Privacy Policy for EEA Resident

Definitions

“Personal Data” means any data relating to an identified or identifiable natural person, including, but not limited to, customers’ names, addresses, birth dates, telephone numbers, e-mail addresses, user IDs, device IDs, IP addresses, location, web beacons and other online identifiers.
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Services” means any of the Company’s various games, software, products, websites, accounts, applications, online stores, features, content, and activities that are operated by Company and/or post or link to this Privacy Policy.

Purpose of Use of Personal Data

The Company will process customers’ Personal Data in order to achieve the following goals:

  1. ・to provide the Services and enable customers’ efficient use of the Services;
  2. ・for the purpose of conducting research, analysis, product service or development;
  3. ・to provide notification of information related to products and Services which the Company and Group companies sell and provide;
  4. ・to process and administer customers’ registrations as members of various parts of the Services;
  5. ・to perform, monitor and enforce contracts concluded between customers and Company;
  6. ・to provide various customer service correspondence to customers (including to notify customers of changes to the Services);
  7. ・to process details of Personal Data that customers voluntarily provide on the Services;
  8. ・to process details regarding customers’ use of the Services (including traffic data, game usage and gameplay data, location data and other communication data);
  9. ・to serve advertisements to customers on our website or applications based on their use of the Services and/or on third-party sites and applications;
  10. ・to prevent customers from engaging in fraudulent activities or unauthorized use of the Services.

Additional Processing

In the case of processing your Personal Data for purposes other than the above, the Company will obtain your consent before doing so. Company reserves the right to monitor your accounts and records to check any complaint or allegation of abuse, infringement of third-party rights or any other unauthorized use of the Services.

Consent

By using the Services, you consent to the collection, storage and use of your Personal Data as described in this Privacy Policy; provided, however, that you may withdraw your consent at any time by sending an email to the following address: privacypolicy@square-enix.com

Retention Period

The Company will retain your Personal Data for as long as we reasonably require such data to provide you with the Services in accordance with this Privacy Policy or as otherwise may be required for legal compliance purposes.

Safety Control Measures

The Company will take all necessary and appropriate safety control measures when handling Personal Data in order to prevent the divulgence, loss, or damage thereof, while also striving to improve these measures.

Supervision of Employees and Trustees

  1. The Company will appoint an administrator within each department to handle Personal data and to ensure the proper management of Personal Data.
  2. Personal data will be handled solely by properly trained officers and employees of the Company who are authorized to access such Personal Data.
  3. There may be cases within the scope necessary for the usage purpose in which the Company entrusts the handling of Personal Data to a third party. In such cases, the Company will obligate the trustee by way of a contract, etc. to handle the Personal Data properly, and will exercise necessary and appropriate supervision over the trustee.

Disclosure to third parties

The Company will not, except in the following cases and situations referred to in “Transfers of Personal Data to Third Parties and/or Other Countries”, disclose or provide Personal Data to a third party without obtaining the prior consent of the individual in question:

  1. (1) Cases in which it is necessary for the Company to fulfill legal obligations imposed on business entities, etc.;
  2. (2) Cases in which the Company has judged that it is appropriate for a Group company to handle the content of an inquiry;
  3. (3) Cases in which disclosure is required by a court, prosecutor’s office, police, bar association, consumer affairs bureau or other institution, entity, or individual similar thereto;
  4. (4) Cases in which there is due course, such as for the protection of the life, property, honor, or credit of the individual supplying the Personal Data or other third party;
  5. (5) Cases in which the Personal Data is used in a way that does not lead to the identification of the person; and
  6. (6) Any other case in which disclosure or provision is admitted by legislation or regulations.

Handling of Information on Websites

The Company may employ Cookies, Web Beacons, and/or other similar technologies in order to collect information with the goal of facilitating more convenient use of its websites. In no case is new Personal Data included in the information collected; however, there may be cases in which the aforementioned may be used in association with previously provided Personal Data.

  1. (1) Cookies
    Cookies are a technology used to store information such as website use history on the customer’s computer.
  2. (2) Web Beacons
    Web Beacons are able to collect and analyze website and HTML email browsing information by using JavaScript, small image files, etc. embedded in websites or HTML emails.

