Privacy policy

franky Co., Ltd. (hereinafter referred to as the "Company") recognizes the importance of protecting personal information, complies with the Act on the Protection of Personal Information (hereinafter referred to as the "Personal Information Protection Act"), and strives to appropriately handle and protect personal information in accordance with the following privacy policy (hereinafter referred to as the "Privacy Policy"). Unless otherwise specified in this privacy policy, the definitions of terms in this privacy policy are in accordance with the provisions of the Personal Information Protection Act.

1. Definition of personal information

In this privacy policy, personal information refers to information about living individuals that falls under any of the following items.

(1) Information that can identify a specific individual by name, date of birth, and other descriptions contained in the information (meaning any items written or recorded in documents, drawings, or electromagnetic records, or expressed using voice, movement, or other methods) (including information that can be easily compared with other information and thereby identify a specific individual).

(2) Items that include a personal identification code

2. Purpose of use of personal information

Our company uses personal information for the following purposes.

(1) WIND AND SEATo provide brand sales business (hereinafter referred to as "our services") (including, but not limited to, product delivery, payment, maintenance or troubleshooting, identity verification, authentication, ensuring security, etc.)

(2) To provide information regarding our services, respond to inquiries, etc.

(3) To inform or advertise products and services of our company or third parties through e-mail magazine distribution or other methods, and to measure advertising effectiveness.

(4) To respond to acts that violate our company's terms, policies, etc. (hereinafter referred to as "Terms, etc.") regarding our services.

(5) To notify you of changes to the terms of our services, etc.

(6) To analyze user input information or registration information, order information (including cancellation information, etc.), product purchase history, and other information related to user service usage status, etc., and use it to improve our services, develop new services, etc.

(7) To conduct, operate or manage surveys, campaigns, seminars or events

(8) To provide point services operated by our company.

(9) For employment management and internal procedures (about personal information of executives and employees), for selection and communication in human resource recruitment activities (about personal information of applicants)

(10) For shareholder management, corporate law, and other legal procedures (regarding personal information of shareholders, stock acquisition rights holders, etc.)

(11) In connection with our services, to create statistical data processed in a format that does not identify individuals.

(12) For other purposes incidental to the above purposes of use.

3. How to collect personal information, etc.

3.1 In providing our services (as defined in Section 2), we collect the following information from users of our services by the following methods:

(1) Information we collect

① Profile information such as name, date of birth, address, phone number, email address, gender, hobbies, interests, etc.

② Information entered or submitted by users through input forms or other methods specified by our company

③ Information regarding the usage status and usage method of our services (including information such as referrer, IP address, server access log, cookie, ADID, IDFA and other identifiers, terminal information, content viewed or viewed by the user, usage time, and other user behavior history).

④ Information regarding inquiries

(2) Collection method

① How Users Enter Information on Our Services

② How we collect information when you use our services

③ How to receive information from our affiliates (including external service providers such as SNS, information providers, advertisers, advertising distribution destinations, etc.)

3.2 The Company retains the information set forth in Section 3.1, Item 1 during the period in which the Company's services are provided and until one year after the provision of the Company's services ends.

4. Change of purpose of use of personal information

Our company may change the purpose of use of personal information within the scope that is reasonably considered to be relevant, and in the event of a change, we will notify or publicly announce the individual who is the subject of the personal information (hereinafter referred to as the "principal").

5. Use of personal information

5.1 Our company will not handle personal information beyond the scope necessary to achieve the purpose of use without obtaining the consent of the person, except as permitted by the Personal Information Protection Act and other laws and regulations. However, this does not apply in the following cases.

(1) When based on laws and regulations

(2) When it is necessary to protect a person's life, body, or property, and it is difficult to obtain the consent of the person.

(3) When it is particularly necessary to improve public health or promote the healthy upbringing of children, and it is difficult to obtain the consent of the individual.

(4) When it is necessary to cooperate with a national institution, local government, or a person entrusted by them in carrying out affairs stipulated by law, and obtaining the consent of the person concerned is likely to impede the execution of said affairs.

(5) When personal data is provided to an academic research institution, etc., and the said academic research institution, etc. needs to handle the personal data for academic research purposes (including cases where part of the purpose of handling the personal data is for academic research purposes, excluding cases where there is a risk of unjustly infringing on the rights and interests of individuals).

