Privacy Policy

With respect to the ULTRAMAN DIGITAL CARD COLLECTION, an electronic card trading service using the ORICAL system, and all products and associated services related to it (hereinafter, collectively, the "Services"), ventus Inc. (Address: 7th Floor, Kasugacho Building, 1-33-13 Hongo, Bunkyo-ku, Tokyo, Representative: Yuta Umesawa; hereinafter, the "Company") recognizes the importance of protecting personal information, and will comply with the Act on the Protection of Personal Information (Act No. 57 of 2003; hereinafter, the "APPI"), and will appropriately handle user information (hereinafter, the “User Information”), including personal information, in accordance with the following Privacy Policy (hereinafter, the "Privacy Policy").

1. Collection of User Information

The User Information collected by the Company in the Services shall be as follows:

1. Information provided by the user:
   • Names, dates of birth and other profile related information;
   • Email addresses, phone numbers, addresses and other contact information;
   • Still image information sent to the Services
   • User’s Usage history of the Services
   • User’s behavioral history input or sent to the Services using the Services’ features;
   • User ID for TSUBURAYA Account; and,
   • Other information input or sent to the Services by the user.
2. Information provided by external services in the user’s use of the Services, through the use of the logins by other external services ID/accounts, or by allowing other external service IDs/accounts to be linked to the Services:
   • IDs used by users in these external services; and,
   • Other information the user allows to be disclosed to linked partner in accordance with the privacy settings for these external services.
3. Information collected by the Company when the user uses the Services:
   • Device information;
   • Referrer;
   • IP address;
   • Information related to server access logs;
   • Cookies, ADIDs, IDFAs, and other identifiers;
   • Location information;
   • Camera images from devices; and,
   • Cameras and images.

2. Purpose of Use

1. The Company uses User Information for the following purposes:
   • Provision, maintenance, protection, and improvement of the Services;
   • Billing and calculation of fees for the Services;
   • Personal authentication, delivery and display of advertisements and content based on personal authentication attribute information, device information, usage history, behavior history, location information and other information, and provision of special offers;
   • Advertisements and other marketing activities in the Company’s various services;
   • Provision of personal information to Tsuburaya Productions Co., Ltd., based on user consent or applications, as necessary for provision of the Services’ contents;
   • Emailing of information regarding the Services and other services and products, to the user's email address;
   • Conducting promotions, surveys, monitoring, collecting of information, and the like;
   • Contacting and notifying users
   • Prevention and handling of wrongdoing or potentially illegal behavior, or violations of the Company's Terms of Use, policies, and the like;
   • Creation and analysis of statistical data processed in a form that cannot identify individuals;
   • Mailing or delivering goods or prizes based on user's consent or request;
   • Sending notifications regarding the latest service releases, software updates, and future events;
   • Sending important notifications regarding the purchase of points, and notifications of changes of Terms of Use, Privacy Policy, or other service policies;
   • Monitoring and analysis of data to improve the Services and communications with users.
2. Personal information and information that cannot be used to identify an individual may be used independently or in combination with information collected from other users of the Services for the purposes permitted under this Privacy Policy and by law. This non-identifiable information may be considered part of your personal information if it can be combined with other identifiers to identify an individual.
3. The functions in the Services include the ability to connect to SNS (e.g. Facebook). When a user uses this feature or links their user account to SNS, the personal information or other information provided by the user to the SNS may be collected and used by the Company in accordance with this Privacy Policy. The user consents to the Company’s collection and use of the personal information set forth in this section. In addition, the Company's access to personal information or other information will be subject to the privacy settings (if any) set by the user in the SNS account. The Company may also use personal information or other information obtained from SNS to support the building of communications with other users.

3. Change of Purpose of Use

The Company may change the purposes of use of User Information to the extent reasonably recognized as relevant, and shall notify or disclose such changes to the individuals who are the subjects of the personal information (hereinafter, the “Individuals").

4. Limitation of Use of Personal Information

Absent the consent of Individuals, the Company shall not handle personal information beyond the extent necessary to achieve the purposes of use; provided, however, that the foregoing provision shall not apply in the following cases:

1. When necessary to protect the human life, body, or property, and it is difficult to obtain the Individual’s consent;
2. When particularly necessary to improve public health or promote healthy growth of children, and it is difficult to obtain the Individual’s consent;
3. When necessary to cooperate in the execution of affairs prescribed by laws and regulations by national authorities, local public entities, or entities delegated thereby, and obtaining consent from the Individual may hinder the execution of such matters; and,
4. When required under laws and regulations.

