In compliance with applicable data protection laws and regulations (including, but not limited to the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), the United Kingdom General Data Protection Regulation (the “UK GDPR”), the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the “CCPA”)), and the China Personal Information Protection Law (the “PIPL”), MACROMILL, INC. and its below subsidiaries and group companies (collectively, the “Company”) hereby prescribe the following Global Privacy Policy (this “Policy”) to cover the handling of personal data of visitors and users (“Users”) of the website and applications (the “App”) operated by the Company and the other services provided by the Company (the “Service”), the persons in charge of business partners whom the Company transacts with (“Business Partners”), and survey respondents in marketing research (“Survey Respondents”; collectively with Users and Business Partners, “Customers”)).
Subsidiaries or Group Companies
Japan (subsidiary): Macromill South East Asia, Inc.
Thailand (group company): Macromill South East Asia (Thailand) Co., Ltd.
Indonesia (group company): PT. Macromill South East Asia Indonesia
Vietnam (group company): Macromill South East Asia Vietnam Company Limited
This Policy applies to the handling of personal data of Customers residing outside Japan, including, but not limited to, the European Economic Area (EEA), the United Kingdom, the State of California in the United States, and China. For the handling of personal data of Customers residing in Japan, a separate policy “Privacy Policy” shall be applied and be referred to.
Furthermore, when a privacy policy, terms of use, rules for handling personal data, or other rules have been provided in a service provided by the Company to Customers, such privacy policy, terms of use, rules for handling personal data, and other rules, in addition to this Policy, will apply.
1. Categories of Personal Data Collected by the Company
The Company will collect and handle the following personal data.
- Basic information of Customers (name, gender, date of birth, age, occupation, address (area of residence), academic history, family composition, marital status, hobbies and preferences, income, phone number, e-mail address, nationality or country of residence, etc.);
- Biometric information (facial images, voice, etc.);
- Affiliation information (industry type, company name, organization name, address, department name, position, etc.);
- Information on responses to surveys and questionnaires conducted by the Company regarding the products and services, etc. of the Company’s customers and survey consignors (including customers of the survey consignors, the “Survey Consignors”);
- Medical and health status information;
- Social media information (accounts, profiles, etc. information for X, Facebook, Instagram, Google, etc.); and
- Information obtained from the Customers’ terminals (type of terminal, OS, terminal identifier, IP address, browser type and other browser information, referrer information, Cookie ID, information related to browsing history and purchase history obtained by using Cookies and cookie-like technologies, advertising identifiers such as IDFA, Google Play advertising ID, and other technical data, etc.).
(*Details on the purpose of use, etc. of cookies are described in “2. Cookies” under “Transmission of Information from the Device Used” of the Privacy Policy.)
2. Purposes of Use of Personal Data and Legal Grounds for Data Processing
- (1) Purposes of use of personal data of Users and Survey Respondents and legal grounds for data processing
The Company conducts opinion and fact-finding surveys of Users and Survey Respondents regarding the products, services, etc. of the Survey Consignors (the “Surveys”), based on the consent of the Users and Survey Respondents, performance of agreements, and the Company’s legitimate interests, accepts entrustment of services of providing personal data including survey results acquired from the Users and Survey Respondents through the Surveys to the Survey Consignors and other groups and organizations, and uses the personal data of the Users and Survey Respondents to the extent of such entrusted services.
In addition, the Company aggregates, analyzes (including automatic analysis such as profiling), surveys, and services, etc. in connection therewith, for the purposes of providing the Service, improving the quality of the Service, developing new services, market surveys, and marketing and research, etc.
- (2) Purposes of use of personal data of Business Partners and legal grounds for data processing
The Company will use the personal data of Business Partners to the extent of communicating with Business Partners, performing the agreements with the Business partners, and implementing the Company’s marketing, research, and other business activities, based on the consent of the Business Partners, performance of agreements, and the Company’s legitimate interests.
In addition, the Company will use the personal data of Business Partners to develop and improve the Company’s system services and improving the Company’s services, to conduct market surveys and other marketing and consulting activities, and performing services incidental thereto.
3. Disclosure of Personal Data
The Company may share the Customers’ personal data with the recipients described below, to the extent necessary to achieve the purposes of use of the personal data set forth in Article 2 and to the extent permitted by the applicable laws and regulations.
- (1) The Company’s subsidiaries (Group companies) and affiliates
- (2) Service providers
For example, personal data may be disclosed to IT service providers (including data server and cloud service providers), information analysis service providers, ad distribution service providers, legal advisors, and other service providers.
- (3) The Company’s contracted vendors
In providing marketing research services to Survey Consignors, the Company entrusts a part of such services and may provide personal data to the contracted vendors to the extent necessary to achieve the purposes of use. In such instance, the Company will properly manage and supervise the contractors, including by entering into contracts regarding the handling of the Survey Consignors’ and Customers’ personal data with such service contractors.
- (4) Survey Consignors
- (5) Others
Personal data may be provided to business partners, information collection module providers, potential business merger and acquisition (M&A) partners, regulatory authorities, and other third parties.
