General Privacy Notice

INTRODUCTION

Hi. We’re Onacasoft.

Please take the time to read this Privacy Notice, as it explains how we collect, use and protect your personal data.

HOW & WHEN WE COLLECT YOUR PERSONAL DATA

From the moment you begin interacting with Onacasoft, we are collecting personal data. Sometimes the personal data we collect is provided by you and sometimes it is collected automatically.

You give us data when you: register or update an Onacasoft Account, use our paid-for services, play one of our games, enter one of our tournaments, apply for a job with us, attend an interview or assessment, opt-in to receive our marketing messages, subscribe to our mailing lists, call us, email us, live chat with us online, chat to us in-game, make a purchase from us, enter one of our prize draws or competitions, answer one of our surveys, fill in a form, conduct a search or post content on our website, interact with other users on our online services, register to attend our events, ‘follow’, ‘like’, post to or interact with our social media accounts or apply to be an Onacasoft “influencer” on our website.

We collect your data automatically when you: access our website pages, interact with other users on our online services, open an email from us, login to your Onacasoft Account, play our games online, live chat with us, message us or other users in-game or make a purchase from us.

TYPES OF PERSONAL DATA WE COLLECT

Depending on the specific services you use and how you interact with us, we may collect various types of personal data as further described in this section.

Contact details Your name, address, telephone number and email address.

Account profile data Your name, email address, birth date, gender, username and password.

Financial information Your bank account number, credit/debit card details, electronic payment processor details and billing address.

Information that identifies you Your birth date, IP address, login information, social media username(s), browser type and version, time zone setting, browser plug-in types, geolocation information, operating system and version, cookies, Google AdID, Apple IDFA and other unique device IDs.

Information on how you use our websites Your URL clickstreams (the path you take through our site), products/services you view or purchase, page response times, download errors, how long you stay on our pages, what you do on those pages and other actions.

Information on how you purchase and use our games and services Your gaming platform, game version, mobile and hardware identifiers, device event information, crash reports, language or subtitle options, game scores, game metrics, achievements, rankings, play time, feature usage, player performance and progression, purchases, time zone, timestamp, session duration, challenges or gifts sent to other players and number of friends on the platform.

Survey information Any information that you decide to provide to us when you complete one of our surveys.

Employment information (only when you apply for job roles with us) Name, email address, employment history, references, education history, results of pre-employment screening and background checks, relevant experience, achievements, skills and qualifications and the outcome of any interviews or tests that are part of the recruitment process.

Information recorded at Live Onacasoft Events Photographs and videos of you.

Information provided to us by third parties

Game Platforms Nickname, username, user ID, friends list, email address, geolocation, language, user preferences, date of birth and games you have played. Mobile Platform Providers and App Stores Username, device ID, purchase history and geo-location. When you log in with your Facebook account Account ID, email address and friends playing the same game. When you link an Onacasoft Account to a Game Platform Account Account ID, nickname, user ID, email address and our games which you are playing.

What about special categories of data?

If you have been selected to participate in an accessibility-related player research group, we may ask for health data related to your accessibility needs for the purpose of analysing accessibility as it relates to our game development. Otherwise, we do not actively collect any “special categories of data” about you (data that is intended to identify your racial or ethnic origin, political opinions, religious/philosophical beliefs or trade union membership, genetic data, biometric data, health data, or data about your sexual life or orientation, criminal offences or alleged offences). Please don’t send us your unsolicited special categories of data or post them anywhere on our services.

What about children’s data?

You must be at least 13 years old to use any of our services or games, as we do not target our games to children under 13 and do not knowingly collect any personal data from any person under 13. If you think we have unintentionally collected personal data from someone under the age of 13, please let us know by contacting us at info@onaca.jp.

WHY & HOW WE USE YOUR PERSONAL DATA

We will use your personal data only for certain specified reasons and only when we have a lawful basis to do so. Which of the following reasons is applicable to you depends on the type of relationship we have with you and how we interact with you. For example, we will not use your personal data for the purpose of processing payments unless you’ve made, or attempted to make, a purchase from us.

Registering your account

When you sign up to use our services or register an Onacasoft Account with us, we will use the details you provide on your account registration form to process your registration and provide the services you’ve agreed to receive.

In the EU and UK, our lawful basis for this use of your personal data is: performing our “contract” below with you.