5.2 Our company will not use personal information in any way that may encourage or induce illegal or unjust acts.

6. Proper acquisition of personal information

6.1 Our company acquires personal information appropriately and does not acquire it through falsehood or other illegal means.

6.2 Our company will not acquire sensitive personal information (as defined in Article 2, Paragraph 3 of the Personal Information Protection Act) without the prior consent of the person, except in the following cases:

(1) If any of Items 1 to 4 of Section 5.1 apply.

(2) When acquiring sensitive personal information from an academic research institution, etc., and when it is necessary to acquire the sensitive personal information for academic research purposes (including cases where part of the purpose of acquiring the sensitive personal information is for academic research purposes, excluding cases where there is a risk of unfairly infringing the rights and interests of individuals) (limited to cases where the relevant personal information handling business operator and the academic research institution, etc. jointly conduct academic research)

(3) If the relevant personal information requiring special consideration is disclosed by the person, a national agency, a local government, an academic research institution, etc., a person listed in each item of Article 57, Paragraph 1 of the Personal Information Protection Act, or any other person specified by the rules of the Personal Information Protection Commission.

(4) When obtaining personal information that requires special consideration that is obvious from its appearance by visually observing or photographing the person.

(5) When receiving personal information requiring special consideration from a third party, and the provision by the third party falls under any of the items in Section 9.1.

6.3 When receiving personal information from a third party, our company will confirm the following items in accordance with the rules of the Personal Information Protection Commission. However, this excludes cases where the provision of personal information by the third party falls under any of the items in Section 5.1 or any of the items in Section 9.1.

(1) The name or name and address of the third party, and in the case of a corporation, the name of its representative (in the case of an unincorporated organization with a designated representative or administrator, its representative or administrator).

(2) Background of the acquisition of the personal information by the third party

7. Safety management of personal information

Our company provides necessary and appropriate supervision over our employees to ensure the safe management of personal information against risks such as loss, destruction, falsification, and leakage of personal information. Additionally, when outsourcing all or part of the handling of personal information, our company will provide necessary and appropriate supervision to ensure the safe management of personal information at the outsourcing company. The details of the specific safety management measures regarding personal data held by our company are as follows.

Formulation of basic policy	In order to ensure the proper handling of personal data, we have formulated this privacy policy as a basic policy regarding "compliance with relevant laws and guidelines, etc." and "desktop for handling questions and complaints."
Establishment of regulations regarding the handling of personal data	Establish rules for handling personal data regarding handling methods, persons in charge and their duties, etc. for each stage of acquisition, use, storage, provision, deletion/disposal, etc.
Organizational security control measures	1) In addition to establishing a person responsible for the handling of personal data, we will clarify the employees who handle personal data and the scope of personal data handled by those employees, and establish a reporting system to the person in charge in the event that we learn of facts or signs of violation of laws or handling regulations. 2) Regularly conduct self-inspections regarding the handling status of personal data, and conduct audits by other departments and external parties.
Personnel safety management measures	Matters related to confidentiality of personal data are included in the employment regulations.
Physical safety control measures	Take measures to prevent theft or loss of devices, electronic media, documents, etc. that handle personal data, and take measures to prevent personal data from being easily discovered when carrying such devices, electronic media, etc., including when moving within the office.
Technical safety control measures	1) Implement access control to limit the scope of personnel and personal information databases, etc. handled 2) Introducing a mechanism to protect information systems that handle personal data from unauthorized external access or unauthorized software.
Understanding the external environment	Since the foreign country where the provider of the cloud service we use is located is Canada, and the country where the server where personal data is stored in the service is located is Canada or the United States, we will implement security management measures after understanding the systems for protecting personal information in Canada and the United States.When our company handles personal data in a foreign country, we will take security management measures after understanding the systems, etc. regarding the protection of personal information in that foreign country.

8. Reporting in the event of a leak, etc.

In the event that personal information handled by the Company is leaked, lost, damaged, etc., the Company will report to the Personal Information Protection Committee and notify the person concerned in accordance with the provisions of the Personal Information Protection Act.

