Privacy Policy

TCG-AKIBA

Effective Date: November 15, 2025

Last Updated: November 15, 2025

INTRODUCTION

TCG-AKIBA (“we,” “us,” “our,” or “TCG-AKIBA”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with our business, including through our website at https://tcg-akiba.com (the “Site”), email communications, messaging platforms, and B2B wholesale transactions.

Important Note: TCG-AKIBA operates as a B2B wholesale trading company. We conduct business primarily through direct communication channels (email, WhatsApp, LINE) rather than through an e-commerce platform. This Privacy Policy reflects our actual business model and practices.

Legal Framework: This Privacy Policy complies with:

  • Japan’s Act on the Protection of Personal Information (APPI) (令和2年改正個人情報保護法)
  • EU General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Other applicable international data protection laws

By engaging with TCG-AKIBA, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Table of Contents

1. INFORMATION WE COLLECT

We collect different categories of information depending on your interaction with us:

1.1 Business Contact Information (B2B Partners)

When you inquire about our wholesale services or conduct business with us, we collect:

Identity Information:

  • Business name and legal entity information
  • Contact person’s name and job title
  • Business registration number or tax ID
  • Authorized representative information

Contact Information:

  • Email address
  • Phone number
  • WhatsApp/LINE/other messaging app handles
  • Business address
  • Shipping and billing addresses

Transaction Information:

  • Purchase history and order details
  • Payment information (credit card details processed by third-party processors only)
  • Shipping preferences and delivery confirmations
  • Communication records (emails, messages, call logs)
  • Pro forma invoices and commercial invoices

Business Verification Information:

  • Proof of business legitimacy (business licenses, website, social media accounts)
  • Trade references
  • Banking information for wire transfers

Preferences and Interests:

  • Product interests and purchasing patterns
  • Volume discount tier information
  • Communication preferences

1.2 Website Visitor Information

When you visit our Site, we automatically collect:

Device Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device type (desktop, mobile, tablet)
  • Language settings
  • Time zone

Usage Information:

  • Pages visited and time spent on pages
  • Referral source (how you found our Site)
  • Click patterns and navigation paths
  • Date and time of access
  • Search queries on our Site

Technical Information:

  • Cookies and similar tracking technologies (see Section 8)
  • Log files and server data

1.3 Information from Third Parties

We may receive information about you from:

  • Payment processors (PayPal, bank wire confirmations)
  • Shipping carriers (DHL, FedEx, EMS)
  • Business verification services
  • Credit reference agencies (for high-value transactions)
  • Public business registries

1.4 Information We Do NOT Collect

We do not collect:

  • Personal consumer information unrelated to business transactions
  • Sensitive personal data (health information, political opinions, religious beliefs)
  • Information from individuals under 18 years of age
  • Biometric data
  • Precise geolocation data beyond IP-based country/region identification

2. HOW WE USE YOUR INFORMATION

We use your information for legitimate business purposes, including:

2.1 Transaction Processing and Order Fulfillment

Purpose: To process and complete your wholesale orders

  • Verifying business identity and creditworthiness
  • Processing payments and issuing invoices
  • Arranging shipping and customs documentation
  • Providing order confirmations and tracking information
  • Handling returns, refunds, and disputes

Legal Basis:

  • Performance of contract (GDPR Article 6(1)(b))
  • Legitimate business interests (APPI Article 16)

2.2 Business Communication

Purpose: To communicate with you about your transactions and our services

  • Responding to inquiries and quote requests
  • Sending order updates and shipping notifications
  • Providing customer support
  • Conducting satisfaction surveys
  • Sending important notices about our services or policies

Legal Basis:

  • Performance of contract (GDPR Article 6(1)(b))
  • Legitimate business interests (GDPR Article 6(1)(f))

2.3 Marketing and Business Development

Purpose: To inform you about products and services that may interest your business

  • Sending promotional offers and new product announcements
  • Providing market insights and industry news
  • Inviting you to exclusive wholesale opportunities
  • Building long-term business relationships

Legal Basis:

  • Consent (GDPR Article 6(1)(a)) – You can opt out at any time
  • Legitimate business interests (GDPR Article 6(1)(f))

