The Right to Know allows you to request that we disclose the following information to you about our collection and use of your personal information in connection with our Services over the last 12 months:
• The categories of personal information we collect about you.
• The categories of sources for the personal information we collect about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information for cross-context behavioral advertising, if any.
• The specific pieces of personal information collected about you.
• If we sold or disclosed your personal information for a business purpose, (i) a list of the categories of personal information we have sold in the prior 12 months and (ii) a list of the categories of personal information we have disclosed in the prior 12 months.
• If we have not sold or disclosed your personal information in the preceding 12 months, we will disclose that upon request.
You also have the right to request that we disclose the following information to you about our collection and use of your sensitive personal information in connection with our Services over the last 12 months:
• The categories of sensitive personal information we collect about you.
• The categories of sources for the sensitive personal information we collect about you.
Right to Deletion. You also have the right to request that we delete any of your personal information that we collected via our Services and retained. We will not delete your information if we need it to protect the security, integrity or functionality of our operations and systems, to comply with legal obligations, to provide you with a good or service you requested, or for certain other reasons provided by the CCPA.
Right to Opt-Out of Sale or Sharing of Personal Information. You have the right to opt out of the sale or sharing of your personal information. We do not sell or share personal information of Users within the meaning of the CCPA.
Right to Correct. You have the right to request that we correct inaccuracies in your personal information that we collect and maintain about you. If we receive a verifiable consumer request to correct inaccurate personal information, we will use commercially reasonable efforts to correct the inaccurate personal information as directed by you. We will not be able to update your information if we need it to protect the security or functionality of our operations, to comply with legal obligations, or for certain other reasons provided by the CCPA.
Right to Limit Processing Sensitive Information. We typically limit our use and disclosure of sensitive personal information to the following purposes that are exempt from the Right to Limit: (1) to perform services, such as to provide benefits to consumers; (2) to resist deceptive, fraudulent, or illegal actions; (3) to ensure the physical safety of our personnel, customers, visitors, and others; and (4) to provide short-term, transient and non-personalized advertising. We do not use sensitive personal information to infer characteristics about you for purposes other than those permitted by applicable law, including the CCPA. We will restrict the processing of sensitive information to these and other purposes authorized by the CCPA if you submit a request to limit use and disclosure of your sensitive personal information.
Right to Data Portability. You have the right to have a copy of personal information that we collected an maintain about you transferred to you or another party.
Right to Non-Discrimination. You have the right to exercise the privacy rights conferred by the CCPA without discriminatory treatment. We will not deny services, charge different prices, offer a different quality of service or otherwise discriminate against you for exercising your California privacy rights. Nothing in this section prohibits us from charging you a different price or rate, or from providing a different level or quality of goods or services to you, if that difference is reasonably related to the value provided to you by the use of your data. With your consent, we may choose to offer you financial incentives directly related to the value of your personal information for the collection, sale, or deletion of your personal information.
You may submit a request to exercise your rights under the CCPA by emailing us at email@example.com. We are legally obligated to verify your identity when you submit a request to know, delete or correct your Personal Data. We may request additional information from you to verify your identity. If you submit a request to delete your personal information, you will also be required to confirm the deletion request by email.
Process to Verify Requests to Know, Correct or Delete Personal Data About a California Resident
A request to know, correct or delete your personal information must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information and that you are a resident of California. Your request must describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We ordinarily process requests within 45 days of its receipt. In some cases, we may extend this period to 90 calendar days. If we require more than 45 days, we will inform you or your authorized agent in writing of the reason we did so and the extension period.
You may designate an agent to make a request under the CCPA on your behalf. If you choose to do so, we may require you to (1) provide the authorized agent written permission to do so or demonstrate that you have given the agent legal power of attorney, and (2) verify your own identity and residency directly. We may deny a request from an agent that does not submit proof that they have been authorized by the consumer to act on their behalf.
You may submit a request to remove information that you have posted on our mobile application by emailing us at firstname.lastname@example.org. Note that this does not guarantee a complete or comprehensive removal of such content. For example, content may remain on our servers even if no long visible to other users, and third-party reposted copies of the content that you posted may remain after we remove the original content that you posted. Content may also remain posted for other reasons exempted by law.
Shine the Light Law
Do Not Track Requests
“Do Not Track” signals are options on your browser that inform website operators that you would not like to have your online activity tracked. Currently, there is no industry standard regarding any appropriate action that websites should take when they receive “Do Not Track” signals. As there is no industry standard, please note that we do not alter our Website’s data and information collection and use practices when we receive a “Do Not Track” signal from your browser.
