NTT DOCOMO Privacy Policy

NTT DOCOMO, INC. ("DOCOMO") is rendering various services and products (collectively "Services") so that our customer can enjoy a rich and comfortable life. For rendering the Services and conducting other relevant business activities, we may collect your Personal Data (not limited to personal information as set forth in the Act on the Personal Information and Specific user information forth in the Telecommunications Business act, and including all data concerning an individual) in certain instances. We believe that the proper processing of Personal Data in our business activities is our important duty. To reflect our belief and sincerely regulate ourselves, we have enacted and published the "NTT DOCOMO Personal Data Charter".
In line with the philosophy of "NTT DOCOMO Personal Data Charter", DOCOMO sets forth this Privacy Policy as a policy concerning the processing of Personal Data.
This Privacy Policy also elaborates "how DOCOMO processes Personal Data" and "how the customer can manage their own Personal Data." We published "Understand by Knowing! DOCOMO's Use of Personal Data (in Japanese only)" to explain them more specifically and in a way that make them easier to understand, and so please also refer thereto.

1. Proper processing of Personal Data

We will comply with the applicable domestic and foreign laws and regulations, guidelines (collectively "Laws") in processing Personal Data and continuously improve this Privacy Policy. We will collect your Personal Data only by proper means and securely manage your Personal Data under our proper data management structure. In addition, we will implement proper company regulations and carry out necessary educational training of employees. By doing so, DOCOMO will make our best endeavors for our customers so that they can use convenient, safe and secure Services.

2. Collecting of Personal Data

DOCOMO will collect Personal Data in the following instances:

  • When directly provided by the customer to DOCOMO:
    For example, DOCOMO will collect your Personal Data when you fill out the application form for ordering our Services at a DOCOMO shop or you register and/or send the Personal Data from your smartphone when using our Services.
  • When automatically recorded when the customer uses our Services:
    For example, when you use our Services on the internet, information regarding usage history of the Services may be automatically recorded in DOCOMO's server. Similarly, information recorded on your device (such as a smartphone) may be automatically sent to DOCOMO according to the settings of the device. In certain instances, such information includes your Personal Data.
  • When indirectly obtained from third party when the customer uses the third party services:
    For example, when you use dPOINT at our member shop, DOCOMO may collect relevant shopping history at the member shop. Similarly, the member shop may provide us with such information.

3. Purpose of processing of Personal Data

  1. DOCOMO will process your Personal Data for the following purposes:
Purpose of Use (1) For provision of services, products, etc., and for communications/notifications etc. to customer that are necessary for the performance of the agreement with customer. Purpose of Use (2) For proposals services, products, etc., in relation to purchased services, products, etc., and for communications/notifications etc., to customer that are necessary thereto. Purpose of use (3) For preservation and countermeasures against fraud that are necessary for reliable and stable provision of services, products, etc. Purpose of Use (4) For planning, developing and improving services, products, etc., and various investigations and analyses.Purpose of Use (1) For provision of services, products, etc., and for communications/notifications etc. to customer that are necessary for the performance of the agreement with customer. Purpose of Use (2) For proposals services, products, etc., in relation to purchased services, products, etc., and for communications/notifications etc., to customer that are necessary thereto. Purpose of use (3) For preservation and countermeasures against fraud that are necessary for reliable and stable provision of services, products, etc. Purpose of Use (4) For planning, developing and improving services, products, etc., and various investigations and analyses.

Further, if the customer consents to the terms of agreement of the "Use of Location Information" separately set forth by DOCOMO, the location information will be used to the extent necessary for achieving the following purposes of use:

  • For granting benefits such as coupons that can be used at DOCOMO, DOCOMO's consolidated subsidiaries and equity-method affiliates, or dPOINT member stores, and providing information and displaying/distributing advertisement concerning the various products, services, campaigns and events (including those of third parties other than DOCOMO) that DOCOMO determines to be appropriate; and
  • For investigating and analyzing the sales/usage status of DOCOMO's products and Services, operating/improving DOCOMO's products and Services, planning for new products and new Services, questionnaire investigations and other marketing analysis.
  • If the customer wishes to suspend the use of the location information in the above purpose of use the customer consented to, the customer should change the customer's Personal Data Dashboard settings. In addition, please be advised that the location information acquired prior to the changes to the settings being reflected may be used.
  • Notwithstanding the above consent, DOCOMO will be acquiring/using the location information by obtaining the customer's consent to the extent required for the provision of electrical transmission services or is otherwise permitted by the laws and regulations or in the individual Services, apps, etc. Furthermore, please execute the suspension of use of the location information independently used in the individual Services, apps, etc. pursuant to the method specified in the individual Services, apps, etc.

