TO Books, Inc. (the “Company”) handles Customers’ personal information acquired in relation to the following services operated by the Company (the “Services”) in accordance with the Act on the Protection of Personal Information of Japan (the “APPI”) and this Service Privacy Policy (this “Privacy Policy”):

1. Acquisition of Personal Information

The Company will acquire the following types of Customers’ personal information within the scope necessary to achieve the purposes set out in “2. Purposes of Use of Personal Information”.

1. Information Acquired Upon Membership Registration and Purchase of Goods
   When a Customer registers for membership in the Services or purchases any printed books, e-books or any other goods, the Company will request the Customer to provide the following types of personal information:
   1. a）Information regarding the Customer, such as their name, address, phone number, email address and password;
   2. b）Information regarding the details of their order, such as ordered goods and wrapping methods;
   3. c）Information regarding their payment, such as payment methods and coupons to be used (*); and

      *For the payment of the purchased goods in the Services, cash-on-delivery (C.O.D.) or convenience store payment, as well as external online payment services are available. If a Customer uses any online payment service, any payment information, such as the credit card information, input by the Customer, will be directly sent to the online payment service of the Customer’s selection, and the Company will not acquire such information.

   4. d）Information regarding the delivery, such as information on the delivery destination and the desired time and date of delivery.
2. Information Acquired Upon Registration for Newsletters
   When a Customer registers for the Services’ newsletters, the Company will acquire the Customer’s email address. Customers may register for and unsubscribe from the newsletters via this webpage.
3. Information Acquired Automatically When Using the Services
   When a Customer uses the Services, the Company will acquire the following information in an automatic manner. The Company may link such information with the Customer’s other registered information and use such information as personal information.
   1. a）Status of use of the Services (including goods browsing history and goods information in the cart);
   2. b）Referrer’s information (any information on the webpage browsed immediately before visiting the Services’ websites);
   3. c）IP addresses, cookie IDs, and any other online identifiers;
   4. d）Approximate location information; and
   5. e）Device setting information, types and versions of browsers/OS and other device information.
4. Other Information
   In addition to the information listed above, the Company will acquire any personal information that Customers voluntarily provide for the Company in relation to the Services, including any information regarding the Customer’s inquiries or responses to various questionnaires upon membership registration or purchase of goods.

2. Purposes of Use of Personal Information

The Company will use Customers’ personal information for the following purposes:

1. Operating and Improving the Services
   The Company will use Customers’ personal information so that they are able to use each service, including purchasing goods, registering for membership, and receiving newsletters. This includes the personalization of services dependent on each Customer’s status of use of the Services, such as by changing the goods to be displayed for each Customer. Furthermore, the Company will use Customers’ personal information for the purposes of improving the Services’ functionality and the development of new features, as well as for security purposes, including detecting any unauthorized use.
2. Distributing Advertisements and Providing Information on Goods and Campaigns
   The Company uses Customers’ personal information in order to distribute advertisements inside and outside the Services and/or provide any information regarding goods, coupons, campaigns, etc., to Customers. This includes analyzing Customers’ interests, and the like, through each Customer’s status of use of the Services, or otherwise, and distributing advertisements and providing information according to the results of the analysis.
3. Requesting Cooperation with Questionnaires
4. Sending Out Prizes and Gifts
5. Responding to Customers’ Inquiries
6. Planning, Developing and Improving the Company’s Goods/Services
7. Preparing Statistical Information
   The Company is free to use, announce and provide the prepared statistical information.
8. Achieving Any Other Purposes Separately Notified to Customers upon Acquisition of Personal Information

3. Provision of Personal Information to Third Parties

The Company will not provide any Customer’s personal information to any third parties without such Customer’s prior consent, except for in the following events:

1. Where the handling of personal information is entrusted to such third parties;
2. Where any personal information is provided incidental to any merger or other form of business succession;
3. Where such provision is necessary for the investigation and/or prevention of any unauthorized use, and the like, or where such provision is necessary in order to protect the Company’s or other third parties’ rights and interests; or
4. Where such provision is required based on the laws and regulation, or such provision of the personal information is otherwise permitted by the APPI.

4. Provision of Personal Information to Advertising Distributors

The Company uses the status of use of the Services by the Customers and other personal information of the Customers retained by the Company, to distribute online advertisements, analyze and measure advertising effects, analyze Customers’ interests, and attributes, etc. As part of these activities, the Company may provide the personal information of Customers who have consented to this Privacy Policy to advertising distributors and other companies providing advertising-related services, or companies providing data analysis services (collectively, the “Advertising Distributors”).

Furthermore, such personal information to be provided from the Company to Advertising Distributors will be limited to information with which any specific Customer cannot be identified on its own, such as hashed email addresses; provided, however, that the Advertising Distributors are able to know further information (such as that the Customer is a user of the Advertising Distributors’ online services [e.g. social media sites]) by collating the received information with any data retained by themselves.

