top of page

PRIVACY POLICY

ZOE Japan (a General Incorporated Association) (“ZOE Japan,” “we,” “us,” or “our”) is committed to ensuring the proper handling and protection of personal information collected through the services we provide. This Privacy Policy (“Policy”) applies to the main website operated by ZOE Japan (www.goZOE.jp), its English subdomain (www.eng.goZOE.jp) (collectively, the “Website”), and the services provided through our consultation hotline and related services (collectively with the Website, the “Services”).


 

1. Definitions and Compliance

 

1.1 For purposes of this Policy, “Personal Information” means information relating to a living individual that can identify a specific person, such as name, date of birth, address, telephone number, email address, or other descriptions, as defined by the Act on the Protection of Personal Information of Japan (“APPI”).

 

1.2 “Device and Usage Data” refers to information other than Personal Information described above, including but not limited to usage history, pages viewed, advertisements interacted with, search queries, dates and times of access, interaction patterns, device type, operating system, browser type, postal code, gender, profession, age, IP address, cookie and similar technology data, location data, and device identifiers.

While this information does not generally constitute Personal Information on its own, it will be treated as Personal Information if it can be readily combined with other information to identify a specific individual.

 

1.3 We comply with the APPI and all applicable laws, regulations, and governmental guidelines regarding the acquisition, use, and handling of Personal Information.


 

2. Methods of Collection and Purposes of Use

 

We may collect Personal Information as well as Device and Usage Data in connection with the Services, and use such information only within the scope of the purposes described below.

​

​

4.png

3. Disclosure to Third Parties

 

3.1 We will not disclose Personal Information to third parties without the individual’s prior consent, except in the following cases:

(1) When permitted by law (E.g., reports of suspected child abuse as required under Article 6 of the Child Abuse Prevention and Treatment Act).

(2)  When necessary to protect life, physical safety, or property and obtaining consent is difficult.

(3)  When particularly necessary to promote public health or the sound development of children and obtaining consent is difficult.

(4)  Where it is necessary to cooperate with a national government agency, a local government, or a person entrusted by either to carry out duties prescribed by law, and obtaining the individual’s consent is likely to impede the performance of such duties.

(5) When notice or public disclosure has been made in advance regarding:

​

  • The inclusion of third-party disclosure in the purpose of use,

  • The categories of data to be disclosed,

  • The means or method of disclosure, and 

  • The ability of individuals to request suspension of such disclosure.

 

3.2 The following do not constitute disclosure to a third party:

 

(1) The outsourcing of the handling of Personal Information within the scope necessary to achieve the purpose of use.

(2) The transfer of Personal Information in connection with a merger or other form of business succession. 

(3) The joint use of Personal Information with specified parties, provided that we have disclosed in advance, or made readily accessible to individuals, the following information:

​

  • the fact that such Personal Information is subject to joint use;

  • the categories of Personal Information to be jointly used;

  • the scope of parties with whom the Personal Information will be jointly used;

  • the purposes for which such parties use the Personal Information; and

  • the name of the individual or entity responsible for the management of such Personal Information.


 

4. Access to Personal Information 

 

4.1 Upon request, we will promptly disclose Personal Information to the individual concerned, unless disclosure would:

 

  1. Harm the life, body, property, or rights of the individual or a third party, 

  2. Seriously interfere with proper business operations, or

  3. Violate applicable laws

 

4.2 Notwithstanding the foregoing, Device and Usage Data is generally not subject to disclosure.

​

5. Requests to Correct or Delete Personal Information

 

5.1 If individuals believe that any Personal Information maintained by us about them is inaccurate, such individuals may request that we correct, supplement, or delete such Personal Information in accordance with our prescribed procedures (collectively, “Correction”).

 

5.2 Where we determine that a request described in the preceding paragraph should be granted, we will promptly make the requested Correction to the relevant Personal Information.

 

5.3 We will promptly notify the individual regarding whether we have made the requested Correction or have determined not to do so.

​

6. Requests to Suspend Use of Personal Information 

 

6.1 If an individual requests that we suspend use of or delete their Personal Information (collectively, “Suspension of Use”) on the grounds that such information is being used beyond the scope of the stated purposes of use, or was obtained improperly, we will promptly conduct any investigation we consider necessary.

