Access Denied
IMPORTANT! If you’re a store owner, please make sure you have Customer accounts enabled in your Store Admin, as you have customer based locks set up with EasyLockdown app. Enable Customer Accounts
Privacy policy
Corporation YZ (hereinafter referred to as "the Company") recognizes the importance of personal information protection and complies with the laws concerning the protection of personal information (hereinafter referred to as "Personal Information Protection Law") and strives for appropriate handling and protection according to the following privacy policy (hereinafter referred to as "this Privacy Policy"). Furthermore, unless otherwise defined in this Privacy Policy, the definitions of terms in this Privacy Policy shall follow the definitions in the Personal Information Protection Law.
1. Definition of Personal Information
In this Privacy Policy, personal information refers to information related to a living individual, which corresponds to any of the following items.
(1) Information that includes a name, date of birth, and other descriptions (including documents, drawings, and electromagnetic records in which these are recorded, or expressed by voice, movement, or other methods) that can identify a specific individual (including information that can be easily compared with other information to identify a specific individual).
(2) Items containing personal identification codes.
2. Purpose of Use of Personal Information
The Company uses personal information for the following purposes.
(1) For the provision of services related to the internet shopping site named "YZ" (hereinafter referred to as "this Service").
(2) For responding to inquiries and guidance related to this Service.
(3) For providing information about the Company's products and services.
(4) For responding to actions that violate the Company's regulations and policies related to this Service (hereinafter referred to as "Regulations, etc.").
(5) To notify changes to the Regulations, etc. related to this Service.
(6) To analyze information related to the usage status of the service by users to improve the Company's services and develop new services.
(7) To create statistical data processed in a form that does not identify individuals related to the Company's services.
(8) For other purposes incidental to the above usage purposes.
3. Methods of Collecting Personal Information
3.1 The Company collects the following information from users of this Service by the following methods.
① When using this Service, information is collected from users through input of delivery addresses and account registration at the time of purchasing goods.
・Name
・Date of birth
・Gender
・Email address
・Address
・Purchase history
・Browsing history
・Other information determined by the Company to be collected in this Service and displayed on the website related to this Service.
② Information is collected when accessing this Service.
・端末の種類
・端末識別子
・ブラウザの種類
・リファラ
・IPアドレス
・Cookie
・その他広告識別子
③本サービスの利用にあたって、ユーザーが外部サービスとの連携を許可した場合、下記の情報を当該外部サービスから収集します。
・外部サービスでユーザーの利用するID
・その他外部サービスのプライバシー設定によりユーザーが連携先に開示を許可した情報
4. 個人情報利用目的の変更
当社は、個人情報の利用目的を関連性を有すると合理的に認められる範囲内において変更することがあり、変更した場合には個人情報の主体である個人(以下「本人」といいます。)に通知し又は公表します。
5. 個人情報利用
5.1 当社は、個人情報保護法その他の法令により許容される場合を除き、本人の同意を得ず、利用目的の達成に必要な範囲を超えて個人情報を取り扱いません。但し、次の場合はこの限りではありません。
(1) 法令に基づく場合
(2) 人の生命、身体又は財産の保護のために必要がある場合であって、本人の同意を得ることが困難であるとき
(3) 公衆衛生の向上又は児童の健全な育成の推進のために特に必要がある場合であって、本人の同意を得ることが困難であるとき
(4) 国の機関もしくは地方公共団体又はその委託を受けた者が法令の定める事務を遂行することに対して協力する必要がある場合であって、本人の同意を得ることにより当該事務の遂行に支障を及ぼすおそれがあるとき
(5) 学術研究機関等に個人データを提供する場合であって、当該学術研究機関等が当該個人データを学術研究目的で取り扱う必要があるとき(当該個人データを取り扱う目的の一部が学術研究目的である場合を含み、個人の権利利益を不当に侵害するおそれがある場合を除く。)。
5.2 当社は、違法又は不当な行為を助長し、又は誘発するおそれがある方法により個人情報を利用しません。
6. 個人情報の適正な取得
6.1 当社は、適正に個人情報を取得し、偽りその他不正の手段により取得しません。
6.2 当社は、次の場合を除き、あらかじめ本人の同意を得ないで、要配慮個人情報(個人情報保護法第2条第3項に定義されるものを意味します。)を取得しません。
(1) 第5.1項第1号から第4In cases where any of the following applies
(2) When obtaining personal information requiring consideration from academic research institutions, etc., and it is necessary to obtain such information for academic research purposes (including cases where part of the purpose of obtaining such information is for academic research purposes, excluding cases where there is a risk of unjustly infringing on the rights and interests of individuals). (Limited to cases where the relevant personal information handling business operator and the relevant academic research institution, etc., jointly conduct academic research.)
