This Privacy Policy (this “Policy”) is issued by Supertone, Inc. (“Supertone,” “Company,” “we,” “us,” or “our”) and is addressed to our general customers, visitors to our Sites, users of our Apps and other users of our services (together, “you”). In this Policy, the term “App” means any application made available by us (including where we make such applications available via third-party stores or marketplaces or by any other means), and the term “Site” means any website operated or maintained by us or on our behalf. However, services with their own privacy notice will adhere to their own privacy notice.
As this Policy may be amended or updated from time to time, we encourage you to regularly check this Policy to review any changes to the terms.
The definition of “personal information” used in this Policy is as follows:
The term “personal information,” as used in this Policy, shall mean personal information as defined under Article 2 of the Personal Information Protection Act; for the purposes of the General Data Protection Regulation 2016/679 (the “GDPR”) and the UK Data Protection Act 2018, “personal information” shall mean information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual; and, for the purposes of the California Consumer Privacy Act (the “CCPA”), “personal information” shall be read to also include information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
We process your personal information for the following purposes pursuant to applicable law:
To provide our Sites, Apps, products and services: Providing our Sites, Apps, products or services; creating an account; providing customer support on the use of services; identifying and preventing wrongful uses; providing functions for joining the and for activities; performing statistical analyses; providing promotional materials (upon request); and communicating with you in relation to our Sites, Apps or services, provision and operation of event services (confirming participants for events, providing and delivering prizes to winners, handling other complaints), and providing individually customized products.
To operate our business: Operating and managing our Sites, Apps and services; providing content to you; the identification of uses or other wrongful uses; communicating and interacting with you via our Sites, Apps or services; and notifying you of changes to any of our Sites, Apps or services.
To perform communications and marketing activities: Communicating with you via any means (including via email and app push alerts) to provide news items and other information in which you may be interested, subject to obtaining your prior opt-in consent to the extent required under applicable law; personalizing our Sites, products and services for you; maintaining and updating your contact information where appropriate; where applicable, enabling you to opt-out to withdraw your consent to or unsubscribe from emails sent by us, and recording your choice.
To manage IT systems: Managing and operating our communications, IT and security systems; and auditing (including security audits) and monitoring such systems.
To improve our Sites, Apps and services: Identifying issues related to our Sites, Apps or services; planning improvements to our Sites, Apps or services; and developing new Sites, Apps or services.
The personal information that we process about you is as follows:
Service Name | Process timing | Personal information processed | Period for retention and use |
---|---|---|---|
Common to All Services | Upon email subscription | Email address | Period stated in relevant laws and regulations or upon cancellation of subscription |
Upon requests for refunds | Email address, country, payment information (last 4 digits of credit card number, payment date and time, etc.) | Upon completion of refund process or for a period in accordance with relevant laws and regulations | |
Upon receipt of customer inquiry | Email address | 3 years after registration of inquiry in accordance with relevant laws and regulations | |
Upon log-in and using the service | Information automatically generated by cookie, service use history (date of access/log-in, IP address, fraudulent use/access, etc.), device information (unique device identifiers and OS version), logged-in country | Period stated in relevant laws and regulations. | |
Clear | At the time of product download | Email address | 1 year after the product download application |
Service Name | Process timing | Personal information processed | Period for retention and use |
---|---|---|---|
Supertone Shift | At the time of product download | Email address | Retention period according to relevant laws or upon withdrawal of subscription application |
Our service is not offered for minors under the age of 16. If we discover that we have collected the personal information of a minor, we will delete the information and cancel the user’s account. If you believe that we have collected information of a minor, please inform us via contact information in Article 13.
Except in the following cases, we do not provide third parties with your personal information, unless you consent thereto or the disclosure is otherwise expressly prescribed in applicable law.
In addition, in accordance with relevant laws and regulations, we may share personal information without your consent to the extent that such sharing is reasonably related to the purpose of the collection of such personal information. In the foregoing case, we will comprehensively consider factors such as whether the sharing is related to the original purpose of collection, whether the sharing is predictable in light of the circumstances under which the personal information was collected or under usual processing practices, whether the sharing unreasonably infringes upon your interests and whether security measures such as pseudonymization or encryption have been implemented.