5. Personal Information Retention Period

The Company will retain any personal information within the scope necessary to achieve the purposes of use and will erase any personal information that is no longer necessary, without delay; provided, however, that the Company is entitled to continue to retain personal information if such retention is required by the laws and regulations.

6. Security Control of Personal Information

The Company will take any security control measures, including various organizational, personal, physical and technological actions, necessary and appropriate to protect the Customers’ personal information from leakage, loss and damage due to unauthorized access, etc., and any other risks. In addition, the Company may entrust the handling of the Customers’ personal information to third parties within the scope necessary to achieve the purposes set out in “2. Purposes of Use of Personal Information”. In such cases, the Company will confirm in advance that such entrusted parties are taking appropriate security control measures and will supervise such entrusted parties’ handlining of the Customers’ personal information in an appropriate manner. Those who wish to know more about the security control measures taken by the Company are advised to make contact as set out in “11. Contact Point”.

7. Requests for Disclosure of Personal Information

Customers are entitled to request the Company to disclose, correct, add, delete, suspend the use of, erase, and/or suspend the provision to third parties, their own personal information, pursuant to the provisions of the APPI. Customers who wish to make such request are advised to make contact as set out in “11. Contact Point” by mail, enclosing a document setting out such Customer’s name, contact address, and the details of such request, as well as a document proving that the Customer him/herself made such request (a copy of a driver’s license, passport, etc.). After confirming that such request was made by the Customer him/herself, the Company will respond to the same in compliance with the APPI, without delay.

Any membership registration information may be changed or corrected on the account management screen of each service. Procedures for unsubscribing from newsletters are available via this webpage.

8. Information Transmission from Devices / Use of Cookies

When Customers use the Services, information about them and their devices will be transmitted from their devices to the Company and external businesses authorized by the Company. The information the Company collects is as described in “c. Information Acquired Automatically When Using the Services” of “1. Acquisition of Personal Information.” The Company uses such information for purposes such as operating and improving the Services, providing convenient features to Customers, measuring and analyzing status of use, and distributing advertisements. Information collected by external businesses will generally be handled under the responsibility of those external businesses in accordance with their respective privacy policies. For details on information transmission to external businesses when using “コロナEX” or “CORONA EX”, please see the following page.

Cookies may be used in the Services. Cookies are small files stored in the devices of the Customers who visit websites and are used so that the web server can communicate information with the Customers’ internet browsing software (browser) when the Customer visits the website. Using cookies enables the Company and any third parties authorized by the Company to identify the Customers’ browsers through which the Customers accessed the websites of the Services and collect the Customers’ behavioral history within the Services. Customers are able to reject the use of cookies by changing their browser settings; provided, however, that if a Customer rejects the use of cookies, some features of the Services may not be available in a normal way.

In addition, part of newsletters distributed by the Company uses a technology called web beacon, which might acquire from each Customer their access status from links in such emails, and other information.

<Use of Google Analytics>
The Services use Google Analytics. Google Analytics uses cookies to collect Customers’ behavioral history, and the like, within the Services. The explanation of the use of such information collected through Google Analytics is available on Google LLC’s website. For the avoidance of doubt, the information collected through Google Analytics does not contain any information with which a Customer may be identified.

9. Links to External Websites

The Services may contain links to external websites operated by third parties. Customers are advised to be aware that the Company will not take any responsibility for the handling of Customers’ personal information on such external websites.

10. Use of SSL / TLS

When Customers input their personal information, such as their passwords, in the Services, the Company uses SSL (Secure Sockets Layer) / TLS (Transport Layer Security) technology in order to ensure security.
* SSL/TLS is a technology which encrypts information so as to prevent the interception or fabrication of data upon its transmission. Using SSL/TLS enables the secure transmission of information.

11. Contact Point

Any inquiries, complaints, etc., with regard to the Company’s handling of personal information are welcome at the following contact point:

<Contact Point>
Personal Information Contact Point
TO Books, Inc.
11th Floor, PMO Shibuya II, 3-1-1 Shibuya, Shibuya-ku, Tokyo, Japan
150-0002

Inquiries via web forms are available here.

12. Changes in Privacy Policy

When the Company changes this Privacy Policy due to change in the personal information to be acquired or the purposes of use, amendment of laws and regulations, or for any other reason, the Company will announce such fact via methods the Company deems appropriate, such as posting a notice in the Services and providing notification by email. For the avoidance of doubt, if the laws and regulations require Customer consent for such changes, such changes shall take effect only for those Customers who have consented to the same.

Established on November 1, 2023
Revised on April 1, 2024