Opt-Out: You can unsubscribe from marketing communications by clicking “unsubscribe” in emails or contacting us at contact@tcg-akiba.com

2.4 Fraud Prevention and Security

Purpose: To protect our business and customers from fraudulent activities

  • Detecting and preventing fraud, scams, and unauthorized transactions
  • Verifying business legitimacy
  • Monitoring for suspicious activity
  • Protecting against cyber threats

Legal Basis:

  • Legitimate business interests (GDPR Article 6(1)(f))
  • Legal obligations (GDPR Article 6(1)(c))

2.5 Legal Compliance and Record Keeping

Purpose: To comply with legal and regulatory requirements

  • Maintaining accounting and tax records (7-10 year retention required by Japanese law)
  • Complying with customs and international trade regulations
  • Responding to legal requests and court orders
  • Protecting our legal rights and interests

Legal Basis:

  • Legal obligations (GDPR Article 6(1)(c))
  • Legitimate business interests (GDPR Article 6(1)(f))

2.6 Business Analytics and Improvement

Purpose: To understand and improve our services

  • Analyzing transaction patterns and customer preferences
  • Improving website functionality and user experience
  • Developing new products and services
  • Conducting market research

Legal Basis:

  • Legitimate business interests (GDPR Article 6(1)(f))

3. HOW WE SHARE YOUR INFORMATION

Important: We do not sell, rent, or trade your personal information to third parties. We share information only as necessary for business operations.

3.1 Service Providers and Business Partners

We share information with trusted third parties who assist us in operating our business:

Payment Processors:

  • PayPal (payment processing)
  • Banking institutions (wire transfers)
  • Cryptocurrency payment processors
  • Purpose: Processing your payments securely
  • Data Shared: Transaction details, payment information
  • Location: USA, Japan, and other jurisdictions

Shipping and Logistics Partners:

  • DHL Express
  • FedEx International
  • EMS Japan Post
  • Purpose: Delivering your orders
  • Data Shared: Name, shipping address, phone number, order contents
  • Location: Global network

Technology Service Providers:

  • Website hosting providers
  • Email service providers
  • Customer relationship management (CRM) systems
  • Cloud storage providers
  • Purpose: Operating our business systems
  • Data Shared: Contact information, communication records
  • Location: USA, Japan, EU

Business Verification Services:

  • Credit reference agencies
  • Business registry services
  • Purpose: Verifying business legitimacy and creditworthiness
  • Data Shared: Business name, registration details
  • Location: Various jurisdictions

Legal and Professional Advisors:

  • Attorneys
  • Accountants
  • Business consultants
  • Purpose: Obtaining professional advice
  • Data Shared: As necessary for specific matters
  • Location: Japan and other jurisdictions

Data Processing Agreements: All service providers are bound by data processing agreements requiring them to protect your information and use it only for specified purposes.

3.2 Legal Requirements and Protection of Rights

We may disclose information when required by law or to protect our interests:

  • In response to subpoenas, court orders, or legal processes
  • To comply with customs, tax, or regulatory requirements
  • To enforce our Terms of Service or other agreements
  • To protect the safety, rights, or property of TCG-AKIBA, our customers, or others
  • To investigate fraud or security breaches
  • In connection with business transfers (mergers, acquisitions, asset sales)

3.3 With Your Consent

We may share information with third parties when you have given explicit consent for specific purposes.

3.4 We Do NOT Share Information With:

  • Marketing companies or advertising networks (for consumer-targeted ads)
  • Data brokers
  • Social media platforms (beyond necessary business pages)
  • Competitors or unauthorized third parties

4. INTERNATIONAL DATA TRANSFERS

As an international B2B trading company based in Japan serving customers worldwide, we necessarily transfer data across borders:

4.1 Data Transfer Locations

Your information may be transferred to and processed in:

  • Japan: Our primary business operations and data storage
  • United States: Service providers (payment processors, cloud hosting, CRM systems)
  • European Union: European customers and service providers
  • Other Countries: As necessary for shipping, payment processing, and customer service

4.2 Legal Safeguards for International Transfers

For Transfers from EU/EEA:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Appropriate technical and organizational security measures