5. Proper Acquisition

The Company shall properly acquire User Information, and shall not acquire this information by deception or other improper means.

6. Security Management of Personal Information

The Company has implemented the following security management measures, and shall endeavor to engage in the proper handling of personal data from now into the future.

1. Establishment of Basic Policies:

In an effort to ensure the proper handling of personal data as an organization, the Company shall establish a personal information protection policy, make this thoroughly known to its officers, employees and others, and shall strive to ensure the proper protection of personal information.

2. Preparation of Rules Regarding Handling of Personal Data:

The Company shall establish regulations for handling personal data which prescribe the handling methods, responsible persons and persons in charge, and their duties and the like at various stages, such as acquisition, use, storage, provision, deletion and disposal.

3. Systemic Security Management Measures:

The Company shall appoint a person responsible for handling personal data, shall clarify the employees who handle personal data and the scope of handled personal data, and shall establish a reporting system to facilitate the reporting of facts or signs of violations of laws or handling procedures to the responsible person. In addition, the Company regularly conducts self-inspections and audits through its internal audit organization regarding the handling of personal data.

4. Human Security Management Measures:

The Company shall provide regular training and the like to employees regarding matters of care related to the handling of personal data, and shall prescribe matters related to confidentiality of personal data in its employment rules and other rules.

5. Physical Security Management Measures:

The Company shall control the entry and exit of employees to and restrict the carrying of devices and the like in areas where personal information is handled, , and shall take measures to prevent unauthorized viewing of personal information. In addition, the Company shall take measures to prevent theft or loss of the devices, electronic media, documents and the like that contain personal information, and shall take measures to prevent personal information from being easily identified when these devices, electronic media, and the like are transported, including movements within the premises.

6. Technical Security Management Measures:

Access restrictions shall be implemented to limit the persons in charge and the scope of personal information databases and the like handled thereby. In addition, the Company has introduced mechanisms to protect the information systems used in handling personal data from unauthorized access by external sources.

7. Understanding of External Environments:

When handling personal data on servers located in foreign countries, the Company shall constantly obtain the latest information on the personal information protection regulations of such countries and take security management measures in accordance with such regulations.

7. Provision to Third Parties

1. The Company may share or provide personal information to third parties in the following circumstances:
   1. After obtaining the consent of the Individual;
   2. When providing personal information to third parties (service delegatees and others) who owe a duty to control personal information equal to the duty under this Privacy Policy, with the delegation of the handling of personal information, in whole or in part, to the extent necessary to achieve the purpose of use (such as sales agents, advertising agents, consultants, third-party service providers (e.g. credit card processors, email service providers, software developers, user account authenticators, cloud storage providers, virtual currency service providers, management service providers, crowdsourcing service providers, and delivery companies) and others);
   3. When the provision of personal information accompanies a merger or r business succession for other reasons;
   4. When required to cooperate with the execution of affairs prescribed by laws and regulations by national authorities, local public entities or their delegatees, and obtaining the consent of the Individual may hinder the executing of such affairs; and,
   5. When permitted under the APPI or other laws and regulations (e.g., when necessary to protect human (including corporations) life, body, or property, or particularly necessary to improve public health or promote healthy growth of children, and it is otherwise difficult to obtain the Individual’s consent or the like.)
2. Notwithstanding the provisions of (1), except in those instances correspond to and of the respective items of Section 4, when the Company provides personal information to a third party (excluding an entity that has established a system the conforms with the standards designated by rules of the Personal Information Protection Commission pursuant to Article 28 of the APPI) located in a foreign country (excluding countries specified by rules of the Personal Information Protection Commission pursuant to Article 28 of the APPI), the Company shall obtain the Individual's consent permitting the provision of information to a third party in a foreign country, in advance.
3. When providing personal information to a third party, the Company shall create and retain records in accordance with Article 29 of the APPI.
4. When receiving personal information from a third party, the Company shall engage in the necessary confirmation and create and retain records of such confirmation in accordance with Article 30 of the APPI.
5. The Services may include specific tools. These tools may include tools from third-party service providers (hereinafter, "Third-party Service Providers"), and through the use of these tools, it may be possible for the Company or these Third-party Service Providers to analyze information about the user and other users, which may include your UDID, Media Access Control (MAC) address, International Mobile Equipment Identity (IMEI) number, iOS or Android version, specific device type, mobile service provider, IP address, and session start and end times. The Company and Third-party Service Providers may use the acquired information to detect the user's country and analyze the participation status of other users. The Third-party Service Providers are not permitted to use information other than in an anonymized and aggregated form, for purposes other than the provision of services, but may access personal information related to the Third-party Service Providers’ services.
6. In the event of a merger, acquisition by another company, sale of all or part of assets, bankruptcy, restructuring, liquidation, or similar events, the Company may transfer all information, including user's personal information, to the succeeding business entity.

