DOSI Biz Privacy Policy

LINE NEXT Inc. (DOSI Biz) Privacy Policy

The purpose of this document (“Privacy Policy”) is to inform you (“you” or “User”) of how LINE NEXT Inc. (and in the event that the Services are provided by any company which is affiliated with LINE NEXT Inc. ("LINE NEXT Affiliate"), that LINE NEXT Affiliate) manages Personal Data (as hereinafter defined) in connection with LINE NEXT Inc.’s services (hereinafter referred to collectively as the “Services”).

Please take a moment to read this Privacy Policy carefully so that you know and understand the purposes for which we collect, use and disclose your Personal Data. If you have any questions about this Privacy Policy, please submit your request by email at dl_dosi_privacy@linecorp.com

For Users in the European Union, please take a moment to read the Privacy Policy addendum for GDPR available in Section 18.

By interacting with us, submitting information to us, or signing up for or accessing Services offered by us, you indicate your acceptance of the terms of this Privacy Policy and agree and consent to LINE NEXT Inc. (including LINE NEXT Affiliates), as well as their respective representatives and/or agents (collectively referred to herein as "the Company", "us", "we" or "our") collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to the Company's authorized service providers and relevant third parties in the manner set forth in this Privacy Policy. If you do not agree with or are not comfortable with any aspect of this Privacy Policy, you should immediately discontinue access to or use of the Services.

Personal Data Collected by the Company (hereinafter the “Personal Data”)

When you use of the Services, access any of the Services or conduct any transaction through the Services, we may collect the following categories of personal data (or personal information) from you or about you:

(Information you provide us)

Entity information, such as the entity’s legal name, entiti's email address, real name of CEO, birth date of CEO, entity's postal address, entity's phone number, any comparable government-issued identification number, and governing documents or other proof of legal existence;
Contact information, entity employee's real name, email address, phone number, and/or phone number calling code;
Identification information, such as passcode;
Financial information, such as bank name, bank account number, and/or digital wallet address ;
Transaction information relating to your use of the Services, including, without limitation, transaction history, purposes of transactions, and other account information that is generated by your account activity;
Correspondence, being information that you provide to us in correspondence, including during opening your account, and ongoing customer support;

(Information we collect via technology)

Identification information, such as the Service IDs;
Device information, in particular as to the computer, device, or browser that you rely on in order to access or use the Services, operating system name and version, device manufacturer and model, language, Internet browser type and version, and the name and version of the Services you are using;
Online identifiers, such as your IP address and domain name—we automatically log your IP address (a number that is assigned to the computer that you use to access the Internet) in our server log files whenever you access or use the Services, along with the time of your visit and the page(s) that you visited;
Usage data, such as system activity, internal and external information related to the DOSI Biz or other related sites you visit, clickstream information, and other data collected via cookies and similar technologies;

(Information collected from third parties)

Third-party service information, such as social media account information and type—we may obtain such information when you link, connect, or login to the Services with a third party service(e.g. LINE);
Identification and credit history information obtained from public databases, credit bureaus and ID verification partners—we may obtain such information for purposes of verifying your identity in accordance with applicable law and complying with other legal obligations, such as anti-money laundering laws (as applicable), as well as to attempt to ensure that the Services are not used fraudulently or for other illicit activities (in which case the processing of your personal information is necessary for us to continue to perform our contractual obligations with you and others);
Background Information—we may obtain information about you in regard to history of fraudulent use from LINE NEXT Affiliates. This collected information is used solely internally for the purpose of ensuring that the Services are not used fraudulently or for other illicit activities;
Public blockchain data—we may be able to identify you from a blockchain transaction because, in some circumstances, Personal Data published on a blockchain (such as your digital currency wallet address and IP address) can be correlated with Personal Data that we may have; and
Additional information, at the discretion of our compliance team, to comply with legal obligations, which may include criminal records or alleged criminal activity.

Information regarding certain specific third-party sources of Personal Data is set forth in Section 3 of this Privacy Policy.

In addition to the foregoing, you may also be required to provide additional Personal Data when you, amongst others, require support, send us information for troubleshooting or other analysis, participate in a survey or our other promotional activities or solicit any other communication from us.

Personal Data you provide during the account registration process may be retained if required or permitted under applicable law, even if your registration is left incomplete or abandoned. You may request the deletion of such information where applicable.

You may decide whether or not to submit any Personal Data required by us. You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the Services you have requested.

