個人情報の取り扱いについて

個人情報保護方針

株式会社ユナイテッドアローズ(以下、「当社」といいます。)は、個人情報取扱事業者として、個人情報に関する管理が重大な責務であることを十分に認識し、「個人情報の保護に関する法律」および関連法令を遵守することはもとより、個人情報保護に関する基本方針を制定し、全従業員に周知徹底させます。
また、確実な個人情報の管理を実現し、お客様をはじめとした個人情報によって識別される特定の個人(以下「本人」といいます。)への継続的な安心を提供いたします。

第1条(個人情報の取得と利用)

当社は、以下の目的に必要な範囲で、個人情報を取得し、取得した情報を利用します。以下の目的の範囲を超えて個人情報を利用する場合には、事前に適切な方法で本人からの同意を得るものとします。

(1)お客様の個人情報
①本人認証のため
②当社のサービスを適切に運営および提供するため
③商品の注文内容の確認、商品の発送、連絡および申込処理のため
④商品の修理等アフターサービス対応のため
⑤入会および退会手続き等の会員管理のため
⑥メールマガジンの配信を希望される方へのメールマガジン配信、ポイントサービス等の提 供、アンケートの実施等の各種サービス情報提供のため
⑦マーケティング分析(販売実績分析やアクセス分析等を指します。)のため
⑧当社が行う新たな商品・サービス等に関する情報の紹介や広告および宣伝のため
⑨当社で販売する商品や役務等(お取り置き、修理および配送等を指します。)に関するお問合わせの対応ならびにクレジットカードの利用履歴に関するお問い合わせの対応のため
⑩会員のアクセス履歴および利用状況の調査のため
⑪不正行為に対応するため
⑫その他サービス向上のため

(2)従業員、役員(取締役および執行役員)およびそれぞれの採用希望者の個人情報
①業務上の連絡、社員名簿の作成、法律上要求される諸手続その他雇用管理のため
②報酬支払、税務処理、福利厚生の提供および健康管理のため
③当社の採用活動および販売促進活動等その他PR活動のため

(3)株主の個人情報
①会社法その他の法令に基づく権利・義務の履行のため
②株主としての地位に対し、当社から株主優待品の発送および株主優待サービスに関する情報を提供するため
③株主との関係を円滑にする各種の方策を実施するため
④株主のデータを作成する等、株主管理のため
⑤当社が行う企画の実施のため

第2条(個人情報の安全管理措置)

当社は、個人情報の取り扱いに関する規程を明確にし、従業者に周知徹底させ、必要な安全対策を実施することにより、個人情報への不正アクセスまたは個人情報の紛失、破壊、改ざん、漏洩等を防止します。また、内部監査の結果およびセキュリティ事故の実例、本人からの指摘または要望等により改善が必要とされる場合は、速やかにこれを是正します。

第3条(個人情報の提供)

個人情報の管理は、厳重に行うこととし、次に掲げる場合を除き、本人の同意がない限り、第三者に対しデータを開示または提供することはいたしません。

①人の生命、身体または財産の保護のために必要がある場合であって、本人の同意を得ることが困難である場合
②公衆衛生の向上または児童の健全な育成の推進のために特に必要がある場合であって、本人の同意を得ることが困難である場合
③国の機関若しくは地方公共団体またはその委託を受けた者が法令の定める事務を遂行することに対して協力する必要がある場合であって、本人の同意を得ることにより当該事務の遂行に支障を及ぼすおそれがある場合
④業務を円滑に遂行するため、利用目的の達成に必要な範囲内において個人情報の取扱いの全部または一部を委託する場合
⑤合併その他の事由による事業の承継に伴って個人情報が提供される場合
⑥個人情報を特定の者との間で共同して利用する場合であって、共同して利用をする旨、共同して利用される個人情報の項目、共同して利用する者の範囲、利用する者の利用目的ならびに当該個人情報の管理について責任を有する者の氏名または名称および住所ならびに法人にあってはその代表者の氏名について、あらかじめ本人に通知し、または本人が容易に知り得る状態に置いた場合
⑦その他法令で認められる場合

第4条(個人情報の取扱いの委託)

当社は、利用目的の達成に必要な範囲内において、個人情報の取扱いの全部または一部を委託する場合がございます。この場合、当社は、委託先としての適格性を十分審査するとともに、契約にあたって守秘義務に関する事項等を定め、委託先に対する必要かつ適切な監督を行います。

