We at NextNinja Co., Ltd. (Address: Sumitomo Fudosan Takanawa Park Tower 1F, 3-20-14 Higashigotanda, Shinagawa-ku, Tokyo 141-0022, Japan; CEO: Masayuki Yamagishi) respect our users’ privacy and hereby set forth policies addressing the need to disclose information relating to “personal data” (meaning any and all information we process relating to an identified or identifiable user) collected by our services, including but not limited to our mobile applications, customer support services, community activities and any other services affiliated with The Quintessential Quintuplets OMOIDE VR -ITSUKI- (the “Services”). This privacy policy (this “Privacy Policy”) defines what personal data is collected, stored and used by the Services and what rights you as a user have in accessing and modifying such data.
We reserve the right to improve and revise the contents of this Privacy Policy based on, among other things, an amendment of the law, a change in our business or a user request. If this Privacy Policy is changed, we will provide advance notice of the revised contents in an easy-to-understand format, specifying the time period until the new policies come into effect. If the changes are significant, you will be asked to renew your consent.
Please note that the English translation of this Privacy Policy is for reference only. In the event of a discrepancy between the Japanese and English versions, the Japanese version will prevail.

Where applicable, we will comply with the following regional protocols when processing personal data collected by the Services.

1. USA: The California Consumer Privacy Act of 2018 (CCPA) and the Children's Online Privacy Protection Act (COPPA).
2. European Union (EU): The General Data Protection Regulation (GDPR).
3. Japan: Act on the Protection of Personal Information (Act No. 57 of 2003) (Personal Information Protection Law).

In addition, by agreeing to this Privacy Policy, you consent to your data being accessed and processed by our staff and other relevant personnel, including engineers and customer service representatives.

0.1 Collected Personal Data (directly or via third-party services)

We collect email addresses, information entered into contact forms and other types of data as outlined below (including but limited to information provided by users).

(1) Types of Collected Personal Data

1. Email Addresses. In certain circumstances, such as during a campaign promoting the Services, and with your full consent, we may collect your email address. This information will be retained and stored with your consent.
2. Information entered into contact forms, including but not limited to name, contact information (e.g., email address), contact form content, User ID and device specifications.
3. Information for advertising purposes. To gauge the efficacy of our advertising practices, we retain an Advertising ID for specific advertisements and device information linked to your profile. These are used for marketing purposes based on the need to evaluate advertising performance. We employ third-party network advertisers and analytics service providers. For more information regarding third-party systems and sponsorship, please refer to 0.3 “Who Can Access Your Personal Data”.

(2) Data Collected by System Features

Using service providers and other technology, we automatically collect data related to your access and use of the Services. Collected data includes but is not limited to IP addresses, cookies, web beacons, and embedded scripts. Collected information and collection methods are outlined below.

1. Cookies, IP addresses, User IDs and other related technologies Collecting cookies allows us to determine how users are interacting with our websites (viewed pages, frequency of use, etc.). We use this information for the following purposes:
   
   
   1. To provide a better user experience by reducing load times.
   2. To provide users with advertisements that fit their preferences as determined by their personal data.
   3. To perform analysis with the goal of improving customer satisfaction based on what pages you view, what page referred you to our website, what links you click, etc.
   4. To collect technical information linked to your access to the Services, including device software, operating systems and other similar technologies.
   
   In addition to cookies, generated log file information may be collected when the Services are used. This information includes:
   
   
   1. Internet Protocol (IP) Address. The unique address assigned to each device for connecting via a network.
   2. Device Information. The operating system, software and other technical information of the device used to access the Services.
   3. Referral and Exit URLs. Which URLs referred you to the Services, and which URLs are clicked when leaving.
   
   Cookies will not be linked to any personal data you provide. Cookies may be shared with third-party contractors to personalize the Services, secure systems from fraud and evaluate the efficacy of our platform.
2. Web Beacons
   Web Beacons (otherwise known as pixel tags, image tags, clear GIFs or web bugs) refer to code used to collect advertising data. Web beacons are used to monitor user browsing status, navigation behavior, advertising efficacy and email distribution.
3. Embedded Scripts
   Embedded scripts are codes used to analyze your interactions with our platform, such as the links you click and your browsing patterns. These programming codes are only temporarily active and are downloaded to your device when using the Services. Embedded scripts may be used by third-party contractors.

