KONAMI SERVICES PRIVACY NOTICE

For our child-friendly privacy page, visit our website [https://legal.konami.com/kde/kidsprivacy/en/].

KONAMI SERVICES PRIVACY NOTICE

This Konami Services Privacy Notice (this Notice) is provided to you by Konami Digital Entertainment Co., Ltd. (Konami) and explains to you, as a user of our products and services (Konami Service), how we collect, use, and protect your personal data or personal information, as defined in the Data Protection Law (defined below) applicable to you (Personal Data).

This Notice consists of following parts.

PART I. SERVICE-SPECIFIC INFORMATION:

PART I provides information specific to the Konami Service that you use. Unless otherwise expressly stated, information provided in PART I applies to all users, regardless of where each user (including you reside.

PART II. GENERAL INFORMATION:

PART II provides general information on the data protection or privacy laws of your country or region of residence, regardless of which Konami Service you use.

We may change, add to, or delete any part of this Notice from time to time. You can obtain the latest version of this Notice from our website [https://legal.konami.com/games/esports4gdpr/en-gb/].

PART I. SERVICE-SPECIFIC INFORMATION

(eSPORTS EVENTS)

A. GENERAL PROCESSING

1. Categories of Personal Data we process

Below are the categories of your Personal Data we may process when you participate in Konami’s eSports event(s) (Event). For the avoidance of doubt, the Event forms part of Konami Service.

Please note that in holding the Event, we may either (i) ask you to provide us with your Personal Data specifically for the Event, or (ii) use what we already had obtained in providing you our game that is used in the Event (Game).

· Customer data, such as name, e-mail address, address, phone number, date of birth, portrait, voice, nationality, spoken languages, and shirt size (if we require participants to wear a uniform).

· Identifiers, such as user identifiers designated by us (e.g. user IDs, which may be called in various names depending on the relevant Konami Service) (User ID), those designated by third parties (e.g. platform IDs), and usernames and IDs that you use in any third-party services (e.g. social networking services and video or text communication services).

· Usage data, such as the following.

- User data: any choice that you made or information about you that you send us through your use of the Game, such as selected language, country or region, and any name(s) that you use in the Game, and your answers to our survey or any other information that you provide us through our web forms or otherwise.

- Play data: in-Game match results.

2. Purposes of our processing of your Personal Data and Retention Period thereof

Below are the purposes for which we may process your Personal Data.

· To hold and operate the Event.

· To send you any equipment(s) necessary for the Event.

· To send you any award(s) that you earned in the Event (if any).

· To promote and advertise the Event, the Game, and other Konami Services related thereto.

· To develop our business strategies.

· To comply with legal obligations or respond to legitimate requests from public authorities (Legal Obligations).

· For dispute resolution, including the establishment, exercise or defence of legal claims (Dispute Resolution).

· For performance of the contract between us and our business partners (including licensors) (Contractual Obligations)

For any processing explained in this Section A, we keep your Personal Data for (i) up to three (3) years after the end of the Event and completion of all our tasks related thereto, or (ii) as long as it is necessary for us to pursue our legitimate interest, whichever is longer, provided, however, that we shall delete relevant Personal Data if and when we no longer provide any Konami Services that relates to the Event or hold or have any Other Parties hold any other events that relates to the Event (Other Event).

Notwithstanding the foregoing, we may have to retain it for a longer period of time for Dispute Resolution, to comply with Legal Obligations, and/or due to our Contractual Obligations.

B. ADDITIONAL PROCESSING

In addition to our general processing explained in Section A, we may process your Personal Data explained below depending on which Event you participate in.

1. Offline Event.

Our Event may be held entirely or partially offline (i.e., on-site, vis-à-vis one another) (Offline Event).

If you participate in any Offline Event, we may process the categories of Personal Data explained below in addition to those explained in Section A, for the purpose of holding such Offline Event, including to arrange your transportation(s) and accommodation(s).

· Customer data, such as the station nearest to your house, transportation and the route that you take to access the venue where the Offline Event is held.

· Identifiers, such as passport number

There are some cases where we also process the following Personal Data.

- We may ask you to show us your official identification, such as passport or driver’s license, to make sure that the person who have applied to participate in the Offline Event actually showed up at the venue, provided, however that we will not make any copies of such identification unless we take any other steps required under applicable Data Protection Laws.

- Depending on how old you are, we may request your parent or legal guardian (Legal Guardian) to accompany you during the Offline Event. In this case, we will process Personal Data of your Legal Guardian, as explained in Section A and this Section, only to the extent necessary for such an accompaniment.

