Privacy policy

Privacy Policy

Last updated: April 10, 2026

1. Introduction

MidoriWorks ("we," "us," "our") is a sole trader business based in Japan, operating this online store. We are committed to protecting your personal information in compliance with Japan's Act on the Protection of Personal Information (APPI) and, where applicable to customers in the European Union or European Economic Area, the General Data Protection Regulation (GDPR).

2. Personal Information We Collect

When you visit or make a purchase from our store, we may collect the following information:

  • Contact information: name, email address, phone number
  • Order information: billing and shipping address, items purchased, order history
  • Payment information: payment card details are processed securely by our payment providers and are not stored by us
  • Account information: login credentials if you create an account
  • Device and usage data: IP address, browser type, pages visited, referring URLs, and browsing behaviour on our store
  • Communications: messages you send us via contact forms or email

3. Purpose of Use (APPI Article 18)

We use your personal information for the following purposes:

  • Processing and fulfilling your orders, including payment and shipping
  • Communicating with you regarding your orders, inquiries, and customer support
  • Sending marketing communications where you have provided consent
  • Improving our store, products, and services
  • Preventing fraud and maintaining the security of our store
  • Complying with applicable legal and regulatory obligations

We will not use your personal information for any purpose beyond those listed above without first notifying you and, where required, obtaining your consent.

4. Legal Basis for Processing (GDPR — EU/EEA Customers)

For customers located in the EU or EEA, we process your personal data on the following legal bases:

  • Contract performance: to process your orders and manage your account
  • Legitimate interests: fraud prevention, store improvement, and direct marketing to existing customers
  • Consent: for marketing emails — you may withdraw consent at any time by clicking "unsubscribe" in any email or contacting us directly
  • Legal obligation: to comply with applicable laws, such as tax and accounting requirements

5. Sharing Your Information

We do not sell or rent your personal information to third parties. We share your information only as described below:

Payment Processors

We use Shopify Payments and PayPal to securely process payments. Your payment details are transmitted directly to these providers and are never stored by us. Please review their privacy policies for more information:

Shipping Partners

To fulfil and deliver your orders, we share your name and delivery address with third-party shipping carriers. Carriers used may include Japan Post, DHL, FedEx, EMS, and other carriers available through our shipping platform. These carriers process your data solely for the purpose of delivery.

Shopify Platform

Our store is built on and hosted by Shopify Inc. Shopify acts as a data processor on our behalf and processes certain customer data as part of providing our e-commerce platform. For more information, see the Shopify Privacy Policy.

Other Service Providers

We may share data with trusted service providers who assist us in operating our store (such as analytics tools). All such providers are bound by confidentiality obligations and are not permitted to use your data for their own purposes.

6. Cookies and Tracking Technologies

Our store uses cookies and similar technologies for the following purposes:

  • Maintaining your shopping cart and session state
  • Processing payments securely
  • Analysing store traffic and usage patterns
  • Providing a personalised shopping experience

You can control or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our store, such as the ability to complete a purchase.

7. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes described in this policy. Specifically:

  • Order records: retained for 7 years in accordance with Japanese commercial law (Commercial Code, Article 19)
  • Account data: retained while your account is active and for a reasonable period thereafter
  • Marketing consent records: retained until you withdraw consent
  • Browsing and usage data: typically retained for up to 26 months

You may request deletion of data that is not subject to a legal retention obligation at any time by contacting us.

8. International Data Transfers

MidoriWorks is based in Japan. If you are located in the EU or EEA, your personal data will be transferred to and processed in Japan. The European Commission has recognised Japan as providing an adequate level of data protection, meaning your data is protected to a standard equivalent to the GDPR.

Your data may also be processed by our service providers (Shopify, PayPal, shipping carriers) in their respective countries of operation, subject to appropriate safeguards.

9. Your Rights

Under Japan's Act on the Protection of Personal Information (APPI)

You have the right to:

  • Request disclosure of the personal information we hold about you
  • Request correction of any inaccurate or incomplete information
  • Request deletion of your personal information (where not subject to a legal retention requirement)
  • Request that we suspend use or third-party provision of your personal information

Under GDPR (EU/EEA Customers)

In addition to the above, if you are located in the EU or EEA, you have the right to:

  • Access: obtain a copy of the personal data we hold about you
  • Rectification: have inaccurate data corrected
  • Erasure: request deletion of your personal data ("right to be forgotten")
  • Restriction: request that we limit how we process your data in certain circumstances
  • Data portability: receive your data in a structured, commonly used, machine-readable format
  • Objection: object to processing based on legitimate interests or for direct marketing purposes
  • Withdraw consent: withdraw any consent you have given at any time, without affecting the lawfulness of processing before withdrawal

To exercise any of these rights, please contact us using the details in Section 12. We will respond to your request within 30 days.

If you are located in the EU/EEA, you also have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your data in accordance with the law.

10. Children's Privacy

Our store is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our store following any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or wish to exercise your rights regarding your personal information, please contact us:

MidoriWorks
Japan
Email: info@midoriworks.com

We aim to respond to all inquiries within 5 business days.