LAST UPDATED: February 1st, 2022
] whether accessed via computer, mobile device or other technology (collectively, the “Online Service”). It also describes your data protection rights, including your right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in Section 8 below.
SUMMARY OF KEY POINTS
• We use the Collected Data (defined below) to provide you with features and functions of the Online Service, and to provide you with other requested content related to our services and other offerings. Please read “Section 1. What data do we collect when you use the Online Service” and “Section 2. How we use the Collected Data” to learn more about this.
• Depending on where you are located, you have certain rights, including a right to object to some of the processing which we carry out. Please read “Section 8. Privacy Rights” to learn more about this.
• We disclose the Collected Data when we engage a third party to process data on our behalf, when such sharing is required by law or in certain other situations. Please read “Section 3. Who else has access to the Collected Data?” to learn more about this.
• Depending on where you are located, the Collected Data may be transferred out of your home country/region to the United States, Japan, and other jurisdictions that may not provide the same level of data protection as your home country/region. Please read “Section 5. International Transfer of the Collected Data and Consent for Processing” to learn more about this.
1. What data do we collect when you use the Online Service
Information you provide to us:
In order to use the Online Service, you will need to have any of our eligible accounts, including Official Fan Club Accounts, or to sign in with any other accounts of the content distributor that is supported for authentication with single sign-on to the Online Service ("External Account"). If you do not have Official Fan Club Accounts, you are recommended to create a new account for the Online Service. When you newly create and register for an account, we collect the following information:
(a) Mandatory Information: Your credential information (e.g., first and last name, email address, postal code, address, telephone or mobile phone number, password, date of birth (excluding year of birth)); and
(b) Optional Information: Nickname, Your demographic information (e.g., gender)
If you sign in the Online Service with the External Account, in general, we will receive only the name of your account and tokens as a result of sign-in authentication from external contents distributor.
Please note that the information we collect from and through the content distributor may depend on the privacy settings you have set with that distributor and the permissions you grant to us in connection with linking the Online Service. We do not share any Collected Data with that distributor. The personal information that content distributor has about you is obtained by them independent of our service and we are not responsible for it.
When you wish to purchase our service and related contents on the Online Service, we collect your payment information that you provide to us as follows:
(a) Mandatory Information: Payment card number, CVC code and expiration date.
User Generated Content:
When you use the Online Service, we collect any content that you choose to post there, including any chat messages, photos, video and audio that you may choose to post. If you provide us with photos or videos, such images may include metadata which can indicate information about the images, including but not limited to, where and when the image was taken.
Information we collect automatically:
In addition to any information that you choose to provide to the Online Service, whenever you visit or interact with the Online Service, we, as well as any third-party analytics providers or other service providers, may use a variety of technologies that automatically or passively collect information about how the Online Service is accessed and used ("Usage Information"). "Usage Information may include, without limitation, browser type, operating system, the page served, time on the Online Service, and the preceding page views. Usage Information is treated as personal information where required by law.
We may also automatically collect your IP address or other unique identifiers ("Device Identifiers") for the computer, mobile device, technology or other device (collectively, "Devices") you use to access the Online Service. A Device Identifier is a number that is automatically assigned to your Device when you access a property or its servers, and our computers identify your Device by its Device Identifier. Some mobile service providers may also provide us or our third-party service providers with information regarding the physical location of the Device used to access the Online Service.
The technologies used on the Online Service to collect Usage Information, including Device Identifiers, include:
• Cookies: "Cookies" (which may be html files, Flash files or other technology) are small text files that help store user preferences and activity. A Cookie is placed on a Device when that Device is used to access or visit the Online Service. Cookies may be used for many purposes, such as remembering you and your preferences, tracking your visits to the Online Service and customizing your experience on the Online Service. You may configure your browser or Device to block the use of certain cookies. However, please note that if you choose to disable cookies on your Device, some features of the Online Service and our online offerings may not function properly.
• Web Beacons: “Web beacons” (also known as image tags, pixel tags, clear GIFS or web bugs) are small pieces of code used to collect advertising data, such as counting page views, promotion views or advertising responses. Web beacons or similar technologies may be used for various purposes, including, without limitation, to count visitors to the Online Service, to monitor how users navigate the Online Service, to count how many sent e-mails were actually opened or to determine whether content sent was actually viewed.
