PrivacyPolicy.Meta.Title

1. General Provisions

1.1. This Privacy Policy (hereinafter referred to as the “Policy”) defines the procedure for the collection, use, storage, transfer, and protection of personal data of users of the maketto.jp website and related services (hereinafter referred to as the “Website”).
1.2. The personal data controller is Maketto 合同会社, a company duly registered and operating under the laws of Japan (hereinafter referred to as the “Controller”, “Maketto”).
1.3. This Policy is developed in accordance with the requirements of Japanese data protection legislation, including the Act on the Protection of Personal Information (APPI), as well as with consideration of generally accepted international standards for personal data processing and protection.
1.4. This Policy applies to all information that the Controller may obtain about users when they use the Website, related services, personal accounts, as well as other communication channels (including email, messengers, feedback forms, etc.).
1.5. By using the Website, the user confirms their consent to the terms of this Policy and to the processing of their personal data in accordance with the procedures and conditions set forth herein.

user registration and identification;
providing access to the Website functionality and personal account;
placing, supporting, and fulfilling orders and contractual obligations;
processing payments and financial transactions (without storing bank card details);
organizing the delivery of goods and interaction with logistics and other partners;
sending service-related notifications connected with the operation of the Website and provided services;
handling user inquiries and providing technical support;
complying with applicable legal requirements and lawful requests of governmental authorities.

The Controller does not store bank card details. Payment processing is carried out by authorized payment service providers and acquiring banks.

4.1. Personal data processing is carried out on a lawful, fair, and transparent basis.
4.2. Processing is limited to achieving specific, predetermined, and lawful purposes.
4.3. Only personal data that is necessary to achieve the stated purposes is processed.
4.4. The Controller takes reasonable measures to ensure the accuracy, relevance, and adequacy of personal data.
4.5. Personal data is stored no longer than required to achieve the purposes of processing, unless a longer retention period is required by applicable law.

5.1. Personal data is processed on the basis of the user’s consent, as well as in other cases provided for by applicable law.
5.2. The Controller ensures the confidentiality of personal data and does not disclose it to third parties, except in the following cases:
transfer of data to partners engaged to fulfill contractual obligations (payment, logistics, courier, IT partners);
compliance with mandatory legal requirements or lawful requests of authorized authorities;
protection of the rights and legitimate interests of the Controller.
5.3. Personal data is transferred solely to the extent necessary to achieve the relevant processing purposes.
5.4. All third parties involved in data processing are required to ensure an adequate level of personal data protection in accordance with applicable legal requirements.

obtain information about the fact, purposes, and methods of processing their personal data;
request clarification, updating, or correction of personal data;
request deletion or restriction of the processing of personal data in cases provided by law;
withdraw consent to the processing of personal data;
submit requests and inquiries to the Controller regarding personal data processing.

The exercise of these rights may be restricted in cases provided for by applicable law.

Access to personal data is granted only to authorized persons within the scope of their official duties.

8.1. Personal data is stored for no longer than necessary to achieve the purposes of processing, unless a longer retention period is required by applicable law.
8.2. Upon achievement of the processing purposes or at the user’s request, personal data shall be deleted or anonymized, except where further storage is required by law.

9.1. Users’ personal data is primarily processed and stored in Japan.
9.2. As part of service provision, cross-border transfer of personal data to other jurisdictions may occur, provided that an adequate level of personal data protection is ensured in accordance with applicable law and contractual obligations.
9.3. By using the Website, the user consents to such cross-border transfer of personal data.

10.1. The user has the right to withdraw their consent to the processing of personal data at any time by sending a relevant notice to the following email address: info@maketto.jp.
10.2. Upon receipt of such notice, the Controller shall cease processing personal data, except in cases where further processing is required in accordance with applicable law.

11.1. This Policy is valid indefinitely until replaced by a new version.
11.2. The Controller reserves the right to amend this Policy unilaterally by publishing an updated version on the Website.
11.3. The current version of the Policy is available at: https://maketto.jp/privacy-policy
11.4. All inquiries related to personal data processing may be sent to the following email address: info@maketto.jp