Basic Policy regarding the Protection of Personal Information

* If you live in a country other than Japan, please read here.

Basic Policy

Protection of personal information

GREE Holdings, Inc. (“the Company”) recognizes the importance of personal information, views the complete protection of personal information as its social responsibility. The Company promises to comply with the Act on the Protection of Personal Information, other relevant laws and regulations, guidelines, and the like, and to properly handle in accordance with this Policy regarding the personal information collected from the customers who use the Company's services and the Company App (hereinafter referred to individually or collectively as “the Company's services”) and the personal information obtained from business partners, shareholders, employees, etc. (hereinafter referred to as “business partners, etc.”) for the operation of the Company's business (hereinafter referred to as “Company’s corporate operations”).

Scope

This Policy applies to all of the Company's services and Company's corporate operations . The personal information that will be collected and the purpose of use of such information will be specifically provided for each of the Company's services in the individual privacy policy for the Company's service.

Handling of Personal Information

Collection for Company's services

To manage Company's services, the Company will clearly state the purpose of use in the privacy policy and collect the personal information required for providing the Company's services through lawful and fair means.

Collection for Company's corporate operations

To manage Company's corporate operations, the Company will collect the personal information regarding contact such as name, email address, address, telephone number etc., and other necessary information for Company's stockholder management, commercial transaction, response to inquiries, public relations, and human-affairs procedure. In these cases, the Company collect the personal information through lawful and fair means.

Purpose of use

Purpose of use for Company's services

The Company will only use the collected personal information for improving the quality of the Company's services, delivering ads, or for any other purpose of use set forth in the privacy policy, and the Company will not use such information for any other purpose without the customer's consent or in the absence of any law or regulation to the contrary.

Purpose of use for Company's corporate operations

The Company will only use the collected personal information for Company's business administration, internal management, stockholder management, commercial transaction, analysis and improvement of our business activities, announcement of our services or events, response to inquiries, contact for our services, public relations, and human-affairs procedure.
The Company will not use for any other purpose without the customer's and business partners' consent or in the absence of any law or regulation to the contrary.

Administration System

Formulation of basic policy

A basic policy has been formulated to ensure the proper handling of personal data as an organization (refer to e.g. '1. Basic policy').

Discipline on the handling of personal data

Handling regulations have been established for the methods of handling personal data at each stage of acquisition, use, storage, provision, deletion and disposal, as well as for the responsible person/persons in charge and their duties.

Organizational security control measures

The Group Personal Data Protection Manager is appointed as the person responsible for the management of personal data and clearly defines the responsibilities and authority of employees in relation to the safe management of personal data.
Employees (including temporary staff) are supervised and a system is in place for reporting to the responsible person in the event of a breach of the law or handling rules or signs of such a breach.
Internal regulations and manuals on safety management have been established, and employees are required to comply with them, while appropriate audits are carried out to ensure compliance.

Personnel security management measures

We provide our employees (regardless of their employment status) with education and training at the time of joining the company and on a regular basis regarding the safe management of personal data. We also obtain written pledges regarding confidentiality, including personal data.

Physical security control measures

Access control is implemented in areas where personal data is handled.
Measures are also taken to prevent theft, loss or prying eyes from equipment, electronic media and documents that handle personal data.
In addition, when electronic media containing personal data are disposed of, processing is carried out to ensure that the data is completely erased.

Technical security control measures

In information systems that handle personal data, access management is implemented, such as limiting access authorization holders, immediately deactivating the accounts of employees who have transferred or left the company, as well as monitoring access status.
In addition, measures such as the installation of firewalls have been implemented to prevent unauthorized access from outside.

Understanding the external environment

If the Company handles personal data in a foreign country, it will take the necessary and appropriate measures for the safe management of the personal data, having been made aware of the systems for the protection of personal data in that foreign country.

Provision to Third Parties and Joint Use

Provision to third parties

In the following cases, the Company may provide personal information to third parties:

  • The Company outsources work to a third party to the extent necessary to achieve the purpose of use
  • The Company performs a merger, corporate spin-off, transfer of business, or disposes all or some of the Company's business, assets, or stock (including cases where it is performed in connection with bankruptcy or similar proceedings)
  • The Company requests the person's consent for the provision and the person gives such consent

However, with regard to any information that has been statistically processed so that the person cannot be identified, the Company may use such information for purposes other than those listed above.

Provision at the request of a government body, local government, public agency, or the like

In the following cases, the Company may provide personal information to a public agency or the like:

  • Pursuant to laws and regulations (including any laws and regulations outside of the country of residence of the party that will be providing the information)
  • It is necessary to protect a person's life, body, or property, and it is difficult to obtain the consent of the person
  • It is particularly necessary to improve public health or to promote the healthy development of children, and it is difficult to obtain the consent of the person
  • There is a need to cooperate with the performance of administrative work provided for by law or regulation by a national government body, local government, or a contractor for such body, and obtaining the person's consent may interfere with the performance of such administrative work

Provision to third parties in foreign countries

Except cases where the Personal Information Protection Law excludes, when providing personal information to a third party in foreign country, we will provide the following information in advance.

  • The name of the country
  • Information on the system for protecting personal information in the country
  • Information on the measures taken by the third party to protect personal information

Joint utilization

The Company may use the personal information you provide with other companies within the scope of the intended use.

Scope of shared users

GREE Holdings, Inc. and its group companies
The latest information on the names of companies included in the scope of joint users will be posted on the GREE Holdings, Inc. website

Entrust (person with something)

The Company may outsource the handling of personal data to external organizations or other parties.
When selecting organizations, etc., the information security management system of the contractor is checked before the contract is concluded.
Even after the contract has been concluded, the information security management system of the contractor is regularly checked.

Cookies, information collection modules

Cookies are a mechanism whereby a website stores a small file inside the user's browser. For example, when a user visits the same website again, the stored cookie identifies a unique ID that identifies the browser and enables processing such as changing the display of web pages and advertisements for each browser.
You can refuse collection by disabling cookies in your browser settings, but this may limit the functions available on the website.

The following information collection modules are used on our corporate website to collect traffic data and analyse browsing history, etc. using cookies for the purpose of providing functions included on the corporate website, displaying advertisements and analysing usage. For information on data handling in the information collection module, see the websites of the respective providers.

Personal Information Inquiry Desk

Request for disclosure, correction, addition, deletion, suspension of use, etc.

If you or your agent makes a request to disclose, correct, delete, or suspend the use of your personal information, the Company will comply with such request without delay to the extent possible in accordance with laws and regulations. With regard to such requests, please contact at Contact Form. Please note, however, that if any personal information required to provide the Company's services is corrected, deleted, or suspended from use, there may be cases where you will not be able to use all or part of the Company's services.

Contact information

If you wish to make an inquiry, to discuss, or to file a complaint with regard to the handling of personal information, please contact at Contact Form.

Name of accredited personal information protection organization and application for complaint resolution

The company is registered as a target business entity of the following accredited personal information protection organization.

  • Name of accredited personal information protection organization
    General Incorporated Association Mobile Content Forum (abbreviation: MCF)
  • Application for resolution of complaint
    Accredited personal information protection organization
    • Address: 150-0013 3rd Ito Bldg. 603, 4-4-5, Shibuya Ward, Tokyo
    • Mail address: soudan@mcf.or.jp

Last updated: February 3, 2025
GREE Holdings, Inc.