- To prevent the spread of infectious diseases such as COVID-19, we may ask you to provide us your body temperature, information on your vaccination, health condition, results of your PCR or other testings, and other information which may include your Personal Data, as necessary for us to hold the Offline Event safely and securely. We may disclose any such information to medical institutions or governmental authorities to comply with Legal Obligations or otherwise respond to legitimate requests from a public health perspective.

We keep your Personal Data for this purpose for up to six (6) months after the end of the Event and completion of all our tasks related thereto, unless otherwise required (i) for Dispute Resolution, (ii) for our compliance with Legal Obligations, and/or (ii) under our Contractual Obligations.

2. Event-Related Payment.

Our Event may result in making a payment to you in relation to your participation to such Event (Event-Related Payment).

If we are obligated to make Event-Related Payment to you under the contract executed between you and us (Event Contract), we will process your ‘payment information’, such as your beneficiary bank account, to make such payment. Such payment will be made in accordance with the Event Contract, so please refer to the Event Contract that you have executed for the details of such payment.

3. Invitations and Offers.

We may send you the invitations (Invitations) to Other Events or job offers in relation to the Game or related Konami Services (Offers).

We may process the categories of Personal Data explained below in addition to those explained in Section A, for the purpose of sending you such Invitations and Offers.

· Customer data, such as name and e-mail address

· Identifiers, such as User ID

· Usage data, such as play data including match results of the Game, and user data that you provide us through the Game, e.g. country or region, language, and any name(s) that you use in the Game

Please note that the Other Event may be held by, and the Offer may be made by, us, our affiliates, or third parties (collectively, Other Parties). However, in any case, we will be the one sending you such Invitations and Offers. If we wish to share your Personal Data to any Other Parties for them to send any Invitations or Offers to you, we will make sure that we separately ask for your consent in advance.

We keep your Personal Data for this purpose for up to two (2) years after the end of the Event and completion of all our tasks related thereto, unless otherwise required (i) for Dispute Resolution, (ii) for our compliance with Legal Obligations, and/or (ii) under our Contractual Obligations.

4. Introducing you to Other Parties.

We may ask for your consent to introduce you to Other Parties as a potential participant in Other Event (Introduction). Upon your separate, explicit consent, we may process the categories of Personal Data explained in Section A to make such an Introduction.

We will separately explain to you the specific categories of Personal Data that we will be providing to the Other Parties when we seek for your consent for such an Introduction.

We keep your Personal Data for this purpose for up to three (3) years after the end of the Event and completion of all our tasks related thereto, unless otherwise required (i) for Dispute Resolution, (ii) for our compliance with Legal Obligations, and/or (ii) under our Contractual Obligations.

C. DATA SHARING AND LEGAL BASES

1. Who we share your Personal Data with

List of our processors can be found here [https://legal.konami.com/kde/processor-list/].

2. Legal bases

This section is provided only for those residing in the EEA/UK.

We generally rely on ‘legitimate interests’ to process your Personal Data for the purposes explained in this PART I, which means our interest in operating our business to deliver high-quality Event in the most enjoyable and exciting way for you, as set out in more detail for each of the purposes above. Where we rely on legitimate interests to process your Personal Data, we first consider how this may benefit, or pose risks, to you. We will only collect and use your Personal Data for our legitimate interests where we have made sure that there are no unacceptable negative risks to you, and you always have a right to object to our use of your Personal Data (see PART II for details).

Below are the exceptions to the above:

· Event-Related Payment: we use your Personal Data to do what we have promised you under the ‘contract’ we have with you.

· Introducing you to Other Parties: we use your Personal Data based on your clear, specific and freely given ‘consent’ (or the consent of your parent/guardian if you are below the age at which the consent of your parent/guardian is no longer required by applicable law). To rely on your consent, we have to provide you with enough information in advance to make up your mind on whether you are happy for us to use your Personal Data for the purpose we have explained. We also have made sure that you have actively provided your consent to us (we cannot assume or infer your consent) and that we have a record of it. You never have to consent to our use of your Personal Data and can always change your mind and withdraw your consent easily at a later date (see PART II for details), using the method explained to you when we obtained your consent in the first place.

PART II. GENERAL INFORMATION

This PART II provides information specific to those who reside in the EEA/UK.

We explain further below with more general information about how we process your Personal Data, including how we protect your Personal Data and how you can exercise your right with regard to your Personal Data.

I want to know more about Konami as the controller of my Personal Data

Konami Digital Entertainment Co., Ltd. is a Japanese company which specialises in developing ‘online’ and ‘offline’ games, such as computer, console and mobile app games, trading card games, and related music and video content. We also organise events and competitions related to these games. We are based in Tokyo, Japan and our company’s main office address is 1-11-1 Ginza, Chuo-Ku, Tokyo 104-0061, Japan. You can find out how to contact us in Section 8. More information about us is on our website: [https://www.konami.com/games/corporate/en/].