• Embedded Scripts: An embedded script is programming code that is designed to collect information about your interactions with the Online Service, such as the links you click on. The code is temporarily downloaded onto your Device from our server or a third-party service provider, is active only while you are connected to the Online Service, and is deactivated or deleted thereafter.
Please note that third parties may collect personal information about your online activities over time and across different websites when you visit or use the Online Service or other online websites and services. For example, some third parties' embedded content or plugins on the Online Service, such as social media sharing tools, allow their operators to learn that you have visited or interacted with the Online Service, and they may combine this information with other, identifiable information they have collected about your visits to other websites or online services. These third parties may handle this information, and other information they directly collect through their content and plugins, pursuant to their own privacy policies.
Online Tracking. Some web browsers incorporate a “Do Not Track” feature that signals to websites that you visit that you do not want to have your online activity tracked. How browsers communicate the Do Not Track signal is not yet uniform. For this reason, the Online Service do not respond to such signals, except where required by law.
Ad serving and traffic measurement services we may use:
We license technology to serve advertisements on the Online Service and within its videos and other content as that content is served across the Internet. In addition, we may use third party network advertisers to serve advertisements on the Online Service and third-party analytics service providers (such as Google Analytics) to evaluate and provide us with information about the use of the Online Service and viewing of our content. We do not share the information that you provide to us, such as your name and/or email address with these third parties, but ad network providers, the advertisers, the sponsors, and/or analytics service providers may set and access their own cookies, web beacons and embedded scripts on your Device from the Online Service. These cookies, web beacons, and embedded scripts may collect personal information or other information about your use of the Online Service over time and other third-party websites or applications and they may otherwise collect or have access to information about you, including Usage Information. Cookies and web beacons, including those set by third party network advertisers, may be used to, among other things, target advertisements, prevent you from seeing the same advertisements too many times, or conduct research regarding the usefulness of certain advertisements to you.
To opt-out of such Cookies, please exercise choice below:
To generally opt-out of interest-based advertising on mobile-optimized or desktop websites, please visit the Digital Advertising Alliance (DAA) in US (http://youradchoices.com
), the Network Advertising Initiative (NAI) in US (https://www.networkadvertising.org/
). For our mobile application, please update your device settings. Please note that by opting out of such Cookies, you may still receive advertisements, but the network from which you opted out will no longer deliver ads tailored to your interests.
In order to opt-out of Google Analytics, which is used to understand how visitors interact with the Online Service, please visit: https://tools.google.com/dlpage/gaoptout
Please review your Internet browser settings, typically under the sections "Help" or "Internet Options," to exercise choices you have for certain Cookies that are not part of the DAA or NAI.
For instructions on how to configure your browser settings to reject Cookies being served by companies that are not part of the DAA or NAI, click here or go to
. You can also delete all cookies that are already on your computer's hard drive by searching for and deleting files with "cookie" in it.
Additional Opt-Out Choices: You may configure your browser or Device to block the use of certain Cookies.
Please note that without certain Cookies, it may make it difficult for you to use certain features on the Online Service.
Social media applications:
Functionality on the Online Service may permit interactions between the Online Service and third-party properties, such as Facebook and Twitter. Such functionality enables you to “like” a product or online content, “share” content to other properties, and otherwise link the Online Service with another third-party property. If you choose to “like” or “share” content or to otherwise post information from or via the Online Service to a third-party property, that information may become public and the third-party property may have access to information about you and your use of the Online Service.
Third party content, links to other properties and services, and our content on other websites:
Certain content on the Online Service may be hosted and served by third parties, which may include third party widgets (such as those that allow you to "like" or "share" content with third party websites and interactive services or to provide ratings and reviews). In addition, when you are on the Online Service you may be directed to other websites that are operated and controlled by third parties that are beyond our control. This includes links from advertisers, sponsors and partners that may use our logo(s) as part of a co-branding agreement. In addition, our content and widgets may be included on web pages and websites that are not associated with us and over which we have no control. These other websites may send their own cookies to your Device, and they may independently collect data or solicit Personal Information. We are not responsible for the privacy practices of any third party.
