Privacy policy

This Privacy Policy (“Policy”) explains the handling of information collected from users of the kocol, an online shop (“Service”) operated by Creaera Inc. (“Company”).

(For the avoidance of doubt, the definition of terms in the singular in this Policy shall apply to such terms when used in the plural where the context so permits and vice versa. The words used in this Policy in the singular, where the context so permits, shall be deemed to include the plural and vice versa.)

Article 1 (Applicable Scope)

This Policy applies to the use of the Service.

If the Company prescribes other provisions for the handling of users’ personal information in (1) other privacy policies in the Service, (2) other privacy regulations, or (3) the Terms of Service of the Service issued by the Company (“Terms of Service”), such provisions shall also apply to the use of the Service, and if such provisions conflict with this Policy, such provisions shall prevail.

Provisions under this Policy shall not apply to affiliate services offered in tandem with the Service and any services provided by any third parties (“Affiliated Services”). For information concerning the handling of information in the Affiliated Services, please refer to the privacy policy prescribed separately by the provider of such Affiliated Services.

Article 2 (Acquisition of Personal Information)

In accomplishing the ‘Purpose of Use’ specified in Article 3 under this Policy, the Company may acquire from all users who access or who wish to use the Service (collectively “User”) the information set forth below (collectively “User Information”):

  1. Information provided by the User:
    Name, billing address, shipping address, payment information (such as credit card number), e-mail address, telephone number, and other information specified by the Company in the Service.
  2. Information obtained by the Company:
    Cookie, IP address, access dates and times, features or pages viewed, browser type, and other system activity, Internet service provider, time zone, other information transferred by the User in the Service (including search history, submission to the Service), information obtained by the Company through the Affiliated Services with the consent of the User (including the User ID to be used in the Affiliated Services).

Article 3 (Purpose of Use)

3.1 The Company will handle the User Information obtained within the scope of the following purpose of use:

  1. Application for the registration to use the Service;
  2. Provision of the Service (including processing payment information, arranging deliveries, confirming invoices and orders);
  3. Screening for potential risks and fraud;
  4. Verification of User’s identity;
  5. Announcement of information regarding the Service and responding to inquiries;
  6. Notification of (i) revision made to this Policy or the Terms of Service (ii) suspension or cessation of the Service, (iv) termination or expiration of the agreement, and (v) other important notice related to the Service;
  7. Marketing of the Company’s products and services;
  8. Maintenance and improvement of the Service, and development of new services;
  9. Investigation and analysis of usage status of the Service.

3.2 The Company may change the purpose of use provided for in the preceding paragraph to the extent that such change is reasonably deemed to be related to the original purpose of use, upon which the Company will notify the User of such change, publish it in the Service or on the website operated by the Company, or in other easy-to-understand manners.

Article 4 (Provision to Third Parties)

4.1 The Company will not provide any personal data (“Personal Data” as defined in Section 2 Paragraph 6 of the Japanese Act on the Protection of Personal Information, the same shall apply hereinafter) to a third party without the consent of the individual who owns the Personal Data. Provided, however, that, this shall not apply where the Personal Data is provided to a third party based on the following situations. For the avoidance of doubt, 'third party' herein shall include a third party located outside Japan but does not include the third party that is located outside Japan which is prescribed under Section 28 of the Japanese Act on the Protection of Personal Information.

  1. in the situation in which such Personal Data is provided in association with the delegation, in whole or in part, of the handling of Personal Data to the extent necessary for the accomplishment of the purpose of use outlined in this Policy;
  2. in the situation in which the Personal Data is provided as a result of business succession due to a merger or other reasons;
  3. in which the Personal Data to be jointly utilized with a specific third party is being provided to such specified third party, where the User has advance notice or a condition has been put in place where the User can easily access (i) to the fact that the Personal Data is being utilized jointly and being provided to a specific third party, (ii) of the categories of the jointly utilized Personal Data, (ii) the scope of a jointly utilizing party, (iv) the utilization purpose for the utilizing party and (v) the name or appellation of the party responsible for managing such Personal Data;
  4. in addition to the matters provided for in the preceding items, cases where the provision of the Personal Data is made according to the Japanese Act on the Protection of Personal Information or other laws and regulations.

