PRIVACY POLICY

Published: March 23, 2021
Last updated: [March 31, 2021]

This Privacy Policy is intended for our guests from the European Economic Area (EEA) and the United Kingdom, explaining how we collect, use, disclose and/or store your personal data in connection with your visit and use of our website “EDO TOKYO KIRARI” (https://www.store.kirari.metro.tokyo.lg.jp/) (the “Website”). In this Privacy Policy, “we”, "us" and “our” refer to Haneda Future Research Institute Inc. (HFRI), a private company established and registered at Terminal 1, 3-3-2 Haneda Airport, Ohta-ku, Tokyo 144-0041, Japan.

We respect your right with privacy. As we operate this Website and provide you with our services, we collect, use and generate personal data about you. When we process your personal data, we undertake to comply with applicable data protection laws, including the Act on the Protection of Personal Information of Japan and the General Data Protection Regulation of the European Union (GDPR). Below is our privacy policy on how we process and protect your personal data.
We may revise this privacy policy from time to time. You can obtain the latest version of this policy at the following link:
[https://www.store.kirari.metro.tokyo.lg.jp/privacy.html]

1.PERSON IN CHARGE (controller)
This privacy policy is issued by HFRI. When we process your personal data, we are the data controller in the meaning of GDPR and are responsible for protecting your rights with personal data.

2.PURPOSE AND LAWFUL BASIS (why and on what lawful ground we use your personal data)
2-1 Consent by data subject (Article 6.1(a))

Purpose of Processing Category of Personal Data
Surveying Website usage Source IP address, browser type/version, operating system/version, pages served, time, approximate location (country), preceding page views (what web page you come from) and other technical data about your usage of the Website including unique identifiers ("Device Identifiers")
Facilitating your interaction with social network services Your favorite items, your comments

2-2 Performance of or entering into a contract (Art.6.1(b))

Purpose of Processing Category of Personal Data
Management of user account Name, email address, password, address, phone number
Sales and delivery of items Purchaser's name, purchased item, item code, quantity, unit price, addressee’s name, shipping address, addressee’s phone number, reason for return
Monitoring the payment status of the users Name, item name, item unit price, payment completion status

2-3 Compliance with a legal obligation (Art.6.1(c))

Purpose of Processing Category of Personal Data
Import customs clearance procedures for items purchased by the users Purchaser's name, shipping name, shipping address, addressee’s phone number, item name, item unit price, total value of shipped items, description of the shipped items

2-4 Necessary for controller’s legitimate interest (Article 6.1(f))

Purpose of Processing Category of Personal Data
Preservation of evidence related to contracts and claims Name, email address, password, address, phone number, purchase history, payment history
Detection and prevention of fraudulent use of the Website and/or our service Name, email address, password, address, phone number, purchase history, payment history, event log record
Improve the Website Name, email address, password, address, phone number, purchase history, payment history
Responding to your inquiries Your contact details (e.g., your name, email address, telephone number), requested information

3.SENSITIVE PERSONAL DATA
We usually do not collect and/or use sensitive categories of your personal data as defined in Articles 9 or 10 of GDPR on our Website.

4.COOKIES
We and certain third parties deploy cookies and other similar technologies on the Website, where we use data processing or storing capabilities of your browser or we read data from your browser, to collect some of the Automatically Collected Data for the purposes described above. Except where the use of these technologies is strictly necessary to provide you with services you requested, we ask for your prior consent thereto. You can find the full information about how we deploy these technologies here. You can, at any time, withdraw your consent or customize your cookie settings here.

5.RETENTION (how long we retain your personal data)
We will retain your personal data during your membership with our service and for a further five years after you resign your membership for the purpose of user account management and preservation of evidence related to contracts and claims.
Personal data relating to sales and delivery, payment and custom clearance will be retained for seven years after the completion of transactions. Personal data relating to your enquiry will be retained for one year after the date of enquiry.
Personal data relating to surveys on Website usage will be retained for 2 years after collection.
Personal data relating to detection and prevention of fraudulent use and Website quality improvement will be retained during your membership.
After that time, we will anonymise your personal data so that we cannot identify you any longer by reference to any data we retain.

6.DISCLOSURE (who we share your personal data with)
As shown in the table below, we disclose certain categories of your personal data in so far as may be necessary for the purposes described above to the respective recipients.
Categories of personal data to be disclosed Recipients
Your order information necessary for delivering purchased items FedEx
Your order information necessary for facilitating payment PayPal
Stripe
Your browsing history on our Website (dependent on your consent) Google
Your recommendation of our items together with information about your social network account and your web browser identification (dependent on your consent) Facebook, Instagram and twitter, whose social plugins are embedded on our Website
Your browsing history and interaction on our Website that enables our Adtech partners to personalize our advertising exposure to you Google, Facebook and other Adtech partners.
See cookie preference settings.
Your personal data retained in our Website system Digital Studio Co., Ltd
SAKURA Internet Inc.
Where such service providers are “data processors” in the meaning of GDPR, we make sure that such data processors have in place appropriate data protection measures by virtue of data processing contracts between such processors and us in compliance with Article 28 of GDPR.

7.TRANSFER TO NON-EU COUNTRIES
We may transfer the collected data for the purposes outlined in this Privacy Policy to certain third parties including the recipients located outside the EEA or the United Kingdom where the collected data may be processed by such third parties or our service providers, or we may be required to disclose the collected data to public authorities by laws and regulations we are subject to. The European Commission has decided that Japan ensures an adequate level of data protection (the “Adequacy Decisions”) and that personal data can be lawfully transferred to those countries or territories without requiring any specific authorization.
Where we need to transfer the collected data to countries or territories that are not covered by the Adequacy Decisions, we will protect your personal data by virtue of data transfer contracts with the concerned data recipients in line with the Standard Contractual Clauses endorsed by the European Union or the United Kingdom pursuant to the GDPR.

8. YOUR LEGAL RIGHTS
Provided that certain conditions are met, you have legal rights to request from us the following:
▪ Revocation of previously given consent to our processing of your personal data
▪ Access to your personal data and to certain supplementary information covered by this policy
▪ Rectification of your personal data if inaccurate or incomplete
▪ Erasure of your personal data in certain circumstances
▪ Suspension of using your personal data in certain circumstances
▪ Stopping processing your personal data in certain circumstances and
▪ Obtaining your personal data in a structured, commonly used, and machine-readable format.
If you wish to exercise your right, please contact us.

9.COMPLAINT
You can lodge complaints about our way of processing your personal data with data protection supervisory authorities.

10.EU REPRESENTATIVE
Because we do not have our establishment in the EEA and the United Kingdom, we establish the EU/UK Representative, who acts on behalf of us in these areas.
Our representative in the EEA countries:
Name: DataRep
Office: 72 Rue de Lessard, Rouen, 76100, France
E-mail: datarequest@datarep.com quoting in the subject line

Our representative in the United Kingdom:
Name: DataRep
Office: BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom
E-mail: datarequest@datarep.com quoting in the subject line

NOTE: When mailing enquiries, it is ESSENTIAL that you mark your letters for ‘DataRep’ and not ‘Haneda Future Research Institute Incorporated’

11.INQUIRY
For further information and inquiry, contact:
Privacy Manager
Digital Studio Co., Ltd. on behalf of Haneda Future Research Institute Inc.
manage@ds-style.com