第5条(個人情報の共同利用)

当社は、利用目的の達成に必要な範囲で、個人情報を以下の目的および範囲で共同利用することがございます。

(1)共同利用の目的
第1条と同じ

(2)共同利用する個人情報の範囲
①お客様:氏名、生年月日、性別、住所、電話番号、メールアドレス、当社サービスの利用状況、購買履歴等
②従業員、役員およびそれぞれの採用希望者:氏名、生年月日、性別、住所、電話番号、メールアドレス、経歴、人事評価等

(3)共同利用する者の範囲
当社のグループ会社(https://www.united-arrows.co.jp/ir/store/others.html )

(4)個人情報の管理について責任を有する者
株式会社ユナイテッドアローズ(代表者 松崎 善則)

第6条(個人情報の開示および利用目的の通知)

1. 当社は、本人から当該本人が識別される保有個人データの利用目的の通知を求められたときは、本人に対し、遅滞なくこれを通知します。但し、次の各号のいずれかに該当する場合は、その全部または一部を開示しないこともあり、開示しない決定をした場合には、その旨を遅滞なく通知します。

(1)保有個人データの利用目的が明らかである場合
(2)利用目的を本人に通知することにより本人または第三者の生命、身体、財産その他の権利利益を害するおそれがある場合
(3)利用目的を本人に通知することにより当社の権利または利益が侵害されるおそれがある場合
(4)国の機関または地方公共団体が法令の定める事務を遂行することに対して協力する必要がある場合であって、利用目的を本人に通知することにより当該事務の遂行に支障を及ぼすおそれがあるとき

2. 当社は、本人から当該本人が識別される保有個人データの開示を求められたときは、本人に対し、遅滞なくこれを開示します。ただし、開示することにより次のいずれかに該当する場合は、その全部または一部を開示しないこともあり、開示しない決定をした場合には、その旨を遅滞なく通知します。

(1)本人または第三者の生命、身体、財産その他の権利利益を害するおそれがある場合
(2)当社の業務の適正な実施に著しい支障を及ぼすおそれがある場合

3. その他法令に違反することとなる場合前項の規定は、本人から当該本人が識別される個人データに係る第三者提供記録(当該記録の存否が明らかになることにより次のいずれかに該当するものを除きます。以下同じ。)について開示を求められた場合について準用します。

(1)本人または第三者の生命、身体または財産に危害が及ぶおそれがあるもの
(2)違法または不当な行為を助長し、または誘発するおそれがあるもの
(3)国の安全が害されるおそれ、他国もしくは国際機関との信頼関係が損なわれるおそれまたは他国もしくは国際機関との交渉上不利益を被るおそれがあるもの
(4)犯罪の予防、鎮圧または捜査その他の公共の安全と秩序の維持に支障が及ぶおそれがあるもの

第7条(個人情報の訂正等)

1. 本人が識別される保有個人データが誤った情報である場合には、本人の請求により、当社が定める手続きに従い個人情報の訂正、追加または削除(以下、「訂正等」といいます。)を行います。

2. 当社は、本人から前項の請求を受けてその請求に応じる必要があると判断した場合には、遅滞なく、当該個人情報の訂正等を行い、これを本人に通知します。また、訂正等を行わない旨の決定をしたときは、本人に対し、遅滞なくその旨を通知します。

第8条(個人情報の利用停止等)

1. 当社は、本人から、以下の各号に定める場合に該当するとして、本人が識別される保有個人データの利用の停止または消去(以下「利用停止等」といいます。)を求められた場合には、遅滞なく必要な調査を行い、その結果に基づき、法令に従って、必要な限度で保有個人データの利用停止等を行い、その旨(利用停止等を行わない旨の決定をした場合はその旨)本人に通知します。ただし、保有個人データの利用停止等に多額の費用を有する場合その他利用停止等を行うことが困難な場合であって、本人の権利利益を保護するために必要なこれに代わるべき措置をとれる場合は、この代替策を講じます。

