Privacy policy

Yom Co., Ltd. (the “Company” or “we”) collects, uses, and discloses personal information of the customers of our website (the “Customers”). This Privacy Policy applies to any and all of our processing of personal information (“Personal Information”) which we collect from our Customers.

In the processing of Personal Information, we will comply with this Privacy Policy, and the laws and regulations applicable to our processing of Personal Information (the “Applicable Laws”).

1. Processing of Personal Information

(1) Acquisition of Personal Information

In the operation of our business, we receive a variety of information regarding our Customers including, without limitation:
Customer’s name, address, postal code, telephone number, e-mail address, other contact information which the Customer provides us in using the services, date of birth, gender, order information (including records of personal property, products or services purchased, obtained or considered, or other purchasing or consumption history or tendencies), payment information (including credit or debit card type, expiration date, and certain digits forming part of the card number), usage data (browsing history, search history, etc.), technical data, which may include the IP address, the IDs of devices which the Customers are using to access or connect to the services, voice data, inquiry details, and other Personal Information which may be necessary in carrying out our business in a smooth and proper manner.

2. Purposes of Use of Personal Information Acquired from Customers

Scope of Purposes of Use

  • To provide services to registered members and enable their efficient use thereof;
  • To process and administer Customers’ personal accounts and register for services;
  • To send products that the Customers order or apply for;
  • To process payments.
  • To provide information regarding the Company’s services and other products, etc. through direct mail or email, etc.
  • To conduct research and analysis through questionnaires in order to improve our existing services, develop our new services, and maximize Customer satisfaction, etc.;
  • To improve or upgrade services or develop new services for our website or for various other online services;
  • For use in the event there is a need to maintain or acquire personal data to fulfill a legal obligation borne by the Company;
  • When responding to requests from the government or investigative agencies.
  • To properly respond to and manage inquiries received from Customers; and
  • To otherwise carry out the Company’s business in a smooth and proper manner.

3. Provision of Personal Information to Third Parties

We will not provide any Personal Information to third parties, except where we have justifiable grounds to do so, such as pursuant to the Applicable Laws, or otherwise in any of the following circumstances:

  • Cases based on the Applicable Laws;
  • Cases in which there is a need to protect the life, wellbeing, or property of an individual, and it is difficult to obtain the consent of the Customer;
  • Cases in which there is a special need to improve public wellbeing or promote healthy child development, and it is difficult to obtain the consent of the Customer;
  • Cases in which there is a need to cooperate with a national government organ, local government, or person entrusted thereby with performing the functions prescribed by the Applicable Laws, and obtaining the consent of the Customer is likely to interfere with the performance of those functions.
  • Cases in which we handle Personal Information as an academic research institution or the equivalent, and providing the Personal Information for the purpose of publishing academic research results or teaching is unavoidable (excluding cases in which there is a risk of unjustly infringing on individual rights and interests);
  • Cases in which we handle Personal Information as an academic research institution or the equivalent, and we need to provide the Personal Information for academic research purposes (including cases in which part of the purpose of handling the Personal Information is for academic research purposes, and excluding cases in which there is a risk of unjustly infringing on individual rights and interests) (limited to cases in which our Company and the third party jointly conduct academic research); and
  • Cases in which the third party is an academic research institution or the equivalent, and the third party needs to handle the Personal Information for academic research purposes (including cases in which part of the purpose of handling the Personal Information is for academic research purposes, and excluding cases in which there is a risk of unjustly infringing on individual rights and interests).

4. Provision of Personal Information to Third Parties Located in Foreign Countries

The Personal Information we acquire from our Customers may be provided to our partner companies or service entrustees located outside the countries in which our Customers are located (“Foreign Third Parties”). In such case, we will thoroughly examine the eligibility of the Foreign Third Party to whom the Personal Information is provided or entrusted, and confirm that appropriate measures for the processing of Personal Information are taken by such Foreign Third Parties from the perspective of security and the like.

Please note that the foreign countries where the Foreign Third Parties are located may change or be added as a result of the Company switching any of the existing partner companies, service entrustees, etc. to, or using, a new partner company, service entrustee, etc. In such case, we will inform the Customers of such changes in accordance with “8. Changes to Privacy Policy” below.