When necessary for the purposes of service use, performing contractual obligations and improving member convenience, we entrust the processing of personal information to specialized service providers or utilize specialized platforms, within the scope disclosed in this Privacy Notice.
When signing the consignment contract to entrust the personal information processing, we include clauses stating the consignee’s responsibilities such as the prohibition of processing personal information for purposes other than entrusted tasks, technical/administrative measures, prohibition of reconsigning, managerial and supervision of consignee, and compensations for damages, and we supervise the consignees to handle the information safely.
We will immediately disclose when there is any change in the entrusted tasks or consignees via the Notice.
For the purposes of providing our services and enhancing users’ convenience, we may transfer and/or manage your personal information overseas as follows. The details on our international transfer of personal information are described below.
Recipient of personal information (Contact information of information officer) | Zendesk (privacy@zendesk.com) |
Country where the information is provided | 548 Market St, PMB 98174, San Francisco, CA 94104-5401, United States |
Date and method of provision | Transfer via network upon registration of 1:1 customer inquiry and email transmissions |
Purpose of provision | Handling of customer support |
Information provided | Email address |
Retention and Use Period | Upon contract termination or for 3 years after registration of inquiry in accordance with relevant laws and regulations |
Recipient of personal information (Contact information of information officer) | MailerLite (support@mailerlite.com) |
Country where the information is provided | 989 Market St, San Francisco, CA 94103, United States |
Date and method of provision | Transfer via network at the time of Subscribe application and Download application |
Purpose of provision | Handling of email transmissions |
Information provided | Email address |
Retention and Use Period | Subscribe: upon contract termination or subscription cancellation Download : upon contract termination or 1 year after the download application |
Recipient of personal information (Contact information of information officer) | Typeform(gdpr@typeform.com) |
Country where the information is provided | US East(Virginia) |
Date and method of provision | Transfer via network at the time of survey response |
Purpose of provision | Improvement of service quality and collection of service-related inquiries |
Information provided | Email address, contents of the survey response |
Retention and Use Period | Until the end of the contract or as per relevant legal regulations |
If we collect any personal information from you, we comply with our internal policy to use and retain such personal information for the period during which you use our services.
In addition, if we need to preserve personal information in accordance with the provisions of applicable law or our internal policies, we will retain relevant personal information for a specified period as follows:
Once the purposes of collection and use of your personal information are achieved, we destroy your personal information in accordance with our internal policies and other applicable laws. However, personal information collected with your consent or stored in the form of electronic files will be deleted using technical means that make the records unreproducible, and personal information printed on paper such as filings or printed materials will be shredded or incinerated.
Subject to applicable law, you may have the following rights relating to your personal information managed by us. You may exercise your rights at any time, by contacting the data protection officer via the contact information provided in Article 13 (Data Protection Officer).
When handling personal information, we take appropriate measures to keep the information safe and prevent from loss, theft, leakage, falsification, or damage, and we take technical measures as follows:
We fully acknowledge the importance of your personal information, and accordingly, we have a reasonably limited number of employees handling personal information. The personnel in charge of protecting personal information conducts periodical education for the employees, putting the utmost effort to protect personal information. Also, we periodically check the compliance status of commitments stated in the policy and relevant employees, and when we detect any violation, we immediately correct and improve the issue and take necessary measures.
We use cookies to store and discover information about members. Cookies are strings of small amounts of text transmitted by the website server to users’ computer browsers (e.g., Internet Explorer, Safari, Chrome, Firefox). Cookies identify each member’s computer, but do not identify individual members.
We use Google Analytics (Terms of Service) and API provided by Google (Privacy Policy), for providing services and statistics analyses. For further details, please see our Cookie Policy.
By adjusting the settings on their web browser, members may accept all cookies, receive notifications whenever cookies are installed, or refuse all cookies. However, if you refuse cookies, you may not be able to use certain functions of the service that require login.
You can set whether to permit cookies (on Internet Explorer) as follows:
In accordance with Article 15(3) and Article 17(4) of the Personal Information Act of South Korea, we may additionally use or provide your personal information without your consent, in consideration of Article 14-2 of the Enforcement Decree of the Personal Information Protection Act of South Korea.