Keeping our websites and gaming services running

Providing you our games and services online, access to our websites, login authentication, age verification, remembering your settings, processing payments, populating leaderboards, hosting and back-end infrastructure and keeping our websites and services secure.

In the EU and UK, our lawful bases for this use of your personal data are: performing our “contract” below with you, to comply with our “legal obligations” below and “legitimate interests” below to keep our services running.

Enabling you to communicate with other users

Certain parts of our websites and online services enable you to communicate and interact with other users. We will use information you have provided us to enable these interactions and communications on our websites and online services.

In the EU and UK, our lawful basis for this use of your personal data is: performing our “contract” below with you.

Processing payments

We will use your information to process payments for our goods and services. If your bank provides account update services and you have registered your payment card number or expiry date in our systems, we may automatically update this information when it changes.

In the EU and UK, our lawful basis for this use of your personal data is: performing our “contract” below with you.

Targeted advertising

Through cookies, clear GIFs, web beacons and tracking pixels we will use your information to deliver relevant advertisements and offers to you and measure the effectiveness of the advertising and offers. These technologies connect your behaviour across different websites, mobile apps and devices and enable tailored advertising to be served to your game, web browser, or mobile device. Please also see our Onacasoft Co., Ltd. Cookie Notice【★クッキーの使用ポリシーに関するページを用意。また、該当ページへのリンクを設定】.

In the EU and UK, our lawful basis for this use of your personal data is: your “consent” below.

Social media

We will use your information to communicate with you if you message us, respond to our posts, “like” our posts, tweet or retweet us or otherwise interact with us directly on social media platforms. We also analyse social media postings and trends to understand customer sentiment about our games and services.

In the EU and UK, our lawful basis for this use of your personal data is: our “legitimate interests” below in promoting our brand and communicating with interested individuals.

Anti-cheat, anti-tampering, fraud, and unauthorised and unlawful activity detection, prevention and investigation

We use the information you provide us and the information we collect about you to enforce our rules and policies, protect our customers and business, maintain the competitive integrity of our games, and investigate and respond to fraudulent, unauthorised or illegal activity on or related to our current or future services. We may also use your information for machine learning behavioural predictions to detect and prevent fraudulent activities on our services.

In the EU and UK, our lawful bases for this use of your personal data are: our “legitimate interests” below to operate a safe and lawful business or where we have a “legal obligation” below to do so.

Onacasoft “Press Centre” registration

When you register your details to join the Onacasoft Press Centre, we will use the information you provide to process your application and, in some cases, to send you press releases and assets as part of the Press Centre program.

In the EU and UK, our lawful basis for this use of your personal data is: our “legitimate interests” below to recruit the most suitable influencers for our campaigns.

Onacasoft “influencer” registration and suitability monitoring

When you apply to become an Onacasoft influencer through the Onacasoft partner program, we will use the information you provide to process your application and, in some cases, to contact you about your potential participation in the program.

In the EU and UK, our lawful basis for this use of your personal data is: our “legitimate interests” below to recruit the most suitable influencers for our campaigns.

Community and customer support

When you use our communities or customer support, we will use your information for handling enquiries or complaints, troubleshooting and solving technical issues over live chat, phone, email and in-game chat, making necessary changes to our products and services and monitoring your participation in our forums and all parts of our services that allow you to publicly post information or interact with other users.

In the EU and UK, our lawful bases for this use of your personal data are: performing our “contract” below with you, our “legitimate interests” below to provide you with customer service, our “legitimate interests” below in providing the correct products and services to our website users or to comply with our “legal obligations” below.

Improving and continually developing our games, services and websites

We carry out analytics and research on in-game data collection and related metrics to understand how our customers are playing games and the effectiveness of our marketing campaigns. We also use your information to undertake player segmentation (profiling), cheat detection and prevention, machine learning (we sometimes use carefully selected third parties to do this on our behalf), general management of our websites, traffic optimisation and heat mapping (including through the creation of animated representations) of your usage of our websites.

In the EU and UK, our lawful bases for this use of your personal data are: performing our “contract” below with you and our “legitimate interests” below in learning about the types of people who are interested in our games, websites and services, to keep our games, online services and websites updated and relevant, and to develop our business, understand how our customers play our games and inform our marketing strategy.

Recruitment

To evaluate your suitability for a role that you have applied for we will use your information to verify your application details, academic qualifications and work experience, perform background checks, review and audit our recruitment processes and its outcomes and identify any future employment opportunities that you may be suitable for.

