This privacy notice is issued by Konami Digital Entertainment Co., Ltd. (hereinafter referred to as "Konami”, “we”, “our”, or “us”), a company based at 1-11-1 Ginza, Chuo‐ku, Tokyo 104-0061 Japan.
This privacy notice describes how Konami will use your personal data when you participate in our survey (“Survey”) on our products or services (“Product”).
This privacy notice also describes your rights to the protection of personal data, including the right to object to any processing of personal data that we carry out. More information about your rights and how to exercise them is set forth in the “Your rights and requests to Konami” section.
We may change, add to, or delete any part of this privacy notice from time to time. You can obtain the latest version of this privacy notice from our website [https://legal.konami.com/kde/smartsurvey/en-gb/].
1. Our use of your personal data
2. Our sharing of your personal data with other companies
3. How we protect your data in Japan and other countries outside the EU/UK
4. Your rights and requests to Konami
5. Our security for your personal data
6. How to contact Konami with questions
We process your personal data in accordance with applicable European Union (“EU”) and United Kingdom (“UK”) laws, regulations, codes of conduct and guidance on data protection and privacy (“Data Protection Laws”), in particular:
· If you are in the EU, then we will comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Privacy and Electronic Communications Directive 2002/58/EC (as amended) and related EU Member State laws and regulations.
· If you are in the UK, then we will comply with the Data Protection Act 2018, the UK GDPR (being the GDPR as retained in UK law after Brexit), the Privacy and Electronic Communications Regulations 2003 and related statutory Codes of Conduct including the Children’s Code.
Please note that where we refer in this privacy notice to:
· “personal data”, this means any information which relates to you as an identifiable individual; and
· the “EU”, this also includes the European Economic Area (“EEA”) Member States of Norway, Iceland and Liechtenstein.
(a) Categories of personal data we collect
Below are the categories of personal data that we collect when you participate in the Survey. Unless otherwise stated below, personal data in parenthesis are examples of the data we collect.
<Categories of Personal Data>
Identifier (User ID), Network Info (IP address), Device Information (Language), Customer Data (Age, Gender, Residents, Occupation, responses to the Survey)
<Purposes of data processing>
- To conduct the Survey
- To analyze the responses to the Survey
-To improve the quality of, or newly develop, our products and services including the Product, based on the result of the Survey
- To ensure appropriate security and confidentiality of your personal data
-To respond to legal obligations
<Lawful Basis for data processing>
Consent*
*Consent: this means we use your personal data where we have obtained your clear, specific and freely given consent (or the consent of your parent/guardian if you are below the age at which the consent of your parent/guardian is no longer required by applicable law). To rely on your consent, we have to provide you with enough information in advance to make up your mind on whether you are happy for us to use your personal data for the purpose we have explained. We also have made sure that you have actively provided your consent to us (we cannot assume or infer your consent) and that we have a record of it. You never have to consent to our use of your personal data and can always change your mind and withdraw your consent easily at a later date, using the method explained to you when we obtained your consent in the first place. To find out more, please contact us as explained in Section 6.
<Retention Period of personal data>
We keep your personal data as long as necessary for the purpose, but for up to one (1) year after the Product is discontinued. **
Other than the above, we may retain your personal data for the following purposes:
- To respond to legal obligations
- for dispute resolution
- for performance of the contract
** If we conduct a survey for an open beta test or closed beta test of our services or products, we retain your personal data as long as necessary for the purposes, but for up to one (1) year after the official released version of such services or products is discontinued.
We share personal data with other companies to conduct the Survey. Occasionally, situations may arise where we need to share your personal data with other types of organisations. We explain below our sharing of your personal data, and please contact us using the details in Section 6 if you have specific questions.
(a) Sharing with our group companies
We share personal data with other companies in the Konami group (“Konami Group”) where necessary to conduct the Survey.
We will ensure that any Konami Group companies that receive your personal data will only use it as permitted by Data Protection Laws and for the purposes set out in this privacy notice and (where applicable) the privacy notices of the relevant Konami Group companies.
A list of all of our Konami Group companies is available at https://www.konami.com/corporate/en/subsidiaries/.
(b) Sharing with service providers
We also share personal data with service providers outside the Konami Group where necessary to conduct the Survey, for example companies which provide us with cloud servers to store the data collected in the Survey. Whenever we share your personal data with service providers, we will protect it to the standard required by Data Protection Laws by undertaking checks on the service provider before using them and controlling their use of your personal data in a legally binding contract. Below are the categories of third parties with which we share personal data.
Category |
Location |
---|---|
Processor – Service providers (cloud service) |
Japan, UK |
(c) Sharing with other entities
We may also share your personal data with other entities not specified above (i) in the event of a restructuring, sale or merger of the Konami business or company which conduct the Survey or (ii) if it is requested by judicial, administrative, or other public authorities (including authorities outside your district of residence).
In every case, we will only share your personal data to the minimum extent necessary for the specified purpose and we shall ensure that appropriate safeguards are in place to ensure the security and confidentiality of your personal data in accordance with Data Protection Laws.
Konami is a Japanese company and the personal data we collect from you is stored in secure data centres operated by the Konami Group and by its service providers in Japan and in other countries including the United States, and we apply strict security measures to protect your personal data, as explained in Section 5.
The Data Protection Laws of Japan have been approved by the EU and by the UK as providing the same high standards of protection as the Data Protection Laws of the EU and UK. Where we transfer your personal data to our service providers in countries other than Japan which are not in the EU or UK, then we will comply with the strict requirements imposed on us by the Data Protection Laws of the EU, UK and Japan to ensure that your personal data remains protected to the same high standards.
