RAKUTEN SYMPHONY KOREA, INC.
PRIVACY NOTICE
Effective as of January 25 2023
1. The personal information we use
2. How we use your personal information and the basis on which we use it
3. Your choices over your personal information
4. Information Security and Storage
7. International Data Transfers
Rakuten Symphony Korea, Inc. ('we', 'us') and its subsidiaries are part of the Rakuten Group, which includes the affiliates and subsidiaries of our parent company Rakuten Group, Inc., based in Tokyo, Japan (hereafter, “Rakuten Symphony Korea”, “we” “our” and/or “us”).
More information about Rakuten is available at https://global.rakuten.com/corp/about/company
We provide the Rakuten Drive website (website) and the Rakuten Drive mobile applications and all the products you can download on our websites (the “Services”).
This privacy notice describes how we collect and process personal information about you, how we use and protect this information, and your choices in relation to this information when you use the Services.
This privacy notice applies to all personal information we collect or process about you. Personal information is any information about you or your household, as well as a combination of pieces of information that could reasonably allow you or your household to be identified.
For the purposes stated in Section “HOW WE USE YOUR PERSONAL INFORMATION AND THE BASIS ON WHICH WE USE IT”, we collect information about you as described in this Section.
The categories of personal information that we collect directly from you are:
We do not collect, access, or use in any manner, the information, that may or may not be personal information, contained in the files and documents that you provide to us when you use the Services.
Information we collect from other sources
When you register or sign up into our Services using third parties’ services
We collect personal data about you from third parties, at your request, to allow your registration and authentication in our Services. The categories of information that we collect about you from other sources are: Identifiers, such as social media account and account ID:
We collect, store, and use your personal information to:
In the European Economic Area (EEA) and the United Kingdom (UK), we must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:
We may obtain your consent to collect and use certain types of personal information when we are required to do so by law (for example, in relation to our direct marketing activities, Cookies and Tracking Technologies or when we process location data). If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this privacy notice.
You have certain rights regarding your personal information, subject to local law, such as in the EEA and the UK. These include the following rights to:
We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.
We will contact you if we need additional information from you in order to honour your requests.
We are committed to handling your personal information in accordance with high security standards and in compliance with applicable law. We do so in order to prevent unauthorized access or unauthorized disclosure of your information, to maintain the accuracy of such information and, when necessary, to ensure its proper destruction. When collecting or transferring your personal information, we employ data encryption technology, and restrict access only to those persons who require it to fulfil their job responsibilities. We conduct periodic reviews of our practices to ensure that our safeguards are properly implemented and remain state of the art.
We will keep your personal information for as long as we have a relationship with you, and to comply with our legal data protection retention obligations. We will only retain your personal information after this time if we are required to do so to comply with the law, or if there are outstanding claims or complaints that will reasonably require your personal information to be retained.
In order to protect your personal information, accounts with no activity for over one (1) year will be converted into deactivated accounts and will be kept separated. We will send you a deactivation notice to your e-mail address or a mobile push 30 days before the deactivation of your account. In addition, we may post a notice about the deactivation when you log in and will ask for your consent to reactivate your account.
If you do not log in into your account within (1) year after being temporarily deactivated, the account and all your personal information, if it is not subject to legal retention requirements under the applicable laws, shall be deleted. If you do not want your account and personal information to be deleted after the deactivation period, you can log in into the Services at any time before the above term, provide your consent to reactive your account and use the Services normally.
We may disclose and share your personal information for business purposes to the following parties:
Because we operate as part of a global business, the recipients referred to above may be located outside the jurisdiction in which you are located (or in which we provide the services). See the section on "International Data Transfers" below for more information.
Our Services are global; therefore, your personal information may be transferred to, stored, processed in a country that is not regarded as ensuring an adequate level of protection for personal information. The main country to which your personal information is transferred through our business activities is the Republic of Korea.
If you are located outside the Republic of Korea, please note that we will store and process your personal information there, and we also use services providers and business partners located in different places around the world.
