Kelly SIMONZ Official Fan Club

Application Privacy Policy

Article 1 (Definitions)

Kelly SIMONZ Official Fan Club (hereinafter referred to as This Application) and the services related to This Application (hereinafter referred to as This Service) is an application provided by PVP Co., Ltd. (+ SHIFT Shiba Daimon, 2-1-16 Shiba Daimon, Minato-ku, Tokyo, Japan - Representative Director Keiichi Ishida, hereinafter referred to as The Company). This Application’s Privacy Policy (hereinafter referred to as "Privacy Policy") stipulates the handling of information acquired.

Article 2 (Compliance with laws and regulations)

This Application and This Service comply with the Act on the Protection of Personal Information (Japan), the Telecommunications Business Act (Japan), Japanese related laws and regulations, guidelines, the European General Data Protection Regulation laws, the Controlling the Assault of Non-Solicited Pornography And Marketing Act, and this Privacy Policy regarding the acquisition, use, and other handling of information.

Article 3 (Security Management Measures)

We strive to keep the information handled by This Application and This Service accurate and up-to-date, and take necessary, appropriate, and commercially reasonable measures to protect them from unauthorized access, falsification, leakage, loss, and damage. We will take the following safety management measures.

Measure (1) Formulation of basic policy

In order to ensure the proper handling of personal data held by us, we have established a "Personal Information Protection Policy" that covers "compliance with relevant laws, regulations, guidelines, etc." and "contact point for questions and complaints."

Measure (2) Establishment of regulations regarding the handling of retained personal data

We have established personal information protection regulations that stipulate how personal data held by us will be handled, who will be responsible and who will play their roles, etc., at each stage of the process, such as acquisition, use, storage, provision, deletion, and disposal.

Measure (3) Organizational security control measures

• ① We have appointed a person in charge of handling retained personal data, clarified the employees who handle retained personal data and the scope of retained personal data handled by said employees, and established a reporting and contact system to the person in charge in the event of finding facts or signs of violation of laws or handling regulations.


• ② We regularly conduct self-inspections regarding the handling status of retained personal data, and conduct audits by other departments and external parties.

Measures (4) Personnel safety management measures

• ① We provide regular training to employees regarding important points regarding handling of retained personal data.


• ② All employees have submitted written pledges regarding confidentiality, including personal data held.

Measures (5) Physical safety control measures

• ① In areas where retained personal data is handled, we control the entry and exit of employees, restrict the devices they bring in, and take measures to prevent unauthorized persons from viewing retained personal data.


• ② We take measures to prevent theft or loss of devices, electronic media, documents, etc. that handle retained personal data, and take measures to prevent retained personal data from being easily identified when such devices, electronic media, etc. are carried, including when moving around the workplace.

Measures (6) Technical safety control measures

• ① We implement access control to limit the persons in charge and the scope of the personal information database, etc. that they handle.


• ② We have introduced a mechanism to protect information systems that handle retained personal data from unauthorized external access or software.

Article 4 (Data management)

Article 4-1 (Items of information to be acquired, purpose of use, and acquisition method)

When using This Application and This Service, the following information will be automatically acquired via This Application for the following purposes.

Article 4-1-1 (Personal information of customers handled by our company)

We collect your email address to facilitate your sign-up and login process, and as an identifier in communications and transactions, such as emails and online payments. Additionally, if you connect with the Google SignIn button, we use your profile picture from your Google account to personalize your user experience.

Article 4-1-2 (Information provided by third parties)

This Application securely processes user information to improve This Service’s quality and ensure data security. User data, i.e. email addresses and device tokens, is securely transmitted via trusted third-party channels and stored in our backend database to facilitate transactions and push notifications.

We share and receive your personal information from third-parties in specific situations to ensure the proper functioning and efficiency of our Services.

• Shopify: We do not share any personal data directly with Shopify. However, we leverage their platform for order fulfillment. We only retain minimal information necessary for tracking orders from our Shopify-powered in-app store, maintaining high standards of privacy and efficiency. The user’s email, invoice address, and delivery address are available to us through the merchant Account on Shopify.


• Sendgrid: The user’s email address is shared with Sendgrid services to fulfill our email sending requirements. Sendgrid is a trusted third-party service provider that helps us manage our email communications with the users who agreed to receive communication emails from This Service. If you wish to unsubscribe from our emails, you can do so at any time by following the unsubscribe link included in our emails, or by using the unsubscribe feature available in your profile page.


