top of page

Privacy Policy

Last Updated: Oct 2025

Project SML limited Company (“the Company,” “we,” “our,” or “us”) is committed to lawful and appropriate handling of personal information and complies with the Act on the Protection of Personal Information of Japan (APPI) as well as applicable international data protection laws, including but not limited to the EU/UK General Data Protection Regulation (GDPR).

1. Personal Information Collected 

The Company may collect:

  • Name, postal address, telephone number, email address, and contact details.

  • Payment and transaction details (credit card information is processed by third-party providers and not retained by the Company).

  • Shipping and delivery details.

  • Communication records (emails, inquiries, order confirmations).

  • Technical data: IP address, browser type, access logs, cookies, and analytics.

2. Purpose of Use 

Personal information may be used for:

  • Processing and fulfilling orders.

  • Customer service and responding to inquiries.

  • Notifications regarding orders, Services, or policy updates.

  • Marketing and promotions (with consent where required).

  • Fraud prevention and service security.

  • Compliance with legal obligations.

3. Legal Basis for Processing (GDPR) 

  • Performance of a contract 

  • Legal obligation 

  • Legitimate interests (fraud prevention, service operation) 

  • Consent (marketing, optional use) 

4. Disclosure to Third Parties 

Personal information may be shared with:

  • Payment processors, shipping companies, IT vendors.

  • Authorities when legally required.

  • For protection of Company rights or safety.

5. International Data Transfers 

  • Data may be transferred to servers outside Japan.

  • Some countries may not have equivalent protection.

  • By using the Services, Customers consent to such transfers and acknowledge the risks, except where prohibited by law.

6. Data Retention 

  • Retained only as long as necessary for stated purposes, legal obligations, or dispute resolution.

  • Deleted or anonymized when no longer required.

7. Customer Rights 

  • Customers may request (subject to law):

  • Access, correction, or deletion.

  • Withdrawal of consent (where applicable).

  • Restriction or objection to processing.

  • Data portability (GDPR only).

Requests must be made in writing. The Company may require ID verification and may reject unreasonable or unlawful requests.

8. Data Security 

The Company uses reasonable measures to protect data, but:
No system is completely secure. Customers provide information at their own risk. The Company is not liable for damages arising from security incidents except where required by law.

9. Cookies and Tracking 

  • The Services may use cookies, beacons, and analytics.

  • Disabling cookies may reduce functionality.

  • Use of Services without disabling cookies constitutes consent.

10. Amendments 

The Company may amend this Policy without prior notice.
Revisions are effective upon publication. Continued use = acceptance.

11. Governing Law 

This Policy is governed by the laws of Japan.
Any disputes shall be subject to the exclusive jurisdiction of the Tokyo District Court, Japan.

bottom of page