(1)利用目的(事業承継に伴って取得した場合には、承継前における利用目的)の範囲を超えて取り扱われている場合
(2)偽りその他不正の手段により取得された個人情報または本人の同意を得ずに(法令に基づく場合を除きます。)取得された要配慮個人情報を含む場合
(3)違法または不当な行為を助長し、または誘発するおそれがある方法により利用されている場合
(4)当社が本人の識別される保有個人データを利用する必要がなくなった場合
(5)要配慮個人情報が含まれる個人データの漏えい、滅失若しくは毀損(以下「漏えい等」といいます。)が発生し、または発生したおそれがある場合
(6)不正に利用されることにより財産的被害が生じるおそれがある個人データの漏えい等が発生し、または発生したおそれがある場合
(7)不正の目的をもって行われたおそれがある個人データの漏えい等が発生し、または発生したおそれがある場合
(8)個人データにかかる本人の数が千人を超える漏えい等が発生し、または発生したおそれがある場合
(9)当該保有個人データの取扱いにより本人の権利または正当な利益が害されるおそれがある場合

2. 当社は、本人から、以下の各号に定める場合に該当するとして、本人が識別される保有個人データの第三者への提供の停止を求められた場合には、遅滞なく必要な調査を行い、その結果に基づき、法令に従って、必要な限度で保有個人データの第三者への提供を停止し、その旨(第三者への提供を停止しない旨の決定をしたときはその旨)本人に通知します。ただし、保有個人データの第三者提供の停止に多額の費用を要する場合その他の第三者への提供を停止することが困難な場合であって、本人の権利利益を保護するために必要なこれに代わるべき措置をとれる場合は、この代替策を講じます。

(1)本人の識別される保有個人データが第3条の規定に違反して第三者に提供されている場 合
(2)前項第4号乃至第9号の場合

第9条(個人情報の開示等の手続き)

1. 当社は、本人からの保有個人データの開示、利用目的の通知、訂正等、利用停止等もしくは第三者提供の停止または本人の識別される個人データに係る第三者提供記録の開示(以下「開示等」といいます。)を以下の場合を除いて対応いたします。

(1)本人であることが確認できない場合
(2)代理権が確認できない場合
(3)その他法令に基づき開示等しないことができる場合

2. 本人は、前項の開示等を求める場合は、以下所定の手続きに従って請求するものとします。

(1)開示等の請求先
当社カスタマーサービスデスク
〒107-0052 東京都港区赤坂8丁目1−19
フリーダイヤル 0120-559-652 土曜、日曜、年末年始を除く(10:00~17:00)
※営業日および営業時間を変更する場合がございます。当社HPにてご確認ください。

(2)開示手続き
①郵送、メールの場合:当社所定の書式にご記入いただき、ご提出ください。
②お電話の場合:お電話にて①と同等の内容をご回答ください。

(3)開示等の求めに際する本人確認方法
①郵送、メールの場合:運転免許証、個人番号カード(表面のみ)、パスポート等の顔写真 付の公的証明書のコピー
②お電話の場合:氏名、住所、生年月日、電話番号等当社がご本人であると判断できる情報

(4)代理人による開示等の求め
開示等の求めをする方が本人、十分な判断能力を有していないなどの未成年者もしくは成年被後見人の法定代理人または開示等の求めをすることを本人が委任した代理人である場合は、前号の書類に加えて以下の証明書類をご提出いただくことが必要になります。

①法定代理人の場合:
・戸籍謄本、戸籍抄本、登記事項証明書等90日以内に発行された資格を証明するいずれ  かの書類
・運転免許証、パスポートその他当該代理人であることを証明する書類

②任意代理人の場合:
・本人が署名捺印した委任状、印鑑証明(委任状の印鑑)その他代理権を証明する書類
・運転免許証、パスポートその他当該代理人であることを証明する書類

(5)利用目的の通知ならびに保有個人データおよび第三者提供記録の開示の求めに関する手数料および徴収方法
手数料は1回のお求めごとに800円(手数料および書留郵便料金)となります。800円分の郵便切手を申請書類にご同封ください。手数料が不足していた場合は、その旨をご連絡いたしますので、所定の期間内に不足分の補填をお願いいたします。期間内に補填が無かった場合は、申請がなかったものとみなします。

※証明書発行、郵便費用および交通費その他の実費等は、申請者のご負担となります。

(6)開示および利用目的の通知の求めに対する回答方法
ご本人または代理人が指定した方式に従って開示または通知します。ただし、当該方法による開示に多額の費用を要する場合その他の当該方法によることが困難である場合にあっては書面の交付による方法によって開示または通知されます。

第10条(個人情報保護方針の変更手続)

当社は個人情報保護方針の内容を適宜見直し、その改善に努めます。個人情報保護方針の内容は、法令その他本ポリシーに別段の定めのある事項を除いて、変更することができるものとします。変更後の個人情報保護方針は、当社所定の方法により、本人に通知し、または当社ウェブサイトに掲載したときから効力を生じるものとします。