Purpose for Collection, Use and Disclosure of User Personal Data

The Company may collect, use and disclose a User’s Personal Data for the following purposes:

To provide the Services: We use Personal Data to provide you with Services pursuant to the LINE NEXT Inc. Terms of Service. For example, Personal Data may be used:

to enable you to access the Services
to offer undisturbed and smooth Services to you (including, without limitation, software upgrades and improvements of the Services);
to ensure that the Services are functioning properly;
to administer our website and to track user movement;
for troubleshooting purposes;
to allow you to manage your account; and/or
to conduct any other activities that are required to provide the Services.

To enforce the terms of the LINE NEXT Inc. Terms of Service and other agreements: We use Personal Data to enforce the LINE NEXT Inc. Terms of Service, this Privacy Policy (including relevant Addendums hereto) and other agreements with Users (collectively, the “Policies”), as well as agreements with third parties. For example, Personal Data may be used:

to detect, prevent, investigate or report actual or potential violations of the Policies or any suspected illegal activities;
in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
to protect us and our operations or those of our service providers;
to protect the rights, privacy, safety and property of us and our service providers;
to prevent physical harm or financial loss or any other risk for us, any of our service providers or any other individual involved in the provision of the Services;
to allow us to pursue available remedies or limit the damages that we or our service providers may sustain; and/or
to otherwise enforce the Policies.

To detect and prevent fraud: We process your Personal Data to detect and prevent fraud on your account. For example, Personal Data may be used:

to prevent any unauthorized/fraudulent use of the Services;
to prevent, detect and investigate crime and analyze and manage commercial risks and conduct investigations relating to disputes, billing or fraud; and/or
to perform identity verification when you make an inquiry or give us instructions.

To protect your rights and data and seek to ensure the integrity of the Services: Maintaining the security of your account and the NFT Service requires us to process Personal Data, including information about your device, your account activity and other relevant information. For example, Personal Data may be used:

to prevent any data breach or circumvention of our security measures or to mitigate any possible adverse effects from such activities;
to test, assess, or otherwise evaluate the effectiveness of the technical and organizational measures (which ensure the security of the processing of your Personal Data) put into place by us or by our service providers (including our Outsourced Contractors, as defined below); and/or
to protect your rights, privacy, safety and property.

To comply with legal and regulatory requirements:We process your Personal Data as required by applicable laws and regulations. For example, Personal Data may be used:

to respond to a verified request relating to a criminal investigation (e.g. subpoena, court order or substantially similar legal procedure) or alleged illegal activity or any other activity that may expose us or any of our service providers, or you, to any legal proceeding or legal liability;
to meet or comply with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on us (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations); and/or
to respond to requests from public and government authorities, including public and government authorities outside your country of residence.

To provide you with customer support services: We process your Personal Data any time that you reach out to our Customer Support team with issues arising from your account or your use of the Services. For example, Personal Data may be used:

to respond to your inquiries and support needs and to fulfill any other request you may have made to us;
to notify you of any other important information regarding the Services and to contact you where necessary;
to send you administrative information, such as information concerning changes to the Policies or other announcements regarding the Services; and/or
to otherwise provide customer support services to you.

To optimize and enhance the Services: We use your Personal Data to understand how our products and Services are being used and to help us improve the Services and develop new products. For example, Personal Data may be used:

to personalize your experience by presenting content tailored to your interests;
to develop new features of the Services or other products offered by us;
to allow you to participate in usability studies, surveys and product tests;
to aggregate statistical data regarding the Services;
to conduct research and analysis aimed at reviewing and improving the Services; and/or
to perform data analysis and audits for the purpose of improving or developing new features or services relating to the Services.

To market our products to you: Based on your communication preferences, we may send you marketing communications (e.g., emails or mobile notifications) to inform you about our events; to deliver targeted marketing; and to provide you with promotional offers. Our marketing will be conducted in accordance with your advertising/marketing preferences and as permitted by applicable law. (See our Marketing Policy herefor additional information.)
For other business purposes: We may use your Personal Data for additional purposes if (i) that purpose is disclosed to you before the Personal Data is collected or (ii) you consent to such use. From time to time, and as required under applicable law, we may request your permission to allow us to share your Personal Data with third parties not presently covered by this Privacy Policy, or to use your Personal Data for a purpose that is incompatible with the purposes for which it was originally collected or for which your consent was subsequently obtained. If you choose to limit the use of your Personal Data, certain features of the Services may not be available to you.

