Hi. We’re Onacasoft.
This Privacy Notice describes how Onacasoft Co., Ltd. and our affiliates (collectively “Onacasoft,” “Company,” or “we,” “our,” or “us”) collect, use, and share information about you when you use our various products and services (collectively, the “Services”). This Privacy Notice applies if you are accessing the Services in the United States or if you are visiting a website where this Privacy Notice is posted. This Privacy Notice does not apply to information collected by third parties that may interact with our Services (e.g., a social media plug-in such as a Facebook like button), or to our data collection activities outside of our Services (e.g., through websites that support specific products, which may have different privacy policies). It also does not apply to information collected through the Services if you are located outside of the United States. If you are located in Japan, please see our Japan Privacy Notice. For all other locations outside of the U.S. please see our General Privacy Notice.
In addition, please review the Onacasoft Terms of Service, which govern your use of the Services. By using our Services, you consent to this Privacy Notice and Onacasoft Terms of Service and our collection, storage, sharing and use of your information and data, and other activities, as described. If you do not agree to this Privacy Notice, do not continue to use the Services, and in the case of mobile applications, uninstall the mobile applications immediately.
Onacasoft is a valid licensee, and participating member, of the Entertainment Software Rating Board’s Privacy Certified Program (“ESRB Privacy Certified”). To protect your privacy, we have voluntarily undertaken this privacy initiative, and all of our Services where this Privacy Notice is posted and an ESRB Privacy Certified seal is shown have been reviewed and certified by ESRB Privacy Certified to meet established online information collection, use, and disclosure practices. As a licensee of this privacy program, we are subject to audits of our Services and other enforcement and accountability mechanisms administered independently by ESRB Privacy Certified.
For personal data transferred from the United Kingdom, the European Union, and Switzerland, we will provide appropriate safeguards, such as through use of standard contractual clauses.
1. The Types of Information We Collect from You and How We Collect It
Depending on the specific Services you use and how you interact with us, we may collect various types of information. This information includes information that can be used to identify you personally.
Sometimes you choose to provide this information to us and other times we collect it from you automatically. For example, you choose to provide us certain information when you register or update an Onacasoft Account, use our paid-for Services, apply for a job with us, subscribe to our mailing lists or agree to receive marketing messages from us, call us, email us, live chat with us online or in-game, make a purchase from us, enter one of our competitions or sweepstakes, respond to one of our surveys, post in our forums, conduct a search or post content on our websites, chat or interact with other users on the Services, register to attend our events, or “follow,” “like,” post to, or otherwise interact with our social media accounts. And we collect your information automatically when you browse or use our websites, chat or interact with other users on the Services, receive an email from us, login to your Onacasoft Account, play one of our games, live chat with us online or in-game, or make a purchase from us.
Here are some examples of the types of information we may collect from you when you use the Services, including in the past 12 months.
- personal details – e.g., your name, address, telephone number, email address, and birthday.
- financial information – e.g., your bank account number, credit/debit card information, and billing address.
- account profile data – e.g., your username, password, password hints, and other information related to your account registration.
- information relating to the browser or device you use to access the Services – e.g., IP address, login information, browser type and version, time zone setting, browser plug-in type, operating system and version, Google AdID, Apple IDFA, or other device information that uniquely identifies the device or application you are using.
- information on how you use our websites – e.g., your URL clickstreams (the path you take through our websites), products/services you view or purchase, webpage response times, download errors, how long you stay on our webpages, and what you do on those webpages.
- information about the location of your device – e.g., precise location data with your opt-in consent (such as latitude/longitude) and imprecise location data (such as data derived from an IP address or that indicates a city or postal code).
- information on how you purchase and use our games and products – e.g., the gaming platform you are using, game version, mobile and hardware identifiers, device event information, crash reports, language or subtitle options, game scores, game metrics, achievements, rankings, play time, feature usage, player performance and progression, purchases, timezone, timestamp, session duration, challenges or gifts sent to other players, and number of friends on the platform.