4. Source of Personal Data
The Company primarily collects personal data directly from the Customers. However, in certain cases, the Company may obtain personal data indirectly from (i) organizations, corporations, or entities to which Customers belong or are associated with, (ii) social media operators of X, Facebook, Instagram, Google, etc., (iii) administrators of websites and applications other than the Company, and (iv) outsourcing companies listed in Section 3 (3) above.
5. International Transfer of Personal data
The Company may transfer the Customer’s personal data to countries outside of the Customer’s country of residence (for Customers residing in the EU, to outside of the EU) (the “International Transfer”) to achieve the purposes of use of personal data as set forth in Section 2. These countries include countries where the level of protection of personal data is lower than laws and regulations applicable to the country where the Customer resides.
When the Company conducts an International Transfer of Customers’ personal data to these countries, it will take measures considered necessary in the applicable laws and regulations, etc. If you would like more information, please contact us at the contact information indicated under section “13. Inquiries” below.
6. Retention Period of Personal Data
The Company will retain Customers’ personal data for as long as it is necessary to fulfil the purposes of use prescribed in this Policy. To determine the appropriate retention period for the personal data we consider: (i) whether there is an ongoing relation with the Customer, (ii) whether the Company is legally obligated to store the personal data, and (iii) whether it is necessary to fulfill the contract with the Customer.
7. Processing Personal Data of Children
The Company does not knowingly collect or process personal data of Customers under the age of 16 without the consent of a parent or guardian. Customers under the age of 16 must provide their personal data to the Company only with the consent of a parent or guardian.
If the Company discovers that it has collected the personal data of the Customer under the age of 16 without the consent of the parent or guardian, it will immediately take appropriate action.
Parents and guardians are requested to agree that in the case of providing personal data to the Company on behalf of the Customer under the age of 16, the personal data directly obtained from the Customer under the age of 16 in connection with the Survey and the Service will also be handled in accordance with this Policy.
8. Rights for Disclosure, Correction, Addition, Deletion, etc. of Personal Data
Customers may have the following rights with respect to their own personal data, in accordance with applicable laws and regulations:
- (1) right to access to personal data (including copies);
- (2) right to rectification;
- (3) right to erasure (the right to be forgotten) when certain conditions are met;
- (4) right to restrict (stop the processing) the processing of personal data if certain conditions are met; and
- (5) right to receive personal data in a structured, machine-readable form if certain conditions are met (the right to data portability).
These rights may be limited, on an exceptional basis, if complying with a Customer’s request would infringe the rights of Company or a third party, or if we are required to delete information that we are required to retain in accordance with laws and regulations. Exceptions to these rights are set out in the applicable laws and regulations.
If you wish to exercise these rights, please use the contact details listed in section “13. Inquiries” below.
9. Right to Object the Handling of Personal Data
Customers may have the right at any time to object the handling of personal data that is being handled on the basis of legitimate interests under applicable laws and regulations. The handling of personal data in this context includes profiling (which refers to analyzing and predicting the behavior of Customers based on their information; the same shall apply hereafter).
Customers may have the absolute right under applicable laws and regulations to refuse direct marketing or to refuse profiling done for that purpose if their personal data is being handled for direct marketing purposes.
If you wish to exercise these rights, please use the contact details listed in section “13. Inquiries” below.
10. Right to Withdraw Consent
A Customer has the right to withdraw their consent whenever the Company handles their personal data based on the Customer’s consent. This withdrawal does not affect the legality of any treatment made on the basis of consent previously given.
If you wish to exercise these rights, please use the contact details listed in section “13. Inquiries” below.
11. Required Personal data
The personal data that a Customer is required to provide for conducting the Survey is indicated in the form to be entered by the Customer. The Customer assumes no obligation to provide such personal data, but if such personal data is not provided, there may be instances where the Company is unable to offer rewards or other services for the Survey to the Customer.
12. Right to File a Complaint with a Supervisory Authority
Customers may have the right to file a complaint with a supervisory authority under applicable laws and regulations. The supervisory authorities where complaints can be filed may include the supervisory authorities of the EU Member State or the UK where the Customer resides or works or where the GDPR or UK GDPR complaint is filed.
13. Inquiries
For inquiries to the Company regarding personal data, please contact the below:
MACROMILL, INC., Personal data Protection Manager
E-mail: privacy@macromill.com
14. Changes to this Policy
The Company may change this Policy. If this Policy is changed, it will be published on the Company’s website. Please carefully review the changed contents.
Supplemental Provisions for Processing of Personal Data of California Residents
In addition to the provisions set forth above, the following provisions apply to the processing of personal data of residents residing in the state of California in the United States (that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household, hereinafter the same) in accordance with the CCPA.
1. Categories of Personal Data Collected by the Company and Recipients to Whom Disclosure is Made
The Company will continue to collect and has collected in the last twelve (12) months, the following categories of personal data from the Customers. Further, in the past twelve (12) months, the Company has disclosed all categories of personal data described in the below chart to the recipients described in section “3. Disclosure of Personal data” above.
