LINE Pay Corporation (the “Company”) will process customer information as described below in its services, including the issuance of prepaid payment instruments, payment services such as funds transfer services, and electronic payment services (collectively, the “Services
1. Acquisition of Customer Information
The Company will acquire customer information in the Services according to the following methods.
(1) Customer information collected directly from the customer using the Services
- Customer’s registration information
Customer’s name, address, occupation, gender, date of birth, password, phone number, nationality, email address, company name/organization name, division name/title, location of company, and other contact information, information related to the representative, etc., information related to the business description and substantial controlling person, other corporate information, information related to public certificates such as a driver’s license and resident certificate
- Information related to customer’s transactions
Credit card information, information related to the customer’s bank account, and purpose of transactions
- Other information
All information provided from the customer to the Company incidental to the provision of the Services
(2) Customer information collected in relation to the use of the Services
- Cookie information, customer’s status of use of the Services (including access logs, etc.), information regarding customer’s terminal, online activities, location information, information related to customer’s communications (including IP address, browser information, browser language preferences, etc.)
- Information related to the issuance, purchase, transfer, use, remittance, cashing and extinguishment of the Services, payment information, information related to hobbies, preferences, opinions and evaluations, and other information related to the Services and their use, individual number and specific personal information (the customer’s individual number and specific personal information are hereinafter collectively referred to as the “Specific Personal Information, etc.”)
- ID and authentication information, etc. (the customer’s ID and authentication information, etc. are hereinafter collectively referred to as the “Authentication Information”) of websites operated by financial institutions and other third parties (including third parties in a foreign country; hereinafter the same).
(3) Customer information collected from business partners and third parties
- Information such as account balance, transaction history, and usage history collected from third parties such as financial institutions by using the customer’s Authentication Information or through API integration
- All information including personal information provided by business partners, etc. to the Company incidental to providing the Services to the customer
- The Company may collect, from business partners, etc., information such as the customer’s identifiers (internal identifier, advertisement identifier, etc.), one-way encrypted (hashed) email address and phone number, information regarding the customer’s terminal, online activities, location information, information related to the customer’s communication (including IP address, browser information, browser language preferences, etc.) in order to use the same for distributing advertisements from business partners, etc., measuring the effectiveness of advertisements, creating and providing statistical information and so on.
2. Purposes of Use of Customer Information
The Company may use the collected customer information for the following purposes. Furthermore, the Company will not handle the collected customer information beyond the scope of the purposes of use unless the customer’s consent has been obtained or it is otherwise permitted under applicable law. The Company will take proper measures so that the customer information will not be used outside the permitted purposes.
(1) For the provision, improvement and development of the Services
- For registering customer information and opening an account in relation to the Services
- For enabling the customer to use the Services smoothly
- For executing transactions related to the customer’s purchase of products and/or services through the Services
- For processing the billing in cases such as the purchase of products and use of paid services
- For analyzing the status of use of the Services, and creating statistical data related to the use of the Services
- For improving the service level of the Services
- For sending materials related to the Services
- For identity verification in cases where the customer uses the Services or makes inquiries
- For answering inquiries from the customer and providing other customer support
- For soliciting, selling, and introducing products and services and performing questionnaire surveys from the Company, LINE Corporation, LINE’s financial group companies (referring to LINE Corporation’s subsidiaries or affiliates engaged in business overseen by the Financial Services Agency or engaged in equivalent business in a foreign country, or subsidiaries or affiliates of such subsidiaries or affiliates; the definitions of “subsidiary” and “affiliate” shall be pursuant to the “Regulation on Terminology, Forms, and Preparation Methods of Financial Statements”, and shall include subsidiaries and affiliates in foreign countries; hereinafter the same), and their partner companies
- For drawing lots and sending prizes in campaigns, etc.