For Transfers from Japan:

  • Compliance with APPI Article 24 (cross-border data transfer requirements)
  • Consent where required
  • Confirmation that recipient countries provide adequate protection

For Transfers to/from USA:

  • Compliance with applicable state laws (CCPA, CPRA)
  • Contractual safeguards with service providers
  • Security measures exceeding minimum legal requirements

4.3 Your Rights Regarding International Transfers

You have the right to:

  • Request information about data transfer safeguards
  • Object to transfers to specific countries
  • Request copies of data transfer agreements

5. DATA SECURITY

We implement comprehensive security measures to protect your information:

5.1 Technical Security Measures

  • Encryption: SSL/TLS encryption for data transmission; AES-256 encryption for stored data
  • Secure Servers: Enterprise-grade hosting with redundant backups
  • Access Controls: Multi-factor authentication, role-based access limitations
  • Firewalls and Intrusion Detection: Advanced threat monitoring systems
  • Regular Security Audits: Quarterly vulnerability assessments
  • Secure Communication: Encrypted email and messaging for sensitive information

5.2 Organizational Security Measures

  • Employee Training: Regular data protection and security training
  • Confidentiality Agreements: All employees and contractors sign NDAs
  • Limited Access: Only authorized personnel access personal information
  • Data Minimization: We collect and retain only necessary information
  • Incident Response Plan: Documented procedures for data breach response

5.3 Payment Security

  • PCI DSS Compliance: Payment processors are PCI DSS certified
  • No Storage of Payment Details: We do not store credit card information on our servers
  • Tokenization: Payment information is tokenized by processors
  • Secure Payment Channels: All payments through encrypted, verified channels

5.4 Limitations and Your Responsibility

While we implement strong security measures:

  • No system is 100% secure; we cannot guarantee absolute security
  • You are responsible for protecting your account credentials and devices
  • You should use strong passwords and enable two-factor authentication where available
  • You should report suspected security issues immediately

Security Breach Notification: In the event of a data breach, we will notify affected parties within 72 hours (as required by GDPR) and comply with all applicable notification requirements under Japanese and international law.

6. DATA RETENTION

We retain your information for as long as necessary to fulfill business and legal obligations:

6.1 Retention Periods by Category

Active Business Relationship:

  • Duration: While you remain an active customer
  • Information: All business contact, transaction, and communication data
  • Purpose: Providing ongoing services and support

Completed Transactions:

  • Duration: 7-10 years after transaction completion
  • Information: Transaction records, invoices, payment records, shipping documents
  • Purpose: Legal compliance (Japanese Commercial Code, Tax Law), accounting requirements, warranty support
  • Legal Basis: Legal obligation (cannot be deleted upon request during this period)

Marketing Communications:

  • Duration: Until you opt out or 2 years of inactivity
  • Information: Marketing preferences, communication history
  • Purpose: Business development
  • Note: You can opt out at any time

Inactive Accounts:

  • Duration: 3 years after last interaction
  • Information: Contact information, basic business details
  • Purpose: Re-engagement opportunities
  • Note: You can request deletion after account becomes inactive

Website Analytics:

  • Duration: 26 months
  • Information: Anonymized usage data
  • Purpose: Website improvement

Legal Claims:

  • Duration: Until resolution + applicable statute of limitations
  • Information: Relevant to specific legal matters
  • Purpose: Defense or prosecution of legal claims

6.2 Secure Deletion

When retention periods expire or you request deletion (where applicable):

  • Data is securely deleted or anonymized beyond recovery
  • Backups are purged within 90 days
  • Physical records are shredded
  • Third-party processors are instructed to delete data

6.3 Exceptions to Deletion

We may retain information longer when:

  • Required by law (e.g., accounting records, tax documentation)
  • Necessary for ongoing legal proceedings
  • Needed to protect our legal rights or interests
  • Anonymized for statistical or research purposes (cannot identify you)

7. YOUR RIGHTS AND CHOICES

Depending on your location, you have various rights regarding your personal information:

7.1 Rights Under Japanese Law (APPI)

If you are in Japan, you have the right to:

Right to Disclosure (Article 28):

