1. Introduction

Nihontowatch ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website and services (collectively, the "Service").

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

1.1 Data Controller

Nihontowatch is the data controller responsible for your personal data.

Contact:
Email: privacy@nihontowatch.com

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide to us:

• Account Registration: Email address, display name (optional)
• Profile Information: Avatar, preferences (currency, theme, notification settings)
• Saved Searches: Search criteria, filters, alert preferences
• Favorites: Listings you save to your favorites
• Payment Information: When you subscribe, payment details are processed securely by Stripe. We store only a reference ID, not your payment card details.
• Communications: When you contact us, we collect the content of your messages

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information with your consent:

• Device Information: Screen dimensions, device type, operating system, browser type, language preferences
• Usage Data: Pages visited, search queries, listings viewed, time spent on pages, clicks on external dealer links
• Session Data: Session identifiers, session duration, page view counts
• Visitor ID: A unique identifier stored in your browser (with your consent) to help us understand usage patterns
• IP Address: Your IP address may be logged in server access logs for security and fraud prevention

Note: You can manage your data collection preferences through our Cookie Preferences.

2.3 Information from Third Parties

• Payment Processor: Stripe provides us with transaction status and subscription information (not your card details)
• Authentication: Supabase provides authentication services and may share basic profile information

3. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

3.1 Consent (Article 6(1)(a))

• Analytics and usage tracking
• Marketing communications (if you opt in)
• Non-essential cookies and similar technologies

You can withdraw consent at any time through your account settings or our cookie preferences.

3.2 Contract Performance (Article 6(1)(b))

• Account creation and management
• Providing the Service features you request
• Processing subscriptions and payments
• Sending service-related notifications

3.3 Legitimate Interests (Article 6(1)(f))

• Security and fraud prevention
• Service improvement and development
• Responding to legal requests
• Business analytics (aggregated, anonymized data)

3.4 Legal Obligation (Article 6(1)(c))

• Tax and accounting records
• Compliance with legal requirements

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Create and manage your account
• Process transactions and send related information
• Send notifications about saved searches, price drops, and alerts
• Personalize your experience (currency, theme, preferences)
• Analyze usage patterns to improve the Service
• Detect, prevent, and address fraud and security issues
• Respond to your inquiries and provide customer support
• Comply with legal obligations

5. Information Sharing

We do not sell your personal data. We share your information only in the following circumstances:

5.1 Third-Party Service Providers

We share data with service providers who assist in operating our Service:

All providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests.

5.3 Business Transfers

In connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use EU-approved SCCs for transfers to countries without an adequacy decision
• Data Processing Agreements: All processors are contractually bound to protect your data

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described:

8. Your Rights Under GDPR

If you are in the European Economic Area (EEA), United Kingdom, or a jurisdiction with similar data protection laws, you have the following rights:

8.1 Right to Access

You can request a copy of your personal data. Use the "Export My Data" feature in your account settings, or contact us at privacy@nihontowatch.com.

8.2 Right to Rectification

You can correct inaccurate personal data through your account settings or by contacting us.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. Use the "Delete Account" feature in your account settings. Some data may be retained as required by law.

8.4 Right to Restrict Processing

You can request that we limit how we use your data while we verify accuracy or address your concerns.

8.5 Right to Data Portability

You can receive your data in a structured, machine-readable format (JSON) and transfer it to another service.

8.6 Right to Object

You can object to processing based on legitimate interests. For analytics, use our cookie preferences. For marketing, use the unsubscribe link in any email.

8.7 Right to Withdraw Consent

You can withdraw consent at any time without affecting the lawfulness of prior processing. Manage consent through your account settings or our cookie banner.

8.8 Right to Lodge a Complaint

You have the right to file a complaint with a supervisory authority. Contact details for EU data protection authorities are available at: https://edpb.europa.eu

9. Cookie Policy Summary

We use cookies and similar technologies to provide and improve our Service. For detailed information, see our Cookie Policy.

We use the following categories of cookies:

• Essential: Required for the Service to function (authentication, security)
• Functional: Remember your preferences (theme, currency)
• Analytics: Help us understand how the Service is used

You can manage your cookie preferences at any time through the "Cookie Preferences" link in the footer of any page.

10. Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of sensitive data at rest
• Regular security assessments
• Access controls and authentication
• Employee training on data protection

While we take reasonable precautions, no security measure is perfect. If you believe your account has been compromised, please contact us immediately.

11. Children's Privacy

Our Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending an email notification (for material changes affecting your rights)

We encourage you to review this page periodically to stay informed about our data practices.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Nihontowatch - Privacy
Email: privacy@nihontowatch.com

We aim to respond to all requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.