Global Privacy Policy

This Global Privacy Policy (this “Global Privacy Policy”) describes the processing of personal data by Mercari, Inc. (“we,” “us,” or “our”) in the provision of our platform service (the “Service”). We comply with data protection laws and regulations applicable to such processing of personal data (the “Applicable Laws”).

This Global Privacy Policy shall apply to the processing of personal data collected from users of the Service (“you” or the “Users”) residing in countries other than Japan. For the Users residing in Japan, a separate Privacy Policy shall be applied and referred to.

This Global Privacy Policy also describes your data protection rights, including the right to object to some of the processing of personal data which we carry out in accordance with the Applicable Laws. More information about your rights, and how to exercise them, is set out in Section “6. Your Rights” below.

1. Type, Purpose, and Legal Basis for Collecting Personal Data

When we provide the Service, we collect your personal data directly or indirectly from you.

For the purpose of the Applicable Laws in which the concepts of “Controller” and “Processor” are defined, Mercari, Inc. (at Roppongi Hills Mori Tower 18th Floor, 6-10-1 Roppongi, Minato-ku, Tokyo 106-6118) is the “Controller” of your personal data as above.

We have set out below a description of all the ways we plan to process the various categories of your personal data. We also describe the legal basis under the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), etc. for each processing of personal data as a reference. Please note that the legal basis may vary depending on the jurisdiction, and if the legal basis specified in the table below does not apply in your jurisdiction, we will process your personal data based on an alternative legal basis permitted under the Applicable Laws, such as obtaining your consent to this Global Privacy Policy or obtaining your separate consent.

Purpose/UseType of DataLegal Basis for Processing
  1. To provide the Service (including linking information obtained from the Proxy as defined in the Terms of Service (Proxy Purchase Members) with information in our possession).
  2. To communicate or provide information on various matters concerning the Service.
  3. To perform internal operations.
  4. To respond to inquiries about the Service.
  1. Basic information of the Users (including name, date of birth, address, country/region of residence, occupation, and gender. The same shall apply hereafter).
  2. Account information of the Users (including email addresses, passwords, user IDs, telephone numbers, delivery names, delivery addresses, and nicknames. The same shall apply hereafter).
  3. Information obtained from the Proxy that is essential to the provision of the Service (including your purchase status, settlement status, shipping status, user IDs, and other information you provided to the Proxy. The same shall apply hereafter).
  4. Information concerning identity verification (including the information stated and image printed on your identification cards or documents. The same shall apply hereafter).
  5. Information regarding use of the Service (including the contents of the Service you have used, the dates and frequency of use, your online activities when using the Service, and details of your correspondence with our customer support department, etc. The same shall apply hereafter).
  6. Information obtained from the Users' terminals (including information on Cookies, information related to usage status such as access logs, etc., information on devices used, OS information, and information related to your communications such as IP addresses, browser information, browser language, etc. The same shall apply hereafter).
  7. Information we collect indirectly through business partners and third parties (including information such as identifiers (including Cookies, AdID/IDFA identifiers, and IP addresses), phone numbers, email addresses, browsing history and information such as interests and preferences acquired from third parties, such as public data management platform operators, affiliate service providers, data analysis business operators, fraudulent use detection service providers, advertising business operators, and other service providers. The same shall apply hereafter).
  1. Performance of a contract with you.
  2. Necessary for our legitimate interests (to provide the appropriate Service).
  1. To exclude antisocial forces and sanctioned persons.
  2. To identify children.
  3. To authenticate and confirm the identity of the Users.
  1. Basic information of the Users.
  2. Account information of the Users.
  3. Information concerning identity verification.
  1. Compliance with a legal obligation.
  2. Necessary for our legitimate interests (to comply with a legal obligation).
  1. To customise the contents of the Service to your needs.
  2. To analyse and investigate the use of the Service for improvement and development of the Service and marketing strategy.
  3. To develop the Service and other services of Mercari Group.
  1. Basic information of the Users.
  2. Account information of the Users.
  3. Information obtained from the Proxy that is essential to the provision of the Service.
  4. Information regarding use of the Service.
  5. Information obtained from the Users' terminals.
  6. Information we collect indirectly through business partners and third parties.
  1. Necessary for our legitimate interests (to provide the appropriate Service).
  1. To provide appropriate advertisements about the Service and other services (including services provided by third parties).
  2. To contact you regarding campaigns and surveys.
  3. To link the information obtained from third parties to your personal information already held by us, and match and analyse the information.
  1. Basic information of the Users.
  2. Account information of the Users.
  3. Information obtained from the Proxy that is essential to the provision of the Service.
  4. Information regarding use of the Service.
  5. Information obtained from the Users' terminals.
  6. Information we collect indirectly through business partners and third parties.
  1. Your consent.
  1. To resolve problems relating to the operation of the Service.
  2. To prevent unauthorised use and to ensure safety of the Service.
  1. Basic information of the Users.
  2. Account information of the Users.
  3. Information obtained from the Proxy that is essential to the provision of the Service.
  4. Information concerning identity verification.
  5. Information regarding use of the Service.
  6. Information obtained from the Users' terminals.
  7. Information we collect indirectly through business partners and third parties.
  1. Compliance with a legal obligation.
  2. Necessary for our legitimate interests (to provide the appropriate Service, to comply with a legal obligation, and to establish, exercise or defend against claims).