- information we receive when you interact with third-party platforms – e.g., game consoles (nickname, username, friends list, email address, geolocation, language, and date of birth) or mobile platform providers and app stores (username, device ID, purchase history, and geolocation).
- employment information (only when you express an interest in working for us or apply for job roles with us) – e.g., name, address, email address, phone number, employment history, references, education history, results of pre-employment screening and background checks, relevant experience, achievements, skills and qualifications, and the details and outcomes of any interviews or tests that are part of the recruitment process.
Information You Disclose Publicly: The Services may permit you to submit content on various public channels like blogs and message boards, as well as through gameplay. We or others may store, display, publish, or otherwise use this content in perpetuity, and may or may not attribute it to you. Please note that we do not control who will have access to information you choose to make public, and cannot ensure that parties who have access to such publicly available information will respect your privacy or keep it secure. Please think carefully before sharing any information on the Services.
Information Third Parties Provide about You: We may, from time to time, supplement the information we collect directly from you on our Services with outside records from third parties for various purposes, including to enhance our ability to serve you, to tailor content and ads to you, and to offer you opportunities that may be of interest to you.
Third-Party Logins: The Services may include the option to register or log in to an account using Facebook, Google, Steam, or another third-party service. By doing so, you may provide us with access to certain information from your social media profile, such as your name, email address, photo, gender, birthday, location, friends, people you follow/who follow you, content you post, or posts you like. Please be aware that these third parties are not subject to this Privacy Notice, and we are not responsible for their practices. You should review the applicable third parties’ privacy policies before using their tools to interact with the Services.
Tracking Technologies: We use various technologies to collect information from you, including as follows:
- Log Files. A log file is a file that records events that occur in connection with your use of the Services.
- Cookies: A cookie is a data file placed on your device when you visit the Services. Cookies may be used for many purposes, such as remembering you and your preferences, supporting our security features, and bringing you relevant advertising. Please review our Onacasoft Co., Ltd. Cookie Notice【★クッキーの使用ポリシーに関するページを用意。また、該当ページへのリンクを設定】 for more information.
- Embedded Scripts: An embedded script is programming code that is temporarily downloaded to your device and used to collect information about your interactions with the Services, such as the links you click on.
- Pixels: A pixel (also known as a web beacon) is code embedded in a website, video, email, or advertisement that sends information about your usage to a server. When you access a website, video, email, or advertisement that contains a pixel, the pixel may permit us or a third party to place or read cookies on your browser. Pixels are used in combination with cookies to track browser activity. We may incorporate pixels from third parties that allow us to track our conversions, bring you advertising both on and off the Services, and provide you with additional functionality, such as the ability to connect our Services with your social media account.
- ETag or entity tag: A feature of the cache in browsers, an ETag is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. If the resource content at that URL ever changes, a new and different ETag is assigned. ETag tracking may generate unique tracking values even where you block HTTP, Flash, and HTML5 cookies.
- Location-Identifying Technologies: GPS, WiFi, Bluetooth, and other location-aware technologies may be used to collect precise location data when you enable location-based services through your device.
- App Technologies: There are a variety of technologies that may be included in our apps that are not browser-based like cookies and cannot be controlled by browser settings. For example, our apps may include third party SDKs, which are code that send information about your usage to a server. These SDKs allow us to track conversions, bring you advertising, and provide you with additional functionality, such as the ability to connect your social media account.
For more information on analytics, advertising, related tracking technologies, and your choices, please visit the “Ads and Analytics” and “Your Choices” sections below.
