Introduction
LY Corporation is providing various services to its customers, and there are cases where LY Corporation provides your personal data to a company located in a country or region other than the country or region where you reside, upon obtaining your consent etc., in the course of providing such services.
The fact that LY Corporation may provide your personal data to foreign companies is described in LY Corporation’s Privacy Policy, and in the privacy policy and rules of various services.
This page describes information on the data privacy regulations of foreign countries as reference information in connection with your own personal data being provided to a company located in a country or region other than the country or region where you reside.
Please refer to this page when using the various services provided by LY Corporation.
As the contents related to information on the data privacy regulations of foreign countries, there are the following three items.
■ Existence of the data privacy regulations
Whether there is a data privacy regulation, including a comprehensive regulation, in the corresponding country/region is indicated.
■ Reference information related to the data privacy regulations
The following types of information are indicated as a reference related to the standards of the data privacy regulation of each country.
- Whether the standards of the data privacy regulation of the corresponding country/region are equivalent to those of Japan
When the data privacy regulation of the corresponding country/region is equivalent to those of Japan, such fact is indicated. - Adequacy decision in EU
When adequacy decision in EU has been adopted in the corresponding country/region, such fact is indicated.
Adequacy decision in EU is the European Commission’s decision to the effect that the corresponding country/region has secured an adequate level of protection for personal data. When adequacy decision in EU has been adopted in the corresponding country/region, the same level of protection of personal information as in Japan can be basically expected in such corresponding country/region. - Participation in APEC CBPR system
When the corresponding country/region is a participating country of the APEC CBPR system, such fact is indicated.
When the corresponding country/region is a participating country of the APEC CBPR system, the same level of protection of personal information as in Japan can be basically expected in such corresponding country/region since it is considered that such corresponding country/region has laws compliant with the APEC privacy framework and an enforcement office to enforce such laws. - Satisfaction of OECD’s Eight Principles
Whether the data privacy regulation of the corresponding country/region includes rules corresponding to OECD’s Eight Principles is indicated as needed.
OECD’s Eight Principles fulfill the role as the basic principles to be referenced in the efforts for international personal information protection, and are considered to be the substantial global standards when each country establishes its personal information protection system.
In this page, whether the data privacy regulation of the corresponding country/region includes rules corresponding to OECD’s Eight Principles is indicated according to the following legends for each of OECD’s Eight Principles.
Legends: ○ Rules are included in the comprehensive system; ∆ Certain rules are included in the comprehensive system/Rules are included in individual systems; — No rules could be found
OECD’s Eight Principles are as indicated in 1 to 8 below.
- Collection Limitation Principle
Personal data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject - Data Quality Principle
Personal data should be relevant to the purposes for which they are to be used, and should be accurate, complete and kept up-to-date - Purpose Specification Principle
The purposes for which personal data are collected should be specified, and the subsequent use limited to the fulfillment of those purposes - Use Limitation Principle
Personal data should not be used for purposes other than those specified except with the consent of the data subject or by the authority of law - Security Safeguards Principle
Personal data should be protected by reasonable security safeguards against such risks as loss, destruction, use, modification or disclosure of data - Openness Principle
There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence of personal data, and the purposes of their use, as well as the the data controller - Individual Participation Principle
An individual should have the right to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him, and to challenge data relating to him - Accountability Principle
A data controller should be accountable for complying with measures which give effect to the principles stated above
■ Existence of system that may significantly affect the rights and interests of individuals
Information on whether there is a system that may significantly affect the rights and interests of individuals pursuant to the transfer of personal data to the corresponding country/region in comparison to Japan’s data privacy regulation is indicated.
Specifically, the following information which may significantly affect the rights and interests of individuals in the system of the corresponding country/region is indicated; namely, (1) existence of rules which directly obligate the recipient of personal information, which was collected within the corresponding country/region, to retain such personal information within the corresponding country/region, or obligates the recipient of personal information to substantially retain such personal information within the corresponding country/region by imposing restrictions on carrying such personal information outside the corresponding country/region (system related to data localization), and (2) existence of rules which allow the government to access the personal data retained by private businesses or obligate private businesses to provide personal data to the government under laws for the purpose of enforcement of criminal laws and/or national security safeguards (system related to government access).
LY Corporation will provide information related to the data privacy regulations of the corresponding country/region upon periodically checking and confirming the data privacy regulations of the country/region to which your personal data may be provided. Please note that, since the information related to the data privacy regulation of each country will be updated periodically, such information may differ from the latest one at present.
Furthermore, please also review the information on the data privacy regulations of foreign countries provided by the Personal Information Protection Commission of Japan.