Privacy Policy

Adastria Co., Ltd. (hereinafter referred to as the "Company") fully recognizes that the management of personal information is a serious responsibility and pledges to not only act in accordance with the Act on the Protection of Personal Information, but to also establish, implement, and uphold the following Privacy Policy.
Furthermore, through achieving reliable management of personal information, we will inspire a sense of confidence and security in our customers and other parties (hereinafter referred to as a "Provider") from whom we receive personal information.

Article 1 Our Approach to the Protection of Personal Information

We will establish a management system for the protection of different types of personal information used in actual business operations: including customer information, business partner information, shareholder information, job applicant information, as well as information from our own employees. Additionally, with regard to the contents of this Privacy Policy, we will properly and carefully handle personal information in accordance with our internal regulations and standards.

Article 2 Collection of Personal Information

When collecting personal information, etc., we will specify beforehand the purpose of use thereof in a notification or public announcement to the Providers of the information on this website's inquiry form (hereinafter referred to as "Inquiry Form"), in this privacy policy, or by any other methods that the Company deems appropriate. We shall also, to the extent necessary to accomplish such purpose, use lawful and fair means to acquire the information.

Article 3 Use of Personal Information

1. Customer Personal Information

We shall only use personal information within the scope of the purposes stipulated below, or within the scope of a purpose for which the Provider has given consent separately. Within the scope necessary to achieve these purposes, the Company may entrust the handling of personal information to our group companies, or other third-parties.

(1) User management, customer support (customer identity verification/personal authentication, product merchandise/invoices or shipping of prizes to winners of campaigns in which the customer has participated, customer inquiries, consultations, complaints, repairs, support response, confirmation or recording, etc.,), campaign plans, etc. (provision of advertisements and information such as product merchandise, services, campaigns, etc. by means of invitations, e-mails, etc.,), distribution of behavioral targeting advertisements using advertisement distributors such as Google and Yahoo! *1 *2

(2) Implementation of surveys, provision of the information and services related to the content, advertisements, point programs, and the other services (including those provided by other companies, but not limited to Company) on Company’s EC site and mobile app (herein after ‘the site’) and the services provided on the site.

(3) Marketing activities conducted after processing that renders personal data non-identifiable (analyses of attribute information/activity histories, etc. that the Company has acquired in order to identify our customers' hobbies and preferences in an effort to improve/enhance merchandise development and other digital services offered by the Company (websites/mobile apps, etc.) *1 *2)

(4) Other purposes about which we notify individuals at the time of information acquisition

In addition, when sharing personal information with our group companies, or other third parties, we will inform the provider in advance of the personal information to be used jointly and the purpose of the joint use by a method that we deem appropriate.

*1 We analyze information obtained from customers such as website browsing histories and purchase histories in order to provide services and distribute advertisements.

*2 There may be cases in which we use customer personal information already retained by the company after referencing customer cookies and other personal information, such as interests, preferences, and browsing histories, obtained from third parties other than the Company, and linking that information with customer personal information already retained by the Company. In such cases, we will obtain consent from the customer beforehand and use the information within the scope of the purposes of use listed above.

* The term "cookies" refers to a technology that records and manages the information of customers who use our website on computers and application software. Our website uses cookies not only to provide a more user-friendly experience to our customers, but also for the purposes of use described in (1) through (4) above.

2. Personal information regarding business partners (in the case of corporate customers, their officers and employees)
For communications, contract performance, business negotiations, etc. necessary in the course of business
For management of business partner information

3. Personal information related to shareholders (if the shareholders are corporations, their officers and employees)
Exercise of rights and performance of obligations under the Companies Act
Management of shareholder information ,  such as producing records based on various laws and regulations

4. Personal information about job seekers
Please refer to the link at the bottom of this page.

5. Personal information of employees at the Company and our group companies
Please refer to the link at the bottom of this page.

Article 4 Provision of Personal Information

When entrusting the handling of personal information to our group companies, or other third party, we will only do so to the extent necessary to accomplish one or more of the purposes of use listed above. Furthermore, when providing personal information to a third party, we will do so within the scope of the provider's consent. In the event of a scheduled provision, we will obtain the Provider's consent beforehand.