(3) When the relevant personal information is disclosed by the individual, national agencies, local public entities, academic research institutions, etc., or other persons prescribed by the Personal Information Protection Commission Rules in Article 57, paragraph 1 of the Personal Information Protection Law
(4) When obtaining clearly disclosed personal information requiring consideration by observing or photographing the individual
(5) When receiving the provision of personal information requiring consideration from a third party, and the provision by the relevant third party corresponds to any of the items in Article 9.1
6.3 When the company receives the provision of personal information from a third party, it will confirm the following matters as determined by the Personal Information Protection Commission Rules. However, this does not apply when the provision by the relevant third party corresponds to any of the items in Article 5.1 or Article 9.1.
(1) The name and address of the relevant third party, and in the case of a corporation, the name of the representative (in the case of an unincorporated organization with a representative or administrator, the name of the representative or administrator)
(2) The circumstances of obtaining the relevant personal information by the relevant third party
7. Personal Information Security Management
The company will conduct necessary and appropriate supervision of its employees to ensure the security management of personal information against risks such as loss, damage, alteration, and leakage. Furthermore, when the company outsources all or part of the handling of personal information, it will ensure necessary and appropriate supervision at the outsourcing destination to ensure the security management of personal information. The specific contents of the security management measures regarding the company's owned personal data are as follows.
|
Formulation of Basic Policy |
To ensure the proper handling of personal data, the company has formulated this Privacy Policy as a basic policy regarding "Compliance with Relevant Laws and Guidelines" and "Contact for Inquiries and Complaints Handling," etc. |
|
Preparation of Rules Related to the Handling of Personal Data |
Preparation of basic handling methods for cases where personal data is obtained, used, and stored |
|
Organizational Security Management Measures
|
1) The person in charge confirms that personal data is handled according to the prepared handling methods 2) Preparation of a reporting and communication system from employees to the person in charge |
|
Human Security Management Measures
|
1) Implementation of regular training for employees on matters to be noted regarding the handling of personal data 2) Inclusion of items related to confidentiality of personal data in employment rules |
|
Physical Safety Management Measures
|
1) Implement measures to prevent contractors and others who can handle personal data from easily viewing personal data. 2) Implement measures to prevent theft or loss of devices, electronic media, and documents that handle personal data, including within business premises, and ensure that personal data is not easily identifiable when transporting these devices and media. |
|
Technical Safety Management Measures
|
1) Clarify the devices that can handle personal data and the contractors who handle these devices, and prevent unnecessary access to personal data. 2) Introduce a system to protect devices handling personal data from unauthorized access or unauthorized software from outside. |
|
Grasp of External Environment |
When storing or providing personal information to third parties abroad, or handling it abroad, implement safety management measures after understanding the regulations related to personal information protection in the foreign country where the personal data is stored. |
8. Reporting in Case of Leakage
In the event of leakage, loss, or damage of personal information handled by our company, we will report to the Personal Information Protection Commission and notify the individual based on the provisions of the Personal Information Protection Law.
9. Provision to Third Parties
9.1 Except for cases applicable under each item of 5.1, we do not provide personal information to third parties without the prior consent of the individual. However, in the following cases, provision to the third party specified above does not apply.
(1) When providing personal information in the necessary scope for achieving the purpose of use, or when entrusting all or part of the handling of personal information.
(2) When personal information is provided due to business succession by merger or other reasons.
(3) When jointly using personal information in accordance with the provisions of item 10.
9.2 Notwithstanding the provisions of 9.1, in cases other than those applicable under each item of 5.1, when providing personal information to a third party abroad (excluding countries specified by the Personal Information Protection Commission Rules based on Article 28 of the Personal Information Protection Law), we will obtain the individual's consent to provide to the third party abroad.
9.3 When obtaining the individual's consent based on 9.2 for providing to a third party abroad, we will provide the individual with information on the following matters. However, if item 1 cannot be specified, we will provide information that serves as a reference for the individual.
(1) The name of the foreign country in question
(2) Information about the system related to the protection of personal information in the relevant foreign country
(3) Information about measures for the protection of personal information handled by the relevant third party (if the information cannot be provided, the reason should be included)
9.4 When our company provides personal information to a third party, it will create and retain records in accordance with Article 29 of the Personal Information Protection Law.