- For planning, developing and providing new features or services related to the Services
- For data management and data security of customer information
- For making necessary communications such as important announcements related to the Services
(2) For the prevention of unauthorized use of the Services
- For preventing unauthorized use
- For identity verification and communication in the event of any unauthorized use
(3) For personalization and advertisement distribution
- For analyzing the customer’s transaction history and online activities and information collected from LINE Corporation and LINE’s financial group companies, and delivering information based on such analysis, such as information related to the Services that meets the customer’s needs or advertisements of advertisers other than the Company
- For analyzing the customer’s transaction history and online activities and information collected from LINE Corporation and LINE’s financial group companies, and providing customized Services to the customer based on such analysis
3. Handling of Sensitive Information and Specific Personal Information, Etc.
(1) Handling of Sensitive Information
Except for the following cases, the Company will not collect or use Sensitive Information (*) or provide Sensitive Information to any third parties.
(*) The term “Sensitive Information” means special care-required personal information and information on individuals’ membership in a labor union, family origin, registered domicile, healthcare, and sex life (excluding any information made public by the principal or a national government organ, local public entity, or academic research institution, and seemingly-clear information acquired by visual observation, filming or photographing of the individual).
- Cases in which the handling of Sensitive Information is based on applicable laws and regulations:
- Cases in which there is a need to provide Sensitive Information to credit card companies, financial institutions and payment agencies affiliated with the Company for the inspection and criminal investigation of any unauthorized use of the Services
- Cases in which the handling of sensitive information is necessary for the protection of people's lives, bodies or property
- Cases in which the handling of sensitive information is especially necessary for the improvement of public hygiene and the promotion of the sound growth of children
- Cases in which there is a need to offer cooperation to a national government organ, local public entity, or a person entrusted thereby in their performance of affairs prescribed in applicable laws and regulations
- Cases in which there is a need to collect, use, or provide to a third party, any Sensitive Information of its employees, etc. concerning their affiliation to or membership in a political or religious group or labor union within the scope necessary for the performance of affairs relating to withholding taxes, etc.
- Cases in which the Company collects, uses, or provides to a third party, any Sensitive Information to the extent necessary for performing the transfer of rights and obligations arising from inheritance procedures
- Cases in which the Company uses any biometric information, which falls under the category of Sensitive Information, based on the consent of the principal for the purpose of identity verification
(2) Handling of Specific Personal Information
The Company will use Specific Personal Information, as defined in the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures of Japan (Act No. 27 of May 31, 2013), within the scope of the following purposes of use pursuant to the same, the Act on the Protection of Personal Information of Japan (Act No. 57 of May 30, 2003) (the “APPI”), and other applicable laws and regulations.
- For identity verification pursuant to the Act on Submission of Statement of Overseas Wire Transfers for Purpose of Securing Proper Domestic Taxation of Japan
4. Provision of Customer Information
Except for the following cases, the Company will not provide customer information to any third party.
- Cases in which the customer’s prior consent has been obtained
- Cases based on applicable laws and regulations
- Cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain the customer's consent
- Cases in which there is a special need to enhance public hygiene or promote the fostering of healthy children, and when it is difficult to obtain the customer's consent
- Cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them to perform affairs prescribed by applicable laws and regulations, and when there is a possibility that obtaining the customer's consent would interfere with the performance of the said affairs
- Cases in which customer information is succeeded in the Company’s business succession based on merger, company split, business transfer or any other reason
- In addition to the above, cases in which such provision is permitted under the APPI
Notwithstanding the above, the Company will not provide Specific Personal Information to any third party, other than in cases based on applicable laws and regulations.
In case that a customer selects a credit card payment as the payment method in the Services, the customer must agree that in order to execute the credit card transaction the Company provides customer information to credit card companies, financial institutions, and our affiliated payment service providers, etc.
5. Disclosure of Customer Information to Contractors
The Company may entrust all or part of the processing of the customer information to a domestic or foreign contractor to the extent necessary to achieve the purposes of use. In that case, the Company will fully screen the qualifications as such contractor, execute a contract including matters related to confidentiality and supervision with the contractor, and establish a system so that the contractor will take measures to comply with the OECD Privacy Principles and manage information appropriately.