(a) List of Foreign Countries where the Foreign Third Parties are Located; Information on Personal Information Protection Systems in Such Countries

Singapore

With regard to the Personal Information protection systems, etc. in countries outside of Japan to which Personal Information may be provided, please see the following website of the Personal Information Protection Commission of Japan:

https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/#gaikoku (in Japanese only)

(b) Information on Measures Taken by the Foreign Third Parties to Protect Personal Information

The Foreign Third Parties take the same level of measures for the handling of Personal Information as those required by a “personal information handling business” in Japan.

5. Management of Personal Information

We have established a management system and implemented appropriate security measures to protect Personal Information from unauthorized access, loss, destruction, falsification, leakage, etc., and to ensure the accuracy and safety of Personal Information. In addition to restricting the entry of unauthorized persons into the office where we process Personal Information and conducting educational activities for all directors, employees, and other staff involved in the protection of Personal Information, we will appoint a person responsible for the management of Personal Information and strive to manage personal data in a suitable manner. For details of the security measures taken by the Company, please see “9. Contact Us” below.

6. Requests for Disclosure, etc. of Personal Data Retained by the Company

With regard to the Personal Information which we retain, we are able to accept Customer requests for: notification of the relevant purposes of use; disclosure, correction, addition to or deletion of the contents thereof; suspension of use; deletion; and suspension of provision to third parties. If the Customer wishes to consult with us regarding any of the foregoing procedures, they should please contact our consultation desk as specified in “9. Contact Us” below. However, please be advised in advance that we may not be able to make such disclosure, etc. due to provisions of Applicable Laws, etc.

7. Continuous Improvement

We will continuously review and improve our efforts to protect Personal Information in response to changes in Applicable Laws, processing methods, and changes in the business circumstances.

8. Changes to Privacy Policy

We may change all or any part of this Privacy Policy without prior notice, as a result of changes to any law or regulation, changes to our operating policies, or other circumstances. Customers are therefore requested to refer to the latest version of this Privacy Policy. Any particularly important changes to this Privacy Policy will be announced on our website.

9. Contact Us

If a Customer wishes to make any complaints or consultations concerning the Company’s handling of Personal Information, they should contact us as set forth below:

Contact Information:
Yom Co., Ltd.
2-34-17, Sumitomo Realty & Development Harajuku Building 16F, Jingumae, Shibuya-ku, Tokyo, 150-0001, Japan
https://www.us.marlmarl.com/pages/contact

Supplementary Provisions Regarding the Handling of Personal Information Outside Japan

Any and all of our processing of Personal Information of any of our Customers who reside outside Japan shall be subject to the aforementioned Privacy Policy and these supplementary provisions (these “Supplementary Provisions”). If there is any difference between the provisions of these Supplementary Provisions and the aforementioned Privacy Policy, the provisions of these Supplementary Provisions shall prevail.

1. Processing of Personal Information

(1) Acquisition of Personal Information

We acquire Personal Information by legal and ethical methods, and at the same time, devote our utmost attention to making sure Personal Information is only used for purposes that are clearly specified in advance. When we ask Customers to provide their Personal Information, we will inform them of the purposes of acquisition and the details of use of such Personal Information in advance. Processing of Personal Information will be conducted within the scope of our legitimate business purposes and only to the extent necessary to achieve the purposes set forth in “(2) Purposes of Processing” below.

The Personal Information we collect from our Customers includes, without limitation, the following information:

Customer’s name, address, postal code, telephone number, e-mail address, other contact information the Customer provides us in using the services, date of birth, gender, order information (including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consumption history or tendencies), payment information (including credit or debit card type, expiration date, and certain digits forming part of the card number), usage data (browsing history, search history, etc.), technical data, which may include the IP address, the IDs of devices which the Customers are using to access or connect to the services, voice data, inquiry details, and other Personal Information which may be necessary in carrying out the Company’s business in a smooth and proper manner.

Some of the Personal Information is necessary for us to enter into contracts with Customers or companies to which the Customers belong. In the event that Customers do not provide us with certain information when requested, we may not be able to provide them with our full support with respect to our services.

We collect Personal Information of the Customers by the following methods:

  • (i) When the Customer enters information into the Company’s website for their membership registration, ordering and shipping; and
  • (ii) When the Customer contacts our customer service or corresponds with us via phone, email or otherwise.