Personal information to be provided | Purpose of provision | Period for retention and use |
---|---|---|
Automatically generated information (internal identification key, device information, etc.), service use records (date and time of visit, IP address, incorrect use records, etc.), device information (unique device identification value, OS version), country accessed from | Statistics and sales analysis on service use | Period specified in the relevant laws and regulations |
Accordingly, we have considered the below items for additional use and provision of information without the user’s consent.
In order to protect users’ personal information and handle complaints related to personal information, we have designated our Data Protection Officer as follows. Users may report all complaints related to personal information protection arising in the course of using our services to the Data Protection Officer, and we will provide prompt and sufficient responses to such reports.
We operate a customer services center for smooth communication and resolution of any comments and/or complaints presented by our users in connection with personal information protection. If you are a user in Korea, in the event of a dispute arising between us and you in connection with personal information protection, for which you require help regarding potential infringement upon your information, you can contact the Personal Information Infringement Report Center of the Korea Internet & Security Agency, the Cyber Bureau of the National Police Agency, or other relevant agencies.
Korea Internet & Security Agency | https://privacy.kisa.or.kr | 118 |
Personal Information Dispute Mediation Committee | https://www.kopico.go.kr | 1833-6972 |
Cybercrime Investigation Division of Supreme Prosecutors’ Office | https://www.spo.go.kr | 1303 |
Cyber Bureau of National Police Agency | https://cyber.go.kr | 182 |
This Privacy Policy will take into effect from March 27th, 2024 (KST). Please refer to the link below to see the previous version of Privacy Policy.
Link to previous personal information processing policy
The following are supplementary clauses applicable depending on your location or nationality. In the event of conflict between the following and the main text of this Privacy Notice, the following shall prevail.
For the purposes of this section, the term “personal information” used in the General Content of this Policy shall be replaced with the term “personal data” – the term shall have the same meaning as set out in Article 1
Article 1 of the General Content above shall be supplemented with the following text as a new final paragraph:
For the purposes of the GDPR and the UK Data Protection Act 2018, Supertone, Inc. is the entity (or “controller”) that decides how and why your personal data are processed and has primary responsibility for complying with applicable data protection laws.
Article 2 of the General Content above shall be replaced with the following:
Article 2 Purposes and Legal Bases for Processing of Personal Data
The purposes of processing of your personal data and the legal bases on which we rely under applicable laws are as follows:
Processing activity | Legal basis for processing |
---|---|
To provide our Sites, Apps, products and services: Providing our Sites, Apps, products or services; creating an account; providing customer support on the use of services; identifying and preventing wrongful uses; providing functions for joining the game community and for community activities; performing statistical analyses; providing promotional materials (upon request); and communicating with users in relation to our Sites, Apps or services; and providing and operating event services (confirming participants for events, providing and delivering prizes to winners, handling other complaints). | · The processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us; or · We have a legitimate interest in carrying out the processing for the purpose of providing you with our Sites, Apps or services (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or · We have obtained your prior consent to the processing (the aforementioned legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way). |
To operate our business: Operating and managing our Sites, Apps and services; providing you with content; authenticating users for the sales/delivery of products and the identification and prevention of other wrongful uses; communicating and interacting with you via our Sites, Apps or services; and notifying you of changes to any of our Sites, Apps or services. | · The processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us; or · We have a legitimate interest in carrying out the processing for the purpose of providing you with our Sites, Apps or services (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or · We have obtained your prior consent to the processing (the aforementioned legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way). |
To perform communications and marketing activities: Communicating with you via any means (including via email and app push alerts) to provide news items and other information in which you may be interested, subject to obtaining your prior opt-in consent to the extent required under applicable law; personalizing our Sites, products and services for you; maintaining and updating your contact information where appropriate; where applicable, enabling you to opt-out to withdraw your consent to or unsubscribe from emails sent by us, and recording your choice. | · The processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us; or · We have a legitimate interest in carrying out the processing for the purpose of contacting you, subject always to compliance with applicable law (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or · We have obtained your prior consent to the processing (the aforementioned legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way). |
To manage IT systems: Managing and operating our communications, IT and security systems; and auditing (including security audits) and monitoring such systems. | · The processing is necessary for our compliance with a legal obligation; or · We have a legitimate interest in carrying out the processing for the purpose of managing and maintaining our communications and IT systems (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms). |
To improve our Sites, Apps and services: Identifying issues related to our Sites, Apps or services; planning improvements to our Sites, Apps or services; and developing new Sites, Apps or services. | · We have a legitimate interest in carrying out the processing for the purpose of improving our Sites, Apps or services (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or · We have obtained your prior consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way). |
We process personal data to contact you via email, telephone, direct mail or other communication formats to provide you with information regarding Sites, Apps or services that may be of interest to you. We also process personal data for the purposes of displaying content tailored to your use of our Sites, Apps or services. If we provide Sites, Apps or services to you, we may send or display information to you regarding our Sites, Apps or services, upcoming promotions and other information that may be of interest to you, including by using the contact details that you have provided to us, or any other appropriate means, subject always to obtaining your prior opt-in consent, to the extent required under applicable law.