[Customer Analysis by DOCOMO]

By analyzing personal data such as service usage history and location information, personal data will be analyzed within the scope of the purpose of use set forth in this Privacy Policy, for example, by estimating the interests, preferences, and trends of the customer and using it to propose services and products, distribute advertisements, and develop services and products in response to them, or by estimating the health status of the customer and using it to provide services in response to them. When analyzing the Personal Data, we will be conscious of whether it will be for the customer's benefit and whether it will contribute to society, and not make any use that would harm the customer's credibility, and do not use it in a way that undermines customer trust. Please confirm the "Understand by Knowing! DOCOMO's Use of Personal Data(in Japanese only)" for details and the following for specific usage examples.

  • Purpose of use for Customer analysis

    Open
    • Analyzing personal data such as service usage history, website browsing history, purchase history, location information, and contract details obtained from each service, and making proposals and distributing advertisements for services and products in response to customers' interests, preferences, and tendencies.
    • The results of analysis and aggregation using the personal data of customers shall be statistically analyzed so as not to identify the individual customer and its aggregation so that the individual customer cannot be identified and providing such information to partner businesses and other third parties.
    • To develop, provide, and improve services and products by analyzing personal data such as service usage history and location information acquired by each service to estimate and predict health conditions, etc.
    • Explaining the purposes of use and provisions to partner businesses to the customer by each Service and measure, and analyzing the customer's Personal Data to the extent consented to thereby, and using and providing the results of analysis thereof.
    • Analyzing personal data such as service usage history, customer information and contract details obtained from each service, and taking countermeasures against fraud in order to prevent fraudulent contracts, unauthorized use, etc.

[Use of Customer Service Contents (Audio and Video Recordings)]

DOCOMO will record the audio and video of customer service contents, as necessary, at docomo shop stores and will use the customer service contents to the extent of the purposes of use set forth in this Privacy Policy, including the purposes set forth below:

  1. DOCOMO will not process Personal Data in the following way:
    • Unfairly discriminate against the customer in determining whether to provide Services to the customer
  2. DOCOMO may continue to process Personal Data even after the relevant contract for the Services terminates.
  3. If DOCOMO processes Personal Data to perform services entrusted from other parties, DOCOMO will use Personal Data only to the extent necessary to perform such entrusted services.

4. Consent to the processing of Personal Data

If so required under the Laws and otherwise we consider appropriate, DOCOMO will obtain your prior consent for (i) the processing of your Personal Data, (ii) transfer of your Personal Data to third parties (including third parties in foreign countries) and/or (iii) any other purpose. You can review and manage the status of your consent(s) which you gave to DOCOMO in various circumstances via "Personal Data Dashboard".
Notwithstanding, to the extent permitted by the Laws, DOCOMO may, without your prior consent, (i) process your Personal Data for purposes other than the purposes provided in 3. (1) and/or (ii) transfer of your Personal Data to third parties (including third parties in foreign countries). However, even in such instance, DOCOMO will give due consideration to your rights and interests.

5. Management of Personal Data by the customer

Under certain circumstances, you may have an opportunity to opt out of (i) the transfer of Personal Data to certain third party and (ii) processing the Personal Data for some specific purpose. You can review and manage the status of your indication for the opt-out via "Personal Data Dashboard."
Please also refer to "Claim Procedures regarding Retained Personal Data, etc." for claim procedures for the disclosure of your retained personal data.

In addition, please refer to "Disclosure Request Procedures for Records on Third Party Provisions concerning personal data" with respect to the disclosure request procedures for records provided to third parties regarding the customer's personal data.

6. Safety management of Personal Data

DOCOMO has declared the "Information Security Policy" as its policy regarding information security, to enable you to use our Services with ease. DOCOMO will take necessary and proper measures to prevent the divulgence, loss or damage of Personal Data and for other safety management of Personal Data.
In addition, DOCOMO will publish the timing and details of matters that must be made public in accordance with Telecommunications Business Act in the "Notice of leakage regarding the Specific user information" section every year.