Sale or Other Disclosure of Personal Data

As a matter of principle, we do not sell, rent, release, disseminate, make available, transfer, exchange, share, communicate or otherwise disclose (hereinafter “disclose”) your Personal Data to third parties for their marketing purposes, or for other purposes not contemplated by this Privacy Policy or permitted under applicable law. Subject to restrictions imposed under applicable law, this shall not prejudice our right to disclose your Personal Data to others (including public authorities, law enforcement agencies, data protection authorities or regulatory agencies, government officials or any other authorized third party) for the purposes listed in this Privacy Policy, if:

it is necessary for the conclusion or the performance of a contract or for the provision of the Services;
it is required by law or by virtue of public interest;
it is required pursuant to a civil, criminal or regulatory inquiry, investigation, subpoena or summons;
it is required by virtue of your vital interest;
it is necessary to pursue the Company’s legitimate business purposes, including the exercise or defense of legal claims;
you have given your consent; or
it is so allowed on another legal basis.

We may provide the Personal Data to any of the LINE NEXT Affiliates if the LINE NEXT Affiliate is appointed or engaged by us to provide any part of the Services. We shall procure that the LINE NEXT Affiliates abide by this Privacy Policy so as to protect your Personal Data.

In addition, we may disclose your Personal Data to third parties in the following circumstances:

To financial institutions with which we partner to process payments you have authorized.
To service providers under contract who assist in the provision of Services or help with parts of our business operations (“Outsourced Contractors”). In such circumstances, we will take steps to ensure that each Outsourced Contractor abides by the applicable privacy laws, including by adequately assessing the qualifications and eligibility of such Outsourced Contractor, stipulating a confidentiality clause in the relevant agreement with such Outsourced Contractor, and establishing an appropriate information administration system. Our contracts require these Outsourced Contractors to only use your information in connection with the services they perform for us, and prohibit them from selling your information to anyone else. Examples of the types of Outsourced Contractors we may share Personal Data with from time to time (other than those mentioned above) include those providing the following types of services:

Security threat detection
Payment processing
Transaction monitoring
Custody
Customer support
Internet (e.g., ISPs)
Data analytics
Information technology
Advertising and marketing
Data processing
Network infrastructure
Data storage and document repository services
Tax reporting

To companies or other entities that we plan to merge with or be acquired by, to the extent permitted under applicable law. You will receive prior notice of any change in applicable policies.
To companies or other entities that purchase our assets pursuant to a court-approved sale or where we are required to share your information pursuant to insolvency laws in any applicable jurisdiction.
To our professional advisors who provide banking, legal, compliance, insurance, accounting or other consulting services, including to complete third-party financial, technical, compliance and legal audits of our operations or to otherwise comply with our legal obligations.
To law enforcement officials, or other third parties when we are compelled to do so by a subpoena, court order or similar legal procedure, or when we believe in good faith that the disclosure of such Personal Data is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of the LINE NEXT Inc. Terms of Service or any other applicable Policies.

Shared Use of Information

During the period when you use the Services, your Personal Data may be processed and used in the form(s) of printed documents and/or electronic files or otherwise by us, the LINE NEXT Affiliates, and/or the Outsourced Contractors within and/or outside the United States.

To facilitate our global operations, we may transfer, store, and process your Personal Data within our family of companies, partners, and service providers based throughout the world, including Japan, Singapore, South Korea, the United Kingdom, the United States, and possibly other countries. We contractually obligate recipients of your Personal Data to agree to at least the same level of privacy safeguards as required under applicable data protection laws. By communicating electronically with us, you acknowledge and agree to your Personal Data being processed in this way.

User's Rights

You may, at any time, confirm, supplement or correct your registered Personal Data on the Services. You can also deactivate your account according to the LINE NEXT Inc. Terms of Service.

You may, by contacting us via the methods described at the end of this Privacy Policy, view or request a copy of your Personal Data which we have collected from your use of the Services.

You may, by contacting us via the methods described at the end of this Privacy Policy, send us a request to correct or add to your Personal Data, if you find that your Personal Data registered with us has changed or is incorrect. You may request us to delete, or discontinue collecting, processing or using your Personal Data unless we are allowed to continue to keep, process or use your Personal Data as permitted by applicable laws and regulations.

When you request access to your Personal Data (including copies of your Personal Data) that you are unable to confirm/access through the Services, we may (subject to limitations imposed under applicable law) charge you a fee for the disclosure procedures.

You can choose freely whether or not you will provide us with your Personal Data; however, you may be unable to use all or part of the Services until you have provided us with the necessary information.