You may unsubscribe from our promotional email list at any time by simply clicking on the unsubscribe link included in every promotional electronic communication we send or by clicking on the unsubscribe button at the bottom of the subscription email. Please note that it may take up to 2 weeks to process your unsubscribe request, during which time you may continue to receive communications from us. After you unsubscribe, we will not send you further promotional emails, but in some circumstances we will continue to contact you to the extent necessary for the purposes of any Sites, Apps or services you have requested.
The final paragraph of Article 4 of the General Content above shall be replaced with the following:
Article 4 Disclosure of Personal Data to Third Parties
We disclose personal data to other entities, for legitimate business purposes and the operation of our Sites, Apps or services to you, in accordance with applicable law. In addition, we disclose personal data to:
If we engage a third-party processor to process your personal data, the processor will be subject to binding contractual obligations to:
(i) only process the personal data in accordance with our prior written instructions; and
(ii) use measures to protect the confidentiality and security of the personal data; together with any additional requirements under applicable law.
Please see Article 5 for more information on the third-party processors.
Article 6 of the General Content above shall be replaced with the following:
Article 6 International Transfer of Personal Data
Because of the international nature of our business, we transfer personal data within the HYBE group, and to third parties, as discussed further in Article 6, in connection with the purposes set out in this Policy. For this reason, we transfer personal data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located, including Korea, Japan, and the United States.
If an exemption or derogation applies (e.g., where a transfer is necessary to establish, exercise or defend a legal claim) we may rely on that exemption or derogation, as appropriate. Where no exemption or derogation applies, and we transfer your personal data from the EEA or UK to recipients located outside the EEA or UK who are not in jurisdictions formally designated by the European Commission or UK Government as providing an adequate level of protection for personal data, we do so on the basis of template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission, or adopted by the UK Government (as appropriate). You are entitled to request a copy of these clauses using the contact details provided in Section Article 13 below.
Please note that when you transfer any personal data directly to any HYBE entity established outside the EEA or UK, we are not responsible for that transfer of your personal data. We will nevertheless process your personal data, from the point at which we receive those data, in accordance with the provisions of this Policy.
Article 8 of the General Content above shall be replaced with the following:
Article 8 Procedures and Methods of Destroying Personal Data
We destroy your personal information in accordance with our internal policies and other applicable laws.
The following shall supplement Article 9:
Article 9 Your Legal Rights
In addition to the above rights, you remain entitled to all other statutory rights.
You may also have the following additional rights regarding the processing of your personal information:
Article 11 of the General Content above shall be replaced with the following:
Article 11 Cookies and Similar Technologies
When you visit a Site or use an App, we will typically place cookies onto your device or read cookies already on your device, subject always to obtaining your prior consent, where required, in accordance with applicable law. For further details, please see our Cookie Policy.
Article 13 of the General Content above shall be replaced with the following:
Article 13 Contact Information
You may contact our DPO [privacy@supertone.ai] if you wish to exercise your rights in connection with this Policy or your personal data.
