KONAMI SERVICES PRIVACY NOTICE

PART II. GENERAL INFORMATION

We explain further below with more general information about how we process your personal data, including how we protect your personal data and how you can exercise your right with regard to your personal data.

I want to know more about Konami as the controller of my personal data

Konami Digital Entertainment Co., Ltd. is a Japanese company which specialises in developing ‘online’ and ‘offline’ games, such as computer, console and mobile app games, trading card games, and related music and video content. We also organise events and competitions related to these games. We are based in Tokyo, Japan and our company’s main office address is 1-11-1 Ginza, Chuo-Ku, Tokyo 104-0061, Japan. You can find out how to contact us in Section 8. More information about us is on our website: https://www.konami.com/games/corporate/en/

I want to know more about what “your personal data” means

When we refer to “personal data” we mean any information which relates to you as an identifiable individual. A wide range of information can be your “personal data”. Some examples you would expect are your name, email address, home address and telephone number. Some less obvious examples include your gameplay history and the fact that you have won prizes in our competitions. We explain in PART I the personal data which we may collect about you, depending on the type of Konami Services you use.

Your personal data is very important to us. We promise to protect it to the standard required by the Data Protection Laws which apply when we provide Konami Services to you in the EU or the UK.

I am in the EU, tell me more about the laws which protect my personal data

If you are in the EU then we will comply with EU Data Protection Laws including the GDPR (General Data Protection Regulation), the Privacy and Electronic Communications Directive 2002/58/EC as amended and related Member State laws and regulations on data protection and privacy.

I am in the UK, tell me more about the laws which protect my personal data

If you are in the UK then we will comply with UK Data Protection Laws including the Data Protection Act 2018, the UK GDPR (General Data Protection Regulation), the Privacy and Electronic Communications Regulations 2003 as amended and related UK laws and regulations on data protection and privacy.

Our Privacy Promise to you is that when collecting and using your personal data we will do the following:

· Comply: We will respect Data Protection Laws.

· Inform: We will tell you clearly, openly and honestly about the reasons and purposes for collecting and using your personal data.

· Control: We will put you in control of your personal data, by telling you your rights and how to exercise them.

· Secure: We will use strong security measures to keep your personal data safe and secure.

· Trust: We will not use your personal data to make money by providing it to anyone else, or any other purpose which you would not expect us to.

Please click on the headings below if you want to find out more about the types of personal data we collect about you, how we use and protect your personal data, and how you can contact us with any questions or to exercise your rights under Data Protection Laws.

1. How long we keep your data

We will keep your personal data for the periods explained in the information provided through PART I for the particular Konami Services you will use.

If you would like more information on the periods which we keep specific types of your personal data for, then please contact us as explained in Section 8. If you feel that we are keeping your personal data for too long, then in some circumstances you can ask us to stop processing or to delete your data – see Section 7 on your rights and how to exercise them.

2. How we keep your data secure

Keeping your personal data safe and secure is our priority.

As required by Data Protection Laws, we have put in place appropriate ‘technical’ and ‘organisational’ security measures to prevent breaches of your personal data:

- Our ‘technical’ measures for protecting your personal data include ensuring that the data centres in Japan which Konami operates have very strict physical controls for who can access your personal data, strong protections against threats such as cyber-attacks, viruses and power-cuts, and are regularly backed up. When we use third party services for data storage, we ensure that they also use appropriate technical security measures (see Sharing with Service Providers below).

- Our ‘organisational’ measures for protecting your personal data include managing carefully the staff who can access your data. For example, we always make sure that our staff agree to ‘confidentiality obligations’ (meaning they promise to keep your personal data secret) in our employment contracts with them and we train our staff on the importance of protecting your personal data and our obligations under Data Protection Laws. Where necessary, we undertake background checks on our staff to make sure that they are honest and trustworthy, before giving them access to your personal data.

If you would like more information about these security measures, then please contact us as explained in Section 8.

3. What we do if there is a personal data breach

Personal data breaches can include a wide range of incidents which affect the confidentiality, integrity or availability of your personal data. Some breaches result from accidents, others from unlawful actions. Common examples of breaches include where:

- Personal data is lost, destroyed, corrupted or disclosed

- Someone accesses the personal data or passes it on without permission

- The personal data is made unavailable, for example because it has been accidentally lost or destroyed or because it has been damaged by a computer virus

We recognise that security breaches involving your data could cause you distress, financial damage or other harm. We have therefore put in place reporting procedures to respond quickly to any suspected personal data breach and to ensure that our staff are trained on these procedures. Where a personal data breach poses a potentially significant risk to you, then we will notify you and any relevant Data Protection Authority (see Section 9) of a personal data breach in situations where Data Protection Laws require us to do so, so that you can take appropriate steps to protect yourself from the breach.