Information for California Residents

We are required under the California Consumer Privacy Act of 2018 (“CCPA”) to provide certain information to California residents about how we collect, use and share their personal information, and about rights and choices California residents may have concerning their personal information. For purposes of this section, “personal information” has the meaning provided in the CCPA (and would typically include Personal Data, as such term is used in this Privacy Policy).

Personal information that we collect, use, and share

As a newly-launched business, we do not have a record of collection, use and sharing of personal information during the preceding 12-month period. For ease of reference, however, the chart below shows how we intend to use the categories of personal information that are expected to be collected, used and disclosed upon (or in connection with) the launch of our operations. We do not “sell” any personal information, as “selling” is defined under the CCPA.

Personal Information Category	Sources of Personal Information	Purpose of Collecting Personal Information	Disclosure of Personal Information
(A) Identifiers such as real name, alias, phone number, online identifier, IP address, email address, account name, Service IDs, or other similar identifiers	Information you provide us; Information collected from you automatically; Information collected from third parties	Sections 4A, 4B, 4C, 4D, 4E, 4F, 4G and 4H	- Financial institutions - Service providers - Professional advisors - Our Affiliates
(B) Customer records	Information you provide us; Information collected from third parties	Sections 4B, 4E and 4F	- Financial institutions - Service providers - Our Affiliates
(C) Protected classifications under California and federal law, including gender, age and citizenship	Information you provide us; Information collected from third parties	Section 4E	- Professional advisors
(D) Commercial information such as records of services purchased, obtained, or considered	Not collected	Not applicable	Not applicable
(E) Biometric information	Not collected	Not applicable	Not applicable
(F) Usage Data, including Internet or other electronic network activity information (such as browsing history and search history), and other online identifiers	Information we collect from you automatically	Sections 4A, 4B, 4C, 4D, 4F, 4G and 4H	- Third party identity verification services - Service providers - Professional advisors - Our Affiliates
(G) Geolocation data	Information we collect from you automatically	Sections 4A, 4C and 4E	- Third party identity verification services - Service providers - Our Affiliates
(H) Sensory data, such as audio, electronic, visual information	Not collected	Not applicable	Not applicable
(I) Professional or employment-related information	Not collected	Not applicable	Not applicable
(J) Education information (not publicly available)	Not collected	Not applicable	Not applicable
(K) Inferences about preferences, characteristics, predispositions, etc.	Information you provide us; Information we collect from you automatically	Sections 4G and 4H	- Service providers - Professional advisors - Our Affiliates

California privacy rights

California consumers have the following rights under the CCPA with respect to their personal information. Please understand, however, that these rights are not absolute and in certain cases are subject to conditions or limitations as specified in the CCPA. Accordingly, we may decline requests as permitted under applicable law.

Right to Request Access. You may submit a request that we disclose the categories and specific pieces of personal information that we have collected, used or disclosed about you in the past 12 months.
Right to Request Deletion. You may submit a request that we delete the personal information that we have about you.

Right to Opt Out of Sale of Personal Information. You have the right to opt out of the sale of your personal information. We do not sell personal information of Users within the meaning of the CCPA.

Right Not to Receive Discriminatory Treatment. You have the right to exercise the privacy rights conferred by the CCPA without discriminatory treatment.

You may submit a request to access or delete your personal information by emailing us at dl_dosi_privacy@linecorp.com. We are legally obligated to verify your identity when you submit a request. We may request additional information from you to verify your identity. If you submit a request to delete your personal information, you will also be required to confirm the deletion request by email.

You may designate an agent to make a request under the CCPA on your behalf. Your authorized agent must submit proof that you have provided them with power of attorney pursuant to California Probate Code sections 4121 to 4130 or that they are registered with the California Secretary of State to be able to act on your behalf. We may deny a request from a purported authorized agent who does not provide proof of authorization to act on your behalf, or if we are unable to verify the agent’s identity.

Please note that we are not obligated to provide you with a copy of your personal information more than twice in a 12-month period.

Anonymized and Aggregated Data

Anonymization is a data processing technique that removes or modifies personal information so that it cannot be associated with a specific individual. Except for this section, none of the other provisions of this Privacy Policy applies to anonymized or aggregated customer data (i.e., information about our customers that we combine together so that it no longer identifies or references an individual customer).

We may use anonymized or aggregated customer data for any business purpose, including to better understand customer needs and behaviors, improve our products and services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third parties. Types of data we may anonymize include transaction data, clickstream data, performance metrics, and fraud indicators.

