PRIVACY POLICY

PRIVACY POLICY

 

1. Basic policy

Privacy statement

REALITY Studios, Inc.(hereinafter referred to as the "Company") recognizes the importance of personal data and considers the thorough protection of such information to be a social responsibility. We promise to comply with the Act on the Protection of Personal Data and other relevant laws, regulations, and guidelines, and the like, and to properly handle in accordance with this policy regarding the personal data collected from the customers who use the Company’s services and the Company App (hereinafter referred to individually or collectively as “our services”) and the personal data obtained from our business partners,  employees and others (hereinafter referred to as "business partners") for the purpose of our business operations (hereinafter referred to as "our business operations").

Subject

This policy applies to all our services and business operations provided by us. Please also note that the personal data we collect for each of our services and the purposes for which it is used are specifically set out in the individual privacy policies for each of our services.

 

2. Handling of personal data

Acquisition of personal data in the operation of our business

In the conduct of its business, conducting stock-related business, conducting transactions with business partners, organizing events, receiving enquiries, and responding to public relations or personnel procedures, etc., we may obtain personal information relating to contact details such as name, email address, address, telephone number and other necessary information. In such cases, the Company will acquire such personal data by lawful and fair means, including acquisition by disclosure from Group companies.

Purpose of use in our business operation

We shall use the personal data that we acquire only within the scope of the purposes of business management, internal management, execution and management of transactions with the Company, research and analysis of the Company’s business activities, business improvement, guidance on the Company’s business, services and events, response to enquiries, execution of administrative contact and communication, execution of PR correspondence, and procedures on personnel matters, etc., and we will not use such personal data for any other purposes except with the consent of the customer or business partner or as permitted by law

 

Acquisition of personal data and its categories in our services

In the operation of our services, we will acquire the following personal data necessary for the provision of our services, etc., by legal and fair means, after clarifying the purposes of use in this policy, individual policies, or other relevant documents.

(1) Information registered by the customer

· Name, date of birth/age, gender

· Email address, telephone number, address, and other contact information

(2) Information automatically acquired through our services

· Login history, browsing history, purchase history, and other information related to the customer’s actions on REALITY Studios official shop (hereinafter referred to as the “Official Shop”)

· Advertising ID of the device used by the customer when using the Official Shop

Purpose of use in our services

We will use personal data acquired in connection with the Official Shop or other our services for the following purposes, and will not handle any personal data beyond the scope necessary to achieve those purposes except with your consent or as permitted by law.

· To ship products, prizes, or gifts

· To create your account on our services, and to protect, verify, and authenticate the account

· To notify you of maintenance, updates, changes to the terms of use, and other information related to the use of our services

· To inform you of campaigns, sweepstakes, and other events related to our services

· To respond to your requests for materials, inquiries, consultations, complaints, and after-sales services

· To take measures for the purpose of providing our services to customers safely, such as identifying and notifying individuals who violate the terms of use, and investigating,

detecting, and preventing fraudulent acts using our services, unauthorized access, and other illegal acts

· To plan and improve our services

· To analyze the information acquired and develop new products, content, and services tailored to customers’ interests and preferences (including providing such information to third parties for such purposes)

· For other purposes necessary to operate and provide our services

Legal basis for the handling of personal data.

Your personal data will be handled on one of the following legal bases.

•        Consent to purpose of use

•        Performance of contracts

•        Legal obligations to which controller is subject

•        Protection of vital interests

•        Public interest, exercise of official authority

... legitimate interests.

Please note that the data subject has the right to withdraw their ‘consent to purpose of use’ at any time. For information on how to withdraw consent, please refer to the privacy policy of the individual apps and services.

Policy on children

As a rule, we do not handle the personal data of children under 16 years of age.

If personal data of a child under 16 years of age is to be handled by consent for the purpose of use, the handling will only commence after the consent or approval of a responsible person with parental authority has been obtained.

 

3. Security control measures for personal data

Formulation of basic policy

A basic policy has been formulated to ensure the proper handling of personal data as an organization (refer to e.g. '1. Basic policy').

Discipline on the handling of personal data.

Handling regulations have been established for the methods of handling personal data at each stage of acquisition, use, storage, provision, deletion and disposal, as well as for the responsible person/persons in charge and their duties.

Organizational security control measures

The Group Personal Data Protection Manager is appointed as the person responsible for the management of personal data and clearly defines the responsibilities and authority of employees in relation to the safe management of personal data.

Employees (including temporary staff) are supervised and a system is in place for reporting to the responsible person in the event of a breach of the law or handling rules or signs of such a breach.

Internal regulations and manuals on safety management have been established, and employees are required to comply with them, while appropriate audits are carried out to ensure compliance.

Personnel security management measures

We provide our employees (regardless of their employment status) with education and training at the time of joining the company and on a regular basis regarding the safe management of personal data. We also obtain written pledges regarding confidentiality, including personal data.

Physical security control measures

Access control is implemented in areas where personal data is handled.