2. How We Use the Information We Collect from You
We may collect and use your information for business and commercial purposes in accordance with the practices described in this Privacy Notice. The purposes for collecting and using your information, including in the past 12 months, include:
- to provide you the Services, including by authenticating your login information, verifying your age, remembering your settings, and hosting and providing backend infrastructure for our websites and games;
- to improve or develop the Services, including by optimizing traffic, conducting in-game data collection, analytics, and research (including profiling and the use of machine learning), preventing and detecting cheating, managing landing pages, and heat mapping our websites;
- to provide customer support, including troubleshooting and resolving technical issues over live chat, phone, email, or in-game chat;
- to provide you information that you have requested or agreed to receive, such as electronic newsletters, special offers, or promotional materials;
- to process payments or transactions;
- to process your registration of an Onacasoft Account, or other account;
- to communicate with you when you message us, respond to our posts, “like” our posts, tweet or retweet us, or otherwise interact with us on social media platforms;
- to process your entry into contests, sweepstakes, surveys, or other promotional events that we run from time to time, should you decide to participate in them (in some cases our tournaments may have a “leaderboard” element, in which case we may display your name on a publicly accessible leaderboard);
- to deliver relevant advertisements or offers to you (or people like you), and to measure the effectiveness of these advertisements and offers;
- for Services that allow you to communicate with other users, to enable those communications;
- to enforce our rules and policies and protect the competitive integrity of our games;
- to investigate and respond to fraudulent, unauthorized, or illegal activity on the Services;
- to monitor your participation in our forums and all parts of the Services that allow you to post information or interact with other users;
- for internal business purposes;
- for purposes disclosed at the time you provide your information or as otherwise set forth in this Privacy Notice.
We may use information that does not identify you (including information that has been de-identified) without obligation to you except as prohibited by applicable law.
3. How We Share Your Information
We share information we collect in accordance with the practices described in this Privacy Notice. The categories of parties with whom we share information, and have shared information in the past 12 months, include:
Service Providers. We use service providers to help support and operate the Services or to perform certain functions on our behalf. If we share your information with service providers, we will only provide them with information they reasonably need to perform their specific services for the purposes we specify in our contract with them, although we may permit them to use information that does not identify you for other purposes. If we stop using their services, we will require that any of your information that they hold be securely and permanently deleted or de-identified so that it does not identify you. In all cases, we will apply measures to help keep your data safe and your privacy protected.
Here are some examples of the types of service providers with which we may share your information:
- information technology companies who support our websites, online services, and other business systems;
- direct marketing companies who help us manage our electronic communications with you;
- payment processors who facilitate purchases from us and help protect against fraud;
- fraud detection and prevention companies who help us prevent cheating, abuse, fraud, tampering, or other unauthorized use of the Services;
- applicant-tracking providers who process your application to a job opening we have posted online;
Analytics and Advertising. We may share information with vendors and other parties for analytics and advertising related purposes. For example, we share information with analytics companies who help us analyze how you use the Services, and ad partners like Google and Facebook, so that they can show you products or services that might interest you. These parties may act as our service providers, or in certain contexts, independently decide how to process your information.
Business Partners. We may share your information with our business partners for various purposes. Here are some examples of the types of business partners with which we may share your information:
- console or platform providers who allow you to purchase, access, or play our games;
- companies who help us develop the Services or make them available to you;
- companies who administer or help sponsor contests, sweepstakes, or surveys you enter into.
Third-Party Locations and Services: When you are on the Services, you may be directed to other sites or services that are operated by third parties outside of our control. For example, if you click on a link displayed on the Services you may be taken to a different site. We may share information at your request or direction. We are not responsible for the data collection and privacy practices employed by these third parties. We encourage you to pay attention when you leave our Services and to review the privacy policies of any third-party locations you go to.
Administrative and Legal Disclosures: We may disclose your information to third parties: (i) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; (ii) to satisfy any applicable law, regulation, subpoena, or governmental requestor legal process, or any legal process in connection with a court proceeding or arbitration, if in our good faith opinion we are required or permitted to do so by law; (iii) to investigate potential violations of the Onacasoft Terms of Service or other policies applicable to the Services; (iv) to protect the safety, rights, property or security of the Services, our staff, users, or any other third party; or (v) to detect, prevent, or otherwise address fraud or threats to security.
