Privacy Policy (For EEA, UK and Switzerland)
Enacted:
Revised Date:
Preface
Aiming Inc. (hereinafter referred to as “we”, “us” or “our”) adheres to the relevant personal information protection laws and regulations to ensure appropriate handling of information concerning users.
This Privacy Policy applies to users residing in the European Economic Area (hereinafter referred to as “the EEA”), the United Kingdom and Switzerland, and shall be in accordance with those in the Act on the Protection of Personal Information of Japan (Act No.57 of 2003, including its subsequent amendments, hereinafter referred to as “Personal Information Protection Act”), as well as the General Data Protection Regulation (GDPR) of the EEA , the GDPR of UK, and the Federal Act on Data Protection (FADP) of Switzerland.
Except where otherwise specified, the definition of “personal information” and other terms in this Privacy Policy shall be in accordance with those in the Personal Information Protection Act.
Please print or screen capture this Privacy Policy for record-keeping purposes as necessary.
Users who are visually impaired can access an alternative version of this information using a screen reader. Users with other impairments can reach out to us using the contact information found below in section “12. Contact” and learn about other accessibility options to assist in accessing this Privacy Policy.
Our services may contain links to other websites or services. As this Privacy Policy applies exclusively to our services, please confirm the Privacy Policy for that website when using links to other websites.
When making changes to the Privacy Policy, we will notify users by posting on our website, sending an email, or by any other method that we deem appropriate (in accordance with any method required by laws and regulations). We will also adhere to any further processes required by privacy policy regulations.
Except for cases in which we stipulate otherwise, the revised Privacy Policy shall take effect from the time it is posted on this website.
Users are encouraged to visit this page regularly to confirm any possible updates. Users can confirm when the Privacy Policy was last updated by checking the “Last Updated” date.
1. Concerning the Information We Collect
Personal information refers to any information concerning a specific or identifiable natural person that is processed by us.
We collect data via the device used by the user to interact with us, and through third parties. We may combine data from our services with other data collected from our business records. We may use or share aggregated data (compile statistics where individual records cannot be identified from the data) or anonymized data (remove personal identifiers so that data cannot be linked to a specific individual).
There may be cases where a user’s personal information may need to be provided for statutory reasons, contractual reasons, or a requirement to enter a contract.
In such a case, we may be unable to provide our services to the user if they are unable to provide personal information.
As an example, the provision of information associated with a user’s registration for our service is a requirement for using the service. Additionally, the provision of the user’s device information is a requirement for the user to use our websites.
■ Information Relating to Registering for Services
Upon registering for our services, users may be asked to provide the following information:
- (1) A name identifying the user (e.g., full name, user name, nickname, etc.)
- (2) Email address
- (3) Date of birth
- (4) Gender
- (5) Other information about the user that we specify
- (6) In the case of a minor (under 16 years of age), additional information regarding their legal representative (full name, date of birth, email address, phone number)
■ Device Information
The following information may be collected when using our services and websites:
- (1) Cookies and other device identifiers
- (2) IP addresses
- (3) Device type and model
- (4) OS and version number
- (5) Other information that the user has agreed to provide
■ Location Data
In order to provide services that require location information, we may collect location data from the user’s device.
■ Payment Information
In order for users to purchase virtual currency or licenses to use virtual items offered via our services, we may collect the following billing and payment information provided to third-party payment service providers (including, but not limited to, Apple Inc. and Google LLC):
- (1) Purchase ID, purchase date, purchased product, or purchase history details such as amount spent
- (2) Postal/Zip code
■ Information Related to Customer Support
We may collect and store the following information when providing customer support to users:
- (1) Contact information (typically, but not limited to, an email address)
- (2) Device model, OS information, information regarding the use of our services
- (3) User ID
- (4) Correspondence with support and any information contained therein
■ Information Related to the Use of Our Services
When users use our services, we may collect and store the following information provided directly to us by them, as well as other data pertaining to how they use our services.