I want to know more about what “your Personal Data” means

When we refer to “Personal Data” we mean any information which relates to you as an identifiable individual. A wide range of information can be your “Personal Data”. Some examples you would expect are your name, email address, home address and telephone number. Some less obvious examples include your gameplay history and the fact that you have won prizes in our competitions. We explain in PART I the Personal Data which we may collect about you, depending on the type of Konami Services you use.

Your Personal Data is very important to us. We promise to protect it to the standard required by Data Protection Laws which apply when we provide Konami Services to you in the EU or the UK.

I am in the EU, tell me more about the laws which protect my Personal Data

If you are in the EU then we will comply with EU Data Protection Laws including the GDPR (General Data Protection Regulation), the Privacy and Electronic Communications Directive 2002/58/EC as amended and related Member State laws and regulations on data protection and privacy.

I am in the UK, tell me more about the laws which protect my Personal Data

If you are in the UK then we will comply with UK Data Protection Laws including the Data Protection Act 2018, the UK GDPR (General Data Protection Regulation), the Privacy and Electronic Communications Regulations 2003 as amended and related UK laws and regulations on data protection and privacy.

Our Privacy Promise to you is that when collecting and using your Personal Data we will do the following:

· Comply: We will respect Data Protection Laws.

· Inform: We will tell you clearly, openly and honestly about the reasons and purposes for collecting and using your Personal Data.

· Control: We will put you in control of your Personal Data, by telling you your rights and how to exercise them.

· Secure: We will use strong security measures to keep your Personal Data safe and secure.

· Trust: We will not use your Personal Data to make money by providing it to anyone else, or any other purpose which you would not expect us to.

Please click on the headings below if you want to find out more about the types of Personal Data we collect about you, how we use and protect your Personal Data, and how you can contact us with any questions or to exercise your rights under Data Protection Laws.

1. How long we keep your data

We will keep your Personal Data for the periods explained in the information provided through PART I for the particular Konami Services you will use.

If you would like more information on the periods which we keep specific types of your Personal Data for, then please contact us as explained in Section 8. If you feel that we are keeping your Personal Data for too long, then in some circumstances you can ask us to stop processing or to delete your data – see Section 7 on your rights and how to exercise them.

2. How we keep your data secure

Keeping your Personal Data safe and secure is our priority.

As required by Data Protection Laws, we have put in place appropriate ‘technical’ and ‘organisational’ security measures to prevent breaches of your Personal Data:

- Our ‘technical’ measures for protecting your Personal Data include ensuring that the data centres in Japan which Konami operates have very strict physical controls for who can access your Personal Data, strong protections against threats such as cyber-attacks, viruses and power-cuts, and are regularly backed up. When we use third party services for data storage, we ensure that they also use appropriate technical security measures (see Sharing with Service Providers below).

- Our ‘organisational’ measures for protecting your Personal Data include managing carefully the staff who can access your data. For example, we always make sure that our staff agree to ‘confidentiality obligations’ (meaning they promise to keep your Personal Data secret) in our employment contracts with them and we train our staff on the importance of protecting your Personal Data and our obligations under Data Protection Laws. Where necessary, we undertake background checks on our staff to make sure that they are honest and trustworthy, before giving them access to your Personal Data.

If you would like more information about these security measures, then please contact us as explained in Section 8.

3. What we do if there is a Personal Data breach

Personal Data breaches can include a wide range of incidents which affect the confidentiality, integrity or availability of your Personal Data. Some breaches result from accidents, others from unlawful actions. Common examples of breaches include where:

- Personal Data is lost, destroyed, corrupted or disclosed

- Someone accesses the Personal Data or passes it on without permission

- The Personal Data is made unavailable, for example because it has been accidentally lost or destroyed or because it has been damaged by a computer virus

We recognise that security breaches involving your data could cause you distress, financial damage or other harm. We have therefore put in place reporting procedures to respond quickly to any suspected Personal Data breach and to ensure that our staff are trained on these procedures. Where a Personal Data breach poses a potentially significant risk to you, then we will notify you and any relevant Data Protection Authority (see Section 9) of a Personal Data breach in situations where Data Protection Laws require us to do so, so that you can take appropriate steps to protect yourself from the breach.

Where we need to use other businesses to assist us in providing you with Konami Services, then we also require them to implement the same strict standard of security measures and to notify us of any Personal Data breaches promptly – see Section 5 for more information.