7. Sub-processing of Personal Data

DOCOMO may use a sub-contractor for our Services, including sales and reception services, troubleshooting services, fee and credit-related services, website and system operation services, event and campaign implementation services, data processing and analysis services and other services. In some instances, such sub-contractor may process your Personal Data on behalf of DOCOMO, to the extent necessary to perform its duties under the sub-contracting contract. In such instance, DOCOMO will select an eligible sub-contractor who is recognized as being able to properly process Personal Data, and will carry out proper supervision thereof.

8. Notice of Other Matters regarding the Processing of Personal Data

If further notifications are required under the Laws, for example, when DOCOMO jointly processes the personal data with other parties without your consent or processes anonymized processed information or pseudonymized processed information, Safety management method, DOCOMO will post necessary notifications on "Notice of Other Matters regarding the Processing of Personal Data" .

9. Inquiries regarding the processing of Personal Data

Please contact the below customer support desk for inquiries regarding the processing of Personal Data:

NTT DOCOMO, INC.: Customer Service

0570-073-030 (toll); hours of operation: 10:00AM ~ 6:00PM (except Saturdays, Sundays, holidays, and end/beginning of year holidays)

Accredited Personal Information Protection Organization

DOCOMO is covered by the following accredited personal information protection organizations. The customer can also lodge complaints and/or consult with the service desk of each organization on the handling of personal information in the following businesses.

10. Amendment to the Privacy Policy

DOCOMO may amend this Privacy Policy as necessary according to the laws and regulations and for business reasons. Amendments, etc. will be published on the website. In addition, DOCOMO shall take measures pursuant to laws and regulations depending on the amendments.

August 30,2024

NTT DOCOMO, INC.
Yoshiaki Maeda, The President and CEO
Sanno Park Tower, 2-11-1 Nagata-cho, Chiyoda-ku, Tokyo, 100-6150, Japan

PDF Downloads

NTT DOCOMO Privacy Policy is available for download by clicking on the link below.

PDFNTT DOCOMO Privacy Policy (in Japanese only)

  • Get Adobe Acrobat Reader

    In order to view PDF files, you must have the New windowAdobe® Reader® plug-in offered free of charge from Adobe Systems, Inc. When viewing the PDF files with Adobe® Acrobat®, use version 10 or later.

  • These contents will apply to the purpose of use of personal information that were acquired before December 11, 2019, concerning customers who have never been a d POINT CLUB member on and after December 11, 2019.
  • We do not use PDFOCN service (in Japanese only) personal information or other personal information obtained prior to June 30, 2023 under the terms of service, etc. to which the PDFOCN Service Privacy Policy (in Japanese only) applies, to provide inform customers of services outside our company. (This does not apply if you agree to the NTT DOCOMO Privacy Policy after July 1, 2023.).



Exhibit: Additional information for International Customers

In the following, DOCOMO provides you with the additional information as required in accordance with the General Data Protection Regulation 2016/679 ("GDPR"), the United Kingdom General Data Protection Regulation ("UK-GDPR"), and other applicable data protection laws and regulations governing the processing of personal data of customers located outside Japan (collectively, the "Applicable Laws").This Exhibit supplements the information provided in the main body of the "NTT DOCOMO Privacy Policy" to the extent required under Applicable laws. Capitalized terms not defined in this Exhibit have the same meanings ascribed to them in the "NTT DOCOMO Privacy Policy."

(1) Categories of Personal Data We Collect

DOCOMO may collect, use, store and transfer the following categories of Personal Data:

<Basic Data>

Information about your identity, profile, and contact details, which includes, for example, customer's ID such as d ACCOUNT and d POINT CARD number, passwords associated with such customer ID, attributes, contact information, date of birth, gender, and family structure.

<Usage Data>

Information about the use of our services, which includes, for example, contract status, usage history, content you have posted (such as articles, images and videos), information about your behavior when you use the internet or application, names and locations of purchased services and products, responses to questionnaires.

<Location Data>

Information about the location of your device. Such data will be collected through various technologies, which include, for example, the GPS function of the device, data from nearby cell towers, Wi-Fi hotspot usage, or other short-range wireless communication technologies.