  • Request disclosure of your personal information we hold
  • Receive information about usage purposes and third-party sharing

Right to Correction (Article 29):

  • Request correction of inaccurate or outdated information

Right to Deletion (Article 30):

  • Request deletion when information is no longer necessary for stated purposes
  • Subject to legal retention requirements

Right to Suspend Use (Article 30):

  • Request suspension of use if information was obtained or used unlawfully

How to Exercise: Contact us at contact@tcg-akiba.com with subject line “APPI Rights Request”

Response Time: 30 days

Fee: Reasonable fees may apply for extensive requests

7.2 Rights Under GDPR (EU/EEA Residents)

If you are in the EU/EEA, you have the right to:

Right of Access (Article 15):

  • Obtain confirmation of whether we process your data
  • Receive a copy of your personal data
  • Get information about processing purposes, categories, recipients, retention periods

Right to Rectification (Article 16):

  • Correct inaccurate personal data
  • Complete incomplete personal data

Right to Erasure / “Right to be Forgotten” (Article 17):

  • Request deletion of your data in specific circumstances
  • Subject to legal retention requirements and legitimate business interests

Right to Restriction of Processing (Article 18):

  • Limit how we use your data in specific circumstances

Right to Data Portability (Article 20):

  • Receive your data in structured, machine-readable format
  • Transmit data to another controller where technically feasible

Right to Object (Article 21):

  • Object to processing based on legitimate interests
  • Object to direct marketing at any time (absolute right)

Right Not to Be Subject to Automated Decision-Making (Article 22):

  • Not be subject to decisions based solely on automated processing
  • Note: We do not use automated decision-making for significant decisions

Right to Withdraw Consent:

  • Withdraw consent at any time (does not affect lawfulness of processing before withdrawal)

Right to Lodge a Complaint:

  • File a complaint with your local supervisory authority
  • Lead Supervisory Authority for TCG-AKIBA: Personal Information Protection Commission, Japan

How to Exercise: Contact us at contact@tcg-akiba.com with subject line “GDPR Rights Request”

Response Time: 30 days (may be extended to 60 days for complex requests)

Fee: Free of charge (excessive or unfounded requests may incur reasonable fees)

7.3 Rights Under CCPA/CPRA (California Residents)

If you are a California resident conducting business with us, you have the right to:

Right to Know (CCPA § 1798.100):

  • Categories of personal information collected
  • Sources of personal information
  • Business purposes for collection
  • Categories of third parties with whom we share information
  • Specific pieces of personal information we hold

Right to Delete (CCPA § 1798.105):

  • Request deletion of personal information
  • Subject to legal exceptions

Right to Opt-Out of Sale (CCPA § 1798.120):

  • Note: We do not sell personal information

Right to Non-Discrimination (CCPA § 1798.125):

  • Equal service and pricing regardless of privacy rights exercise

Right to Correction (CPRA):

  • Request correction of inaccurate information

Right to Limit Use of Sensitive Personal Information (CPRA):

  • Note: We do not collect sensitive personal information as defined by CPRA

How to Exercise: Contact us at contact@tcg-akiba.com with subject line “CCPA Rights Request”

Verification: We will verify your identity before processing requests

Response Time: 45 days (may be extended to 90 days)

Fee: Free of charge

7.4 Rights Under Other Jurisdictions

Canada (PIPEDA):

  • Right to access and correct personal information
  • Right to withdraw consent
  • Right to challenge compliance

Other Jurisdictions:

Please contact us to inquire about rights under your local laws.

7.5 How to Exercise Your Rights

Contact Methods:

  • Email: contact@tcg-akiba.com
  • Subject Line: Specify the type of request (e.g., “GDPR Access Request”)
  • Include: Your name, business name, email address, specific request details

Verification Process:

  • We will verify your identity before processing requests
  • May require additional information to confirm identity
  • Authorized representatives must provide proof of authorization

Response Process:

  • Acknowledgment within 5 business days
  • Substantive response within legally required timeframes
  • Clear explanation if request is denied (with reasons and appeal rights)

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our Site. We use minimal cookies to ensure basic functionality.

