Preamble
Dreams Inc. (hereinafter referred to as the Company) promises to respect users’ privacy and protect users’ personal information. The Handling of Users’ Private Information (hereinafter referred to as Privacy Policy) is to demonstrate how the Company manages users’ personal information and to notify users their rights on personal privacy.
<Table of Content>
1. Important Information and the Company
2. The Data We Collect
3. Methods of Obtaining Personal Data
4. Purpose of Using Personal Data
5. Disclosure of Users’ Personal Data
6. Cross-Border Data Transfer
7. Data Security
8. Data Retention Period
9. Users’ legitimate rights
10. Obtaining Camera Images, etc.
11. Glossary
1. Important information and the Company
Purpose of the Privacy Policy
The purpose of the Privacy Policy is to inform users how the Company collects users’ personal data in the course of using the Sonny Angel Application (hereinafter referred to as the “Application"), the Company’s website (including online stores) or the Company’s services, and how the Company uses and processes users’ data.
In addition, the Application is not aimed at children, nor is it intended to obtain data related to children. However, if children’s data is obtained, it will be treated according to the applicable laws and regulations.
In order to help users fully understand the reasons and methods of the Company's use of personal data, we suggest users read all notices that the Company may provide apart from the Privacy Policy under special circumstances. The Privacy Policy serves as a supplement to these notices and is not intended to invalidate these notices.
Management of users’ personal data
The Company is responsible for processing users’ data. In addition, the Company conveys the content of the Privacy Policy on behalf of DREAMS Group.
Regarding the Privacy Policy, if you have any queries or want to exercise your rights, please consult the following contacts.
Telephone : 03-5332-3955
Name of Legal Person : TORU SOEYA
Name of Company : Dreams Inc.
Inquiry : http://dreams6.com
Address : 4-2-28 Takadanobaba, Shinjuku-ku,Tokyo JAPAN
Regarding data protection, users have the right to make a complaint with the supervisory authority at any time, but before contacting the supervisory authority, please inform the Company of your concerns. To contact our company, you can send an e-mail using the e-mail address stated in the above contacts or send a written mail to the mailing address. The Company will appropriately respond to user’s complaints in accordance with applicable laws and regulations.
Change of the Private Policy
The Privacy Policy was last updated on September 1, 2020
The Company reserves the right to change the Privacy Policy at any time within the scope permitted by applicable laws. The Company will notify users the important changes of the Privacy Policy, through ways of posting on the Company’s website or other methods that the Company believes to be effective. The changed rules will take effect when they are notified to users by the method stipulated by the Company, or when they are published on the Company’s website.
In addition, users’ personal data held by the Company needs to be correct and up to date. If there is any change regarding your personal data, please contact the Company.
Third-party links
The Application, website and services of the Company may contain links to websites, plug-ins and applications of third parties. Third parties may obtain users’ data after users have clicked these links. The Company does not manage third-party websites and is not responsible for processing third-party's personal data. It is recommended that you read the privacy policy of the third party.
2. The Data We Collect
The Company can obtain, use, store and transfer various personal data related to users as listed below.
Identity data include name, username or identifier, date of birth, and gender.
Contact data include request address, mailing address, email address and phone number.
Transaction data include payment to or from users, as well as details of products and services purchased by users from the Company.
CV data include the user's contact information, address and phone number in the past.
Technical data include Internet protocol (IP) address, user account login data, browser type and version, time zone setting and region, browser plug-in type and version, OS, platform, the Application, and other technology required to log in to the Company’s website.
Account profile data include your username and password, user’s purchases or subscriptions, user’s interests, preferences, feedback and replies of questionnaires.
Usage data include information about how users use the Company's website, products and services.
Marketing and communication data include expectations of the Company on users receiving marketing information and ways of receiving them.
