Skip to main content

Privacy Policy

Updated

zig-zag, Inc. (hereinafter referred to as “Company”) is the operator of 'WorldShopping' and the provider of other services (hereinafter referred to as "Service"). The Company stipulates this privacy policy (hereinafter referred to as “Policy”) and shall comply with the General Data Protection Regulation (GDPR), applicable privacy and data protection laws in other countries, and other related laws and regulations regarding the acquisition and the use of personal information on the Service.

 

Article 1 Definition of Customer Information

In this Policy, 'Customer Information' means the information provided by customers, action history information on communication services used by customers, other information generated or accumulated in customers' device information, information on customers that the Company acquires in relation to the provision of affiliated service by the Company's partner company (hereinafter referred to as “Partner”), and information collected by the Company pursuant to this Policy.
 

Article 2 The Customer Information to be Collected on the Service

In the Service, the Company will collect the Customer Information detailed below immediately upon obtaining consent from the customer. The Customer Information includes information as detailed below. Customers who do not provide the Company with all or a part of the Customer Information, may not be able to use the Service. The Company will directly collect the Customer Information from customers.
(1) Information to be Provided by a Customer
Basic information: name (corporate name), date of birth, gender, post code,address (location), phone number, and e-mail address related to the customers (including customers specified in the shipping address), Other information: Bank account, Payment information, and Information on purchased goods.
Customer Identification Data: Driver's license information, Passport information, and other information required when confirming a customer's identity as prescribed by laws and regulations including the Japanese Secondhand Articles Business Act.
(2) Information to be Collected by the Company
Information on terminal devices: The Company may collect information on terminal devices (individual identification information of ID for an information device used by customers.
Logging information and Action history information: The Company may collect the customer's purchase history of goods, customer's browsing history of goods, IP address automatically created and stored when using the Service, Date and time of requests made by a customer, and information on operation history on the Company's website.
Cookies: The Company may use a technology called 'Cookies', or other similar technology namely IDFA, Advertising ID, geolocation technology and sensor information in the Service.
Information related to affiliated services: The Company may acquire information on contracts between the Partner and customers, type of such affiliated service, the effective date of such contracts, invoice and payment, data collected throughout affiliated services, information sent or received by a customer throughout each affiliate service, usage history, Facebook ID of the Customer Information on coupons or points, information obtained through questionnaire or monitoring survey, and other information obtained through the provision of affiliated services (including applications history, request and inquiries).

 

Article 3 Consent

By using the Service, customers shall be deemed to have agreed to this Policy. Customers may always withdraw their consent by contacting the Company. However, the use of the Customer Information by the Company prior to such withdrawal shall not be deemed to be illegal.
Customers under the age of 16 may not use the Service.

 

Article 4 Purpose of Use

1.The Company will not use the Customer Information acquired through customer use of the Service beyond the scope of the purpose of use without the consent of the customers. The Company will properly handle obtained the Customer Information in accordance with the purpose of use and within the scope of such purpose of use. In addition, employees or representatives of the Company will, to the extent necessary, access the Customer Information for the purpose of achieving each purpose of use set forth below or pursuant to laws and regulations.
 

[Mandatory]

Purpose of Use
Operation, provision, maintenance, and improvement of the Service.

  • Details of Purpose of Use
    To verify customers' identity and prevent unauthorized use of the Services.
    To purchase goods
    To deliver goods
    To carry out processing procedures to receive the payment for purchased goods.
    To provide my page
    To legally perform work as a postal service (post office box) stipulated in the Japanese. Act on Prevention of Transfer of Criminal Proceeds.
  • Information to be Used
    Basic information: name, address, phone number, e-mail address.
    Other information: Information on purchased goods.
    Customer Identification Data: Driver's license information, Passport information, and other information required when confirming the customer's identity as prescribed by laws and regulations including the Japanese Secondhand Articles Business Act.

Purpose of Use
Providing notifications to customers and responding to customers.

  • Details of Purpose of Use
    To announce the Service and respond to inquiries.
    To announce and provide new services relating to the Service.
    To change the Service's Terms of Service, this Policy. To suspend, discontinue, or terminate the contract of the Service.
    To provide notification of other important information related to the Service.
    To cure a breach of the Service's Terms of Service.
    To respond to problems and lawsuits.
  • Information to be Used
    Basic information: Name, Address, Phone number, E-mail address.
    Other information: Bank account, Payment information, and Purchased goods.
    Customer Identification Data: Driver's license information, Passport information, and other information required when confirming the customer's identity as prescribed by laws and regulations including the Japanese Secondhand Articles Business Act.
    Logging information and Information on action history
    Information on terminal devices
    Information related to affiliated services.

