Privacy Policy

@cosme and the @cosme shopping website (hereinafter referred to as the “Services”) manage the personal information of the Services’ users according to the “Privacy Policy” of istyle Inc. (hereinafter referred to as the “Company”), the entity responsible for managing the information of users of the Services. The Company also manages personal information in compliance with relevant Japanese privacy protection laws (“Act on the Protection of Personal Information”), as well as other laws and regulations, such as guidelines set out by related government agencies regarding the management of personal information. The policy of the Company regarding the management of personal information is as follows:

Article 1 (Scope of Personal Information)

The Services will treat as personal information any information that can be used to identify individual users of the Services, as applicable under the following categories:
1. All information provided to the Company when entered and submitted by the user on the member registration screen, the product purchase screen, or other such screens.
2. Other information offered by the users and received by the Company, in relation to the Services.

Article 2 (Collection of Personal Information)

In order to provide a more enjoyable, convenient experience for its users, the Services will collect personal information such as information that is necessary for the use of the Services, as well as information that is necessary for use of the shopping service.
When users register for the Services, they will be asked to provide information such as email address, gender, date of birth, skin type, hair type, prefecture, state, or province of residence, field of employment, as well as whether they wish to receive email notifications or publications from the Services.
When using the shopping service, users will be asked for their email address, first and last names, postal code, address, and phone number, excluding information already provided by the member during registration.
In addition, if users using the shopping service wish to pay by credit card, they will be asked for their credit card information.
When users view webpages of the Services or use the Services, IP address and cookie information will be automatically collected.
During actual use of the Services, various kinds of necessary personal information will be marked as required during the member registration process. If users do not provide this information, they may be unable to use certain features of the Services, such as posting reviews.

Article 3 (Use of Personal Information)

The Company uses personal information which has been acquired through the Services for following purposes:
1. To adequately provide the Services as described in the “@cosme Terms of Service.”
2. To provide and display services and advertisements which suit the usage patterns and preferences of users.
3. To understand the interests of users and apply them to the development of new products and services.
4. When users use the shopping service, to make contact regarding their purchase, and to deliver their purchase as requested.
5. To deliver gifts to the users who win prizes during gift events.
6. To perform statistical analysis.
7. To send users sample products and thank you notes for answering questionnaires provided through the Services.
8. To notify the users of other necessary matters regarding the Services.

Article 4 (Joint Use of Personal Information)

The personal information of users is used and shared between the group companies of the Company as follows. Note that the group companies of the Company cane found on the Company Info website (
1. Purpose of sharing information:
To provide the Services comprehensively among the group companies of the Company, within the limits of intended use.
2. Shared personal information:
3. Name, postal code, address, telephone number, email address, and date of birth.
4. Purpose of use of shared user information:
See “Purposes of Use of Personal Information,” above.
5. Entity responsible for management of shared personal information:
istyle Inc.

Article 5 (Provision of Personal Information to a Third Party)

With the exception of the information discussed in the above-mentioned “Joint Use of Information,” and other cases based on other laws and regulations, a member’s personal information will not be provided to a third party without the member’s consent. In the event that personal information is provided to a third party, the member’s consent will be requested every time.

Article 6 (Outsourcing of Management of Personal Information)

The management of the whole or a part of a user’s personal information may be outsourced. The Company may enter into necessary contracts such as those related to the management of personal information, and adequately supervise the contracted party where necessary.

Article 7 (Credit Card Details and Personal Information)

Please find below the purposes for which the Company collects credit card information (name, card number, and expiration date), as well as the official name of the entity collecting said credit card information, the name of the entity that is provided with said information, and the period for which said information is retained.
1. Purposes of collection
 1. In order to process orders and bill for the purchase of products or services( Inc.)
 2. In order to display credit card information registered by the user on @cosme shopping as a possible payment method when making purchases in the future.( Inc.)
2. Collector of Credit Card Information Inc.
3. Recipient of Credit Card Information
SBI VeriTrans Co., Ltd.( Inc.)
Billing for purchases of goods and services through @cosme shopping will be processed using services offered by the payment company SBI VeriTrans Co., Ltd., and payment information entered by the user will be stored by that company. For more information, please click here.
4. Information Retention Period
Credit card information will be retained by the Company until its deletion is requested by the user. However, notwithstanding the foregoing, there may also be cases in which credit card data is deleted at the discretion of the Company.