0.2 Reasons for Collecting Personal Data

In order to provide the Services, the required personal data outlined in this Privacy Policy must be processed. We comply with all applicable laws governing the handling and processing of personal data. On the basis that consent is obtained from the user (GDPR Article 6 Section 1a), collected personal data will be used for the purposes outlined below. Where customer consent is not obtained, we may process your personal data if one of the following applies: (1) processing is necessary for the performance of a contract to which a user is party or in order to take steps at the user’s request prior to entering into a contract (GDPR Article 6 Section 1b); (2) processing is necessary for compliance with a legal obligation to which we are subject (GDPR Article 6 Section 1c); (3) processing is necessary in order to protect the vital interests of the user or of another natural person (GDPR Article 6 Section 1d); (4) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (GDPR Article 6 Section 1e); or (5) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the user’s interests or fundamental rights and freedoms which require protection of personal data, in particular where the user is a child (GDPR Article 6 Section 1f). The legitimate interests pursued by us or a third party as outlined in No. 5 above include the improvement of our services, the bolstering of our security and marketing purposes.

1. To grant or restrict your access to the Services.
2. To upgrade and manage the Services, fixing bugs and errors, ensuring security and creating backups, for purposes of providing the Services.
3. To authenticate user identity when required.
4. To ensure the user’s safety and security.
5. To upgrade and develop the Services as requested by our players to enhance user experience, including additions and improvements to any in-app features./li>
6. To verify a user's usage of the Services.
7. To ensure that we enforce our legal rights and defenses in the event of a legal dispute between us and a user.

In order to process the data, we may employ the use of third-party services. If data is collected other than what is outlined in “Types of Collected Personal Data” or if we alter the data processing methods, the user will be notified and asked to consent to the new terms and conditions.
User consent regarding the processing of personal data may be rescinded at any time. This rescission will not have any effect on the legality of data processing based on prior consent.

0.3 Who Can Access Your Personal Data

In addition to our service teams, the following third parties may also access personal data you provide to us. By reading and agreeing to this Privacy Policy, you acknowledge that your personal data may be shared with the following third parties.

1. Lawful Authorities
Personal data provided by users may be shared with any relevant competent authorities upon request. When deemed necessary (e.g., in the interest of protecting the Services and our users), some of your personal data may be disclosed to such authorities. This may include information that identifies your device (e.g., IP addresses) and your usage of the Services.
Furthermore, we have the right to share any personal data provided by users with such authorities to identify you and undertake legal action against you in the case of:

1. A violation of any agreements between us, including but not limited to this Privacy Policy and the Terms of Service for the Services.
2. Your violation of any third parties' rights and/or interests.
3. When such information is deemed necessary to prevent illegal activities, such as fraud and cyberattacks.

2. Third-Party Contractors
To provide the Services, we work with multiple third-party service providers. Personal data may be shared with these third-party contractors in a format that does not identify the user. Under no circumstances is personal data sold to such third-party contractors. Furthermore, certain third-party service providers are strictly prohibited from processing any personal data provided, including but not limited to accessing, storing or disclosing the data.
Accordingly, all data provided is limited to what is deemed necessary to provide the Services.
Third parties may include:

1. Social networks affiliated with the Services via login or consent to content sharing.
2. Subcontractors (including but not limited to IT systems providers, IT contractors and information communication service providers).
3. Advertising service providers that assist in distributing and targeting users for optimized advertisements and analyzing their performance and success rates. We guarantee that third-party information collection is performed only after your consent has been attained.

0.4 Advertisements

By consenting to this Privacy Policy, you acknowledge that we may collect and process personal data for purposes other than those outlined in 0.2 “Reasons for Collecting Personal Data,” as outlined below:

1. To deliver targeted advertisements relevant to the user's interests.
2. To gauge and analyze advertisement appeal.
3. To conduct marketing activities.

Advertisements may be disseminated directly by the Services or by third-party contractors.
Furthermore, users may withdraw from having their personal data processed for advertising purposes at any time.

0.5 Personal Data Retention

All personal data collected by our systems will be stored as long as the user's account remains active. Personal data will be deleted upon user request or when stipulated by law.
If a user requests that use of their personal data be stopped, the data will continue to be stored so long as no applicable laws are violated.
Even upon account termination or a user’s ceasing to use the Services, personal data will continue to be stored in compliance with applicable laws for the business purposes
All personal data will be anonymized, blocked or erased once this period expires.