Personal data that you are required to provide for provision of the Service is indicated in the form to be completed by you. You are under no obligation to provide such personal data, but if such personal data is not provided, we may be unable to offer the Service.

2. Processing Security Measures

We make efforts to keep your personal data in accurate and up-to-date condition, and take the necessary and appropriate security control measures in order to protect your personal data against unauthorised access, tampering, leakage, loss, and damage.

3. Provision to Third Parties

We may provide your personal data to the following persons and entities in order to achieve the purposes of processing the personal data:

  1. tenso, inc. (the Proxy);
  2. Mercari, Inc. (US), Merpay, Inc., Mercoin, Inc., and our other affiliated companies;
  3. Entities that provide us with infrastructure to provide the Service (not limited to the case of providing your personal data to online services, translation tools, and other infrastructure providers necessary to provide the Service, but also including the case of providing your personal data to delivery companies, settlement agents, subcontractors, and other third parties (for the purpose of product delivery, payment settlement, response to inquiries, after-sales service, and other purposes);
  4. Entities to which we outsource the provision of advertisements or surveys related to the Service or other services;
  5. Counterparties of substantial business transactions, such as a sale or transfer of company assets, merger, or consolidation; and
  6. Third parties to which we disclose your personal data in order to comply with the Applicable Laws; handle legal processes and litigation; respond to requests from public authorities; address national security, law enforcement, and other issues of public concern; protect our rights, or the rights of the Users of the Service, or other third parties; seek available remedies; enforce our Terms of Service (Proxy Purchase Members); investigate fraud; protect our business or the Users' business, etc.

When we provide your personal data to third parties, we put appropriate measures in place in accordance with the Applicable Laws.

4. International Transfer

We may transfer your personal data to countries other than your country including Japan or the United States, which may have a lower level of data protection than your country. When providing personal data to third parties outside your country, we take the necessary measures therefore, such as obtaining consent and concluding data transfer agreements, etc., in accordance with Applicable Laws.

In the event that the GDPR applies to the processing of your personal data, we will protect your personal data based on an adequacy decision regarding the transfer of your personal data to Japan and other countries where an adequacy decision has been given or by entering into Standard Contractual Clauses (Article 46(2) of the GDPR) regarding the transfer of your personal data outside the European Economic Area. If you would like to review the Standard Contractual Clauses, please contact us as set out in Section “9. Contact Us” below.

5. Retention Period

We retain your personal data until the purpose of processing thereof has been achieved. When such purpose of processing has been achieved or if the Service is discontinued, we shall delete the relevant personal data without delay. However, we will retain your personal data beyond such period in cases where we are required to do so by the Applicable Laws.

6. Your Rights

In some countries, you have certain rights as a data subject under the Applicable Laws. To the fullest extent permitted by the Applicable Laws, you may have the following rights:

  1. The right to make an inquiry of and to review your personal data
  2. The right to access (and receive copies of) your personal data;
  3. The right to correct your inaccurate or incomplete personal data;
  4. The right to delete your personal data;
  5. The right to restrict the processing of your personal data;
  6. The right to object to our processing of your personal data on the basis of our legitimate interest;
  7. The right to withdraw your consent; *Please note that the legality of the processing of your personal data based on consent granted before such withdrawal of consent is not affected by such withdrawal of consent.
  8. The right to refuse direct marketing or to refuse profiling done for that purpose if your personal data is being processed for direct marketing purposes; and
  9. The right to data portability.

If you or your agent wishes to exercise your rights in accordance with the Applicable Laws, please contact us as set out in Section “9. Contact Us” below.

In addition, you may have the right to lodge a complaint with the relevant supervisory authority under the Applicable Laws.

7. Processing of Children's (Minors') Personal Data

We do not knowingly collect or process personal data of children without the consent of a parent or guardian. Depending on your country/region of residence, the threshold age for children may differ. If you are a parent or guardian and are concerned that your child has provided us with personal data without your consent, you should contact us as set out in Section “9. Contact Us” below.

If we discover that we have collected personal data of children without the consent of the parent or guardian, we will immediately take appropriate action.

8. Cookies

We use cookies and other similar mechanisms (collectively, “Cookies”) to collect certain data about you while you are browsing websites in order to distinguish you as a User for the duration of your visit and when you return to our websites. For more information on how we handle Cookies, please see our Cookie Policy.

9. Contact Us

If you would like to exercise your rights under the Applicable Laws; if you have comments, questions, or concerns; or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact us below.

Mercari, Inc.

Attn: Privacy Officer

global_support@mercari.jp

If you wish to have your personal information deleted, please contact us by following these instructions.

10. Changes

We will review our processing of personal data as appropriate and may revise this Global Privacy Policy. If we make any revisions, we will inform you by displaying them on our website, by other appropriate means, or by notifying you directly.


Global Privacy Policy, Last Updated and Effective: December 23, 2024