Article 8 (The Management of the Services)

The Services are managed by the Company, and the related companies that make up the istyle Group, as outlined in the @cosme Terms of Service.
Accordingly, although the Company may share the information provided by users upon registration with other members of the istyle Group, it will not share such information for purposes other than those listed in the Privacy Policy. Moreover, the Company assumes responsibility for the management of the personal information of the users.
For Inc.’s Privacy Policy, please click here.

Article 9 (Personal Information of Users Under 15 Years Old)

When a user under 15 years old registers to become a member, a guardian’s consent must be obtained.

Article 10 (About Cookies)

Parts of the Services use cookies to manage the website, in order to provide a satisfactory user experience. A cookie is a small file that is sent and received between the user’s browser and the Services’ servers when browsing a website. If the user’s computer is set to receive cookies, the cookie will be saved to the user’s computer in a location specified by the user.
By using cookies, the Services’ servers can record which websites within the Services the particular computer has accessed (hereinafter referred to as “Cookie Information”). However, unless the user provides their personal information to the Services, the server cannot identify individual users, so there is no breach of privacy.
The user may also reject cookies or change their browser settings to display a warning through the browser when receiving cookies (for details, please refer to yourbrowser documentation). However, if the user rejects cookies, parts of the Services may become unavailable. (For example, not every service can be used unless you are logged in to the Services.)
The Services uses cookies for the following purposes:
1. To detect or confirm unauthorized usage.
2. To confirm the member’s identity and access registered information within the server of the Services, to provide a more customized experience.
3. To count the number of users and perform statistical analysis.
4. To display advertisements effectively.
In addition, Cookie Information is provided for the purpose of effective advertisement display.

Article 11 (About Web Beacons)

The Services use technology called “web beacons” in order to deliver advertisements that are relevant to users’ usage patterns.
A web beacon is a kind of technology that aggregates data using cookies, in order to count the number of hits on a particular website.
Web beacons are used to enhance the advertising services provided by Digital Advertising Consortium Inc. (hereinafter referred to as “DAC”) and are not used for any other purposes or for collecting personal information. If you would like to disable the web beacon function, please visit the DAC website and disable it by following the procedure on the page below. No limitations in the Services will be caused if web beacons are disabled.
URL: Website to disable Web Beacon (DAC)

Article 12 (About the Access Log)

The Company’s servers record the data created when users access the Services and temporarily store this data in the form of an access log.
The information that is recorded in the access log includes the date and time of access, the user’s IP address, kind of web browser used, and Cookie Information. The information is managed and used in the Company’s server for the purpose of improving ease use, server management, and investigation into unauthorized use.

Article 13 (About SSL)

When necessary, the websites of the Services are encrypted using SSL to protect the personal information of the users.
Encryption by SSL refers to technology that uses the computer’s web browser to automatically encrypt any personal information that a user enters when accessing the website (such as name or email address), so that when such information is sent or received between the user’s computer and the servers of the Services, the user’s personal information cannot by read if it is intercepted by a third party. This prevents personal information from being read by unauthorized parties. When using a browser that is not SSL compliant, users may be unable to enter information or access certain parts of the Services.
The browsers recommended by the Company are SSL compliant. For detailed system recommendations, please click here.

Article 14 (Inquiries Regarding Registered Information)

If a member requests a report of the use, disclosure, correction, deletion, addition, termination or cancellation of personal information (hereinafter referred to as “Disclosure”), the request of Disclosure will be responded to within a reasonable period of time after verification of the member’s identity.

The contact information to request the Disclosure of personal information may be found below.

istyle Inc. Personal Information Management Administrator
Ark Mori Building 34F
1-12-32 Akasaka, Minato-ku, Tokyo, Japan

Personal information inquiries and claims:

istyle Inc.
Written March 21, 2014
Last updated Oct 21, 2015