Policy on Protection of Personal Information
Principles of Protection of Personal Information
VEGA Corporation (hereinafter referred to as the “Company”), in accordance with its business philosophy of sincerity, love, and gratitude, aims to be a mail order site that satisfies customers by providing good products at lower prices and offering the best possible service. We are aware of our social responsibility as a mail-order company, and consider the proper protection of privacy and management of the personal information entrusted to us by our customers and others to be of the utmost importance.
Therefore, by ensuring that all of our employees and others associated with our Company recognize the importance of protecting personal information and by protecting the personal information we obtain from our customers, we will strive to build a system that allows customers to use the services we provide with confidence and to provide them with even greater security and peace of mind.
In addition, we will comply with laws and regulations relating to personal information and strive to properly manage and maintain such personal information accordingly.
Policy on Protection of Personal Information
(1) Collection of Personal Information
When collecting personal information from mail order customers, the Company will inform them of the purpose for which the information will be used, contact information for inquiries, etc., and obtain their consent before collecting such information to the extent appropriate.
(2) Use of Personal Information
When collecting personal information, the Company will disclose in advance the purpose for which the information is to be used, and will use the information only to the extent necessary for that purpose. In addition, except as permitted by the Act on the Protection of Personal Information and other laws and regulations, the Company shall not use personal information in ways other than those necessary to achieve that purpose without the consent of the individual concerned, and shall take measures to prevent the use of personal information for purposes other than that for which it was collected by limiting access and controlling the period of availability of such information.
(3) Prevention and Remediation of Leakage, Loss, or Damage of Personal Information
The Company will take necessary and appropriate measures to prevent leakage, loss, or damage of personal information that it handles, as well as to otherwise ensure the secure management of personal information, and will take necessary remedial action.
(4) Compliance with Laws and Regulations, National Guidelines, and Other Standards Relating to Personal Information
With respect to personal information handled by the Company, the Company will comply with laws, regulations, national guidelines, and other norms relating to the protection of personal information.
(5) Response to Complaints and Consultations
The Company will endeavor to respond sincerely and promptly to complaints, consultations, inquiries, etc., regarding the Company’s handling of personal information.
(6) Ongoing Improvement of the Personal Information Protection Management System
In order to ensure that personal information is securely protected, we review and improve our management system on an ongoing basis in response to changes in the environment and social conditions.
VEGA Corporation
President and CEO: Tomokazu UKISHIRO
Date of enactment: November 20, 2007
Date of revision: May 1, 2014
Date of last revision: June 1, 2015
Handling of Personal Information
VEGA Corporation (hereinafter referred to as the “Company”) has established the following policy (hereinafter referred to as the “Policy”) regarding the handling of user information, including personal information, obtained from customers of the Company’s services and other related persons (hereinafter collectively referred to as “Users”) in connection with services provided by the Company, including the “LOWYA” mail order service (hereinafter referred to as “Company Services”), the Company website and other Company business and operations. When providing personal information to the Company, we ask that you agree to the following before doing so. The term “Personal Information” as used in this policy shall be as defined in the Act on the Protection of Personal Information.
1. Collection of User Information
1-1 Nature of User Information and Methods of Collection
Personal Information and other information the Company obtains from Users may include the following
(1)Information provided by Users in writing, via websites, etc.
・Information such as Users’ name, date of birth, gender, occupation, etc.
・Contact information such as Users’ address, telephone number, e-mail address, etc.
・User IDs and passwords for Company Service accounts
(2)Information collected by the Company when Users use Company Servers
・Referrer information
・IP address information
・Website browsing and action history
・Information on the use of services
・Information on Users’ telecommunication devices
・Server access log information
(3) Information the Company receives from third parties
・Users’ registration information on linked services (including e-commerce services other than the Company’s website, where the Company has a storefront) for which the Users have given permission to link with Company Services.
・Other information provided by third parties with Users’ consent or in accordance with relevant laws and regulations
1-2 Proper Collection of Personal Information
When collecting Personal Information, the Company will comply with the Act on the Protection of Personal Information and use appropriate methods of collection. Please note that you may not be able to use the Company Services if you do not provide us with the usage information, including Personal Information, necessary for the provision of the Company Services.