8. Joint Use

The Company will jointly use personal information as follows:

1. Jointly used personal information:
   Information specified in Section 1.
2. Scope of joint users:
   Tsuburaya Productions Co., Ltd.
   Gamonster Inc.
3. Purpose of use by users:
   Same as the purposes of use specified in Section 2.
4. Name of the entity responsible for managing the above personal information:
   ventus Inc.

9. Disclosure of Held Personal Data

When the Company receives a request from an Individual seeking the disclosure of held personal data or records of provision to third parties pursuant to the provisions of the APPI, after confirming that the request is indeed from the Individual, the Company shall promptly disclose requested information to the Individual (if there is no such held personal data or records of provision to third parties, the Company shall notify the Individual thereof); provided, however, that the foregoing provision shall not apply if the Company is not obligated to provide disclosure under the APPI or other laws and regulations.

10. Correction of Held Personal Data

If the Company receives a request from an Individual for the correction, addition, or deletion (hereinafter, "Correction, etc.") of the contents of held personal data pursuant to the provisions of the APPI on the grounds that the personal data is untrue, after confirming that the request is indeed from the Individual, the Company shall promptly conduct the necessary investigation, to the extent necessary to achieve the purposes of use, and then make Correction, etc. based on the results of such investigations, and notify the Individual accordingly (the Company shall notify the Individual if a decision is made not to make Correction, etc.); provided, however, that the foregoing provision shall not apply if the Company is not obligated to make Correction, etc. under the APPI or other laws and regulations.

11. Suspension of Use of Held Personal Data

If the Company receives a request from an Individual for suspension of use or deletion (the "Suspension of Use, etc.") of held personal data held pursuant to the provisions of the APPI, on the grounds that the Individual’s personal data is being handled beyond the scope of the pre-announced purposes of use or has been acquired through fraudulent or other improper means, or receives a request for the suspension of provision (the "Suspension of Provision") pursuant to the provisions of the APPI, on the grounds that the personal data has been provided to a third party without the Individual's consent, if that request is found to be reasonable, after confirming that the request is indeed from the Individual the Company shall promptly engage in a Suspension of Use or Suspension of Provision for held personal data and notify the Individual accordingly; provided, however, that that the foregoing provision shall not apply if the Company is not obligated to engage in a Suspension of Use or Suspension of Provision under the APPI or other laws and regulations.

12. Public Information Related to Provision of Anonymized Information

1. When the Company produces anonymized information (information that personal information is processed in such a way that specific individuals cannot be identified and the anonymized information cannot be restored) in accordance with (2) of this section, the Company shall take security management measures to ensure that proper anonymized processing is carried out and that information that could lead to recovery is not divulged.
2. The anonymized information created and provided by the Company may include following items:
   • Age (year and month of birth);
   • Gender;
   • Residential area (to the city or district level);
   • Behavioral history; and,
   • Purchase history.
3. When providing the anonymized information to third parties, the Company shall indicate to the recipients that the information being provided is anonymized, and shall provide it through electronic communication means (such as by sending data files or uploading to servers) after ensuring an appropriate level of security.

13. Use of Cookies and Other Technologies

1. The Company uses cookies to ensure the proper functioning of the Services.
2. Cookies are information stored by browsers on the computers of users of the Services. The Company uses different types of cookies for different purposes.
   • Functional cookies: These cookies are necessary for the proper functioning of the Services, and include the cookies required for account creation.
   • Analytical cookies: These cookies are used to collect information about the user’s usage status of the Services (or part of the Services), which allows the Company to improve the Services so that they align with the user’s interests and priorities as much as possible. The Company uses the data obtained through these cookies only for the purpose of analyzing the usage status of the Services.
3. The Company uses third-party cookies only for the purpose of improving the quality and effectiveness of the Services.
4. Cookies are enabled by default. Users of the Services can configure their settings to disable cookies or to receive notifications when cookies are sent; provided, however, that the Services may not function properly if cookies are disabled.

15. Collection of Information on Minors, in Particular, Children under 16

Minors shall not provide any personal information to the Company without the consent of their legal and proper guardian. The Company may seek the consent of statutory agent, as necessary, with regard to the personal information of children under the age of 16. In addition, the Company shall handle the personal information of users who have not reached the age of majority in accordance with the laws and regulations of each corresponding country.

