Original Effective Date: July 3rd, 2023

Grenge, Inc., as well as its subsidiary and affiliated entities, (“Grenge,” “we” or “us”) take the protection of your personal information very seriously. The following Privacy Policy will provide you with information about the personal information that is collected and how it is processed and used.

PLEASE READ THIS PRIVACY POLICY CAREFULLY BECAUSE BY USING THE SERVICES, YOU CONSENT TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY AND TO OUR PROCESSING OF PERSONAL INFORMATION FOR THE PURPOSES STATED BELOW. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES.

In order to ensure the secure processing of your personal information, we have implemented all safeguards required by law.

1. Scope of This Privacy Policy

This Privacy Policy applies only to the websites and applications in relation with “Pinball Fortress” controlled by Grenge where this privacy policy is posted, as well as events related to “Pinball Fortress”, such as sweepstakes events, and contests (collectively, the “Services”).

2. Information Collected (Categories and Sources of Personal Information)

We collect several types of personal information from you.

Grenge considers personal information to be any information concerning the personal or material circumstances of an identified or identifiable individual (e.g. name, date of birth, and other information which enables the identification of specific individuals), as well as email addresses and other information associated with an individual. We may collect:

• your name and email address if you contact us with a question;
• your Internet Protocol (IP) address, a number that lets devices attached to the Internet know where to send you data, such as the webpages you view; and
• your date of birth
  Furthermore, Grenge may collect information on the situation concerning access to the Services and how it is being used. This includes the information below.
• Device information
• Location information
• Log information
• Cookies, Advertising Identifiers, and anonymous IDs.

For residents of the European Economic Area and the UK, the following shall also apply:

We will process Cookies, etc (except for strictly necessary Cookies, etc) as well as your personal data obtained through Cookies, etc for the for the purposes outlined in Article 5 based on your consent. You may withdraw your consent to this processing at any time. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent.

3. Cookies, Advertising Identifiers, and IP Address Information

We use cookies, Advertising identifiers (including but not limited to Identifiers for Advertisers/IDFA and Google Advertising Identifiers/AAID) and IP address information (hereinafter collectively referred to as "Cookies, etc.") in the Services, a small text file that may be used to collect information about your activity on the Services and to make the use of our Services as comfortable as possible for you, not only for your current use of the respective service but also for latter uses. For example, when someone visits a web page within the Services, a cookie is placed on the user’s machine (if the user accepts Cookies, etc) or is read if the user has accessed the Services previously. These Cookies, etc enable us and Third Party Providers to collect information including user ID, app version, operation system, device name, and any error codes. If you would like to opt out on a particular device on which you are accessing this Privacy Policy, please configure from your own device (see here for iOS and here for Android for instructions on how to set this up). You may also set most browsers to notify you if you receive a cookie, or you may choose to block Cookies with your browser. If you do so, you may not be able to take advantage of the personalized features enjoyed by other users of our Services.

4. Cookies, etc of Third Party Providers and Other Tracking Tools

We use the following Cookies, etc:

1. A. Google Analytics
   Google Analytics, a web analytics service provided by Google LLC (“Google”), collects anonymous statistical and analytical information about how our users use Services. For example, Google gathers and aggregates data on page views and clicks on the Services. These analytics are not used to track your journey to other websites or to identify you. The information generated by the Google Analytics Cookies, etc about your use of the Services (including your IP address) will be transmitted to and stored by Google on servers in the United States.
   You can find a more detailed account of Google’s privacy policy here:
   https://policies.google.com/privacy?hl=en.
2. B. Advertisement tracking tool and ADNW
   The Services use advertisement tracking tools and ADNWs (“Tools”) for smartphone applications provided by the following companies, to distribute advertisements on the Services. These companies may also collect information under their own privacy policies. Tools make it possible to measure and analyze the effectiveness of smartphone advertising and deliver advertising effectively. Tools collects personal information as described below and aggregated information (information about groups or categories of persons, which does not identify and cannot reasonably be used to identify an individual person). The information held in log files includes the user's IP address, carrier name, device name, device OS name, device OS version, advertising identifier (IDFA / AAID), startup information, and billing information. You may refuse the use of Tools by opting out of the links provided below.
   