2. Purposes of Use of Personal Information
The Company will use Users’ Personal Information obtained by the Company only to the extent necessary for the following purposes. If Personal Information is to be used for purposes not specified below, the Company will obtain the User’s consent in advance. Users under 16 years of age must provide Personal Information only with the consent of their parents or legal guardians.
■ Customer Personal Information relating to Company Services
・To conduct activities related to the Company Services, such as the shipment of ordered products, billing, and after-sales services (including the provision of information necessary for the shipment of ordered products to the product manufacturer and delivery company)
・To contact customers regarding order details, delivery methods, etc., or to confirm such information
・To respond to customer requests and inquiries
・To authenticate a customer’s identity when they log in to the member’s page.
・To register and manage customer membership information
・To operate and manage LOWYA points and other point services
・To provide information about the Company’s promotional campaigns, gift delivery, products and services (including direct mail, distribution of email newsletters, etc.).
・To ask customers to provide the Company with opinions and impressions (including opinions and impressions of the Company’s products and Company Services).
・To analyze and review the Company’s products and Company Services in order to improve or develop new products and services
・To conduct marketing, promotional campaigns, and other advertising (including the delivery of targeted advertising, etc.) for the Company or third parties
・To prevent and respond to violations of the terms of use of the Company Services and other unauthorized activities
■ Personal Information of Affiliates
・For payment of affiliate commissions and related business communications
■ Personal Information of Applicants for Employment
・To provide employment information, conduct employment screening procedures, verify the identity of the applicant, and determine whether to accept or reject the application
・To manage information on applicants for employment
・To analyze and review for reference in future recruitment efforts, or to conduct questionnaires, etc.
・In case of applications made through Hello Work, to provide Hello Work with necessary documents such as a Notification of Employment
・For business communications related to the above
*The Personal Information of unsuccessful applicants will be disposed of appropriately in accordance with the Company’s personal information protection management system.
■ Personal Information of Company Employees
・For general affairs and employment management (procedures related to hiring, education and training, benefits, personnel transfers, and retirement)
・If necessary in the course of business activities, to designate responsible personnel and supervisors
・For business communications related to the above
* In accordance with the Company’s personal information protection management system, the Personal Information of employees who have left the company will be stored for a certain period of time as stipulated in Company regulations for the purpose of handling severance procedures and inquiries, and will then be properly disposed of.
■ Personal Information of Persons Who Contact the Company
・To respond to such inquires
・To analyze and review the Company’s products and Company Services in order to improve or develop new products and services
When collecting Personal Information for purposes other than the above, the Company will disclose the purpose of use in advance. In addition, except as permitted by the Act on the Protection of Personal Information and other laws and regulations, the Company will not use Personal Information in ways other than those necessary to achieve that purpose without the consent of the User concerned.
3. Delegation of the Handling of Personal Information
The Company may, to the extent necessary to fulfill the purposes stated in “2. Purposes of Use of Personal Information,” delegate the handling of Personal Information, in full or in part, to a third party. In such cases, the Company will conduct a rigorous inspection of the third party and exercise necessary and appropriate supervision over the third party to ensure that the handling of Personal Information delegated to such third party is managed securely.
4. Provision of User Information to Third Parties
4-1 Provision of Personal Information to Third Parties
The Company will not provide Personal Information collected from Users to any third party without obtaining their consent in advance. However, this does not apply to cases in which the Act on the Protection of Personal Information and other laws and regulations permit the provision of Personal Information to a third party without obtaining consent in advance.
4-2 Provision of Personally-Referable Information to Third Parties
The Company may provide Users’ personally referable information (“personally referable information” as defined in the Act on the Protection of Personal Information), such as website browsing history and Company Service usage history, to third parties. Personally Referable Information does not include personally identifiable information.
However, in the event that a third party to which personally referable information is provided is expected to use said personally referable information as Personal Information, the Company will confirm that the third party has obtained User consent in advance for the use of said personally referable information as Personal Information.
5. Disclosure and Correction of Personal Information
Upon receiving a request for disclosure of Personal Information (including disclosure by providing electronic records, correction, addition or partial deletion, suspension of use or expungement, or suspension of provision to third parties (hereinafter referred to as “Disclosure, etc.”), the Company will promptly investigate and respond to such request in accordance with the Company’s internal rules. Please note that the Company will not respond to a request for Disclosure, etc. of Personal Information if the identity of the person making such a request cannot be verified, or if the Company is under no obligation to respond to such a request under the relevant laws or regulations.
