Privacy Policy for Europe (Personal Data Protection Policy) 日本語
Hobonichi Co., Ltd. (“we”, “us” or “our”) considers personal data and information related to privacy as something precious that has been entrusted to our care, and its protection is of great importance to us. This privacy policy (the “Privacy Policy For Europe”) therefore intends to inform you about how we, acting as a data controller, collect and process your personal data that you submit or disclose to us.
We process this personal data in accordance with the applicable EU and Member State regulations on data protection in particular, the General Data Protection Regulation No 2016/679 in the EU and the European Economic Area (the “EEA”) and The Data Protection Act 2018 in the United Kingdom (the “UK”) (the aforementioned regulation and the act are hereinafter collectively referred to as the “GDPR”).
This Privacy Policy For Europe, in addition to our privacy policy, shows in particular the data protection in the EEA and the UK.
If you do not wish your personal data to be processed by us as set out in this Privacy Policy For Europe, please do not provide us with your personal data. Please note that in such a case, we may not be able to provide you with our services, you may not have access to and/or be able to use some features of our websites, and your customer experience may be impacted.
1. Legal Basis for Handling Your Personal Data and Types of Personal Data
Personal data means any information relating to a natural person that can directly or indirectly identify such person, or by which a natural person is directly or indirectly identifiable, by reference to an identifier such as a name, an address, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, social identity, or the like of that natural person. We obtain personal data related to you in the manner set out below. Upon obtaining your personal data, we process it in accordance with the GDPR and other applicable laws, ordinances, and the like, which includes notifying you of the purpose of use. We use your personal data for the following purposes. If it is necessary to process your personal data for purposes other than those provided below, we will individually inform you to that effect.
1-1. When Processing is Required for a Contract
We use the personal data for the purposes listed in the table below further to a contract with you, or to take steps you have asked us to take before we enter into a contract with you.
| Purposes | Categories of personal data |
|---|---|
| To supply our products and services to you and to carry out related customer management | Name, age, e-mail address, password, address, shipping address, telephone number, credit card information, and product purchase history |
| To identify suspicious transactions and ensure customer safety with respect to the settlement of customer orders | Name, age, e-mail address, address, shipping address, telephone number, payment, transaction information, product purchase history, IP address, profile, device information, and usage information |
1-2. When Processing is Required for the Pursuit of Legitimate Interests
We obtain and process the following categories of your personal data for the following purposes because it is necessary to do so in order to pursue our legitimate interests.
| Purposes | Categories of personal data |
|---|---|
| To manage and protect our e-commerce website (troubleshooting, data analysis, testing, system maintenance, support, data reporting and hosting) | Name, age, e-mail address, address, telephone number, payment, transaction information, product purchase history, IP address, device information, and usage information |
| To use data analytics to improve the customer experience on our website, products, services, marketing, and customer relations (CR) | Google Analytics data, Microsoft Clarity date, Cookies, name, age, e-mail address, address, shipping address, telephone number, payment, transaction information, product purchase history, questionnaire answers, IP address, device information, profile, and usage information |
| To make suggestions or recommendations regarding products or services that may be of interest to you | Google Analytics data, Microsoft Clarity date, Cookies, name, age, e-mail address, address, shipping address, telephone number, payment, transaction information, product purchase history, questionnaire answers, IP address, and usage information |
| To handle your inquiries, requests, and complaints | Name, age, e-mail address, address, shipping address, telephone number, transaction information, and product purchase history |
| To enable you to enter a drawing or complete a questionnaire | Cookies, name, age, e-mail address, address, shipping address, telephone number, payment, transaction information, product purchase history, questionnaire answers, IP address, device information, profile, and usage information |
| To promote safety and security by monitoring fraud and investigating suspicious activities, potentially illegal activities or violations of our terms or policies | Google Analytics data, Cookies, name, age, e-mail address, address, telephone number, payment, transaction information, product purchase history, questionnaire answers, IP address, device information, and usage information |
1-3. When Your Express Consent is Obtained in Advance
Where we have obtained your express consent in advance, we will obtain and process the following categories of your personal data for the following purposes as well.
