Privacy Policy

Overview

We provide an overview of our Privacy Policy here. For your comprehensive understanding of our practices with respect to your information, please refer to the details set out in this Privacy Policy. All capitalized terms are as defined in this Privacy Policy.

Who are we?	We are DMM Crypto Co., Ltd., a corporation having its registered office at Roppongi Grand Tower 24F, Roppongi 3-chome 2-1, Minato-ku, Tokyo 106-6224, Japan. We are acting as a Data Controller for any information collected through the Services.
What information do we collect about you?	We collect the following type of information about you: Information that you choose to provide to us through the Services Information collected as you use the Services Information provided from third parties
Why do we collect this information?	We collect and use this information to: verify your identification provide the Services, like creating your account of the Services, verifying your user ID and password, charging fees and other payment relating to the Services maintain and improve the Services, like tracking system failure and troubleshooting, improving the functions of the Services develop new products or services, like developing a new function of the Services or new services based on your usage activity or inquiry from you measure and analyze performance, like measuring and analyzing your visits to and activity on the Services and optimizing the Services based on such data communicate with you, like notifying you of amendments in the Services, responding to inquiries from you protect us, our users, and the public, like detecting, preventing, and responding to unauthorized use of your account, fraud, abuse, security risks, and technical issues that could harm Us, you, other users, or the public, investigating or addressing claims or disputes relating to the Services comply with a law to which we are subject prepare historical documents or archives for the public interest, or to research or statistics Some information is necessary to be provided for compliance with laws, the conclusion of contracts with us, or performing a contractual obligation with us. If you do not provide such information, you may not use the whole or part of the Services.
Who is this information shared with?	Your information is shared with: our Group Companies carma Platform service providers Cloud service providers Data center contractors Business operation support contractors Developers Service monitoring companies Fraud monitoring companies Payment and settlement companies Google, X（Twitter）, Facebook, Instagram, Yahoo
How long do we store your information?	We retain your Personal Data until it is no longer necessary to fulfill the purposes of collecting your Personal Data, or until you request us to erase or destroy your Personal Data. We may be required to retain certain information in order to comply with the laws which we are subject to.
What are your rights with respect to your Personal Data?	Regarding your Personal Data which we collect and store, you have the rights to: request access to and obtain copy of your Personal Data receive your Personal Data or request us to send or transfer your Personal Data to other Data Controllers by the automatic means object to the collection, use, or disclosure of your Personal Data request to erase, destroy, or anonymize your Personal Data request to restrict the use of your Personal Data request correction or update of your Personal Data withdraw the consent which you have given to us complain to expert committee with respect to our processing of Personal Data If you are located in the European Economic Area or the United Kingdom (the “European Countries”), you have certain rights and protections under the applicable law regarding the processing of your Personal Data as defined in the applicable law.
Contact us	You may contact us through our Data Controller or Representative.

Introduction
This Privacy Policy describes how we collect, use, disclose, share, store, and transfer (collectively, “process”) information about you when you use our services (“Services”). We act as a Data Controller for any information collected through the Services.
1. Who are we?
  
  We are DMM Crypto Co., Ltd., a corporation having its registered office at Roppongi Grand Tower 24F, Roppongi 3-chome 2-1, Minato-ku, Tokyo 106-6224, Japan.
  
  We have group companies which shall be considered as any entity that we control, is controlled by us, or is under common control with us, directly or indirectly. (“Group Companies“).
2. What is Personal Data?
  
  In this Policy, Personal Data means information relating to a natural person, which is identified or identifiable, whether directly or indirectly, but excludes information of deceased natural persons. Please note that at all times we will adhere to the applicable statutory definition in determining what information is and is not Personal Data for the purposes of this Privacy Policy.
3. Scope of this Privacy Policy
  
  This Privacy Policy applies to information, including Personal Data, which we collect in relation to your access or use of the Services only. Regarding any information which you provide to or is collected by any third party other than us, please refer to the privacy policy separately established by such a third party.
4. Changes to this Privacy Policy
  
  We will amend this Privacy Policy from time to time. We will notify you of the amendment of this Privacy Policy through the Services, or other measures determined by us if we make any substantive or material amendments. Any amendment will become effective upon our posting of the amended privacy policy on the Services.
What information do we collect about you?
We collect the following information about you:
1. Information that you choose to provide to us through the Services
  - Profile Information: such as a nickname, email address, login passwords, date of birth, and gender
  - Information of Communication with us: such as information about the communications between you and us including your inquiry, compliments, and other contacts to us
  - Sensitive Personal Information: you may choose to provide us through the Services with your information of a sensitive nature such as racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any other information of a sensitive nature. We do not collect and use this information without explicit consent from you, except where permitted by applicable laws.
2. Information collected as you use the Services
  - Usage Information: such as access dates and times, pages viewed, game play information, apps and other system activity, type of browser. In some cases, we collect this information through cookies, beacons, tags, and similar technologies that create and maintain unique identifiers
  - Device Information: such as information about the devices you use to access the Services, including device IP address, unique device identifiers, and device motion information
  - Communication Information: such as information about the communications between you and other users or a third party through the Services, such as texts, profiles, messages, photographs, graphics, images, icons, voice, video, and other information contents
3. Information provided by third parties
  - We may collect information about you to be provided from third parties due to your consent. For example, we may collect your account information of a third-party’s service when you log in to the Services through such an account, or we may collect and use your payment information when you pay fees for our chargeable service by using a third-party’s payment service. We may also collect and use information on how your usage activities on third-party’s services from marketing service providers.
  - In the event that we collect your Personal Data from a third party, we will notify you of the detail of the collected Personal Data and the detail of the third party. Such notification will be made within 30 days from the date of the collection.
Why do we process your Personal Data?
1. We process your Personal Data for the following purposes, to the extent applicable.
  To provide the Services
  We process your Personal Data to provide you with the Services. For example, we collect your nickname, gender, email address, login password and other information to create your account of the Services, and we use your user ID and password to verify you as a user of the Services.
  