2. How we use the Collected Data
We will use the Collected Data for the following purpose:
• Account Creation: We use your credential information to create your account that can be used to sign-in to the Online Service and other related services;
• Service Provision: We use the Collected Data to operate, maintain, enhance and provide features and functions of the Online Service, including processing your registration, your purchased orders and your payments;
• Communications: We use the Collected Data to communicate with you about the Online Service for administrative and informational purposes. Examples of said communications include responses to your inquiries or requests, customer support-related communications and changes to any of our terms & conditions or policies.
• User Experience: We use the Collected Data to personalize your experience on the Online Service by providing you with tailored information of products, contents and services, as well as recommendations, advertisements, promotions, or offerings that may be of interest to you;
• Service Improvement and Development: We use the Collected Data to optimize and improve our services, including the Online Service, and to develop new products, contents, services, features and functions by analyzing and understanding the usage trends and preferences of our users;
• Compliance with Law: We use the Collected Data to ensure compliance with our internal policies, agreements with our stakeholders, applicable laws and regulations, court orders, government and law enforcement requests. We also use the Collected Data to enforce or defend our legal rights or the terms and conditions of any our service, or to retain and store your personal information to comply with specific legal retention requirements, regulatory audits, and other record keeping purposes (including to meet internal and external audit requirements).
• Fraud prevention and investigation: We will use the Collected Data to comply with monitoring, prevention, detection and investigation obligations, laws associated with the identification and reporting of illegal and illicit activity, including fraud and anti-money laundering, and financial reporting obligations.
• Security: We will use the Collected Data to maintain the integrity and security of our websites, contents and services and preventing and detecting security threats, fraud or other criminal or malicious activity that might compromise your devices.
• Other: In any other way, with your consent or permitted under applicable law.
3. Who else has access to the Collected Data?
We will make the Collected Data available to third parties as follows:
Third party service providers
We process your Personal Information strictly for the purpose set out in Section 2 and we will disclose it to third parties in compliance with Articles 17 and 18 of the Personal Information Protection Act, which sets out the circumstances in which we may disclose your Personal Information (e.g. with your consent, as required by law and etc.).
Engagement of third party data processors
In order to facilitate efficient processing of your Personal Information, we engage third parties to process Personal Information on our behalf. We monitor and manage the third party’s processing of Personal Information in accordance with the Personal Information Protection Act.
Data Processor: Sony Payment Services Inc.
Details of processing: Processing payments.
Data Processor: JAPAN POST Co., Ltd.
Details of processing: Delivering membership benefits.
Data Processor: Kuore Inc.
Details of processing: Customer support-related communications.
In the event that we sell or transfer a portion or all of our business, Collected Data may be transferred by us to the purchasing or acquiring entity as part of the transaction. We will continue to ensure the confidentiality of the Collected Data before such transaction occurs, and after such transaction, we will delete the Collected Data as soon as reasonably practicable after such transaction.
Compliance and enforcement
We will retain, use and/or disclose any of Collected Data as required or permitted by law, regulation or order, including to the police or other appropriate authorities, to investigate complaints made by or against you, or to protect or defend ourselves, or others, against illegal, criminal or harmful activities.
4. Data retention, managing the Collected Data
Duration of processing and storing Personal Information
We will continue to retain the Collected Data for 60 months after you delete your account unless local law tells us to keep it for longer. Please note that we may be required to retain certain information by law. Where we no longer require the Collected Data, the Collected Data shall be destroyed in accordance with our policies.
The relevant duration for storage under the law in relation to online services is as follows.
• Preservation of the records on transactions, such as marks, advertisements and contents of the contracts and execution thereof under the Act on the Consumer Protection in Electronic Commerce, Etc.