Business Transfers: We may share your information with our affiliate companies within and outside of the United States. In the event some or all of our company will be acquired by another party, we may share your information with the acquiring party.
Consent: We may share your information for other purposes if we have disclosed that purpose to you and you have consented to it.
De-identified Information: We may share aggregated information that does not identify you or de-identified information about you with third parties or affiliates for any purpose except as prohibited by applicable law.
4. Ads and Analytics
The Services may use other parties such as network advertisers and ad exchanges to serve targeted advertisements based on your behavior on and off of the Services, and may use analytics, user research, or other similar parties to evaluate and provide us or other parties with information about your use of the Services and viewing of ads or content. Network advertisers are parties that display advertisements, which may be based on your visits to the Services or other locations you have visited.
Ad serving enables us and others to target advertisements to you or people like you for products and services in which you or people like you might be interested. For example, if you provide us with your email address we may share it with Facebook so that you can receive targeted ads from us when you use Facebook, and so that other users of Facebook who share similar interests to you can also receive targeted ads from us. Ad network providers, advertisers, sponsors, or traffic measurement services may themselves set and access their own cookies or other tracking technologies on your device and browser. These tracking technologies may be set to, among other things, help deliver relevant advertisements, prevent you from seeing the same advertisements too many times, or help understand the usefulness of certain advertisements to you. This Privacy Notice does not apply to the practices of other parties or their use of your information, so you should visit these parties’ websites for more information about their privacy practices.
Please note that we adhere to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising.
5. Your Choices
There are various ways in which you can exercise choice and control over the information you provide to us on the Services. Here are some examples:
Limit the Information You Provide to Us: You can stop all prospective collection of information on our Services by uninstalling and ceasing to interact with the Services. You can also decline to provide information we request from you, although doing so may prevent you from using certain parts of the Services (e.g., you will not be able to create an account with us if you do not provide your email address and other information we need to process your registration). With respect to our mobile applications, you may use the standard uninstall process supported by your device, the app, or the marketplace or software through which you acquired the app to stop all prospective information collection through the app.
Change Your Communications Preferences: You may cancel or modify the email communications you receive from us by following the instructions contained within our promotional emails or, where applicable, by logging into your account and adjusting your settings. This will not affect subsequent access to the Services. Please note that we reserve the right to send you certain communications relating to your account or use of our Services, such as administrative and service announcements, and you will continue to receive these transactional account messages even if you opt-out of receiving our promotional email communications.
Interest-Based Advertising Opt Outs: Some of the advertisers and parties that perform advertising-related services for us and our partners may participate in the Digital Advertising Alliance (“DAA“) Self-Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding interest-based advertising, visit http://www.aboutads.info/choices for website opt-out choices and http://www.aboutads.info/appchoices for mobile app opt-out choices. Some of these companies may also be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, see http://www.networkadvertising.org/choices. Please be aware that, even if you are able to opt out of certain kinds of interest-based advertising, you may continue to receive other types of ads. Opting out only means that those selected members should no longer deliver certain interest-based advertising to you, but does not mean you will no longer receive any targeted content or ads (e.g., from other ad networks). We are not responsible for the effectiveness of, or compliance with, any opt-out options or programs of any other parties or the accuracy of their statements regarding their programs.
Location Data: For our mobile apps, you can turn off our collection of precise location data through the settings on your device. You can stop collection of all location data through a particular app by uninstalling that app.
App Technologies: For our mobile apps, you can reset your mobile ad Id through your device settings, which is designed to allow you to limit the use of information collected about you. For information on how to do this on Apple devices, visit Apple.com or https://support.apple.com/en-us/HT202074. For information on how to do this on Android devices, visit www.google.com.
Do Not Track: Your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit. There is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, unless and until the law is interpreted to require us to do so, we do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” you may wish to visit http://www.allaboutdnt.com/.