Third-Party Sites and Services

If you authorize one or more third-party applications to access the Services, then information you have provided to us may be shared with those third parties. A connection you authorize or enable between your LINE NEXT Inc. account and a non-LINE NEXT Inc. account, payment instrument, or platform is considered an “account connection.” Unless you provide further permissions, we will not authorize these third parties to use this information for any purpose other than to facilitate your transactions using the Services. Please note that third parties you interact with may have their own privacy policies, and we are not responsible for their operations or their use of data they collect. Information collected by third parties, which may include such things as contact details or location data, is governed by their privacy practices and we are not responsible for unauthorized third-party conduct. In addition, information that we share with a third party based on an account connection will be used and disclosed in accordance with the third party’s privacy practices. We encourage you to learn about the privacy practices of those third parties.

Information Security

We maintain (and contractually require third parties we share your Personal Data with to maintain) appropriate physical, technical and administrative safeguards to protect the security and confidentiality of the Personal Data you entrust to us.

We may store and process all or part of your personal and transactional information, including certain payment information, such as your encrypted bank account and/or routing numbers, in the United States and elsewhere in the world where our facilities or our service providers are located. We protect your Personal Data by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations. For example, we use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to Personal Data only for those employees who require it to fulfill their job responsibilities.

However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own Personal Data. When registering with our Services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.

Furthermore, we cannot ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us using the contact information provided in this Privacy Policy.

If you discover an issue related to the third-party wallet products, please contact your wallet provider.

Retention of Personal Data

We store your Personal Data securely throughout the life of your account. We will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your Personal Data are described below.

Personal Data collected to comply with our legal obligations under financial or anti-money laundering laws may be retained after account closure for as long as required under such laws.
Content that you post on our website such as support desk comments, photographs, videos, blog posts, and other content may be kept after you close your account for audit and crime prevention purposes (e.g. to prevent a known fraudulent actor from opening a new account).
Recording of our telephone calls with you including transaction records may be kept for a period of at least five years.
Information collected via technical means such as cookies, webpage counters and other analytics tools is kept for a period of up to one year from expiry of the cookie.

Withdrawal from the Services

If you decide to deactivate your account for the Services and not to keep using the Services, all information (including, without limitation, the Personal Data) relating to you will be handled in accordance with applicable law, this Privacy Policy, and our other applicable policies, but such deactivation shall not be considered as a withdrawal of consent for our use and disclosure of such information unless it is otherwise informed in writing.

If you withdraw your consent to any or all use of your Personal Data, depending on the nature of the request, we may not be in a position to continue to provide the Services to you.

A Special Note about Personal Data of Minors

Minors who lack the legal capacity to contract under any applicable laws shall not set up a personal account on the Site to use the Services. We do not knowingly request to collect personal information from any person under the age of 19. If a User submitting personal information is suspected of being under the age of 19, we will require that User to close his or her account and will not allow that User to continue using the Services. We will also take steps to delete such User’s Personal Data as soon as possible. Please notify us if you know of any individuals under the age of 19 using our Services to we can take action to prevent access to our Services.

Modifications to this Privacy Policy

This Privacy Policy may be revised from time to time. If we make any material change, we will notify you by email (sent to the email address specified in your account), by means of a notice on our site prior to the change becoming effective, or as otherwise required by applicable law.

You can access the latest version of this Privacy Policy By visiting, accessing, or using the Services following any change to this Privacy Policy, you are consenting to the new Privacy Policy.

Inquiries and Complaints

If you have any uncertainty about this Privacy Policy or questions, complaints, access and/or correction requests or comments on the handling of Personal Data related to the Services, you should contact us via dl_dosi_privacy@linecorp.com.

If you believe that we have infringed your rights, you may contact the LINE NEXT Inc. Data Protection Officer at c/o dl_dosi_privacy@linecorp.com

Version

This Privacy Policy was created on 2022.12.12

Privacy Policy Addendum for EU GDPR

General

For LINE NEXT Inc., which operates an asset management service for companies under the name as “DOSI Biz” (hereinafter the “Company”), the protection of your privacy is a primary concern.

