Article 1 (Basic Policy on Acquisition of Personal Information)Recognizing that the protection of personal information is an important social responsibility, the business operator shall comply with the Act on the Protection of Personal Information and other related laws and regulations, as well as guidelines established by the Personal Information Protection Committee, and handle personal information appropriately as described below.
- Business operators shall comply with laws, national guidelines, and other norms related to the protection of personal information.
- When acquiring personal information, the operator will clarify the purpose of use and use appropriate means.
- When using personal information, the operator will do so within the scope of the stated purpose of use and will take measures to ensure that the information is not used for purposes other than the stated purpose.
- The business operator will not disclose or provide personal information to third parties, except with the consent of the individual or with justifiable cause.
- In order to prevent leakage, loss, damage, etc. of personal information, the business entity shall strive to improve information security and take appropriate preventive and corrective measures as needed.
- Business operators will respond sincerely and promptly to inquiries, requests for disclosure, etc., as well as complaints and consultations regarding personal information.
- The operator will maintain and continually improve its management system for the protection of personal information.
Article 2 (Definitions)Personal Information” means information concerning a living individual that falls under any of the following categories
- Any information that identifies a specific individual (excluding personal identification codes) by name, date of birth, or other description, etc. (any matter described or recorded in a document, drawing, or electromagnetic record (a record made by electronic, magnetic, or other means unrecognizable to human perception), or expressed by voice, motion, or other means) contained in such information; or (excluding personal identification codes) that can be used to identify a specific individual (including information that can be easily cross-checked with other information and thereby identify a specific individual).
- Items that contain personal identification codes.
- Personal data refers to personal information that constitutes personal information databases, etc., where personal information is in a searchable form, such as a list or directory.
- Site means the Charm & Ko. doll store.
- Service means the collective term for the products and services offered on the Site.
- Personal information requiring special consideration means information on race, creed, social status, medical history, criminal record, criminal damage information, and other information specified by government ordinance as requiring special consideration so as not to cause unjust discrimination or prejudice against the person (e.g., the existence of physical, intellectual, or mental disabilities, results of medical examinations or other tests, health guidance, medical treatment and dispensing information, (i.e., the fact that procedures related to a criminal case, such as arrest or search, were conducted with the person as a suspect or defendant, or that procedures related to a juvenile protection case, such as protective measures, were conducted with the person as a juvenile delinquent or suspected juvenile delinquent).
Article 3 (Method of obtaining personal information)
- Business operators may acquire personal information by means of automatic acquisition from terminals, acquisition from users or their proxies in writing or by submitting forms, etc. However, such information shall be acquired appropriately only to the extent necessary to achieve the purpose of use, and shall not be acquired through deception or other wrongful means.
- When a business entity receives personal information from a minor user, the business entity shall obtain the confirmation and consent of the parent or guardian in advance.
Article 4 (Purpose of Use)The Service Provider shall use the personal information it has acquired for the following purposes
- For identification and personal authentication of users regarding use of the Service
- To ship products and provide services related to the Service
- For inspections, repairs, and after-sales services related to the Service
- To send information regarding the Service
- To confirm and distribute applications for newsletters, e-mail newsletters, etc.
- For planning, research and development, quality improvement and enhancement of the Service
- To customize the contents of the Service to suit the user
- To request participation in surveys and various events, and to report the results of such surveys and events
- To conduct sales promotion activities such as campaigns related to the Service, including personal authentication of users, identification, screening, drawing of winners, and delivery of prizes and rewards
- To confirm and respond to opinions, inquiries, word-of-mouth postings, and other communications regarding the Service
- To notify users of changes to the terms and conditions of the Service.
- For purposes of use other than those stipulated in this section, which have been publicly announced or notified appropriately by the operator, and for purposes of use for which the user has given consent.
Article 5 (Security Control Measures for Personal Data)The Service Provider shall take appropriate organizational, physical, and technical safety control measures, including data erasure, to prevent unauthorized access to personal data, loss, destruction, alteration, or leakage of personal data, and to otherwise safely control personal information. In addition, we will endeavor to educate and enlighten our directors, officers, employees, and others who handle personal information in order to protect personal information.
Article 6 (Provision to Third Parties)
- Except in the following cases, the business operator shall not provide personal data to a third party without obtaining the prior consent of the individual concerned.
However, this excludes cases permitted under the Personal Information Protection Law and other laws and regulations.
- Cases in which the provision of personal data is necessary for the protection of the life, body, or property of an individual and in which it is difficult to obtain the consent of the individual
- When the provision of personal information is especially necessary for improving public health or promoting the sound growth of children, and when it is difficult to obtain the consent of the individual concerned.
