Privacy Policy
Introduction
SHIFFON Co., Ltd. (hereinafter referred to as "our company"), as a business that handles personal information, fully recognizes that managing personal information is an important responsibility, and in addition to complying with the "Act on the Protection of Personal Information" and related laws and regulations, has established a basic policy on personal information protection and ensures that all employees are fully aware of it.
We also ensure reliable management of personal information, providing ongoing peace of mind to specific individuals (hereinafter referred to as "individuals") who can be identified by personal information, including customers.
Article 1 (Acquisition and Use of Personal Information)
We will collect and use personal information to the extent necessary for the following purposes. If we wish to use personal information beyond the scope of the following purposes, we will obtain prior consent from the individual in an appropriate manner.
1. Personal information relating to customers ・For identity authentication ・To properly operate and provide our services ・To confirm product order details, ship products, contact customers, and process applications ・To provide after-sales service such as product repairs ・To manage membership such as membership registration and cancellation procedures ・To send e-mail newsletters to those who request them, provide point services, conduct surveys, and provide various service information ・For marketing analysis (sales performance analysis, access analysis, etc.) ・To introduce, advertise, and promote information about new products and services provided by our company ・To respond to inquiries about products and services sold by our company (reservations, repairs, delivery, etc.) and inquiries about credit card usage history ・To investigate member access history and usage status ・To respond to fraudulent activity ・For other purposes to improve our services
2. Personal information received from business partners: For business negotiations, business-related contact and confirmation; For the performance of transactions and contracts, and for the management of other business operations
3. Personal information of individuals who have applied for employment at our group companies - For employment selection, notification of employment selection results, interviews, and other communications - For consideration and determination of assignment
4. Personal information relating to employees: ・For business contact with employees and for managing employee work; ・For personnel and labor management; ・For payment of compensation (wages, bonuses, allowances, etc.) to employees and for providing employee benefits; ・For managing the health of employees
Article 2 (Safety Management Measures for Personal Information)
Our company will clarify the rules regarding the handling of personal information, thoroughly inform employees about them, and implement necessary safety measures to prevent unauthorized access to personal information or the loss, destruction, falsification, leakage, etc. Furthermore, if improvements are required based on the results of internal audits, examples of security incidents, or comments or requests from individuals, we will promptly correct them.
Article 3 (Provision of personal information)
Personal information will be managed with strict security and will not be disclosed or provided to third parties without the consent of the individual, except in the following cases:
1. When it is necessary to protect a person's life, body, or property, and it is difficult to obtain the consent of the individual; 2. When it is particularly necessary to improve public health or promote the healthy development of children, and it is difficult to obtain the consent of the individual; 3. When it is necessary to cooperate with a national institution, local public body, or a person commissioned by them in carrying out duties prescribed by law, and obtaining the consent of the individual is likely to hinder the performance of said duties; 4. When all or part of the handling of personal information is outsourced to the extent necessary to achieve the purpose of use in order to smoothly carry out business; 5. When personal information is provided in connection with business succession due to a merger or other reason; 6. When personal information is used jointly with a specific person, and the individual is notified in advance, or the individual is made easily aware of, the fact that it will be used jointly, the items of personal information to be used jointly, the scope of those who will use it jointly, the purpose of use by those who will use it, and the name or title and address of the person responsible for managing the personal information, and the name of its representative in the case of a corporation; 7. Other cases permitted by law.
Article 4 (Entrustment of handling of personal information)
We may outsource all or part of the handling of personal information to the extent necessary to achieve the purpose of use. In such cases, we will thoroughly examine the suitability of the outsourcing party, stipulate matters related to confidentiality obligations in the contract, and provide necessary and appropriate supervision of the outsourcing party.
Article 5 (Joint Use of Personal Information)
We may jointly use personal information for the following purposes and within the scope necessary to achieve the purpose of use.
1. Personal information to be shared: Name, address, gender, age, email address, telephone number, name of organization, transaction details, and other information that can identify a specific individual.
2. Scope of parties who may share personal information: Our group companies
3. Person responsible for managing personal information: SHIFFON Co., Ltd.
Article 6 (Disclosure of personal information and notification of purpose of use)
1. When an individual requests notification of the purpose of use of retained personal data that identifies that individual, the Company will notify that individual without delay. However, if any of the following applies, the Company may not disclose all or part of the data, and if it decides not to disclose the data, the Company will notify that fact without delay.