4. Who we share your Personal Data with

We do not make money by providing your Personal Data to other businesses. We will share your Personal Data within the Konami group of companies (Konami Group) and with our service providers in order to provide you with Konami Services that you expect and enjoy. Occasionally, situations may arise where we need to share your Personal Data with other types of organisations. We explain our sharing of your Personal Data below. Please see PART I - Section C or contact us using the details in Section 8 for specific information.

Sharing with Konami Group companies

We provide Konami Services to users all over the world. Providing you with Konami Services in your country or region requires us to work closely with other Konami Group companies and to share your Personal Data with them.

For example, as you are in the EU or the UK then we may need to share your Personal Data with Konami Group companies in the EU or UK in order to:

- ensure that you are able to access appropriate customer support services for your query

- arrange events held by us or by other Konami Group companies in your country or region that you wish to attend

- manage and update your accounts with us, for example [KCGN account]

- analyse the preferences and needs of our users in your country or region in order to improve the quality of Konami Services

- procure data centre services to protect and store your Personal Data safely

We will only share your Personal Data with Konami Group companies to provide you with or to improve Konami Services or for other purposes such as for the development or improvement of Konami Group products and services, marketing and promotional purposes, and for Konami Group companies to hold their own events. We will ensure that any Konami Group companies that receive your Personal Data will only use it as permitted by Data Protection Laws and for the purposes set out in this Notice and (where applicable) the privacy notices of the relevant Konami Group companies.

A list of all of our Konami Group companies is available here [https://www.konami.com/corporate/en/subsidiaries/].

Sharing with service providers

To provide you with Konami Services we use the services of other businesses, which we call ‘service providers’.

For example, the types of service providers we may use are as follows:

- Providers of cloud storage services

- Providers of customer support services

- Providers of analytics services

- Providers of advertising services

- Providers of marketing platforms services

- Providers of content management services

Whenever we share your Personal Data with service providers, we will protect it to the standard required by Data Protection Laws. We will undertake checks on the service provider before using them and we will control their use of your Personal Data in a legally binding contract. This approach allows us to make sure that the service provider:

- Only uses your Personal Data in accordance with our documented instructions.

- Has strong protections in place to keep your Personal Data secure and secret

- Is accountable to us legally if they fail to meet these strict standards for protecting your Personal Data

Please note that the service provider may use your Personal Data for its own purposes, such as maintenance and improvement of its services, in which case the service provider will be the controller of your Personal Data. In such cases, the service provider has primary responsibility for the processing of your Personal Data.

Other sharing

Occasionally, there may be other circumstances in which we need to share your Personal Data with other businesses or organisations. This may be the case, for example, where:

- We are ordered to share your Personal Data by a Court, the police, a Government body or another organisation which has the legal power to require us to do so

- Another business buys Konami or the part of our business which provides you with Konami Services

- We reorganise how Konami or the Konami Group operates and provides you with Konami Services

When sharing your Personal Data in such circumstances, we will continue to protect your Personal Data by respecting and upholding our strict standards and the strict legal obligations imposed on us.

5. How we protect your data in Japan and other countries outside the EU/UK

Konami is a Japanese company and the Personal Data we collect from you is stored in secure data centres of our service providers that may be located outside the EU or UK, and we apply strict security measures to protect your Personal Data, as explained in Section 2.

Data Protection Laws of Japan have been approved by the EU and by the UK as providing the same high standards of protection as the Data Protection Laws of the EU and UK. Where　we transfer your Personal Data to our service providers in countries other than Japan which are not in the EU or UK, then we will comply with the strict requirements imposed on us by the Data Protection Laws of the EU, UK and Japan to ensure that your Personal Data remains protected to the same high standards.

Details of the safeguards we have put in place can be obtained by contacting us as explained in Section 8.

6. Links to the services of other businesses

Some Konami Services, such as our websites, allow you to access the websites, content and services of other businesses. For example, you may be able to click on weblinks, plug-ins or applications embedded in our websites which take you to the websites of other businesses, which then collect Personal Data or other information about you.

We do not control those businesses and we are not responsible for their use of your data or information. If you use links to such services of other businesses, please read their privacy notices to make sure that you are comfortable with how they will collect and use your data and information.

7. Your rights under Data Protection Laws

I want to find out what my rights are

You have various legal rights relating to your Personal Data, which we explain below. Some of these rights are only available in certain circumstances and will depend upon our legal basis for using your Personal Data (which is explained in PART I).

If you make a request to us about your rights then we will provide you with a written response explaining whether we will be able to comply with your request or, if not, the reasons why not.