<Medical and Health Data>

Information related to your medical treatment and health that is collected when you use relevant service(s). For example, information on medical examinations and other tests conducted by physicians, information on health guidance, medical treatment and dispensing of medicines by physicians,and information on customers' height, weight, activity level.

(2) Purposes of Use of Personal Data and Legal Grounds for Data Processing

We have set out below, in a table format, purposes of processing the Personal Data as well as the legal bases we rely on for the processing. We have also identified our legitimate interests where appropriate.In addition, if we process any special categories of Personal Data about you as prescribed in Article 9 of GDPR, including some information categorized under the Medical and Health Data, we will only do so based on your explicit consent.We generally do not process sensitive personal information as defined under other Applicable Laws. However, in limited cases, certain information we collect, such as a combination of account ID and password or precise geolocation data, may be classified as sensitive personal information under specific laws like the California Consumer Privacy Act or India’s Information Technology Rules 2011.

Legal basis of the data processing
Purpose Categories of Personal Data Lawful basis for processing
For rendering Services and for communications/notifications to customers that are necessary for the performance of the contract with customers.
  1. Basic Data
  2. Usage Data
  3. Location Data
  4. Medical and Health Data
 (i) ~ (iii)
  • Contract performance
  • Necessary to comply with a legal obligation
    (To inform you of any changes to our terms and conditions etc.).
(iv) Consent
For promotions and offers of Services and for relevant communications/notifications.
  1. Basic Data
  2. Usage Data
  3. Location Data
  4. Medical and Health Data
 (i) and (ii)
Legitimate Interest:
(To conduct marketing activities including various campaigns/promotion (but excluding direct marketing that we conduct based on explicit consent ) /
To make suggestions and recommendations that may be of interest to you through which we aim to grow our business)
(iii), (iv) and in the case of conducting direct marketing by processing (i) or (ii):
Consent
For management of Services and countermeasures against improper activities that are necessary for reliable and stable provision of Services.
  1. Basic Data
  2. Usage Data
  3. Location Data
  4. Medical and Health Data
 (i) ~ (iii)
  • Contract performance
  • Necessary to comply with a legal obligation
    (To implement security measures required under the Laws etc.)
  • Legitimate Interest:
    (To keep records updated /To run our business, provision of administration and IT services, network security/ To prevent fraud)
(iv) Consent
For planning, developing and improving Services, and performing various investigations and analyses relating to them.
  1. Basic Data
  2. Usage Data
  3. Location Data
  4. Medical and Health Data
 (i) and (ii):
Legitimate Interest
(To keep records updated/To analyse how customers use Services/ To improve quality of Services)
(iii) and (iv)
Consent

(3) Disclosures of Personal Data

We may share your Personal Data with third parties, including our subsidiaries and business partners, in accordance with Applicable Laws. Where such laws require your explicit consent for such sharing, we will obtain it in advance. We require all such third parties to protect the security and confidentiality of your Personal Data and to handle it in accordance with the Applicable Laws. Without your explicit consent, we do not allow our third-party service providers (i.e. subcontractors engaged to support the provision of our services) to process or otherwise use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions

(4) Sources of Personal Data

We primarily collect customers’ Personal Data directly from them, particularly during the registration and use of the Service.

(5) Personal Data Required to Be Provided

The Personal Data that customers are required to provide in order to receive the provision of the Service is indicated in the form to be completed by the customers. Although customers are under no obligation to provide such Personal Data, we will not be able to offer the Service if such Personal Data is not provided.

(6) International Transfer of Personal Data

DOCOMO is established and headquartered in Tokyo, Japan, and may transfer customers’ Personal Data to countries outside the customers’ country of residence (for customers located in the European Economic Area, to outside of the European Economic Area), including Japan ("International Transfer"), for the purposes described in Section 2 above. These countries may not provide the same level of data protection as the laws of the customer’s country of residence.

Where we conduct an International Transfer of Personal Data, we will implement appropriate safeguards as required under Applicable Laws to ensure an adequate level of protection. These may include measures such as executing standard contractual clauses approved by the relevant supervisory authorities, or relying on adequacy decisions issued by the relevant supervisory authorities.