Please note that this Addendum for GDPR is prepared for persons in the European Union (“EU”), the European Economic Area (“EEA”) and other locations subject to EU data protection law (collectively, “Europe”), in each case who may want to use the services offered and made available by the Company (including the NFT Service and associated website and web applications) (hereinafter the “Company Services”). The Company recognizes, and to the extent applicable to it, adheres to the relevant EU data protection laws. For purposes of this Addendum for GDPR, “Personal Data” has the meaning provided in the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

This Addendum for GDPR is fully incorporated and made part of LINE NEXT Inc. (DOSI Biz) Privacy Policy (hereinafter the “Privacy Policy”). In the case of any conflict between a provision of this Addendum for GDPR and the main Privacy Policy, however, this Addendum for GDPR shall control.

If you are dissatisfied with any aspect of our Addendum for GDPR, you may have legal rights which we have described below where relevant.

Scope

This Addendum for GDPR shall apply to the processing, including the collection, use, retention and disclosure, by the Company of Personal Data (i.e. information relating to an identified or identifiable natural person) concerning individuals who are located in Europe at the time their Personal Data is collected (“you”).

Description of the Company’s activities

The Company’s commercial activity consists in providing you with the NFT Service and associated website and web applications, including access to the Services, the ability to purchase and hold NFTs listed for sale at the Services

Definitions & interpretation

In this Addendum for GDPR, unless the context otherwise requires:

a reference to a document is a reference to that document as modified or replaced from time to time.
a reference to a person shall include any company, corporation or any corporate body wherever incorporated.
words importing the singular shall be treated as importing the plural and vice-versa.
unless expressly stated otherwise, any heading, caption or section title contained in this Addendum for GDPR is inserted only as a matter of convenience and in no way defines or explains any section or provision hereof.

Data controller & data protection officer

The Company, which is incorporated under the laws of the State of Delaware in the United States and whose principal office is located in the State of California in the United States, is the legal entity responsible for the collection and processing of your Personal Data.

As regards the processing of Personal Data concerning persons within the European Union, the Company has designated the following representative in the European Union:

Representative: PLANIT // LEGAL

Attn: LINE NEXT Inc. EU Representative

Jungfernstieg 1, 20095 Hamburg, Germany
Contact details: dl_dosi_privacy@linecorp.com

The representative is mandated by the Company to be the recipient on behalf of the Company of all issues related to processing of Personal Data concerning persons within the European Union.

Categories of Personal Data collected and processed

Categories of Personal Data collected directly from you

Categories of Personal Data collected directly from you are set forth in the Privacy Policy, as set forth in Section 1.

Categories of Personal Data collected from other sources

In addition to Personal Data collected directly from you, the Company collects Personal Data relating to you from other sources, which may include information collected from third parties and information collected from you automatically. Categories of Personal Data collected in each of these manners are set forth in the Privacy Policy, as set forth in Section 1.

Possible consequences of a refusal to provide your Personal Data or to consent to the transfer of your Personal Data

Certain of the Personal Data we collect from you are required to enable us to fulfill our contractual duties to you or to others. Other items may simply be needed to ensure that our relationship can run smoothly.

Depending on the type of Personal Data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfill our contractual requirements or, in extreme cases, may not be able to continue providing the Company Services.

Your refusal to give your express consent to the transfer of your Personal Data outside the European Union as detailed below is a case where we will be unable to provide you with the Company Services.

The purposes of the processing

The Company processes your Personal Data in accordance with the Privacy Policy.

Legal bases allowing to collect and process your Personal Data

The collection and processing of your Personal Data by the Company in relation to the Company Services is lawful under Article 6 of the GDPR as it complies with one or more of the legal bases for processing Personal Data as follows:

it is necessary for the performance of a contract to which you are party or in order to take steps, at your request, prior to entering into such contract.
it is necessary to conduct anti-fraud and identification verification and authentication checks and to fulfil the Company’s retention obligations and otherwise comply with laws and regulations applicable to the Company’s business and operations.
you have, if expressly set forth, given your consent to the processing of your Personal Data for certain purposes outlined in the consent request.
it is necessary for the purposes of the Company’s legitimate interests which are not overridden by your interests or fundamental rights and freedoms. The Company’s legitimate purposes consist in particular in the promotion of its economic activities and in the effective provision of the Company Services, as those will allow the Company to generate profits and to attract new customers, as well as (to the extent not addressed above) compliance with applicable laws and regulations (whether inside or outside Europe).

Conditions applicable to your consent

Please note that you have at any time the right to withdraw your consent and we will cease to carry out that particular activity unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition. The withdrawal of your consent shall however not affect the lawfulness of processing based on your consent before its withdrawal.

Age limit

The Company Services shall only be used by persons that are over 19 years old.

