Privacy policy

Last updated: October 2025

Overview

This Privacy Policy describes how Chidori Japan ("we", "us", or "our") collects, uses, and discloses your personal information when you visit or make a purchase from https://chidori-japan.com (the “Site”) or otherwise communicate with us (collectively, the “Services”).
For the purposes of this Privacy Policy, “you” refers to customers, website visitors, and any individual whose data is processed by us.

By using our Services, you agree to the collection and use of your information as described here.
If you do not agree with this Policy, please refrain from using our Site or Services.

We may update this Policy from time to time to reflect changes to our practices or to comply with applicable laws. The latest version will always be posted on this page.

1. Who We Are

Data Controller:
Chidori Japan
Icarusweg 113, 2624 BE Delft, The Netherlands
Email: info@chidori-japan.com
KvK Registration Number: 88961508
VAT Number: NL000054779987B57
Representative: Masayuki Mikawa

We operate our online store using Shopify International Ltd. (2nd Floor, Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland), which provides the e-commerce platform and acts as a data processor under our instructions.

We do not appoint a Data Protection Officer, as this is not legally required under Article 37 of the GDPR.

2. What Personal Data We Collect

The type of information we collect depends on how you interact with us.
We may collect and process the following categories of personal data:

  • Contact information: name, postal address, email address, phone number.

  • Order and payment information: billing and shipping address, payment confirmation details.

  • Account information: username, password (encrypted), preferences.

  • Shopping activity: items viewed, added to cart, or purchased.

  • Support communications: messages, inquiries, or reviews you send to us.

  • Technical and usage data: IP address, browser type, device identifiers, and cookies.

We do not intentionally collect special categories of personal data (such as health or biometric data).

3. How We Use Your Personal Data

We process your data for the following purposes:

  • To perform a contract:
    To process and deliver your orders, handle returns, provide customer support, and fulfill your purchase.

  • To comply with legal obligations:
    To maintain records for accounting, taxation, and regulatory compliance.

  • For legitimate interests:
    To improve our website, prevent fraud, maintain network security, and communicate with you efficiently.

  • With your consent:
    To send marketing emails or newsletters. You can withdraw consent at any time.

4. Lawful Basis for Processing (GDPR Article 6)

Our processing is based on one or more of the following legal grounds:

  • Article 6(1)(b): performance of a contract (to fulfill your order).

  • Article 6(1)(c): compliance with a legal obligation.

  • Article 6(1)(f): legitimate interests (to improve services and prevent fraud).

  • Article 6(1)(a): consent (for optional marketing).

5. Cookies and Similar Technologies

We use cookies and similar technologies to ensure the functionality of our Site, analyze usage, and personalize content.
Essential cookies are required for the operation of the website. Analytics and marketing cookies are only used with your consent.

You can manage your preferences through your browser settings or via the cookie banner on our website.
For details, see Shopify’s Cookie Policy.

6. How We Share Personal Data

We may share your personal data only as necessary to provide our Services:

  • With Shopify International Ltd. (e-commerce hosting).

  • With payment processors to complete transactions.

  • With shipping and logistics partners to deliver your orders.

  • With service providers offering IT, analytics, and support services under contract.

  • With public authorities, when legally required.

We do not sell or rent your personal information.

7. International Data Transfers

Your personal data may be transferred outside the EU/EEA, including to Canada and the United States.
Shopify International Ltd. and its affiliates participate in the EU-U.S. Data Privacy Framework and use Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

You can learn more about Shopify’s data protection practices here:
https://www.shopify.com/legal/privacy

8. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected, or as required by law. For example:

  • Order and payment data: 7 years (for tax and accounting compliance).

  • Account data: until you delete your account or request erasure.

  • Marketing data: until you withdraw consent.

After these periods, data is securely deleted or anonymized.

9. Your Rights Under GDPR

As an EU/EEA resident, you have the following rights regarding your personal data:

  • Right of access – to request a copy of your data.

  • Right to rectification – to correct inaccurate data.

  • Right to erasure (“right to be forgotten”) – to request deletion.

  • Right to restrict processing – to limit how your data is used.

  • Right to data portability – to receive a machine-readable copy.

  • Right to object – to object to processing based on legitimate interests.

  • Right to withdraw consent – for marketing or optional processing.

You may exercise these rights by contacting us at info@chidori-japan.com.
We will respond within one month as required under Article 12(3) GDPR.

10. Complaints and Supervisory Authority

If you believe that your personal data is being processed unlawfully, you have the right to lodge a complaint with your local supervisory authority or with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Autoriteit Persoonsgegevens (AP)
Website: https://autoriteitpersoonsgegevens.nl

11. Security of Your Data

We use technical and organizational measures to protect your personal information against unauthorized access, loss, or misuse.
However, no system is completely secure, and we cannot guarantee absolute security.
If you suspect any unauthorized use of your data, please contact us immediately.

12. Children’s Data

Our Services are not intended for children under 16 years old.
We do not knowingly collect or process data from minors.
If you believe your child has provided us with personal data, please contact us and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes.
The updated version will be posted here with a new “Last updated” date.
We encourage you to review this page periodically.

14. Contact

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact:

Chidori Japan
Icarusweg 113, 2624 BE Delft, The Netherlands
Email: info@chidori-japan.com
Representative: Masayuki Mikawa

For the purposes of the GDPR, Chidori Japan is the data controller of your personal information.