第11条(法令、規範の遵守)

当社は、個人情報の取り扱いにおいて、個人情報の保護に適用される法令・通達およびその他の諸規程を遵守し、個人情報が適正に取り扱われるよう継続的な改善に取り組むこととします。

第12条(苦情および相談への対応)

当社は、個人情報の取扱いに関する本人からの苦情、相談を受け付け、適切かつ迅速に対応いたします。また、本人からの当該個人情報の開示、訂正、追加、削除、利用または提供の拒否などのご要望に対しても、迅速かつ適切に対応いたします。

第13条(お問い合わせ窓口)

当社の個人情報の取扱に関するお問い合せは下記までご連絡ください。

当社カスタマーサービスデスク
フリーダイヤル 0120-559-652 土曜、日曜、年末年始を除く(10:00~17:00)
※営業日および営業時間を変更する場合がございます。当社HPにてご確認ください。

2022年4月
東京都渋谷区神宮前三丁目28番1号
株式会社ユナイテッドアローズ
代表取締役 社長執行役員 CEO 松崎 善則

Privacy Policy

UNITED ARROWS LTD. (the “Company”) fully acknowledges that, as an entity handling personal information, it has a serious responsibility regarding the management of personal information. In addition to complying with the Act on the Protection of Personal Information and related laws and regulations, the Company has established a basic policy on personal information protection and ensures that all of its employees are fully aware of such policy. Moreover, the Company reliably manages personal information and provides a continuous sense of security to specific individuals identified by personal information, including our customers (“Data Subjects”).

Article 1 (Collection and Use of Personal Information)

The Company collects personal information and uses the collected information to the extent necessary for the following purposes. If the Company uses personal information beyond the scope of the following purposes, the Company will obtain the prior consent of the relevant Data Subject by an appropriate method:

(1) Personal information of customers
(i) Verification of the customer;
(ii) Proper operation and provision of the Company’s services;
(iii) Confirmation of a product order, delivery of the product, communication and application processing;
(iv) Provision of after-sales services such as the repair of products;
(v) Management of members, such as admission and withdrawal procedures;
(vi) Distribution of email newsletters to those who wish to receive them, operation of a loyalty program, etc. and provision of information on various services, such as conducting a questionnaire survey;
(vii) Marketing analysis (referring to sales result analysis and access analysis, etc.);
(viii) Introduction, announcement and publicity of information on new products and services provided by the Company;
(ix) Response to inquiries about products and services (referring to layaway, repair and delivery, etc.) provided by the Company and the history of credit card use;
(x) Investigation of the access history and use status of members;
(xi) Response to fraudulent acts; and
(xii) Other improvement of services.

(2) Personal information of employees, officers (directors and executive officers) and candidates therefor
(i) Business communication, preparation of a list of members, various procedures required by law and other employment management;
(ii) Payment of remuneration, tax procedures, provision of employee benefits and health management; and
(iii) The Company’s recruitment activities and PR activities, including promotional activities.

(3) Personal information of shareholders
(i) Exercise of rights and performance of obligations under the Companies Act or other laws and regulations;
(ii) Provision of information on the delivery of shareholder benefit gifts and shareholder benefit services from the Company to persons with shareholder status;
(iii) Implementation of various measures to facilitate the relationship with shareholders;
(iv) Management of shareholders such as preparation of shareholder data; and
(v) Execution of a plan by the Company.

Article 2 (Security Control Measures for Personal Information)

The Company prevents unauthorized access to, as well as the loss, destruction, alteration, leakage, etc. of personal information by clearly establishing regulations for handling personal information, ensuring that employees are fully aware of such regulations and taking necessary security measures. If the regulations are required to be improved as a result of an internal audit, an actual security accident, indication or request from a Data Subject, etc., the Company will promptly correct the regulations.