In the Privacy Policy, personal data or personal information refers to personal-related information which can be used to identify the user. It does not include anonymized data in accordance with applicable laws (anonymized data). At this point, the Company is acquiring and using statistical data such as demographic data. For example, in order to calculate the proportion of users accessing certain applications or website functions, the Company will collect users’ usage data if necessary. The basic data of statistical data may be extracted from the user's personal data, but the extracted data is usually direct or indirect. Since these data cannot be used to identify the user, it is non-personal information according to laws. However, when the statistical data and the user's personal data are merged or combined in a form that can directly or indirectly identify the user, the Company will treat the merged data as personal data and process it in accordance with the Privacy Policy.
The Company will not obtain special types of personal data of users (including your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, labor unions, health information, and details of genetic data and biological data), and users’ criminal verdicts or criminal information.
In accordance with applicable laws and regulations, the Company requires that the personal data provided by users must be correct and up to date. In addition, when providing non-user data (if any), users should make sure to obtain the consent of the data owner before submitting it to the Company.
Refusal to provide personal data
When the Company needs to obtain a user’s personal data according laws, or when personal data is needed in providing the Services to the user, the Company may not be able to provide him with products or services, if the user cannot provide his personal data. In this case, the Company may have to cancel the user's order; however, the Company will notify the user.
3. Methods of Obtaining Personal Data
The Company obtains users’ data through the following methods.
Direct methods of obtaining data. In the following cases, users will be required to enter their identity information, contact information, and financial data into the corresponding forms, or providing to the Company with these data by express delivery, telephone calls, and emails.
Applying for the Company's products or services
Creating an account on the Company website
Ordering the Company’s services or publications
Requesting to receive marketing information from the Company
Participating in contests, promotions or surveys
Providing feedback of the Company
Automation technology. When the user uses the Application, the company's website or the Company's services, the Company can automatically obtain technical data related to the user's device, reading behavior, and reading mode. The Company uses the same technologies such as Cookies and server logs to obtain the user’s personal data. In addition, when user visits other websites that use our Cookies, the Company may receive technical data related to that user.
Information sources available to third parties or public channels. The Company may obtain user-related personal data from various third parties as listed below.
Technical data from the following parties
(A) Analyzer (Google etc.)
(B) Search engine provider (Google etc.)
Contact data, financial data and transaction data from companies providing technology, payment and delivery services
Identity data and contact data from information sources available through public channels
4. Purpose of Using Personal Data
The Company mainly uses users’ personal data within the scope of law in the following situations.
To fulfill contractual obligations to users
For the legitimate interests of the Company (or a third party), and users’ interests and basic rights do not take precedence over the mentioned legitimate interests
To fulfill the obligations of the Company to comply with laws or administrative orders
In principle, the Company will not treat users’ consent of obtaining their personal data as the legal basis for using personal data, except for sending direct marketing information to users. Users are entitled to withdraw the consent of receiving marketing information directly from the Company at any time by contacting the Company.
The purpose and legal basis of the Company's use of users’ personal data (specific details)
The methods and legal basis for the use of users’ personal data are explained below. In the meantime, it clarifies what the Company’s legitimate interests are under the statutory requirements.
According to relevant laws, the acquisition, use, disclosure and processing of personal data for a certain purpose requires the explicit consent of the personal data owner. The Company will acquire, use, disclose and process users’ personal data after obtaining users’ explicit consent. However, within the scope permitted by relevant laws, according to the Privacy Policy, users’ providing the Company with their personal data is considered to have agreed that the Company will acquire, use, disclose and process these data for a certain purpose.
(i)Purpose/Activity
(ii)Types of data
(iii)Relevant legal basis regarding the treatment of data (including basis for legitimate interests)
(i)To register as a new user
(ii)(a)Identity information(b)Contact information
(i)To fulfill the contract with users
To process users’ orders and provide users with products/services, which include:
(a)Management of payment, fee and service fee(b) Withdrawal and refund of the money the Company should pay(c)Transaction information
(ii)(a)Identity information(b)Contact information(c)Transaction information
(iii)(a) To fulfill the contract with users(b)To take necessary actions for the Company’s legitimate interests
(In order to collect the Company’s account receivable)
(i)To manage the relationship between users and the Company, which includes:
(ii)(a)Notification on changes of the Company’s contract condition or Privacy Policy(b)Request for a censorship or delegation of answering a survey
(iii)(a)Identity information(b)Contact information(c)Brief introduction
(i)Marketing and communication data
(ii)(a)To fulfill the contract with users(b)To comply with the laws and obligations (c)To take necessary actions for the Company’s legitimate interests
(iii) To research on how users use the Company’s products/ services in order to keep the Company’s records up to date.