(1) When the purpose of use of retained personal data is clear. (2) When notifying the individual of the purpose of use is likely to harm the life, body, property, or other rights and interests of the individual or a third party. (3) When notifying the individual of the purpose of use is likely to infringe on our rights or interests. (4) When it is necessary to cooperate with a national institution or local public body in carrying out legally prescribed duties, and notifying the individual of the purpose of use is likely to impede the performance of said duties.
2. When an individual requests disclosure of retained personal data that can identify that individual, the Company will disclose it to that individual without delay. However, if disclosure would fall under any of the following, the Company may not disclose all or part of the data, and if it decides not to disclose the data, the Company will notify the individual without delay.
(1) When there is a risk of harming the life, body, property, or other rights and interests of the individual or a third party. (2) When there is a risk of causing significant disruption to the proper implementation of our business.
3. Other cases where it would violate laws and regulations The provisions of the preceding paragraph shall apply mutatis mutandis to cases where an individual requests disclosure of records of third-party provision of personal data that identifies that individual (excluding cases that fall under any of the following due to the existence or non-existence of such records becoming clear; the same applies hereinafter).
(1) Anything that may pose a risk to the life, body, or property of the person or a third party. (2) Anything that may encourage or induce illegal or unjust acts. (3) Anything that may pose a risk to national security, damage trust with other countries or international organizations, or cause disadvantage in negotiations with other countries or international organizations. (4) Anything that may pose a risk to the prevention, suppression, or investigation of crimes, or to the maintenance of public safety and order.
Article 7 (Ensuring the accuracy and safety of personal information)
1. Ensuring the accuracy of personal information Our group will endeavor to keep personal information accurate and up-to-date.
2. Ensuring the safety of personal information Our Group will take the following safety management measures to ensure the safety of personal information.
・We will appoint a person responsible for handling personal information.
・We will establish internal regulations regarding the handling of personal information, identify the personal information handled by our group, and establish a system for reporting to the person in charge when we become aware of facts or signs of violations of laws, regulations, etc. or internal regulations regarding the protection of personal information.
・We will provide necessary training to employees regarding important points to note regarding the handling of personal information.
・We will implement physical and technical safety control measures, such as restricting the devices that handle personal information and limiting the persons authorized to access personal information.
When personal information is provided via the internet, we will implement security measures such as encrypting personal information using "SSL (Secure Sockets Layer)" to prevent loss, destruction, falsification, leakage, etc. of personal information due to unauthorized access.
Article 8 (Suspension of use of personal information, etc.)
1. If an individual requests that the Company suspend the use of or delete (hereinafter referred to as "Suspension of Use, etc.") retained personal data that identifies that individual due to any of the following cases, the Company will conduct the necessary investigation without delay, and based on the results, will suspend the use of the retained personal data to the extent necessary in accordance with laws and regulations, and will notify the individual to that effect (or if it is decided not to suspend the use, etc.), provided, however, that if suspending the use, etc. of retained personal data would require a large amount of money or it is otherwise difficult to suspend the use, etc., and if alternative measures necessary to protect the rights and interests of the individual can be taken, the Company will take such alternative measures.
(1) When the information is handled beyond the scope of the purpose of use (or, in the case of business succession, the purpose of use prior to the succession). (2) When the information includes personal information obtained by deception or other wrongful means or special care required personal information obtained without the consent of the individual (except in cases required by law). (3) When the information is used in a manner that is likely to encourage or induce illegal or unjust acts. (4) When there is no longer a need for the Company to use the retained personal data that identifies the individual. (5) When there is or is likely to be a leakage, loss, or damage (hereinafter referred to as "Leakage, etc.") of personal data that includes special care required personal information. (6) When there is or is likely to be a leakage, etc. of personal data that may cause financial damage due to its unauthorized use. (7) When there is or is likely to be a leakage, etc. of personal data that may have been made for an illegal purpose. (8) When there is or is likely to be a leakage, etc. of personal data relating to more than 1,000 individuals. (9) When there is a risk that the handling of the retained personal data will harm the individual's rights or legitimate interests.