Where we need to use other businesses to assist us in providing you with Konami Services, then we also require them to implement the same strict standard of security measures and to notify us of any personal data breaches promptly – see Section 5 for more information.

4. Who we share your personal data with

We do not make money by providing your personal data to other businesses. We will share your personal data within the Konami group of companies (Konami Group) and with our service providers in order to provide you with Konami Services that you expect and enjoy. Occasionally, situations may arise where we need to share your personal data with other types of organisations. We explain our sharing of your personal data below. Please see Part I - Section C or contact us using the details in Section 8 for specific information.

Sharing with Konami Group companies

We provide Konami Services to users all over the world. Providing you with Konami Services in your country or region requires us to work closely with other Konami Group companies and to share your personal data with them.

For example, as you are in the EU or the UK then we may need to share your personal data with Konami Group companies in the EU or UK in order to:

- ensure that you are able to access appropriate customer support services for your query

- arrange events held by us or by other Konami Group companies in your country or region that you wish to attend

- manage and update your accounts with us

- analyse the preferences and needs of our users in your country or region in order to improve the quality of Konami Services

- procure data centre services to protect and store your personal data safely

We will only share your personal data with Konami Group companies to provide you with or to improve Konami Services or for other purposes such as for the development or improvement of Konami Group products and services, marketing and promotional purposes, and for Konami Group companies to hold their own events. We will ensure that any Konami Group companies that receive your personal data will only use it as permitted by Data Protection Laws and for the purposes set out in this Notice and (where applicable) the privacy notices of the relevant Konami Group companies.

A list of all of our Konami Group companies is available here https://www.konami.com/corporate/en/subsidiaries/

Sharing with service providers

To provide you with Konami Services we use the services of other businesses, which we call ‘service providers’.

For example, the types of service providers we may use are as follows:

- Providers of cloud storage services

- Providers of customer support services

- Providers of analytics services

- Providers of advertising services

- Providers of marketing platforms services

- Providers of content management services

Whenever we share your personal data with service providers, we will protect it to the standard required by Data Protection Laws. We will undertake checks on the service provider before using them and we will control their use of your personal data in a legally binding contract. This approach allows us to make sure that the service provider:

- Only uses your personal data in accordance with our documented instructions.

- Has strong protections in place to keep your personal data secure and secret

- Is accountable to us legally if they fail to meet these strict standards for protecting your personal data

Please note that the service provider may use your personal data for its own purposes, such as maintenance and improvement of its services, in which case the service provider will be the controller of your personal data. In such cases, the service provider has primary responsibility for the processing of your personal data.

Other sharing

Occasionally, there may be other circumstances in which we need to share your personal data with other businesses or organisations. This may be the case, for example, where:

- We are ordered to share your personal data by a Court, the police, a Government body or another organisation which has the legal power to require us to do so

- Another business buys Konami or the part of our business which provides you with Konami Services

- We reorganise how Konami or the Konami Group operates and provides you with Konami Services

When sharing your personal data in such circumstances, we will continue to protect your personal data by respecting and upholding our strict standards and the strict legal obligations imposed on us.

5. How we protect your data in Japan and other countries outside the EU/UK

Konami is a Japanese company and the personal data we collect from you is stored in secure data centres of our service providers that may be located outside the EU or UK, and we apply strict security measures to protect your personal data, as explained in Section 2.

The Data Protection Laws of Japan have been approved by the EU and by the UK as providing the same high standards of protection as the Data Protection Laws of the EU and UK. Where　we transfer your personal data to our service providers in countries other than Japan which are not in the EU or UK, then we will comply with the strict requirements imposed on us by the Data Protection Laws of the EU, UK and Japan to ensure that your personal data remains protected to the same high standards.

Details of the safeguards we have put in place can be obtained by contacting us as explained in Section 8.

6. Links to the services of other businesses

Some Konami Services, such as our websites, allow you to access the websites, content and services of other businesses. For example, you may be able to click on weblinks, plug-ins or applications embedded in our websites which take you to the websites of other businesses, which then collect personal data or other information about you.

We do not control those businesses and we are not responsible for their use of your data or information. If you use links to such services of other businesses, please read their privacy notices to make sure that you are comfortable with how they will collect and use your data and information.

7. Your rights under Data Protection Laws

I want to find out what my rights are

You have various legal rights relating to your personal data, which we explain below. Some of these rights are only available in certain circumstances and will depend upon our lawful basis for using your personal data (which is explained in PART I).

