Privacy Policy

In compliance with applicable data protection laws and regulations (including, without limitation, the General Data Protection Regulation (EU) 2016/679 (GDPR)) sacai ASSOC.CO.,LTD., (the “Company” or “we”) hereby prescribes the following Privacy Policy (this “Policy”) to cover the processing of personal information of Users residing outside of Japan in relation to our various services, including our Internet shopping service, (hereinafter referred to as the “Service”)
For the processing of personal information of Users residing in the State of California in the United States, the “Appendix: Processing of Personal Information of California Residents,” shall be applied and be referred to in addition to this Policy.

1. Categories of Personal Information We Collect

The Company will collect and process the following personal information in relation to the Service:

• Basic information of the Users (name, email address, telephone number, address, payment method, credit card information, account Information, etc.);
• Information regarding transactions between us and the Users (information about purchased products, delivery status, etc.)
• Information regarding inquiries from the Users
• Information regarding responses to questionnaires, etc.
• Information obtained from the Users’ devices (type of device, OS, device identifier, IP address, browser type and other browser information, referrer information, cookie ID, information related to browsing history and purchase history obtained by using cookies and cookie-like technologies, advertising identifiers, etc.).

Please see our Cookie Policy for information on how we handle cookies (including cookies and cookie-like technologies).

2. Purposes of Use of Personal Information and Legal Grounds for Processing

The Company collects and processes personal information based on our legitimate interests to carry out our business, including providing products and services that better meet the Users’ needs and requests, and preventing the fraudulent use of the services, as well as based on the User’s consent and legal obligations for the following purposes of use in connection with the Service. Please note that the Company does not make decisions that may have legal or similar material effects on Users based solely on automated processing, including profiling, using Users' personal information.

• To authenticate and confirm the identity of the Users;
• To provide the Service to the Users;
• To notify the Users of matters necessary for the provision of the Service;
• To request feedback on the Service from the Users;
• To provide the Users with promotional marketing, advertising and publicity (including, without limitation, surveys) relating to the Service and services related to the Service, the Company, and related entities of the Company;
• To investigate and analyze the usage of the Service by the Users and to maintain, protect and improve the Service;
• To respond to inquiries about the Service;
• To respond to actions that violate the Company’s terms, guidelines, or the like, regarding the Service;
• To notify the Users of changes in the terms, guidelines, or the like, regarding the Service;
• To prevent the occurrence of failures, malfunctions, and incidents in the systems of the Service, and to promptly respond thereto when they occur; and
• To perform processing to comply with legal obligations to which the Company is subject.

3. Disclosure of Personal Information

The Company may provide the User’s personal information to the following businesses, etc.:
(i)The Company uses outsourcing companies such as service providers, security service providers, and data analysis service providers, to offer the Service, and these contractors will access and process the Users’ personal information to the extent necessary to offer the Service;
(ii)The Company conducts business in unison with our group companies, and our group companies will access and process the Users’ personal information to the extent necessary to offer the Service; and
(iii)The Company may disclose personal information to public authorities in order to comply with applicable laws and regulations (including ordinances, court rulings, and administrative orders and recommendations).

4. Sources of Personal Information

The Company primarily collects the Users’ personal information directly from the Users or indirectly from service providers, etc..

5. Required Personal Information

The personal information that Users are required to provide for the provision of the Service is indicated in the form to be completed by the User. The User is under no obligation to provide such personal information, but if such personal information is not provided, the Company is unable to offer the Service.

6. International Transfer of Personal Information

The Company may transfer the Users’ personal information to Japan and Singapore, which are countries outside the Users’ country of residence (for Users residing in the EU, to outside of the EU), (the “International Transfer”), for the purpose described in “2. Purposes of Use of Personal Information and Legal Grounds for Data Processing”.
When the Company conducts the International Transfer of Users’ personal information to Japan and Singapore we will take necessary measures for the protection of personal information, such as implementing an adequate level of protection and executing standard contractual clauses as set forth by the supervisory authority. If Users would like more information, such as obtaining a copy of the standard contractual clauses, etc., they are requested to contact us by mailing a letter to the address or by sending an e-mail to the e-mail address listed in Section “12. Inquiries” below.