We may also record and store interactions between users on our services and any information contained therein.
- (1) Device identification data, operating system, hardware version, device setup, browser type and setup, and data regarding website and application usage
- (2) IP addresses, log data, usage time, Cookies, and web beacons
- (3) Emails and text-based messages, gameplay content, support inquiry history, search terms entered by the user, chat history and other interactions between users, and performance data
Information Regarding User Interests and Preferences
Subject to the user’s consent, we may collect information regarding the interests and preferences of users inferred from their browsing and purchase history.
In such cases, even if we obtain the user’s consent, the legal basis of the GDPR or UKGDPR for processing is not due to this “consent”. Please refer to “2. Purpose of Use of Collected Information”.
Information Gathered Using Cookies etc.
When a user accesses our services or websites, we may use Cookies or similar technologies to obtain data regarding their usage environment (browser, etc.), services, and website usage. We may also use similar technologies in some of our advertising systems.
Cookie Settings
We may collect and use the following Cookies or similar technologies in various ways to improve the user experience of our services.
- (1) Essential Cookies
These Cookies are necessary for our services to function properly and include Cookies necessary to create an account. These Cookies are not used to collect information for marketing purposes nor do they store websites visited by the user. - (2) Performance Cookies
Collect information about how users use our services, including information about the pages they visit most frequently. If a user has previously specified certain preferences, those preferences will be stored in these Cookies. We use these Cookies to improve our services and to optimize the user’s experience so that they can search for our services more conveniently. - (3) Functionality Cookies
Used to store settings such as layout, text size, basic settings, language, etc. in order for us to provide our services and improve user experience. Information collected by these Cookies is not used to identify individual users.
Users are able to disable Cookies through their browser settings, but this may cause some of our services and third-party services to not function properly.
We use the following access analysis tools on our services and websites. These analytics tools use Cookies in order to collect data. The data is collected anonymously and cannot be used to identify individuals. It is possible for users to disable Cookies and prevent these tools from collecting their data. Please check your browser settings for more details.
- (1) Google Analytics
Google Analytics uses Cookies and other means to collect user information. To learn more about how Google Analytics collects and utilizes information when users visit our websites, please visit the “How Google uses information from sites or apps that use our services” page.
http://www.google.com/policies/privacy/partners/
For more information on the terms and conditions regarding Google Analytics, please refer to the Google Analytics Terms of Service and Google’s Privacy & Terms.
https://marketingplatform.google.com/about/analytics/terms/us/
https://policies.google.com/technologies/ads - (2) Google Analytics Opt-out Add-on
Users can also disable Google Analytics via their browser’s add-on settings to stop the collection of their information due to our use of Google Analytics. To disable Google Analytics, download and install the Google Analytics Opt-out Add-on from the Google Opt-out Add-on download page and change the add-on settings of your browser.
https://tools.google.com/dlpage/gaoptout
For the terms and conditions of the Google Analytics Opt-out Add-on, please see “Google Analytics Opt-out Browser Add-on – Additional Terms of Service” and Google’s Web Store Terms of Service.
https://tools.google.com/dlpage/gaoptout/intl/en/eula_text.html
https://policies.google.com/terms - (3) Microsoft Clarity
For more information on Microsoft Clarity’s terms and conditions, please see the Microsoft Privacy Statement.
https://privacy.microsoft.com/en-us/privacystatement
■ Information Regarding the Usage of Services
We may acquire the IDs of external services used by users and other information that users have authorized our partners to disclose to us as per the privacy settings of those external services.
- (1) User ID of external service provider
- (2) Other information that the user has authorized to disclose to related companies
2. Purpose of Use of Collected Information and the legal basis for processing
We process collected personal information to achieve the following objectives.
When a user’s personal information is applicable to GDPR or UKGDPR (hereinafter referred to as “GDPR”), personal information will be processed based on the following legal basis.