In the EU and UK, our lawful basis for this use of your personal data is: our legitimate interests to recruit new employees or contractors.

Contests, prize draws, and tournaments

When you participate in our contests, prize draws, tournaments or other promotional events we run from time to time, should you decide to participate in them, we will use your information to process your entry as well as to communicate with you and award and send you certain prizes or rewards, either digitally or physically, if you have qualified to receive them. In some cases our promotional events may have a “leaderboard,” entry list, or similar element, in which case we may display your name or other information you submitted on such a publicly accessible list. Some contests, prize draws, and tournaments will also involve publicly displaying your entry in media throughout the world.

In the EU and UK, our lawful bases for this use of your personal data are: your “consent” below or “contract” below.

Live Onacasoft Events

When you attend or join our live events, we may photograph you and record videos in which you, your appearance, or your voice may be recognisable.

In the EU and UK, our lawful bases for this use of your personal data are: our “legitimate interests” below if you are a guest at the event or “contract” below if you are a contestant.

Digital marketing and advertising

We will use your information to provide you with promotional communications and paid advertisements on our services and on third-party platforms. This includes using your personal data for matching your data across our websites, games and services to measure the effectiveness of marketing campaigns, profiling and segmentation and to tailor promotional communications and paid advertisements to those which you are more likely to be interested in. We also use machine learning to predict the effectiveness of digital marketing campaigns for our customers and to tailor campaigns and digital marketing communications, including through purchase history and game play behavioural analysis.

In the EU and UK, our lawful bases for this use of your personal data is: our “legitimate interests” below to provide you with marketing communications where we may lawfully do so.

Direct marketing

Where you have consented, we will use your information to send you communications about our services, products and features that you have agreed to receive directly via email. We also use machine learning to predict the effectiveness of direct marketing campaigns for our customers and to tailor campaigns and direct marketing communications, including through purchase history and game play behavioural analysis.

In the EU and UK, our lawful bases for this use of your personal data is: your “consent” below.

WHAT THE DIFFERENT LAWFUL BASES MEAN

This section explains what the lawful bases we rely on for processing your personal data actually mean.

Consent

You have provided clear and unambiguous consent for us to process your personal data for a specific purpose. You have the right to withdraw this consent at any time.

Contract

We need to process your personal data for us to fulfil our contractual relationship with you.

Legitimate interests

We need to process your personal data for our legitimate interests, or the legitimate interests of a third party, in conducting and managing our business and our relationship with you. When we use your personal data for our legitimate interests, we try to take into account any potential impact that such use may have on you.

Legal obligation

We have a legal obligation under applicable law to process your personal data.

KEEPING YOUR PERSONAL DATA SECURE

We treat your personal data with care and take reasonable steps to protect it, including the use of physical, technical and administrative safeguards to protect your personal data from unauthorised access, use or disclosure.

For this reason, we secure access to all transactional areas of our websites and apps, restrict access to your personal data, secure and tokenise transactional information and regularly monitor our systems for possible vulnerabilities and attacks.

If you believe your personal data has been breached, please contact us immediately at info@onaca.jp.

WHO WE SHARE PERSONAL DATA WITH

Depending on the purpose for which we collect your personal data or the nature of our interaction with you, we may use third parties to process some of your personal data (for example, we engage third parties to process information about your purchases and use of our games). We require that these third parties use only the information they need to perform their specific services as specified in our contract with them. If we stop using any such third party’s services, we require that your personal data held by them is either securely and permanently deleted or rendered irreversibly anonymous. In all cases, we apply measures to keep your data safe and your privacy protected.

We share your personal data with third-party IT companies who support our website, online services and other business systems, payment services providers who process your payments for goods and services, fraud detection, investigation and prevention companies who help us detect, investigate and prevent cheating, abuse, fraud, tampering or other unauthorised use of or disclosure of non-public information about our current and future services and direct marketing companies who help us manage our electronic communications with you.

We may share your personal data with Google, Facebook and other third-party advertising partners so they can show you our products and services that might be of interest to you while you are on a social media platform, browsing the internet or playing our mobile games. For example, if you provide us with your email address we may share it with Facebook so that you can receive tailored advertising from us when you use Facebook, and so that other users of Facebook who share similar interests to you can also receive tailored advertising from us. This is based on your consent to marketing or our legitimate interests to provide you with marketing communications where we may lawfully do so.

