Privacy policy

Effective Date: September 1, 2022
Last Updated: May 7, 2025

This Privacy Policy (“Policy”) describes how Ninja John (“Company,” “we,” “us,” or “our”) collects, uses, retains, and shares your personal information when you visit or make a purchase from our website (https://ninjajohn.com, “Site”). We comply with Japan’s Act on the Protection of Personal Information (APPI), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable laws.

Article 1 (Scope)

This Policy applies to all visitors and users of the Site.

Article 2 (Definitions)

Defined terms in this Policy have the meanings given under applicable laws. In particular, “Personal Information” means information about a living individual that can identify that individual, directly or indirectly.

Article 3 (Controller and Contact)

If you have any questions about this Policy or our practices, please contact:

Data Protection Officer (DPO)
Ninja John Privacy Manager
Email: support@ninjajohn.com
Address: 2-13-1-603 Kamisaginomiya, Nakano-ku, Tokyo 165-0031, Japan

Article 4 (Information Collected & Methods)

We collect the following categories of information:

Type of Information Method of Collection Purpose
Device Information Automatically via cookies, server logs, web beacons Site optimization, analytics, service improvement
Order Information Directly from you at checkout Order fulfillment, payment processing, invoicing, support
Inquiry Information Via contact forms Customer support
Newsletter Subscriber List Via subscription form Sending email newsletters
Marketing Activity Logs Via email open/click tracking, ad click tracking Ad targeting, campaign performance measurement

Article 5 (Purposes of Use)

We use Personal Information for the following purposes:

  1. To provide products and services and fulfill contracts
  2. To process payments, arrange shipping, and issue invoices/receipts
  3. To respond to inquiries and provide customer support
  4. To analyze site usage for maintenance and improvement
  5. To conduct marketing activities, including:
    • Sending email newsletters
    • Serving targeted advertising

       6. To comply with legal obligations and industry guidelines

Article 6 (Cookie Handling)

  1. We use cookies on the Site.
  2. Visitors from the EU will see Shopify’s standard consent banner (Accept/Reject).
  3. All other visitors may control or delete cookies via their browser settings; note that disabling cookies may limit certain features.

Article 7 (Data Retention & Deletion)

We retain Personal Information for the periods listed below; after each period expires, or upon your deletion request, we will promptly delete the data:

  • Order Information: 5 years from the date of last order
  • Server Logs (Device Information): 1 year from collection date
  • Inquiry Information: 1 year from last support interaction
  • Newsletter Subscriber List: 2 years from the date of last newsletter sent
  • Marketing Activity Logs: 2 years from last recorded engagement

Exceptions: We may retain data beyond these retention periods if required to:

    • Comply with applicable laws (e.g., tax, commerce, financial regulations)
    • Resolve disputes or enforce agreements

Article 8 (Third-Party Sharing)

We share Personal Information with external service providers strictly as needed to operate our business. Categories of recipients include (see “External Service Providers” page for details):

  • EC platforms & payment processors
  • Email & SMS delivery services
  • Review & survey platforms
  • Search & recommendation engines
  • Workflow automation tools
  • Advertising networks
  • Analytics & marketing analytics services
  • Social-media posting management tools
  • Shipping carriers
  • Other necessary service providers

Additional Exceptions: We may also disclose Personal Information without your consent in cases such as:

    1. Legal obligation or government request
    2. Protecting life, health, or property
    3. Public health or child welfare
    4. Business reorganizations (e.g., mergers, acquisitions, spin-offs)

Article 9 (Your Rights & How to Exercise)

You have the right to:

  1. Access, correct, supplement, or delete your Personal Information
  2. Request suspension of use or third-party sharing
  3. Obtain a copy of your data in a portable format
  4. (EU residents) Object to automated decision-making
  5. (CA residents) Exercise your CCPA rights (Right to Know, Right to Delete, Right to Opt-Out)

To exercise any right, contact us at support@ninjajohn.com. We will respond within 30 days, unless a different timeframe is required by law.

Article 10 (Minors)

Our Site is not intended for individuals under 18. If we learn that a minor has provided Personal Information, we will take steps to delete it unless we receive valid parental consent.

Article 11 (Security Measures)

We leverage Shopify’s built-in security features and, when needed, consult external experts to protect Personal Information against unauthorized access, alteration, disclosure, or destruction.

Article 12 (Legal Compliance & External Links)

This Policy is governed by APPI, GDPR, CCPA, and other applicable laws. For details on our external providers’ privacy practices, please refer to our “External Service Providers” page.

Article 13 (Policy Updates)

We may update this Policy to reflect changes in law or our practices. When we do, we will revise the “Last Updated” date above and, if the changes are significant, notify users via our Site.