(i) To enable users to participate in a lucky draw or contest, or a survey
(ii)(a)Identity information(b)Contact information(c)Brief introduction(d)Methods of use(e)Marketing and communication data
(iii)To take necessary actions for the Company’s legitimate interests (research on how users use the Company’s products/ services, develop products/ services and expand the Company’s business)
(i)To manage and safeguard the Company’s business and its website (including troubleshooting, data analysis, testing, system maintenance, support, data reporting and placement)
(ii)(a)Identity information(b)Contact information(c)Technical information
(iii)(a)To fulfill the legitimate interests of the Company (for the Company's business operations, management and IT service provision, network security, fraud prevention, and implementation of business reorganization or group reorganization)(b)To comply with legal obligations
(i)Deliver the content and advertisements of relevant websites to users, and evaluate or understand the effectiveness of advertisements provided to users
(ii)(a)Identity information(b)Contact information(c)Brief introduction(d)Methods of use. Marketing and communication information(e)Technical information
(iii)To fulfill the legitimate interests of the Company (in order to study how users use the Company’s products/services, develop products/services, develop the company’s business, and deliver notifications of the Company’s marketing strategy)
(i)Use data analysis to improve the Company's website, products/services, marketing, relationship with users, and users’ capabilities
(ii)(a)Technical information(b)Methods of use
(iii)To fulfill the legitimate interests of the company (define user types for the Company’s products and services, keep the Company’s website up-to-date and appropriate, develop the Company’s business, and deliver the notifications of the Company’s marketing strategy )
(i) Suggest or recommend products or services that users may be interested in
(ii)(a)Identity information(b)Contact information(b)Technical information(d)Methods of use(e)Brief introduction
(iii)Things needed for the legitimate interests of the Company (for the development of the Company’s products/services and the development of the Company’s business)
Marketing
The Company focuses on marketing and promotional campaigns and makes an effort to providing users with certain choices related to the use of personal data. Furthermore, the Company will convey marketing campaigns and promotions of clothing, miscellaneous goods, household products, food, and other products sold by the Company and/or services provided by the Company.
In order to form the Company's unique ideas about the needs and interests of users, the Company may use data about users’ identity information, contact information, technical information, usage methods, and profile information. In this way, the Company will determine which products, services, and proposals are suitable for users (the Company defines the above-mentioned process as ‘Marketing’).
The user may request information or purchase products from the Company, or participate in a competition or register with any promotional activities. Under these circumstances, the user will receive information about market activities on condition that he does not opt out.
However, when the Company sends users advertisements and publicity of products or services, or voice mails or text messages for the purpose of make a quotation, the Company will set check boxes for users to obtain their permissions, in order to comply with applicable laws and regulations.
Third party marketing activities
Sometimes for the purpose of marketing, the Company may need to share users’ personal data with companies outside DREAMS Group. In addition, when sharing users’ personal data to companies in DREAMS group, the Company will obtain users' prior explicit consent in accordance with the relevant laws and regulations.
The Company will not sell, distribute or lend users' personal data to third parties, unless it has users’ permission or required by the laws.
Withdrawal
Users can request the Company to stop sending marketing activity information at any time through the following methods.
Through the exit link contained in the marketing activity information sent to the user, or
Contact the company (at any time)
In addition, users can also choose to join or quit through the notifications in users’ online accounts.
Cookies
You can reject all or part of the browser cookies or set your browser to remind you when you visit cookies or visit websites with cookies. Please note that if users disable or refuse cookies, some websites may not be accessible or function properly. For details of cookies used by the Company, please check the following.
