PRIVACY POLICY

CHOCOLATE Inc. (hereinafter referred to as the “Company”) is aware of the importance of personal information, and in order to provide peace of mind and trust to our customers, transaction partners, and other people from whom the Company obtains personal information (ex: people who access this site, people who make purchases, registered members, people who make inquiries, event participants, and people in charge at transaction partners; hereinafter collectively referred to as the “Customers”) in relation to the official website and the online shop “CHOCOLATE CHARACTER LABEL” that the Company operates (hereinafter collectively referred to as the “Site”) and the various services (hereinafter referred to as the “Services”) that are provided through the Site, we have stipulated the policy below for the purpose of thorough protection of personal information and we will strive to protect personal information. - The definitions of individual terms in this Privacy Policy are in accordance with the definitions in the Act on the Protection of Personal Information (hereinafter referred to as the “Personal Information Protection Act”).

Fundamental policy

The Company’s fundamental policy for protection of personal information is as stated below. Details are stipulated in the next clause and thereafter.

  1. Acquisition, use, and provision of personal information
The Company will specify the purposes of use of personal information within the scope of our business activities, and we will fairly and properly acquire, use, and provide personal information only within the extent that is necessary to achieve those purposes. We will also take measures to ensure that acquired personal information will not be used for anything other than those purposes.
  2. Compliance with laws, regulations, and standards
The Company will comply with the Personal Information Protection Act, other laws and regulations concerning personal information, guidelines stipulated by the national government, other standards, and social order and strive to appropriately protect personal information.
  3. Appropriate management of personal information
The Company is fully aware of risks such as unauthorized access, loss, destruction, falsification, and leaks of the personal information that we handle, and we will implement reasonable safety measures and take appropriate corrective measures if a problem occurs.
  4. Responding to inquiries
If the Company receives an inquiry from the relevant person concerning disclosure, correction, suspension of use , or an opinion about the personal information that we handle, we will properly respond to that inquiry.
  5. Continuous improvement
The Company has established management regulations and a management system concerning protection of personal information, all employees will thoroughly implement and regularly review those regulations and that system, and we will strive to continuously improve our personal information protection management system.

Established on September 8, 2021
Revised on February 1, 2026

CHOCOLATE Inc.
Yusuke Watanabe, Representative Director

<Place to contact concerning the personal information protection policy>
Contact point for inquiries concerning personal information
1-12-4 Jingumae, Shibuya-ku, Tokyo
Naoto Kitabayashi, Personal Information Protection Manager
Tel: 03-6709-8235

1. Information to be collected

The Company may collect the information below. The customer information that the Company collects includes information obtained directly from customers, information related to use of the Services, and information obtained from third parties.

  1. The customer’s name, user name, email address, address, telephone number, date of birth, or other similar identifying information.
  2. The customer’s bank account number, credit card number, debit card number, or other payment or financial information.
  3. If the customer is currently using or considering using the Services, the details of the agreement for the Services that the customer is using.
  4. The customer’s Internet Protocol (IP) address, cookies, and other online identifiers.
  5. Information about the customer’s interactions with the Site, and data about behavior on the Internet, including browsing history.
  6. Terminal information
  7. Access log information, including the “cookies” stated in Clause 3.
  8. When a customer makes an inquiry to the Company, the content of the inquiry.
  9. Inferred information obtained from personal information in order to create profiles that reflect personal preferences and behaviors, etc.
  10. The user ID and password for the Services, and other information that is necessary for identity verification.
  11. Other personal information that is necessary for service provision (If required based on applicable data protection regulations, the categories of information will be separately notified to the customer).
  12. Information obtained from third parties (including information that the customer allows a collaborating party to disclose in an external service).

2. About cookies

The Company uses cookies in the Services.

Cookies are small text files that a website sends to the customer’s terminal for the purpose of saving records. Cookies identify the customer’s terminal, typically the customer’s web browser. Some cookies are necessary in order to operate the Site, some improve functionality, some collect analytical data in order to improve operation, some allow the Company or our ad tech partners to track the customer on the Internet and deliver personalized advertising, and some make it possible to share information on social media.

If you want to change details about the Company’s method of use of cookies or settings related to use of cookies, you can also set your browser to reject cookies. In such a case, there is a possibility that you will become unable to use the features enjoyed by other users of the Services.

3. Use of tracking tools and similar tools provided by third parties

The Company provides targeted advertising and uses technologies of third parties such as advertisers or analytic software providers to display advertisements, both within and outside the Services. Those third parties use cookies and similar technologies to collect or receive information from the Services or from other places on the Internet and use that information to provide targeted advertisements.