• Facebook: Our application integrates with Facebook to display content such as Facebook posts. We only process Facebook’s Platform Data that is necessary to display Facebook posts within our application. This includes any content that you view or interact with while using our app. We do not collect or store any additional personal information from your Facebook account. We do not use Facebook’s Platform Data for any other purposes, and it is not shared with any third parties. We strictly adhere to Facebook's Platform Terms and all other applicable terms and policies. Our use of Facebook Platform Data is consistent with these terms and is solely for the purpose described in this section. For further information about Facebook terms, please refer to their up-to-date policies and terms and condition at Facebook Policies Center.


• Google Maps API: Our application uses the Google Maps API to provide maps-based services. We do not collect or store any personal location data from our users when using Google Maps services. The use of Google Maps within our application is limited to providing links to maps for user convenience in the events created by the administrators. When you interact with maps provided by Google Maps within our application, the data processing is handled directly by Google. Google Maps operates independently with its own security measures. Any data handled by Google Maps is subject to Google’s privacy policies and security protocols. When using the Google Maps feature, you agree to be bound by the Google Maps/Google Earth Additional Terms of Service and by the Google Maps current Privacy Policy available at Google Privacy Policy. Please note that by interacting with the maps within This Service, Google Maps may access your phone storage to access or recognize cookies or similar technology.


• Crashlytics: Our application uses Crashlytics, a service provided by Google Firebase, to monitor the stability and performance of our app. Crashlytics helps us to identify and resolve issues such as app crashes and other technical errors, ensuring a better user experience. Crashlytics does not collect any personally identifiable information (PII) or sensitive data, but does collect certain default data related to your device and app usage in the event of a crash or other errors. The information gathered is solely used for improving the performance and stability of our application (e.g., diagnose and fix technical issues, improve the performance of the application, etc). For more details on how Google handles the information collected by Crashlytics, please refer to the Google Firebase Privacy and Security page.


• Firebase Cloud Messaging (FCM): Our application uses Firebase Cloud Messaging (FCM), a service provided by Google Firebase, to send notifications and messages to your device if you subscribed to the service. FCM does not collect any personally identifiable information (PII) or sensitive data, but does collect certain default data to deliver notifications and messages to your device (see the sections 4-2-1 and 4-2-2 below). The information is used solely for the purpose of delivering notifications and ensuring that they are received by the intended devices. For more details on how Google handles the information collected by FCM, please refer to the Google Firebase Privacy and Security page.


• Firebase Remote Config: Our application uses Firebase Remote Config, a service provided by Google Firebase, to manage and customize the app’s features dynamically. Firebase Remote Config allows us to update app settings and features without requiring you to download a new version of the app. Firebase Remote Config does not collect any personally identifiable information (PII) or sensitive data, but does collect certain default data related to your device to deliver app configurations. The information gathered is used solely for the purpose of optimizing app features and user experience. For more details on how Google handles the information collected by Firebase Remote Config, please refer to the Google Firebase Privacy and Security page.


• Firebase Cloud Firestore: Our application uses Firebase Cloud Firestore, a service provided by Google Firebase, to store and manage structured data, such as user profiles and other app-related data. All data is stored in Japan, while users may access the application globally. Firebase Cloud Firestore does not collect any personally identifiable information (PII) beyond what is necessary for the operation of This Service. All data is stored securely and is accessible only by the authorized user or This Service. For more details on how Google handles the information stored in Firebase Cloud Firestore, please refer to the Google Firebase Privacy and Security page.


• Cloud Run functions: Our application uses Cloud Run functions to run backend code in response to specific events or triggers within the application. These functions are executed in a secure environment, with data processed in Japan, while serving users globally. Cloud Functions do not collect any personally identifiable information (PII) beyond what is necessary to execute the function. All data processed by Cloud Functions is handled securely. For more details on how Google handles the information processed by Firebase Cloud Functions, please refer to the Google Firebase Privacy and Security page.


