TOPSIC: Special Information about EU Users

[Summary]
On or after May 25, 2018, EU General Data Protection Regulation (hereinafter referred to as “GDPR”) shall apply to handling of personal data of users within European Union (hereinafter referred to as “EU”).
According to these Terms, System Integrator (hereinafter referred to as “Company”) outlines the grounds for processing of personal data and the rights of EU Users in handling of personal data by the Company based on GDPR.

1. Rights of EU Users
Users of the Company within EU shall have the following rights in handling of personal data of users by the Company.

(1) Explanations and Copies of User Data
[1] Users reserve the right to request explanation about the user’s data held by the Company and explanation about the method of use of the data by the Company.
[2] In addition to the above, in a case where the Company collects the data of a user based on the consent of the user, or the Company collects relevant data as it is necessary in the provision of services requested by the user, the user shall have the right to be issued a copy of the data of the user collected by the Company.

(2) Correction
[1] In a case where the user believes that the data of the user held by the Company is inaccurate, the user shall have the right to request correction of the data. User may request the following as to the correction of the data of user.
a) Request provision of detailed explanation about the data collected by the Company and the method of use of the data by the Company.
b) Request issue of a copy of the data collected by the Company.
c) Request correction of the data in a case where the data held by the Company is inaccurate.

(3) Deletion
[1] User may request deletion of his/her own account at any time. The Company shall, at the request of the user, delete the data not required to be held and restrict access to or use of the data required to be held. The Company may hold specific data of the user in a case where it is required by the law and for business purposes permitted by law.

(4) Bringing Objection and Complaints
[1] Users within EU shall have the right to bring objection on the processing of personal data by the Company. This includes processing intended for profiling and automated decision-making marketing. In a case where any objection is raised, the Company may continue to process the data of the user to the extent permitted by GDPR.
[2] In addition to the above, users within EU shall have the right to bring objection to the Supervisory Authority of EU member states where the user has its residence or workplace.
[3] Users may raise questions, opinions or complaints to the data protection staff of the Company.

2. Grounds for Processing
GDPR requires enterprises processing personal data of users in EU based on specific legal grounds. The Company shall process data of EU User based on one or more grounds provided for in GDPR. The details of the grounds shall be as follows.

(1) The processing is required to provide services and functions demanded by users.
[1] In order for the Company to provide services, it is necessary to collect and use specific data, which contain the following.
a) Profile data of users necessary for preparation and maintenance of user accounts.
b) Transaction data, required to be generated and maintained in relation to the use of the services of the Company by users.
c) Use data required to maintain, optimize and improve the services of the Company.
[2] Collection and use of the data shall be the conditions for using the services of the Company.

(2) The processing is required to protect material interests of users of the Company or third parties
[1] The Company may process personal data, including disclosure of data to law enforcement authorities in a case where the safety of users or third parties is threatened.

(3) The processing is necessary in order to protect the legitimate interests of the Company
[1] The Company shall collect and use personal data only to the extent necessary to protect the legitimate interests of the Company. This includes collection and use of data for the following purposes.
a) For the purpose of maintaining and improving the safety and security of users of the Company. For example, the Company shall collect identification data permitted by law so that a dangerous user shall not provide services via the services of the Company. In addition to the above, the Company shall use personal data for the purpose of preventing use of users who committed inappropriate or dangerous acts so as not to allow the prohibited users to use the services of the Company by holding the data of the users.
b) Purpose of preventing and detecting wrongful acts related to the services of the Company and corresponding thereto. For example, the Company shall use user profiles, equipment data and usage-related data in order to discover and prevent users who attempt to commit fraud against the Company or other users.
c) Purpose of providing law enforcement authorities with the data in relation to criminal acts or threats to public safety.
d) Purpose of providing customer support.
e) Purpose of optimizing the services of the Company and developing new services.
f) Purpose of conducting research and analysis. This includes improving user experience and analyzing usage trends, etc., to improve the security and safety of the services of the Company.
g) Purpose of conducting direct marketing. This includes analyzing the date, etc., to identify trends and customize marketing messages to match user demands.
h) Purpose of enforcing the Terms of Use of Service of the Company.

(4) The processing is necessary to protect the legitimate interests of third parties
[1] To the extent necessary to protect the legitimate interests of third parties or the public, the Company shall collect and use personal data. This includes sharing the data related to legal claims in order to protect the rights and safety of third parties.
[2] In addition to the above, in a case where it is necessary in relation to material public interests, the Company may process personal data based on applicable laws.

(5) The processing is necessary for the Company to perform the legal obligations
[1] The Company shall collect, process, disclose and retain personal data of users in the region where the Company operates business, in compliance with the legal requirements of the Company.

(6) Consent
[1] The Company may collect and use data of users based on the consent of users. The consent may be revoked at any time. In a case where the consent is revoked, the user will no longer be able to use services (or functions) requiring collection or use of the data collected or used by the Company based on the consent of the user.
[2] The Company shall rely on the consent of users for improvement of user experience, implementation of optional services or functions, or collection or use of data required for communications with users.
[3] In addition to the above, the Company may collect personal data of users through optional questionnaires. User responses to such questionnaires shall be collected based on the consent of users and shall be deleted when they become unnecessary for the collected purpose.