Article 14 of the General Content above shall not apply.
Article 7 of the General Content above shall be replaced with the following:
Article 7 Data Retention Period
We take every reasonable step to ensure that your personal information is only processed for the minimum period necessary for the purposes set out in this Policy. We will retain your personal information in a form that permits identification only for as long as:
(1) we maintain an ongoing relationship with you; or
(2) your personal information is necessary in connection with the lawful purposes set out in this Policy, for which we have a valid legal basis.
Article 9 of the General Content shall be replaced with the following:
Article 9 California Consumer Privacy Act Disclosures
Under the California Consumer Privacy Act (“CCPA”), we must disclose our practices regarding the collection, use, and disclosure of the personal information of California residents (“Consumers”).
We have collected and will collect the following general categories of personal information about Consumers:
We may use the categories of personal information described above for the following business or commercial purposes:
We collect or obtain personal information of Consumers from the following sources:
We do not sell any personal information to third parties. In particular, we do not sell the personal information of minors under 16 years of age. In the preceding 12 months, we have disclosed the following categories of personal information to the following categories of recipients:
Categories of recipients | Categories of personal information |
---|---|
Vendors who may need access to Consumers’ personal information to help us provide our services. |
|
Entities who provide us with email address management and communication contact services, and those who analyze and enhance our marketing campaigns and service. |
|
Entities that provide assistance to us. |
|
Article 11 of the General Content above shall be replaced with the following:
Article 14 California’s “Shine the Light” Law
Under California’s “Shine the Light” law, California residents are entitled to ask us for a notice describing what categories of personal customer information we share with third parties or our affiliates in connection with direct marketing performed by such third parties or our affiliates. The aforementioned notice will identify the categories of information we shared with third parties and our affiliates, and will include a list of names and addresses of such data recipients. If you are a California resident and would like a copy of this Policy, please submit a written request to the following email address:
Article 13 of the General Content above shall be replaced with the following:
Article 13 Consumer Rights under the CCPA
If you are a Consumer, the CCPA grants you the following rights regarding your personal information. If you make a certain request to us in order to exercise, or cause an authorized representative you appointed to exercise on your behalf, your rights to know and delete set forth in the CCPA, we will generally require you to provide us with certain personal information for the purpose of identifying you in the course of handling your request and compare such personal information against the personal information we have collected about you to verify your identity (“verifiable consumer request”).
Verifiable consumer requests to know or delete may be submitted through one of the following methods:
Consumers have the right to submit a verifiable consumer request that we disclose the following personal information we collected about you over the 12-month period preceding the verifiable consumer request, in a readily useable format:
Consumers have the right to request that we delete any personal information we have collected from them.
Consumers have the right to be free from discrimination when they exercise their rights under the CCPA and, should you exercise those rights, we cannot:
We offer consumers who provide personal identifiers, including their name, home address, and email address, and commercial information, including their purchase history and access to events. As participants in these programs, consumers will have the opportunity to win prizes. Consumers may opt-in to our community events by signing up on our website. Consumers may cancel their participation in these events at any time.
Under the CCPA, you may appoint an authorized agent to submit requests to exercise your rights on your behalf. Should you choose to do so, for your and our protection, we will require your authorized agent to provide us with a signed permission demonstrating they are authorized to submit a request on your behalf. We note, should your authorized agent fail to submit proof that they have been authorized to act on your behalf, we will deny their request.
Article 14 of the General Content above shall not apply.
According to the purpose of the Article, the “relevant laws” and “relevant Korean laws” stated in this Policy shall be replaced with the Act on the Protection of Personal Information (Act No. 57 of 2003) and relevant Japanese laws.
The terms used in Article 2 of the General Content above shall be replaced with the following:
The description of this Policy shall be replaced with the following: “We process your personal information for the following purposes pursuant to applicable law.”
Article 4 (Provision of Personal Information to Third Parties), Article 5 (Entrustment of Personal Information), and Article 6 (International Transfer of Personal Information) of the General Content above shall be replaced with the following:
Except in the following cases, we do not provide third parties with your personal information, unless you consent thereto or the disclosure is otherwise expressly prescribed in applicable law.