- Records relating to marks and advertisements: 6 months
- Records relating to contracts or withdrawal from contracts, payments and provision of goods: 5 years
- Records relating to customer complaints or dispute resolution: 3 years
• Preservation of the communication confirmation data under Article 41 of the enforcement decree of the Protection of Communications Secrets Act
- the date of telecommunications by the subscribers, the time that the telecommunications commence and end, the subscriber number of the other party, the frequency of use, and the data on tracing a location of information communications apparatus connecting to the information communications networks: 12 months
- the computer communications or Internet log records relating to facts that the users of computer communications or the Internet have used the telecommunications services, and the data on tracing a location of connectors capable of confirming the location of information communications apparatus to be used by the users of computer communications or the Internet for connecting with the information communications networks: 3 months
Destruction of personal information
We destroy your Personal Information when:
(a) the permitted duration for storage and use of your Personal Information has expired; or
(b) we no longer require your Personal Information (e.g. when we have accomplished our purpose).
If we are required to retain your Personal Information beyond such time under the applicable law, we keep your Personal Information in a separate database or a different location.
• Printed material containing Personal Information: We either shred the material using a shredder or incinerate it.
• Electronic files containing Personal Information: We delete the files using special technology to make them irrecoverable.
5. International Transfer of the Collected Data and Consent for Processing
This may impact your rights in your local jurisdiction and also in the applicable overseas jurisdiction(s). These overseas jurisdictions may also need to disclose your personal information to a third party, as an overseas authority.
We transfer your Personal Information to overseas as follows:
Recipient of the Personal Information (Contact Details): Sony Music Solutions Inc.(Contact: [https://klub-outside.com/s/n147/form/inquiry?ima=4020&cd=n147
Countries to which the Personal Information is transferred: United States of America, Japan
Personal Data to be Transferred: all of Collected Data
Date and Method of Transfer: transmitting via networks during the provision of services
Period of Use and Retention by the Recipient: 60 months after you unsubscribe from our service.
We undertake reasonable security measures designed to protect against the loss, misuse or alteration of the Collected Data. We take information security very seriously but we cannot guarantee or warrant the absolute security of any information that we store on our systems or that is stored on our third party contractors’ systems.
We have implemented the following measures.
• Organizational measures: Establishing and executing internal management plan. Regular staff training and etc.
• Technical measures: Restricting access to the system that processes personal information, installing access restriction system, encryption of personally identifiable information and installing antivirus software.
• Physical measures: Restricting access to the computer room and the information archive.
7. Children’s privacy
We are committed to complying with all applicable laws and regulations regarding the collection, storage and use of personal information concerning children, including the Children's Online Privacy Protection Act in the United States and applicable local legislation in other countries/regions. The Online Service is intended for a general audience; it is not directed to and does not knowingly collect personal information from children under the age of 14. If you are a parent or guardian and are concerned that your child has provided us with personal information without your consent, you should contact us as indicated in Section 10 below.
8. Privacy Rights
In some countries/regions, you have certain rights with respect to the personal information we hold about you. These may include the right to request a copy of the Collected Data that we or our group companies holds about you and/or you may request that we provide a copy, corrects, amends, deletes, erases, destroys, objects or blocks/restrict processing and/or use of such Collected Data if it is inaccurate. In some countries/regions, you may also ask us to provide some types of the Information to you in a structured, machine-readable format and ask us to share (port) such data with another controller. These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete Information which we are required by law to keep, or have compelling legitimate interests in keeping. If you would like to exercise any of these rights, please contact us as described in Section 10 below.
These rights may be exercised by your legal representative, authorized person or parents (Note: if you are under 14 years of age, your legal representative, authorized person or parent must exercise such rights on your behalf). If you wish to do so, you need to submit a power of attorney in the form specified in Appendix 11 of the notification in relation to the processing of personal information (Personal Information Protection Commission Resolution No. 7 (2020)).
If you are not satisfied with how we have handled your questions, concerns or have any complaints about how we process personal data, you have a right to lodge a complaint with the local data protection supervisory authority.
10. Contact Information
If you have a privacy concern, complaint or question, please contact to the following:
FOR RESIDENTS IN KOREA:
We would designate a domestic representation according to Korea laws and regulations as following:
Name: Sony Korea Corporation (CEO: Okura Kikuo)
Address: 24F, One IFC, 10 Gukjegeumyung-Ro, Yeoundeungpo-Gu, Seoul, Korea
Contact information: 02-1588-0911 / mailto:[email protected]