(2) Purposes of Processing

The Personal Information provided to us will be used within the scope of our legitimate business purposes or as needed to fulfil obligations under a contract, and to the extent necessary to achieve those purposes set out below:

  • To provide services to registered members and enable their efficient use thereof;
  • To process and administer Customers’ personal accounts and register for services;
  • To send products that the Customers order or apply for;
  • To process payments.
  • To provide information regarding the Company’s services and other products, etc. through direct mail or email, etc.
  • To conduct research and analysis through questionnaires in order to improve our existing services, develop our new services, and maximize Customer satisfaction, etc.;
  • To improve or upgrade services or develop new services for our website or for various other online services;
  • For use in the event there is a need to maintain or acquire personal data to fulfill a legal obligation borne by the Company;
  • When responding to requests from the government or investigative agencies.
  • To properly respond to and manage inquiries received from Customers; and
  • To otherwise carry out the Company’s business in a smooth and proper manner.

(3) Provision and Cross-Border Transfer of Personal Information

Subject to the Customer’s consent, we will disclose Personal Information as listed in “(1) Acquisition of Personal Information” to our business partners, such as service vendors, service providers, credit card or payment processors, customer support tools or IT and security service providers, so long as such disclosure is conducted within the purposes and means set forth in “(2) Purposes of Processing” above. As a result of the disclosure, Personal Information may be transferred to locations outside of the countries/regions in which the Customers are located, including Japan. The personal information protection laws in such transferred locations may not have the same standard of protection as that of the Customers’ location. In such cases, we will thoroughly examine the eligibility of the party to which the Personal Information is provided or entrusted and confirm that appropriate security measures are taken in the processing of Personal Information from the perspective of ensuring the security of Personal Information, and we will take reasonable steps to ensure that such party complies with Applicable Laws.

(4) Procedures for Access, Issuing Copies, Disclosure, Correction, etc. of Personal Information

If Customers wish to request access to, issuance of copies of, disclosure, correction, addition, deletion, suspension of use, or suspension of provision to a third party, etc., of Personal Information as permitted under the Applicable Laws, or wish to lodge a complaint about our compliance with the Applicable Laws, they should contact us as shown in “6. Contact Us” below. The Company will usually respond to such Personal Information requests within a reasonable period of time, once we have been able to confirm that the request or complaint has been made by the Customer of the Personal Information and that the Customer is eligible to exercise their rights under the Applicable Laws. Should we not be able to respond to a Customer’s request for access, issuance of a copy or disclosure within twenty (20) days after receiving such request, we will be able to extend the term for up to another twenty (20) days. Should we not be able to respond to a Customer’s request other than for access, issuance of a copy or disclosure within thirty (30) days after receiving the request, we will be able to extend the term for up to another thirty (30) days. If we extend the term as set forth above, we will generally inform the Customer in writing of the reasons for such extension and of the time by which we will respond to the request (except where we are not required to do so under the Applicable Laws).

Customers may, at any time they wish, also request to withdraw their consent for the Company to collect, use or disclose their Personal Information for any purposes by contacting us in the manner set forth in “6. Contact Us” below. In some cases, withdrawing consent may hinder the Company’s ability to facilitate, process, administer, provide, or maintain services to the requester. In some cases, we may continue to collect, use or disclose Personal Information if we have the legal right to do so.
Customers may exercise their rights before and after the Company discloses their Personal Information to third parties in accordance with “(3) Provision and Cross-Border Transfer of Personal Information” if this is permitted under the Applicable Laws. Upon receipt of a Customer’s written request to withdraw their consent, we may require reasonable time for the request to be processed and for us to notify the Customer of the outcome, including any legal consequences which may affect such Customer’s rights and our liabilities. In general, we shall seek to process any such request within twenty (20) days of receiving it.

(5) Filing a Complaint

Customers may have the right to complain to their local data protection authority, or to a court of law, if their data protection rights are violated under the Applicable Laws. They may also be entitled to claim compensation for damage or distress incurred or suffered in consequence of the unlawful processing of their Personal Information.

2. Security Measures

We have established a management system and implemented appropriate security measures to protect Personal Information from unauthorized access, loss, destruction, falsification, leakage, etc., and to ensure the accuracy and safety of Personal Information. In addition to restricting the entry of unauthorized persons into the office where we process Personal Information and conducting educational activities for all directors, employees, and other staff involved in the protection of Personal Information, we will appoint a person responsible for the management of Personal Information and strive to manage Personal Information in a suitable manner. For details of the security measures taken by the Company, please contact us as shown in “6. Contact Us” below.