Moreover, there are cases where we require consent from the user regarding personal information. Even in such a case, the legal basis of processing will be “necessity for the performance of a contract”, “necessity for the pursuit of legitimate interests” or “necessity to adhere with political responsibilities”. This excludes cases where the user has given “consent (GDPR Art.6.1 (a))”.
Additionally, where required by law, we will only conduct direct marketing to customers after obtaining their consent.
For more information on the balancing test for legitimate interests (article 6(1)(f) of the GDPR), please contact us using the email address listed in section “12 Contact” below.
| Purpose of Processing | Details | Legal Basis of Processing |
|---|---|---|
| Providing our services | Providing game services such as account registration, login authorization, distribution of in-game items, and display of rankings | Performance of contract (GDPR article 6.1 (b)) |
| Billing and calculation of payments | Calculation and billing of paid content purchased by the user | Performance of contract (GDPR article 6.1 (b)) |
| Identity verification and authentication | Verification of registered information and performing login authentication to ensure user account safety and prevent unauthorized access. Verification of identity (such as confirming age), occurs in accordance with the law. | Performance of contract (GDPR article 6.1 (b)) |
| Conducting surveys, sweepstakes, and campaigns | Conducting surveys, managing sweepstakes and campaigns for users who participate, contacting winners, sending prizes | Legitimate interests (GDPR article 6.1 (f)) |
| Marketing research, statistics, and analysis | Analyzing anonymized or statistical user data and survey results to improve services, develop new content and features, and understand user needs. | Legitimate interests (GDPR article 6.1 (f)) |
| Developing company services, websites, and content | Analyze user usage status, user actions and feedback. Creating new games, features, contents and web designs. Improving the user experience and providing attractive services. | Legitimate interests (GDPR article 6.1 (f)) [Processing non-essential cookies and other online identifiers and location information.] Consent (GDPR article 6.1 (a)) |
| Maintaining, troubleshooting, and improving the quality of our services, websites, and content | Improving websites and content, fixing bugs and observing the performance rate. Analyzing user status for reference in future service development. | Performance of contract (GDPR article 6.1 (b)) |
| Sending users important notices, such as changes to our terms, conditions, or policies | Notifying users of important notifications such as changes to the Terms of Usage, Privacy Policy, service interruption and significant changes to features. | Performance of contract (GDPR article 6.1 (b)) |
| Developing and delivering advertisements (including advertisements for products or services relating to user interests and preferences, which are based on analysis of collected information such as browsing and purchase history), and the confirmation of the results of such advertising | With consent from the user, delivering and improving advertisements related to user interests and performances, based on analysis of collected information such as browsing and purchase history. Only general advertisements will be delivered if consent is not provided. | Legitimate interests (GDPR article 6.1 (f)) [Processing non-essential cookies and other online identifiers and location information.] Consent (GDPR article 6.1 (a)) |
| Providing technical support and responses to user inquiries | Responding to user inquiries regarding technical questions and issues, as well as providing solutions for smoother service use. Managing inquiry content and response history. | Performance of contract (GDPR article 6.1 (b)) |
| Preventing fraudulent or potentially illegal activity | Monitoring, detection and prevention of fraudulent or potential illegal activity such as unauthorized login, cheating, improper use of accounts, money laundering, etc. Includes any investigations and appropriate measures taken as required. | Legitimate interests (GDPR article 6.1 (f)) |
| Achieving other purposes as specified in notices, or disclosed in any of our services | Achieving other purposes as specified in notices or disclosed in the Terms of Usage or Privacy Policy for each individual service. | Applicable legal basis under article 6 of the GDPR |
3. Retention Period of Personal Information
To determine the appropriate retention period for personal information, we consider the volume, nature, and sensitivity of the personal information, the risk of potential damage from its unauthorized use or disclosure, the purposes for which we process it, and whether or not we can achieve those purposes by other means, along with any applicable legal requirements. When our company no longer requires the personal information of users that we have collected, we will delete or anonymize the information. If deletion is not possible (for example, if the personal information is stored in backup archives) we will securely store the user’s personal information until it becomes possible to delete and will ensure that no further processing of the personal information takes place thereafter.