Keeping your Personal Data up-to-date

You shall ensure that all your Personal Data processed by the Company are accurate, complete, true, correct and up to date. Your failure to do so may result in you being unable to use the Company Services. The Company shall not be liable for keeping and processing inaccurate information in a case where you did not meet your obligation to keep your Personal Data up-to-date.

Your data protection rights

General

To exercise your data protection rights outlined in this section, you can contact the Company by sending an email to dl_dosi_privacy@linecorp.com

Please make clear in your request which Personal Data you would like to:

access
rectify
port
request the restriction of processing; or
request erasure.

Please note that we may keep a record of your communications to help us resolve any issues which you raise.

Please be aware that your data protection rights are not absolute and it remains the case that, in accordance with applicable data protection laws, your rights may be withheld. In such event, the Company will provide you with the reasons for not complying with your request.

The Company shall process your request as soon as reasonably practicable and the Company will provide you with information on actions taken without undue delay and in any event within one month of receipt of your request. This period may be extended by a further two months where necessary, taking into account the complexity and number of your request. In this event the Company will inform you of any such extension within one month of the receipt of your request, together with the reasons for the delay.

In the event that the Company decides to not comply with your request or has not processed your request within the aforesaid timeframe, you can lodge a complaint with the national supervisory authority (see below) and you can seek a judicial remedy against the Company’s decision.

Your right to access, rectification, restriction of processing and erasure of your Personal Data & your right to data portability

You have, if applicable and within the limits of applicable data protection laws, the ability to request access to your Personal Data as processed by the Company and to seek the rectification of incomplete or inaccurate Personal Data or erasure of your Personal Data or to request the restriction of its processing. You also have the right to be informed of a Personal Data breach (unless the breach is unlikely to be prejudicial to you).

You have, within the limits of applicable data protection laws, the right to receive the Personal Data you have submitted to the Company in a structured, commonly used and machine-readable format and to transmit such Personal Data to another controller without hindrance. The Company will, where applicable and technically feasible, transmit your Personal Data directly to the data controller of your choice.

When handling requests to exercise European data privacy rights, the Company checks the identity of the requesting party to ensure that such person is the person legally entitled to make such request. While the Company maintains a policy to respond to such requests free of charge, should your request be repetitive or unduly onerous, the Company reserves the right to charge you a reasonable fee for complying with your request.

Your right to object

If applicable in accordance with applicable data protection legislation, you have the right to object, on grounds relating to your particular situation, at any time, to the processing of your Personal Data by the Company (including profiling based on your Personal Data) , unless:

(a) there exist compelling legitimate grounds for such processing which override your interests, rights and freedoms; or

(b) the processing is necessary for the establishment, exercise or defence of legal claims.

Notwithstanding the foregoing, please be aware that you have the right to object at any time to processing of your Personal Data for direct marketing purposes (including profiling to the extent that it is related to such direct marketing). In this event, you may opt-out of such processing by sending an email to dl_dosi_privacy@linecorp.com

International transfers of Personal Data

The Company will transfer your Personal Data to third countries of its choice, in particular the United States, South Korea and Japan. Such transfers to third countries may be based on:

Contractual Obligations: Where transfers are necessary to satisfy the Company’s obligations to you under its Terms of Service, including the provision of the Company Services and customer support services, and to optimize and enhance the Company Services.
Consent: Where you have consented to the transfer of your Personal Data to a third country.

The Company expects that the primary data storage location for Personal Data will be in Japan.

Japan and South Korea have been considered by the European Commission to provide an adequate level of protection for personal data.

Considering the absence of an adequate level of protection for your Personal Data in the United States, the Company deploys the following safeguards:

Standard Contractual Clauses: the Company provides Standard Contractual Clauses approved by the European Union to meet GDPR requirements for your Personal Data that operate in the United States.

Where transfers to a third country are based on your consent, you may withdraw your consent at any time. However, the Company Services may not be available to you if the Company is unable to transfer your Personal Data to third countries.

Disclosure and Sharing of Personal Data

The Company may disclose and/or share your Personal Data to others in accordance with applicable laws and regulations, in particular with a view to accomplish the purposes set forth in the Privacy Policy. The Company will not sell your Personal Data.

Recourse to service providers

The Company may disclose and/or share your Personal Data to its service providers (including namely processors), in particular to fulfil the purposes set forth in the Privacy Policy.

The Company’s service providers, which are contractually bound to the Company, shall be allowed to process your Personal Data on the Company’s behalf.

