Privacy Policy

Personal Information Protection Policy

Colorkrew Inc. (hereinafter “the Company”) recognizes the appropriate management and protection of information as one of the most critical priorities in its management and business operations, and implements the following measures.

1. Establishment of a Personal Information Protection Management System

The Company shall establish, implement, maintain, and continually improve a Personal Information Protection Management System (a management system encompassing policies, organizational structure, planning, implementation, operational review, and improvement for the protection of personal information) in accordance with JIS Q 15001.

2. Use and Provision of Personal Information

The Company shall establish an organizational management framework for personal information protection that takes into account the nature and scale of its business. In collecting, using, and providing personal information, the Company shall comply with established internal rules and regulations, refrain from using personal information beyond its stated purposes, and take sufficient measures to ensure appropriate handling.

3. Compliance with Laws and Regulations

The Company shall comply with applicable laws, government-issued guidelines, and other norms relating to the handling of personal information, and shall ensure that its Personal Information Protection Management System conforms to such laws and other norms.

4. Security Management Measures

The Company shall implement necessary and appropriate organizational, human, physical, and technical measures for the security management of personal information, and shall take action to prevent and correct any leakage, loss, or damage of personal information.

5. Response to Complaints and Inquiries

The Company shall respond to complaints and inquiries regarding personal information in an appropriate and prompt manner, and shall endeavor to resolve any issues.

The above constitutes our commitment.

Established: October 1, 2004
Last Revised: March 5, 2025
Colorkrew Inc., President & CEO: Keishi Nakamura

Handling of Personal Information

1. Scope of Personal Information

The Company handles the following information as personal information.

(1) Information collected during site visits

  • Information collected from devices, including device identification numbers
  • Location information and IP addresses
  • Information obtained via cookies, web beacons, and similar technologies
  • Information obtained through advertising tracking and similar means

(2) Information collected through inquiries and use of our services

  • Name
  • Email address
  • Phone number (optional)
  • Company name
  • Department (optional)
  • Job title (optional)
  • Date of birth (optional)
  • Payment information
  • Any other information provided in connection with the use of our services

2. Collection of Personal Information

The Company collects personal information when customers submit inquiries, visit our website, or use our services. The Company specifies the purposes of use as precisely as possible, and handles personal information only within the scope of those purposes, except where prior consent has been obtained from the customer or where exceptions are provided by law.
The Company collects personal information through legitimate means, and, except where exceptions are provided by law, either announces the purposes of use in advance or notifies or announces them to the customer promptly after collection. Where personal information is collected directly from the customer in written form (including electromagnetic records), the purposes of use shall be disclosed in advance.

3. Purposes of Use of Personal Information

The Company uses the personal information it collects for the following purposes.

(1) Information collected during site visits

  • Access analysis
  • Optimization of advertising delivery

(2) Information collected through inquiries and use of our services

  • To respond to inquiries, send related materials, and manage correspondence
  • To provide each service (including demo experiences)
  • To process billing and deliver goods for paid services
  • To send important notices regarding each service
  • To investigate and analyze the usage status of each service
  • To verify identity and respond in cases of fraud or other misconduct within each service
  • To consider improvements to existing services and the development of new services
  • To process application registrations and send invitation emails for each service
  • To fulfill contractual obligations
  • To deliver service information, updates, and other information that may be of benefit to customers, including email newsletters
  • To send greetings, thank-you notes, and similar correspondence
  • To provide information about seminars, exhibitions, and other events organized, co-organized, or sponsored by the Company

4. Voluntary Nature of Providing Personal Information and Consequences of Non-Provision

The provision of personal information to the Company is voluntary. However, please note that if personal information is not provided, the Company may be unable to provide some or all of its services.

5. Transmission and Storage of Personal Information

The Company stores collected personal information on servers or cloud services with appropriate access controls in place.

6. Security Management Measures

To prevent leakage, loss, or damage of personal information and to otherwise ensure its security, the Company implements the following measures.

  • Organizational security management measures: The Company establishes internal rules and regulations for the handling of personal information, builds a management framework, and continuously reviews and improves handling practices.
  • Human security management measures: The Company provides regular education and training for employees who handle personal information and enforces confidentiality obligations.
  • Physical security management measures: The Company implements access controls for areas where personal information is handled and takes measures to prevent theft or loss of equipment and electronic media.
  • Technical security management measures: The Company implements technical measures including access controls, protection against unauthorized access, and encryption to prevent unauthorized access to personal information.

7. Outsourcing and Overseas Handling of Personal Information

To facilitate smooth business operations, the Company may outsource part of its operations to external contractors and provide personal information to such contractors to the extent necessary. In such cases, the Company selects contractors that meet its established standards, enters into agreements governing the handling of personal information, and exercises appropriate supervision.
At present, all cases in which the Company provides personal data to third parties fall under the category of outsourcing and do not constitute “provision to a third party in a foreign country” as stipulated in Article 28 of the Act on the Protection of Personal Information. Should the Company in the future provide personal data to a third party in a foreign country for purposes other than outsourcing, it will first revise this Privacy Policy and carry out the procedures required by law, including obtaining customer consent where required.

Use of Cloud Services and Overseas Data Storage

The Company uses cloud services in its operations, and as a result of the nature of these services, customers’ personal data may be stored on servers located outside Japan. The cloud service providers used by the Company are contractually prohibited from handling the Company’s personal data on their own behalf; accordingly, it is the Company itself that handles personal data in the relevant foreign country. In light of this, the Company implements the following measures pursuant to Article 23 of the Act on the Protection of Personal Information.