In addition to ascertaining the privacy protection legal systems of those countries and regions, we have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your personal information is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
As part of the Rakuten Group, Rakuten Symphony Korea, Inc. relies on the Rakuten Group Binding Corporate Rules to legitimise international data transfers within the Group. The Rakuten Group Binding Corporate Rules can be found at https://corp.rakuten.co.jp/privacy/en/bcr.html.
Rakuten Symphony Korea, Inc. is the controller responsible for the personal information we collect and process. Our legal representative is Seunghyun Son, president of the Department of Internet & Ecosystem Services, and our main offices are located in 11F, 368, Sapyeong-daero, Seocho-gu, Seoul, Republic of Korea.
If you have questions or concerns regarding the way in which your personal information has been used, please contact contact@rakuten-drive.com (Rakuten Drive Help Center).
If you would like to discuss or exercise your rights granted by the applicable laws, please contact us through the following inquiry methods below. For example, the rights may include the right to opt out of “sales”, which is granted to California residents.
For more description of your rights and the procedures, please see Section 3 (“Your Choices”).
Once you contact us, we will respond without undue delay to you. Please note that when contacting us, we may ask you for certain information to verify your identity and respond to your request appropriately.
We may modify or update this privacy notice from time to time.
If we change this privacy notice, we will notify you of the changes. Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing). Effective date: Dec 27, 2022
We provide the Rakuten Drive website (website) and the Rakuten Drive mobile applications and all the products you can download on our websites (the “Services”).
This privacy notice describes how we collect and process personal information about you, how we use and protect this information, and your choices in relation to this information when you use the Services.
This privacy notice applies to all personal information we collect or process about you. Personal information is any information about you or your household, as well as a combination of pieces of information that could reasonably allow you or your household to be identified.
1. The personal information we use
Information we collect directly from youFor the purposes stated in Section “HOW WE USE YOUR PERSONAL INFORMATION AND THE BASIS ON WHICH WE USE IT”, we collect information about you as described in this Section.
The categories of personal information that we collect directly from you are:
-
(a) Identifiers, such as
- Your personal details (e.g. name, date of birth, country, gender, age)
- Your contact details (e.g. email address, phone number or mobile number)
- Your account login details, such as your username and the password (encrypted) that you have chosen.
- Device identifiers, such as identifiers for devices that you use to access our websites and applications, including the IP address, type of device, device unique ID, advertising related identifiers.
(c) Billing information, if you subscribed to a paid plan, we store information about your plan and ask for your billing information (e.g. billing address and payment details). We use third-party services for payment processing (e.g. payment processors).
(d) Communication, such as the questions and responses that you make in our type forms, or when you seek for technical support.
(e) Visual and phone book information, such as pictures, list of contacts and other information, obtained with your prior consent, from your device’s camera and phone book.
(f) Geolocation data, such as precise location, with your prior consent, while you are using the Services.
(g) Internet or other electronic network activity information, such as information about your usage of the Services, operational status, online behaviour while you use our Services, and other technical details necessary to operate and maintain the Services.
We do not collect, access, or use in any manner, the information, that may or may not be personal information, contained in the files and documents that you provide to us when you use the Services.
Information we collect from other sources
When you register or sign up into our Services using third parties’ services
We collect personal data about you from third parties, at your request, to allow your registration and authentication in our Services. The categories of information that we collect about you from other sources are: Identifiers, such as social media account and account ID:
- Facebook: email address, given name, last name.
- Apple: email address, given name, last name.
- Google: email address, given name, last name.
2. How we use your personal information and the basis on which we use it
We collect, store, and use your personal information to:
- provide you the Services. We process your personal information to provide you with cloud sharing and storage services from our services’ websites and their mobile application, and to monitor the usage of the Services to detect, prevent and address technical issues
- identify you. We use your identifiers to verify your identity when you access your account and log in to our Services, and to ensure the security of your personal information
- manage your accounts. We record your configuration and settings, including resource identifiers such as URLs to manage the accounts you hold with us
- provide you support. We process your personal information to notify you about changes and updates to our Services, and to deal with your inquiries and requests.
- fulfil our legal obligations. We use your personal information to comply with legal obligations to which we are subject and cooperate with regulators and law enforcement bodies and for security purposes such as fraud and spam prevention or to enforce our terms of use.