Details About Providing Personal Information To Third Parties
Details About International Transfer of Personal Information
Recipient of personal information (Contact information of information officer) | Zendesk (privacy@zendesk.com) |
Country where the information is provided | 548 Market St, PMB 98174, San Francisco, CA 94104-5401, United States |
Date and method of provision | Transfer via network upon registration of 1:1 customer inquiry and email transmissions |
Purpose of provision | Handling of customer support |
Information provided | Email address |
Retention and Use Period | Upon contract termination or for 3 years after registration of inquiry in accordance with relevant laws and regulations |
Recipient of personal information (Contact information of information officer) | MailerLite (support@mailerlite.com) |
Country where the information is provided | 989 Market St, San Francisco, CA 94103, United States |
Date and method of provision | Transfer via network at the time of Subscribe application and Download application |
Purpose of provision | Handling of email transmissions |
Information provided | Email address |
Retention and Use Period | Subscribe: upon contract termination or subscription cancellation Download : upon contract termination or 1 year after the download application |
Recipient of personal information (Contact information of information officer) | Typeform(gdpr@typeform.com) |
Country where the information is provided | US East(Virginia) |
Date and method of provision | Transfer via network at the time of survey response |
Purpose of provision | Improvement of service quality and collection of service-related inquiries |
Information provided | Email address, contents of the survey response |
Retention and Use Period | Until the end of the contract or as per relevant legal regulations |
The companies listed below and included in the above details about third parties provided with personal information are part of the company’s group. The types of jointly used personal information; the bounds of jointly using parties; the purpose of using; and the names of the companies and their representatives with responsibilities of managing personal information are listed below.
Companies included in the group (jointly using parties): HYBE Corp., HYBE IM, BIGHIT MUSIC Co., Ltd., PLEDIS Entertainment Co., Ltd., BELIFT LAB Co., Ltd., KOZ Entertainment Co., Ltd., Source Music Co., Ltd., ADOR Co., Ltd., Weverse Company Inc., Weverse Japan Inc., HYBE Japan Inc., HYBE Labels JAPAN, NAECO, HYBE America, Inc., Weverse America Inc.
Supertone, Inc. (hereinafter “the company”) provides various services to its customers, and in the process, the company comes across many occasions in which the user’s personal information needs to be provided to companies located outside the country or region of the user’s residence, with the user’s consent. The company’s Privacy Policy describes that the company may provide the user’s personal information to companies outside the country.
This page describes the details of the company’s provision of user’s personal information to companies outside the country or region of the user’s residence, using the privacy regulations of other countries as reference.
The privacy regulations of various countries have been examined according to the below standards.
This is an indication of whether the country has established data protection and privacy regulations, including a comprehensive regulation.
The following types of information are used as references for the standards of each country’s privacy regulations.
It will be indicated if the privacy regulations of the corresponding country/region is equivalent to those of Japan.
It will be indicated if the EU adequacy decision has been adopted in the corresponding country/region. EU adequacy decision refers to the European Commission’s decision that indicates the corresponding country/region has secured an adequate level of data protection. If a country has adopted the EU adequacy decision, we can expect the same level of protection of personal information in the country/region as in Japan.
It will be indicated if the corresponding country/region is a participating country of the APEC CBPR system.
When the corresponding country/region is a participating country of the APEC CBPR system, we can expect the same level of protection of personal information in the country/region as in Japan, as it signifies that the laws of the corresponding country/region would be enforced in compliance with the APEC privacy framework and an enforcement office.
It will be indicated, as necessary, if the privacy regulation of the corresponding country/region includes rules that meet OECD’s Eight Principles.
OECD’s Eight Principles provides the basic principles to be referenced in performing international efforts for personal information protection, and they are considered to be the substantial global standards for each country’s establishment of the personal information protection system.
In this page, it will be indicated if the data privacy regulation of the corresponding country/region includes rules corresponding to OECD’s Eight Principles, according to the following legends for each of OECD’s Eight Principles.
