Privacy policy
1 Aug 2024 Formulation.
Business operator handling personal data
TWO-FACE JAPAN Ltd.
Address: 5F Wako Building, 1-12-16 Jinnan, Shibuya-ku, Tokyo
Name of representative: Tetsuro Matsuzaki, Representative Director
TWO-FACE JAPAN Co. (hereinafter referred to as the "Company") is a company that provides services provided by the Company (hereinafter referred to as the "Company's Services"). (hereinafter referred to as 'the Company') handles the information of users of the services provided by the Company (hereinafter referred to as 'our services') as follows.
Article 1 (General provisions)
The Company complies with the Act on the Protection of Personal Data (Act No. 57 of 2003, hereinafter referred to as the 'Personal Data Protection Act') and other relevant laws and regulations. The Company shall comply with the Act on the Protection of Personal Data (Act No. 57 of 2003, hereinafter referred to as the 'Personal Data Protection Act') and other relevant laws and regulations, and shall strive to properly handle and protect the personal data ('personal data' as defined in Article 2(1) of the Personal Data Protection Act, hereinafter the same applies) of users. The Company shall endeavour to properly handle and protect the personal information of the Users (defined in Article 2.1 of the Personal Information Protection Act, hereinafter the same).
This Privacy Policy (hereinafter referred to as the 'Policy') applies to the use of our services. This Privacy Policy ("Policy") applies to the use of our services. In addition, if the Company stipulates the handling of personal information on its website, in its privacy policy or other privacy policies or in its terms of use for its services, such stipulations shall also apply, and if such stipulations conflict with this Policy, this Policy shall take precedence. This Policy shall prevail.
In the event that the Company's Services are affiliated with services provided by third parties other than the Company (hereinafter referred to as "Affiliated Services"), the Affiliated Services and other services provided by parties other than the Company shall be governed by this Policy. In the case of the Affiliated Services and other services provided by parties other than the Company (hereinafter collectively referred to as the "External Services"), the provisions of this Policy shall apply. The provisions of this Policy do not apply to the External Services. For the handling of personal information in External Services, please refer to the privacy policy, etc., separately stipulated by the operator of the External Service in question.
Article 2 (Information acquired by the Company and the method of acquisition)
The Company may acquire and use the User's information, including personal information, for the Company's Services as set out below.
Information to be provided by the user The user's name, gender, date of birth, address, telephone number, e-mail address and other information that the user voluntarily enters or provides through our services.
Information we collect when you use our services (a) Terminal information used by the user (ID information that can identify the terminal, etc.) (b) Log information, action history and information on the status of use of our services. (c) Payment information (d) Cookies and anonymous IDs (e) Information obtained through cooperation with external services (f) Other information to which the user consents.
When acquiring user information, including personal information, the Company will not use deception or other wrongful means, but will acquire the information properly. If the Company acquires personal information by any means other than through the use of the Company's services, the Company shall notify the User of the purpose of use or make it public in advance.
Article 3 (Purpose of use)
The Company shall properly handle the personal information acquired through its services within the scope of the following purposes. We will not use the information beyond the scope of the purpose of use without the consent of the user, nor will we use the information in a way that may encourage or induce illegal or unjust acts.
Provision, maintenance and quality improvement of our services
Screening in user registration
Identification and prevention of unauthorised use
Billing and payment settlement procedures for usage fees
Response to enquiries about our services.
Notification of changes to our terms of use and policies regarding our services, suspension, discontinuation or termination of our services and other important notices regarding our services.
Business guidance regarding our services or affiliated services.
Research and analysis of the usage of our services, etc.
Provision of information on delivery addresses to third parties for product management and delivery.
The Company may change the purpose of use in the preceding paragraph to the extent that it is reasonably deemed to be relevant to the purpose of use before the change, and in the event of a change, the Company will notify the user or make a public announcement on the Company's services or on the website operated by the Company or by other means.
The Company will process the personal information it has acquired into anonymised processed information (anonymous processed information as defined in Article 2.6 of the Personal Data Protection Act, the same applies below), which does not identify the user, or into statistical information, and will use this information for the purpose of processing the user's personal information. The information may be processed into anonymised information or statistical information and used for this purpose. When we have created anonymised processed information, we will make public the items of information relating to individuals contained in such anonymised processed information by posting on the website operated by us or by other appropriate means.
