Privacy policy
(For Overseas Users)

Effective Date: January 22, 2025

Want.jp Inc. (hereinafter "we", "us") establishes the following Privacy Policy (hereinafter "this Privacy Policy") regarding the handling of personal data for customers residing outside Japan. This Privacy Policy complies with the General Data Protection Regulation and other laws and regulations related to the protection of personal information (hereinafter "GDPR, etc.").

1. Introduction

We will handle personal data lawfully and fairly in compliance with GDPR, etc. and in accordance with this Privacy Policy.

2. Personal Data We Collect

Based on GDPR, etc., we will acquire the following personal data by lawful and fair means. The information we acquire from you is provided with your consent.

1. Information that you provided directly to us

  • Name, address, phone number, email address
  • Information about product payment and payment methods
  • Information about your inquiries or communications with us
  • Government-Issued Identification (driver's license, health insurance card, etc.) and information contained therein for identity verification purposes, as required by legal obligations
  • Other information entered this service by you

2. Information we collect automatically when you use our services

  • Information about the device identification of devices
  • Information about the operating system, browser type, and language settings of devices
  • Server log information such as timestamps about browsing activity, date and time of viewed
  • Service use history of our services (viewed pages, time spent, operation history, etc.)
  • Referring websites information (URL from which accessed our service site)
  • Session ID for session management

3. Information from other sources

  • Information obtained from other sources with your consent
  • Information obtained based on laws
  • Information obtained from publicly available sources

3. Purpose of Process and Legal Basis for Personal Data

We process the personal data we collect for the following purposes. The legal basis as defined by the GDPR is listed in the table below; however, the legal basis may vary depending on the jurisdiction, and we will use your personal data based on the legal basis permitted under applicable law. This legal basis includes obtaining consent to this Privacy Policy and obtaining individual consent.

Purpose of Use Legal Basis under GDPR
To provide and operate our services tailored to you (including the sale and shipment of goods, billing for services, and auto-fill functionality for registration information) Performance of a contract
To establish and perform transactions between you and us, and for your use of our services Performance of a Contract
To respond to inquiries and provide information about our services Contract performance, legitimate interests
To prevent and respond to fraudulent activity Legal obligations, legitimate interests
To notify about changes of our terms, policies regarding our services Contract performance, legal obligations

4. Personal Data We Share

1. We will not share personal data with third parties without your consent, except as permitted by law. However, we may share personal data to the extent necessary in the following cases:

  • When required by law
  • When necessary to protect life, body, or property of an individual and in which it is difficult to obtain the consent of the person
  • When outsourcing all or part of the handling of personal data within the scope necessary to achieve the purpose of use. In such cases, we will exercise necessary and appropriate supervision over the third-party contractors.
  • When personal data is shared due to a business succession resulting from a merger or other reason
  • For fraud detection and prevention by the card issuer

2. We may share the following information collected from you to the card issuer which you use.

  • Name, phone number, email address, information about internet usage environment, etc.

Furthermore, if the card issuer which you use is located overseas, this information may be transferred to the country where that issuer is based. Since we cannot identify the specific card issuer which you use or the country where that issuer is located from the information we collected, we are unable to ascertain and provide the following information about personal data protection measures.

  • The country name where the card issuer is located
  • Information about the personal data protection legislation in that country
  • The card issuer's personal data protection measures

Please refer that the Personal Information Protection Commission's website (https://www.ppc.go.jp/). The information is provided on personal information protection legislation in other countries.

5. Data Transfer Outside the European Economic Area (hereinafter "EEA")

We store and process acquired personal data on servers located in Japan. However, if it becomes necessary to transfer personal data to other countries or regions, the transfer will be conducted with implementing appropriate safeguards required by the GDPR, such as concluding standard contractual clauses (SCC). Japan is subject to an adequacy decision by the EU Commission under the GDPR, ensuring a level of data protection equivalent to that within the EEA.

6. Data Retention Period

We retain personal data only as long as reasonably necessary to achieve the purpose of use. The specific retention period is determined considering the type of data, the purpose of use, and legal requirements. After the retention period ends, we securely and reliably erase or anonymize the personal data in accordance with applicable laws.

7. Security

We will implement necessary and appropriate measures from organizational, human, physical, and technical perspectives to prevent the leakage, loss, or damage of personal data to ensure the security of personal data.

8. Your Rights

You may have the following rights about your personal data under applicable laws. If you wish to exercise these rights (hereinafter "Disclosure, etc."), please contact the inquiry window specified in Section 11.

  • Right of Disclosure/Access: The right to request access to your personal data held by us, as well as disclosure of copies or records of provision to third parties.
  • Right to Rectification: The right to request the correction, addition, or deletion of your personal data held by us if it is inaccurate.
  • Right to Erasure (Right to be Forgotten): The right to request the erasure of your personal data held by us under certain conditions
  • Right to Restriction of Processing: The right to request that restrict us for use, erasure, or processing of your personal data under certain conditions
  • Right to Data Portability: The right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format and to request transfer to another controller under certain conditions
  • Right to Object: The right to object to data processing based on our legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent: The right to withdraw consent at any time where personal data is processed based on consent

How to Exercise Your Rights

Where to submit requests:

Please submit your request to the inquiry contact listed in Section 11.

When submitting a request, please submit the following documents to us. For details, please contact the inquiry window listed in Section 11.

  • Our company's prescribed form
  • Copy of identification documents

9. Processing of Personal Data of Children (Minors)

We do not knowingly collect or process personal data of children (minors) without the consent of their parent or guardian.

10. Changes to This Privacy Policy

We may update all or part of this Privacy Policy to ensure the appropriate use and protection of personal data. When there are significant changes, we will notify you clearly, such as through announcements on the Service with informing the effective date.

11. Contact Information

If you have any questions, concerns or comments about our handling of personal data or this Privacy Policy, please contact the following office:

want.jp Inc.

37F Sumitomo Fudosan Roppongi Grand Tower
3-2-1 Roppongi, Minato-ku, Tokyo, Japan, 106-6237

Representative Director: Kim Taeseong

E-mail: info@want.jp (Privacy Officer, want.jp Inc.)

Business hours: Weekdays from 10:00 AM to 6:00 PM (JST)

12. Right to File a Complaint to the Supervisory Authority

You may have the right to file a complaint to the data protection supervisory authority in your jurisdiction about our handling of your personal data.