8.2 Types of Cookies We Use

Strictly Necessary Cookies:

  • Purpose: Essential for website operation (session management, security)
  • Duration: Session-based (deleted when you close browser)
  • Cannot be disabled: Required for basic site functionality

Analytics Cookies:

  • Purpose: Understanding how visitors use our Site
  • Provider: Google Analytics
  • Information Collected: Pages visited, time on site, referral sources, device type
  • Duration: Up to 26 months
  • Can be disabled: Yes (see opt-out below)

We Do NOT Use:

  • Advertising cookies
  • Social media tracking cookies
  • Third-party marketing cookies
  • Cross-site tracking cookies

8.3 Google Analytics

We use Google Analytics to understand website usage:

8.4 How to Manage Cookies

Browser Settings:

  • Most browsers allow you to refuse cookies or delete existing cookies
  • Instructions: Check your browser’s “Help” menu
  • Note: Disabling necessary cookies may impair site functionality

Cookie Management Tools:

8.5 Do Not Track (DNT) Signals

Our Site does not currently respond to “Do Not Track” browser signals due to lack of industry standards. We commit to updating this policy when standards are established.

9. THIRD-PARTY LINKS AND SERVICES

9.1 Links to Third-Party Websites

Our Site may contain links to third-party websites (payment processors, shipping carriers, industry associations). We are not responsible for:

  • Privacy practices of third-party sites
  • Content or accuracy of external sites
  • Your interactions with third parties

Recommendation: Review the privacy policies of any third-party sites you visit.

9.2 Third-Party Services We Use

Payment Processors:

Shipping Carriers:

Social Media:

  • We maintain business pages on platforms (Facebook, Instagram, LinkedIn)
  • Governed by those platforms’ privacy policies
  • We do not share customer data with social media platforms beyond business page management

10. BUSINESS-SPECIFIC PROVISIONS

10.1 B2B Communications

As a B2B company, we communicate with business contacts regarding:

  • Quote requests and pricing inquiries
  • Order confirmations and updates
  • Industry news and market insights
  • New product announcements
  • Exclusive wholesale opportunities

Legitimate Interest: B2B communications are based on legitimate business interests and existing business relationships. You can opt out at any time.

10.2 WhatsApp and Messaging Apps

We use WhatsApp, LINE, and other messaging platforms for business communication:

  • Encryption: Messages are encrypted by platform providers
  • Data Storage: Message history may be stored on our devices for business records
  • Third-Party Access: Governed by messaging platform privacy policies
  • Your Control: You can request deletion of message history (subject to legal retention requirements)

10.3 Email Communications

We use email for business communications:

  • Security: Sensitive information sent via encrypted email or secure document sharing
  • Retention: Email records retained for 7-10 years per Japanese law
  • Marketing Opt-Out: Unsubscribe links in all marketing emails

10.4 Business Verification

For security and fraud prevention, we may verify:

  • Business registration and legitimacy
  • Identity of authorized representatives
  • Credit worthiness (for large orders)
  • Compliance with trade regulations

Data Sources: Public business registries, credit agencies, third-party verification services

11. CHILDREN’S PRIVACY

TCG-AKIBA is a B2B wholesale business intended exclusively for:

  • Business entities (corporations, partnerships, sole proprietorships)
  • Adults 18 years of age or older acting in a business capacity

We do not:

  • Knowingly collect information from individuals under 18
  • Market to minors
  • Sell products to consumers

If We Learn: If we discover we have collected information from a minor, we will delete it immediately.

Parental Rights: Parents or guardians who believe we have collected information from a minor should contact us immediately at contact@tcg-akiba.com

12. CHANGES TO THIS PRIVACY POLICY

12.1 Updates and Modifications

We reserve the right to update this Privacy Policy to reflect:

  • Changes in our business practices
  • New legal requirements
  • Technological developments
  • Customer feedback

12.2 Notification of Changes

Material Changes:

  • Email notification to active business partners
  • Prominent notice on our website for 30 days
  • Updated “Last Updated” date at the top of this policy

Non-Material Changes:

  • Updated “Last Updated” date
  • No proactive notification required

12.3 Your Acceptance

Continued use of our services after changes constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, please discontinue use and contact us to close your account.