6. Your Rights over Your Information
Accounts and Forums:
You may review, correct, update, or request the erasure of account information you have provided to us by contacting us at firstname.lastname@example.org. We may require additional information from you to allow us to confirm your identity and properly respond to your request. Nothing in this Privacy Notice is intended to limit any additional rights you may have under local law.
Please note that it is not always possible to completely remove or delete all of your account information from our databases and residual data may remain on backup media. Also, we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
You may remove content you have posted on our forums by logging into your account, directly accessing your post, and using the editing tools in our forums (if available). Should you wish to edit or remove any content you have publicly posted, you may contact us with your specific removal request. Please note that we are not required to remove your posted content or information if it has been de-identified or if we are required by law to retain it.
Your Nevada Privacy Rights:
Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us as at email@example.com.
7. Your California Privacy Rights:
This section describes the various rights California residents have over their personal information under the California Consumer Privacy Act of 2018 (“CCPA”) and how you can invoke these rights with us.
Notice of collection
In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:
- Identifiers, including name, postal address, email address, and online identifiers (such as IP address).
- Customer records, including phone number, billing address, and credit or debit card information.
- Characteristics of protected classifications under California or federal law, including gender.
- Commercial or transactions information, including records of products or services purchased, obtained, or considered.
- Internet activity, including browsing history, search history, and interactions with a website, email, application, or advertisement.
- Geolocation data.
- Employment and education information.
- Inferences drawn from the above information about your predicted characteristics and preferences.
For further details on information we collect, including the sources from which we receive information, review “The Types of Information We Collect from You and How We Collect It” section above. We collect and use these categories of personal information for the business purposes described in “How We Use the Information We Collect from You” section above.
We do not generally sell information as the term “sell” is traditionally understood. To the extent “sale” under the CCPA is interpreted to include the activities set out in this Privacy Notice, such as those disclosed in the “Ads and Analytics” section above, we will comply with applicable law as to such activity. We disclose the following categories of personal information for commercial purposes: identifiers, characteristics, commercial or transactions information, internet activity, geolocation data, and inferences drawn. Please review “How We Share Your Information” section above for further details about the categories of parties with whom we share information.
Your right to know and delete
You have the right to know certain details about our data practices in the past 12 months. In particular, you have the right to request copies of the following from us:
- The categories of personal information we collected about you;
- The categories of sources from which the personal information was collected;
- The categories of personal information we disclosed for a business purpose or sold;
- The business or commercial purpose of our use of your personal information;
- The categories of third parties with whom we share your personal information; and
- The specific pieces of personal information we have collected about you.
You also have the right to request that we delete your personal information.
To exercise any of these rights, please contact us at firstname.lastname@example.org, or call our number at +81 50 5479 0290. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests.
Your right to opt-out
To the extent we sell your personal information as the term “sell” is defined under the CCPA, you have the right to opt-out of the sale of your personal information by us to third parties at any time. You can submit a request to opt-out by contacting us at email@example.com, or calling our number at +81 50 5479 0290.
You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.
Your right to non-discrimination
You have the right not to be discriminated against in service or price if you exercise your privacy rights.
Shine the light
Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To submit a request, please write us at the email or postal address set out in “Questions or Complaints” section below and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.
8. International Transfers of Information
Please be aware that information we collect may be transferred, processed, stored, and used internationally, including in the United States, Canada, Japan, the United Kingdom, and the European Union. The data protection laws in these countries may differ from those of the country in which you are located, and your information may be subject to access requests from governments, courts, or law enforcement. By using the Services, or providing us with any information, you consent to the transfer to, and processing, usage, sharing, and storage of your information, including personal data, in other countries as set forth in this Privacy Notice.
For personal data transferred from the United Kingdom, the European Union, and Switzerland, we will provide appropriate safeguards, such as through use of standard contractual clauses.