Article 3 (Provision of Personal Information)

The Company will strictly manage personal information and will not disclose or provide any personal data to a third party without the relevant Data Subject’s consent unless:

(1) Disclosure is required to protect human life, person or property and it is difficult to obtain the Data Subject’s consent;
(2) Disclosure is specifically required to improve public health or promote the sound development of children and it is difficult to obtain the Data Subject’s consent;
(3) The Company is required to cooperate with national organizations or local public bodies, or a person to whom services are outsourced by them, in performing their statutory administrative work and obtaining the Data Subject’s consent is likely to hinder the performance of such administrative work;
(4) The Company outsources all or part of the handling of personal information to a third party to the extent necessary to achieve the purpose of use of personal information in order to perform its business smoothly;
(5) Personal information is provided in conjunction with business succession due to a merger or other reasons;
(6) The Company jointly uses personal information with specific persons and notifies the Data Subject in advance of the joint use of personal information, items of personal information to be jointly used, the scope of persons who will jointly use the personal information, the purpose of use by such persons, and the name and address of the person responsible for the management of the personal information (if the person is a corporation, the name of the representative) or makes such information easily available to the Data Subject; or
(7) Where otherwise permitted by laws and regulations.

Article 4 (Outsourcing of Handling of Personal Information)

The Company may outsource all or part of the handling of personal information to a third party to the extent necessary to achieve the purpose of use of personal information. In this case, the Company will, in addition to fully assessing the qualification of the outsourcee, prescribe matters concerning confidentiality obligations in executing an agreement with the outsourcee and provide necessary and appropriate supervision of the outsourcee.

Article 5 (Joint Use of Personal Information)

The Company may jointly use personal information for the following purposes and within the following scope to the extent necessary to achieve the purpose of use of personal information.

(1) Purpose of joint useThe same purposes as those set forth in Article 1.

(2) Scope of personal information to be jointly used
(i) Customers: Name, date of birth, sex, address, telephone number, email address, status of use of the Company’s services, purchase history, etc.
(ii) Employees, officers and candidates therefor: Name, date of birth, sex, address, telephone number, email address, background, personnel evaluation, etc.

(3) Scope of persons who jointly use personal information The Company’s group companies (https://www.united-arrows.co.jp/ir/store/others.html)

(4) Person responsible for the management of personal information UNITED ARROWS LTD. (Representative: Yoshinori Matsuzaki)

Article 6 (Disclosure of Personal Information and Notice of Purpose of Use)

1. If the Company is requested by a Data Subject to provide notice of the purpose of use of his/her personal data possessed by the Company that can identify the Data Subject, the Company will provide such notice to the Data Subject without delay; provided, however, that in any of the following cases, the Company may not disclose all or part of the purpose. If the Company decides not to disclose it, the Company will notify the Data Subject to that effect without delay:

(1) The purpose of use of personal data possessed by the Company is obvious;
(2) Giving notice of the purpose of use to the Data Subject is likely to harm the Data Subject’s or a third party’s life, person, property or other rights or interests;
(3) Giving notice of the purpose of use to the Data Subject is likely to infringe the Company’s rights or interests
(4) The Company is required to cooperate with national organizations or local public bodies in performing their statutory administrative work and giving notice of the purpose of use to the Data Subject is likely to hinder the performance of such administrative work;

2. If the Company is requested by a Data Subject to disclose his/her personal data possessed by the Company that can identify the Data Subject, the Company will disclose the relevant personal data to the Data Subject without delay; provided, however, that if the disclosure may result in any of the following cases, the Company may not disclose all or part of the relevant personal data. If the Company decides not to disclose it, the Company will notify the Data Subject to that effect without delay:

(1) The Data Subject’s or a third party’s life, person, property or other rights or interests are likely to be harmed; or
(2) The Company’s proper performance of its business is likely to be significantly interfered with.

3. In other cases that may result in the Company breaching laws and regulations; the provisions of the preceding paragraph apply mutatis mutandis to the case where the Company is requested by a Data Subject to disclose records provided by a third party related to personal data that can identify the Data Subject (excluding those for which revealing the existence of the records may result in any of the following cases; the same applies hereinafter):

(1) The Data Subject’s or a third party’s life, person or property is likely to be harmed;
(2) An illegal or wrongful act is likely to be promoted or triggered;
(3) National security is likely to be harmed, a relationship of trust with another country or an international organization is likely to be damaged, or it is likely to cause a disadvantage in negotiations with another country or an international organization; or
(4) The prevention, suppression or investigation of crimes, and the maintenance of public safety and public order are likely to be impeded.

Article 7 (Correction of Personal Information)

1. If personal data possessed by the Company that can identify a Data Subject is incorrect, the Company will, upon request from the Data Subject, correct, add to or delete the personal data in accordance with the procedures prescribed by the Company (such act shall be hereinafter referred to as “Correction, Etc.”).