7. Retention Period of and Security Measures for Personal Information

The Company will retain Users’ personal information for as long as it is necessary to fulfil the purposes of use prescribed in this Policy.
To determine the appropriate retention period for personal information, we consider: (i) whether the Company has an ongoing relationship with the User; (ii) whether the Company is legally obligated to store the User’s personal information; and (iii) whether storing the User’s personal information is necessary to fulfill the contract with the User.
In order to retain Users’ personal information, the Company has implemented internal rules, an organizational structure, and appropriate supervision of employees, and has taken measures to prevent unauthorized access, etc., in order to protect against the risk of loss, destruction, alteration, or leakage of personal information.

8. Rights for Disclosure, Correction, Addition, Deletion etc., of Personal Information

The Users may have the following rights with respect to their own personal information, in accordance with applicable laws and regulations:
(i) the right to seek access to their personal information (including copies thereof);
(ii) the right to request correction of their personal information;
(iii) the right to seek removal of their personal information (the right to be forgotten);
(iv) the right to restrict (cease) the processing of their personal information; and
(v) the right to receive their personal information in a structured, machine-readable form (the right to data portability).

These rights may be limited, on an exceptional basis, if complying with a User’s request would infringe upon the rights of the Company or a third-party, or if we are requested to delete information that we are required to retain in accordance with the laws and regulations. The exceptions to these rights are set out in the applicable laws and regulations.
If Users wish to exercise these rights, they are requested to contact us by mailing a letter to the address or by sending an e-mail to the e-mail address listed in Section “12. Inquiries” below.

9. Right to Object to the Processing of Personal Information

The Users may have the right at any time to object to the processing of their personal information that is being processed on the basis of legitimate interests under the applicable laws and regulations.
If Users wish to exercise these rights, they are requested to contact us by mailing a letter to the address or by sending an e-mail to the e-mail address listed in Section “12. Inquiries” below.

10. Right to Withdraw Consent

The Users have the right to withdraw their consent whenever the Company handles their personal information based on their consent under applicable laws and regulations. Even if a User withdraws their consent, the legality of any treatment on the basis of consent before the withdrawal of consent will not be affected.
If Users wish to exercise these rights, they are requested to contact us by mailing a letter to the address or by sending an e-mail to the e-mail address listed in Section “12. Inquiries” below.

11. Right to File a Complaint with a Supervisory Authority

The Users may have the right to file a complaint with a supervisory authority under applicable laws and regulations. The supervisory authorities to which complaints can be filed may include the supervisory authorities where the User resides or works.

12. Inquiries

For any inquiries regarding personal information, Users are requested to contact us as set forth below:

Sacai Assoc.CO.,LTD 5F Three F Minami-Aoyama Building,6-11-1 Minamiaoyama, Minato-ku, Tokyo, 107-0062, Japan
E-mail：ec-support@sacai.jp
TEL: 050-1722-4164050-1722-4164 (Monday to Friday, 9am to 5pm, excluding public holidays)
The contact information for the Company’s representative in the EU is as follows:
E-mail：ec-support@sacai.jp

Appendix: Processing of Personal Information of California Residents

In addition to the Policy above, this “Appendix: Processing of Personal Information of California Residents” (this “Appendix”) shall apply to the processing of personal information of the Users residing in the State of California in the United States in accordance with the California Consumer Privacy Act of 2018 (the “CCPA”). If there is any discrepancy between the provisions of this Appendix and the provisions of the Policy, the provisions of this Appendix shall take precedence.

1. Definitions

The definitions of the terms used in this Appendix are the same as those under the CCPA. In particular:
“Sell” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a User’s personal information by the business to a third party (meaning anyone other than the Company, our subcontractors and other business partners, hereinafter the same applies in this Appendix) for monetary or other valuable consideration.
“Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a User’s personal information by the business to a third party for cross-context behavioral advertising.

2. Notice of Collection

The Company will collect and has collected in the last twelve (12) months, the following categories of personal information of the Users. The Company has not disclosed Users’ personal information to any third party for a business purpose in the last twelve (12) months.

We do not sell or share and will not sell or share in the future any of the personal information collected from the Users.