Changes of purposes
In principle, the Company only uses cookies for the purpose of obtaining users’ personal data. However, this shall not apply when the Company believes that it is necessary to use personal data for other purpose within the scope of applicable laws and regulations, and that purpose is consistent with or directly related to the original purpose.
The Company may use cookies for purposes other than obtaining users' personal data. Please note that the Company may process users' personal data without their knowledge.
5. Disclosure of Users’ Personal Data
Provide to third parties
Except for the following situations, the Company will not provide users’ personal data to third parties without users’ consent.
When it is the requirement of laws or orders
When it is necessary to protect human life, body, or property, and it is difficult to obtain the consent of the person
When it is for the urgent purpose of improving public health or promoting health education for children, but difficult to obtain the consent of the person
When a state agency, local public organization, or an entrusted person needs assistance in the execution of the affairs stipulated by the law, while obtaining the consent of the person may cause obstacles to the execution of the affairs
Supervise the assignees
In the development, maintenance and other business of the system, the Company shall entrust all or part of the business of personal data processing to a third party, within the scope of the purpose of use. In this case, the Company will judge and select a third party that is considered to be able to handle personal information properly, based on security management capabilities of the corresponding third party. The Company will regulate relevant terms on security management, confidentiality, conditions of re-entrustment and other issues related to personal data processing in the entrustment contract, monitor the process of the third party’s processing personal data, and implement necessary and appropriate supervision.
Common use
For the purposes described in “Article 4: Purposes of Use of Personal Data", the Company will use the personal data provided by users together with other companies in the Group if necessary. The items and scopes for common use of data are listed as follows.
Items of personal data for common use
IP address
Purposes of common users
Responsible person in common use of personal data : Dreams Inc.
The Company requires third parties to respect the security of users' personal data and process the data in accordance with the law. The Company does not allow the Company's third-party service providers to use the users’ personal data for their own purposes, and only allows the processing of users’ personal data for specific purposes and in accordance with the Company's instructions.
6. Cross-Border Data Transfer
We may transfer your personal data outside of Japan. In the event that we transfer your personal data outside of Japan, we will implement the protective measures required by law to protect your personal data.
In addition, if required by the laws of the country from which the data is transferred, we will ensure that the foreign entity to which the personal data is transferred provides protection at least equivalent to the laws of the country from which the data is transferred.
In principle, we will store or handle your personal data in Japan. In the destination country, the transferred personal data may be subject to foreign laws that differ from the laws of your country, and the courts, government, enforcement agencies, regulatory bodies, and security authorities of the destination country may have access to your personal data without notice to you.
7. Data Security
The Company is taking appropriate measures to prevent users’ personal data from accidental loss, improper use, improper access, modification, or disclosure. In addition, the granting of access rights to users’ data is limited to the relevant persons deemed necessary by the Company. These persons can only process users’ personal data in accordance with the instructions of the Company, and they are the subject of the confidentiality obligation of users’ data.
8. Data Retention Period
The Company will store the users’ personal data for the period required to achieve the purpose of obtaining personal data, or for the period required to perform legal obligations. The Company usually keeps a user’s personal data for 2 years following the date when the user withdraws from the membership. Under certain circumstances, the Company will anonymize users in order to research or collect personal data (the personal data will become personally unidentifiable after the anonymization process). In this case, the Company may not give an additional notice to the user and may continue to use personal data without re-setting the above-mentioned retention period.
The Company will store or keep the obtained personal data in electromagnetic form by the Company or a third-party server contracted with the Company.
Under certain circumstances, the user can request the Company to delete his personal data in accordance with applicable laws. Please refer to the "Rights of Erasing Personal Data" below.