2. Upon receiving a request from the Data Subject as set forth in the preceding paragraph, if the Company determines that the Company needs to comply with such request, the Company will make Correction, Etc. of the relevant personal information and notify the Data Subject thereof without delay. If the Company decides not to make Correction, Etc., the Company will notify the Data Subject to that effect without delay.

Article 8 (Suspension of Use, Etc. of Personal Information)

1. If the Company is requested by a Data Subject to suspend the use of personal data possessed by the Company that can identify the Data Subject or to delete such personal data, based on the allegation that the personal data falls under any of the following items (such suspension of use or deletion shall be hereinafter referred to as “Suspension of Use, Etc.”), the Company will conduct a necessary investigation without delay, perform the Suspension of Use, Etc. of the relevant personal data possessed by the Company to the extent necessary based on the results of the investigation and in accordance with laws and regulations, and notify the Data Subject of the performance of the Suspension of Use, Etc. (or a decision not to perform the Suspension of Use, Etc., if applicable); provided, however, that if the Suspension of Use, Etc. of personal data possessed by the Company would require a significant amount of expenses or is otherwise impracticable and if the Company can take an alternative measure necessary to protect the Data Subject’s rights and interests, the Company will take such alternative measure.

(1) The personal data has been handled beyond the scope of the purpose of use (or the purpose of use before succession if the personal data has been obtained in connection with business succession);
(2) The personal data contains personal information obtained by deception or other wrongful means or special care-required personal information obtained without the Data Subject’s consent (excluding that obtained pursuant to laws and regulations);
(3) The personal data has been used in a way that is likely to promote or trigger an illegal or wrongful act;
(4) The personal data possessed by the Company that can identify the Data Subject no longer needs to be used;
(5) A leakage, loss of, or damage to, (“Leakage, Etc.”) personal data containing special care-required personal information occurs or is likely to occur;
(6) A Leakage, Etc. of personal data that may cause property damage as a result of the wrongful use of the personal data occurs or is likely to occur;
(7) A Leakage, Etc. of personal data, which may have been made for a wrongful purpose, occurs or is likely to occur;
(8) A Leakage, Etc. of personal data of more than a thousand Data Subjects occurs or is likely to occur; or
(9) The handling of the personal data possessed by the Company is likely to harm the Data Subject’s rights or legitimate interests.

2. If the Company is requested by a Data Subject to suspend the provision to a third party of personal data possessed by the Company that can identify the Data Subject, based on the allegation that the personal data falls under any of the following items, the Company will conduct a necessary investigation without delay, suspend the provision to the third party of the relevant personal data possessed by the Company to the extent necessary based on the results of the investigation and in accordance with laws and regulations, and notify the Data Subject of the suspension (or a decision not to suspend the provision to the third party, if applicable); provided, however, that if suspension of the provision to a third party of personal data possessed by the Company would require a significant amount of expenses or is otherwise impracticable and if the Company can take an alternative measure necessary to protect the Data Subject’s rights and interests, the Company will take such alternative measure.

(1) The personal data possessed by the Company that can identify the Data Subject has been provided to a third party in breach of Article 3 hereof; or
(2) In the case of Items 4 through 9 of the preceding paragraph.

Article 9 (Procedures for Disclosure, Etc. of Personal Information)

1. The Company will respond to a request from a Data Subject for the disclosure of personal data possessed by the Company, notice of the purpose of use, Correction, Etc., Suspension of Use, Etc. or suspension of provision to a third party, or disclosure of records provided by a third party related to personal data that can identify the Data Subject (“Disclosure, Etc.”) unless:

(1) It cannot be confirmed that the Data Subject is the person to whom the personal data belongs;
(2) The attorney’s power of attorney cannot be confirmed; or
(3) In other cases where Disclosure, Etc. may be avoided pursuant to laws and regulations.

2. If a Data Subject requests Disclosure, Etc. as set forth in the preceding paragraph, the Data Subject shall make a request pursuant to the following procedures:

(1) Destination of request for Disclosure, Etc.
Customer Service Desk of the Company
1-19 Akasaka 8-chome, Minato-ku, Tokyo, 107-0052
Toll-free number: 0120-559-652, excluding Saturdays, Sundays, year-end and new-year holidays (10:00 - 17:00)
* Business days and working hours may be changed. Please check for any changes on the Company’s official website.