Details of the safeguards we have put in place can be obtained by contacting us as explained in Section 6.
Your rights and how to exercise them
You have the following rights that you can exercise with Konami.
- Access to personal data: You have the right to obtain from us confirmation as to whether or not personal data that concerns you are being processed, and where that is the case, access to the personal data and certain related information. As there are some limitations to this right, sometimes we will not be able to provide you with all of the information you request.
- Correction or erasure of personal data: In some circumstances, you have the right to require Konami to correct inaccurate personal data that concerns you without undue delay and to complete any incomplete personal data. You may also have the right to require Konami to erase the personal data that concerns you without undue delay, when certain legal conditions apply.
- Restriction on processing of personal data: You may have the right to require Konami to restrict the processing of personal data, when certain legal conditions apply.
- Portability of personal data: You may ask us to transfer your personal data to another organisation, or to you, in a systematic format available for general use, so that the data may be shared with another company, when certain legal conditions apply.
- Objection to processing of personal data: You may have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, when certain legal conditions apply. This right applies where our lawful basis for using your personal data is ‘legitimate interests’ (see Section 1). If we receive a request from you objecting to our use of your personal data, then in general we must stop using it. We may continue to use it only if we have a strong reason to do so and our continued use does not create an unacceptable risk to you. If your objection is to direct marketing, then we must always stop.
- Not to be subject to automated decision-making: You may have the right not to have your personal data used to make decisions about you based on profiling or other forms of automated processing which could affect you legally or in any other similarly significant way, when certain conditions apply We will never use your personal data for such purposes.
- Withdrawing your consent: Where our lawful basis for using your personal data is consent, then you always have the right to change your mind and withdraw your consent.
You can exercise these rights by contacting us using the details in Section 6 below. Please note the following points:
- Response time: We try to respond to all personal data requests within one month. Occasionally it may take us longer than a month, if your request is particularly complex or you have made a number of requests. As explained above, please note that there are exceptions to your rights and some situations where they do not apply.
- Additional information: We may need to ask for additional information from you to help us confirm your identity. This is a security measure to ensure that personal data is not given to any person who has no right to receive it. We may also contact you to ask you to clarify your request.
- Usually no fee: You will not normally have to pay to access your personal data or to exercise any of your other rights. In some circumstances, however, we may charge a reasonable fee if we consider that you are making requests which are especially unreasonable. For example, if you make an unreasonably large number of requests or request an unreasonably large amount of information. Alternatively, we may refuse to comply with your request in these circumstances.
Your right to complain to a Supervisory Authority
We value our relationship with you and want to ensure that you are comfortable with how we use your personal data to conduct the Survey. If you feel that we have failed to look after your personal data properly, or have misused it, then we would always encourage you to contact us first as we will do our best to resolve the issues for you. You can contact us using the details in Section 6.
Alternatively, you have the right to make a complaint to a ‘Supervisory Authority’ (the government regulator for data protection) about our use of your personal data:
- If you are in the EU, you can find the Supervisory Authority for your country and how to contact them here: https://edpb.europa.eu/about-edpb/board/members_en
- If you are in the UK, the Supervisory Authority is the Information Commissioner’s Office, who you can contact here: https://ico.org.uk/make-a-complaint/your-personal-information-concerns/
(a) How we keep your data secure
Keeping your personal data safe and secure is our priority.
As required by Data Protection Laws, we have put in place appropriate ‘technical’ and ‘organisational’ security measures to prevent breaches of your personal data:
- Our ‘technical’ measures for protecting your personal data include ensuring that the data centres in Japan which Konami operates have very strict physical controls for who can access your personal data, strong protections against threats such as cyber-attacks, viruses and power-cuts, and are regularly backed up. When we use third party services for data storage, we ensure that they also use appropriate technical security measures.
- Our ‘organisational’ measures for protecting your personal data include managing carefully the staff who can access your data. For example, we always make sure that our staff agree to ‘confidentiality obligations’ (meaning they promise to keep your personal data secret) in our employment contracts with them and we train our staff on the importance of protecting your personal data and our obligations under Data Protection Laws.
(b) What we do if there is a personal data breach
Personal data breaches can include a wide range of incidents which affect the confidentiality, integrity or availability of your personal data. Some breaches result from accidents, others from unlawful actions.
We recognise that security breaches involving your data could cause you distress, financial damage or other harm. We have therefore put in place reporting procedures to respond quickly to any suspected personal data breach and to ensure that our staff are trained on these procedures. Where a personal data breach poses a potentially significant risk to you, then we will notify you and any relevant data protection authority of a personal data breach in situations where Data Protection Laws require us to do so, so that you can take appropriate steps to protect yourself from the breach.
There are several ways in which you can contact us with any questions about our use of your personal data, or to exercise your rights under Data Protection Laws. These are explained below:
- Contact us: You can exercise your rights by contacting us at: privacynotice@faq.konami.com
- Contact our Data Protection Officer: We have appointed a Data Protection Officer (DPO), who has overall responsibility for looking after the Konami Group’s compliance with Data Protection Laws. You can contact our DPO by emailing them at: dpo-team@konami.com
- Contact our EU Representative: If you are in the EU and would prefer to contact our local EU representative, you can do so by emailing the French Branch of Konami Digital Entertainment B.V. at rep-gdpr@konami.info
- Contact our UK Representative: If you are in the UK and would prefer to contact our local UK representative, you can do so by emailing the UK Branch of Konami Digital Entertainment B.V. at rep-gdpr@konami.info