   • Adjust
   • Privacy Policy
     https://www.adjust.com/terms/privacy-policy/
   • Opt Out
     https://www.adjust.com/forget-device/
   • AdMob
   • Privacy Policy
     https://support.google.com/admob/answer/6128543?hl=en
   • Opt Out
     https://policies.google.com/technologies/ads
   • AppLovin MAX
   • Privacy Policy
     https://www.applovin.com/privacy/
   • Opt Out
     https://optout.networkadvertising.org/?c=1
   • IronSource
   • Privacy Policy
     https://developers.ironsrc.com/ironsource-mobile/air/ironsource-mobile-privacy-policy/
   • Opt Out
     https://ironsrc.formtitan.com/Data_Subject_Request#/
   • meta(facebook)
   • Privacy Policy
     https://www.facebook.com/privacy/policy
   • Opt Out
     https://www.facebook.com/help/109378269482053
   • Unity Ads
   • Privacy Policy
     https://unity.com/legal/game-player-and-app-user-privacy-policy
   • Opt Out
     https://unity.com/legal/game-player-and-app-user-privacy-policy#_Contact_Us
3. C. Firebase Crashlytics
   Crashlytics is a monitoring service provided by Google Ireland Limited.
   Personal Data processed: crash data; device information; Universally unique identifier (UUID).
   You can find a more detailed account of Firebase’s privacy policy here:
   https://firebase.google.com/support/privacy?hl=en.

5. Use of Personal Information

We may process your personal information for the purposes detailed below:

• To deliver content such as games, video, and music, and provide related services;
• To develop services, compile statistics, analysis, questionnaires, and other marketing activities intended to improve services;
• To contact and communicate with you to respond to your inquiries and complaints;
• To provide you with special offers, updated information and other new services from Grenge or other third parties, or to forward promotional materials if you have requested this information or provided your consent for us to do so;
• To complete a transaction or service requested by you;
• To fulfill marketing or promotional purposes;
• To ensure that the Services are relevant to your needs;
• To help us create and publish content that is the most relevant to you;
• To notify you about a change to this Privacy Policy or the Terms of Service Agreement, if necessary;
• To allow you access to limited-entry areas of the Services;
• To deliver newsletters or other information that you request;
• To resolve disputes with you; and
• In other manners as disclosed within this policy or at the time of collection.

If we need to process your personal information for a purpose not set out in this privacy policy, we will inform you accordingly and, where required, obtain your consent.

For residents of the European Economic Area and the UK, the following shall also apply:

We will always process your personal data based on one of the legal bases provided for in the GDPR (Articles 6 and 7). We process your personal data for the purposes stipulated in the preceding paragraph based on the following legal grounds.

(1) Performance of a contract (Article 6(1)(b) of the GDPR)

We process your personal data for the following purposes because it is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract.

• To deliver content such as games, video, and music, and provide related services;
• To contact and communicate with you to respond to your inquiries and complaints;
• To complete a transaction or service requested by you;
• To notify you about a change to this Privacy Policy or the Terms of Service Agreement, if necessary;
• To allow you access to limited-entry areas of the Services; and
• To resolve disputes with you;

(2) Legitimate Interests (Article 6(1)(f) of the GDPR)

We process your personal data for the following purposes because it is necessary to do so in order to pursue our legitimate interests (Article 6(1)(f) of the GDPR).

• To develop services, compile statistics, analysis, questionnaires, and other marketing activities intended to improve services;
• To fulfill marketing or promotional purposes;
• To ensure that the Services are relevant to your needs;
• To help us create and publish content that is the most relevant to you; and
• To process strictly necessary Cookies, etc.

(3) Consent (Article 6(1)(a) of the GDPR)

We process your personal data for the following purposes based on your consent; (Article 6(1)(a) of the GDPR).

• To process Cookies, etc (except for strictly necessary Cookies, etc) as well as your personal data obtained through such Cookies, etc.
• To provide you with special offers, updated information and other new services from Grenge or other third parties, or to forward promotional materials if you have requested this information or provided your consent for us to do so; and
• To deliver newsletters or other information that you request.

Provision of personal data described in 2 above (except for non-strictly necessary Cookies, etc) is a contractual requirement, and we will not be able to provide you services if you don’t provide such personal data.

For residents of California, the following information is also provided:

We may have collected the following categories of information from and about you in the preceding 12 months:

6. Disclosure to Third Parties

We may share or disclose your personal information specified in Article 2 to the extent necessary with third parties. The personal information disclosed to third parties may only be used by third parties for the purposes specified below, and such third parties may only use the personal information for the term necessary to fulfill such purposes:

• To fulfill a service to you. For example, if you choose to engage with games or services on the Services, we may share your personal information in order to provide the service to you. Also, if you are entering a sweepstake or contest, we may use your personal information in order to fulfill the terms of that promotion. This means that we may share the information for prize fulfillment purposes including, for example, sharing your postal address with a postal service or mail carriers. We may also share your information with the co-sponsor of that promotion.
• To evaluate the effects of advertisement, we may transfer your personal information to the companies specified in Article 4 (Cookies, etc of Third Party Providers and Other Tracking Tools).
• To comply with laws and regulations, we may share personal information when necessary or in the good faith belief that such action is necessary under the requirements of the law, a legally-binding court order, or governmental order from an investigation agency or competent regulatory authority that is issued through due process, to protect and defend our rights or property, including the rights and property of Grenge, or to act in urgent circumstances when it is necessary to protect the life, body, or property of a person, and the consent of the identified individual is difficult to obtain.
• To third parties as part of any corporate reorganization process including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets.