(2) Procedures for disclosure
(i) Via mail or email: Please fill out a form designated by the Company and send it to the Company; or
(ii) By telephone: Please provide the Company with the same details as those to be filled out on the form set forth in (i) above by telephone.

(3) Method of identity verification upon request for Disclosure, Etc.
(i) Via mail or email: A driver’s license, an individual number card (only the front side), a copy of an official certificate with a face photo such as a passport; or
(ii) By telephone: Information from which the Company can determine that the Data Subject is the person to whom the relevant personal data belongs, including name, address, date of birth, telephone number.

(4) Request by an agent for Disclosure, Etc. If the person who requests Disclosure, Etc. is a statutory representative of a Data Subject or a minor who does not have sufficient ability to make a proper judgement or an adult ward, or an attorney-in-fact engaged by the Data Subject to make a request for Disclosure, Etc., the person needs to submit the following certificates in addition to the documents set forth in the preceding item:

(i) If the person is a statutory representative:
• Any document issued within the past 90 days that certifies the person’s qualification, such as a copy of a family register, an abstract of a family register, a certificate of registered information; and
• A driver’s license, passport or other document that certifies that the person is a legal representative.

(ii) If the person is an attorney-in-fact:
• A power of attorney signed and sealed by the Data Subject, a certificate of a seal impression (of the seal used for the power of attorney) or other document that certifies the attorney’s power of attorney
• A driver’s license, passport or other document that certifies that the person is an attorney-in-fact.

(5) Fee for requesting notice of the purpose of use and for disclosure of personal data possessed by the Company and records provided by a third party
The fee for making a request is 800 yen (including postage for registered mail). Please send a postage stamp(s) in the amount of 800 yen together with the application documents. If the fee is underpaid, the Company will notify the applicant thereof. Please pay the deficiency within the prescribed period. If the deficiency is not paid within said period, the Company will deem that no application has been made.
* Actual expenses such as a fee for the issuance of a certificate, postage fees and travel expenses shall be borne by the applicant.

(6) Method of response to request for disclosure and notice of the purpose of use Disclosure or notice will be made by the method designated by the Data Subject or his/her agent; provided, however, that if disclosure by such method would require a significant amount of expenses or is otherwise impracticable, the Company will make such disclosure or notice by delivering a document.

Article 10 (Procedures for Amendment to Privacy Policy)

The Company reviews the content of this Privacy Policy, as appropriate, and endeavors to improve it. The content of this Privacy Policy may be amended unless otherwise prescribed by laws and regulations or other provisions of this Privacy Policy. An amended privacy policy shall take effect when Data Subjects have been notified by the method prescribed by the Company or when it is published on the Company’s website.

Article 11 (Compliance with Laws, Regulations and Rules)

The Company complies with applicable laws, regulations, directives and other various rules in handling personal information and works on continual improvement to ensure that personal information is properly handled.

Article 12 (Response to Complaints and Consultation)

The Company will receive complaints and consultation from Data Subjects in connection with the handling of personal information, and properly and promptly respond thereto. In addition, the Company will promptly and properly respond to a request from a Data Subject for the disclosure, correction, addition to, deletion, use or non-provision, etc. of personal information.

Article 13 (Point of Contact for Inquiry)

If you have an inquiry about the Company’s handling of personal information, please contact: Customer Service Desk of the Company
Toll-free number: 0120-559-652, excluding Saturdays, Sundays, year-end and new-year holidays (10:00 - 17:00)
* Business days and working hours may be changed. Please check for any changes on the Company’s official website.

April 2022
28-1 Jingumae 3-chome, Shibuya-ku, Tokyo
UNITED ARROWS LTD.
Yoshinori Matsuzaki, Representative Director, President and CEO

Privacy Policy for GDPR

This Privacy Policy sets forth the policy which will be applied with respect to the processing of Personal Data concerning data subjects in the European Economic Area (“EEA”) in accordance with the General Data Protection Regulation (“GDPR”).

1. Types of Personal Data

In this Privacy Policy, “Personal Data” means any data relating to an identified or identifiable natural person. We may collect and process the following types of Personal Data.

(1) Personal Data that you provide to us

When exchanging business cards or contact information, we collect and process the Personal Data that you provide to us, including your company name, company address and department name, name, telephone number, mobile phone number and email address.

(2) Personal Data that we obtain from other sources

When you buy our products through the internet, we collect, process and share Personal Data including name, gender, age, address, member ID, registered country, selected language, details of products purchased (including, product name, purchase volume, price, composition, country of origin and HS code), order number, date of order, invoice number and freight cost, from our online trading platform.