For details regarding foreign contractors, please see 7.(2) below.
6. Sharing of Customer Information among Group Companies
The Company will share and jointly use customer information in the following manner.
[Customer information to be shared]
- Customer information (but excluding Sensitive Information) collected by the Company as described in 1. above.
[Scope of recipients]
- LINE Corporation and LINE’s financial group companies
The Company shall execute a contract including matters related to confidentiality and data protection with these recipients, and establish a system so that the recipients will take measures to comply with the OECD Privacy Principles and manage customer information appropriately.
For details regarding foreign recipients, please see 7.(2) below.
[Recipients’ purposes of use of customer information]
- The recipients' purposes of use shall be the same as the purposes of use indicated in the foregoing “2. Purposes of Use of Customer Information” (provided that, for the purposes of use by the recipients, “Company” shall be replaced with “LINE Corporation and LINE’s financial group companies”, and “Services” shall be replaced with “services provided by LINE Corporation and LINE’s financial group companies”).
[Person responsible for management of customer information]
7. Storage and Transfer of Customer Information
(1) Storage of customer information)
The Company stores customer information in a data center located in Japan, and uses cloud services, SaaS, etc. of outside business operators located in Japan and the United States. When handling customer information in countries or regions outside of Japan, the Company takes proper security control measures upon comprehending the legal systems of such countries or regions.
(2) Transfer of customer information to foreign countries
In the handling of customer information described in 4. to 6. above, there may be cases where customer information stored in the foregoing data center is accessed from a foreign country and transferred to a foreign company in the following cases.
Even in the foregoing cases, the Company will take measures such as obligating the transferee to perform proper security control based on the service contract, etc. and otherwise managing and supervising the transferee, take proper encryption measures in the access path to the customer information, and take other necessary measures to appropriately protect customer information complying with the Company’s security standards.
- Provision of credit card payment service
In case that a customer selects a credit card transaction as the payment method in the Services, in order to execute the credit card transaction, the Company will provide customer information to credit card companies, financial institutions, and our affiliated payment service providers, etc. (including their contractors) located in the following countries or regions.
Transferees of customer’s credit card information and information related to customer’s transactions:
- CyberSource International, Inc. (the United States)
- Development and operation of system (contractor)
Companies (including group companies and their contractors) located in the following countries or regions may access customer information for the development and operation of the services of LINE Corporation and LINE’s financial group companies. Employees of such companies will access customer information to the extent required to conduct their above-described business.
Transferees of customer’s registration information, information related to customer’s transactions, and information related to customer’s use of the Services:
- LINE Biz Plus Corporation (Korea)
- LINE Financial Plus Corporation (Korea)
- N Tech Services Corporation (Korea)
- LINE Plus Corporation (Korea)
Transferee of customer’s registration information:
- LINE VIETNAM JOINT STOCK COMPANY (Vietnam)
- Business related to overseas services (sharing among group companies)
In Taiwan and Thailand, LINE’s financial group companies are offering services that are similar to the Services as local services. In order to perform local customer support services and fraud prevention services, LINE’s financial group companies located in Thailand and Taiwan, as well as their contractor companies, may access customer information. Employees of such companies will access customer information to the extent required to conduct their above-described business.
Transferees of customer’s registration information and information related to customer’s transactions:
- LINE Pay Taiwan Limited (Taiwan)
- Telexpress (Taiwan)
- Rabbit LINE Pay Company Limited (Thailand)
- LINE Pay Plus Corporation (Korea)
- Provision of incentives associated with campaigns (contractor)
- The Company may grant rights related to the crypto-assets issued by foreign companies as an incentive in its campaign, etc. When providing this kind of incentive, the companies located in the following countries or regions may access customer information to the extent required to provide such incentives. Employees of such company will access customer information to the extent required to carry out such business.