| Purpose of processing | Types of Personal Data |
|---|---|
| To conduct marketing activities, including the provision of information related to products and services provided by us, such as distribution of e-mails and news | Name, age, e-mail address, address, shipping address, telephone number, transaction information, product purchase history, questionnaire answers, device information, and usage information |
| To share your personal data with third-party partners who may send you marketing communications in relation to their products and services | Google Analytics data, Microsoft Clarity date, Cookies, name, age, e-mail address, address, shipping address, telephone number, payment, transaction information, product purchase history, questionnaire answers, browser configuration information, IP address, device information, and usage Information |
If our processing of your personal data is conducted based on your consent, you may withdraw that consent at any time. Withdrawal of your consent does not affect the legality of personal data processing that we have conducted based on consent given before that withdrawal. You may withdraw your consent through services and the like you use or by contacting us using the contact details at Section 13 (Contacting Us).
Personal data obtained by us does not include information provided through a third party, such as counterparties, contractors, business partners, and social media providers.
Also, we will not obtain or use sensitive personal data that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, data concerning health or sexual orientation, or the like, unless that sensitive personal data is processed in accordance with standards provided for in the GDPR and other applicable laws, ordinances, and the like.
2. Sharing Your Personal Data
We do not disclose or provide your personal data to a third party, unless:
- we inform you about such disclosure or provision;
- we obtain consent from you; or
- that disclosure or provision is made in accordance with the GDPR and other applicable laws, ordinances, and the like.
We provide your personal data to the following third parties.
2-1. Contractors
In providing products and services to you, we may engage contractors to perform all or part of our duties and may provide personal data to the extent necessary to achieve the purpose of use. If we engage any such third parties to process your personal data, we will take necessary and appropriate measures in accordance with the contents of the GDPR and other applicable laws, ordinances, and the like.
2-2. Business Partners and Counterparties
In providing products and services to you, we may, to the extent necessary to achieve the purpose, provide your personal data to: our business partners, such as product development and sales services providers, IT and software development service providers, various manufactures, and credit card companies; and counterparties, such as agencies.
We may also share your personal data with business partners and counterparties to the extent necessary to deal with your inquiries, requests, or the like.
2-3. Legal or Regulatory Authorities, and Professional Advisors
We may share or disclose your personal data with government authorities, regulatory agencies, law enforcement officials, and our professional advisors, if required for the purposes we have told you about, if mandated by law, or if required for the legal protection of our legitimate interests in complying with applicable laws.
3. Transfer of Personal Data Outside the EEA or the UK
Your personal data obtained by us may be transferred, stored, and processed outside the EEA or the UK. In each case, your personal data must be protected safely at a level of security equivalent to that used for its protection within the EEA or the UK. We transfer your personal data to a country that has been subject to an adequacy decision by the European Commission under the GDPR or take all measures (including execution of the standard contractual clauses under the GDPR as approved by the European Commission) reasonably necessary when we transfer your personal data to a country other than one that has been subject to an adequacy decision to ensure your data is safely stored and processed in accordance with the provisions set out in this Privacy Policy For Europe and the GDPR and other applicable laws, ordinances, and the like.
4. Storage Period for Personal Data
We store your personal data for the period necessary to achieve the purpose of use or to perform our obligations under applicable laws, ordinances, and the like. The specific storage period is determined in consideration of the purpose for obtaining and processing the personal data, the nature of the personal data, and legal or business-related necessity for storing the personal data.
5. Your Choices
In principle, the provision of your personal data to us is made based on your will, and you are not obligated to provide us with your personal data.
However, if you do not provide us with your personal data, you may experience disadvantages, such as inability to use various services provided by us or partial system malfunctions.