9.5 When our company receives the provision of personal information from a third party, it will conduct the necessary verification in accordance with Article 30 of the Personal Information Protection Law and create and retain records related to the verification.
10. Joint Use
Our company will jointly use personal information as follows and provide the jointly used personal information to the users specified below.
(1) Items of personal information to be jointly used
Items described in Article 3.1
(2) Scope of users who will jointly use
Each company in the ZOZO group to which our company belongs
For details about the companies in the ZOZO group, please refer here.
(3) Purpose of use by users
Purpose of use described in Article 2
(4) Name, address, and representative of the person responsible for managing the above personal information
〒155-0031 Tokyo, Setagaya-ku, Kitazawa 2-5-2 Shimokitazawa Big Ben Building
YZ Corporation (Representative Director Sei Funabashi)
11. Disclosure of Personal Information
11.1 When our company is requested by the individual to disclose personal information based on the provisions of the Personal Information Protection Law, we will confirm that it is a request from the individual and promptly disclose to the individual (if the personal information does not exist, we will notify accordingly). However, if our company is not obliged to disclose by the Personal Information Protection Law or other laws, this does not apply. Please note that a handling fee (1,000 yen per case) will be charged for the disclosure of personal information.
11.2 The provisions of the previous item apply to records related to the provision to third parties created based on Article 9.4 and records related to the provision from third parties created based on Article 9.5 concerning personal information that identifies the individual. However, the provisions concerning handling fees are excluded.
12. Correction of Personal Information
The company, upon receiving a request from the individual to correct, add, or delete (hereinafter referred to as "correction, etc.") personal information based on the Personal Information Protection Law due to the reason that the information is not true, will verify that the request is from the individual themselves, and within the necessary scope to achieve the purpose of use, promptly conduct the necessary investigation, and based on the results, make the correction, etc. of the personal information content, and notify the individual of the outcome (if a decision is made not to make the correction, etc., the individual will be notified of this decision). However, this does not apply if the company is not obligated to make corrections, etc. under the Personal Information Protection Law or other laws and regulations.
13. Suspension of Use of Personal Information, etc.
The company, upon receiving a request from the individual, (1) because the individual's personal information is being handled beyond the scope of the purpose of use publicly announced in advance, or is being used in a manner that aids, abets, or induces illegal or improper acts, or (2) because the individual's personal information was obtained through deceit or other wrongful means, or (3) when the company no longer needs to use the individual's personal information, or when there is a risk of harm to the rights or legitimate interests of the individual due to the handling of the individual's personal information, the company will verify that the request is from the individual themselves, and promptly suspend the use or provision of the personal information, and notify the individual of this. However, this does not apply if the company is not obligated to suspend use or provision under the Personal Information Protection Law or other laws and regulations.
14. Provision of Personal Information to Third Parties
14.1 The company, when it is anticipated that a third party will acquire personal related information (as defined in Article 2, Item 7 of the Personal Information Protection Law, and limited to those that constitute a personal related information database, etc. as defined in Article 16, Item 7 of the same law), except in cases listed in each item of 5.1, will not provide the relevant personal related information to the relevant third party without confirming in advance based on the rules determined by the Personal Information Protection Commission.
(1) The consent of the individual has been obtained for the acquisition of the personal data by the third party from the company, where the individual can be identified as personal data.
(2) In the case of provision to a third party overseas, when attempting to obtain the individual's consent as per the preceding item, the individual has been provided with information that can be referenced regarding the system concerning the protection of personal information in the relevant foreign country, the measures taken by the relevant third party to protect personal information, and other information that should be referred to by the individual.
14.2 When the company provides personal related information to a third party, it will create and preserve records in accordance with Article 31 of the Personal Information Protection Law.
14.3 When receiving the provision of personal related information from a third party, the company will conduct the necessary verification in accordance with Article 31 of the Personal Information Protection Law, and create and preserve records related to the relevant verification.
15. Handling of Pseudonymized Information
15.1 The company, when creating pseudonymized information (as defined in Article 2, Item 5 of the Personal Information Protection Law, and limited to those that constitute a pseudonymized information database, etc. as defined in Article 16, Item 5 of the same law), will process personal information in accordance with the standards determined by the Personal Information Protection Commission rules.
15.2 When the company creates pseudonymized information or obtains deletion information related to pseudonymized information (as defined in Article 41, Item 2 of the Personal Information Protection Law), it shall take necessary measures to prevent leakage of deletion information, according to the standards set by the Personal Information Protection Commission rules, and ensure safe management of deletion information.