- improve the Services for you. We analyse information about how you use the Services to provide an improved experience for you and all users and improve our services and for business development.
- communicating with you. We may contact you with news, general information, marketing and offers relating to products and services offered by us (unless you have opted out of marketing, or we are otherwise prevented by law from doing so). We may invite you to take part in customer surveys, questionnaires and other market research activities carried out by us and to allow you to participate in special features of our Services.
- other marketing activities and advertising. We may personalise, with your prior consent, the marketing messages we send you and deliver you with appropriate advertising, to make them more relevant and interesting. For this purpose, we may share your device data and unique IDs, age range, inferred gender, and IP address with third party advertising partners. Additional information (including how to opt-out of data collection using cookies) is available on our Rakuten Drive Cookies & Tracking Technologies Policy
In the European Economic Area (EEA) and the United Kingdom (UK), we must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:
- to fulfil our contractual obligations to you, for example to provide the Services, such as the creation of your account and authentication when you log in, provide you with cloud storage and sharing services at your request, and for payment transactions, to ensure that invoices are paid correctly. Failure to provide this information may prevent or delay the fulfilment of these contractual obligations.
- to comply with our legal obligations, for example obtaining proof of your identity to enable us to meet our anti-money laundering obligations.
- to meet our legitimate interests, for example to understand how you use our products and services and to enable us to derive knowledge from that, which allows us to develop new products and services and communicating with you in relation to our Services. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and that your interests or fundamental rights and freedoms are not overridden by our legitimate interests.
We may obtain your consent to collect and use certain types of personal information when we are required to do so by law (for example, in relation to our direct marketing activities, Cookies and Tracking Technologies or when we process location data). If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this privacy notice.
3. Your choices over your personal information
You have certain rights regarding your personal information, subject to local law, such as in the EEA and the UK. These include the following rights to:
- access your personal information
- rectify the information we hold about you
- erase your personal information
- restrict our use of your personal information
- object to our use of your personal information, such as profiling, or any other processing activity required under the applicable law
- receive your personal information in a usable electronic format and transmit it to an external party (right to data portability)
- learn more about the sources from which we collect information, the purposes for which we collect and share information, the information we hold, and the categories of parties with whom we share your information
- exercise rights without fear of being denied goods or services
- lodge a complaint with your local data protection authority
We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.
We will contact you if we need additional information from you in order to honour your requests.
4. Information Security and Storage
We are committed to handling your personal information in accordance with high security standards and in compliance with applicable law. We do so in order to prevent unauthorized access or unauthorized disclosure of your information, to maintain the accuracy of such information and, when necessary, to ensure its proper destruction. When collecting or transferring your personal information, we employ data encryption technology, and restrict access only to those persons who require it to fulfil their job responsibilities. We conduct periodic reviews of our practices to ensure that our safeguards are properly implemented and remain state of the art.
5. Retention
We will keep your personal information for as long as we have a relationship with you, and to comply with our legal data protection retention obligations. We will only retain your personal information after this time if we are required to do so to comply with the law, or if there are outstanding claims or complaints that will reasonably require your personal information to be retained.
In order to protect your personal information, accounts with no activity for over one (1) year will be converted into deactivated accounts and will be kept separated. We will send you a deactivation notice to your e-mail address or a mobile push 30 days before the deactivation of your account. In addition, we may post a notice about the deactivation when you log in and will ask for your consent to reactivate your account.
If you do not log in into your account within (1) year after being temporarily deactivated, the account and all your personal information, if it is not subject to legal retention requirements under the applicable laws, shall be deleted. If you do not want your account and personal information to be deleted after the deactivation period, you can log in into the Services at any time before the above term, provide your consent to reactive your account and use the Services normally.