9. Anonymized and Aggregated Data
We may use anonymized or aggregated customer data for any business purpose, including to better understand customer needs and behaviors, improve our products and services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third parties. Types of data we may anonymize include transaction data, clickstream data, performance metrics, and fraud indicators.
10. Third-Party Sites and Services
If you authorize one or more third-party applications to access the DOSI Services, then information you have provided to us may be shared with those third parties. A connection you authorize or enable between your DOSI Services account and a non DOSI Services account, payment instrument, or platform is considered an “account connection.” Unless you provide further permissions, we will not authorize these third parties to use this information for any purpose other than to facilitate your transactions using the Services. Please note that third parties you interact with may have their own privacy policies, and we are not responsible for their operations or their use of data they collect. Information collected by third parties, which may include such things as contact details or location data, is governed by their privacy practices and we are not responsible for unauthorized third-party conduct. In addition, information that we share with a third party based on an account connection will be used and disclosed in accordance with the third party’s privacy practices. We encourage you to learn about the privacy practices of those third parties.
11. Information Security
We maintain appropriate physical, technical, organizational and administrative safeguards to prevent unauthorized or unlawful loss, access to use, alteration, correction, or disclosure of your personal data. We have implemented a system to process personal data, whether in hard copy, electronic files and / or any other form. Our safeguard will cover the components of the relevant information system, taking into account the security implementation specified by the applicable data protection laws in order to protect the security, integrity, availability and confidentiality of the Personal Data you entrust to us according to the level of risk. This includes controlling access to personal data and critical information system components, appropriate handling of user access, determining user's responsibilities, putting in place appropriate measures for audit logging to detect access, alteration, correction or deletion of personal data. We also arrange the enhancement of knowledge and understanding related to personal data protection and security for the personnel concerned.
We may store and process all or part of your personal and transactional information, including certain payment information, such as your encrypted bank account and/or routing numbers, in the United States and elsewhere in the world where our facilities or our service providers are located. We protect your Personal Data by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations. For example, we use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to Personal Data only for those employees who require it to fulfill their job responsibilities.
However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own Personal Data. When registering with our Services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.
12. Retention of Personal Data
We store your Personal Data securely throughout the life of your account. We will only retain your Personal Data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your Personal Data are described below.
• Personal Data collected to comply with our legal obligations under financial or anti-money laundering laws may be retained after account closure for as long as required under such laws.• Contact Information such as your name, email address and telephone number for marketing purposes is retained on an ongoing basis until you unsubscribe. Thereafter we will add your details to our suppression list to ensure we do not inadvertently market to you.• Content that you post on our website such as support desk comments, photographs, videos, blog posts, and other content may be kept after you close your account for audit and crime prevention purposes (e.g. to prevent a known fraudulent actor from opening a new account).• Recording of our telephone calls with you including transaction records may be kept for a period of at least five years.• Information collected via technical means such as cookies, webpage counters and other analytics tools is kept for a period of up to one year from expiry of the cookie.
13. Withdrawal from the DOSI Services
If you withdraw your consent to any or all use of your Personal Data, depending on the nature of the request, we may not be in a position to continue to provide the DOSI Services to you.
14. A Special Note about Personal Data of Minors
Minors who lack the legal capacity to contract under any applicable laws shall not set up a personal account on the Site to use the DOSI Services. We do not knowingly request to collect personal information from any person under the age of 19. If a User submitting personal information is suspected of being under the age of 19, we will require that User to close his or her account and will not allow that User to continue using the DOSI Services. We will also take steps to delete such User’s Personal Data as soon as possible. Please notify us if you know of any individuals under the age of 19 using our DOSI Services to we can take action to prevent access to our DOSI Services.
16. Inquiries and Complaints
If you believe that we have infringed your rights, you may contact the LINE NEXT Data Protection Officer at c/o email@example.com.
For LINE NEXT INC., which operates a NFT Wallet Service under the name as “DOSI Services” (hereinafter the “Company”), the protection of your privacy is a primary concern.
Please note that this Addendum for GDPR is prepared for persons in the European Union (“EU”), the European Economic Area (“EEA”) and other locations subject to EU data protection law (collectively, “Europe”), in each case who may want to use the services offered and made available by the Company (including the NFT Service and associated website and web applications) (hereinafter the “Company Services”). The Company recognizes, and to the extent applicable to it, adheres to the relevant EU data protection laws. For purposes of this Addendum for GDPR, “Personal Data” has the meaning provided in the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
If you are dissatisfied with any aspect of our Addendum for GDPR, you may have legal rights which we have described below where relevant.