Purpose of Use
Creation of statistical data and provision of such data to third parties.

  • Details of Purpose of Use
    To create and use statistical data being processed in a form that is no longer individually identifiable by analyzing the following information (hereinafter simply referred to as “Statistical Data”).
    To provide the Statistical Data to third parties.
    *In addition, the Company and the third party who receives the Statistical Data from the Company will use such Statistical Data for the following purposes.
    • To indicate advertising information that match the needs and interests of customers.
    • To analyze advertising effectiveness.
    • To carry out market analysis and marketing.
  • Information to be Used
    Basic information: Address
    Information on terminal devices
    Logging information and Information on action history
    Cookies
    Information related to affiliated services.

Purpose of Use
Marketing of the Services

  • Details of Purpose of Use
    To provide information on the Service and other companies' services, information on Japan and other various information that match the needs and interests of customers.
    To provide services such as issuance of coupons provided in the Service.
  • Information to be Used
    Basic information: Name, Address, Phone number, E-mail address, Date of birth, and gender.
    Other information: Information on purchased goods.
    Logging information and Information on action history.

[Optional] 

  • Purpose of Use
    To provide the Customer Information to a third party, Meta Platforms, Inc, (hereinafter referred to as “Meta”) for Meta to offer marketing services.
  • Details of Purpose of Use
    For Meta to offer marketing services which provide information on other companies' services that match the needs and interests of customers and other information including information on Japan.
  • Information to be Used
    Basic information: Name and E-mail address.

2.The Company may, to the extent necessary for the achievement of the purposes detailed in the preceding paragraph and with the prior consent of the customer, mutually provide to the partner and other third parties with the Customer Information including personal information.
3.Except as otherwise permitted under laws and regulations, the Company will not use the Customer Information to carry out automated decision-making.

 

Article 5 Changes in Purpose of Use

The Company may, within a range that is reasonably recognized to be relevant to the purpose of use before the change, change the purpose of use in the preceding Article. If the Company changes the purpose of use, the Company will notify the fact that it will change the purpose of use and information on such change to customers in a manner separately specified by the Company.

 

Article 6 Acquisition of the Customer Information

The Company will appropriately acquire the Customer Information without deceit and other unfair means. If the Company acquires the Customer Information in other manners than through that customers' use of the Service, the Company will provide the customer with prior notice of the purpose of use for such acquired the Customer Information and any other information that the Company is required to provide to customers as prescribed by laws and regulations or rules.

 

