Privacy Policy

Scope
This policy governs data collected by Taiyo Skin (“we,” “us,” “our”) through websites, applications, and services (“Services”). It applies to all users, customers, and visitors (“you,” “user”). Review by legal counsel recommended.

1. Data Collection

• Personal Data: Name, email, postal address, phone number, billing/shipping information when you place orders or sign up for newsletters.

• Account Data: Username, password hashes, order history, preferences.

• Transactional Data: Payment details handled by third-party processors; we do not store full payment credentials.

• Usage Data: IP address, device type, browser type, pages visited, time stamps, referral source, interaction patterns.

• Cookies and Tracking: Session cookies, persistent cookies, similar technologies to enable functionality, analytics, marketing.

2. Legal Bases and Use

• Contractual Necessity: Process orders, fulfill transactions, deliver services.

• Consent: Marketing communications, newsletters; opt-in required. You may withdraw consent at any time.

• Legitimate Interests: Improve Services, detect fraud, ensure security, analyze usage. Balanced against your rights.

• Compliance: Meet legal obligations (tax, accounting, regulatory).

3. Data Usage

• Service Delivery: Process orders, manage accounts, provide customer support.

• Communications: Send transactional messages (order confirmations, shipping notices), respond to inquiries, send marketing if consented.

• Personalization: Recommend products based on preferences.

• Analytics: Aggregate, anonymize data to optimize operations, website performance, inventory planning.

• Security and Fraud Prevention: Monitor suspicious activity, enforce access controls, investigate breaches.

4. Data Sharing

• Service Providers: Third-party processors for payments, shipping carriers, hosting, analytics, marketing platforms. Obligated to confidentiality.

• Affiliates and Subsidiaries: Shared where necessary for Services.

• Legal Requirements: Respond to lawful requests by public authorities, comply with court orders, regulations.

• Business Transfers: In event of merger, acquisition, asset sale, user data may transfer; notice provided where required.

• Anonymized/aggregated data: May share for research or industry analysis without identifying individuals.

5. International Transfers

Data may transfer to, and be processed in, jurisdictions outside your country (including Japan, U.S., EU). We apply appropriate safeguards (standard contractual clauses, binding corporate rules, local requirements under APPI, GDPR, etc.) to maintain data protection.

6. Data Retention

• Retention Periods: Retain personal data only as long as necessary for business purposes, legal obligations, dispute resolution.

• Criteria: Consider nature of data, purpose, legal requirements.

• Deletion: Upon request or after retention period, data is deleted or anonymized. Some data may persist in backups or logs for limited time.

7. Your Rights

• Access and Correction: You may access, correct, update or delete your personal data via account settings or by contacting us.

• Objection/Restriction: You may object to processing for legitimate interests or restrict processing where applicable.

• Data Portability: Under GDPR, request transfer of your data in machine-readable format.

• Withdraw Consent: For marketing at any time without affecting prior lawful processing.

• Complaint: Lodge complaint with relevant supervisory authority (e.g., Data Protection Authority).

• California Residents: Rights under CCPA/CPRA: access, deletion, opt-out of sale (we do not sell personal data for profit).

• Japanese Users: Rights under APPI: confirmation of purpose, disclosure, correction, suspension of use, erasure.

8. Cookies and Similar Technologies

• Essential Cookies: Required for core functionality (login, cart).

• Performance/Analytics Cookies: Collect usage metrics. You may disable through browser settings; this may degrade functionality.

• Marketing Cookies: Track interests for advertising. Consent required; you may opt out via preferences or browser controls.

9. Security Measures

• Technical Controls: Encryption in transit (TLS), secure storage, access controls, vulnerability management.

• Organizational Controls: Limited access on need-to-know basis, staff training, incident response plan.

• Breach Response: Prompt detection, containment, notification to authorities and users when required.

• Review: Regular audits to verify effectiveness.

10. Minors

Services not directed to minors under 16. We do not knowingly collect data from minors. If discovered, data will be deleted promptly.

11. Changes to Policy

Policy version and effective date indicated at bottom. We may update to reflect legal or operational changes. We will notify via prominent notice on Services or direct communication if material. Continued use after changes implies acceptance.

12. Contact Information

Data Controller: Taiyo Skin (registered entity)
Address: [Insert corporate address]
Email: privacy@taiyoskin.com (or designated address)
Phone: [Insert phone]
Questions: Direct inquiries regarding this policy or data requests to the contact above.

13. Disclaimers

This policy is not legal advice. You assume responsibility to verify compliance with applicable laws.

Effective Date: June 15, 2025
Version: 1.0

Sections organized to enforce accountability, integrity, user control, and rigorous data governance.