Article 5 Joint Utilization

The Company jointly utilizes personal information Please refer to the link at the bottom of this page to learn more about the joint utilization of personal information of job seekers and our employees.
1. Personal information to be jointly utilized
Information obtained by the Company, such as name, gender, date of birth, address, telephone number, e-mail address, merchandise purchase history, etc.

2. Scope of jointly utilizing persons
Our group companies
Developers, department stores, and other commercial facilities in which the Company and our group companies has/have stores
Companies that open stores on EC sites operated by the Company and our group companies
Companies that provide services on EC sites operated by the Company and our group companies
Providers of the point programs to which the Company and our group companies are affiliated.
Service providers of information technology related to the sites operated by the Company and our group companies, security service providers, marketing service providers, and advertising distribution companies, etc.

3. Purpose of joint utilization
Within the scope of purpose of use set forth in Article 3.

4. Personal information controller
and ST Co., Ltd. is the entity responsible for controlling personal information of our customers.
The Company is the entity responsible for controlling personal information other than that of our customers.

Article 6 Disclosure, Correction, Deletion of Personal Information

If the Company is requested disclosure, correction/deletion, suspension of use, or deletion of personal data that we hold, we will respond within a reasonable period and scope in accordance with the provisions of the law and our prescribed procedures. Inquiries should be directed to the inquiry form at the bottom of this page.

Article 7 Implementation of Security Measures

The Company will take necessary and appropriate security control measures for the management of personal data, including prevention of leakage, loss or damage. In addition, we will exercise necessary and appropriate supervision over employees and contractors (including subcontractors, etc.) who handle personal information.  Regarding personal information security control measures, we are striving to ensure they operate in accordance with our company's internal regulations, the main contents of which are as follows.
(Formulation of personal information protection guidelines)
• In order to ensure the proper handling of personal data, we are formulating this Privacy Policy, which covers "Adherence to related laws, regulations, and guidelines," and the "Inquiry and Complaint Desk."
(Maintaining discipline related to the handling of personal data)
• We have established internal regulations regarding handling methods, responsible persons and persons in charge, and their duties, etc. for each stage of personal data management: acquisition, use, storage, provision, deletion, and disposal.
(Organizational security control measures)
• Along with designating an administrator in charge of the handling of personal data, we have clarified which employees will handle personal data, and also the scope of personal data handled by those employees. Furthermore, we have established a system for reporting to the administrator in charge in the event that we identify an actual or potential violation of personal information protection laws or internal regulations.
• Along with regular self-inspections regarding the handling of personal data, other departments and outside parties conduct audits thereof.
(Personnel security control measures)
• We provide our employees with periodic training on matters to be considered when handling personal data.
• We have described matters concerning the confidentiality of personal data in our Employment Regulations.
(Physical security control measures)
• In addition to placing restrictions on employee access and the type of equipment that may be brought into the areas in which personal data is handled, we have established measures to prevent unauthorized persons from being able to view personal data.
• In addition to taking measures to prevent theft or loss of devices, electronic media, documents, etc. that are involved in the handling of personal data, we have taken measures to prevent personal data from being easily discoverable on said devices, electronic media, etc. when they are being moved from one place to another, including within business premises.
(Technical security control measures)
• We have implemented access controls, and limited the scope of persons in charge and databases that handle personal information.
• We have introduced systems that protect information systems that handle personal data from unauthorized external access and unauthorized software.
(Understanding the external environment)
We always obtain the latest information on the personal information protection systems of relevant foreign countries, and take safety management measures in accordance with the content of the relevant systems.

Article 8 Legal Compliance and Improvement

With regard to the handling of personal information, we will comply with laws, regulations, notifications and other rules that apply to the protection of personal information, and will strive to make continuous improvements so that personal information is handled appropriately.

Effective from April 2005
Revised in September 2007
Revised in November 2011
Revised in September 2013 (including trade name change)
Revised on March 31, 2022
Revised in December 2024

〒150-8510  27th Floor, Shibuya Hikarie, 2-21-1, Shibuya, Shibuya-ku, Tokyo, Japan
Adastria Co., Ltd.
Representative Director and Chairman
Michio Fukuda