Privacy policy

AMIKYO (網響) Privacy Policy

Controller: DrippieLAND Inc. (merchant of record for AMIKYO (網響))
Effective date: 14 August 2025
Contact (privacy): studio@amikyo.com (subject: “Privacy Request”)
Brands covered: AMIKYO (網響) and related storefronts operated by DrippieLAND Inc.

1) Scope & who we are

This Policy explains how we collect, use, share, and protect personal information when you browse our sites, place orders, contact support, or engage with our marketing. Unless we say otherwise, DrippieLAND Inc. is the data controller for AMIKYO (網響).

If you shop from the EU/EEA, UK or Switzerland, this Policy applies in addition to your local mandatory rights.

2) What we collect

Device data. Browser, IP address, time zone, cookie identifiers, pages viewed, clicks, referring/exit pages, approximate location (city/region).
Order & account data. Name, email, phone, billing and shipping addresses, purchased items, order notes, support history, fraud-screen signals (e.g., mismatched address).
Payment data. We receive payment tokens/status from processors; we do not store full card numbers.
Marketing & communications. Your channel consents (email/SMS/WhatsApp/push), preferences, campaign interactions.
User content. Reviews, photos you tag us in, messages sent to support.
We do not intentionally collect special-category data (e.g., health, religion). If you send such data in free‑text, we will delete or minimize it.

3) Why we use your data (purposes & legal bases)

Fulfilling orders & customer service. To process payments, ship, handle returns, and support you (contract). EUR-Lex
Compliance. To keep tax and transaction records and meet legal obligations (legal obligation). EUR-Lex
Fraud prevention & security. To protect accounts, our services, and other users (legitimate interests with balancing test). EUR-Lex
Analytics & site performance. To understand usage and improve the experience (consent in the EU/UK for non‑essential cookies; legitimate interests elsewhere as permitted). EUR-Lex
Marketing. To send you offers/updates when you opt‑in (email, SMS, WhatsApp, push) (consent; you can withdraw anytime). EUR-Lex

4) Cookies & tracking

We use essential cookies (checkout, security) and non‑essential cookies (analytics, personalization, marketing). In the EU/UK/CH we ask for consent for non‑essential cookies; you can change choices via the cookie banner or browser settings. See our Cookie Notice for details (lifetimes, vendors).

Do Not Track (DNT): browsers send DNT in inconsistent ways, so we don’t respond to it today.
Global Privacy Control (GPC) & Universal Opt‑Out: where required, we honor browser‑level “do not sell/share or target” signals such as GPC and other recognized Universal Opt‑Out MechanismsCalifornia DOJColorado Attorney GeneralDuane Morris

5) When we share data (and with whom)

We share personal data with service providers under contract who must follow our instructions:

  • Store & checkout platform: e.g., Shopify (hosting, checkout, payments). See their privacy notices. Shopify+1
  • Payments & fraud screening: payment processors, 3‑D Secure/SCA providers, anti‑fraud tools.
  • Fulfilment & logistics: warehouses, shipping integrators, last‑mile carriers (e.g., national posts, DHL/UPS/DPD).
  • Marketing & analytics: email/SMS/WhatsApp/push platforms, analytics and A/B testing tools (with consent where required).
  • Professional advisors & legal: auditors, accountants, law firms, regulators (if legally required).

We do not sell your personal information for money. In some regions (e.g., California), “share” can include using identifiers for cross‑context behavioral advertising; you can opt out in our Privacy Center and via GPC signals. California DOJ

6) International transfers

We and our providers may process data outside your country (e.g., U.S. and other jurisdictions). For EEA/UK/CH users, when data leaves your region we rely on appropriate safeguards:

  • EU Standard Contractual Clauses (2021/914) for transfers under GDPR. EUR-LexEuropean Commission
  • UK IDTA or the UK Addendum to the EU SCCs for UK GDPR transfers. ICO+1

We also apply supplementary measures and risk assessments where relevant (e.g., “Schrems II” considerations).

7) Retention

We keep data only as long as needed for the purpose or as required by law:

  • Orders & tax records: typically 5–10 years (jurisdiction‑dependent).
  • Customer support: 3 years after last interaction (for dispute defense).
  • Marketing: until you withdraw consent or after defined inactivity (we rotate suppression lists to honor opt‑outs).
  • Cookies: per cookie lifetime (see Cookie Notice).

8) Your choices & rights

Global controls

  • Opt‑out of sale/sharing/targeted ads: use our Privacy Center links or send a GPC/recognized universal opt‑out signal from your browser. California DOJColorado Attorney General
  • Marketing: unsubscribe links in every message or email us.

EU/EEA & UK (GDPR/UK GDPR)

You can accesscorrectdeleterestrictport, or object to certain processing; you can also withdraw consent at any time (it won’t affect past lawful processing). Legal bases per GDPR Art. 6. You may lodge a complaint with your local data protection authority. EUR-Lex

United States (state privacy laws incl. CA/CO/CT/VA, etc.)

Depending on your state, you may have rights to know/accessdeletecorrectopt‑out of sale/sharing/targeted advertising, limit sensitive PI, and appeal a denial. We recognize GPC and other Attorney‑General‑recognized universal signals (e.g., Colorado). California DOJDuane Morris

Canada, Australia and others

You may have rights to access/correct and to raise complaints with your local privacy authority. We respond to all rights requests consistently with applicable law.

How to exercise your rights. Email studio@frkm-scd.com with your request and the region you’re in. We may ask for reasonable verification. We won’t discriminate against you for exercising privacy rights.

9) Children

Our services are not directed to children under 13. We do not knowingly collect personal data from children under 13; if we learn it happened, we’ll delete it and, if appropriate, disable the account. Parents/guardians can contact us to review/delete a child’s data. (COPPA). Federal Trade Commission+1
EU/UK: where consent is the lawful basis for online services, local age‑of‑consent rules (13–16) may apply; we obtain verifiable parental consent if required.

10) Security

We use industry‑standard safeguards: TLS in transit, encryption at rest where supported, access controls, least‑privilege staff access, and vendor due diligence (including DPAs and security reviews). No online service is 100% secure; if we detect a breach affecting you, we will notify you and regulators as the law requires.

11) Shopify, payments & analytics specifics

  • Shopify powers elements of our storefront and checkout; see Shopify’s Privacy Policy for their processing and retention practices. Shopify+1
  • Payments are processed by third‑party processors (e.g., Shopify Payments and/or other PCI‑compliant providers). They receive payment information directly; we receive only tokens/status.
  • Analytics/ads tools operate per your cookie/consent selections; you can change choices in the cookie banner and opt out of sale/sharing/targeted ads via the Privacy Center or GPC.

12) EU/UK representatives (if required)

If we do not have an establishment in the EU or UK but target those markets, we will appoint written EU and UK representatives for GDPR/UK GDPR Article 27. Contact details will appear here once appointed. GDPR

13) International users & complaints

For EEA/UK/CH users with unresolved concerns, you can contact your local data protection authority (e.g., CNIL, ICO, etc.). We will cooperate with regulators and follow guidance.

14) Changes to this Policy

We may update this Policy to reflect changes in our practices or legal requirements. Material changes will be announced ahead of time (site notice and/or email). We will date‑stamp each version and keep prior versions available on request.