2. Collection, use and disclosure of Personal Data

(1) Purposes of use of Personal Data

We collect, process and provide your Personal Data in order to achieve the purposes notified individually to you or set forth below. The legal basis for such processing is noted in brackets.

・For contact:

- to communicate with you concerning business transactions (consent and legitimate interest in maintaining our business relationship with you).

・For selling our products through the internet:

- to confirm your order, deliver products to you and collect payments from you (consent and performance of contract);
- for accounting (consent and legitimate interest in running our business);
- for tax affairs (consent and legitimate interest in running our business);
- to provide after-sales service, including return of products (consent and performance of contract);
- to send you marketing communications and personalized offers (consent and legitimate interest in running our business); and
- to provide the Personal Data to third parties as set forth in this Privacy Policy (consent and legitimate interest in running our business).

(2) Additional processing

In the case of processing the Personal Data for purposes other than the above, we will notify you in advance of such purposes of use and other matters as required by applicable laws.

(3) Consent

We will process the Personal Data on the basis that processing is necessary for the performance of a contract to which you are a party, for the purposes of the legitimate interests pursued by us, as well as on the basis that you have provided consent for us to do so when you indicated your acceptance of this Privacy Policy.
You may withdraw such consent at any time; provided, however, that this will not affect the lawfulness of any processing carried out before your withdrawal of such consent.
In obtaining Personal Data from you under the age of twenty (20), we will, at all times, ask for your guardian’s consent or the consent authorized by the guardian. In the event that anyone under the age of twenty (20) wishes to buy our products, we ask them to make sure that consent is given or authorized by their guardian.

(4) Necessity of providing Personal Data

The Personal Data that you are to provide is necessary in order for us to provide our services to you. Therefore, there may be cases where you will not be able to use the services if you have not provided such Personal Data to us.

(5) Retention period

We will retain your Personal Data for as long as such data is necessary to provide the services to you, but we will promptly delete the same in the case such data is no longer needed.

(6) Transfer of Personal Data

We may provide your Personal Data to third parties such as our subsidiaries and affiliates, cloud vendors, outside contractors and professionals (including tax firms and law firms), etc., and your Personal Data will be processed by such third parties in order to carry out the purposes of use specified above.
As a result, your Personal Data may be transferred to entities in countries or jurisdictions outside the EEA (including, without limitation, Japan).
Please note that such countries or jurisdictions may not have the same data protection laws as the EEA, and many of the rights provided to data subjects in the EEA will not be given. In addition to the above, in the case that we provide your Personal Data to any third party located in a country or jurisdiction outside the EEA, we will ensure that adequate measures are taken concerning the protection of your Personal Data.

3. Data subject’s rights

You may make a request to us for access to, correction or deletion of, or restriction of processing of your Personal Data, and may make a request for data portability with regard to your Personal Data retained by us. When we receive a request based on the right specified above, we will conduct any necessary investigation without delay and provide you or a nominated third party with the Personal Data or respond to such rights without delay.
Please note that you may raise an objection to the data protection authorities having jurisdiction over us or the location of your domicile with regard to the processing of your Personal Data.

4. Inquiries

If you have any questions or concerns regarding this Privacy Policy or our processing of Personal Data, or any requests concerning the access to, rectification or erasure of, or restriction of processing of Personal Data, or with regard to data portability, please contact us at the following:

UNITED ARROWS LTD.

[Department] Customer Support
[Address] 3-28-1 Jingumae, Shibuya-ku, Tokyo 150-0001 Japan
[Email address] CS-GDPR@united-arrows.co.jp
[Phone number] +81-3-5785-6325

5. Revision of this Privacy Policy

We may change the contents of this Privacy Policy when necessary. We will announce the revised Privacy Policy on this website when a revision is made. Please make sure to regularly check the contents of this Privacy Policy.
After the policy is revised, you shall be deemed to have agreed to the revised policy when you use our services or view this Privacy Policy.

Effective date: April 1, 2022
UNITED ARROWS LTD. Representative Director, President and CEO: Yoshinori Matsuzaki

個人情報に関するお問い合わせは、カスタマーサービスデスクまでお願いいたします。
フリーダイヤル 0120-559-652 土曜、日曜、年末年始を除く(10:00~17:00)
※2020/10/1より、当面の間、営業時間を変更させていただいております。