Category |
Identifiers |
Personal data categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
Protected classification characteristics under California Law or Federal Law |
Commercial information |
Internet or other electronic network activity information |
Location data |
Voice, electronic, visual, thermal, olfactory, and other similar information |
Information regarding occupation or employment |
Sensitive personal data |
For details on personal data the Company collects, refer to section “1. Categories of Personal Data Collected by the Company” above, for the business purpose and commercial purpose of personal data we collect, refer to section “2. Purposes of Use of Personal Data and Legal Grounds for Data Processing” above, for the source of personal data we collect, refer to section “4. Source of Personal Data” above, and for the retention period of the personal data we collect, refer to section “6. Retention Period of Personal Data” above.
2. Rights and Choices under the CCPA
The CCPA provides residents of California with specific rights regarding personal data. If the Customer is a California resident, the following describes the Customer’s rights under the CCPA and explains how to exercise those rights.
- (1) Right to access personal data
Customers have the right to request that the Company disclose certain data to the Customer about the Company’s collection, sharing, disclosure or use of the Customer’s personal data. Once the Company receives and confirms the Customer’s verifiable user request, the Company will disclose the following information, in whole or in part, to the Customer:
- The categories of personal data the Company collected about the Customer;
- The categories of sources for the personal data the Company collected about the Customer;
- The Company’s business or commercial purpose for collecting, selling, or sharing that personal data;
- The categories of third parties with or to whom the Company shares or sells that personal data; and
- The specific pieces of personal data the Company collected about the Customer.
- (2) Right to request deletion of personal data
Customers have the right to request that the Company deletes any of Customer’ personal data that the Company has collected from the Customers and retained, subject to certain exceptions. Once the Company receives and confirms the Customer’s verifiable request, the Company will delete (and notify its contractors and other recipients to delete the same) the Customer’s personal data from the Company’s records, unless an exception applies.
The Company may deny the Customer’s deletion request if retaining the information is necessary for the Company or the Company’s contractors in order to:
- Complete the transaction for which personal data was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by the Customer, or reasonably anticipated by the Customer within the context of the Company’s ongoing business relationship with the Customer, or otherwise perform the Company’s contract with the Customer;
- Help to ensure security and integrity to the extent the use of the Customer’s personal data is reasonably necessary and proportionate for those purposes;
- Exercise free speech, ensure the rights of other Customers to exercise their free speech rights, or exercise other rights provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if the Customer previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with the Customer’s expectations based on the relationship between the Customer and the Company; or
- Comply with legal obligations.
- (3) Right to request correction of personal data
Customers have the right to request that the Company corrects any of the Customer’s inaccurate personal data that the Company has collected from the Customer and retained. Once the Company receives and confirms the Customer’s verifiable request, the Company will correct (and notify its contractors and other recipients to correct the same) the Customer’s inaccurate personal data. The Company may deny the Customer’s request for correction if the Company determines that the contested personal data is more likely than not to be accurate based on the totality of the circumstances.
- (4) Right to opt-out of sale or sharing of personal data
The Company has not sold or shared personal data collected from Customers in the past 12 months and will not sell or share them in the future.
- (5) Right to opt-in to sale or sharing of personal data
The Company will not sell or share the personal data of any Customer over the age of 13 and under the age of 16 without obtaining the prior consent of the Customer himself or herself, or the parent or guardian of the Customer if under the age of 13.
If a parent or guardian provides personal data to the Company on behalf of a Customer under the age of 16, please obtain the necessary consent for the Company to sell or share the personal data.
- (6) Right to limit the use of sensitive personal data
The Company has not used and disclosed and will not use or disclose sensitive personal data collected from Customers for any purpose other than the following:
- To perform the services or provide the goods reasonably expected by an average consumer who requests such goods or services;
- To help to ensure security and integrity;
- For short-term, transient use (except those involving profiling or changes to the future consumer experience);
- To perform services on behalf of the Company; and
- To maintain the quality or safety of a service or device that is owned by the Company.
- (7) Right of non-discrimination
The Company will not discriminate against California residents for exercising any of their rights under the CCPA. Moreover, unless permitted by the CCPA, the Company will not:
- Deny services to the Customers;
- Charge Customers different prices or rates for the same services;
- Provide Customers a different level or quality of services; or
- Retaliate against an employee, applicant for employment, or independent contractor.
- (8) Method of exercising rights
To exercise each right under the CCPA, please submit a verifiable user request to the Company by contacting the Company in the manner set forth in section “13. Inquiries.” If the Customer makes a claim under each right against the Company, the Customer will be required to explain in detail to a sufficient degree for the Company to properly understand, evaluate, and respond to the contents of the claim.
Only the Customer, a person that has been delegated by or is registered with the California Secretary of State as an agent of the Customer, or a person who has a power of attorney from or is acting as a conservator for the User may make a claim related to the Customer’s personal data. The Customer may take procedures to verify the identity or confirm the authority of the agent that are required under the CCPA if permitted under the CCPA.
END
Established: November 25, 2024