  • The Company enters into data processing agreements or data protection addenda with the cloud service providers it uses, thereby ensuring contractually that personal data is not used for any purpose other than as instructed by the Company.
  • The Company confirms, both at the time of selection and on a periodic basis, that the cloud service providers it uses hold internationally recognized security certifications such as ISO/IEC 27001 and that appropriate security management measures are in place.
  • The countries in which data is stored on servers may not be limited to a specific country, depending on the service in question. With respect to the personal information protection frameworks of the countries and regions where data may be stored, the Company endeavors to maintain an ongoing understanding by referring to the surveys on personal information protection systems in foreign countries published by the Personal Information Protection Commission of Japan and other relevant resources.

For information on personal information protection systems in each country and region, please refer to the publicly available information published by the Personal Information Protection Commission of Japan (https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/#gaikoku). If you have any questions regarding the above, please contact the Personal Information Complaints and Consultation Desk listed below.

8. Disclosure and Provision to Third Parties

Except when outsourcing to contractors as described in “Outsourcing of Personal Information” above, the Company will not disclose or provide personal information to third parties unless one of the following conditions applies.

  • Where the consent of the individual concerned has been obtained
  • Where the information is disclosed or provided in a form that does not allow identification of any individual, such as statistical data
  • Where disclosure or provision is required by law
  • Where it is necessary to protect the life, body, or property of an individual and it is difficult to obtain the consent of the individual concerned
  • Where cooperation with a national or local government body in the performance of its statutory duties is necessary and obtaining the consent of the individual concerned would be likely to impede the performance of such duties

The Company uses cookies on its websites to protect customers’ privacy and to improve convenience. The Company may also use technologies such as cookies and JavaScript to collect users’ browsing history within its websites (including accessed URLs, content, and order of access). Please note that cookies themselves do not contain any personally identifiable information.
Cookie settings can be reviewed in your browser’s “Help” menu. Cookies can be deleted by selecting the “reject all cookies” setting; however, please note that certain services requiring authentication may become unavailable as a result.

Third-Party Analytics and Advertising Services

The Company uses cookies, web beacons, and similar technologies provided by the following third-party services to understand usage and to optimize advertising delivery. These services may directly collect information, and any information collected is managed in accordance with each provider’s privacy policy.

  • Advertising optimization: Google AdSense, Google Ads (formerly Google AdWords), Google Ad Exchange (formerly Google DoubleClick), Yahoo! Ads
  • Measuring unique users: Google Analytics

Third-party advertising service providers, including Yahoo Japan Corporation, may use cookies and similar technologies to collect and use information about users’ website visits and browsing behavior for advertising purposes. Users may opt out of such use of their browsing information through the opt-out mechanisms provided by each respective third-party provider. Please refer to each provider’s privacy policy for further details.

10. Use by Children

Our services are not directed at children under the age of 16. Children below the applicable age limit should not use our services or provide personal information to the Company. Parents or guardians who become aware that a child has provided personal information to the Company are requested to contact the Personal Information Complaints and Consultation Desk below.

11. Response in the Event of a Data Breach

In the event of a leakage, loss, damage, or any other incident affecting the security of personal information, the Company shall, in accordance with the Act on the Protection of Personal Information and related guidelines, promptly confirm the facts of the matter, take measures to prevent the spread of harm, notify the individuals concerned where required or placing the relevant information in a state where it is accessible to them, and report to the Personal Information Protection Commission of Japan, among other appropriate responses.

12. Requests for Disclosure and Other Actions Regarding Personal Information

Customers may request notification of the purposes of use, disclosure, correction, addition or deletion of content, suspension of use, erasure, suspension of provision to third parties, and disclosure of records of third-party provision with respect to their personal information held by the Company. To make such a request, please contact the Personal Information Complaints and Consultation Desk below. The Company will verify the identity of the requester and respond within a reasonable period and scope. Please note that the Company may be unable to comply with certain requests in accordance with applicable laws and regulations.

13. Ongoing Review of Personal Information Handling

The Company will periodically review its handling of personal information and retained personal data and make improvements as necessary.

14. Personal Information Protection Manager

Chief Personal Information Protection Officer: Director, Toshiki Maezawa
(For contact details, please see the “Personal Information Complaints and Consultation Desk” below.)

15. Personal Information Complaints and Consultation Desk

Colorkrew Inc. — Personal Information Consultation Desk
5F Sumitomo Fudosan Ueno Okachimachi Building, 3-7-1 Motoarekusa, Taito-ku, Tokyo 111-0041, Japan
E-mail: privacy@colorkrew.com

※ If you reside in an EU member state, Iceland, Liechtenstein, or Norway and are subject to the GDPR, please contact the above desk to exercise your rights under the GDPR. If your matter is not handled appropriately, you may lodge a complaint with the relevant supervisory authority.

16. Recognized Personal Information Protection Organization and Contact for Complaints

The Company is a member business of the following recognized personal information protection organization. Complaints regarding the Company’s handling of personal information may also be submitted to this organization for resolution.
The name of the recognized personal information protection organization and the contact for resolution of complaints are as follows.

Name of recognized personal information protection organization and contact for resolution of complaints

Japan Institute for Promotion of Digital Economy and Community (JIPDEC)
Recognized Personal Information Protection Organization Secretariat

Address
Roppongi First Building, 1-9-9 Roppongi, Minato-ku, Tokyo 106-0032, Japan

Phone
03-5860-7565 / 0120-700-779

※ This contact is not for inquiries regarding the Company’s products or services.

Established: October 1, 2004
Revised: April 3, 2026

This website uses Cookies to provide a better user experience. For details, please refer to Collection of Cookies and Browsing History. By clicking OK or continuing to use this site, you consent to our use of Cookies.