- Accessing your Personal Data: You always have the right to ask us to provide you with copies of your Personal Data. As there are some limitations to this right, sometimes we will not be able to provide you with all of the information you request.

- Correcting your Personal Data: You always have the right to ask us to correct your Personal Data if it is not accurate, and to complete your Personal Data if it is not complete (known as the ‘right to rectification’ under the GDPR).

- Deleting your Personal Data: In some circumstances, you can ask us to delete your Personal Data (known as the ‘right to erasure’ or the ‘right to be forgotten’ under the GDPR).

- Restricting our use of your Personal Data: In some circumstances, you can ask us to restrict our use of your Personal Data.

- Transferring your Personal Data: In some circumstances, you can ask us to transfer your Personal Data to another organisation, or to you, in a format that is generally used for storing and accessing such data (known as the ‘right to data portability’ under the GDPR). This right only applies where you have provided us with your Personal Data and, in addition, where our legal basis for using your Personal Data is either your Consent or is Contract (see PART I – Section C).

- Objecting to our use of your Personal Data: In some circumstances, you can say you do not agree with our use of your Personal Data (known as the ‘right to object’ under the GDPR). This right applies where our legal basis for using your Personal Data is Legitimate Interests (see PART I – Section C). If we receive a request from you objecting to our use of your Personal Data, then in general we must stop using it. We may continue to use it only if we have a strong reason to do so and our continued use does not create an unacceptable risk to you. If your objection is to direct marketing, then we must always stop.

- Withdrawing your consent: Where our legal basis for using your Personal Data is consent, then you always have the right to change your mind and withdraw your consent (see PART I – Section C).

- No automated decision making or profiling: Data Protection Laws also provide you with a right not to have your Personal Data used to make decisions about you based on profiling or other forms of automated processing which could affect you legally or in any other similarly significant way. We will never use your Personal Data for such purposes.

I want to find out how to exercise my rights

- How to contact us: You can exercise your rights by contacting us by email at: privacynotice@faq.konami.com. Alternatively, you can contact us using the details set out in Section 8.

- How long it will take to respond: We try to respond to all Personal Data requests within one month. Occasionally it may take us longer than a month, if your request is particularly complex or you have made a number of requests. As explained above, please note that there are exceptions to your rights and some situations where they do not apply.

- Additional information about you: We may need to ask for additional information from you to help us confirm your identity. This is a security measure to ensure that Personal Data is not given to any person who has no right to receive it. We may also contact you to ask you to clarify your request.

- Usually no fee applies: You will not normally have to pay to access your Personal Data or to exercise any of your other rights. In some circumstances, however, we may charge a reasonable fee if we consider that you are making requests which are especially unreasonable. For example, if you make an unreasonably large number of requests or request an unreasonably large amount of information. Alternatively, we may refuse to comply with your request in these circumstances.

8. How to contact Konami with questions

There are several ways in which you can contact us with any questions about our use of your Personal Data, or to exercise your rights under Data Protection Laws. These are explained below:

- Contact us: You can contact us at: privacynotice@faq.konami.com

- Contact our Data Protection Officer: We have appointed a Data Protection Officer (DPO), who has overall responsibility for looking after Konami Group’s compliance with Data Protection Laws. You can contact our DPO by emailing them at: dpo-team@konami.com

- Contact our EU Representative: If you are in the EU and would prefer to contact our local EU representative, you can do so by emailing the French Branch of Konami Digital Entertainment B.V. at rep-gdpr@konami.info

- Contact our UK Representative: If you are in the UK and would prefer to contact our local UK representative, you can do so by emailing the UK Branch of Konami Digital Entertainment B.V. at rep-gdpr@konami.info

If you have any general inquiries about Konami Services, you can contact us by emailing at: [https://www.konami.com/games/inquiry/]

9. How to complain to a Supervisory Authority

We value our relationship with you and want to ensure that you are comfortable with how we use your Personal Data to provide you with Konami Services. If you feel that we have failed to look after your Personal Data properly, or have misused it, then we would always encourage you to contact us first as we will do our best to resolve the issues for you. You can contact us using the details in Section 8.

Alternatively, you have the right to make a complaint to a ‘Supervisory Authority’ (the government regulator for data protection) about our use of your Personal Data:

- EU DPA: If you are in the EU, you can find the Supervisory Authority for your country and how to contact them here: [https://edpb.europa.eu/about-edpb/board/members_en]

- UK DPA: If you are in the UK, the Supervisory Authority is the Information Commissioner’s Office, who you can contact here: [https://ico.org.uk/make-a-complaint/your-personal-information-concerns/]

10. Changes to this Notice

We may make changes to this Notice from time to time.