  To maintain and improve the Services
  We process your Personal Data for maintaining or improving the Services. For example, we collect and use information of trouble informed by you for tracking system failure and troubleshooting, or we collect and use your usage activity on The Services for improving the functions of the Services or develop more convenient for users.
  
  To develop new products or services
  We process your Personal Data for developing new products or services. For example, we collect and utilize information of how you use the Services, inquiries from you, or questionnaire results for developing new products or services.
  
  To measure and analyze performance
  We process your Personal Data for analyzing and measuring how the Services are used. For example, we measure and analyze your visits to and activity on the Services to optimize them.
  
  To communicate with you
  We process your Personal Data to communicate with you. For example, we respond to inquiries from you or may send you a notification about the Services by using your email address provided by you. In addition, if you contact us, we will keep a record of your request in order to help solve any issues you might be facing.
  
  To protect us, our users, and the public
  We may process your Personal Data to protect us, you or other users, or the public interest. For example, we use your nickname, mail address, and login password for detecting, preventing unauthorized use of your account, fraud, abuse, or security risks. We may also use your Personal Data to investigate or address claims or disputes relating to the Services.
  
  Other Purposes
  We may process User Information for the purposes prescribed in 5. below.
2. If you do not provide us with your Personal Data which is necessary for complying with laws or performing the contract between you and us or entering into such a contract (e.g., the information required to be entered by you on the user registration screen or on the order screen for a transaction through the Service), your application for use of the Service may not be accepted, or you may not be allowed to use part of the Service.
Disclosure, Share, or Transfer of Personal Data
1. We may share your Personal Data with the following categories of recipients:
  - our Group Companies
  - carma
  - Platform service providers
  - Cloud service providers
  - Data center contractors
  - Business operation support contractors
  - Developers
  - Service monitoring companies
  - Fraud monitoring companies
  - Payment and settlement companies
  - Google, Twitter, Facebook, Instagram, Yahoo
2. Except for the recipients prescribed above, we will not disclose your Personal Data to any third party without your prior consent, except where we collected your Personal Data based on any of the legal basis prescribed in 5 below.
3. We transfer your Personal Data to any of our Group Companies or third-party service providers outside of the European Countries, such as our data center specified in 6.2. When we transfer your Personal Data to such an entity outside of the European Countries, we ensure that appropriate safeguards and protections are taking place pursuant to the GDPR. For example, we enter into agreements including standard data protection clauses adopted by the European Commission or other appropriate arrangements with various entities located outside the European Countries with whom we share your Personal Data. However, please acknowledge that some countries where we transfer your Personal Data might not have appropriate safeguards and protections under the GDPR. If we transfer your Personal Data to any of such countries, we will notify you of the possible risks of such transfer for you due to the absence of appropriate safeguards and obtain your consent with such transfer. If you wish to receive a copy of documentation related to these safeguards, please contact us.

The legal basis on which we process Personal Data

We process your Personal Data based on a different legal basis depending on the nature of Personal Data and the type of processing involved. We rely on the following legal bases (single or multiple) other than or in addition to your consent, insofar as it applies.

Performance of a Contract / Entry into a Contract
Some Personal Data is processed on the basis that it is necessary for the performance of our agreement with you or for taking steps at your request prior to entering such an agreement. For example, we need to request you to provide your email address, login name, login passwords to create your account for using the Services in order to perform our obligation under the service agreement with you.

Legitimate Interests
A second ground relied upon by us is that it is necessary for the purposes of legitimate interests pursued by us or a third party. These legitimate interests include the operation of the Services and our business, maintenance and improvement of the Services, pursuit of the safety of the Services, such as fraud detection and prevention, charging the payment regarding the chargeable services. Further examples are shown in 3. above. We only rely on such a ground where such interests are not overridden by your interests or fundamental rights and freedoms.

Performance of a Task for Public Interest
A third ground relied upon by us is that it is necessary for carrying out a specific task in the public interest which is laid down by law; or exercising official authority (for example, a public body’s tasks, functions, duties or powers) which is laid down by law.

Compliance with a Legal Obligation
A fourth ground relied upon by us is that it is necessary for compliance with a legal obligation. For example, we are required to retain records for fixed periods of time in order to comply with applicable laws.