4.2 The Service is hosted on the e-commerce platform provided by Shopify Inc. Notwithstanding the preceding paragraph, the Company may provide Shopify Inc. with User Information for the purposes set forth in Article 3.1. For more information on how Shopify Inc. handles personal data, please visit their official privacy policy.

Article 5 (Use of Information Acquisition Module)

The Service incorporates the following information acquisition module selected by the Company that enables the Company to analyze usage of the Service and information such as advertising effect on the Service. Accordingly, the Company may sometimes provide the User Information to the providers of the information acquisition modules (including those operated outside Japan). The information acquisition module acquires User Information excluding personally identifiable information, and the information attained with the information acquisition module by the Company is managed in accordance with the privacy policy or provisions of the provider of each information acquisition module.

  1. Name of application: Google Analytics
    Provider: Google Inc.
    Information disclosure: https://policies.google.com/technologies/partner-sites?hl=en
  2. Name of application: Meta Pixel
    Provider: Meta Platforms, Inc.
    Information disclosure: https://www.facebook.com/privacy/policy/
  3. Name of application: Google Ads conversion tracking
    Provider: Google Inc.
    Information disclosure: https://policies.google.com/technologies/partner-sites?hl=en

Article 6 (Right of Disclosure and Correction of Retained Personal Information)

6.1 If the User requests the Company for notification, disclosure, correction, addition, deletion, suspense of use, or removal ("Disclosure") of its Personal Data existing in the Company’s database that the Company has retained according to the Japanese Act on the Protection of Personal Information, the Company will make the Disclosure without delay after confirming that the request was made by the User itself. However, the Company shall not assume any obligations to make any Disclosure if the Company is not liable to do so pursuant to any laws and regulations including the Japanese Act on the Protection of Personal Information.

6.2 Please contact the inquiry counter as specified in Article 9 of this Policy for a request for Disclosure.

6.3 The Company charges the User a handling fee of 1,000 JPY for each request for notification or disclosure of the purpose of use.

Article 7 (Security Control Action)

In handling the Personal Data, the Company takes necessary measures to prevent leakage, loss or damage of the Personal Data it obtains, for the purpose of security control of Personal Data. When the Company provides the Personal Data to its employees or contractors (including subcontractors), it will conduct necessary and appropriate supervision. The following outlines the security control measures implemented by the Company for the protection of Personal Data.

  • (1) Formulation of the basic policy:
    The Company formulates a basic policy regarding "Compliance with relevant laws and regulations and guidelines", "Inquiry counter to respond to inquiries or to handle complaints" to ensure the proper handling of the Personal Data.
  • (2) Establishment of rules for the handling of Personal Data:
    The Company establishes rules for handling Personal Data having the details of the method, the responsible person and personnel, and their duties in each phase such as obtainment, utilization, storing, provision, deletion and removal of handling Personal Data.
  • (3) Systematic security control:
    Having a person who is responsible for handling the Personal Data. The Company specifies an employee who will handle the Personal Data and defines the scope of the Personal Data to be handled by such employee.
  • (4) Technical security control measures:
    The Company designates personnel and limits certain database of the Personal Data by implementing access control. Also, the Company implements mechanisms to protect devices used for handling Personal Data from any illegal access or any damage caused by illegal software.
  • (5) Understanding the external environment:
    The Company recognizes that there are systems of protecting Personal Data in countries outside Japan. The Company will implement security control measures when the Personal Data is handled in those countries.

Article 8 (Revision)

8.1 The Company may, from time to time, review the operational status of the handling of the User Information; And the Company shall use its endeavor to continuously improve the handling of the User Information, and may, at any time, revise this Policy as necessary.

8.2 The Company will notify the User of the fact that the Company will revise the Policy, post the revised content of the Policy and its effective date on the Company’s website or in the Service, or notify the User thereof by electromagnetic record such as emails or in an easy-to-understand manner. However, if such revision requires the consent of the Users by law, the Company will gain the consent of the Users in a manner separately specified by the Company.

Article 9 (Inquiry)

For any comments, inquiries, requests for Disclosure, or complaints regarding the handling of the User Information by the Company, please contact the following inquiry counter:

Creaera Inc.
Enquiry for the Handling of Personal Data

Email: info@kocol.shop
Person in charge: Joichiro Hashimoto

Address:
10F, Hulic Minatomirai,
1-1-7 Sakuragicho, Naka-ku, Yokohama-shi,
Kanagawa, 231-0062, Japan

Established on May 10, 2025