(7) Personal Data Security Management

We have put in place appropriate robust security measures, as required under Applicable Laws, to prevent the Personal Data from being accidentally lost, used or accessed in an unauthorised way, damaged or destroyed, altered or disclosed. We have adopted these measures to ensure, to the extent required by Applicable Laws, the ongoing confidentiality, integrity, availability and resilience of systems and services which process the Personal Data and to ensure that we can restore availability and access to the Personal Data in a timely manner in the event of a physical or technical incident. These measures are regularly tested, assessed and, where appropriate, updated to ensure they remain effective, and they will typically include:

  • Technical security measures:
    • multiple location, physically secure data centres designed to prevent single points of failure;
    • secure system firewalls and authentication controls;
    • back-ups and data recovery systems;
    • secure encryption technologies; and
    • state-of-the-art antivirus and intrusion protection.
  • Organisational security measures:
    • data system access controls, password controls and privilege management;
    • data centre physical access controls;
    • security and compliance training for personnel:
    • robust data security breach reporting procedures;
    • robust DRBC (disaster recovery and business continuity) procedures;
    • contractual confidentiality obligations for personnel; and
    • background checks for personnel (where appropriate and permitted / required by law).

We have put in place reporting procedures to deal with any suspected data breach and will notify you and any applicable supervisory authority of a breach to the extent required under Applicable Laws.
Whenever we engage third party service providers to store and process the Personal Data, we always ensure that those providers also implement appropriate technical and organisational security measures to keep the Personal Data safe and require those providers to adhere to strict contractual requirements for this purpose, as required by Applicable Laws.

(8) Personal Data Retention Period

We will only retain the Personal Data for as long as necessary for the specific purposes it was collected for or, where relevant, for related compatible purposes such as complying with applicable legal, accounting, or record-keeping requirements, to the extent required under Applicable Laws.
For example, we may be required to retain basic information about our customers for a mandatory period of time after they cease being customers in order to comply with our tax law obligations.
Where there is no specific legal period for retaining the Personal Data, we will determine the appropriate retention period in accordance with Applicable Laws, taking into account the amount, nature, and sensitivity of the personal data, the potential risk of harm from its unauthorised use or disclosure, the purposes for which we process the Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Once the applicable retention period has expired, we will delete the Personal Data using methods permitted under Applicable Laws. Where appropriate and permitted under Applicable Laws, we may instead anonymise the Personal Data. In such case, we may retain and use the anonymized data indefinitely without further notice to you.

(9) Processing Minor Child’s Personal Data

Our Services are not intended for use by children under the age of 13, and we do not knowingly allow such children to access or use the Services.

We do not knowingly collect or process the Personal Data of customers under the age of 16, or such other age as may be required under Applicable Laws in the relevant jurisdiction, without the consent of a parent or other legal representative, to the extent required under Applicable Laws. Customers under the age of 16, or such other age as may be required under Applicable Laws in the relevant jurisdiction, must provide the Personal Data to us only with the consent of a parent or other legal representative, to the extent required by Applicable Laws.

If we discover that we have collected the Personal Data of a customer under the age of 16, or such other age as may be required under Applicable Laws in the relevant jurisdiction, without the consent of the parent or other legal representative, we will immediately take appropriate action in accordance with Applicable Laws.

(10) Your Rights under Applicable Laws

You have certain rights for the Personal Data under Applicable Laws, some of which only apply in certain circumstances. These rights may include, but are not limited to:

  • Right to seek access to your Personal data (including copies thereof);
  • Right to request correction of your Personal Data;
  • Right to seek removal of your Personal Data (the right to be forgotten);
  • Right to restrict (cease) the processing of your Personal Data; and
  • R to receive your Personal Data in a structured, machine-readable form (the right to data portability).

These rights may be limited, on an exceptional basis, to the extent permitted under Applicable Laws, for example, if complying with a customer’s request would infringe upon the rights of us or a third party, or if we are requested to delete information that we are required to retain in accordance with Applicable Laws. The exceptions to these rights are set out in Applicable Laws.

If you wish to exercise any of the rights described above, please contact us using the contact details provided in Section 14 below.

(11) Right to Object to the Processing of Personal Data

Customers may have the right, to the extent permitted under Applicable Laws, to object at any time to the processing of their Personal Data that is being processed on the basis of legitimate interests.

If you wish to exercise the right, please contact us using the contact details provided in Section 14 below.