Company participates in the E.U.-U.S. and Swiss-U.S Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the United Kingdom, the European Union and Switzerland. For the purpose of this Section 8, “Company” refers to the following legal entities only: Onacasoft Co., Ltd.. Company has certified that it adheres to the Privacy Shield’s Principles of notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement, and liability. In accordance with its obligations under the Privacy Shield, and subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, Company affirms its commitment to subject all personal data received from the United Kingdom, the European Union and Switzerland in reliance on the Privacy Shield to the Privacy Shield Principles. This means that, in addition to Company’s other obligations under the Privacy Shield Principles, Company shall be liable to you for any third-party agent to which we transfer your personal data in reliance on the Privacy Shield and who processes such personal data in a manner that violates the Privacy Shield Principles, unless Company can demonstrate that it is not responsible for the resulting damages.
You have the right to ask us not to process your personal data (or not to provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you.
Company is committed to resolving any complaints regarding your privacy and our collection and use of your personal data in reliance on the Privacy Shield. For inquiries or complaints regarding the processing of personal data transmitted to Company from the United Kingdom, the European Union or Switzerland, or to exercise your rights, please send a letter to: Onacasoft Co., Ltd., Attn: Legal Department, 999 N. Pacific Coast Highway, 3rd Floor, El Segundo, CA 90245, or contact us at firstname.lastname@example.org. For any complaints regarding personal data transferred in reliance on the Privacy Shield that we are unable to resolve directly, you may submit your complaint at no cost to you to JAMS at https://www.jamsadr.com/eu-us-privacy-shield. In the event there are residual complaints that have not been resolved by JAMS or any other means, you may seek a non-monetary remedy through binding arbitration to be provided to you in accordance with the Privacy Shield Principles.
To learn more about the Privacy Shield Framework, and to view Company’s certification, please visit https://www.privacyshield.gov/welcome. A list of companies certified under the Privacy Shield Framework is available at the following link: https://www.privacyshield.gov/list.
9. Children’s Data
We do not knowingly collect or store any personal information as defined by the Children’s Online Privacy Protection Act (“COPPA”) from children under the age of 13 without verifiable parental consent, as required by COPPA. There may be instances, such as a sweepstakes, contest, or promotion, in which we collect personal information from a child in order to contact a parent and complete prize fulfillment in accordance with COPPA. We do not knowingly “sell,” as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.
If you are a parent or guardian of a child under the age of 13 (or different age as may apply in your jurisdiction) and believe he or she has disclosed personal information to us without your consent, please contact us at Onacasoft Co., Ltd., Attn: Legal Department, 999 N. Pacific Coast Highway, 3rd Floor, El Segundo, CA 90245. You can also contact us at email@example.com. We will delete the child’s personal information from our records as soon as possible.
10. Keeping Your Information Secure
We understand how important data security is to you, and we have implemented various policies, processes, and technical measures to help protect and secure your information. That said, no data transmission is guaranteed to be 100% secure, and we cannot ensure the security of any information you transmit to us. Please take care when transmitting information online, including through the Services, and make sure to keep your passwords and account information secure at all times. In the event we become aware of a data breach involving unencrypted notice-triggering information in our possession, we will notify you as may be required by applicable law.
11. Questions or Complaints
If you have any questions or wish to file a complaint, please contact us at firstname.lastname@example.org.
As previously mentioned, we are a licensee of ESRB’s Privacy Certified Program. If you believe that we have not responded to your inquiry or your inquiry has not been satisfactorily addressed, please contact ESRB Privacy Certified at http://www.esrb.org/privacy/contact.aspx. You may also email them at email@example.com.
This Privacy Notice has been designed to be accessible to people with disabilities. If you experience any difficulties accessing the information here, please contact us at firstname.lastname@example.org.
12. Changes to this Privacy Notice
We reserve the right to change this Privacy Notice. Any changes to this Privacy Notice will be effective as soon as we post them. However, if you have registered an account with us we may ask you to opt-in upon sign-in if we make material changes.
To the extent any provision of this Privacy Notice is found by a competent tribunal to be invalid or unenforceable, such provision shall be severed to the extent necessary for the remainder to be valid and enforceable.