For requests for Disclosure, etc., questions, complaints, and other inquiries regarding the handling of Personal Information, please contact the Personal Information Inquiry Desk below. Please note that a fee may be charged for requests for Disclosure, etc.
<Personal Information Inquiry Desk>
【Contact Information】
Hakata Gion Center Place 4F, 7-20 Gionmachi, Hakata-ku, Fukuoka City, Fukuoka 812-0038
VEGA Corporation
Business Administration Division, Personal Information Complaint and Consultation Desk
Email: privacy@vega-c.com
6. Security Control Measures
The Company will take the following security control measures to prevent leakage, loss, or damage of Personal Information and to otherwise ensure its safe management.
(1)Establishment of Basic Policies
In order to ensure the proper handling of Personal Information as an organization, the Company has established a Personal Information Protection Policy that defines its basic policy regarding the protection of Personal Information.
(2)Establishment of Regulations for the Handling of Personal Information
The Company has established Basic Information Security Regulations for the collection, use, storage, and other handling of Personal Information. In addition, the Company will regularly evaluate and review such regulations and the management system for information security, and work to make improvements on an ongoing basis.
(3)Organizational Security Control Measures
・The Company has appointed a Chief Officer in charge of information security, including Personal Information, clearly defined the departments that handle Personal Information, established a reporting and communication system in case of incidents such as leaks, and established an organizational structure to take security control measures for Personal Information.
・Company employees are required to handle Personal Information in accordance with the Basic Information Security Regulations.
・The Company will establish methods to verify the handling of Personal Information, such as by restricting the number of employees who handle Personal Information based on division of administrative responsibilities.
・The Company has established a procedure manual for handling incidents such as information leaks, and has put in place a system to appropriately and promptly investigate, report, and take countermeasures in accordance with the manual.
・The Company conducts self-inspections and internal audits and reports the results of such inspections and audits in accordance with the Basic Information Security Regulations. In addition, periodic external audits are conducted by outside experts to ascertain the status of the handling of Personal Information, etc., and to evaluate, review, and improve security control measures.
(4)Human Security Control Measures
The Company will ensure that its employees are aware of the proper handling of Personal Information by providing information security training and obtaining written agreements regarding confidentiality, including that of Personal Information, and will provide appropriate training on an ongoing basis.
(5)Physical Security Control Measures
・The management of areas where Personal Information is handled is restricted, for example, by using security cards to keep records of entry and exit from work areas, and by limiting access to server rooms on a departmental basis.
・Measures are taken to prevent theft, etc., such as by keeping documents and storage media containing Personal Information and other important information locked in cabinets, etc.
・When disposing of documents or electronic media that contain or record Personal Information, the Company will employ methods that make it impossible or very difficult to recover Personal Information, such as incineration, melting, shredding, use of specialized data deletion software, or physical destruction.
(6)Technical Security Control Measures
・The Company will control access to Personal Information by, for example, granting access privileges to employees only to the extent necessary for their work.
・Employees’ IDs and passwords are used to identify and authenticate those who access Personal Information.
・Measures are taken to prevent unauthorized external access, such as the installation of firewalls at connection points with external networks.
・Measures have been implemented to prevent leakage of Personal Information when using information systems, such as encryption of routes and contents of communications containing Personal Information and other important information, and password protection when transferring important information.
7. Cookies
This website uses cookies.
Cookies are a mechanism that allow specific information to be temporarily stored as data in your communication device, and allow identification based on that data each time you connect. Cookies identify the device you are using, but do not identify you personally.
This website provides the Service on the premise that cookies are used. As such, if you do not allow the use of cookies, you may not be able to use some parts of the Service. You can set permission for the use of cookies in your browser, so please check your settings if necessary.
Regarding other external tools that use cookies, please refer to “Use of External Tools.”
Date of enactment: November 20, 2007
Date of revision: June 1, 2015
Date of revision: September 1, 2015
Date of revision: November 1, 2017
Date of revision: June 8, 2018
Date of revision: February 1, 2020
Date of last revision: April 1, 2022