(12) Right to Withdraw Consent

Customers may have the right, to the extent permitted under Applicable Laws, to withdraw their consent whenever we handle their Personal Data based on their consent. Even if a customer withdraws its consent, the legality of any treatment on the basis of the customer’s consent before the withdrawal of such consent will not be affected.

If you wish to exercise the right, please contact us using the contact details provided in Section 14 below.

(13) Right to File a Complaint with a Supervisory Authority

Customers may have the right to file a complaint with a supervisory authority under Applicable Laws. The supervisory authorities may include, depending on the circumstances, the supervisory authorities where the customer is located or works, or where the alleged infringement occurred.

(14) Contact

NTT DOCOMO, INC. is the controller and is responsible for processing of your Personal Data.
We have appointed a Data Protection Representative in the EU and the UK to respond to inquiries regarding data protection or privacy, including your rights under the GDPR and the UK-GDPR.

If you have any questions about this Exhibit, or if you wish to exercise your legal rights under Applicable Laws, please contact us or our EU Data Protection Representative or UK Data Protection Representative using the following details. To the extent permitted under Applicable Laws, you may also exercise such rights through an authorized representative.

Our contact details are as follows:

  • Company name: NTT DOCOMO, INC.
    Email address: Emaildata-protection-ml@nttdocomo.com
    Postal address: Sanno Park Tower
    11-1, Nagata-cho 2-chome,
    Chiyoda-ku, Tokyo 100-6150 Japan
    Telephone number: +81 3 5156 1111

The contact details of our EU Data Protection Representative are as follows:

  • EU Data Protection Representative: PLANIT//LEGAL Rechtsanwaltsgesellschaft mbH
    Email address: Emaildocomo-gdpr-planit@planit.legal
    Postal address: Jungfernstieg 1, 20095 Hamburg, Germany

The contact details of our UK Data Protection Representative are as follows:

  • UK Data Protection Representative: TMI Associates London LLP
    Email address: Emaildocomo-ukgdpr-tmi@tmi.gr.jp
    Postal address: CityPoint, One Ropemaker Street, London EC2Y 9SS, United Kingdom

California residents can exercise their rights under the CCPA by contacting the below:
Email address: Emaildata-protection-ml@nttdocomo.com

Appendix: Processing of Personal Information of California Residents

In addition to the Exhibit above, this Appendix: Processing of Personal Information of California Residents (this "Appendix") shall apply to the processing of personal information of the customers residing in the State of California in the United States in accordance with the California Consumer Privacy Act of 2018 (the "CCPA"). If there is any discrepancy between the provisions of this Appendix and the provisions of the Exhibit, the provisions of this Appendix shall prevail.

(1) Definitions

The definitions of the terms used in this Appendix are the same as those under the CCPA. In particular:

"Personal information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

"Sell" means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a customer’s personal information by the business to a third party (meaning anyone other than us, our subcontractors and other business partners, hereinafter the same applies in this Appendix) for monetary or other valuable consideration.

"Share" means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a customer’s personal information by the business to a third party for cross-context behavioral advertising.

(2) Notice of Collection

We will collect and have collected in the last twelve (12) months, the following categories of personal information about the customers.

Legal basis of the data processing
Category
Identifiers
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
Characteristics of protected classifications under California or federal law
Commercial information
Internet or other electronic network activity information
Geolocation data
Sensitive personal information, including (i) an account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, (ii) precise geolocation data, and (iii) personal information collected and analyzed concerning a consumer’s health.

We do not sell or share and will not sell or share in the future any of the personal information collected from the customers.

For details on the personal information we collect, refer to Section "(1) Categories of Personal Data We Collect" of the Exhibit. For details on the business purposes and commercial purposes of personal information we collect, refer to Section "(2) Purposes of Use of Personal Information and Legal Grounds for Data Processing" of the Exhibit. For details on the categories of third parties with whom we disclose personal information, refer to Section "(3) Disclosures of Personal Data" of the Exhibit. For details on the sources of the personal information we collect, refer to Section "(4) Sources of Personal Data" of the Exhibit. For details on the retention period of the personal information we collect, refer to Section "(8) Personal Data Retention Period" of the Exhibit.

(3) Data Subject Rights under the CCPA

The CCPA provides residents of California with specific rights regarding personal information. If the customer is a California resident, the following describes their rights under the CCPA and explains how to exercise those rights.