0.6 User Rights Regarding Collected Personal Data

All users may request, via writing, an electronic copy of their stored personal data.
For security purposes, in order to process these requests, the user will be asked to provide relevant information to verify their identity and link it back to their account. In addition, users may request a modification or deletion of their stored personal data, with the acknowledgment that this decision will have an impact on their user experience.
For further information and clarification regarding users in Europe and California, please refer to Section 0.6a and the “California Consumer Rights According to the CCPA” section below, which address the privacy legislation found in the GDPR and CCPA, respectively.
0.6a GDPR Compliance
In accordance with the GDPR, the user has the following rights:

1. The Right to Access
   You have the right to gain free access to any personal data, as outlined in the GDPR. All users may request, via writing, an electronic copy of their stored personal data.
   Under no circumstances will the Services sell the information of minors under the age of 16 (or corresponding relevant age in their country of residence).
2. The Right to Rectification
   We work to ensure that all processed personal data is accurate when you engage with our various services.
   However, in the event that any stored personal data is inaccurate or out of date, you have the right to rectify this information in accordance with Article 16 of the GDPR (“Right to Rectification”).
   Any updates to user information can be done via the Options tab found in the Services.
   Furthermore, if the user submits a request via email, we will provide support to ensure the swift modification of personal data.
3. The Right to Erasure
   You have the right to request the deletion of any personal information collected and stored by the Services, as outlined in Article 17 of the GDPR (“Right to be Forgotten”).
   Data deletion may also be requested on legal grounds.
   In either case, please contact us using the contact information provided in the “Contact Address” section of this document to request the deletion of personal data.
4. The Right to Object
   In accordance with Article 21 of the GDPR (“Right to Object”) and similar applicable laws in serviced countries, you have the right to any data processing performed as a result of using the Services. If a user voices an objection, data will cease to be processed unless there are legitimate grounds for doing so. Furthermore, as outlined in Article 21 Section 2 of the GDPR, you have the right to object to having your personal data processed for direct marketing purposes as outlined in the GDPR.
5. The Right to Restriction of Processing
   In accordance with Article 18 of the GDPR (“Right to Restriction of Processing”) or other applicable laws in the user's country of residence, you have the right to restrict the processing of your personal data where one of the following applies:
   
   
   1. the accuracy of the personal data is contested by the user ,for a period enabling us to verify the accuracy of the personal data; In this instance, all processing will cease until the information is rectified by our service.
   2. the processing is unlawful but the user requests a restriction on processing instead of deletion of the data;
   3. we no longer have a need for the personal data, but the user requests access to the personal data for the purpose of exercising rights to make a legal claim; or
6. the user has objected to the processing of their personal data pursuant to Article 21 (“Right to Object”) where it has not been verified whether the legal grounds of our position take priority over the user’s claims.The Right to Data Portability
   In accordance with Article 20 of the GDPR (“Right to Data Portability”) and any other applicable laws in a user's country of residence, you have the right to receive stored personal data in a structured and commonly used machine-readable format. In addition, in accordance with the GDPR, you have the right to transmit this data to another administrator without our interference.
   For further rights concerning users residing in California, please refer to the “California Consumer Rights According to the CCPA” section.

0.7 Security and Storage of Your Information

We use the latest technology and protective safeguards to ensure that all data provided by users is secured against unauthorized access.
However, despite taking these strict measures, data breaches, hacking and cyberattacks are still potential risks when using internet-based services.
In the unlikely event of a security breach that compromises user data, we will actively work with the relevant authorities to investigate and respond to the situation.
In the case that personal data is compromised, all affected users will be notified and action will be taken in compliance with applicable laws.
We encourage users to maintain the security of their accounts by selecting strong passwords, to refrain from sharing personal data with other users via the Services and to use a secure device and operating system when using the Services.
This Privacy Policy is applicable to all data collected and stored by the Services.
Please note that we do not take responsibility in instances where third-party affiliates or their services (e.g., advertisements and links in/out of our website) collect your data.
Please ensure you have understood this Privacy Policy before using the Services.

