiling insofar as it is associated with advertising.

Should you decide to object to the processing for advertising purposes, we will stop to process personal data concerning you for these purposes.

The objection is not subject to any form. Ideally, it should be lodged via email at the bodies mentioned in Section A.