Legends: ○ Rules are included in the comprehensive system; ∆ Certain rules are included in the comprehensive system/Rules are included in individual systems; — No rules could be found
OECD’s Eight Principles are as indicated in (1) to (8) below.
1. Collection Limitation Principle
Personal data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
2. Data Quality Principle
Personal data should be relevant to the purposes for which they are to be used, and should be accurate, complete and kept up-to-date
3. Purpose Specification Principle
The purposes for which personal data are collected should be specified, and the subsequent use limited to the fulfillment of those purposes.
4. Use Limitation Principle
Personal data should not be used for purposes other than those specified except with the consent of the data subject or by the authority of law.
5. Security Safeguards Principle
Personal data should be protected by reasonable security safeguards against such risks as loss, destruction, use, modification or disclosure of data.
6. Openness Principle
There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence of personal data, and the purposes of their use, as well as the data controller.
7. Individual Participation Principle
An individual should have the right to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him, and to challenge data relating to him.
8. Accountability Principle
A data controller should be accountable for complying with measures which give effect to the principles stated above.
Information on whether there is a system that may significantly affect the rights and interests of individuals pursuant to the transfer of personal data to the corresponding country/region in comparison to Japan’s data privacy regulation is indicated.
Specifically, the following information which may significantly affect the rights and interests of individuals in the system of the corresponding country/region is indicated; namely, (1) existence of rules which directly obligate the recipient of personal information, which was collected within the corresponding country/region, to retain such personal information within the corresponding country/region, or obligates the recipient of personal information to substantially retain such personal information within the corresponding country/region by imposing restrictions on carrying such personal information outside the corresponding country/region (system related to data localization), and (2) existence of rules which allow the government to access the personal data retained by private businesses or obligate private businesses to provide personal data to the government under laws for the purpose of enforcement of criminal laws and/or national security safeguards (system related to government access).
Please note that the information may not be the latest at present, as each country periodically updates the information related to the data privacy regulation. Please review the information on the data privacy regulations of foreign countries provided by the Personal Information Protection Commission of Japan. (Source: Personal Information Protection Commission of Japan, https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/)
The company has entrusted specialized companies and platforms with the tasks of processing personal information within reasonable scopes, in order to achieve the purposes of providing service and fulfilling contracts, and improving the convenience of customers.
Details About Providing Personal Information To Third Parties
Details About International Transfer of Personal Information
Recipient of personal information (Contact information of information officer) | Zendesk (privacy@zendesk.com) |
Country where the information is provided | 548 Market St, PMB 98174, San Francisco, CA 94104-5401, United States |
Date and method of provision | Transfer via network upon registration of 1:1 customer inquiry and email transmissions |
Purpose of provision | Handling of customer support |
Information provided | Email address |
Retention and Use Period | Upon contract termination or for 3 years after registration of inquiry in accordance with relevant laws and regulations |
Recipient of personal information (Contact information of information officer) | MailerLite (support@mailerlite.com) |
Country where the information is provided | 989 Market St, San Francisco, CA 94103, United States |
Date and method of provision | Transfer via network at the time of Subscribe application and Download application |
Purpose of provision | Handling of email transmissions |
Information provided | Email address |
Retention and Use Period | Subscribe: upon contract termination or subscription cancellation Download : upon contract termination or 1 year after the download application |
Recipient of personal information (Contact information of information officer) | Typeform(gdpr@typeform.com) |
Country where the information is provided | US East(Virginia) |
Date and method of provision | Transfer via network at the time of survey response |
Purpose of provision | Improvement of service quality and collection of service-related inquiries |
Information provided | Email address, contents of the survey response |
Retention and Use Period | Until the end of the contract or as per relevant legal regulations |
When signing a contract with entrusted companies, important issues are addressed including prohibition of processing personal information for purposes other than entrusted purposes; technical and managerial measures to protect information; prohibition of re-entrustment; management and supervision of entrusted companies; and indemnification for possible damages. The company supervises the entrusted companies to ensure they handle the information safely.
If there are any changes in the entrusted tasks or list of entrusted companies, we will make sure to notify by sharing the revised Privacy Policy.