Categories of recipients of your Personal Data

Categories of recipients with which the Company may disclose and/or share your Personal Data, as well as information regarding certain specified service providers and other third parties with which your Personal Data may be shared, are set forth in the Privacy Policy, as set forth in Section 5

Security of Personal Data

The Company protects your Personal Data by using appropriate administrative, technical and organisational security measures to reduce the risks of loss, theft, misuse, unauthorised access, disclosure, destruction and alteration of your Personal Data. These security measures include:

The Company stores critical Personal Data with encryption;
The Company encrypts with SSL, HTTPS, and TLS;
The Company regularly scans the Company’s Website to detect vulnerabilities and security issues and implements additional security measures to identified security issues immediately;
The Company regularly perform internal and external penetration testing to validate security level;
The Company operates a 24x7 CSIRT (Computer Security Incident Response Team) to monitor security events;
The Company operates a Risk Management team, monitoring any suspicious or fraudulent activities involving the Company Services;
The Company conducts security awareness training for employees on a yearly basis;
The Company has a cybersecurity policy for securing the confidentiality, integrity, and availability of Personal Data;
Access to Personal Data is granted with approval and based on “need-to-know” policy.

The Company security measures will be reviewed regularly in light of relevant legal and technical developments. Please be aware, however, that today no processing, transmission or storage of data, including Personal Data – even in high security environments and notwithstanding any appropriate security measures – ensures absolute protection.

If you have reason to believe that your Personal Data is no longer secure, you shall immediately notify such information to the Company by contacting us at dl_dosi_privacy@linecorp.com

External Websites

Occasionally, the Company Services may provide references or links to, or facilitate access to, other websites or other online services, including applications (hereinafter "External Websites or Apps").

The Company does not control such External Websites or Apps or any of their content.

The Company shall in no way be responsible or liable for such External Websites or Apps to which the Company makes reference or provides a link, whether directly or indirectly. The Company shall in particular be in no way responsible or liable for External Websites' or Apps’ content, any information displayed thereon, policies, privacy standards, failures, promotions, products, any practice, services or actions and/or any damages, losses, failures or problems caused by, related to, or arising from those sites.

Please be aware that the inclusion of a link or any other reference within the Company Services does not imply endorsement of an External Website or App by the Company and it remains the case that such External Websites or Apps have separate and independent privacy policies. The Company consequently encourages you to review the policies, rules, terms, privacy practices and regulations of each site that you visit.

The Company seeks to protect the integrity of the Company Services and thus welcomes any feedback about External Websites or Apps referred to within the Company Services.

Storage of your Personal Data

Without prejudice to the Company’s right to further process your Personal Data for purposes that are not incompatible with the initial purpose, and subject to the Company’s own legal and regulatory obligations, the Company retains your Personal Data only for as long as necessary to fulfil the purposes described in the Privacy Policy, or as required by the laws of the United States or other applicable law.

After the storage of your Personal Data is no longer necessary, including for our record keeping obligations, the Company shall proceed with the erasure of your Personal Data in a secure manner.

Updates to this Addendum for GDPR

The present Addendum for GDPR has been made available to you prior to your use of Company Services.

The Company reserves the right to revise, change, modify, update, supplement, add or remove portions of the Addendum for GDPR, at any time, in its sole discretion. When the Company makes such changes to the Addendum for GDPR, the Company will post the updated notice on the Website in order to keep you informed on the changes. It is your responsibility to review the amended Addendum for GDPR.

Your continued use of the Company Services subsequent to the notification of such changes, or the absence of any objection thereto within thirty days from the date the amended Addendum for GDPR has been made available on the Company Website, constitutes your acceptance of the amended Addendum for GDPR.

Merger/Corporate Acquisition

If the Company merges with another company or entity, of whatsoever form, or is partially or entirely acquired by such company or entity, the acquiring company or entity shall have access to all your Personal Data in the Company’s possession. Without prejudice to the right to update the present Addendum for GDPR, the acquiring company or entity shall be bound by this Addendum for GDPR.

Automated Decision Making

The Company may engage in automated decision making for certain purposes, including making improvements to the Services.

Questions or complaints

If you have questions or concerns about this Addendum for GDPR or seek additional information about the processing activities carried out by the Company when providing the Company Services, you can contact us using the contact details below:

Email: dl_dosi_privacy@linecorp.com

If you do not feel satisfied with the response given or actions taken, you have the right to lodge a complaint with a supervisory authority—in particular in the European Union Member State of your residence, your place of work or the place of the alleged violation.