The Company also uses Google Analytics. Google Analytics is an Internet analysis service provided by Google LLC (hereinafter referred to as “Google”), and it collects anonymous statistical and analytical information concerning the situation of use of the Services by the Company’s users. For example, Google Analytics collects and aggregates data concerning page views and numbers of clicks in the Services. That analytical information will not be used to track customers’ movement to other websites or to identify customers. The information generated by Google Analytics’ cookies about customers’ use of the Services (including customers’ IP addresses) will be sent to and stored by Google on servers in the United States. For more information about how Google Analytics collects and uses information when customers use the Services, please see Google's Privacy Policy (https://policies.google.com/privacy?hl=en) and “How Google Uses Information Collected from Sites and Apps that Use Google’s Services” (https://policies.google.com/technologies/partner-sites?hl=en).

In addition, the Site is enabling Google Analytics’ functions for advertising. If the advertising functions are enabled, the Site can collect traffic data by using Google Ads’ cookies (https://policies.google.com/technologies/cookies?hl=en#types-of-cookies) and identifiers, in addition to the data collected according to Google Analytics’ standard settings. Therefore, the Site may create remarketing user lists based on data about specific customers’ actions, age, gender, and preference and interest categories, share them with Google Ads, use data about age, gender, and preference and interest categories in analytics reports, and create segments based on data about age, gender, and preference and interest categories.

Customers can use My Ad Center (https://myadcenter.google.com/personalizationoff?ref=privacy-policy) to manage the Google Ads that are displayed and disable customized advertisements. For more information, including other methods, please visit the following website (https://policies.google.com/technologies/ads?hl=en). For information about how to use specific plugins to opt out of Google Analytics, please access the following link (https://tools.google.com/dlpage/gaoptout?hl=en). Please note that this opt-out applies only to Google activities.

4. Purposes of use of personal information

When providing the Services, the Company will use personal information only within the extent that is necessary for achievement of the purposes stipulated in each of the items below.

  1. Service provision to customers, new plans, and proposals related to the Services.
  2. Management and improvement of the Services, and prevention of unauthorized use.
  3. Responding to inquiries concerning the Services.
  4. Customer registration, opening of accounts, and identity verification.
  5. Confirmation of and referrals to the content of orders made by customers on the Site.
  6. Analysis of the situation of use of the Services, and creation of statistical data.
  7. Shipping and payment settlement for products ordered by customers on the Site.
  8. Notification of matters that are necessary for operation of the Services, such as maintenance and important notices.
  9. Analysis of the situation of use of the Services, and creation of statistical data.
  10. Questionnaire surveys and analysis, and marketing research and analysis, related to the Services.
  11. Use that is incidental to each of the aforementioned purposes of use.
  12. For providing information to third parties (limited to cases that are allowed under laws and regulations and cases in which the user has consented).
  13. For other purposes stipulated in the Terms of Use, etc.

5. Disclosure to third parties

The Company may, within the scope that is necessary for the purposes below, conduct the following things for the customers’ personal information that is stipulated in Clause 1: (i) provision to consigned parties (consignment of handling), (ii) acquisition by third parties, or (iii) disclosure based on laws and regulations.

  1. In order to provide the Services to customers, the Company may disclose customers’ personal data to service providers. Service providers are agents or independent contractors that provide the Services on the Company’s behalf, support the Company’s development and maintenance of the Services, or provide other administrative services to the Company.
  2. The Company may use Amazon Web Services, Inc. (hereinafter referred to as “AWS”) and other cloud service providers in order to save and manage the service data on our servers and process customers’ personal data. The Company may also disclose customers’ personal data to service providers that provide services that evaluate advertisements’ effectiveness. When the Company conducts consignment to a service provider, we will conclude an agreement concerning protection of personal information with the consigned party and conduct the necessary and appropriate supervision for the consigned party to ensure safe management of personal data.
  3. Acquisition of information by social media service providers and video streaming platforms: The Site may contain embedded video links on video streaming platforms and buttons that make it possible to share content on social media. In such a case, there is a possibility that social media service providers and video streaming platforms will obtain customers’ information.
  4. For the purpose of customers’ convenience, the Services’ website may contain links to websites or services operated by companies other than the Company that may be of interest to customers (hereinafter referred to as the “Third-Party Sites”). This Privacy Policy does not cover, and the Company will not bear liability for, the privacy, information, or other practices of such third parties, including third parties that operate the Third-Party Sites to which the Services link.
  5. In a case in which urgency is required for the purpose of complying with a law or regulation, protecting or defending the Company’s rights or property, or protecting a person’s life, body, or property, the Company may share personal data when it is difficult to obtain the relevant person’s consent or when the Company sincerely judges that it is necessary based on a law or regulation, a legally binding court order, or a government order that is lawfully issued by an investigating agency or a regulatory authority that has jurisdiction.
  6. The Company may share personal data with third parties or disclose personal data to third parties as part of corporate reorganization (including but not limited to a merger, acquisition, or transfer of all or substantially all of the Company’s assets).

