Last Updated: 21 April 2025

This Privacy Policy (“Policy”) explains how myTurn Co., Ltd. (“we,” “our,” or “us”) collects, uses, stores, and shares personal data when you visit or make a purchase through our website (“Site”). We comply with the Act on the Protection of Personal Information of Japan (APPI), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Payment Card Industry Data Security Standard (PCI DSS), and Stripe’s service guidelines.

1. Company Details

• Legal Entity: myTurn Co., Ltd.

• Registered Address: 2F, Oenon Hokkaido Building, 1 Minami 2‑jo Nishi 10‑chome, Chuo‑ku, Sapporo, Hokkaido, Japan

• Representative Director: Seiji Araya

• Contact Email: myokeiko@myturn.monster

• Data Protection Officer (DPO): Seiji Araya

2. Personal Data We Collect

We may collect the following categories of information:

1. Name (first, last) and phonetic spelling (if applicable)

2. Postal address and ZIP/postcode

3. Email address and—where voluntarily provided—phone number

4. Authentication credentials (e.g., passwords)

5. Browser and device data, cookies, IP address, and usage logs

6. Order history and records of products or services purchased

7. Payment information needed to process a transaction (full credit‑card details are handled exclusively by Stripe and never stored on our servers)

3. Purposes of Use

We process personal data solely for the purposes listed below:

1. To provide and deliver goods or services, arrange payment, shipping, or after‑sales support

2. To operate, maintain, secure, and improve our Site and prevent fraud

3. To respond to inquiries, troubleshoot issues, and provide customer care

4. To send promotional offers, surveys, newsletters, and perform marketing analytics (with your consent where required)

5. To meet legal obligations, industry standards, or requests from competent authorities

6. Any secondary purpose that is reasonably related to—or compatible with—the above

4. Stripe Payments

We use Stripe (including Stripe Payments Japan K.K. and the global Stripe group) to process online payments. Sensitive card data (card number, expiration date, CVC) is encrypted via TLS/HTTPS and transmitted directly to Stripe; it never touches our servers. We retain only non‑sensitive tokenized data—such as transaction IDs, card brand, and last four digits—as permitted under PCI DSS.

Stripe uses personal data for:

• Payment authorisation, settlement, refunds, and chargeback handling

• Fraud prevention (e.g., Stripe Radar)

• Compliance with legal or banking requirements

• Service optimisation and aggregated analytics

For more information, please review the Stripe Privacy Policy.

5. Cookies & Similar Technologies

We employ cookies, pixel tags, and similar tools to enhance user experience, analyse traffic, deliver relevant ads, and detect illicit activity. You may disable cookies in your browser settings, but some Site features may become unavailable.

6. Disclosure to Third Parties

We do not share personal data with third parties except in the following situations:

1. Service providers (e.g., fulfilment centres, cloud hosting) under contractual confidentiality and security obligations

2. When required by law, regulation, court order, or governmental request

3. To protect the vital interests of an individual when obtaining consent is impracticable

4. In connection with a corporate transaction such as a merger, acquisition, or asset sale, subject to appropriate safeguards

7. Security Measures

We implement administrative, technical, and physical safeguards to protect personal data, including but not limited to:

• Strict access controls, firewalls, and intrusion‑detection systems

• SSL/TLS encryption of all data in transit

• Use of a PCI DSS Level 1 certified payment gateway (Stripe)

• Regular employee training and confidentiality agreements

• Periodic vulnerability scanning and security audits

8. Your Rights

Subject to local laws, you have the right to:

• Access the personal data we hold about you

• Request correction, deletion, or restriction of processing

• Object to certain processing or withdraw consent at any time

• Receive your data in portable form (data portability)

• Lodge a complaint with a supervisory authority

Requests can be submitted to the contact email listed in Section 1. We may ask for identity verification before fulfilling your request.

9. International Data Transfers

Stripe and other providers may store or process data on servers located outside Japan (e.g., the United States or the EU). When we transfer data internationally, we rely on lawful mechanisms such as Standard Contractual Clauses (SCCs) or ensure the recipient country offers an adequate level of protection.

10. Children’s Privacy

Our Site is not directed to children under 13. We do not knowingly collect personal data from children. If we learn that we have inadvertently collected such data, we will delete it without undue delay.

11. Changes to This Policy

We may amend this Policy to reflect changes in law, our practices, or service features. Material changes will be announced on the Site and, where appropriate, notified by email.

12. Contact

For questions, requests, or concerns regarding this Policy or our data practices, please contact:

myTurn Co., Ltd.
Data Protection Officer: Seiji Araya
Email: myokeiko@myturn.monster

Thank you for trusting myTurn Co., Ltd. with your personal data.