This Addendum for GDPR shall apply to the processing, including the collection, use, retention and disclosure, by the Company of Personal Data (i.e. information relating to an identified or identifiable natural person) concerning individuals who are located in Europe at the time their Personal Data is collected (“you”).
Description of the Company’s activities
The Company’s commercial activity consists in providing you with the DOSI Services and associated website and web applications, including access to the Services, the ability to purchase and hold NFTs listed for sale at the Services.
Definitions & interpretation
In this Addendum for GDPR, unless the context otherwise requires:
• a reference to a document is a reference to that document as modified or replaced from time to time.
• a reference to a person shall include any company, corporation or any corporate body wherever incorporated.
• words importing the singular shall be treated as importing the plural and vice-versa.
• unless expressly stated otherwise, any heading, caption or section title contained in this Addendum for GDPR is inserted only as a matter of convenience and in no way defines or explains any section or provision hereof.
Data controller & data protection officer
The Company, which is incorporated under the laws of the State of Delaware in the United States and whose principal office is located in the State of California in the United States, is the legal entity responsible for the collection and processing of your Personal Data.
As regards the processing of Personal Data concerning persons within the European Union, the Company has designated the following representative in the European Union and UK:
Representative: PLANIT // LEGAL
Attn: LINE NEXT Inc. EU/UK Representative
Jungfernstieg 1, 20095 Hamburg, Germany
The representative is mandated by the Company to be the recipient on behalf of the Company of all issues related to processing of Personal Data concerning persons within the European Union.
Categories of Personal Data collected and processed
A. Categories of Personal Data collected directly from you
B. Categories of Personal Data collected from other sources
C. Possible consequences of a refusal to provide your Personal Data or to consent to the transfer of your Personal Data
Certain of the Personal Data we collect from you are required to enable us to fulfill our contractual duties to you or to others. Other items may simply be needed to ensure that our relationship can run smoothly.
Depending on the type of Personal Data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfill our contractual requirements or, in extreme cases, may not be able to continue providing the Services to you.
The purposes of the processing
Legal bases allowing to collect and process your Personal Data
The collection and processing of your Personal Data by the Company in relation to the Company Services is lawful under Article 6 of the GDPR as it complies with one or more of the legal bases for processing Personal Data as follows:
• it is necessary for the performance of a contract to which you are party or in order to take steps, at your request, prior to entering into such contract.• it is necessary to conduct anti-fraud and identification verification and authentication checks and to fulfil the Company’s retention obligations and otherwise comply with laws and regulations applicable to the Company’s business and operations.• you have, if expressly set forth, given your consent to the processing of your Personal Data for certain purposes outlined in the consent request.• it is necessary for the purposes of the Company’s legitimate interests which are not overridden by your interests or fundamental rights and freedoms. The Company’s legitimate purposes consist in particular in the promotion of its economic activities and in the effective provision of the Company Services, as those will allow the Company to generate profits and to attract new customers, as well as (to the extent not addressed above) compliance with applicable laws and regulations (whether inside or outside Europe).
Conditions applicable to your consent
Please note that where we rely on consent to process your Personal Data, you have the right to withdraw your consent at any time and we will cease to carry out that particular activity unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition. The withdrawal of your consent shall however not affect the lawfulness of processing based on your consent before its withdrawal.
The Services shall only be used by persons who are at least fully 19 years of age.
Keeping your Personal Data up-to-date
You shall ensure that all your Personal Data processed by the Company are accurate, complete, true, correct and up to date. Your failure to do so may result in you being unable to use the Services. The Company shall not be liable for keeping and processing inaccurate information in a case where you did not meet your obligation to keep your Personal Data up-to-date.
Your data protection rights
To exercise your data protection rights outlined in this section, you can contact the Company by sending an email to firstname.lastname@example.org
Please make clear in your request which Personal Data you would like to:
• object to our processing
• request the restriction of processing; or
• request erasure.
Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Please be aware that your data protection rights are not absolute and it remains the case that, in accordance with applicable data protection laws, your rights may be withheld. In such event, the Company will provide you with the reasons for not complying with your request.
The Company shall process your request as soon as reasonably practicable and the Company will provide you with information on actions taken without undue delay and in any event within one month of receipt of your request. This period may be extended by a further two months where necessary, taking into account the complexity and number of your request. In this event the Company will inform you of any such extension within one month of the receipt of your request, together with the reasons for the delay.