In accordance with applicable laws and regulations, the Company will promptly discard the corresponding personal information when the retention period has elapsed, or the Company has accomplished the purpose of data processing. When the retention period of the personal information with the user’s consent has elapsed, or even though the processing purpose has been achieved, the personal information must continue to be stored in accordance with other laws and regulations, the Company will transfer the personal information to another database (DB), or save the storage location to other database. The Company selects the personal information deemed to be disposed and discards the information after obtaining the approval of the Company's personal information protection officer. The Company shall delete personal information recorded and stored in electronic form and make sure it cannot be restored. The personal information recorded and stored in paper files shall be shredded with a shredder or incinerated before disposal.
9. Users' legitimate Rights
Under certain special circumstances, users have the right to process their personal data in accordance with laws related to personal information.
Users do not need to pay fees when accessing their personal data (or exercising other rights). However, if the user's request is unclear or not based on facts, or the user makes repeated or excessive requests, the Company can request 1,000 yen (including consumption tax) for each request. Under the mentioned circumstances, the Company can also reject the user's request subject to the applicable laws and regulations.
Information that may be required
Before responding to user's request, the Company may need to request specific information from the user in order to assist user’s identity verification. This method is part of the security measures taken by the Company, to prevent personal data from being disclosed by people who do not have the right to receive the information. Furthermore, additional information may be requested to speed up the response from the Company.
Time required for response
The Company will try its best to respond to all requests within one month upon the receipt of requests. Please note that if the request and question are complicated, or there are excessive requests and questions, it may take more than one month to give feedback. In this case, the Company will notify the user.
If the above-mentioned time period differs from that in applicable laws and regulations, the present regulation shall prevail.
10. Obtaining camera images, etc.
In order to improve product display and product placement, the Company will sometimes analyze camera images.
In this case, we will analyze the user's action recorded in the store.
The measure will make full use of the video information taken by the cameras in the store, study the appropriate layout, and enrich the types of products to prevent shortages on the shelves.
The Company does not retain the video recorded by the cameras in the store. The Company will extract data representing the characteristics of the user in real time and obtain the position of the user in the store and his actions in front of the shelves as coordinate value.
Based on the coordinate value, the Company shall analyze the user's movement in the store, the status of staying, and the products obtained from the shelves.
The data representing the characteristics is discarded when the coordinate values are obtained, and the data that presume the user's historical action does not contain personally identifiable information.
In addition, the data is only used by the Company/Group and will not be provided to other companies.
Data presumed to be acquired, processed, estimated, and analyzed from videos
11. Glossary
Legal basis
"Legitimate interests" refer to the Company's interests in operating and managing businesses in order to provide users with the highest quality services, products and the highest and safest experience. The Company shall discuss and compare the envisaged impact on users and their rights before processing users’ personal data for the Company’s legitimate interests. The Company will not use users’ personal data for the purpose of a specific activity when the impact on users exceeds the Company’s interests (except that there is a consent from users, or it is permitted by law). Regarding how the Company judges its legitimate interests over the potential impact on users in a special event, please contact us if you need more detailed information.
"Performance of contractual obligations" means that when the user performs the contractual obligations as a party or before the user signs the contract, the Company takes countermeasures at the user's request to perform the contractual obligations and perform necessary personal data processing.
“Compliance with laws and obligations" refers to the processing of personal data required by laws and obligations which the Company should abide by.
"Internal third party" refers to the person who acts as a manager or processor in other companies of Dreams Group and provides IT system management and services.
Cookie refers to a small text file sent from a web server to the browser of your computer or mobile device and saved on the hard drive of your computer or mobile device, when you visit certain websites.
Users’ rights
The user has the following rights regarding his personal data.
Access to personal data The user can request a copy of his personal data held by the Company to confirm whether the Company legally processes the data.
Amendment of personal data, etc. A user can request amendments, addition, or deletion of incomplete or incorrect data based on the personal data held by the Company. However, in this case, it may be necessary to confirm the authenticity of the new information provided by this user.
The suspension of the use of personal data, etc. (a) When the Company violates the restrictions on the purpose of using personal data, or (b) when the Company does not obtain the user's personal data correctly, the user may request the suspension of the use of personal data, or deletion of personal data. In addition, users can request a suspension of the Company’s providing their personal data to third parties, if the data is provided illegally.