7. Security

No data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you understand that any information that you transfer to Grenge is transmitted at your own risk. Grenge specifies rules for the protection of personal information, and incorporates appropriate administrative, technical, organizational, and physical security measures that are required under applicable regulations. We use firewalls to protect your information from unauthorized access, disclosure, alteration, or destruction. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered or destroyed by breach of said firewalls and secure server software.

If we learn of security systems breach, we may attempt to notify you electronically so that you can take the appropriate protective measures. By using these Services or providing personal information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of these Services. We may post a notice on our Services if a security breach occurs. We may also send an email to you at the email address you have provided to us in these circumstances.

8. Access, Portability & Correction of Personal Information

You have the right to access and to request the correction or transfer of the information that we hold about you or to object to the processing of any data relating to you, by using the contact details in Article 21. When Grenge receives a request from you for access to, transfer of, correction of, addition to, deletion of, or objection to the processing of personal information due to error (hereinafter referred to as Correction), Grenge shall conduct any necessary investigation without undue delay and provide you or a nominated third party with your personal information and perform a Correction as soon as possible.

For residents of the European Economic Area and the UK, the following shall apply:

If certain conditions are satisfied, you will have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and the right to transfer those data to another controller without hindrance from us (Article 20 of the GDPR).

For residents of California, the following shall apply:

California Civil Code Section 1798.83 permits California residents to request certain information regarding disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information for third parties’ direct marketing purposes.

You have the right to know and right to access information about the categories and specific pieces of personal information we have collected about you, as well as the categories of sources from which such information is collected, the purpose for collecting such information, and the categories of third parties with whom we share such information. You also have the right to know if we have sold or disclosed your personal information. You may request a copy of the personal information we have collected, and upon request, we will provide this information to you in electronic form.

You have the right to request information about our sale or disclosure for business purposes of your personal information to third parties.

California residents have the right not to be discriminated against for exercising any of these rights. If you would like to exercise one or more of these California rights, please contact us using the contact information provided in Article 21. You may also designate an authorized agent registered with the California Secretary of State to make a request on your behalf. The authorized agent must have written permission to submit requests on your behalf. Whenever feasible for verification, we will match the identifying information provided by you to the personal information already maintained by us. If, however, we cannot verify your identity from the information already maintained by us, we may request additional information.

9. Discontinuation & Deletion of Personal Information

You have the right to request that we stop processing your personal information and/or delete the information that we hold about you by using the contact details in Article 21. If you request the deletion or erasure of personal information (hereinafter referred to as "Discontinuation") because the information allegedly was handled in a manner exceeding the purpose of collection, or was acquired through deceit or other unlawful means, Grenge shall, upon confirming that the person making the request is the identified individual, conduct any necessary investigation without undue delay and, based on its results, perform the Discontinuation free of charge as far as this is possible for Grenge and notify you. However, we may retain a copy of your personal information where we are required or permitted to do so by law.

Once the purpose of collection/use of the personal information is achieved, we destroy your personal information without delay; provided, however, that certain information that must be retained for a statutorily-prescribed period and is destroyed after the expiration of such period. Personal information that is separately stored in such case is not used for any other purpose unless provided for under a law.

For electronic data files, we employ technical methods to destroy them so that the subject data cannot be restored or reconstructed. For hard copies and paper documents, we destroy them through incineration or shredding.

For residents of the European Economic Area and the UK, the following shall apply:

- Rectification or erasure of personal data: You have the right to have us rectify inaccurate personal data concerning you without undue delay and the right to have us complete any incomplete personal data (Article 16 of the GDPR). Also, if certain conditions are satisfied, you will have the right to have us delete personal data concerning you without undue delay (Article 17 of the GDPR).

- Restriction on processing of personal data: If certain conditions are satisfied, you will have the right to have us restrict processing of personal data concerning you (Article 18 of the GDPR).

- Objection to processing of personal data: If certain conditions are satisfied, you will have the right to object to processing of personal data concerning you (Article 21 of the GDPR).

- Not to be subject to automated decision-making: If certain conditions are satisfied, you will have the right not to be subject to solely data-based, automated decision-making (including profiling) that produces any legal or similar material effect on you (Article 22 of the GDPR).