0.8 EU-U.S. Privacy Shield

We fully comply with the U.S. Department of Commerce’s EU-U.S. Privacy Shield Framework through our utilization of Amazon Web Services (AWS).
All collected, processed and stored personal data transferred from the EU to the United States will adhere to the principles defined by the U.S. Department of Commerce and the European Commission as outlined in the Privacy Shield Framework.
For more information and details regarding AWS and its proof of certification, please refer to the following URL: https://aws.amazon.com/compliance/eu-us-privacy-shield-faq/
As outlined in this Privacy Policy, we will strive to ensure the security of all personal data collected by the Services and will take responsibility for any misuse of user data, except as otherwise provided.
Furthermore, in order to safely handle and store collected personal data (meaning data as defined in Article 16 Section 3 of the Japan Act on the Protection of Personal Information), we will take the necessary and appropriate measures to prevent the leakage, loss or damage of such data. If you would like further information regarding our data storage policies, please contact us using the contact information provided in the “Contact Address” section of this document.
Should a third party affiliated with us process user personal data in a manner that fails to comply with the principles outlined in the Privacy Shield Framework, we will take responsibility unless substantial proof is presented to refute our liability in the matter.
If you are an EU resident and have any questions or concerns about our policies regarding the Privacy Shield Framework, please contact us using the contact information provided in the “Contact Address” section of this document.

0.9 Age Limits and Restrictions

There are no age restrictions regarding The Quintessential Quintuplets OMOIDE VR -ITSUKI-. However, users are expected to comply with any age restrictions established by the store or their devices when using the Services.
If your country of residence specifies an age of consent with regard to personal data collection, a parent or legal guardian must oversee and approve the account creation process before any personal data is collected and stored by the Services.
By agreeing to use the Services, you acknowledge that you are considered an adult or of the age of majority in your country of residence.
Under no circumstances will we collect or process the personal data of a minor without the consent of a parent or legal guardian.

1.0 Information Disclosure

We have great respect for our users' privacy and rights.
All users have the option of requesting access to or disclosure of any of their information stored by the Services.
In order to submit such a request, please contact us using the contact information provided in the “Contact Address” section of this document.
In the event of such a request, we will be required to collect your name, email address and any additional information required in connection with the Services.
We will work swiftly to deliver the requested data following the confirmation of your personal data.

California Consumer Rights According to the CCPA

When collecting or using any information provided by users resident in California, where applicable,we promise to adhere to the clear general rules of the California Consumer Privacy Act of 2018 (“CCPA”).
In regard to the Services, we are obligated to disclose information regarding our methods of collection and the disclosure of data to any third parties. Furthermore, as a resident of California, you have a legal right to exercise additional rights over any information we collect via our services.
Accordingly, this section primarily focuses on the rights granted by the CCPA to our users resident in California. For these users, in the event that information found in this section of the Privacy Policy contradicts a previous section, this section will take precedence.
As a resident of California, you have:

-The right to know: You may request that we disclose, free of charge, your personal data that we have collected, processed or shared within the 12-month period preceding your request.
-The right to delete: You may request that we delete your personal data collected in connection with your use of the Services. We will also instruct any service providers with whom we have shared your personal data to do the same.
-The right to non-discrimination: We do not discriminate against users based on their exercise of rights under the CCPA.
-The right to opt-out: You may request that we stop selling your personal data or that we do not sell your personal data in the future. That said, we do not sell our user's personal data.

We have great respect for our customers’ privacy and rights. In order to request access to or disclosure of any data as outlined above, please contact us using the contact information provided in the “Contact Address” section of this document.
In the event of such a request, we will ask for your name, email address and any additional information required to process your request.
Should an authorized representative submit a request on behalf of a California resident, please provide the following additional documentation:

-Written and signed power of attorney from the user resident in California
-A form of identification to verify the authorized representative's identity
-Verification of the provided identity or designated power of attorney as outlined by the California Probate Code

The authorized representative’s identity is verified in accordance with the processes and procedures required or permitted by the CCPA and any other relevant laws. Accordingly, we may ask the representative for additional documentation needed to verify the person’s identity.

Contact Address

For inquiries regarding this Privacy Policy, please contact us using the information provided below.
Address: Sumitomo Fudosan Takanawa Park Tower 1F, 3-20-14 Higashigotanda, Shinagawa-ku, Tokyo 141-0022, Japan
Company Name: NextNinja Co., Ltd.
Contact Form: https://docs.google.com/forms/d/19meYWmpt3uzgZpP4vJnFKL4IpQhs1Vd51F_fZQBWZno/viewform?ts=632027d1&edit_requested=true
Email Address: cs-5hanayome-vr@nextninja.co.jp
CEO: Masayuki Yamagishi

11st October, 2022
Last updated 5th December, 2022