9. Third party provision

9.1 Our company will not provide personal information to a third party without the prior consent of the person, except in cases that fall under any of the items in Section 5.1. However, the following cases do not constitute provision to a third party as specified above.

(1) When personal information is provided in conjunction with entrusting all or part of the handling of personal information to the extent necessary to achieve the purpose of use.

(2) When personal information is provided due to business succession due to merger or other reasons

(3) When jointly using information pursuant to the provisions of the Personal Information Protection Act

9.2 Notwithstanding the provisions of Section 9.1, except in cases falling under any of the items of Section 5.1, the Company shall not be liable for any third party located in a foreign country (excluding countries designated by the rules of the Personal Information Protection Commission based on Article 28 of the Personal Information Protection Act). When providing personal information to a third party (excluding those who have established a system that complies with the standards specified by the Personal Information Protection Commission Regulations pursuant to Article 28), we will obtain the consent of the person in advance to allow the provision to a third party located in a foreign country.

9.3 If we obtain the consent of the principal for the provision of personal information to a third party located in a foreign country pursuant to Section 9.2, we shall provide the principal with information regarding the following matters: However, if the matter in item 1 cannot be specified, in place of the matters in items 1 and 2, we will provide information to the effect that the matter in item 1 cannot be specified, the reason for that, and if there is information that could be helpful to the person in place of the matter.

(1) Name of the foreign country

(2) Information regarding the system for protection of personal information in the foreign country

(3) Information regarding measures taken by the third party to protect personal information (if the information cannot be provided, that fact and the reason)

9.4 When we provide personal information to a third party, we will create and preserve records in accordance with Article 29 of the Personal Information Protection Act.

9.5 When our company receives personal information from a third party, we will conduct the necessary confirmation in accordance with Article 30 of the Personal Information Protection Act, and create and preserve records related to such confirmation.

10. Disclosure of personal information, etc.

10.1 When we are requested by a person to disclose personal information based on the provisions of the Personal Information Protection Law, we will disclose the information to the person without delay after confirming that the request is from the person himself/herself (If the personal information does not exist, we will notify the person to that effect.) However, this does not apply if the Company is not obligated to disclose pursuant to the Personal Information Protection Act or other laws and regulations.

10.2 The provisions of the preceding paragraph shall apply mutatis mutandis to records related to provision to third parties created pursuant to Section 9.4 and records related to provision from third parties created pursuant to Section 9.5 regarding personal information that identifies the individual. However, provisions regarding fees are excluded.

11. Correction of personal information, etc.

If a person requests that the personal information be corrected, added to, or deleted (hereinafter referred to as "correction, etc.") based on the provisions of the Personal Information Protection Law because the personal information is not true, we will confirm that the request is made by the person himself/herself, and then We will conduct the necessary investigation without delay to the extent necessary to achieve the purpose of use, and based on the results, we will make corrections to the personal information and notify the person to that effect (if we decide not to make any corrections, we will notify the person to that effect). However, this does not apply if the Company is not obligated to make corrections, etc. pursuant to the Personal Information Protection Act or other laws and regulations.

12. Suspension of use of personal information, etc.

The Company shall receive complaints from the person on the grounds that (1) the person's personal information is being handled beyond the scope of the previously announced purpose of use, or is being used in a manner that is likely to encourage or induce illegal or unjust acts, or that the person's personal information has been obtained by false or other illegal means; If you are requested to suspend the use or delete your personal information (hereinafter referred to as "suspension of use, etc.") based on the provisions of the Personal Information Protection Law because the personal information has been provided to a third party without your consent, (2) suspend the provision of your personal information based on the provisions of the Personal Information Protection Law (hereinafter referred to as "suspension of provision") because the personal information has been provided to a third party without your consent. ), or (3) the Company no longer needs to use the person's personal information, or a situation stipulated in Article 26, Paragraph 1 of the Personal Information Protection Act regarding the person's personal information has occurred, or in other cases where there is a risk that the person's rights or legitimate interests may be harmed by the handling of the person's personal information. If we are requested to suspend the use, etc. or discontinue the provision of personal information based on the provisions of the Personal Information Protection Act, and if it turns out that there is a reason for the request, we will suspend the use, etc. or discontinue the provision of personal information without delay after confirming that the request was made by the person himself/herself, and notify the person to that effect. However, this does not apply if the Company is not obligated to suspend use or discontinue provision pursuant to the Personal Information Protection Act or other laws and regulations.