• Firebase Authentication (Firebase Auth): Our application uses Firebase Authentication, a service provided by Google Firebase, to manage user authentication and secure access to the application. Firebase Auth enables users to sign in to the app using various methods, including email address and password, Google Sign-in, or Apple Sign-in. Firebase Auth does not collect any sensitive information beyond what is necessary for user authentication and account management as detailed in the sections 4-2-1 and 4-2-2 below. All authentication data is securely stored and managed in the United States. For more details on how Google handles the information collected by Firebase Auth, please refer to the Google Firebase Privacy and Security page.


• Firebase Analytics: Our application uses Firebase Analytics, a service provided by Google, to collect and analyze user interactions within the app. The default data collected by Firebase Analytics is used to understand how users interact with our app, enabling us to improve user experience, optimize app performance, and identify potential issues. The data collected through Firebase Analytics is shared with Google and may be used by Google in accordance with their privacy policies. We do not use this data for personalized advertising purposes. For more details on how Google uses the data collected by Firebase Analytics, please refer to Google’s Privacy Policy.


• YouTube API Services: Our application uses YouTube API Services to display YouTube videos within This Service. When you interact with a YouTube video on our platform, YouTube collects certain data, including but not limited to, your IP address, any interactions with the video (e.g., play, pause, etc.) and may access your local storage to access or recognize cookies or similar technology. For more details on how Google handles the information collected by YouTube, please refer to the Google Privacy Policy at Google Privacy Policy. Please note that by interacting with the YouTube videos feature, you allow third parties to serve you content, including advertisements.

Article 4-1-3 (Transfers of personal data)

In order to provide our services to you effectively, the data, personal or not, that you provide to This Service may be transferred to entities outside of your area of residency.

Unless specified above, our services relying on Google Cloud Platform, including Shopify, may process and store your data anywhere Google or its agents maintain facilities. Facebook may process and store your data in the United States or in Europe. By using our application, you agree to the collection and use of information as outlined in this document.

Article 4-1-4 (How we store your information securely)

We use Google OAuth 2.0 for secure user authentication and rely on trusted third-party providers like Shopify for order fulfillment, Sendgrid for email communications, and Firebase services for various backend services. These third-party providers are known for their robust security measures, ensuring that your personal information is handled securely and in accordance with industry standards.

Article 4-2 (Information we collect)

Section 4-2-1 (Personal Data)

While using This Service, we, or the 3rd-parties used by This Service, may request certain personally identifiable information to contact or identify you. This may include:

• Email Address: Used for user authentication during the login process to ensure secure access to each user account. Additionally, email addresses are used for:
  • Email communication to users
  
  
  • Linking orders processed through Shopify to the corresponding user Account, enhancing accuracy and accountability in financial and order-related activities.
  
  


• Addresses: Stored via Shopify to manage shipping information. This information is primarily used for processing and verifying shipping details for orders placed through our service to ensure accurate delivery of products. Additionally, addresses may be used for billing purposes, verifying user identity, and improving customer interactions with This Service.


• Device Tokens: Collected for sending push notifications.


• App instance IDs: Helps to ensure that notifications are sent to the correct users.


• Payment Details: Processed through Shopify for transaction purposes. Processed via Shopify’s inbuilt payment Services, payment details are used to execute transactions related to purchases. This data is essential for billing.


• Authentication tokens and credentials: Used to authenticate and verify user identities, manage user accounts and access to the application, and ensure the security and integrity of the application.


• User interactions within the app: Used to understand how users interact with our app, including screen views, session duration, and navigation patterns, enabling us to improve user experience, optimize app performance, and identify potential issues.


• IP address: Temporarily stored and used to deliver results for the calls to the Cloud functions. Also used to provide added security and prevent abuse during sign-up and authentication and to determine the country and city location from which users access This Service.

Section 4-2-2 (Non-Personal Data)

In addition to the personal data detailed above, the 3rd-party services used by our app may request the following information to manage the services:

• Notification delivery reports: Used to confirm whether a push notification was delivered or opened.


• Device model, type, and manufacturer: Used to deliver app configurations and improve user experience with this service. This data is also collected in the crash report if a crash or other error happens.


• Operating system version: Used to deliver app configurations. Also collected if a crash or other error happens.


• App version and build number: Used to deliver app configurations. Also collected if a crash or other error happens.


• Timestamp of the crash or error: Collected if a crash or other error happens.


• Information about the state of the app at the time of the crash: Collected if a crash or other error happens.