Protection of Vital Interests
In some rare cases, there may be necessity to process your Personal Data to protect the vital interests of your or other persons’ life, body, or health. For example, we might be required to transfer your Personal Data for emergency medical care where you are incapable of giving consent to the processing.

The following table organizes the purpose of use and legal basis for each type of your Personal Data.

nickname, email address, login passwords, date of birth, and gender	To provide the Services To maintain and improve the Services To communicate with you To protect us, our users, and the public	Performance of a Contract / Entry into a Contract
Usage Information	To maintain and improve the Services To develop new products or services To protect us, our users, and the public	Legitimate interests
Device Information	To maintain and improve the Services To develop new products or services To protect us, our users, and the public	Legitimate interests
Communication Information	To provide the Services To maintain and improve the Services To develop new products or services To protect us, our users, and the public	Legitimate interests

What do we do to keep your Personal Data secure?
1. We seek to take reasonable security measures to protect your Personal Data against loss, misuse, alteration, and divulgation. Such reasonable security measures include use of adequate security software, restricted access, and assigning a person in charge of managing Personal Data. However, please note that although we take appropriate steps to protect your Personal Data, no website, product, device, online application or transmission of information, computer system or wireless connection is completely secure and therefore we cannot guarantee the security of your Personal Data.
2. We store your Personal Data not only in Japan but also in our data centers located in the U.S.
How long do we store your Personal Data?
We retain your Personal Data until it is no longer necessary to fulfill the purposes of processing your Personal Data, or until you request us to erase or destroy your Personal Data. We may be required to retain certain information in order to comply with the laws to which we are subject.

Specific retention periods are determined based on the following considerations: purposes of processing, the nature of Personal Data, and the necessity of retaining Personal Data for legal or business reasons. For example, if you are a user of the Services, we will normally erase your Personal Data within 12months from the date on which you become no longer a user of the Services; however, we may be necessary to retain the whole or part of your Personal Data for the purpose of establishment, compliance, or exercise of legal claims, defense of legal claims, or the purpose of compliance with the law.
Cookies
During any use of the Company's website Information relating to your access to this website will be saved in the form of a cookie. Cookies are text files that are stored on a user's computer and/or communication devices that you use, such as tablets and smartphones, via a web browser while you enter our website. Cookies will not cause harm to your computer equipment and/or communication devices. They are used to store detailed log data, internet usage or your website visit behavior.

We will collect website information from all visitors through cookies or similar technologies and will use cookies for the purpose of improving the efficiency of accessing and using the Services. The company collects cookies for the following purposes:
- to study the behavior of your website usage and to develop our websites to be able to use easily, quickly and more efficiently;
- to enable you to sign in to your account on the Service;
- to protect you from fraud and improve security;
- to analyze products and services, and offers of our products that may be relevant to you;
- to improve the marketing that you see on social media, applications and other websites.
You can refuse the collection of information via cookies through your browser settings, which may reduce the optimum performance of the website and application.
What are your rights regarding your Personal Data?
Regarding your Personal Data which we collect and store, you have the rights to:
- access to your Personal Data and related information, such as categories of the recipient, envisaged retention period, source of acquisition, and obtain a copy of your Personal Data in our possession
- rectify your inaccurate Personal Data
- erase your Personal Data
- restrict on processing of your Personal Data
- receive your Personal Data which you provided to us and request us to transmit those data to another controller (data portability)
- object to the processing of your Personal Data
- withdraw the consent which you have given to us at any time (your withdrawal of consent will not affect the lawfulness of procession made prior to such withdrawal)
- not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where:
  - the decision is necessary for entering into, or performance of, a contract between you and us;
  - the decision is authorized by Union or Member State law to which we are subject, and which also lays down suitable measures to safeguard your rights, freedoms, and legitimate interests; or
  - the decision is based on your explicit consent.
Especially, if you want to exercise the right to withdraw consent, you can contact us. However, the withdrawal of your consent related to and required for the Service may prevent you from complying with the contract or providing services to you or may cause the transaction or any other related activities to be suspended or temporarily discontinued.
Automated Individual Decision-Making, Including ProfilingWe do not use a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
ComplaintsIf you are located in one of the European Countries, you may file a complaint with the Data Protection Supervisory Authority of the Member State of your habitual residence, place of work, or place of the alleged infringement.
How You Can Contact Us
Representative for data subjects in the EU and UK

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact.

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data).

If you want to contact us via our representative Prighter, make use of your data subject rights, or would like to exercise your privacy choice or rights, or have any other inquiries, please visit the following website.

< < https://prighter.com/q/19671501033 > >

Data Controller

DMM Crypto Co., Ltd., 24F, Roppongi Grand Tower, 3-2-1, Roppongi, Minato-ku, Tokyo, 106-6224, Japan is the controller for the processing your Personal Data as described in this Notice.

DPO

Maetzler Rechtsanwalts GmbH & Co KG Email Address: office@iuro.at
Address: Schellinggasse 3/10, 1010 Vienna, Austria
Updates to this Notice
material changes to how we treat our users' Personal Data, we will post the new Notice here with the "Last Updated".

Established on 20/06/2024

Latest Amendment on 20/06/2024

OFFICIAL SITE