This Privacy Policy (hereinafter referred to as “this Policy”) governs how Biome Inc. (hereinafter referred to as “We”, “the Company”) We develop interactive, augmented reality-based learning experiences that enable users to learn about and explore flora and fauna through mobile devices. Through our apps and services, you can learn about your surroundings in an immersive way, connecting with real-world elements.
We collects, uses, discloses, stores, and protects the personal data (as defined under the Indonesian Personal Data Protection Law (Law No. 27 of 2022 on Personal Data Protection, hereinafter referred to as the “PDP Law”)) of users (hereinafter referred to as “Data subjects”) of the services provided by the Company (hereinafter referred to as “the Services”). This Policy complies with the PDP Law and related laws and regulations, and clarifies the Company's commitment to protecting personal data.
This Privacy Policy applies to Data Subjects that are subject to the PDP Law in the Republic of Indonesia. Data Subjects that are subject to the Personal Information Protection Act of Japan shall be governed by this Privacy Policy.
You should also read our Terms of Use, which establish the contract between you and BIOME when you use our Services. Subject to applicable law, this Privacy Policy also serves as a notice to and agreement with you regarding the collection and processing of your personal information.
To provide the Service, the Company may collect the following personal data through lawful and fair means, based on limited and specific purposes.
General Personal Data
We must collect and process certain Data Subjects in order to provide the Services to you and to fulfill our obligations under the Terms of Service:
Certain features within our Services are accessible only after you register or create an account. During this process, you will be asked to provide Personal Data, including your age and the username you wish to use within the application. This information is required to verify your identity when creating or accessing your account, to ensure that you meet the eligibility requirements for using the Services, and to deliver the appropriate version of the Services to you.
Some of our Services may require you to sign in using an external single-sign-on provider. In such cases, the types of Personal Data we receive will depend on the specific external account you choose to use, the privacy policy of that provider, and the privacy settings you have enabled on their platform.
If you use your Google credentials to access the Services, we will receive the email address associated with your Google account as well as the authentication token issued by Google.
If you choose to sign in through Facebook, we will receive the unique user identifier assigned by Facebook and, where you grant additional permission, the email address registered to your Facebook account.
If you choose to sign in using your Apple ID, we will receive the email address linked to your Apple account, or a randomly generated relayed email address if you have enabled Apple’s “Hide My Email” feature.
For certain Services that you choose to use, we may provide authentication options through additional third-party providers. When you utilize such single sign-on mechanisms, the external provider may transmit certain supplementary information to us, including potential access to your public profile as disclosed by that provider. However, we do not request, use, or retain any such additional information.
We may process information related to your interactions, activities, and achievements within the application or game, as well as certain data associated with your mobile device. This may include device identifiers, the type and version of the operating system, device model, system configurations and preferences, and information regarding third-party applications or software installed on your device. This information is used to support the operation of the Services and to tailor your user experience. For certain Services, we may also generate an internal account identifier to associate your usage with a specific account.
We process your device’s location data when you access the Services and where enabled also when the application is not actively in use. Such location information is necessary to provide location-based features and is determined through GPS, Wi-Fi access points, or cellular tower triangulation.
We further use the foregoing information to provide technical support to you.
During your use of our services, we may, either manually or automatically, use, process, for any of the following purposes:
We use information such as your IP address, browser type and version, operating system, the websites or applications you visited before accessing our Services, the pages or features you interact with within the Services, the duration of such interactions, the links you select, device and advertising identifiers, your age, and your in-application or in-game activities.
We use your internal account ID and in application or in game username to associate any submissions, contributions, or content you upload through the Services with your account. In certain circumstances, you may choose not to display your username on submitted content by adjusting the privacy or preference settings available within the Services.
We process the content you upload including images, text, and/or video to enable social features within our applications and games. This allows you to interact with other users, including displaying your communications and shared materials, facilitating connections with friends or enabling them to find you (including through imported contacts), and allowing you to share your activities, user experience, and achievements with friends or other players.
We may process Personal Data for legal and regulatory purposes, including upon receiving a written request from a competent authority or foreign governmental body, to protect your vital interests, or where such processing is necessary for reasons of public interest.
Providing the Service, sending marketing information, conducting surveys, and providing customer support.
Fulfilling contractual obligations between us and the data subject or between us and a third party.
Compliance with applicable laws and regulations, and responding to requests from government agencies.
Improving the Service, preventing and detecting fraud, and ensuring security.
Other purposes for which the data subject has separately consented.