2. If an individual requests that we suspend the provision of retained personal data that identifies that individual to a third party due to any of the following cases, we will conduct the necessary investigation without delay, and based on the results, in accordance with laws and regulations, suspend the provision of retained personal data to third parties to the extent necessary, and notify the individual to that effect (or if we decide not to suspend the provision to third parties). However, if suspending the provision of retained personal data to third parties requires a large amount of expense or it is otherwise difficult to suspend the provision to third parties, and if alternative measures necessary to protect the individual's rights and interests can be taken, we will take those alternative measures.
(1) When personal data that can identify an individual is provided to a third party in violation of the provisions of Article 3. (2) When any of the preceding paragraphs 4 to 9 applies.
Article 9 (Correction of personal information, etc.)
1. If the retained personal data that identifies an individual is incorrect, we will correct, add, or delete (hereinafter referred to as "correction, etc.") the personal information at the individual's request in accordance with the procedures established by our company.
2. If we receive a request from an individual as set forth in the preceding paragraph and determine that it is necessary to comply with the request, we will correct the personal information without delay and notify the individual of this. In addition, if we decide not to make corrections, we will notify the individual of this without delay.
Article 10 (Procedures for Disclosure of Personal Information, etc.)
1. We will respond to requests from individuals to disclose their retained personal data, notify them of the purpose of use, correct, etc., suspend use, etc., or suspend provision to third parties, or disclose records of provision to third parties of personal data that can identify individuals (hereinafter referred to as "Disclosure, etc.") except in the following cases:
(1) When the identity of the individual cannot be confirmed. (2) When the authority of attorney cannot be confirmed. (3) When disclosure, etc., is prohibited based on other laws and regulations.
2. If the individual requests disclosure, etc. as set forth in the preceding paragraph, the individual shall make the request in accordance with the following prescribed procedures.
(1) Contact for requests for disclosure, etc.: SHIFFON Co., Ltd.
Personal Information Management Officer: Yuki Taketomi
Akasaka Park Building 18th Floor, 2-20 Akasaka 5-chome, Minato-ku, Tokyo
(2) Disclosure Procedures ① By mail or email: Please fill out and submit the form specified by our company.
②If you contact us by phone: Please answer the same questions as in ① over the phone.
(3) Method of identity verification when requesting disclosure, etc. ① In the case of mail or email: A copy of a public document with a photograph such as a driver's license, personal identification number card (front side only), or passport ② In the case of telephone: Name, address, date of birth, telephone number, or other information that allows us to identify you
(4) Request for Disclosure, etc. by Representative If the person making the request for disclosure, etc. is the person himself/herself, a minor who does not have sufficient judgment capacity or the legal representative of an adult ward, or a representative delegated by the person himself/herself to make the request for disclosure, etc., the following certifying documents must be submitted in addition to the documents listed in the previous paragraph.
① In the case of a legal representative:
・Any document issued within the last 90 days that proves qualifications, such as a certified copy of family register, extract of family register, or certificate of registered matters ・Driver's license, passport, or other document that proves the identity of the representative ② In the case of a voluntary representative:
・A letter of attorney signed and stamped by the person in question, a seal certificate (seal on the letter of attorney), or other document certifying the power of attorney ・A driver's license, passport, or other document certifying the person in question as the representative
(5) Fees and collection methods for requests for notification of purpose of use and disclosure of retained personal data and records of provision to third parties The fee is 800 yen per request (handling fee and registered postage). Please enclose 800 yen worth of postage stamps with your application documents. If the fee is insufficient, we will contact you and ask you to make up the shortfall within the specified period. If the shortfall is not made within the specified period, your application will be considered null and void.
*Applicants are responsible for the issuance of certificates, postage, transportation, and other actual costs.
(6) Method of responding to requests for disclosure and notification of purpose of use We will disclose or notify you in accordance with the method designated by the individual or their agent. However, if disclosure by such method requires a large amount of expense or is otherwise difficult to do, we will disclose or notify you by issuing a written document.
Article 11 (Measures taken to ensure the safe management of retained personal data)
(1) Formulation of a basic policy for personal information protection In order to ensure the proper handling of personal data, we have formulated a basic policy (personal information protection policy) regarding "compliance with relevant laws and guidelines," "contact point for handling questions and complaints," etc.
(2) Establishment of rules for handling personal data We have established rules for handling personal data, including the handling method, responsible persons and their duties, for each stage of acquisition, use, storage, provision, deletion, disposal, etc.
