Furthermore, through achieving reliable management of personal information, we will inspire a sense of confidence and security in our customers and other parties (hereinafter referred to as a "Provider") from whom we receive personal information.
Article 1 Our Approach to the Protection of Personal Information
Article 2 Collection of Personal Information
Article 3 Use of Personal Information
1. Customer Personal Information
We shall only use personal information within the scope of the purposes stipulated below, or within the scope of a purpose for which the Provider has given consent through the Inquiry Form or some other method which the Company has deemed appropriate. Within the scope necessary to achieve these purposes, the Company may entrust the handling of personal information to subsidiaries, affiliated companies, or other third-parties.
(1) User management, customer support (customer identity verification/personal authentication, product merchandise/invoices or shipping of prizes to winners of campaigns in which the customer has participated, customer inquiries, consultations, complaints, repairs, support response, confirmation or recording) campaign plans, etc. (provision of advertisements and information such as product merchandise, services, campaigns, etc. by means of invitations, e-mails, etc., distribution of behavioral targeting advertisements using advertisement distributors such as Google and Yahoo! *1 *2)
(2) Implementation of surveys, provision of the Company's services, such as e-commerce websites
(3) Marketing activities conducted after processing that renders personal data non-identifiable (analyses of attribute information/activity histories, etc. that the Company has acquired in order to identify our customers' hobbies and preferences in an effort to improve/enhance merchandise development and other digital services offered by the Company (websites/mobile apps, etc.) *1 *2)
(4) Other purposes about which we notify individuals at the time of information acquisition
In addition, when sharing personal information with our subsidiaries, affiliated companies, or other third parties, we will inform the provider in advance of the personal information to be used jointly and the purpose of the joint use by a method that we deem appropriate, such as the Inquiry Form.
*1 We analyze information obtained from customers such as website browsing histories and purchase histories in order to provide services and distribute advertisements.
*2 There may be cases in which we use customer personal information already retained by the company after referencing customer cookies and other personal information, such as interests, preferences, and browsing histories, obtained from third parties other than the Company, and linking that information with customer personal information already retained by the Company. In such cases, we will obtain consent from the customer beforehand and use the information within the scope of the purposes of use listed above.
2. Personal information regarding business partners (in the case of corporate customers, their officers and employees)
For communications, contract performance, business negotiations, etc. necessary in the course of business
For management of business partner information
3. Personal information related to shareholders (if the shareholders are corporations, their officers and employees)
Exercise of rights and performance of obligations under the Companies Act
Management of shareholder information , such as producing records based on various laws and regulations
4. Personal information about job seekers
Please refer to the link at the bottom of this page.
5. Personal information of employees at the Company and our group companies
Please refer to the link at the bottom of this page.
Article 4 Provision of Personal Information
When entrusting the handling of personal information to a subsidiary, affiliated company, or other third party, we will only do so to the extent necessary to accomplish one or more of the purposes of use listed above. Furthermore, when providing personal information to a third party, we will do so within the scope of the provider's consent. In the event of a scheduled provision, we will obtain the Provider's consent beforehand.
Article 5 Implementation of Security Measures
The Company jointly utilizes personal information Please refer to the link at the bottom of this page to learn more about the joint utilization of personal information of job seekers and our employees.
1. Personal information to be jointly utilized
Information obtained by the Company, such as name, gender, date of birth, address, telephone number, e-mail address, merchandise purchase history, etc.
2. Scope of jointly utilizing persons
Our group companies
Developers, department stores, and other commercial facilities in which the Company has stores
Companies that open stores on e-commerce sites operated by the Company
3. Purpose of joint utilization
Within the scope of purpose of use set forth in the preceding paragraph.
4. Personal information controller
The Company is the entity responsible for controlling personal information.
Article 6 Disclosure, Correction, Deletion of Personal Information
If a Provider requests disclosure, correction/deletion, suspension of use, or deletion of their personal information, we will respond within a reasonable period and scope. Inquiries should be directed to the e-mail address at the bottom of this page.
Article 7 Implementation of Security Measures
The Company will take necessary and appropriate security control measures for the management of personal data, including prevention of leakage, loss or damage. In addition, we will exercise necessary and appropriate supervision over employees and contractors (including subcontractors, etc.) who handle personal information. Regarding personal information security control measures, we are striving to ensure they operate in accordance with our company's internal regulations, the main contents of which are as follows.
(Formulation of personal information protection guidelines)
(Maintaining discipline related to the handling of personal data)
• We have established internal regulations regarding handling methods, responsible persons and persons in charge, and their duties, etc. for each stage of personal data management: acquisition, use, storage, provision, deletion, and disposal.
(Organizational security control measures)
• Along with designating an administrator in charge of the handling of personal data, we have clarified which employees will handle personal data, and also the scope of personal data handled by those employees. Furthermore, we have established a system for reporting to the administrator in charge in the event that we identify an actual or potential violation of personal information protection laws or internal regulations.
• Along with regular self-inspections regarding the handling of personal data, other departments and outside parties conduct audits thereof.
(Personnel security control measures)
• We provide our employees with periodic training on matters to be considered when handling personal data.
• We have described matters concerning the confidentiality of personal data in our Employment Regulations.
(Physical security control measures)
• In addition to placing restrictions on employee access and the type of equipment that may be brought into the areas in which personal data is handled, we have established measures to prevent unauthorized persons from being able to view personal data.
• In addition to taking measures to prevent theft or loss of devices, electronic media, documents, etc. that are involved in the handling of personal data, we have taken measures to prevent personal data from being easily discoverable on said devices, electronic media, etc. when they are being moved from one place to another, including within business premises.
(Technical security control measures)
• We have implemented access controls, and limited the scope of persons in charge and databases that handle personal information.
• We have introduced systems that protect information systems that handle personal data from unauthorized external access and unauthorized software.
Article 8 Legal Compliance and Improvement
With regard to the handling of personal information, we will comply with laws, regulations, notifications and other rules that apply to the protection of personal information, and will strive to make continuous improvements so that personal information is handled appropriately.
Effective from April 2005
Revised in September 2007
Revised in November 2011
Revised in September 2013 (including trade name change)
Revision effective from March 31, 2022
〒150-8510 19th Floor, Shibuya Hikarie, 2-21-1, Shibuya, Shibuya-ku, Tokyo, Japan
Adastria Co., Ltd.
Representative Director and Chairman