If you make a request to us about your rights then we will provide you with a written response explaining whether we will be able to comply with your request or, if not, the reasons why not.

- Accessing your personal data: You always have the right to ask us to provide you with copies of your personal data. As there are some limitations to this right, sometimes we will not be able to provide you with all of the information you request.

- Correcting your personal data: You always have the right to ask us to correct your personal data if it is not accurate, and to complete your personal data if it is not complete (known as the ‘right to rectification’ under the GDPR).

- Deleting your personal data: In some circumstances, you can ask us to delete your personal data (known as the ‘right to erasure’ or the ‘right to be forgotten’ under the GDPR).

- Restricting our use of your personal data: In some circumstances, you can ask us to restrict our use of your personal data.

- Transferring your personal data: In some circumstances, you can ask us to transfer your personal data to another organisation, or to you, in a format that is generally used for storing and accessing such data (known as the ‘right to data portability’ under the GDPR). This right only applies where you have provided us with your personal data and, in addition, where our lawful basis for using your personal data is either your Consent or is Contract (see PART I – Section C).

- Objecting to our use of your personal data: In some circumstances, you can say you do not agree with our use of your personal data (known as the ‘right to object’ under the GDPR). This right applies where our lawful basis for using your personal data is Legitimate Interests (see PART I – Section C). If we receive a request from you objecting to our use of your personal data, then in general we must stop using it. We may continue to use it only if we have a strong reason to do so and our continued use does not create an unacceptable risk to you. If your objection is to direct marketing, then we must always stop.

- Withdrawing your consent: Where our lawful basis for using your personal data is consent, then you always have the right to change your mind and withdraw your consent (see PART I – Section C).

- No automated decision making or profiling: Data Protection Laws also provide you with a right not to have your personal data used to make decisions about you based on profiling or other forms of automated processing which could affect you legally or in any other similarly significant way. We will never use your personal data for such purposes.

I want to find out how to exercise my rights

- How to contact us: You can exercise your rights by contacting us by email at: privacynotice@faq.konami.com. Alternatively, you can contact us using the details set out in Section 8.

- How long it will take to respond: We try to respond to all personal data requests within one month. Occasionally it may take us longer than a month, if your request is particularly complex or you have made a number of requests. As explained above, please note that there are exceptions to your rights and some situations where they do not apply.

- Additional information about you: We may need to ask for additional information from you to help us confirm your identity. This is a security measure to ensure that personal data is not given to any person who has no right to receive it. We may also contact you to ask you to clarify your request.

- Usually no fee applies: You will not normally have to pay to access your personal data or to exercise any of your other rights. In some circumstances, however, we may charge a reasonable fee if we consider that you are making requests which are especially unreasonable. For example, if you make an unreasonably large number of requests or request an unreasonably large amount of information. Alternatively, we may refuse to comply with your request in these circumstances.

8. How to contact Konami with questions

There are several ways in which you can contact us with any questions about our use of your personal data, or to exercise your rights under Data Protection Laws. These are explained below:

- Contact us: You can contact us at: privacynotice@faq.konami.com

- Contact our Data Protection Officer: We have appointed a Data Protection Officer (DPO), who has overall responsibility for looking after the Konami Group’s compliance with Data Protection Laws. You can contact our DPO by emailing them at: dpo-team@konami.com

- Contact our EU Representative: If you are in the EU and would prefer to contact our local EU representative, you can do so by emailing the French Branch of Konami Digital Entertainment B.V. at rep-gdpr@konami.info

- Contact our UK Representative: If you are in the UK and would prefer to contact our local UK representative, you can do so by emailing the UK Branch of Konami Digital Entertainment B.V. at rep-gdpr@konami.info

If you have any general inquiries about Konami Services, you can contact us by emailing at: https://www.konami.com/games/inquiry/

9. How to complain to a Supervisory Authority

We value our relationship with you and want to ensure that you are comfortable with how we use your personal data to provide you with Konami Services. If you feel that we have failed to look after your personal data properly, or have misused it, then we would always encourage you to contact us first as we will do our best to resolve the issues for you. You can contact us using the details in Section 8.

Alternatively, you have the right to make a complaint to a ‘Supervisory Authority’ (the government regulator for data protection) about our use of your personal data:

- EU DPA: If you are in the EU, you can find the Supervisory Authority for your country and how to contact them here: https://edpb.europa.eu/about-edpb/board/members_en

- UK DPA: If you are in the UK, the Supervisory Authority is the Information Commissioner’s Office, who you can contact here: https://ico.org.uk/make-a-complaint/your-personal-information-concerns/

10. Changes to this Notice

We may make changes to this Notice from time to time.