Article 7 Security Control Measures

  1. The Company will prevent the Customer Information from any leakage, loss, and damage, and otherwise, take necessary and appropriate measures to securely manage the Customer Information. Also, the Company will exercise necessary and appropriate supervision over the provision of personal data (hereinafter referred to as “Personal Data”, as defined in Article 16.3 of the Japanese Act on the Protection of Personal Information, the same shall apply hereinafter) to its employee or contractors (including subcontractors) and comply with applicable privacy and data protection laws in other countries.
    (1) Formulation of the basic policy
    The Company formulated the basic policy to ensure the proper handling of the Personal Data.
    (2) Establishment of rules for the handling of Personal Data
    The Company established the rule for the handling of Personal Data concerning how to organize the data, responsible person, personnel and their duties at each stage of acquisition, utilization, storing, provision, deletion and disposal of the Personal Data
    (3) Systematic security control
    Having a person who is responsible for the handling of the Personal Data, the Company also specify the employees to handle the Personal Data, defines the scope of the Personal Data to be handled by such employees, establishes the system which enables such employees to report or contact the responsible person in a case where the employee becomes aware of the fact or indication sign of violation of applicable privacy and data protection laws in other countries, and/or regulations for the handling personal information. Also, the Company regularly performs self-inspection and conducts a corporate audit by other departments or an external auditor of the Personal Data handling.
    (4) Human security control measures
    The Company regularly provides its employees with training on points to be considered when handling the Personal Data. Also, the Company prescribes matters concerning the confidentiality of the Personal Data in its employment regulation.
    (5) Physical security control measures.
    The Company carries out access control of its employee and limits devices which can be brought into areas to handle the Personal Data and takes measures so that no individuals or entities other than those who are entitled to handle the Personal Data can easily view the Personal Data. Also, the Company takes measures to prevent devices, electronic mediums, and documents from being stolen or lost and to make the Personal Data not readable from such devices and electronic mediums when such devices and mediums are carried around including their relocations within an office.
    (6) Technical security control measures
    The Company carries out access control, designates personnel and personal information databases to be handled by the personnel, and implements the mechanism to protect such information system handling the Personal Data from any illegal access or any illegal software.
    (7) Understanding External Factors
    Prime Manpower Japan LLC is a company that processes personal data in Makati, Republic of the Philippines and is entrusted with the handling of the Personal Data of the Company. The Company is aware of the system related to the protection of personal information in Republic of the Philippines and takes safety control measures. The Personal Data of customers may be accessed lawfully by courts or law enforcement agencies of the country in which such Personal Data is stored.
    Meta is a third party to which the Company provides the Personal Data, and Meta processes the Personal Data in the United States of America. The Company is aware of the system related to the protection of personal information in the United States of America and takes safety control measures. The Personal Data of customers may be accessed lawfully by courts or law enforcement agencies of the country in which such Personal Data is stored.
  2. If the Company entrusts all or a part of the handling of the Customer Information to a third party, the Company will execute a Non-Disclosure Agreement with such third party in advance, in which contents of such agreement will follow this Policy and the Company will exercise necessary and appropriate supervision of such third party over security control measures of the Customer Information. The Company will inform of any important information that is necessary to be informed to all customers of the Company (including a case where the Company is affected by a data breach that may have a significant impact on customers) in a manner specified by the Company. Furthermore, customers are requested to provide the Company with the detail of the outsourcing contractor for the process of the Customer Information retained by the Company and the type of the Customer Information to be handled by such outsourcing contractor in a form separately provided by the Company.
  3. The Company assures the security of the handling of the Customer Information; however, the Company does not guarantee the reliability and complete security of the online communication. If there is a security breaches, customers' personal information may likely to be exposed to threats such as identity theft. In the event that such breach occurs, the Company will promptly mitigate there risks therefrom, and will promptly notify the customer if there are any actual risks that may cause significant damage to customers or if the notification of risks is required by laws and regulations.
  4. The Customer Information is normally stored in a data center located in Japan.

 

Article 8 Joint Use

The Company may, to the extent necessary for the provision of affiliated services, jointly use the customers' personal information with the Partner. In such a case, the Company shall publicly announce the name of the Partner, the purpose of joint use, the type of information for joint use, and the chief privacy officer to jointly use such information.
 

Article 9 Information Collection Module

The Service is incorporated with information collection modules and items similar thereto in order to analyze the Customer Information. Along with this, the Company will provide the Customer Information to providers of information collection modules. These information collection modules use Cookies and collect the Customer Information without including information that can identify individuals. The collected information will be managed pursuant to the privacy policy of the provider of the information collection module and other rules. Please refer to the following URL for the privacy policy and Opt-out in relation to each information collection module.

 

Article 10 External Services and Link

  1. The Company may provide the Service in tandem with services provided by external providers such as Meta and, X Corp. (America) (hereinafter referred to as “External Services”). If a customer wishes to use the Service in tandem with the External Services, the Company may provide the provider of the External Services with the Customer Information which includes address, date of birth, gender, postal code, location, phone number, e-mail address, and other necessary information for the achievement of purpose outlined in Article 4 hereof. Customers acknowledge that the Company may provide the providers of the External Services with such Customer Information; however, customers may request the Company to cease the provision of such Customer Information to the providers of the External Services. Please contact our customer services regarding the procedures for making such request.
  2. Use of a mobile devices applications with a device on version iOS 9 or later will start the “Spotlight” search feature. With this feature, customers are able to find the information they need from location information and date and time information. This feature is provided by the Company in compliance with the condition of use prescribed by Apple Inc. Customers acknowledge that any searched information using the Spotlight search feature will only be stored on a dedicated device. Also, customers agree that the Company will provide the Customer Information to Apple Inc. or third parties. Unless Apple's condition of use is amended, the Customer Information will not be provided to Apple or other third parties. Customers are able to invalidate indexing and search features in the Service by changing the setting of Spotlight; however, some search features may be restricted.

