This Privacy Notice (hereinafter “this notice”) explains how SB Payment Service Corp. (“SB Payments”, “we” or “us”) collects, uses, and discloses information about you. Please read this notice carefully as it contains important information regarding the methods and reasons we collect, store, handle, and share (hereinafter “process”) the personal information of our customers, partners, etc. This notice also explains the rights of our customers, partners, etc. regarding the use of their personal information.

In addition to this notice, which applies to all of our customers, partners, etc., we have prepared exhibits that may also apply to you depending on the area in which you reside or are located. In such case, please refer to the applicable exhibits. If this notice conflicts with the country-specific exhibits, such exhibits will prevail.

CONTENTS

• ・Personal information processed
• ・Purpose and legal basis for processing personal information
• ・Disclosure of personal information
• ・Protection of personal information
• ・Personal information retention period
• ・Overseas transfer of personal information
• ・Rights of data subjects
• ・Cookies
• ・Links
• ・Revisions to this notice
• ・Inquiries
• ・Country Specific Exhibits
• 　・EEA （European Economic Area）and UK
• 　・California

We process the personal information of the following data subjects. (hereinafter “Data Subjects”).

1. Service subscribers: Customers who are subscribed to or are considering using our payment services.
2. Credit card and other users: End-users who make credit card or other payments via our payment services, etc.
3. Partners: Those in charge of business partnerships with us such as the resale of our payment services, or those considering to partner with us.
4. Website users: Those who use our website (https://www.sbpayment.co.jp/; https://www.sbpayment.jp/).

The categories of personal information we process regarding the above Data Subjects are as follows.

1. Contact data: Name, company name, country, company address, phone number, email address, department name, position, details regarding communication by phone or email and other contact information.
2. Contract data: Information regarding eligibility for introducing our payment services (e-commerce sites, etc. Includes information related to the products and services handled on said sites), settlement institution screening results, etc.
3. Inquiry data: Contents of inquiries and information on communications related to inquiries
4. Payment data: Information regarding credit card or other payments (transaction ID, date and time of payment, amount, name, credit card number, bank account number, transaction status, IP address, browser, type of device, etc.)
5. Technical data: Data that is used to providinge our website and services (IP address, user agent, cookies, etc.)
6. Behavioral data: Data collected by cookies regarding traffic on our website and usage status by website users and other bahavioral data)

We process your personal information in accordance with applicable data privacy laws and regulations.Please refer to the country-specific exhibits regarding our legal basis for processing.
If you do not provide us with the personal information that is necessary for use of the services, we may not be able to provide our services to you.
We process the personal data of Data Subjects for the purposes listed in the table below, and other purposes permitted under applicable laws and regulations:

1. Service subscribers
   1. i. To process contracts and introduce services;
   2. ii. To respond to inquiries;
   3. iii. To maintain / improve business operations and quality;
   4. iv. To provide information related contracts, services, etc .;
   5. v. To send email newsletters, etc.; and
   6. vi. To detect and prevent fraud in contract processing, provision of services, etc.
2. Credit card and other users
   1. i. To execute payment processing;
   2. ii. To maintain / improve business operations and quality; and
   3. iii. To detect and prevent fraudulent payment processing, etc.
3. Partners
   1. i. To conclude partner contracts;
   2. ii. To respond to inquiries;
   3. iii. To send email newsletters, etc .;
   4. iv. To maintain / improve business;
   5. v. To maintain / improve business operations and quality; and
   6. vi. To detect and prevent fraud in contract processing, partner operations, etc.
4. Website users
   1. i. To respond to inquiries by online form or phone;
   2. ii. To send email newsletters, etc .;
   3. iii. To detect and prevent fraudulent use of our website;
   4. iv. To improve quality through surveys on the use of our website, etc .; and
   5. v. Delivery of targeted advertisements, etc.

We disclose the personal information of Data Subjects to the extent necessary for the above purposes as shown in the table below.