12.4 Version History

Current Version: 1.0 (November 15, 2025)

  • Initial comprehensive Privacy Policy release

13. CONTACT INFORMATION AND DATA PROTECTION OFFICER

13.1 General Inquiries

For questions, concerns, or requests regarding this Privacy Policy:

Email: contact@tcg-akiba.com

Subject Line: “Privacy Inquiry” or specific right you wish to exercise

Response Time: Within 5 business days for acknowledgment; substantive response within legal timeframes

13.2 Data Protection Officer (DPO)

For GDPR-related matters:

Data Protection Officer

TCG-AKIBA

Email: dpo@tcg-akiba.com

Address: Tokyo, Japan

13.3 Supervisory Authorities

Japan:

Personal Information Protection Commission
Website: https://www.ppc.go.jp/en/

European Union:

You have the right to lodge a complaint with your local supervisory authority:
EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en

United States (California):

California Office of the Attorney General
Privacy Enforcement and Protection Unit
Website: https://oag.ca.gov/privacy

14. LEGAL COMPLIANCE STATEMENTS

14.1 Japan Personal Information Protection Act (APPI) Compliance

  • Business Operator: TCG-AKIBA (operated by AKIHABARA trading Inc.)
  • Registration: Registered under APPI as required
  • Purpose of Use: As specified in Section 2 of this Privacy Policy
  • Third-Party Provision: As specified in Section 3 of this Privacy Policy
  • Overseas Transfer: As specified in Section 4 of this Privacy Policy
  • Complaint Handling: Contact information provided in Section 13

14.2 GDPR Compliance Statement

  • Data Controller: TCG-AKIBA, Tokyo, Japan
  • EU Representative: [To be appointed if required based on processing volume]
  • Legal Basis for Processing: Articles 6(1)(a), (b), (c), (f) as specified throughout this policy
  • Data Protection Officer: Contact information in Section 13.2
  • Data Transfers: Standard Contractual Clauses and appropriate safeguards

14.3 CCPA/CPRA Compliance Statement

  • Business Name: TCG-AKIBA
  • Categories of Personal Information: As specified in Section 1
  • Sources: As specified in Section 1.3
  • Business Purposes: As specified in Section 2
  • Sale of Personal Information: We do not sell personal information
  • Sharing for Cross-Context Behavioral Advertising: We do not share for this purpose

15. INTELLECTUAL PROPERTY PROTECTION

Copyright Notice: This Privacy Policy and all content are protected by copyright and owned by TCG-AKIBA.

Prohibited Actions:

  • Copying or reproducing this policy for competitive purposes
  • Using our privacy framework for competing businesses
  • Distributing modified versions without permission

Permitted Use:

You may reference this policy for compliance with our business relationship.

16. ACKNOWLEDGMENT AND CONSENT

By engaging with TCG-AKIBA, you acknowledge that:

  • You have read and understood this Privacy Policy in its entirety
  • You consent to the collection, use, and sharing of information as described
  • You understand your rights and how to exercise them
  • You agree to international data transfers with appropriate safeguards
  • You will promptly notify us of any changes to your contact information

QUICK REFERENCE GUIDE

Contact Us: contact@tcg-akiba.com

Exercise Your Rights: contact@tcg-akiba.com (specify request type in subject)

Opt-Out of Marketing: Click “unsubscribe” in emails or email contact@tcg-akiba.com

Report Security Issues: security@tcg-akiba.com (urgent)

Data Protection Officer: dpo@tcg-akiba.com (GDPR matters)

Response Times: 5 days acknowledgment; 30-90 days substantive response

Data Retention: 7-10 years for transaction records; varies by category

International Transfers: Japan ↔ USA, EU, and other jurisdictions with safeguards

Document Version: 1.0

Effective Date: November 15, 2025

Last Reviewed: November 15, 2025

Next Scheduled Review: November 15, 2026

© 2025 TCG-AKIBA. All Rights Reserved.

This Privacy Policy is protected by copyright. Unauthorized reproduction, copying, or use by competitors or third parties is strictly prohibited and will result in legal action.

PAGE TOP