3. Retention Period

We will retain Personal Information for those periods necessary to fulfil the purposes of processing the same, unless a longer retention period is required or permitted under the Applicable Laws. If we no longer need Personal Information in order to fulfill such purposes, we will delete the Personal Information from our databases or anonymize the same in accordance with the Applicable Laws.

4. Continuous Improvement

We will continuously review and improve our efforts to protect Personal Information in response to changes in the Applicable Laws, processing methods, and changes in business circumstances.

5. Changes to Supplementary Provisions

We may change all or any part of these Supplementary Provisions without prior notice, as a result of changes to any law or regulation, changes to our operating policies, or other circumstances. Customers are therefore requested to refer to the latest version of these Supplementary Provisions. Any particularly important changes to these Supplementary Provisions will be announced on our website.

6. Contact Us

If Customers wish to make any complaints or consultations concerning the Company’s handling of Personal Information, they should make contact as set forth below:

Contact Information:
Yom Co., Ltd.
2-34-17, Sumitomo Realty & Development Harajuku Building 16F, Jingumae, Shibuya-ku, Tokyo, 150-0001, Japan
https://www.us.marlmarl.com/pages/contact

Annex to Supplementary Provisions Regarding the Handling of Personal Information Outside Japan

Any and all of our processing of the Personal Information of Customers residing in the state of California, United States, shall be handled according to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”) and be subject to the aforementioned Privacy Policy, Supplemental Provisions and these annex provisions (these “Annex Provisions”). If there is any difference between the provisions of these Annex Provisions and the Supplementary Provisions or the Privacy Policy, the provisions of these Annex Provisions shall prevail.

1. Personal Information We Collect from Customers

The categories of Personal Information we have collected in the past twelve (12) months are as follows. We obtain this Personal Information when Customers register or make changes on our website, etc.

Categories of Personal Information Examples
A. Identifiers Name, address, postal code, telephone number, e-mail address, and other contact information the Customers provide us in using the services, etc.
B. Personal Information categories listed in the California Consumer Records statute (Cal. Civ. Code § 1798.80) Name, address, telephone number, credit or debit card number, etc.
D. Protected classification characteristics under California or federal law Gender
E. Commercial information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consumption history or tendencies
F. Internet or other electronic network activity information Usage Data (browsing history, search history, etc.)
G. Geolocation data. None
H. Audio, electronic, visual, thermal, olfactory, or similar information Voice data
I. Professional or employment-related information None
J. Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99) None
K. Inferences drawn from any of the information identified in this subdivision to create a profile about a Customer reflecting the Customer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. None
L. Sensitive personal information (Cal. Civ. Code § 1798.140(ae) (“Sensitive Personal Information”)) Credit or debit card number

2. Purpose of Collecting and Processing of Personal Information

The Personal Information provided to us will be used within the scope of our business purposes set out below:

  • To provide services to registered members and enable their efficient use thereof;
  • To process and administer Customers’ personal accounts and register for services;
  • To send products that the Customers order or apply for;
  • To process payments.
  • To provide information regarding the Company’s services and other products, etc. through direct mail or email, etc.
  • To conduct research and analysis through questionnaires in order to improve our existing services, develop our new services, and maximize Customer satisfaction, etc.;
  • To improve or upgrade services or develop new services for our website or for various other online services;
  • For use in the event there is a need to maintain or acquire personal data to fulfill a legal obligation borne by the Company;
  • When responding to requests from the government or investigative agencies.
  • To properly respond to and manage inquiries received from Customers; and
  • To otherwise carry out the Company’s business in a smooth and proper manner.

3. Retention Period

We keep Customers’ Personal Information for a reasonably necessary period for achieving the purpose for which the Personal Information was collected. Such period shall be determined by: (i) the length of time we have an ongoing relationship with the Customers; (ii) whether there is any legal obligation to which we are subject; and (iii) the purpose for which we collect the Customers’ Personal Information.

4. Disclosure of Personal Information

We disclose Customers’ Personal Information to service providers or contractors only within the scope necessary for fulfilling the outsourced business. In such case, we carefully select the service providers and contractors, conclude necessary data processing agreements with them, and periodically monitor how they handle Personal Information.

5. Sharing and Sale of Personal Information

At times, we will share Customers’ Personal Information with third parties at the Customers’ request or to fulfill requests that the Customers make to us.