 

6.2 If we determine, based on our investigation, that the request should be granted, we will promptly suspend use of or delete the relevant Personal Information.

 

6.3 We will promptly notify the individual of our decision, including whether we have granted the request for Suspension of Use or not.

 

6.4 Notwithstanding the preceding two paragraphs, where suspension of use or deletion would involve excessive cost or would otherwise be impractical, and where alternative measures are available to protect the individual’s rights and interests, we may implement alternative measures.
 

7. Retention Period

​

Personal Information will be retained only for as long as necessary to achieve the stated purposes and will be securely deleted or disposed of thereafter, unless a longer retention period is required by law.

​

8. Security Measures

 

8.1 We implement appropriate technical and organizational security measures designed to protect Personal Information against unauthorized access, disclosure, loss, misuse, or alteration.

 

8.2 These security measures include the following: 

 

  • Access controls and authorization management,

  • Password protections and other technical safeguards,

  • Measures to prevent the theft or loss of devices,

  • Oversight and supervision of third-party service providers, and

  • Secure data disposal procedures

 

8.3 Our employees receive appropriate training and supervision regarding the handling of Personal Information. Certain systems may be operated by external service providers that maintain appropriate security measures.
 

9. Data Breach and Incident Response

 

9.1 If we become aware of the occurrence or potential occurrence of a data breach, loss, destruction, corruption, or other incident affecting the security of Personal Information that poses a significant risk of harm to an individual’s rights or interests (each, a “Covered Incident”), we will promptly take appropriate measures.

 

Examples of Covered Incidents include, but are not limited to:

 

  • the actual or suspected unauthorized disclosure of sensitive Personal Information (including information relating to harm or victimization disclosed in consultation records);

  • incidents that pose a risk of financial harm;

  • the unauthorized disclosure of personal data relating to more than 1,000 individuals;

  • incidents involving unauthorized access or other malicious acts resulting in the disclosure of personal data; and

  • any other incident that is subject to reporting obligations as determined by the Personal Information Protection Commission of Japan.


 

9.2 Reporting to the Personal Information Protection Commission

When a Covered Incident occurs, we will report the incident to the Personal Information Protection Commission as follows:

 

  • an initial (preliminary) report will be submitted within approximately three to five (3–5) days from the time we become aware of the Covered Incident; and

 

  • a final report will be submitted within thirty (30) days from the time we become aware of the Covered Incident, or within sixty (60) days in cases where the incident is suspected to have been caused by malicious or fraudulent intent.


 

9.3 Notification to Affected Individuals
Where a Covered Incident may pose a risk of harm to an individual’s rights or interests, we will promptly notify affected individuals using one or more of the following methods:

 

  • if we have the individual’s contact information (such as an email address or telephone number), we will, whenever possible and practicable, provide direct notice using such contact information, or

 

  • where direct notice is not possible or impracticable, we will provide notice through posting on our Website or by other appropriate means, which may include press releases, social media, or similar public communications.

 

9.4 Following a Covered Incident, we will investigate the cause of the incident, implement measures to prevent recurrence, and, where necessary, revise this Policy or take other appropriate steps to ensure the proper management and protection of Personal Information.
 

10. Cookies and TWIPLA Analytics

 

10.1 Our website may use cookies and similar technologies to provide a better user experience. These technologies may automatically collect information about a user’s browsing and usage of the Website; however, they do not directly identify individual users.

 

10.2 Users may restrict or disable cookies through their browser settings. Please note that certain features of the Website may not function properly if cookies are disabled.

 

10.3 We use TWIPLA’s analytics tools to analyze website traffic. TWIPLA uses cookies to collect traffic data, which is collected anonymously and does not identify individual users. Users can opt out of this data collection by disabling cookies in their browser settings. For information on how TWIPLA handles data, please refer to their Terms of Use of Standard Integration:

https://www.twipla.com/en/support/legal-data-privacy-certificates/standard-integration


 

11. Changes to This Policy

​

We may update this Policy from time to time, except where otherwise required by law or this Policy. Any changes will take effect upon posting on the Website.

​
 

12. Contact Information

​

Email: info@goZOE.jp 

Phone: 050-3185-3322

​

Established: December 2023

Last Revised: January 15, 2026

​

ZOE Japan

National Director: Daniel Van Wyk

bottom of page