1. Who we are (Data Controller)

This Website is operated by Education DEP S.a.s. (“we”, “us”, “our”), acting as Data Controller.
Owner contact email: info@puroo.tokyo

If you have any questions about this Privacy Policy or how we process your data, you can contact us at the email above.

2. What data we collect

We may collect Personal Data directly from you (e.g., when you place an order or create an account) and/or automatically (e.g., through cookies and server logs).

2.1 Data you provide to us

Depending on how you use the Website, this may include:

  • Identity & contact details: name, surname, email, phone number.
  • Account data (if you create an account): username, password (stored in encrypted form), login and account preferences.
  • Order & checkout data (e-commerce): billing and shipping address (country/state/province, city, postcode), order notes, order history, purchased items, returns/refunds history.
  • Customer support communications: messages you send us via forms, email or other channels.

2.2 Payment data

If you purchase products, your payment is processed by the chosen payment service provider (e.g., Stripe and PayPal).
We typically receive confirmation of payment status and limited transaction details (e.g., transaction reference, amount, date), but we do not receive or store full card details.

2.3 Usage data and device data

We may collect technical/usage data such as IP address, browser type, device identifiers, pages visited, time spent, referring URLs, and similar information.

2.4 Cookies and similar technologies

We use cookies and other tracking tools. Details (including categories, purposes, and how to manage consent) are described in our Cookie Policy, referenced on this Website.

3. Why we use your data (purposes) and legal bases

We process Personal Data only when we have a lawful basis under applicable data-protection laws (including the GDPR).

3.1 To provide the Website and its features

  • Enabling core site functions, security, and maintenance
    Legal basis: legitimate interest and/or performance of a contract (depending on the feature).

3.2 E-commerce: to process and fulfil orders

  • Managing cart and checkout, confirming orders, processing purchases, shipping products, managing delivery and handling returns/refunds
    Legal basis: performance of a contract (order/purchase).

3.3 To manage user accounts (if you create one)

  • Creating and managing your account, authentication, access to order history
    Legal basis: performance of a contract.

3.4 Customer support and communications about your order

  • Responding to enquiries, providing assistance, sending service messages (order confirmations, shipping updates, customer service)
    Legal basis: performance of a contract and/or legitimate interest.

3.5 Legal obligations (accounting, tax, compliance)

  • Invoicing/accounting records, regulatory requirements, responding to lawful requests by authorities
    Legal basis: legal obligation.

3.6 Fraud prevention, misuse prevention, and security

  • Preventing fraudulent transactions, protecting our Website and users, enforcing our terms
    Legal basis: legitimate interest.

3.7 Marketing communications (newsletter, promos) — only if you opt in

  • Sending marketing emails or promotional communications only where required and with your consent
    Legal basis: consent (you can withdraw at any time).

3.8 Analytics, advertising, remarketing — based on cookie choices

  • Measuring performance and (where enabled) showing personalised ads
    Legal basis: consent where required (see Cookie Policy).

4. Who we share your data with (recipients)

We share Personal Data only as necessary for the purposes above, including with:

  • Payment service providers (to process payments and help prevent fraud), including Stripe and PayPal.
  • Shipping and logistics providers (to deliver your purchases), who may receive your name, shipping address and contact details necessary for delivery.
  • IT/hosting and technical service providers that help us run the Website (hosting, maintenance, security, backups).
  • Professional advisors (e.g., accountants, legal advisors) where necessary for compliance.
  • Analytics/advertising providers only where enabled via cookie consent (see Cookie Policy).

Where required, these parties act as Data Processors under contractual obligations. An updated list of processors can be requested from us.

5. International data transfers

Your Personal Data may be processed in countries other than where you are located. When transfers outside the European Economic Area occur, we adopt appropriate safeguards in accordance with the GDPR (e.g., adequacy decisions or Standard Contractual Clauses).

6. Data retention (how long we keep your data)

We keep Personal Data only for as long as necessary for the purposes described above, then delete or anonymise it, unless we are required to keep it longer by law.

Indicative retention periods:

  • Orders, invoices, and accounting/tax records: retained for the period required by applicable laws (in many cases, 10 years for accounting records and related documents).
  • Account data: retained for as long as your account remains active; if you request deletion, we will delete/anonimise where possible, except data we must keep for legal obligations.
  • Customer support communications: retained for a reasonable period to handle the request and for dispute management.
  • Marketing data (newsletter): until you withdraw consent or unsubscribe.
  • Technical logs/security data: retained for a limited period, as needed for security and maintenance.

7. Your rights

Where applicable, you can exercise the rights recognised by data-protection laws, including: access, rectification, deletion, restriction, portability, objection, and withdrawal of consent at any time (without affecting processing carried out before withdrawal).
You also have the right to lodge a complaint with the competent supervisory authority.

To exercise your rights, contact us at info@puroo.tokyo.

8. Security

We adopt appropriate technical and organisational measures to protect Personal Data from unauthorised access, alteration, disclosure or destruction.

9. Children

This Website and its e-commerce services are not intended for children. If you believe a child has provided us with Personal Data, please contact us so we can take appropriate steps.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page. Please check it periodically.