We use Cookies to provide you with the Services, to track the activity on the Services and to hold certain information. We use the following types of Cookies to recognize your device and to provide and improve the Services:
Strictly Necessary Cookies: These cookies are indispensable for enabling your access to and use of the Services. They support core functionalities such as site navigation and account authentication and the Services cannot operate properly without them.
Performance Cookies: These cookies gather data regarding how you and other users engage with the Services, including information such as frequently visited pages or usage patterns. The insights obtained are used solely to enhance the performance, efficiency, and overall operation of the Services.
Functionality Cookies: These cookies allow the Services to remember your preferences and previously selected settings such as login details or regional configuration so that content and features can be tailored to your experience.
Advertising Cookies: These cookies are employed to deliver advertisements that are more aligned with your interests. Information collected through these cookies may also be shared with third-party partners for advertising and measurement purposes.
The cookies referenced above may operate as either session cookies or persistent cookies. Session cookies remain active only for the duration of your visit and are erased once you sign out or close your browser. Persistent cookies remain stored on your device for a defined period after your session has ended.
The Company will not disclose or share personal data with third parties without the data subject's consent, except in the following cases:
Personal Data Shared with Third Parties. We may provide anonymized or aggregated data to third parties for purposes such as performance analysis, industry research, and market evaluation. We will only share Personal Data with external publishing partners for their direct marketing activities where we have obtained your explicit consent. Apart from such circumstances, we do not disclose your Personal Data to any third party for their direct marketing purposes.
The Company may transfer collected personal data to countries or regions outside Indonesia. In such cases, we will take one of the following measures under the PDP Law to ensure the level of personal data protection is equivalent to or higher than that in Indonesia:
Data subjects have the following rights regarding their personal data under the PDP Law.
The Company will generally respond appropriately to requests from data subjects for access, correction, restriction, deletion, etc., within 72 hours of receiving the request or within the period specified by the PDP Law.
However, exercising each right requires following separately established procedures.
We implement a range of physical, technical, and administrative safeguards to protect your Personal Data, including the use of SSL encryption, firewalls, and physical access restrictions. We also conduct periodic security reviews (at least annually) to ensure adherence to industry standards. However, data transmission over the internet cannot be guaranteed to be completely secure. In the event of a security incident, we will notify you as required by law or when otherwise appropriate under the circumstances.
We implement appropriate technical, organizational, and physical security measures to protect personal data against loss, misuse, unauthorized access, disclosure, alteration, or destruction.
The Company holds ISO/IEC 27001 (ISMS) certification.
In the event of a personal data breach, we will notify the data subjects and relevant authorities in writing within 72 hours of becoming aware of the breach, providing the following information:
The Company retains personal data only for as long as necessary to fulfill the purpose for which it was collected. Once the purpose is fulfilled, and there is no retention obligation under the PDP Law or related laws, or if the data subject requests deletion, the Company will delete or destroy the personal data and notify the data subject accordingly. The deletion will process 3 working days from receiving deletion request from Data Subject.
Unless stated otherwise for a particular Service, children (i.e. under 18 years of age) are not allowed to use the Services, and we do not knowingly collect Personal Data from them.
For Services that allow participation by Children, we require verified authorization from a parent or legal guardian (“Parent”). Such verifiable consent is mandatory before we collect, use, or share any Personal Data belonging to a Child. We will not process a Child’s Personal Data in any manner without this approval. To obtain consent, we may request that the Child submit a Parent’s email address. If the Parent does not provide consent within a reasonable period, the Parent’s email address will be removed from our records.
In using our Services you may access links to websites and services that are owned or operated by third parties (“Third Party Service”). Any information that you provide on or to a Third Party Service or that is collected by a Third Party Service is provided directly to the owner or operator of the Third Party Service and is subject to the owner’s or operator’s privacy policy. We’re not responsible for the content, privacy, or security practices and policies of any Third Party Service. To protect your information we recommend that you carefully review the privacy policies of all Third Party Service that you access.
The Company may revise this policy from time to time in response to amendments to the PDP Law and related laws, or changes in business policies. The revised Policy shall take effect upon its publication on the Service or on the official Company website.
For inquiries regarding this Policy or to exercise your rights as a data subject, please contact us at the following address:
Company Name: Biome Inc.
Address: 134 Chudoji Minamicho, Shimogyo-ku, Kyoto City, Kyoto Prefecture
Email Address: info@biome.co.jp
Phone Number: +81-75-432-7622
Data Protection Officer: Security Manager, Biome Inc.
If this Privacy Policy is created in multiple languages, including English, the English version shall prevail.