Personal Information Protection Systems of Countries Receiving Information
Supertone, Inc. (hereinafter “the company”) provides various services to its customers, and in the process, the company comes across many occasions in which the user’s personal information needs to be provided to companies located outside the country or region of the user’s residence, with the user’s consent. The company’s Privacy Policy describes that the company may provide the user’s personal information to companies outside the country.
This page describes the details of the company’s provision of user’s personal information to companies outside the country or region of the user’s residence, using the privacy regulations of other countries as reference.
The privacy regulations of various countries have been examined according to the below standards.
This is an indication of whether the country has established data protection and privacy regulations, including a comprehensive regulation.
The following types of information are used as references for the standards of each country’s privacy regulations.
It will be indicated if the privacy regulations of the corresponding country/region is equivalent to those of Japan.
It will be indicated if the EU adequacy decision has been adopted in the corresponding country/region. EU adequacy decision refers to the European Commission’s decision that indicates the corresponding country/region has secured an adequate level of data protection. If a country has adopted the EU adequacy decision, we can expect the same level of protection of personal information in the country/region as in Japan.
It will be indicated if the corresponding country/region is a participating country of the APEC CBPR system.
When the corresponding country/region is a participating country of the APEC CBPR system, we can expect the same level of protection of personal information in the country/region as in Japan, as it signifies that the laws of the corresponding country/region would be enforced in compliance with the APEC privacy framework and an enforcement office.
It will be indicated, as necessary, if the privacy regulation of the corresponding country/region includes rules that meet OECD’s Eight Principles.
OECD’s Eight Principles provides the basic principles to be referenced in performing international efforts for personal information protection, and they are considered to be the substantial global standards for each country’s establishment of the personal information protection system.
In this page, it will be indicated if the data privacy regulation of the corresponding country/region includes rules corresponding to OECD’s Eight Principles, according to the following legends for each of OECD’s Eight Principles.
Legends: ○ Rules are included in the comprehensive system; ∆ Certain rules are included in the comprehensive system/Rules are included in individual systems; — No rules could be found
OECD’s Eight Principles are as indicated in (1) to (8) below.
1. Collection Limitation Principle
Personal data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
2. Data Quality Principle
Personal data should be relevant to the purposes for which they are to be used, and should be accurate, complete and kept up-to-date
3. Purpose Specification Principle
The purposes for which personal data are collected should be specified, and the subsequent use limited to the fulfillment of those purposes.
4. Use Limitation Principle
Personal data should not be used for purposes other than those specified except with the consent of the data subject or by the authority of law.
5. Security Safeguards Principle
Personal data should be protected by reasonable security safeguards against such risks as loss, destruction, use, modification or disclosure of data.
6. Openness Principle
There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence of personal data, and the purposes of their use, as well as the data controller.
7. Individual Participation Principle
An individual should have the right to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him, and to challenge data relating to him.
8. Accountability Principle
A data controller should be accountable for complying with measures which give effect to the principles stated above.
Information on whether there is a system that may significantly affect the rights and interests of individuals pursuant to the transfer of personal data to the corresponding country/region in comparison to Japan’s data privacy regulation is indicated.
Specifically, the following information which may significantly affect the rights and interests of individuals in the system of the corresponding country/region is indicated; namely, (1) existence of rules which directly obligate the recipient of personal information, which was collected within the corresponding country/region, to retain such personal information within the corresponding country/region, or obligates the recipient of personal information to substantially retain such personal information within the corresponding country/region by imposing restrictions on carrying such personal information outside the corresponding country/region (system related to data localization), and (2) existence of rules which allow the government to access the personal data retained by private businesses or obligate private businesses to provide personal data to the government under laws for the purpose of enforcement of criminal laws and/or national security safeguards (system related to government access).
Please note that the information may not be the latest at present, as each country periodically updates the information related to the data privacy regulation. Please review the information on the data privacy regulations of foreign countries provided by the Personal Information Protection Commission of Japan. (Source: Personal Information Protection Commission of Japan, https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/)
Article 12 of the General Content above is inapplicable.
The following shall be added to Article 13 of the General Content above.
Article 14 of the General Content above is inapplicable.
Please allow Supertone to collect cookies for a smooth experience! More