15.3 The company shall comply with the following provisions regarding pseudonymized information (limited to personal information).
(1) Notwithstanding the provisions of Item 5.1, the company will not handle pseudonymized information beyond the necessary scope for achieving the purpose of use, except in cases based on laws and regulations.
(2) Regarding the application of Item 4 to pseudonymized information, "change within a reasonably recognized scope of relevance" shall be read as "change," and "notify or publish" shall be read as "publish."
(3) Notwithstanding the provisions from Items 9.1 to 9.3, the company will not provide personal data that is pseudonymized information to third parties except in cases based on laws and regulations. However, provision to third parties as specified in the above shall not apply in cases posted in each number of Item 9.1.
(4) In handling pseudonymized information, the company shall not match the pseudonymized information with other information to identify the individual related to the personal information used to create the pseudonymized information.
(5) In handling pseudonymized information, the company shall not use contact information or other information included in the pseudonymized information to make phone calls, send mail, transmit electronic communications, send via fax or electronic means, or visit residences.
(6) The provisions of Item 8 and Items 11 to 13 shall not apply to pseudonymized information.
15.4 The company shall comply with the following provisions regarding pseudonymized information (excluding personal information).
(1) Our company does not provide pseudonymized information to third parties, except in cases based on laws and regulations. However, in cases listed in each item of 9.1, the provision to third parties specified above does not apply.
(2) Our company will take necessary and appropriate supervision over its employees to ensure the safe management of pseudonymized information against risks such as leakage. Furthermore, when entrusting the handling of all or part of pseudonymized information, our company will supervise the entrusted party to ensure the safe management of personal information.
(3) When handling pseudonymized information, our company will not obtain information for identifying the individual related to the personal information used to create such pseudonymized information, nor will it match the pseudonymized information with other information.
(4) When handling pseudonymized information, our company will not use contact information or other information included in the pseudonymized information for making phone calls, sending mail, sending electronic messages, or visiting residences.
16. Handling of Anonymized Information
16.1 When creating anonymized information (meaning the information specified in Article 2, Item 6 of the Personal Information Protection Act, and limited to databases, etc., composed of anonymized information specified in Article 16, Item 6 of the same act), our company will process personal information according to standards set by the Personal Information Protection Commission rules.
16.2 Upon creating anonymized information, our company will take measures for safe management according to standards set by the Personal Information Protection Commission rules.
16.3 Upon creating anonymized information, our company will publicly announce the items of information related to individuals contained in such anonymized information according to the rules set by the Personal Information Protection Commission.
16.4 When providing anonymized information (including those created by our company and those provided by third parties) to third parties, our company will, in advance, publicly announce the items of information related to individuals contained in the anonymized information, as well as the method of provision, and indicate to the relevant third parties that the information provided is anonymized information, according to the rules set by the Personal Information Protection Commission.
16.5 When handling anonymized information, our company will not obtain information for identifying the individual related to the personal information used to create such anonymized information, such as (1) matching the anonymized information with other information, or (2) obtaining information about the method of processing according to the provisions of Article 43, Item 1 of the Personal Information Protection Act (limited to anonymized information provided by third parties).
16.6 Our company will endeavor to take necessary measures to ensure the appropriate handling of anonymized information, such as taking necessary and appropriate measures for the safe management of anonymized information, handling complaints about the creation and other handling of anonymized information, and publicly announcing the content of such measures.
17. Use of Cookies and Other Technologies
Our company's services use CookiesThere are cases where we use the technology and related techniques. These technologies help us understand the usage conditions of our company's services and contribute to service improvement.Cookie Users who want to disable cookies can do so by changing their web browser settings.Cookie However, disabling cookies may prevent you from using some functions of our company's services.
18. Contact
For requests for disclosure, opinions, questions, complaints, and other inquiries regarding the handling of personal information, please contact the following window.
Name, address, and representative of the personal information handling business operator
〒155-0031 Tokyo, Setagaya-ku, Kitazawa 2-chome, 5-2 Shimokitazawa Big Ben Building
YZ Corporation (Representative Director Sei Hashi)
Contact window
For inquiries regarding our operating site, please use the contact chat here here
19. Continuous Improvement
Our company will appropriately review the operational status regarding the handling of personal information and strive for continuous improvement. As necessary, we will change this privacy policy.
【Established November 1, 2022
【Revised September 19, 2025
Invalid password
Enter