For details on the personal information we collect, refer to Section “1. Categories of Personal Information We Collect” of the Policy. For details on the business purposes and commercial purposes of personal information we collect, refer to Section “2. Purposes of Use of Personal Information and Legal Grounds for Data Processing” of the Policy. For details on the sources of the personal information we collect, refer to Section “4. Sources of Personal Information” of the Policy. For details on the retention period of the personal information we collect, refer to Section “7. Retention Period of and Security Measures for Personal Information” of the Policy.

3. Users' Rights under the CCPA

The CCPA provides residents of California with specific rights regarding personal information. If the User is a California resident, the following describes their rights under the CCPA and explains how to exercise those rights.

(1) Right to Access Personal Information
The Users are entitled to request that we disclose certain information to them about our collection, sharing, disclosure or use of their personal information. Once we receive and confirm a verifiable User request, we will disclose the following information to such User.
・ The categories of personal information we collected about the User;
・The sources for the personal information we collected about the User;
・Our business or commercial purposes for collecting, selling, or sharing such personal information;
・The categories of third parties with whom we share such personal information;
・The categories of personal information that we have sold, and for each category identified, the categories of third parties to whom we sold such personal information;
・The categories of personal information that we have disclosed for a business purpose, and for each category identified, the categories of third parties to whom we disclosed such personal information; and
・The specific pieces of personal information we collected about the User.

(2) Right to Request Deletion
Each User is entitled to request that we delete any of such User’s personal information that we have collected and retained, subject to certain exceptions. Once we receive and confirm a verifiable User request, we will delete such User’s personal information from our records (and notify our outsourcing companies etc., to delete the same), unless an exception applies.
We may deny the User’s deletion request if retaining the information is necessary for us or our outsourcing companies etc., in order to:
・Complete the transaction for which the personal information was collected, fulfill the terms of a product recall conducted in accordance with a written warranty or federal law, provide goods or services requested by the User, or take measures that are reasonably anticipated by the User within the context of our ongoing business relationship with such User, or otherwise perform our contract with the User;
・Help to ensure security and integrity to the extent the use of the User’s personal information is reasonably necessary and proportionate for those purposes;
・Debug products to identify and repair errors that impair existing intended functionality;
・Exercise free speech, ensure the rights of other Users to exercise their free speech rights, or exercise other rights provided for by the laws and regulations;
・Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. Seq.);
・Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if the User previously provided informed consent;
・Enable solely internal uses that are reasonably aligned with User expectations and the context in which the User provided the personal information based on the relationship between the User and the Company; and to
・Comply with legal obligations.

(3) Right to Request Correction
The Users are entitled to request that we correct any inaccurate personal information of a User that we have collected and retained. Once we receive and confirm a verifiable User request, we will correct such User’s inaccurate personal information (and notify our outsourcing companies etc., to correct the same). We may deny the User’s request for correction if we determine that the contested personal information is more likely than not to be accurate based on the totality of the circumstances.

(4) Right to Opt-Out of Sale or Sharing
We have not sold or shared any User’s personal information in the past twelve (12) months and we will not sell or share such personal information in the future. Since the Services are directed to Users who are not under the age of 16, we will not intentionally sell or share the personal information of any User who is under the age of 16.

(5) Right to Limit the Use of Sensitive Personal Information
The Company will not collect sensitive personal information from the Users..

(6) Right to Non-Discrimination
We will not discriminate against the Users for exercising any of their rights under the CCPA. Moreover, unless permitted under the CCPA due to the Users’ exercise of their rights, we will not:
・Deny goods or services to the Users;
・Charge the Users different prices or rates for goods or services;
・Provide the Users with a different level or quality of goods or services;
・Suggest that the Users may receive a different price or rate for goods or services or a different level or quality of goods or services; or
・Retaliate against an employee, applicant for employment, or independent contractor.

(7) How to Exercise Your Rights
In order for the Users to exercise the rights under the CCPA, they are requested to submit a verifiable User request to us by contacting us as set forth in Section “12. Inquiries” of the Policy. The Users need to complete a User request with sufficient detail that allows us to properly understand, evaluate, and respond thereto.

Only the User, a natural person or a person registered with the California Secretary of State that the User authorizes to act on the User’s behalf, or a person who has a power of attorney or is acting as a conservator for the User, may submit a verifiable User request related to the User’s personal information. If permitted under the CCPA, we may perform procedures to verify the identity and authority of the agent as required under the CCPA.

Established: February 19, 2025