- When it is necessary to cooperate with a national agency, a local government, or an individual or entity entrusted by either a national agency or local government to execute affairs prescribed by law, and obtaining the consent of the individual is likely to impede the execution of such affairs.
- Notwithstanding the preceding paragraph, the recipient of personal data shall not fall under the category of a third party in the following cases
- Cases in which the business operator outsources all or part of the handling of personal data within the scope necessary to achieve the Purposes of Use
- Cases in which personal data is provided as a result of the succession of a business due to a merger or other reasons
- Cases in which personal data will be used jointly with a specific person, and in which this fact, the items of personal data to be jointly used, the scope of joint use, the purpose of use by the person using the personal data, and the name or title of the person responsible for managing the personal data are notified to the person in advance, or are made readily accessible to the person (2) In the event that the Company has notified the individual in advance, or has placed the information in a manner that is readily accessible to the individual
- Notwithstanding the provisions of Paragraphs 1 and 2 of this Article, the business operator shall obtain the prior consent of the individual when providing personal data to a third party located in a foreign country (excluding those who have established a system conforming to the standards specified in the Rules of the Personal Information Protection Commission under Article 24 of the Personal Information Protection Law).
Article 7 (Disclosure of Personal Data)
- When a business operator receives a request for disclosure of personal data from an individual, the business operator shall disclose such data to the individual without delay.
However, if disclosure would result in any of the following cases, all or part of the data may not be disclosed, and if a decision not to disclose is made, the user will be notified to that effect without delay.
- If there is a risk of harm to the life, body, property, or other rights or interests of the user or a third party
- If there is a risk of significant hindrance to the proper conduct of the business of the operator
- Cases in which disclosure would violate other laws or regulations
- Please note that a fee of 15,000 yen per case must be paid in advance for the disclosure of personal data, regardless of whether or not the data is available for disclosure.
Article 8 (Correction, Addition, or Deletion of Personal Data)In the event that there is an error in the user’s personal data held by the operator, the user may request the operator to correct, add to, or delete or correct the personal data in accordance with the procedures stipulated by the operator. If the operator receives a request for correction, etc. from a user and determines that it is necessary to respond to the request, the operator shall make the correction, etc. to the relevant data without delay. When a business operator corrects, etc. based on the above, or decides not to do so, the business operator will notify the user of this without delay.
Article 9 (Suspension of Use and Deletion of Personal Data)
- If a business operator receives a request from an individual to discontinue the use or erase (“discontinue use, etc.”) of personal data on the grounds that such personal data has been handled beyond the scope of the purposes of use or has been obtained through wrongful means, the business operator will conduct the necessary investigation without delay. If, as a result of the investigation, it is determined that it is necessary to comply with the request, the business will cease use of the relevant personal information without delay.
- In the event that the business operator suspends the use of personal information, or decides not to suspend the use of personal information, the business operator will notify the user of this decision without delay.
- Notwithstanding (1) and (2) above, in cases where suspension of use, etc. requires a large amount of expense or is otherwise difficult to implement, and when alternative measures necessary to protect the rights and interests of the user can be taken, alternative measures to suspension of use, etc. will be taken.
Article 10 (Request Procedures)Please contact the following for procedures for requesting disclosure, correction, etc., or discontinuance of use of personal data as described above.
Article 11 (Retention Period of Personal Data)When personal data is no longer required to be used, the business operator will endeavor to delete said personal data without delay, except in cases where retention is required by law.
- Users may refuse to accept cookies by changing their browser settings. In this case, you may still be able to use the Site, but you may not be able to use some of its functions. In addition, cookies used by third-party service providers for personalized advertising can be disabled from their websites, so please refer to the relevant third-party service provider’s website or https://optout.aboutads.info/
Article 13 (Copyright)No copyright is waived for articles on this site. Unauthorized reproduction of any text, images, videos, or other copyrighted information that exists on this site is prohibited. Please contact the business if you wish to reprint the information.
Article 14 (Contact for Inquiries)firstname.lastname@example.org
Article 15 (Revision of this Policy and Change of Purpose of Use)The Service Provider shall revise this Policy as necessary. However, the purpose of use shall be changed only when it is reasonably deemed that the purpose of use is relevant to the purpose of use before the change. Any revision of this policy or change in the purpose of use shall become effective when the business notifies the users of the revised or changed contents in the manner prescribed by the business or publicly announces the revised or changed contents on this website.
Date of enactment: 02/01/2022