13. Provision of personal information to third parties

13.1 When it is anticipated that a third party will acquire personal information (meaning as defined in Article 2, Paragraph 7 of the Personal Information Protection Act, and limited to information that constitutes a personal information database, etc. as defined in Article 16, Paragraph 7 of the same Act; the same shall apply hereinafter) as personal data, the Company will not provide such personal information to the third party without first confirming the following matters in accordance with the rules of the Personal Information Protection Commission, in addition to the cases listed in the items of Section 5.1.

(1) The person's consent has been obtained to allow the third party to receive personally-related information from the Company and acquire it as personal data that can identify the person.

(2) When providing personal information to a third party located in a foreign country, when obtaining the consent of the person mentioned in the previous item, the person must be provided in advance with the system for protecting personal information in the foreign country, the measures taken by the third party to protect personal information, and other information that should be helpful to the person, pursuant to the rules of the Personal Information Protection Commission.

13.2 When we provide personal information to a third party, we will create and preserve records in accordance with Article 31 of the Personal Information Protection Act.

13.3 When receiving personal information from a third party, the Company shall conduct necessary confirmations and create and preserve records related to such confirmations in accordance with Article 31 of the Personal Information Protection Law.

14. Handling of kana processing information

14.1 When creating pseudonymized information (meaning what is defined in Article 2, Paragraph 5 of the Personal Information Protection Act, and limited to information that constitutes a pseudonymized information database, etc. as defined in Article 16, Paragraph 5 of the same Act; the same shall apply hereinafter), the Company shall process personal information in accordance with the standards established by the Personal Information Protection Commission Rules.

14.2 When the Company creates pseudonymized information, or obtains pseudonymized information and deleted information related to said pseudonymized information (meaning what is defined in Article 41, Paragraph 2 of the Personal Information Protection Act; the same applies hereinafter), the Company shall take measures for the safety management of deleted information, etc. in accordance with the standards set by the rules of the Personal Information Protection Commission as necessary to prevent the leakage of deleted information, etc.

14.3 Our company will not handle pseudonymized information (limited to personal information; the same shall apply hereinafter in Sections 145.3 to 145.5) beyond the scope necessary to achieve the purpose of use, except as required by law.

14.4 Regarding the application of Paragraph 4 to pseudonymized information, the phrase "to be changed within the scope reasonably deemed to be relevant" in the same paragraph shall be deemed to be replaced with "change," and the phrase "to be notified or announced" shall be deemed to be replaced with "to be announced."

145.5 The provisions of paragraphs 8 and 101 to 123 shall not apply to pseudonymized information.

14.6 Notwithstanding the provisions of Sections 9.1 to 9.3, the Company will not provide personal data that is pseudonymized information to third parties, except as required by law. However, the cases listed in each item of Section 9.1 do not fall under the provision of personal information to a third party as specified above.

15. Use of cookies and other technologies

15.1 Our services may use cookies and similar technologies. These technologies help us understand the usage status of our services and contribute to improving our services. Users who wish to disable cookies can do so by changing their web browser settings. However, if you disable cookies, you may not be able to use some functions of our services.

15.2 Our services also use cookies provided by Google LLC (including Google Analytics. For information on how Google Analytics collects and processes data, please refer to the "How Google uses data when you use Google partner sites and apps" page (www.google.com/intl/ja/policies/privacy/partners/).

16. Contact us

For requests for disclosure, opinions, questions, complaints, and other inquiries regarding the handling of personal information, please contact the contact point below.

Name, address, and representative name of the business handling personal information

〒150-0041
Bansho Building 1F, 1-9-10 Jinnan, Shibuya-ku, Tokyo
franky Co., Ltd. (Representative Director Yu Akasaka)

Contact point

E-mail: support@windandsea.jp

Click here for the inquiry form.
https://windandsea.jp/pages/contact

17. Continuous improvement

We will review the operational status regarding the handling of personal information as appropriate and strive for continuous improvement, and may change this privacy policy as necessary.

[Established on April 1, 2022]
[Updated on July 10, 2024]

Language

Country/region

Member

New to our store

Guest checkout

Privacy policy