 

Article 11 Disclosure and Sharing of the Customer Information

  • Except for otherwise permitted by applicable privacy and data protection laws in other countries, or other laws and regulations, and without the approval of customers, the Company will not disclose or share personal information among all the Customer Information to any third parties. However, exceptions are made in the following cases
    (1) A case where all or a part of the handling of personal information is entrusted to a third party to the extent necessary for the achievement of the purpose of use by the Company.
    (2) A case where the task of handling of personal information of customers using the Service is outsourced to settlement system companies, credit companies or banks.
    (3) A case where personal information is provided to providers of information collection modules or providers of the External Services pursuant to the provisions of the two preceding articles.
    (4) A case where necessary measures are taken when a customer conducts an act that damages others or violates public orders while using the Service, or if the customer is about to conduct such an act.
    (5) A case where it is in an emergency, and when there is imminent danger to human life and/or asset
    (6) A case where personal information is provided along with the succession of business caused by a merger or other events.
    (7) A case where disclosure of personal information is requested by public institutions such as courts and police pursuant to laws and regulations.
  • The Company may transfer the Customer Information to a country or an international organization where the European Commission has not determined of having an adequate level of protection of the Personal Data. In such a case, the Company will take measures which are required by laws and rules (taking appropriate safeguards) and obtain explicit consent from the customer after providing information on risks that may arise from such transfer.

 

Article 12 Targeted Advertising

  1. The Company will use information collection modules to collect the following information and accumulate or use thereof when providing the Service or affiliated services in order to deliver targeted advertising (advertising technique to deliver advertisement that meets the needs or interests of customers) by the Company or a third party such as an advertisement distribution company.
    (1) Information on action history (information that may be used to analyzes the needs or interests of customers by accumulating purchase history of goods or use history of the Service and that does not identify specific individuals)
    (2) Information on a terminal device
    (3) Account information
  2. The Company will provide information collected pursuant to the preceding paragraph to a company distributing advertisement (hereinafter referred to as “Advertisement Distribution Company”) delivering behavioral targeting advertising for the following purposes.
    (1) Provision of the Service: Provide contents that improve the convenience of the Service for customers and that deems advantageous to customers.
    (2) Advertisement and Marketing: Deliver advertisement that is suitable to each customer, Use them as Statistical Data.
  3. The Company may use the following identifiers:
    Cookies: Cookies are an industry standard technology for the Web server to identify computers used by customers. Cookies may identify computers used by the customer but not identify any individual. The setting of all or a part of Cookies may be invalidated by accessing the Company's website (https://www.worldshopping.global/) and clicking the icon of 'Cookies' at the bottom left of the website. However, by doing so, all or a part of the Service may become unavailable.
  4. The Company will retain information on action history collected by customers only for the period that is lawful and necessary for business.
  5. The Company shall endeavor to take the following measures to prevent any leakage, loss and damage of information on action history and for other safety management if such information is provided to the Advertisement Distribution Company.
    (1) The Company will not disclose the mechanism to encrypt information on action history.
    (2) The Company will provide the Advertisement Distribution Company with information on action history on the condition that such information will be used only within the scope of the purpose of use set forth in Article 12.2
    (3) If the Advertisement Distribution Company further provides information on action history to other third parties, the Company will impose the Advertisement Distribution Company the obligation to provide such information on action history to such third parties by attaching the same conditions set forth in the preceding item.

 

