Privacy Policy
Beauty Pro Japan is an online store operated by SLWB.JP.Co.,Ltd, registered in Azabu-juban, Minato-ku, Tokyo, Japan. We comply with the Japanese Act on the Protection of Personal Information (APPI) and, for processing data of EU residents, with the EU General Data Protection Regulation (GDPR). This policy explains what personal data we collect, how we use it, with whom we share it, and what rights you have.
1. Data Controller
The data controller is SLWB.JP.Co.,Ltd, registered office in Azabu-juban, Minato-ku, Tokyo, Japan. For any privacy-related inquiries, email contact@beautyprojapan.com with the subject line “Privacy request”.
2. Data We Collect
When you create an account or place an order we collect: full name, shipping address, email address, phone number, country and region. At checkout Stripe (our payment processor) collects payment details — card number, expiration date, CVC. This data is sent directly to Stripe over an encrypted connection and is not stored on our servers. We also automatically collect technical data: IP address, browser and device type, referrer, request timestamps — needed for security and abuse prevention.
3. Purposes and Legal Bases
We process your data for the following purposes: (a) performance of a contract — order processing and delivery, invoicing, order support (legal basis: contract performance, GDPR Art. 6(1)(b)); (b) compliance with legal obligations — tax reporting, accounting, responses to lawful government requests (GDPR Art. 6(1)(c), Japan Companies Act, Japanese tax law); (c) legitimate interests — fraud prevention, site security, analytics to improve our service (GDPR Art. 6(1)(f)); (d) your consent — if we ever launch a newsletter, it will be sent only with explicit consent that you can withdraw at any time (GDPR Art. 6(1)(a)). We do not use your data for advertising profiling and we do not sell it to third parties.
4. Who We Share Data With
We share your data with a limited set of vetted partners, each bound by a data protection agreement: (a) Stripe Payments Japan K.K. and Stripe, Inc. (USA) — payment processing; (b) Japan Post Co., Ltd. and its affiliated carriers (EMS, ePacket Light, Surface Mail, FedEx) — delivery, including handover of the shipping address to the destination country’s postal service; (c) cloud infrastructure providers — website and database hosting; (d) government authorities — only in response to a valid lawful request. We do not share data with advertising networks, data brokers or social platforms.
5. International Data Transfers
Because we ship orders worldwide, your data crosses national borders. Storage servers are located in Japan and the European Union. Stripe processes payments in the United States and Japan. The shipping address is handed over to the postal service of the destination country. For transfers from the European Economic Area we rely on the Standard Contractual Clauses adopted by the European Commission. Japan has been recognised by the European Commission as providing an adequate level of data protection (adequacy decision of 23 January 2019).
6. Retention
We retain personal data only as long as necessary for the purposes for which it was collected: (a) account data — while the account is active, plus 12 months after the last activity; (b) order and invoice data — 7 years from the invoice date (required by Japanese tax law); (c) technical logs — up to 90 days; (d) data given with consent (e.g. newsletter) — until consent is withdrawn. After the retention period, data is either permanently deleted or anonymised.
7. Security
We apply technical and organisational measures appropriate to the risk: TLS 1.2/1.3 for traffic encryption, database encryption at rest, regular backups, access logging, role-based access on a least-privilege basis. We do not store payment data — it goes directly to Stripe (PCI DSS Level 1). In the event of a personal data breach we notify the PPC (Personal Information Protection Commission of Japan) and, where applicable, the relevant EU supervisory authority within 72 hours, and we notify affected users.
8. Cookies
We use only strictly necessary cookies without which the site cannot function: cart state, language, currency and region preferences, session authentication. These cookies do not require separate consent under the ePrivacy Directive. Third-party tracking cookies, advertising pixels and consent-requiring analytics are not used on this site. You can disable cookies in your browser settings — some features (cart, authentication) will then stop working.
9. Your Rights
You have the right to: (a) request a copy of your personal data; (b) correct inaccurate or incomplete data; (c) request erasure (“right to be forgotten”); (d) restrict or object to processing; (e) receive your data in a machine-readable format (data portability); (f) withdraw previously given consent at any time; (g) lodge a complaint with a supervisory authority — PPC (Japan, www.ppc.go.jp), the European Data Protection Board or your local EU DPA, Roskomnadzor (Russia), or the relevant authority in your jurisdiction. To exercise these rights email contact@beautyprojapan.com with the subject line “Privacy request”. We will respond without undue delay and no later than 30 calendar days.
10. Children
This site is not intended for users under 16. We do not knowingly collect personal data from children. If you are a parent or guardian and learn that a child has provided us with their data, contact contact@beautyprojapan.com and we will delete it.
11. Changes to this Policy
We may update this policy to reflect changes in our practices or in the law. The effective date is always shown at the bottom of this page. We will notify registered users by email and via an on-site banner about material changes at least 14 days before they take effect.
Account deletion
To delete your account and all associated personal data, email contact@beautyprojapan.com with the subject line “Account deletion request”. We will delete the account and associated data within 14 calendar days, except data we are required to retain by law (invoices — 7 years).
Effective date: 6 June 2026.