Introduction
Rainbowelmmeadow (“Company”, “we”, “us”, or “our”) operates the website and e-commerce platform. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and store your personal information. This Privacy Policy explains our practices regarding data collection and your rights under applicable law, including the General Data Protection Regulation (GDPR) and Japan's Act on the Protection of Personal Information (APPI).
Please read this Privacy Policy carefully. By accessing or using our website and services, you consent to the practices described herein. If you do not agree with this policy, please do not use our services.
Data We Collect
Contact Information: When you place an order, subscribe to our newsletter, or contact us directly, we collect your name, email address, phone number, postal address, and delivery address. This information is necessary to process your order and communicate with you about your purchase.
Payment Information: We collect payment card details only through secure third-party payment processors (e.g., Stripe). We do not store full card numbers on our servers. Payment processors retain encrypted card data according to PCI-DSS compliance standards.
Browsing Data: We automatically collect certain information when you visit our website, including IP address, browser type, pages visited, time and date of visit, and referring URL. This is collected via cookies and similar tracking technologies to improve your experience.
Account Information: If you create an account, we store your username, email, hashed password, and account preferences such as saved addresses and order history.
Communication Preferences: We record your preferences for receiving marketing emails, SMS notifications, and other promotional communications.
How We Use Your Data
We use your personal data for the following purposes:
- Order Fulfillment: To process, ship, and deliver your orders, and to communicate about order status.
- Customer Support: To respond to your enquiries, troubleshoot problems, and provide after-sales assistance.
- Marketing and Communications: To send newsletters, promotional offers, and seasonal guides — only to those who have opted in.
- Service Improvement: To analyse usage patterns, gather feedback, and optimise our website and product offerings.
- Legal Compliance: To comply with applicable laws, respond to legal requests, and enforce our Terms of Service.
- Fraud Prevention: To detect, prevent, and investigate fraudulent transactions and security incidents.
Data Sharing and Third Parties
Payment Processors: We share payment information with PCI-compliant payment processors to process transactions securely.
Shipping Partners: We share delivery addresses with our shipping and logistics partners (e.g., Japan Post, courier services) solely to deliver your order.
Service Providers: We may share data with email service providers, website analytics platforms, and customer support tools that help us operate our business. All such providers are bound by confidentiality agreements.
Legal Obligations: We may disclose personal data when required by law, court order, or regulatory authority.
Data Transfers: If we transfer data internationally, we ensure compliance with applicable data protection laws, including Standard Contractual Clauses for GDPR transfers.
We do not sell or rent your personal data to third parties for their marketing purposes.
Your Rights and Choices
Right of Access: You have the right to request a copy of the personal data we hold about you, including the sources and purposes of processing.
Right to Correction: You may request correction of inaccurate or incomplete personal data at any time.
Right to Deletion: You may request deletion of your personal data, subject to certain legal and business-related exceptions (e.g., if data is needed to fulfil an order or comply with law).
Right to Restrict Processing: You may request that we limit how we use your data while we resolve disputes or verify accuracy.
Right to Data Portability: Upon request, we will provide your data in a portable format that you can transfer to another service provider.
Opt-Out of Marketing: You can unsubscribe from promotional emails by clicking the unsubscribe link in any email or by contacting us directly. You may also adjust cookie preferences in your browser settings.
To exercise any of these rights, contact us at privacy@rainbowelmmeadow.com with your name and specific request. We will respond within 30 days.
Data Retention
We retain personal data only as long as necessary to fulfil the purposes outlined in this policy or as required by law. Order and payment records are retained for 7 years for accounting and tax purposes. Marketing data is retained until you unsubscribe. Account data is retained until you request deletion. If you close your account, we may retain certain data to comply with legal and regulatory obligations.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include SSL encryption for website traffic, secure password hashing for accounts, and restricted access to personal data. However, no method of transmission over the Internet is 100% secure. While we strive to use commercially reasonable security measures, we cannot guarantee absolute security.
Contact and Data Protection Officer
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:
Rainbowelmmeadow
Email: privacy@rainbowelmmeadow.com
Address: Minaminagareyama 3-10-7, Nagareyama Minaminagareyama, Chiba 270-0163, Japan
Phone: +81 4-7157-8181
For GDPR-related enquiries, you may also contact our Data Protection Officer or file a complaint with your local data protection authority.