4. Safety Management of Collected Information
We will take necessary and appropriate measures to prevent the leaking, loss, or damage of any personal information that we handle, and otherwise safely manage such information.
Please note that while we have taken these precautions to protect user information, this does not ensure the safety of the networks, systems, servers, devices and databases that we operate, or on our behalf.
5. Source for Obtaining Personal Information
We acquire the personal information of users directly, either by receiving it from them or by obtaining it automatically. However, for personal information of users who access our website, the information is indirectly acquired from external services usage analysis services used by our websites, such as Google LLC, Adjust Inc., AppsFlyer Ltd., payment service companies such as Apple Inc. and Google LLC, application development companies such as Sauce Labs Inc., as well as external services used by users.
6. Sharing and Providing Acquired Information to Third Parties
In order to achieve the purposes described in “2. Purpose of Use of Collected Information and the legal basis for processing” above, our company may share the personal information described in “1. Concerning the Information We Collect” above with the following third parties:
■ Affiliated Companies
We share information with members of our company group.
■ Processors (Service Providers)
We may hire vendors to perform certain business functions on our behalf, and these vendors may receive or directly collect information about users from us. Vendors and the business functions they provide may include the following:
- (1) Businesses, such as Sauce Labs Inc., that provide service support functions such as customer service, customer relationship management, application development, list cleansing, physical mailing, and communications (email, fax).
- (2) Auditing and accounting firms, such as those that assist in the preparation of our financial records.
- (3) Specialized service consultants, such as companies that conduct analysis, provide support to improve our business, provide legal services, or provide project-based resources and support, etc.
- (4) Providers of analysis and marketing services, such as Google LLC and AppsFlyer Ltd. (including companies who analyze the traffic of our online assets, identify potential customers, and assist with communications).
- (5) Security vendors (such as those supporting the identification of and response to security incidents, service notifications, and fraud prevention).
- (6) IT vendors (such as those supporting website design, hosting and maintenance, data and software storage, and network operations).
- (7) Marketing vendors (such as those supporting the delivery of marketing emails).
- (8) Other service providers necessary for our business activities.
■ Business Partners for Marketing Purposes
We may share a user’s device identifiers and information about their use of the services with our marketing business partners for marketing purposes.
■ Online Advertising Partners
We work with companies who assist us with advertising our services using tools such as Cookies and online tracking technologies to collect information and measure the effectiveness of personalization, retargeting, and advertising.
■ Social Media Platforms
If a user interacts with us on a social media platform, that platform may be able to collect information about the user and their interactions with us. When a user interacts with social media objects (such as clicking the “Like” button on Facebook), both the platform itself and the user’s connections on said platform may be able to see that activity. To manage how such information is shared, please review the privacy policy of the social media platform in question.
■ Government Institutions and Law Enforcement Agencies
We may share information when we believe in good faith that we are lawfully authorized or required to do so in order to respond to a legal subpoena, warrant, court order, or other regulatory or law enforcement requests, or when necessary to protect our property or rights or the safety of our employees, customers, or other individuals.
■ Other Businesses Involved in Commercial Transactions
Our company’s ownership or corporate structure may change during the course of providing our services. We may transfer some or all of the information concerning our users to other entities, their affiliates, or service providers connected to them, or during negotiations relating to a merger, acquisition, sale of assets or lines of business, change in ownership, or financing transactions. We cannot guarantee that an acquired or merged entity will have the same privacy practices or treat user information as described in this policy.
7. Sending Personal information to third parties
We use services from the third parties described below in the provision of our services.
Such third-party services require certain user-related information in order to function. In particular, Cookies and similar technologies must be used to transmit information about users from their devices to servers owned by third-party service providers.