Article 13 Rights of Customers

  1. If a customer requests in writing for disclosure, correction, addition, making duplicates, deletion, or restriction on the handling of personal information provided by the customer or processing activities thereof, or a customer exercises its right of objection against such processing activities, access rights or right to data portability, the customer shall fill out the information to identify itself such as name, e-mail address or address and make a request for the exercise of such rights to a contact person set forth in Article 19 hereof.
  2. In a case where a request is made pursuant to the preceding paragraph by a customer and the identity of the customer is confirmed, the Company, in principle, will disclose the Customer Information within one (1) month of such request and within reasonable limits. However, this shall not apply to a case where the Company is not obliged to disclose the Customer Information pursuant to applicable privacy and data protection laws in other countries, and other laws and regulations and a case where the same request is repeatedly made by the customer without legitimate grounds. If the Company cannot meet such a request, the Company will notify thereof to the Customer.
  3. In case of inaccuracies regarding the Customer Information held by the Company, the customer may correct, add or delete such information by sending information to identify the customer such as name or e-mail address in an e-mail to the e-mail address detailed in Article 19 hereof. The Company may request the customer to submit necessary information and documents as needed.
  4. In a case request is made pursuant to the preceding paragraph by a customer and the identity of the customer is confirmed, the Company will conduct investigation within the reasonable scope and without delay, and will, in principle, correct, add and delete the Customer Information based on the result of such investigation within one (1) month from such request. However, this shall not apply to a case where the Company is not obliged to do so, the same request is repeatedly made by the customer without legitimate grounds, or cases similar thereto.
  5. If a customer requests to cease the use, to restrict the handling or to delete its the Customer Information (hereinafter collectively referred to as “Suspension of Use”) pursuant to applicable privacy and data protection laws in other countries, and other laws and regulations or rules for the reasons that the Customer Information is handled beyond the purpose of use that is notified in advance or the Customer Information was acquired through deceit or other unfair means, and if it is found that there are reasons for such request, the Company will review the request to make sure that such request was made by the customer, and shall carry out the Suspension of Use of personal information without delay, and notify thereof to such customer. However, this shall not apply to a case where the Company is not obliged to carry out the Suspension of Use pursuant to the applicable privacy and data protection laws in other countries, and if the Company does not respond to the customer's request for the Suspension of Use, the Company will notify thereof to the customer.
  6. Customers have the right to file a complaint against the supervisory authority regarding the use of the Customer Information by the Company.
  7. In a case where a customer meets certain requirements, the customer reserves the right not to be subjected to a decision based solely on an automated process (including profiling) which produces a legal effect on the customer or has a similar significant impact on the customer.
  8. If the Company lifts the restriction on the handling of personal information regarding personal information to which the Company has carried out restricts processing, the Company shall notify thereof to the customer in advance.
  9. Customers have the right to request an explanation of the rules regarding the handling of personal information by the Company.
  10. Customers have the right to seek remedy for damage caused by the processing of personal information through a speedy and fair procedure.
  11. The Company will not treat the customer differently from other customers for the reason that the customer exercised its right under laws and regulations or this Policy.

 

Article 14 Handling, Storage and Disposal of the Customer Information

  1. All officers and employees of the Company, who require access to the Customer Information will handle the Customer Information for the achievement of purposes set forth in this Policy or as required or permitted by laws.
  2. The Company shall make reasonable effort to ensure that the Customer Information is always accurate and complete.
  3. If the Customer Information is no longer necessary to achieve the purpose of use, the Company will not store the Customer Information. Also, the Company will not store the Customer Information for other purposes of use not specified in this Policy. If the storage period passed the period specified by the Company, except for a case where the Company is required to store such personal information by laws and rules, such Customer Information will be destroyed. As a specific example of this method, the Company will delete the Customer Information stored as an electromagnetic record to prevent restoration and will incinerate or dissolve any personal information written on paper such as a document.

 

Article 15 Organization and Structure

The Company will appoint the chief executive officer of the Company as Data Protection Officer, properly manage the Customer Information and continue to improve the Company's handling of the Customer Information.
 

Article 16 Disclaimer

The Company bears no responsibility for the following cases.
(1) A case where the customer, themselves reveal their own the Customer Information to a third party by using the features of the Service or other means.
(2) A case where information entered in the Service by a customer was processed into a state whereby the individual can be identified.
 

Article 17 Amendment of This Policy

The Company shall make an endeavor to review the operational status with respect to the handling of the Customer Information from time to time and continue to improve such operation. The Company may amend this Policy without the prior consent of customers as necessary. Unless otherwise specified by the Company, the amended Policy shall become effective immediately after it is published on the Company's website. However, if the amendment of this Policy requires the consent of customers by laws, the Company shall obtain the consent of customers in a manner specified by the Company.

 

Article 18 Other Cautionary Notes

The Service may contain a link to other services than those services managed by the Company, and the Company shall not be liable for the content of such other services and the protection of the Customer Information stored therein.

 

Article 19 Inquiry

For any comments, questions, or complaints concerning the handling of the Customer Information by the Company or other matters concerning the handling of the Customer Information, please contact the Company by sending an e-mail to the following e-mail address.

Data Protection Officer
privacy@zig-zag.co.jp

 

Article 20 Local Representatives(UK.EU)

The Company shall respect for the privacy and the data subject rights of customers. In addition, the Company shall appoint Prighter Group and its local partners (hereinafter collectively referred to as “Prighter”) as the representative of the Company and the point of contact for customers in following areas.

  • England (United Kingdom)
  • European Union (EU)


Prighter provides customers with the information on how to exercise their rights to privacy (including request for access to or deletion of the Personal Data). Customers are encouraged to visit the following website to contact the Company through Prighter or to exercise data subject rights.
https://prighter.com/q/14759318372

 

2/1/2015 Enacted
3/19/2020 Amended
6/1/2024 Amended
 
 

Was this article helpful?

0 out of 0 found this helpful
Return to top

Related articles