Under very specific circumstances, we will share your personal data with third parties (including law enforcement bodies) in order to respond to or investigate fraudulent, unauthorised or criminal (or potentially fraudulent, unauthorised or criminal) activity on or related to our systems, services, or events, including the unauthorized disclosure of non-public information related to current or future services. We may also be required by law to disclose your personal data to the police or to another law enforcement, regulatory or government body in your country of origin or elsewhere, including upon receiving a legally valid request to do so. We may also be required by law to disclose your personal data to third parties in response to a court order, subpoena, or other compulsory process.

COOKIES

We use cookies and similar technologies for analytics, to allow our services to operate effectively, to enhance your experience when using our services and to bring you relevant advertising.

Please have a look at our Onacasoft Co., Ltd. Cookie Notice【★クッキーの使用ポリシーに関するページを用意。また、該当ページへのリンクを設定】 for more info.

WHERE YOUR PERSONAL DATA IS PROCESSED

We are a global organisation, so we sometimes need to share your personal data with our other offices, or with other third parties and suppliers, who are located outside the European Economic Area (“EEA”).

When it is necessary for us to transfer your personal data out of the EEA and/or the UK, we will do so only when the transfer is authorised under applicable law, including when the transfer is made to a country the European Commission has deemed to have adequate data protection laws, is governed by the Standard Contractual Clauses (European Commission: Standard Contractual Clauses for the transfer of personal data to third countries) for data transfers between EU and non-EU countries or is authorised by another recognised transfer mechanism under applicable law. For transfers to our offices in the U.S., we do so under Standard Contractual Clauses.

HOW LONG WE HOLD YOUR DATA FOR

We will retain your personal data for only as long as you are a customer or are using our services and for no longer than is necessary after that. We will securely destroy or irreversibly anonymise your personal data once it is no longer necessary for us to retain it.

YOUR RIGHTS OVER YOUR PERSONAL DATA

This section describes the various rights you have over your personal data under the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) and the UK Data Protection Act 2018, how you can invoke these rights with us and where you can find more detailed information about these rights.

Your right of access

You have the right to request copies of your personal data. This right always applies. However, there are some exemptions, which means you may not always receive all the personal data you request.

Your right to rectification

You have the right to request that we rectify information you think is inaccurate or complete information you think is incomplete. This right always applies.

Your right to erasure

You have the right to request that we erase your personal data in certain circumstances.

Your right to restriction of processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

Your right to object to processing

You have the right to object to us processing your personal data under certain circumstances, including when we do so based on our legitimate interests.

Your right to data portability

You have the right to request that we transfer your personal data to another organisation, or that we provide a copy of it to you. This right applies only to personal data you have given us and that we are processing based on your consent or our contract with you.

You are not required to pay any charge for exercising these rights.

To exercise your above rights, or any other rights available to you under applicable law, please email us at info@onaca.jp:

Customers in the EU or UK may also lodge a complaint regarding our use of your personal data. If you have such a complaint, we ask that you please tell us first so we can have a chance to look into your concerns. If you remain unsatisfied, you can contact your local Supervisory Authority or the Information Commissioner’s Office on their website at www.ico.org.uk/make-a-complaint.

DATA PROTECTION OFFICER

We have appointed a data protection officer for you to contact if you have any questions or concerns about your personal data. Our data protection officer can be contacted at:

info@onaca.jp.

CHANGES AND UPDATES TO THIS PRIVACY NOTICE

As our services and products change from time to time, you should expect this Privacy Notice to change as well. We reserve the right to amend this Privacy Notice at any time, for any reason. We will make all reasonable endeavours to notify you of any changes. We may also email periodic reminders of this Privacy Notice, and will email customers who have a registered Onacasoft Account, of any material changes to this Privacy Notice. Nevertheless, you should check here regularly to see the current Privacy Notice that is in effect and any changes that may have been made to it.

ANY QUESTIONS?

You made it to the end! We hope you enjoyed reading this Privacy Notice and we commend you on your dedication to understanding how we handle your personal data and your rights to control it. If this Privacy Notice hasn’t answered all your questions, or if you have any comments or ideas about how we can make this Privacy Notice even better, please don’t hesitate to contact our DPO at the below: info@onaca.jp.