6. Information Sharing
We may disclose and share your personal information for business purposes to the following parties:
- Rakuten ID. The Rakuten Group aims to provide you with a unique service experience through the “Rakuten ID” Rakuten ID is a unified program that allows you to easily connect to other Rakuten services by a single log-in function, share your account information or join a loyalty program with the Rakuten group companies jointly participating in the Rakuten ID program https://corp.rakuten.co.jp/privacy/en/rakuten-id.html. Your data will only be shared if you chose to connect to another Rakuten ID service. By connecting to another Rakuten ID service, you direct the Rakuten ID services to share your data for the purposes explained in our joint privacy policy here: https://corp.rakuten.co.jp/privacy/en/rakuten-id.html. We share your account credentials and profile information (address and date of birth, where provided) with the Rakuten ID services. This service is jointly provided by the Rakuten ID Services as directed by you, if you sign up with another Rakuten ID Service
- Service providers and business partners. We may share your personal information with our service providers and business partners that perform marketing services and other business operations for us in order to provide you the Services (as data processors). For example, we may partner with other companies to process secure payments, send newsletters and marketing emails, support email and messaging services. Where we share information with services providers and partners, we ensure they only have access to such information that is strictly necessary for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only, while ensuring compliance with all applicable data protection regulations.
- Law enforcement agencies, courts, regulators and government authorities. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
- Asset purchasers. We may share your personal information with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy notice.
- Advertising partners. We may also disclose or share your personal information with other third parties, where you consent if it is required, for advertising purposes. We may share your unique advertising identifier and technical data about you (language preference, country, age range, gender and device data).
Categories of recipients | Recipients name | Country | Contact details | Data Shared |
---|---|---|---|---|
Payment services We share your personal data with them, to process secure payments. |
Apple Store In-App Payments Stripe |
United States United States |
LINK LINK |
|
Client Relationship Management We share your personal data with them, to send newsletters, marketing emails, support emails and messaging services to respond to your inquiries. |
Mailchimp Zendesk |
United States United States |
LINK LINK |
|
Technical and operational support
We share your personal data with them, to provide you our cloud and storage services. |
Amazon Web Services, Inc | United States |
|
|
Analytics
We share your personal data with them, to analyze and improve our services. See more details here. |
Google Analytics and Firebase | United States | LINK |
|
Advertising partners
Disclose or share your personal data, where you consent if it is required, to provide you advertising. See more details here. |
See more details about our advertising partners in our Rakuten Drive Cookies & Tracking Technologies Policy |
Because we operate as part of a global business, the recipients referred to above may be located outside the jurisdiction in which you are located (or in which we provide the services). See the section on "International Data Transfers" below for more information.
7. International data Transfers
Our Services are global; therefore, your personal information may be transferred to, stored, processed in a country that is not regarded as ensuring an adequate level of protection for personal information. The main country to which your personal information is transferred through our business activities is the Republic of Korea.
If you are located outside the Republic of Korea, please note that we will store and process your personal information there, and we also use services providers and business partners located in different places around the world.
In addition to ascertaining the privacy protection legal systems of those countries and regions, we have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your personal information is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
As part of the Rakuten Group, Rakuten Symphony Korea, Inc. relies on the Rakuten Group Binding Corporate Rules to legitimise international data transfers within the Group. The Rakuten Group Binding Corporate Rules can be found at https://corp.rakuten.co.jp/privacy/en/bcr.html.
8. Contact Us
Rakuten Symphony Korea, Inc. is the controller responsible for the personal information we collect and process. Our legal representative is Seunghyun Son, president of the Department of Internet & Ecosystem Services, and our main offices are located in 11F, 368, Sapyeong-daero, Seocho-gu, Seoul, Republic of Korea.
If you have questions or concerns regarding the way in which your personal information has been used, please contact contact@rakuten-drive.com (Rakuten Drive Help Center).
If you would like to discuss or exercise your rights granted by the applicable laws, please contact us through the following inquiry methods below. For example, the rights may include the right to opt out of “sales”, which is granted to California residents.
For more description of your rights and the procedures, please see Section 3 (“Your Choices”).
Once you contact us, we will respond without undue delay to you. Please note that when contacting us, we may ask you for certain information to verify your identity and respond to your request appropriately.
9. Changes to the Notice
We may modify or update this privacy notice from time to time.
If we change this privacy notice, we will notify you of the changes. Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing). Effective date: Dec 27, 2022