6. Restriction of use of personal information

The Company will not, without obtaining customers’ prior consent, handle customers’ personal information beyond the scope that is necessary to achieve the purposes of use. Even if personal information is acquired as a result of a merger or another reason, customers’ personal information will not, without the relevant customers’ prior consent being obtained, be handled beyond the scope of the purposes of use prior to succession. Provided, however, that this does not apply in the cases below.

  1. Cases based on a law or regulation.
  2. When it is necessary for the purpose of protection of a person's life, body, or property and it is difficult to obtain the customer's consent.
  3. When it is particularly necessary for the purpose of improving public health or promoting the sound growth of children and it is difficult to obtain the customer's consent.
  4. When it is necessary to cooperate with a national government agency, a local government, or a party consigned by such an agency or government in its execution of clerical work stipulated in a law or regulation, and obtaining the customer's consent may hinder the execution of that clerical work.

7. Proper acquisition of personal information

The Company will properly acquire personal information and will not acquire it through deception or other wrongful means. In addition, we will not collect personal information concerning children younger than 13 years old without the consent of their parent or guardian.

8. Notification of the purposes of use of personal information at the time of acquisition

When the Company acquires personal information, we will publicly announce or notify customers in advance of the purposes of use of that information. Provided, however, that this does not apply in the cases stated below.

  1. A case in which publicly announcing or notifying the customer of the purposes of use may harm the life, body, property, or other rights or interests of the customer or a third party.
  2. A case in which publicly announcing or notifying the customer of the purposes of use may harm the Company's rights or legitimate interests.
  3. A case in which it is necessary to cooperate with a national government agency or a local government in its execution of clerical work stipulated in a law or regulation, and publicly announcing or notifying the customer of the purposes of use may hinder the execution of that clerical work.
  4. When it can be recognized that the purposes of use are clear from the circumstances of acquisition.

9. Retention period

The Company will retain personal information for the period that is necessary in order to achieve the purposes for which the information was collected, including purposes of compliance with legal, accounting, or reporting requirements, substantiation or defense for legal claims, or compliance and protection.

When deciding the appropriate retention period for personal information, the Company will consider the amount, nature, and confidentiality of the personal information, the potential risk of harm as a result of the personal information’s unauthorized use or disclosure, the purposes for which the Company processes the personal information, whether or not the Company can achieve those purposes by other means, and applicable legal requirements.

10. Change of the purposes of use of personal information

If the Company will change the purposes of use of personal information, we shall not change them beyond the scope that is reasonably recognized as having a suitable relationship with the purposes of use before the change, and we will publicly announce or notify customers of the changed purposes of use.

11. Safety management for personal data, and supervision of employees

In order to prevent leaks, loss, or damage of personal information and to conduct safety management for other personal data, the Company has stipulated personal information protection regulations and we will conduct the necessary and appropriate supervision of our employees.

12. Supervision of consigned parties

If the Company consigns all or a portion of handling of personal information, we will conclude a confidentiality agreement with the consigned party or have the consigned party agree to the conditions stipulated by the Company, and thereby conduct the necessary and appropriate supervision to ensure that safety management is conducted for personal information at the consigned party.

13. Restriction of provision to third parties

A) Excluding the cases below, the Company will not provide personal data to third parties without obtaining the customer’s consent in advance.

