Who controls your personal data?

The controller of your personal data is the operator of the Online Store providing the Peko Peko Box service.

The Store operator processes personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (GDPR).

What personal data we collect

When using the Store or placing an order, we may collect the following categories of personal data:

• Full name
• Email address
• Delivery address
• Billing information
• Order and transaction history
• Communication with customer support
• Technical information such as IP address or browser data

Purpose of processing personal data

Your personal data may be processed for the following purposes:

• Processing and fulfilling orders and subscriptions
• Payment processing
• Shipping and delivery of products
• Handling complaints, returns, and customer inquiries
• Providing customer support
• Complying with legal obligations (such as accounting or tax regulations)
• Sending marketing communications if the Customer has provided consent

Legal basis for data processing

Personal data is processed on the following legal bases under GDPR:

• Performance of a contract – to process orders and deliver products
• Legal obligation – for accounting and regulatory compliance
• Legitimate interest – to operate and improve the Store
• Consent – for marketing communications where applicable

Who may receive your personal data

Your personal data may be shared with trusted third parties only when necessary to provide services related to your order.

• Payment processing providers
• Shipping and logistics companies (e.g., postal operators)
• IT service providers hosting the Store platform
• Accounting or legal service providers if required by law

Data is shared only to the extent necessary for order fulfillment and service operation.

International data transfers

As the Store operates internationally and ships products from Japan, personal data may be processed or stored outside the European Economic Area (EEA).

When transferring data outside the EU/EEA, appropriate safeguards are applied in accordance with GDPR to ensure that personal data remains protected.

Your data protection rights

Under GDPR, customers located in the European Union have the following rights:

• Right to access personal data
• Right to correct inaccurate data
• Right to request deletion of personal data (“right to be forgotten”)
• Right to restrict processing
• Right to data portability
• Right to object to processing based on legitimate interest
• Right to withdraw consent for marketing communications

Requests related to personal data may be submitted through the Store’s contact information.

Data retention period

Personal data is retained only for as long as necessary to fulfill the purposes described in this policy.

• Order data may be retained for accounting and tax compliance purposes
• Customer support communications may be retained for service improvement
• Marketing data is retained until consent is withdrawn

Cookies and website analytics

The Store may use cookies and similar technologies to improve the website experience and analyze how visitors use the Store.

• Essential cookies required for website functionality
• Analytics cookies used to improve Store performance
• Marketing cookies used only with user consent

Users may manage cookie preferences through their browser settings.

Security of personal data

The Store implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or disclosure.

Payment data is processed securely through certified payment providers and is not stored directly by the Store.

Changes to the Privacy Policy

The Store reserves the right to update this Privacy Policy when necessary, for example due to legal changes or updates to the Store’s services.

The latest version of the Privacy Policy will always be available on the Store website.