Among the external services we currently use for external transmission, matters to be disclosed based on the provisions of the Telecommunications Business Act regarding external transmission discipline are as follows.
For details regarding how third-party service providers use user-related information, please refer to the links provided in “Privacy policies, etc.”
| Services (Name of the third party) |
Information provided | How this information is used | Privacy policies, etc. |
|---|---|---|---|
| Firebase (Google LLC) |
Information that identifies the person or device viewing our content (e.g., user IDs, browser types, and device OSes). Information that identifies the location of the device viewing our content (e.g., IP addresses) |
To identify individuals and conduct investigation activities for support purposes | https://business.safety.google/intl/ja/tba-jp/ |
| ironSource (ironSource Mobile Ltd.) |
Information that identifies the person or device viewing our content (e.g., user IDs, browser types, and device OSes). Information that identifies the location of the device viewing our content (e.g., IP addresses) |
To deliver advertisements |
|
| Tapjoy (Tapjoy Limited) |
Information that identifies the person or device viewing our content (e.g., user IDs, browser types, and device OSes). Information that identifies the location of the device viewing our content (e.g., IP addresses) |
To improve our services and advertisement delivery | https://dev.tapjoy.com/en/legal/Privacy-Policy |
| Adjust (Adjust GmbH) |
Information that identifies the person or device viewing our content (e.g., IDFAs, AAIDs, cookies, IP addresses, and User-Agent headers). Information that identifies the location of the device viewing our content (e.g., IP addresses) |
https://www.adjust.com/terms/privacy-policy/ | |
| Google Analytics for Firebase (Google LLC) |
Information that identifies the person or device viewing our content (e.g., cookie identifiers, device identifiers such as AAIDs and IDFAs, and client identifiers). Information that identifies the location of the device viewing our content (e.g., IP addresses) |
https://business.safety.google/intl/ja/tba-jp/ | |
| Backtrace (Unity Technologies) |
Action history (e.g., anything relating to in-game error logs). Information that identifies the person or device viewing our content (e.g., user devices and OSes) |
To monitor in-game errors |
|
| Google play game services (Google LLC) |
Action history (e.g., user in-game progress) | To record and confirm the unlocking of in-game achievements for users on Android devices | https://business.safety.google/intl/ja/tba-jp/ |
| Sentry (Sentry Corp.) |
Action history (e.g., anything relating to in-game error logs). Information that identifies the person or device viewing our content (e.g., user devices and OSes) |
To monitor in-game errors |
|
| BigQuery (Google LLC) |
Information that identifies the person or device viewing our content (e.g., user devices, OSes, and unique identifying IDs). Action history (such as anything relating to in-game logs) |
To analyze game logs | https://business.safety.google/intl/ja/tba-jp/ |
8. Transfer of Personal Information Overseas
As a result of the above-mentioned disclosure or sharing of information, there may be cases where a user’s personal information is transferred to the following countries.
- The United States
- Japan
Many of our IT systems are hosted within Japan. In the event that a user’s personal information is to be transferred to the countries listed above, the following measures will be taken to protect the user’s personal information, as stipulated by applicable data protection laws.
- In the case that GDPR applies, when transferring to Japan, we rely on the European Commission’s and the UK Information Commissioner’s Office (ICO)’s adequacy decision for Japan (Please find further details here ), which recognizes that Japan provides an adequate level of protection (GDPR Act. 45) . When transferring to US, we will enter a Standard Contractual Clause (SCC) issued by the European Commission (including amendments made by the ICO to the EU SCC) with the recipient and conduct a Transfer Impact Assessment (GDPR Act. 46). Furthermore, will agree on additional measures with the recipient where necessary, to ensure an appropriate level of data protection.