Transfers of Personal Data to Third Parties and/or Other Countries

The Company may disclose your Personal Data to third parties such as the subsidiaries and affiliates of the Company, as well as to third-party cloud vendors and outside contractors of the Company in order that such third parties may assist in providing the Services. In the event Company sells or buys any business or assets, Company may disclose Personal Data to the prospective seller or buyer of such business or assets. Company may also disclose Personal Data to a third party if Company reasonably believes doing so is necessary to comply with a legal order or obligation, to enforce or apply Company’s Terms of Use or other contracts, or to protect another user’s or other third party’s rights, property or safety (including exchanging information with other companies and organizations for the purpose of fraud protection and credit risk reduction). Company may aggregate your Personal Data with other data so as to render it anonymous, and may disclose such anonymous and aggregate data to third parties.

You should be aware that the information Company collects, including Personal Data, may be transferred, processed, stored and used internationally, including in Japan, the United States, Canada, or other countries located outside the EEA. The data protection laws in these countries may differ from those of the country in which you are located (i.e., many of the rights provided in the EEA to the data subjects of the data are not given), and your Personal Data may be subject to access requests from governments, courts or law enforcement. By using the Services and/or providing Company with Personal Data, you consent to the transfer of Personal Data as set forth in this Privacy Policy.

Your Rights to Your Personal Data

You may request access to your Personal Data at any time by sending an email to privacypolicy@square-enix.com. In addition, you may request that the Company delete, stop processing or correct errors in your Personal Data and request for your Personal Data to be provided (“data portability”) by sending an email to the same address.
In principle, only the individual in question may request the disclosure, correction, addition, deletion, termination of use, and erasure of their Personal Data. The Company will, to a reasonable extent, respond as swiftly as possible only in cases in which it has received a request based on the “Procedures for Requesting the Disclosure, etc. of Personal Data” set forth separately below.
You may lodge a complaint with any data protection authority that has jurisdiction over the Company and/or is located in your place of residence or employment.

The Company’s Policy Concerning Children

The Company will not intentionally collect Personal Data from a customer under the age of 16 without first obtaining consent from such customer’s parent or legal guardian. In the event that anyone under the age of 16 wishes to use the Services, the Company asks them to make sure that the consent is given or authorized by their guardian.
After the customer reaches the age of 16, consent from the customer’s parent or legal guardian for the processing of the customer’s Personal Data can be confirmed, modified or withdrawn.

Continued Undertaking

The Company will strive continuously to improve its handling of Personal Data through the establishment and review of internal regulations and implementation of training programs.

Procedures for Requesting the Disclosure, etc. of Personal Information

1. How to make a request
When requesting the disclosure, correction, addition, deletion, termination of use, erasure or data portability (“Disclosure, etc.”) of provided Personal Data, you should send the following documents by postal mail.
(1)In cases when the individual in question makes the request
Formal identification showing the individual’s full name and address
(a) Copy of a driver’s licenseor(b) A copy of each of any two of the following: Health Insurance Card, Resident’s Card, Passport, Certificate of Alien Registration, Pension Booklet, Public Utility Receipt, Notary form, etc.
(2)In cases when a representative of the individual in question makes the request(i)Formal identification showing the individual’s full name and address(a) Copy of a driver’s licenseor(b) A copy of each of any two of the following: Health Insurance Card, Resident’s Card, Passport, Certificate of Alien Registration, Pension Booklet, Public Utility Receipt, Notary form, etc.
(ii)Formal identification showing the representative’s full name and address(a) Copy of a driver’s licenseor(b) A copy of each of any two of the following: Health Insurance Card, Resident’s Card, Passport, Certificate of Alien Registration, Pension Booklet, Public Utility Receipt, Notary form, etc.
(iii)A letter of proxy from the individual (in cases when the request is made by the legal representative of a minor or adult ward, a copy of a document that makes clear the connection with the individual, i.e. family register; abridged family register; or certificate of residence, may be submitted in place of a letter of proxy)
2. Mailing address SQUARE ENIX HOLDINGS CO., LTD. SHINJUKU EASTSIDE SQUARE 6-27-30 Shinjuku, Shinjuku-ku, Tokyo 160-8430, Japan Personal Information Inquiries
3. Charge for requests
The Company may charge a separately specified fee for requests for notification of the disclosure and purpose of use of Personal Data.
4. Other
Personal Data acquired due to a request for Disclosure, etc. will only be handled within the scope necessary for responding to said request for Disclosure, etc. Note that the Company will not return any documents that it has received. We will appropriately administer and dispose of all documents after we have handled the request for Disclosure, etc.

Point of Contact in EEA

The Company’s point of contact in EEA is as follows:
DPO@eu.square-enix.com

Last Updated: May 25, 2018

Page Top