  1. Cases based on a law or regulation.
  2. When it is necessary for the purpose of protection of a person’s life, body, or property and it is difficult to obtain the customer's consent.
  3. When it is particularly necessary for the purpose of improving public health or promoting the sound growth of children and it is difficult to obtain the customer's consent.
  4. When it is necessary to cooperate with a national government agency, a local government, or a party consigned by such an agency or government in its execution of clerical work stipulated in a law or regulation, and obtaining the customer's consent may hinder the execution of that clerical work.
  5. A case in which the matters below are notified or publicly announced in advance in accordance with the provisions of the Personal Information Protection Act.
    • The fact that the purposes of use include provision of information that will be provided to third parties.
    • The data items that will be provided to third parties.
    • The means or method of provision to third parties.
    • The fact that provision of personal data to third parties will be stopped in response to a request by the customer.
    • The method of acceptance of requests for cessation of provision (by the contact point in Clause 20).

B) Irrespective of the preceding clause, the cases stated below do not fall under the third parties stipulated above.

  1. A case in which the Company consigns all or a portion of handling of personal data within the scope that is necessary in order to achieve the purposes of use.
  2. A case in which personal data is provided in association with succession of business due to a merger or another reason.
  3. In a case in which personal data will be jointly used with a specific party, when the Company, in advance, notifies the customers of, or makes readily accessible to the customers, the items of personal data that will be jointly used, the scope of joint use, the purposes of use by the party that will use the personal data, and the name or title of the party responsible for management of that personal data.

14. International transfer of information

Personal information that customers choose to provide to the Company will be stored in Japan. The Company may, in accordance with applicable laws and regulations, transfer that information (by any means, including by permitting transmission or access) to a country or region outside the customer’s country or region of residence.

During the period that is necessary in order to achieve the purposes stipulated in Clause 4, that personal information may be processed by the party to which the transfer is made.

(Ex.: Personal information may be transmitted to and stored by Google on servers in the United States in association with use of Google Analytics.)

For handling of personal information at the place to which the transfer is made, the Company will take the necessary and appropriate measures, in accordance with laws, regulations, and related guidelines.

15. Disclosure of personal information

When the Company receives a request from a customer for disclosure of retained personal data or records of provision to third parties, we will confirm that the customer is the person related to the personal data and then use the method stated in Clause 16 to conduct disclosure without delay.

Provided, however, that if disclosure falls under any of the cases below, all or a portion of the information may not be disclosed, and if a decision to not conduct disclosure is made, the Company will give notification of that fact without delay.

  1. A case in which there is a risk of harming the life, body, property, or other rights or interests of a customer or a third party.
  2. A case in which there is a risk of significantly hindering proper implementation of the Company’s business.
  3. A case that will violate a law or regulation.

16. Correction, addition, or deletion of personal information

When the Company receives a request from a customer for correction, addition, or deletion (hereinafter referred to as the “Correction, etc.”) of retained personal data on the grounds that such data is not true, we will, within the scope that is necessary in order to achieve the purposes of use of the retained personal data and excluding cases in which special procedures are stipulated in a law or regulation, conduct the necessary investigation without delay, correct, add, or delete the content of the retained personal data based on the result of that investigation, and notify the customer of that fact.

17. Suspension of use, etc. of personal information

When the Company receives a request from a customer for cessation of use or deletion (hereinafter referred to as the “Cessation of Use, etc.”) of retained personal data on the grounds that such data is being handled beyond the scope of the purposes of use that were publicly announced in advance or on the grounds that such data was obtained through deception or other wrongful means, we will conduct the necessary investigation and, if it can be recognized that it is necessary to stop using that retained personal data, we will conduct the Cessation of Use, etc. for that retained personal data and notify the customer of that fact. Provided, however, that in a case in which the Cessation of Use, etc. for the retained personal data is difficult due to a large amount of expenses or another reason, if the alternative measures that are necessary for protecting the customer’s rights and interests can be taken, those alternative measures will be taken.

18. Acquisition and use of information that does not fall under personal information

In order to develop new services and improve our services, the Company may acquire and use information that has been processed into a state in which it is not possible to identify individual customers, and other information that does not fall under personal information, within the scope of the Personal Information Protection Act and other laws and regulations.

19. Disclaimer

In the cases below, the Company will not bear liability.

  1. A case in which the customer discloses personal information to a third party through a function of the Company’s service or through other means.
  2. A case in which a third party can identify the customer by using information that the customer disclosed or provided on the Company’s service.

20. Inquiries

If you have an inquiry concerning disclosure or the Correction, etc. of retained personal data that was obtained from you, or if you have an opinion concerning handling of personal information, please use the form below to contact the contact point established by the Company.

Inquiry form
https://form.run/@chara-iVLpViKwVQtX7kNvp56v

21. Changes

The Company may change all or a portion of this Privacy Policy at any time. If an important change is made, we will post it on the Site.

pmark