Last Updated: February 12, 2026

 

TENGA Co., Ltd and all its subsidiaries (“the Company”, “we”, “our”, “us”) are committed to protecting your personal data and privacy. This Privacy Policy explains how we collect, use, disclose, process, and safeguard personal data when you interact with our websites, products, services, and business operations.

 

This Policy is designed to meet the requirements of:

 

・European Union General Data Protection Regulation (EU GDPR)

・United Kingdom General Data Protection Regulation (UK GDPR)

・California Consumer Privacy Act (CCPA), as amended by the CPRA (California Privacy Rights Act)

・Singapore’s Personal Data Protection Act 2012 (PDPA)

 

If any jurisdiction’s laws provide stronger protections than this Policy, those laws will apply.

 

1. Definitions
    

   ・Personal Data / Personal Information (PI): Any data that identifies, relates to, or can reasonably be linked to an individual. 

   ・Processing: Any operation performed on personal data, including collection, storage, use, disclosure, and deletion. 

   ・Data Subject / Consumer: An identifiable individual whose personal data is processed. 

   ・Sensitive Personal Information (CPRA): Includes ID numbers, precise geolocation, racial/ethnic origin, sexual orientation, health information, etc.
   
   2. Categories of Personal Data We Collect

 

Depending on your interaction with us, we may collect the following categories of personal data:

A. Identification & Contact Information

・Name, postal address, email address, phone number

 

・Gender, date of birth (where required)

 

B. Commercial & Transaction Data

・Purchase history, order details, payment identifiers (payments are handled by secure third parties)

 

C. Technical & Website Data

・IP address, device identifiers, browser type

 

・Cookies, log files, analytics data, usage information

 

D. User-Generated & Communication Data

・Customer support requests

 

・Feedback, reviews, inquiry forms, or communication records

 

E. Sensitive Personal Information (only where legally allowed and strictly necessary)

We do not intentionally collect sensitive information unless required for specific operations and performed only with explicit consent where required.

F. CPRA-Required Disclosure

In the past 12 months, we have collected identifiers, commercial information, internet activity data, and geolocation (approximate) for website analytics.

We do not sell or share personal information for cross-context behavioural advertising.

 

3. How We Collect Personal Data

・Directly from you (online forms, purchases, support inquiries)

 

・Automatically via cookies and analytics tools

 

・From third-party service providers (payment processors, logistics providers)

 

・From our subsidiaries or related companies

 

 

4. Legal Basis for Processing (EU/UK GDPR)

 

We process personal data on one or more of the following bases:

 

・Contractual necessity – to provide products or services you requested

 

・Legitimate interests – e.g., fraud prevention, analytics, service improvement

 

・Consent – e.g., marketing communications, optional cookies

 

・Legal obligation – tax, regulatory, compliance requirements

 

 

5. Purposes of Collecting and Using Personal Data

 

We use personal data for the following purposes:

 

・To process orders, payments, deliveries, and customer support

 

・To operate and improve our website, products, and services

 

・To manage customer relationships, accounts, and warranties

 

・To respond to enquiries and provide after-sales support

 

・To conduct internal analytics, research, and service improvement

 

・To send marketing communications only with valid consent

 

・To comply with financial reporting, legal obligations, and audits

 

・To prevent fraud, security breaches, or prohibited activities

 

・For any other purpose for which we notified you and obtained consent when required

 

 

6. Disclosure of Personal Data to Third Parties

 

We may disclose personal data to:

 

・IT, cloud hosting, payment, and logistics service providers

 

・Professional advisers (lawyers, accountants, auditors)

 

・Government regulators and authorities as required by law

 

All third parties are required to protect your personal data and process it only for specified purposes.

 

7. International Data Transfers

 

We may transfer personal data to jurisdictions outside Singapore, the EU/EEA, or the UK.

We ensure appropriate safeguards, including:

 

・Standard Contractual Clauses (SCCs)

 

・Equivalent PDPA-comparable protection measures

 

・Data Processing Agreements with third parties

 

You may request details of these safeguards by contacting our Data Protection Officer.

 

8. Data Protection & Security

 

We implement reasonable administrative, technical, and physical safeguards, including:

 

・Encrypted data transmission

 

・Access-controlled systems

 

・Secure servers and firewalls

 

・Regular monitoring and staff training

 

・Internal policies and data minimisation practices

 

However, no method of transmission is 100% secure, and we cannot guarantee absolute protection.

 

9. Data Retention

 

We retain personal data only as long as necessary for:

 

・Fulfilling the purpose for which it was collected

 

・Legal, regulatory, or audit requirements

 

・Defending legal claims

 

After retention periods expire, data is securely deleted or anonymised.

 

10. Individual Rights

A. Under EU/UK GDPR

 

You have the right to:

 

・Access your data (Art. 15)

 

・Rectification (Art. 16)

 

・Erasure (“Right to be Forgotten,” Art. 17)

 

・Restriction of processing (Art. 18)

 

・Data portability (Art. 20)

 

・Object to processing (Art. 21)

 

・Withdraw consent at any time

 

・Lodge a complaint with your local supervisory authority

B. Under PDPA (Singapore)

 

You have the right to:

 

・Access your personal data

 

・Request correction of inaccurate data

 

Withdraw consent (may affect service availability)

C. Under California CPRA

 

California residents have the right to:

 

・Know what categories of personal information are collected

 

・Access specific pieces of personal information

 

・Request deletion

 

・Request correction

 

・Opt out of the sale or sharing of personal information

 

・Restrict use of sensitive personal information

 

・Not be discriminated against for exercising privacy rights

 

We do not sell or share your personal information under CPRA definitions.

Requests may be made via our DPO contact (Section 14).

 

11. Cookies & Tracking Technologies

 

We use cookies and similar technologies to:

 

・Enable website functionality

 

・Analyse browsing behaviour

 

・Personalise content

 

・Improve services

 

 

You may disable cookies in your browser settings. Some features may not function properly if cookies are disabled.

 

A separate Cookie Policy can be provided upon request.

 

12. Children’s Privacy

 

Our services are not directed to individuals under:

 

・18 years (GDPR)

 

・18 years (CPRA unless parental consent is obtained)

 

We do not knowingly collect children’s personal data.

 

13. Automated Decision-Making

 

We do not conduct automated decision-making that produces significant legal or similar effects without human involvement.

If such processing is introduced, we will notify you and ensure legal compliance.

 

14. Contact: Data Protection Officer (DPO)

 

For enquiries, access/correction requests, or rights exercises:

Data Protection Officer
Ekaterina Ishiyama
Email: global_legal@tenga.co.jp
Address: Harumi Triton Square Z 11F, 1-8-12 Harumi, Chuo-ku,

                Tokyo 104-0053, Japan
Phone: (+81) 0120072138

We may request information to verify your identity before responding.

 

15. Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time. Updates will be posted on our website with an updated effective date.

Continued use of our services after updates constitutes acceptance of the revised Policy.