- In the case that FADP applies, we will enter a SCC that has been issued by the European Commission (revised for Switzerland) as approved by the Swiss Federal Data Protection with the recipient and carry out a Transfer Impact Assessment. We will agree on additional measures with the recipient where necessary, to ensure an appropriate level of data protection.
For a copy of a document regarding the relevant safety measures, please contact the email address under “12. Contact”.
Please follow the below link for more information regarding the system in place for the protection of personal information in the US, to which personal information must be provided to under Japan’s Personal Information Protection Law. Third parties located in foreign countries to whom we provide personal information ensure appropriate protection of personal information, such as by complying with the laws and regulations regarding the protection of personal information within their country.
【United States (Federal Law)】
https://www.ppc.go.jp/files/pdf/USA_report.pdf
9. A User’s Rights to Information
All users have the following rights:
- (1) Right to Information About Data Processing
The user holds the right to obtain information regarding our data processing activities about the user. - (2) Right to Withdraw Consent
Users have the right to withdraw their consent at any time. However, the withdrawal of consent does not affect the lawfulness of information processing based on consent before such consent was withdrawn. - (3) Right to Access Personal Information
Users have the right to obtain confirmation from us as to whether or not we are processing their personal information and, if so, to access the personal information and certain related information. - (4) Right to Rectification Personal Information
Users have the right to rectify inaccurate personal information concerning them without undue delay and to have incomplete personal information completed. - (5) Right to Erasure of Personal Information
Under certain conditions, users have the right to have their personal information erased without undue delay. - (6) Right to Restrict Processing
Users have the right to restrict us from processing their personal information under certain conditions. - (7) Right to Object to Processing
Under certain conditions, users have the right to object to the processing of their personal information. - (8) Right to Object to Direct Marketing
Users have the right to object to their personal information being processed for the purpose of direct marketing at any time. - (9) Right to Data Portability
Under certain conditions, users have the right to receive their personal information in a structured, commonly used, and machine-readable format, and to transfer that data to another controller without hindrance from us. - (10)Right Not to Be Subject to Automated Decision Making
Under certain conditions, users have the right not to be subject to a decision based solely on automated processing (not performed by a human) which produces legal or other significant effects. - (11)Right to Lodge a Complaint
Users have the right to lodge a complaint with a data protection supervisory authority in the member state of their habitual residence, place of work, or the place of the alleged infringement.
For the EEA, the relevant supervisory authority listed for each member state, for the UK is Information Commissioner’s Office, and for Switzerland is The Swiss Federal Data Protection and Information Commissioner.
For those who wish to exercise any of these rights, please contact us at the email address under “12. Contact”.
10. Protection of Children’s Personal Information
When the legal basis for the processing of personal information is the user’s consent, we do not intentionally collect personal information from individuals under the age of 16 without prior consent from a parent or legal guardian. For children under the age of 16 who wish to use our services, please receive consent from their legal representative.
We may grant the child’s legal representative the right to review the child’s personal information, the right to edit, delete or temporarily suspend the child’s personal information, as well as withdraw the before mentioned consent.
11. Requesting to Exercise Rights
■ Submitting a Request
Users can contact the email address under “12. Contact” to send a request to exercise their rights.
In the event that users, under the applicable laws and regulations, are permitted to allow another person or company (i.e. an authorized agent) to exercise rights in their stead, the request to use such rights can be made through the authorized agent, who is legally appointed under such law.
There are cases where we have legal reasons for not complying with the user’s request or complying with the user’s request in a more limited method that the user is expecting. In such a case, we will explain our reasons in our response.
■ Verification
We will first need to verify the identity of the user before responding to a user’s request. In order to confirm the identity, we will request for personal identifiers, which we will match with personal information that we may have collected from the user previously. We may need to follow up on the user to request further information verify the identity of the user. We will not use personal information collected while verifying or fulfilling the user’s request, for any other purpose than responding to the request.
12. Contact
If you have any questions, comments, feedback, or inquiries regarding the handling of the personal information of users, please contact us using the contact form below.