16. User Rights under GDPR

The following applies only to information collected and held by the Company to which the General Data Protection Regulation (GDPR) of the European Union (EU) applies. Users may have the following rights under the GDPR:

(1) Withdrawal of Consent:

If the processing of personal data is based on consent, a user is entitled to withdraw their consent regarding their personal data at any time.

(2) Information about Processing User Data:

In accordance with GDPR Articles 13 and 14, a user is entitled to obtain the necessary information from the Company in relation to the Company’s data processing activities.

(3) Access to Personal Data:

In accordance with GDPR Article 15, a user is entitled to confirm whether the Company holds and processes their personal data, and if so, to request the Company disclose such personal data and specific information.

(4) Correction or Deletion of Personal Data:

In accordance with GDPR Article 16, a user is entitled to request the immediate correction of inaccurate or incomplete personal data related to the user. In accordance with GDPR Article 17, a user is also entitled to request the Company immediately delete personal data related to the user.

(5) Restriction on the Processing of Personal Data:

In accordance with GDPR Article 18, a user may have the right to request the restriction of the processing of personal data.

(6) Objection to Processing of Personal Data:

In accordance with GDPR Article 21, a user may have the right to object to the holding and processing of the user's personal data, at any time, after clearly stating the reasons therefor. If the Company processes personal data for direct marketing purposes, objections raised by users must be accepted. If the Company processes personal data for other purposes, the Company shall stop processing personal data unless there is an urgent and valid reasons ((i) it takes precedence over the interests or rights and freedoms of the user, or (ii) it relates to the right to initiate or conduct litigation or it proves a claim.

(7) Request for Sending of Personal Data:

The user is entitled to request the sending of their personal data to themselves or a third party. The Company shall provide such personal data to the user or the third party designated by the user in a structured, generic and machine-readable format. Please note that this right only applies to those parts of the automatically processed information to which the data subject of the personal data has consented or to which the Company has performed a contract with the personal data subject in the past.

(8) Expenses for the Exercise of Rights:

The aforementioned rights can be exercised free of charge. Upon receipt of a request from a user, the Company shall provide information on the subsequent situation immediately, and in any case, within 1 month of the receipt of the request. This period may be further extended by 2 months depending on the complexity of the request and the frequency of requests. The Company shall notify the user regarding such an extension within 1 month of the receipt of the request. However, if a user's request is clearly unfounded or excessive, especially if the same request is repeated, the Company may charge the user a reasonable fee or choose not to respond to the user's request.

(9) Complaints:

In addition to the above rights, a user is entitled to lodge a complaint, at any time, with supervisory authorities (in particular the supervisory authority of the EU Member state where the user has a permanent residence, the place of work or the place where a GDPR violation is considered to have occurred); provided, however, that we encourage users to first contact us to address any concerns before contacting supervisory authorities to resolve the problem.

17. Possible Transmission of Information to Third Countries

It is possible that the Company may transfer the collected information regarding users (including personal information) to our partners or other third parties outside the user's country, in accordance with procedures under laws and regulations or this Privacy Policy. The laws regarding the collection and use of data in these locations may be less stringent or different from those in the user's country of residence. Please note that the destination country may not have the same data protection or privacy laws as the user's country of residence.

18. CCPA Related Notes

In accordance with California Civil Code 1798.83, a user residing in California is entitled to request certain information relating to the recent disclosure of personal information to third parties for direct marketing purposes (personal information as defined by law). If a user resides in California and has provided personal information to the Company within the last year, the user may make the above request by sending a message through the inquiry form below. Please state "California Privacy Rights" in the Inquiry Content.

https://form.run/@ultraman-digitalcard-collection-ec

19. Contact Information

Send any requests for disclosure or the like, opinions, questions complaints, or other inquiries regarding the handling of personal information to the following address:
ORICAL Operations Bureau, ventus Inc., 7th Floor, Kasuga-cho Building, 1-33-13 Hongo, Bunkyo-ku, Tokyo, Japan, Postal Code 113-0033.
We accept inquiries via contact forms or emails. We do not accept requests and the like made in person at our office.

20. Procedures for Changing the Privacy Policy

1. The Company reserves the right to change this Privacy Policy, at any time, and at its sole discretion, without prior notice to users.
2. When changes to this Privacy Policy are made, the Company shall notify users of the effective date and content of the revised Terms of Use and the like on its website or by other appropriate means.