6. Customers’ Rights

Under the provisions of the CCPA, Customers have the following rights regarding their Personal Information that we collect. The following parts of this section describe our Customers’ rights and explain how to exercise those rights under the CCPA.

(1) Right to request disclosure of specific information

Customers have the right to request disclosure of the following information regarding the Personal Information that we have collected. We shall disclose the following information to Customers after confirming that the received requests have been made by the Customers themselves:

  • Categories of Personal Information that we have collected;
  • Categories of sources from which Personal Information is collected;
  • Business or commercial purposes for which Personal Information is collected, shared or sold;
  • Categories of third parties to whom we disclose Personal Information;
  • Specific pieces of Personal Information collected from Customers;
  • Categories of sold or shared Personal Information categorized by categories of third parties to whom the Personal Information was sold or shared; and
  • Categories of Personal Information disclosed for business purposes

(2) Right to request deletion of Personal Information

Customers have the right to request the deletion of their Personal Information that we collect from Customers and retain, except when it needs to be retained to fulfill agreements with Customers or for compliance with legal obligations or for certain other purposes as required by the CCPA. We shall delete the Personal Information from our records and instruct the same to our service providers or contractors after confirming that the received requests have been made by the Customers themselves.

(3) Right to request correction of Personal Information

Customers have the right to request the correction of inaccurate Personal Information that we collect from Customers and retain, taking into account the nature of the Personal Information and the purposes of the processing of Personal Information. We will correct the inaccurate Personal Information and instruct the same to our service providers or contractors after confirming that the received requests have been made by the Customers themselves. We may deny the received requests if we determine that the contested Personal Information is more likely than not accurate based on the totality of the circumstances.

(4) Right to limit use and disclosure of Sensitive Personal Information

Customers have the right to request to direct the Company, as a collector of Sensitive Personal Information about the Customers, to limit the Company’s use of the Customers’ Sensitive Personal Information to the following extent:

  • To perform the services or provide the goods reasonably expected by an average Customer who requests those goods or services;
  • To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted Personal Information;
  • To resist malicious, deceptive, fraudulent, or illegal actions directed at the Company and to prosecute those responsible for those actions;
  • To ensure the physical safety of natural persons;
  • To provide short-term, transient use, including, without limitation, non-personalized advertising shown as part of a Customer’s current interaction with the Company, provided that the Personal Information is not disclosed to another third party and is not used to build a profile about the Customer or otherwise alter the Customer’s experience outside the current interaction with the Company;
  • To perform services on behalf of the Company;
  • To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by the Company, and to improve, upgrade, or enhance the product, service or device that is owned, manufactured by, manufactured for, or controlled by the Company; or
  • To collect or process Sensitive Personal Information where such collection or processing is not for the purpose of inferring characteristics about the Customer

(5) Right not to be discriminated against

We do not discriminate against Customers or engage in any of the following conduct as a result of Customers exercising their rights based on the CCPA:

  • Refuse to provide services and products to Customers;
  • Impose different prices for the services and products provided to Customers (including the application of discounts, rebates or other benefits or the imposition of penalties);
  • Provide services and products of different levels or quality to Customers;
  • Suggest the provision of services and products at different prices, charges, levels, or quality to Customers; or
  • Retaliate against an employee, applicant for employment, or independent contractor

7. Contact Us

If Customers wish to make any complaints or consultations concerning the Company’s handling of Personal Information, they should make contact as set forth below:

Contact Information:
Yom Co., Ltd.
2-34-17, Sumitomo Realty & Development Harajuku Building 16F, Jingumae, Shibuya-ku, Tokyo, 150-0001, Japan
https://www.us.marlmarl.com/pages/contact

Customers may make requests pertaining to their Personal Information through an agent by authorizing someone registered with the California Secretary of State to act on their behalf, or through a person who has power of attorney or is acting as a conservator for the Customer, by providing us with a document certifying this. Customers who are minors can also make the request through their guardians as their agent.

The following requirements must be met in order for us to determine that requests have been legitimately made by the Customers themselves:

  • The requester must provide sufficient information so that we can reasonably verify that the requester is the Customer from whom the Personal Information was collected or an agent authorized by the Customer; and
  • The requester shall explain the necessary details of the Customer’s request in a way such that we can appropriately understand, evaluate, and respond to the request

Issued: July 18, 2024