Transferee of customer’s registration information:
- LINE NEXT Inc.(the United States)
- Information regarding transferees
For information on the system for the protection of personal information in countries and regions in which transferees are located, please see System for the Protection of Personal Information in Each Country.
The Company will establish a system so that customer information is appropriately managed at the transferees, such as by setting forth the transferee’s obligation to take measures to comply with the OECD Privacy Principles and matters related to data protection in the contract to be executed with the transferee, and confirm and supervise the status of handling of customer information at such transferee.
8. Security Control Measures
The Company will endeavor to store and manage customer information in an accurate and up-to-date manner, and take necessary and appropriate security control measures to prevent the leakage, etc. of customer information. The Company will also provide necessary and appropriate supervision regarding employees and contractors (including subcontractors) to handle customer information.
For the security control measures being taken by the LINE Group, please see Data Security
9. Installation of Modules from other Companies
10. Rights of Customers
(1) Request for notification of purposes of use and disclosure of personal information
Except for the following cases, the customer has a right to request the Company to notify the purposes of use or to disclose personal information by taking the procedures separately prescribed by the Company.
- Cases in which there is a possibility of harming the data subject or a third party's life, body, fortune or other rights and interests as a result of such notification or disclosure
- Cases in which there is a possibility of seriously interfering with the Company’s proper implementation of its business as a result of such notification or disclosure
- Cases in which such disclosure may result in a violation of applicable laws and regulations
- Cases in which it cannot be confirmed that the person requesting the disclosure of personal information is the data subject
When the customer requests the disclosure of personal information, the customer may be required to pay a disclosure fee according to the procedures separately prescribed by the Company.
(2) Request for correction, addition, deletion of personal information
If, as a result of the disclosure of personal information, the customer determines that the contents of the personal information retained by the Company are not factual, the customer may request the correction, addition or deletion of personal information according to the procedures separately prescribed by the Company. Upon such request, the Company will promptly conduct an inspection to the extent required for achieving the purposes of use, and correct, add or delete the personal information based on such result.
(3) Request for suspension of use and suspension of provision to a third party
The customer may request the Company to suspend the use of personal information or suspend the provision of personal information to a third party based on applicable laws and regulations. Upon such request, the Company will take appropriate measures according to the Act on the Protection of Personal Information of Japan.
In addition to the above, customers may at any time confirm and correct their registered information such as the email address and password on the service site.
While the provision of personal information from the customer to the Company is voluntary, if the Company does not receive the necessary information, there may be cases where the customer is unable to use part of the Services.
11. Information of Former Members
When a customer deletes an account for the Services, the Company will properly handle their customer information according to applicable laws and internal rules.
12. Personal Information of Customers below the Age of 15
When a customer below the age of 15 uses the Services and provide personal information, such customer shall obtain their guardian’s consent in advance.
13. Use of Google Analytics
In order to provide better quality services, the Services may use Google Analytics.
In Google Analytics, cookies are used to collect information which, by itself, is unable to identify a specific individual. Please see below for details on the scheme in which information is collected and processed with Google Analytics.
[How Google uses information from sites or apps that use our Services]
14. Personal Information Protection Policy
The LINE Group considers the protection of personal information as its top-priority issue in its business management and has thereby established a Personal Information Protection Policy. For more details, please see the Personal Information Protection Policy
LINE Corporation will provide the Company with information for use of the Services provided by the Company.
This supplemental policy will apply to customers using certain services provided by LINE Credit Corporation.
LINE Pay Corporation
1-1-1 Nishi-Shinagawa, Shinagawa-ku, Tokyo 141-0033
President and CEO, Takashi Maeda
Established on December 16, 2014
Revised on April 20, 2016
Revised on November 12, 2018
Revised on July 22, 2019
Revised on April 30, 2021
Revised on November 1, 2021
Revised on March 31, 2022
Revised on January 11, 2023
Revised on March 31, 2023
Revised on April 17, 2023