In the event that the Company decides to not comply with your request or has not processed your request within the aforesaid timeframe, you can lodge a complaint with the national supervisory authority (see below) and you can seek a judicial remedy against the Company’s decision.
B. Your right to access, rectification, restriction of processing and erasure of your Personal Data & your right to data portability
You have, if applicable and within the limits of applicable data protection laws, the ability to request access to your Personal Data as processed by the Company and to seek the rectification of incomplete or inaccurate Personal Data or erasure of your Personal Data or to request the restriction of its processing.
You have, within the limits of applicable data protection laws, the right to receive the Personal Data you have submitted to the Company in a structured, commonly used and machine-readable format and to transmit such Personal Data to another controller without hindrance. The Company will, where applicable and technically feasible, transmit your Personal Data directly to the data controller of your choice.
When handling requests to exercise European data privacy rights, the Company checks the identity of the requesting party to ensure that such person is the person legally entitled to make such request. While the Company maintains a policy to respond to such requests free of charge, should your request be repetitive or unduly onerous, the Company reserves the right to charge you a reasonable fee for complying with your request.
C. Your right to object
If applicable in accordance with applicable data protection legislation, you have the right to object, on grounds relating to your particular situation, at any time, to the processing of your Personal Data by the Company (including profiling based on your Personal Data) , unless:
(a) there exist compelling legitimate grounds for such processing which override your interests, rights and freedoms; or
(b) the processing is necessary for the establishment, exercise or defence of legal claims.
Notwithstanding the foregoing, please be aware that you have the right to object at any time to processing of your Personal Data for direct marketing purposes (including profiling to the extent that it is related to such direct marketing). In this event, you may opt-out of such processing by sending an email to email@example.com
• Contractual Obligations: Where transfers are necessary to satisfy the Company’s obligations to you under its Terms of Service, including the provision of the Company Services and customer support services, and to optimize and enhance the Company Services.• Consent: Where you have consented to the transfer of your Personal Data to a third country.
International transfers of Personal Data
The Company will transfer your Personal Data to third countries of its choice, in particular the United States, South Korea and Japan. Such transfers to third countries may be based on:
The Company expects that the primary data storage location for Personal Data will be in Japan.
Japan and South Korea have been considered by the European Commission to provide an adequate level of protection for personal data.
Where the Company transfers your Personal Data to jurisdictions which have not been designated as having an adequate level of protection for your Personal Data (a "third country") such as the United States), the Company will only make such transfers where it is compliant with applicable data protection laws and, where relevant, the means of transfer provides adequate safeguards in relation to your Personal Data, for example, the Company may deploy the following safeguards:
• Standard Contractual Clauses: the Company provides Standard Contractual Clauses approved by the European Union to meet GDPR requirements for your Personal Data.
Where transfers to a third country are based on your consent, you may withdraw your consent at any time. However, the Services may not be available to you if the Company is unable to transfer your Personal Data to third countries.
Disclosure and Sharing of Personal Data
A. Recourse to service providers
B. Categories of recipients of your Personal Data
Security of Personal Data
The Company protects your Personal Data by using appropriate administrative, technical and organisational security measures to reduce the risks of loss, theft, misuse, unauthorised access, disclosure, destruction and alteration of your Personal Data. These security measures include:
• The Company stores critical Personal Data with encryption;• The Company encrypts with SSL, HTTPS, and TLS;• The Company regularly scans the Company’s Website to detect vulnerabilities and security issues and implements additional security measures to identified security issues immediately;• The Company regularly perform internal and external penetration testing to validate security level;• The Company operates a 24x7 CSIRT (Computer Security Incident Response Team) to monitor security events;• The Company operates a Risk Management team, monitoring any suspicious or fraudulent activities involving the Company Services;• The Company conducts security awareness training for employees on a yearly basis;• The Company has a cybersecurity policy for securing the confidentiality, integrity, and availability of Personal Data;• Access to Personal Data is granted with approval and based on “need-to-know” policy.
The Company security measures will be reviewed regularly in light of relevant legal and technical developments. Please be aware, however, that today no processing, transmission or storage of data, including Personal Data – even in high security environments and notwithstanding any appropriate security measures – ensures absolute protection.
If you have reason to believe that your Personal Data is no longer secure, you shall immediately notify such information to the Company by contacting us at firstname.lastname@example.org.
Automated Decision Making
The Company may engage in automated decision making for certain purposes, including making improvements to the Services.