6. Cookies
A "Cookie" is the name of a technology that records and manages information about usage history and submitted website contents of customers. This information is saved as a Cookie onto the hard disk of a computer. For further information, see our Cookie Policy.
6-1. Cookie Management
Cookies enable a browser to quickly process frequently-accessed services. When shopping in the Hobonichi Store, a customer's shopping cart contents and order management are processed through Cookies and JavaScript. Cookies are necessary for this submitted information to be saved and accessible as you shop.
6-2. Cookies Used for Viewing Online Content
We utilize cookies to provide the functionality of redisplaying content that our customers have previously viewed.
6-3. Page Access and Purchase Statistics
In order to optimize the quality of contents developed for the website, we anonymize the access data of site visitors and use it to analyze access statistics. We do not identify customers or analyze individual usage. We may also provide statistical data such as product sales numbers to our co-development partners.
We use Microsoft Clarity and Google Analytics with server logs. If you do not want to participate in access analysis with opting out of the use of Cookies, please change your settings accordingly:
- You can refuse to accept cookies by changing your browser settings. However, please be aware that disabling Cookies may prevent some services on this website from functioning properly.
- Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
6-4. Social Media Cookies
In order to allow customers convenient use of social media channels through our website, such as Facebook, Instagram, and LINE, we use third-party cookies issued by each respective social media website. If you would like to prevent the use of cookies from these websites, please change your settings here:
- Facebook Opt-out: https://www.facebook.com/help/568137493302217
- Please view the help section of your browser and devices for opt-out instructions for Instagram and LINE.
7. Processing of Children's Personal Data
We do not knowingly collect and process information on children under sixteen (16) without permission and consent of their parent(s). If we discover that we have collected and processed the personal data of a child under sixteen (16) directly, or the equivalent minimum age depending on the concerned jurisdiction, we will take steps to delete the information as soon as possible.
8. Organizational and Technical Measures to Protect Your Personal Data
We obtained ISMS certification in November 2021, and based on the requirements of the ISO/IEC 27001 standard, we have established a management system pertaining to personal data protection and appropriately take organizational, physical, and technical safety management measures in order to prevent unauthorized access to personal data, prevent personal data loss, destruction, tampering, leakage, and the like, and otherwise to safely manage personal data. Also, we are aware of the importance of personal data protection and appropriately take personal safety management measures, which includes making efforts to provide educational and awareness campaigns regarding personal data protection for officers, employees, and the like who process personal data.
In the unlikely scenario that leakage of personal data or any other accident occurs, we will appropriately deal with the situation through investigation of the facts and causes and implementation of preventive measures for secondary damage and reoccurrence, etc.
9. Automated Decision-Making
We do not conduct decision-making that is based on automated processing (including profiling) which produces a legal or similar material effect on you.
10. Our Records of Data Processes
We handle records of processing of personal data in accordance with the obligations established in the GDPR and other applicable laws, ordinances, and the like, both where we might act as a controller or as a processor. In these records, we reflect all the information necessary in order to comply with the GDPR and other applicable laws, ordinances, and the like and cooperate with the supervisory authorities as required.
11. Notification of Data Breach to the Competent Supervisory Authorities
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you.
12. Customer Rights
You have the rights set out below in relation to personal data used by us.
If we receive any request from you in relation to the following, we will faithfully and appropriately deal with that request in accordance with provisions set out in the GDPR and other applicable laws, ordinances, and the like after confirming that the person making the request is you or a person delegated by you to act on your behalf.
- Right to access personal data
- You have the right to obtain confirmation from us regarding whether any of your personal data is being processed, and if your personal data is being processed, you will have the right to access your personal data and certain information in connection to that personal data.
- Right to rectify personal data
- If your personal data held by us is incorrect, you will have the right to demand that we rectify the personal data.
- Right to erase personal data (right to be forgotten)
- If you satisfy certain conditions, you will have the right in some cases to demand erasure of your personal data held by us.