Measures are also taken to prevent theft, loss or prying eyes from equipment, electronic media and documents that handle personal data.

In addition, when electronic media containing personal data are disposed of, processing is carried out to ensure that the data is completely erased.

Technical security control measures

In information systems that handle personal data, access management is implemented, such as limiting access authorisation holders, immediately deactivating the accounts of employees who have transferred or left the company, as well as monitoring access status.

In addition, measures such as the installation of firewalls have been implemented to prevent unauthorized access from outside.

Understanding the external environment

If the Company handles personal data in a foreign country, it will take the necessary and appropriate measures for the safe management of the personal data, having been made aware of the systems for the protection of personal data in that foreign country.

 

4. Disclosure

Disclosure to third parties

The Company may provide personal data necessary for identity verification, billing address verification, and credit checks to third parties that process payments in accordance with the payment method selected by customers in connection with the Official Shop or other our services.

In addition, the Company may provide personal data to third parties in the following circumstances:

           Where we outsource work to third parties to the extent necessary to achieve the purpose of use.

           In other cases where the data subject is asked to consent to the provision of the information and the data subject complies with the request.

           To introduce business partners to our group companies

However, information that has been statistically processed so that individuals cannot be identified may be used for purposes other than those mentioned above.

 

Disclosure at the request of government agencies, local authorities, public authorities, etc.

The Company may disclose personal data to public authorities in the following cases.

           In accordance with laws and regulations (including laws outside the country of residence of the data subject).

           Where disclosure is necessary for the protection of the life, body or property of a person and it is difficult to obtain the consent of the data subject.

           Where it is particularly necessary for the improvement of public health or the promotion of the sound development of children and it is difficult to obtain the consent of the data subject.

           Where it is necessary to cooperate with a state body, a local authority or a person or entity entrusted by one of these bodies to carry out affairs prescribed by law, and where obtaining the consent of the data subject may impede the carrying out of such affairs.

Cross-border transfer

We may transfer personal data outside the EEA on the basis of

•        Adequacy Decision

•        Consent of the data subject

•        Standard contractual clauses with outsourcers

•        Where it is stipulated by law

 

Entrust (person with something)

The Company may outsource the handling of personal data to external organizations or other parties.

When selecting organizations, etc., the information security management system of the contractor is checked before the contract is concluded.

Even after the contract has been concluded, the information security management system of the contractor is regularly checked.

 

Cookies, information collection modules

Cookies are a mechanism whereby a website stores a small file inside the user's browser. For example, when a user visits the same website again, the stored cookie identifies a unique ID that identifies the browser and enables processing such as changing the display of web pages and advertisements for each browser.

You can refuse collection by disabling cookies in your browser settings, but this may limit the functions available on the website.

The following information collection modules are used on our corporate website to collect traffic data and analyze browsing history, etc. using cookies for the purpose of providing functions included on the corporate website, displaying advertisements and analyzing usage.

For information on data handling in the information collection module, see the websites of the respective providers.

Google LLC, 'Google Analytics'.

 

5. Personal Information Inquiry Desk

Enquiries, consultations and complaints about the handling of personal data in our services can be made at: you can also contact the Data Protection Officer, but please contact the following desk first.

Customer Information Disclosure and Inquiry Desk

realitystudios-shop@reality-studios.inc

 

Personal data controller

REALITY Studios, Inc.

Roppongi Hills Gate tower, 6-11-1 Roppongi Minato-ku,

Tokyo, Japan

 

Data Protection Officer (DPO)

The company has appointed a Data Protection Officer who is appropriately and timely involved in all matters relating to the protection of personal data.

Position: data protection officer

GREE Holdings, Inc.

Roppongi Hills Gate Tower, 6-11-1 Roppongi, Minato-ku,

Tokyo, Japan

dpo@gree.net

 

6. Data subject rights

Disclosure, rectification, erasure, restriction of handling, objection to handling, data portability, etc.

You have the right to access, rectify, erase, restrict processing and object to the processing and handling of your personal data obtained by us, as well as the right to data portability.

If a request is made by the data subject or his/her representative, the Company will respond to the request without delay to the extent possible in accordance with the law. For information on these requests, please contact the “Customer Information Disclosure and Inquiry Desk” listed in “5. Personal Information Inquiry Desk”.

You also have the right to lodge a complaint about the handling of your personal data with the supervisory authority having jurisdiction over your place of residence.

 

Automatic decision-making, including profiling.

The data subject has the right not to be subjected to a decision based solely on automated processes, such as profiling, which have legal effects or similarly significantly effects concerning him/her.

 

7. Management policy.

Retention period

Personal data obtained will be stored and managed appropriately if necessary for the purpose of using the respective service, to comply with applicable laws and regulations, or in accordance with orders from government, courts or other supervisory authorities.

 

Enacted: January 19,2023

Updated: August 1,2025

Updated: March 1,2025

 

REALITY Studios, Inc.