Privacy policy

KURA Privacy Policy

Effective Date: July 24, 2025

1. Overview

KURA operates under Japanese personal information protection law and complies with international privacy regulations (GDPR, CCPA). KURA respects your privacy rights. We collect and use your data to provide e-commerce services, but we never sell your personal information to third parties or engage in any other inappropriate handling of your data.

Contact: privacy@k-u-r-a.com | 3-9-25 Nakatsu, Kita-ku, Osaka 531-0071 Japan

2. Information We Collect

You Provide:

  • Account data (name, email, address, phone)
  • Payment information (secured via PCI DSS compliance)
  • Purchase history and preferences
  • Reviews and communications

Automatically Collected:

  • Device/browser information
  • Usage data and shopping behavior
  • Location (IP-based)
  • Cookies

From Third Parties:

  • Payment verification
  • Shipping confirmations
  • Social media (if you connect accounts)

3. How We Use Your Information

Essential Services:

  • Process orders and payments
  • Deliver products
  • Customer support
  • Account management
  • Fraud prevention

With Consent:

  • Marketing emails
  • Personalized recommendations
  • Targeted advertising
  • Analytics improvement

Legal Requirements:

  • Tax reporting
  • Consumer protection
  • Law enforcement (with proper process)

4. Information Sharing

We share data only with:

  • Service providers (payment, shipping, hosting)
  • Legal authorities when required
  • Within KURA group companies
  • Others with your explicit consent

We NEVER sell your personal data.

International Transfers:
Protected by adequacy decisions, SCCs, or consent. Primary destinations: US (cloud services).

5. Your Rights

All Users:

  • Access your data
  • Correct inaccuracies
  • Delete account
  • Opt-out of marketing
  • Data portability

Response Time: 30 days (Japan), 1 month (EU), 45 days (California)
Exercise Rights: privacy@k-u-r-a.com or account dashboard

6. Data Security

  • Encryption (AES-256, TLS 1.3)
  • PCI DSS Level 1 certified
  • Regular security audits
  • Breach notification per legal requirements
  • Special protection for sensitive data (My Number)

7. Cookies

Types:

  • Essential: Shopping cart, security (always on)
  • Performance: Analytics (optional)
  • Marketing: Ads, personalization (consent required)

Google Analytics (Google LLC):

  • Information transmitted: Client ID, IP address, page URLs, referrer, device type, operating system, browser type, language settings, screen resolution
  • Our purpose: Access information analysis, site improvement
  • Google's purpose: See Google Privacy Policy
  • Opt-out: Google Analytics Opt-out Add-on available

Control: Cookie settings in footer or browser settings

8. Data Retention

  • Orders/Payments: 7 years (tax law)
  • Account: Until deletion request
  • Marketing: 3 years after opt-out
  • Reviews: Indefinite unless deleted
  • Cookies: See cookie policy for durations

9. Children

  • Service for 13+ years old
  • Purchases require 18+ or parental consent

10. Updates

We'll notify you 30 days before material changes. Continued use means acceptance.

11. Regional Compliance

  • Japan: Full APPI compliance
  • EU: GDPR compliant with DPO appointed
  • US: CCPA/CPRA and state law compliance
  • APEC: CBPR certified

12. Contact Us

Privacy Team: info@k-u-r-a.com
Phone: +81-6-6266-8911 (Mon–Fri 11:00–18:00 JST)
Languages: Japanese, English

Supervisory Authorities:


Languages Available: 日本語 | English

© 2025 KURA. All rights reserved.