The Company shall process the personal information it has acquired into pseudonymised information (i.e. 'pseudonymised information' as defined in Article 2(5) of the Personal Data Protection Act, hereinafter the same shall apply), which cannot be used to identify the user unless it is cross-checked with other information. The user may be processed into pseudonymised information ('pseudonymised information' as defined in Article 2(5) of the Personal Data Protection Act, hereinafter the same applies) and used.
Article 4 (Provision to third parties)
The Company shall not provide personal information to third parties without the consent of the user, except in accordance with the Personal Data Protection Act and other laws and regulations.
If personal information is provided to a third party based on the user's consent, the Company shall make and keep a record of the following matters
Prior consent has been obtained from the user.
The name and address of the third party and, in the case of a legal entity, the name of its representative (in the case of an unincorporated association with a designated representative or manager, the name of its representative or manager) (if the information is provided to an unspecified and large number of persons, this will be stated)
the name of the user identified by such personal information and other information sufficient to identify such user.
Items of such personal information
The Company shall use personal-related information (as defined in Article 2(7) of the Personal Data Protection Act) personal data (as defined in Article 16(3) of the Personal Data Protection Act). In cases where personal information (as defined in Article 2(7) of the Personal Data Protection Act) is provided to a third party who is expected to acquire the information as personal data (as defined in Article 16(3) of the Personal Data Protection Act), the Company shall, unless otherwise required by the Personal Data Protection Act or other laws and regulations, confirm in advance that the third party has the consent of the user concerned to allow the information to be acquired as personal data by which the user concerned is identified. The third party shall confirm that it has obtained the consent of the user to allow the third party to acquire the information as personal data that identifies the user.
Article 5 (Outsourcing the handling of personal data)
The Company may entrust the handling of all or part of the personal data obtained from the User to a third party to the extent necessary to achieve the purpose of use. In this case, the Company will provide the necessary and appropriate supervision to ensure that the information is appropriately secured and managed by the third party to which it is entrusted.
Article 6 (Joint use)
The Company may share personal information obtained from Users with partner operators and other third parties to the extent necessary for the provision of partner services. In this case, the Company shall publish in advance the fact of such joint use, the items of information to be jointly used, the scope of the joint users, the purpose of use of the joint users, the name and address of the person responsible for managing such information and the name of the representative on the website operated by the Company or in any other appropriate manner.
Article 7 (Safety management system)
The Company shall take all necessary and appropriate measures to prevent leakage, loss or damage and to otherwise manage the security of the personal information it handles. For further information on the details regarding the security control measures for personal information, please contact the enquiry desk set out in Article 11.
Article 8 (User's right to disclosure and correction of personal information)
Please contact the enquiry desk set out in Article 11 for information on measures such as disclosure, correction, deletion, suspension of use or disclosure of records of provision to third parties of personal information in our services. However, we may not be able to carry out these procedures if we are not obliged to do so under the Personal Data Protection Act or other legislation, if the same request is repeated several times without justifiable reason, or if excessive technical work is required.
Article 9 (External transmission of user information)
The Company transmits information about users (user information) to the following external operators using cookies and other terminal identifiers. Name of operator. Google LLC. Service name Google Analytics and Google Ads Transmitted user information Identification information (e.g. client ID) Information about the device (e.g. browser type and operating system information) Information about the network (e.g. IP address) Information relating to access history/action history (e.g. referrer) Purposes of use by the Company and the sender Analysis of website usage, etc. Advertising and marketing
Name of business Shopify Japan K.K. Service name Shopify Payment User information sent Credit card details Email address Purpose of use by us/submitter Credit card payment
Name of business NE Corporation (NE Corporation) Name of service NextEngine (centralised inventory management service) User information to be transmitted Information on purchased products, delivery address information Purpose of use by the Company and the recipient of the transmission Product inventory management, delivery instructions
Name of business Open Logistics Co. Name of service Shopify logistics agency service User information sent Purchased product information, delivery address information Purpose of use by the company and recipient Delivery of purchased products to the customer
Article 10 (Changes to this Policy)
The Company shall review the operational status of the handling of personal information from time to time and strive for continuous improvement, and may change this Policy from time to time as necessary. In the event of any changes to the content of this Policy that would require the consent of the user under the law, the consent of the user will be obtained in advance by a separate method deemed appropriate by the Company.
The Policy after change shall be notified on the Company's services or on the website operated by the Company or by other easy-to-understand methods, and shall come into effect from the time of such notification.
Article 11 (Inquiries)
If you have any comments, questions, complaints or other enquiries regarding the handling of personal data by the Company, please contact us via the contact page.