(3) Organizational safety control measures ・We have appointed a personal information manager and a personal information handling manager for the handling of personal data, clarified the employees who handle personal data and the scope of personal data handled by said employees, and established a reporting and communication system in the event that we become aware of any facts or signs of violations of the Personal Information Protection Act or the Personal Information Handling Regulations.
・Regarding the handling of personal data, we regularly conduct self-inspections and have other departments audit our operations.
(4) We provide regular training to employees regarding personnel safety management measures and points to note regarding the handling of personal data.
・Matters regarding confidentiality of personal data are included in the work regulations, and non-disclosure agreements are concluded with all employees and contractors.
(5) Physical security measures: In areas where personal data is handled, we manage employee entry and exit and restrict the devices that can be brought in, and we also take measures to prevent unauthorized persons from viewing personal data.
・We take measures to prevent theft or loss of devices, electronic media, documents, etc. that handle personal data, and we also take measures to prevent personal data from being easily identified when carrying such devices, electronic media, etc., including when moving within the business premises.
(6) We implement technical security measures and access control to limit the scope of personnel and personal information databases handled.
・We have introduced a mechanism to protect information systems that handle personal data from unauthorized external access or malicious software.
(7) Understanding the external environment When handling personal information in foreign countries, we regularly collect and understand information about the personal information protection systems of those countries and take safety control measures.
Article 12 (Procedure for changing personal information protection policy)
We will review the contents of our Personal Information Protection Policy as appropriate and strive to improve it. The contents of our Personal Information Protection Policy may be changed, except for matters otherwise specified by law or in this policy. The changed Personal Information Protection Policy will take effect when it is notified to individuals in accordance with our designated method or when it is posted on our website.
Article 13 (Compliance with laws, regulations and norms)
In handling personal information, we will comply with laws, regulations, notices and other rules that apply to the protection of personal information, and will make continuous improvements to ensure that personal information is handled appropriately.
Article 14 (Response to complaints and inquiries)
We will accept complaints and inquiries from individuals regarding the handling of their personal information and respond appropriately and promptly.We will also respond promptly and appropriately to requests from individuals to disclose, correct, add, delete, or refuse to use or provide their personal information.
Article 15 (Other Use of Information)
(1) Regarding anonymously processed information and pseudonymized information: When we process personal information to create anonymously processed information or pseudonymized information, we will do so in accordance with appropriate procedures in accordance with laws and regulations, and will also implement appropriate safety management. Furthermore, pseudonymized information will not be provided to third parties. When providing anonymously processed information to third parties, we will also do so in accordance with appropriate procedures in accordance with laws and regulations.
(2) Cookies and Other Personal Information When you browse our website, we may collect your identification information, device information, location information, website activity history information, and other access information (collectively referred to as "Cookies"), including cookies, and may provide Cookies to third parties. We may also use third-party access analysis tools (such as Google Analytics) to analyze Cookies and third-party advertising services (such as Google AdSense) to provide advertisements tailored to your interests. While utilizing these tools, we also use Cookies to develop and improve our own and our partner's products and services, conduct marketing research, provide advertisements, and prevent unauthorized access.
In addition, if personal information such as cookies that we obtain from you can be used to identify a specific individual by comparing it with other information at the destination where we provide the information, we will obtain appropriate prior consent from the individual.
・Cookies are strings of information stored on your computer when you access a website, and do not contain any information that can identify you personally. You can refuse to send or receive cookies by changing your browser settings.
・What is Google Analytics?
This is an access analysis tool provided by Google Inc., which collects information about your website usage (access status, traffic, routing, etc.). Google's policies and terms are as follows. If you wish to prevent Google from collecting the above information using cookies, please follow the opt-out procedure on the Google website below.
Google Policies and Terms Google Analytics Opt-out Add-on and Google AdSense
This is an advertising distribution service for website operators provided by Google Inc. Google's policies and terms are as follows. If you do not want Google to use cookies in relation to Google AdSense, please follow the opt-out procedure on the Google website below.
Google Policies and TermsOpting out of Google Ads
Contact
If you have any questions about the personal information policy outlined here, please contact us at the following address.
SHIFFON Co., Ltd.
Personal information manager
Yuki Taketomi
Akasaka Park Building 18th Floor, 2-20 Akasaka 5-chome, Minato-ku, Tokyo