(i) Right to Access Personal Information
The customers are entitled to request that we disclose certain information to them about our collection, sharing, disclosure or use of their personal information. Once we receive and confirm a verifiable consumer request, we will disclose the following information to such customer.

  • The categories of personal information we collected about the customer;
  • The sources for the personal information we collected about the customer;
  • Our business or commercial purposes for collecting, selling, or sharing such personal information;
  • The categories of third parties with whom we share such personal information;
  • The categories of personal information that we have sold, and for each category identified, the categories of third parties to whom we sold such personal information;
  • The categories of personal information that we have disclosed for a business purpose, and for each category identified, the categories of third parties to whom we disclosed such personal information; and
  • The specific pieces of personal information we collected about the customer.

(ii) Right to Request Deletion
Each customer is entitled to request that we delete any of such customer’s personal information that we have collected and retained, subject to certain exceptions. Once we receive and confirm a verifiable consumer request, we will delete such customer’s personal information from our records (and notify our service providers and contractors to delete the same), unless an exception applies.
We may deny the customer’s deletion request if retaining the information is necessary for us or our service providers and contractors in order to:

  • Complete the transaction for which the personal information was collected, fulfill the terms of a product recall conducted in accordance with a written warranty or federal law, provide goods or services requested by the customer, or take measures that are reasonably anticipated by the customer within the context of our ongoing business relationship with such customer, or otherwise perform our contract with the customer;
  • Help to ensure security and integrity to the extent the use of the customer’s personal information is reasonably necessary and proportionate for those purposes;
  • Debug products to identify and repair errors that impair existing intended functionality;
  • Exercise free speech, ensure the rights of other customers to exercise their free speech rights, or exercise other rights provided for by Applicable Laws;
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if the customer previously provided informed consent;
  • Enable solely internal uses that are reasonably aligned with customer expectations and the context in which the customer provided the personal information based on the relationship between the customer and the Company; and
  • Comply with legal obligations.

(iii) Right to Request Correction
The customers are entitled to request that we correct any inaccurate personal information of a customer that we have collected and retained. Once we receive and confirm a verifiable consumer request, we will correct such customer’s inaccurate personal information (and notify our service providers and contractors to correct the same). We may deny the customer’s request for correction if we determine that the contested personal information is more likely than not to be accurate based on the totality of the circumstances.

(iv) Right to Opt-Out of Sale or Sharing
We have not sold or shared any customer’s personal information in the past twelve (12) months, and we will not sell or share such personal information in the future. Since the Services are directed to customers who are not under the age of 16, we will not intentionally sell or share the personal information of any customer who is under the age of 16.

(v) Right to Limit the Use of Sensitive Personal Information
We will not use or disclose any sensitive personal information collected from the customer for any purpose other than the following:

  • Performing the services or providing the goods reasonably expected by an average consumer who requests such goods or services;
  • Helping to ensure security and integrity;
  • Performing short-term, transient use (except for those involving profiling or changes to the future customer experience);
  • Performing services on behalf of the Company; and
  • Maintaining or enhancing the quality or safety of the services (including the Services) and devices of the Company.

(vi) Right to Non-Discrimination
We will not discriminate against the customers for exercising any of their rights under the CCPA. Moreover, unless permitted under the CCPA due to the customers’ exercise of their rights, we will not:

  • Deny goods or services to the customers;
  • Charge the customers different prices or rates for goods or services;
  • Provide the customers with a different level or quality of goods or services;
  • Suggest that the customers may receive a different price or rate for goods or services or a different level or quality of goods or services; or
  • Retaliate against an employee, applicant for employment, or independent contractor.

(vii) How to Exercise Your Rights
In order for the customers to exercise the rights under the CCPA, they are requested to submit a verifiable consumer request to us by contacting us as set forth in Section "(14) Contact" of the Exhibit. The customers need to complete a request with sufficient detail that allows us to properly understand, evaluate, and respond thereto.

Only the customer, a natural person or a person registered with the California Secretary of State that the customer authorizes to act on the customer’s behalf, or a person who has a power of attorney or is acting as a conservator for the customer, may submit a verifiable consumer request related to the customer’s personal information. If permitted under the CCPA, we may perform procedures to verify the identity and authority of the agent as required under the CCPA.

Go to top of the page