- Right to restrict processing of personal data
- If you satisfy certain requirements, you will have the right in some cases to restrict the processing of your personal data held by us.
- Objections against processing of personal data
- If you satisfy certain conditions, you will have the right in some cases to object to our processing of your personal data.
- Right to data portability of personal data
- If you satisfy certain conditions, you will have the right in some cases to receive in a structured, commonly used, and machine-readable format the personal data that you have provided to us and will have the right to transmit that data to another controller without hindrance from us.
13. Contacting Us
If you have any demands, inquiries, or requests regarding the processing of personal data, please contact the following e-mail address.
- Contact details
- Information Security Committee, Hobonichi Co., Ltd.
anshin@1101.com
Please be aware that inquiries to this e-mail address are limited to inquiries related to the processing of personal data. If we receive an unrelated inquiry, we may not be able to reply. Please understand this in advance.
The replies that we send to customers are intended to send to individual customers for the purpose of answering their inquiries. Please refrain from reproduction or secondary use of all or part of the replies on SNS or for any other purposes.
14. Filing Complaints with Supervisory Authorities
In order to protect your personal data, you have the right to file a complaint with supervisory authorities for your residence, workplace, or the member state where a violation of the GDPR or other applicable laws and regulations occurs in relation to the processing of your personal data by us.
15. Representative in the EU and the UK
We have appointed DataRep as our data protection representative for the purposes of the General Data Protection Regulation No 2016/679 in the EU/EEA and the Data Protection Act 2018 in the UK. If you have any questions to us or wish to exercise your rights related to personal data, you may contact DataRep from your country by using one of the following methods.
-
- Contact by e-mail at datarequest@datarep.com
- please make sure to insert “Hobonichi Co., Ltd.” in a subject box.
-
- Contact via form on https://www.datarep.com/data-request
-
- Contact by post
-
please send your inquiry to the address listed at the end of this Privacy Policy For Europe.
For inquiry by post, please make sure to write “DataRep” in the address.
16. Administrator of This Privacy Policy For Europe
Information Security Committee, Hobonichi Co., Ltd.
Hobonichi Kanda Building, 3-18 Kanda Nishiki-cho, Chiyoda-ku, Tokyo 101-0054, Japan
17. Revision of This Privacy Policy For Europe
We may amend, revise, add to, or delete the contents of this Privacy Policy For Europe from time to time to deal with changes required by amendments to laws and ordinances, business-related requirements, and the like. If there are any substantial or material amendments to this Privacy Policy For Europe, we will inform you to that effect on this page and, if necessary, inform you to that effect by a method that enables you to become aware of those changes.
Contact DataRep by mail at
| Country | Address |
|---|---|
| Austria | DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria |
| Belgium | DataRep, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium |
| Bulgaria | DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria |
| Croatia | DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia |
| Cyprus | DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus |
| Czech Republic | DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic |
| Denmark | DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark |
| Estonia | DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia |
| Finland | DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland |
| France | DataRep, 72 rue de Lessard, Rouen, 76100, France |
| Germany | DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany |
| Greece | DataRep, 24 Lagoumitzi str, Athens, 17671, Greece |
| Hungary | DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary |
| Iceland | DataRep, Kalkofnsvegur 2, 3rd Floor, 101 Reykjavík, Iceland |
| Ireland | DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland |
| Italy | DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy |
| Latvia | DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia |
| Liechtenstein | DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria |
| Lithuania | DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania |
| Luxembourg | DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg |
| Malta | DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta |
| Netherlands | DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands |
| Norway | DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway |
| Poland | DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland |
| Portugal | DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal |
| Romania | DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania |
| Slovakia | DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia |
| Slovenia | DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia |
| Spain | DataRep, Calle de Manzanares 4, Madrid, 28005, Spain |
| Sweden | DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden |
| United Kingdom | DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom |
Last updated: July 4, 2025