For residents of South Korea, the following shall also apply:

If we use consent as the legal ground to process personal information, after you withdraw your consent to the processing, we will then stop processing your personal information unless there is another legal basis for such processing (e.g. statutory retention periods).

For residents of California, the following rights shall also apply:

You have the right to opt out of the sale of your personal information to third parties. Please note, we do not sell your personal information at this time.

You also have the right to request the deletion of your personal information, subject to certain legal exceptions.

California residents have the right not to be discriminated against for exercising these rights. If you would like to exercise these California rights, please contact us using the contact information provided in Article 21. You may also designate an authorized agent registered with the California Secretary of State to make a request on your behalf. The authorized agent must have written permission to submit requests on your behalf. Whenever feasible for verification, we will match the identifying information provided by you to the personal information already maintained by us. If, however, we cannot verify your identity from the information already maintained by us, we may request additional information.

10. Accounts Information

Your account information and access to our Services are sometimes accessible only through the use of an individual user ID and password. To protect the confidentiality of personal information, you must keep your password confidential and not disclose it to any other person. Please note that we will never ask you to disclose your password in an unsolicited phone call or email. GRENGE IS NOT RESPONSIBLE FOR ACTIONS TAKEN REGARDING YOUR ACCOUNT WHILE A USER IS LOGGED IN USING YOUR USER ID AND PASSWORD.

11. Transmission of information about the Services

We may send you communications or data regarding the Services, including but not limited to (i) notices about your use of the Services, including any notices concerning violations of use, (ii) updates, and (iii) information or materials regarding transactions, products, and/or services that you may have purchased or selected.

12. Retention Period

We will not retain your personal information longer than necessary to fulfill the purposes for which it was collected for, unless there is another legal basis for such processing (e.g. fulfillment of legal obligations). Afterwards, we will delete your personal information. The individual retention periods depend on the type of personal information and the purpose of its processing.

13. International Transfer of Information

If you choose to provide us with personal information, it will be stored in Japan. Grenge may transfer (by any means including sending or allowing access) that information to its subsidiaries, affiliated entities, and other third parties explained in Article 6 across borders, and from your region to other regions around the world in accordance with applicable laws and regulations regarding the international transfer of personal information. Such personal information may be processed by such parties for the term necessary to fulfill purposes specified in Article 6.

For residents of the European Economic Area and the UK, the following shall also apply:

We share or disclose your personal data to a third country on the basis of adequacy decision (Article 45 of the GDPR) if adequacy decision is made to such third country. We share or disclose your personal data to a third country by executing with the transferee the standard data protection clauses (Article 46(2)(c) and (5) of the GDPR) approved by the European Commission if no adequacy decision is made to such third country.

14. Push Notifications

We may occasionally send you push notifications through our mobile applications to send you game updates and other service related notifications that may be of importance to you. You may at any time opt out from receiving these types of communications by turning them off on your device through your settings.

15. Third Party Services

This statement applies solely to information collected on the Services. The Services may contain links to other webservices. We are not responsible for the privacy practices or the content of these other web services.

16. Changes to this Privacy Policy

We reserve the right to change this Privacy Policy from time to time. When we do, we will also revise the “last updated” date at the top of this Privacy Policy. For some changes to this Privacy Policy we may attempt to obtain your consent before implementing the change by placing a notice on the Services. Continued use of the Services following such notice will be viewed as consent to such changes unless otherwise specified. We do not substitute your consent to the processing of your personal information with your consent to this Privacy Policy; provided, however, we may process your personal information without your consent to the extent that such processing is permitted under applicable laws.

17. Online Tracking

Certain web browsers and other programs may be used to signal your preferences to us about how or whether we or third parties may collect information about your online activities. Because there is not yet an accepted standard for how to respond to a “Do Not Track” (DNT) signal, Grenge does not support DNT browser settings and does not currently participate in any DNT frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your personal information or non-personal information.

18. Our Policy Regarding Children

We do not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to use the Services. If you are under 13, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under the age of 13 may provide any personal information. In the event that we learn that we have collected personal information from a child under the age of 13, we will delete the information as quickly as possible. If you believe that we might have any information from or about a child under the age of 13, please contact us using the online form (https://www.grenge.co.jp/#/contact).

19. Right to Complain

If you are not happy with the way in which we are processing your personal information, you have the right to lodge a complaint with your local data protection authority.

20. Contacting Us

If you have any questions about this Privacy Policy, our privacy practices, or regarding information, correction, blockage or deletion of data, please contact us using the online form (https://www.grenge.co.jp/#/contact).