• Logs that were running at the time of the crash: Collected if a crash or other error happens.


• Time and date of last visit: This information helps us identify user engagement and frequency of use, which assists in This Service’s optimization and resource allocation.


• User Device Storage: We access user Device storage to enable essential app functionalities such as caching and storing app data.

Section 4-2-3 (Regarding the security of your personal data)

The security of your personal data is important to us. We use Firestore’s server-side encryption to safeguard your data. Firestore encrypts all data before it is written to disk and decrypts it when read from disk, ensuring that your data remains protected at all times. For more details, you can refer to Firestore’s documentation on server-side encryption.

While we strive to use commercially acceptable means to protect your personal data, please remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

Section 4-2-4 (Retention of Your Personal Data)

The Company will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

The Company will also retain usage data for internal analysis purposes. Usage data is generally retained as long as you continue to use our services or within the limit of a month after we receive the deletion request unless we are legally obligated to retain this data for longer time periods.

Section 4-2-5 (Links to other websites)

Our service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third-party's site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Section 4-2-6 (Cookies)

This Application does not directly utilize cookies. However, we employ Google APIs and SDKs, and Shopify APIs, which may store cookies, and collect identifiers for mobile devices, to maintain user session and login information. These cookies are small data files that may include an anonymous unique identifier. Cookies are used primarily to enhance and personalize the user experience by retaining session information, managing shopping cart contents, and ensuring secure payment processing.

Article 5 (Publication of consent)

Please read this Privacy Policy and understand its contents before using This Application and This Service. This privacy policy is posted when downloading this application and is deemed to have been made public upon this posting. Users should read this privacy policy when installing this application.

When acquiring the information described in Article 4, consent will be obtained for the acquisition of personal information. If consent is not obtained, This Application cannot be used.

Article 6 (Method of user involvement)

In this service, the user can stop acquiring, modifying, deleting, or suspending the use of all or part of the user's information by operation or request. Among the information registered by the user, password can be changed from the user’s profile page within This Application. Regarding handling such as suspension of acquisition of user information for advertising purposes, please refer to each company's application Privacy Policy listed in Article 4.

Article 7 (Termination of service and handling of information)

You have the right to delete the Personal Data that This Application and This Service have collected about you by signing in to your account and visiting the profile section to click on the “delete your account” button. Alternatively, you may also contact The Company to request access to, correct, or delete any Personal information that You have provided to us. Please note, however, that we may need to retain certain information when we have a legal obligation, a lawful basis to do so, or are bound by an agreement with our 3rd party providers to keep this information.

Article 8 (Link to personal information protection policy (Privacy Policy), etc.)

• For our company's personal information protection policy (Privacy Policy), please see the end of this Privacy Policy.


• Terms of use for This Application and This Service:
  • “About” menu of This Application → Terms of Use or https://pvp.co.jp/security/
  
  


• Application privacy policy of This Application:
  • “About” menu of This Application → Application privacy policy or https://pvp.co.jp/security/
  
  

Article 9 (Disclosure and provision of information)

The Company will not disclose or provide information acquired and stored from users through This Application and This Service to third parties, other than those specified in this privacy policy, without obtaining the consent of the users. However, the following cases are excluded:

• When based on laws and regulations.


• When it is necessary to protect a person's life, body, or property, and it is difficult to obtain the consent of the person.


• When cooperation with a national government agency, local government, or an entity commissioned by them is required by law, and obtaining the individual's consent would be likely to impede the performance of that purpose.

Article 10 (Inquiry)

For inquiries and consultation regarding the handling of user information in This Application and This Service, please contact the following contact point:

• How to contact us: From the inquiry form below


• Inquiry form: https://pvp.co.jp/contact/


• For any other questions or support inquiries please contact the Kelly SIMONZ Official Fan Club Support at kelly-official-fan-support@pvp.co.jp.

Article 11 (Changes)

If there are changes or additions to the information collected, changes to the purposes of use, changes to the information shared with third parties, due to an upgrade of the Application, etc., we will notify you and obtain your consent again with an in-app update notice. If you do not agree with the changes, you will be denied access to the service. If there are other changes or additions to the information collected, changes to the purposes of use, changes to the information shared with third parties, etc., we will notify you with an in-app update notice to obtain your consent for important matters.