Categories of personal information disclosed	Categories of recipients
Contact data, contract data	Group companies as listed below (hereinafter “Group companies”), cloud service providers, system vendors, settlement institutionsGroup companies: SoftBank Corp. SB C & S Corp. PayPay Corporation Cybertrust Japan Co. , Ltd.
Inquiry data, payment data, technical data, behavioral data	Group companies, cloud service providers, system vendors
Technical data, behavioral data	Advertising networks, advertising service providers

We ensure appropriate data protection measures with third parties (hereinafter “Processors”) who process personal information on our behalf by entering into data processing contracts with Processors.
In addition to the above, we may be required to disclose your personal information to public and governmental authorities in accordance with law and/or requests from such authorities. We will also disclose your personal information if the disclosure is necessary or appropriate, due to the purposes of law enforcement or handling other issues of public importance. We will also disclose your personal information if the disclosure is reasonably necessary to protect our rights, to pursue available remedies, to enforce our terms of use, to investigate fraud, or to protect our operations, customers or end-users.

We may also share personal information of Data Subjects with other parties, including as follows.
--As part of a corporate sale, merger, or acquisition, or other transfer of all or part of our assets, including as part of a bankruptcy proceedings;
--Cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain a principal's consent;
--With your consent; or
--Other cases permitted under applicable laws and regulations.

We have implemented appropriate security measures to ensure that personal information of Data Subjects is not accidentally lost, used or accessed without permission, modified, or exposed. In accordance with the fact that we process important personal information of Data Subjects such as payment data, we also conduct audits through external organizations and obtain relevant certifications (ISO/IEC 27001: 2013, PCI DSS, etc.). In addition, we appropriately restrict access to the personal information of our Data Subjects by employees, agents, contractors, and other third parties with a business need to know it. They only handle personal information of Data Subjects based on our instructions and under the obligation of confidentiality.
We have procedures in place to address any suspected breach of personal information and will further notify Data Subjects and the necessary legal authorities where required by law.

We will retain personal information of Data Subjects for the period required according to the purposes for which the personal information is processed. Once the personal information of Data Subjects no longer needs to be retained, we will take necessary measures such as deleting or anonymizing the personal information.
We retain personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for compliance and protection purposes.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the personal information we have collected about you, we will either delete or anonymize it. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

We will not transfer your personal information outside Japan.
For those of you who reside outside Japan, upon transferring your personal information to Japan, we will take appropriate measures in accordance with provisions set forth in applicable laws and ordinances. For the protection measures of each country, please refer to the country-specific exhibits.

We will respect the rights you hold regarding data protection laws applicable to you. You may require disclosure of personal information, correction, addition, and elimination of content, suspension and erasure of usage, and suspension of provision to third parties in accordance with Japanese laws regarding protection of personal information. In addition, in data protection laws of each country that will be applied, rights may be granted to Data Subjects. For rights granted in each country, please refer to the country-specific exhibits. If you wish to exercise your rights, please make an inquiry using the contact in Section 12 (Contact Details) of this notice. You may assert your rights as long as you meet requirements applicable to you under data protection laws.

For details regarding the cookies used on our website, or to change your settings regarding the use of cookies, please refer to the link below.

While there are several links to external websites on our website, we do not share any personal information with these websites. We do not manage how external websites maintain personal information, and such websites are outside the scope of this Privacy Policy. We do not bear any responsibility for the collection of personal information that occurs in connection with the linked websites, so please be sure to refer to the privacy policies of those linked websites.

We may, in making changes to this notice (including country-specific exhibits), revise this notice by publishing on our website, sending email, or giving notice by any other method that we deem appropriate (subject to applicable laws and regulations, if any). The revised content is issued from the date of revision indicated at the top of this notice.

Should you have any questions regarding this notice or the personal information on Data Subjects that we retain, please contact us by mail or email at the following address.
Contact details:
SB Payment Service Corp.
Tokyo Portcity Takeshiba Office Tower, 1-7-1 Kaigan, Minato-ku, Tokyo 105-7529
privacy@sbpayment.jp

For the name of the representative director, please refer to the Company Profile page.
https://www.sbpayment.co.jp/ja/info/profile/