Who we are

Our website address is https://kinpatsucosplay.com/.

How to request data removal from our website

In order to request that your data be removed from the website please fill out the form below with all the requested information. We will then respond with a confirmation request which the user will need to respond to in order to confirm the deletion. Following confirmation, the user’s information will be removed from the website. Order-related information will be retained following the deletion of user data. Please allow for up to 14 days for the deletion process to be completed as this is a manual process.

What personal data we collect and why we collect it

Social Media Log in (Facebook, Google or Twitter)

Data Used: If a customer chooses to use the social media log-in feature, some data will be accessed from their social media account and stored on our server. The data will include first and last names as indicated on the social media platform (or a username in the case that is provided by the platform), the primary email address associated to the account (which will be used as your account email address on KinpatsuCosplay.com), an access token which links your KinpatsuCosplay.com account to your social media account as well as an avatar which will be used to personalize your account rather than the default user avatar. Social Media log-in on KinpatsuCosplay.com may also collect and store publically available information from the website, only as needed in order to create your account on our website and facilitate convenient log-in using your social media account. In the event that comments or reviews are left on our website, your avatar and first and last names may be posted alongside your review or comment on the website.

WordPress.com Stats

Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature. Activity Tracked: Post and page views, video plays (if videos are hosted by WordPress.com), outbound link clicks, referring URLs, search engine terms, and country. When this module is enabled, Jetpack also tracks performance on each page load that includes the Javascript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code are not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, Javascript files, CSS files, etc.). The site owner has the ability to force this feature to honor the DNT settings of visitors. By default, DNT is currently not honored.

Contact Form

Data Used: If Akismet is enabled on the site, the contact form submission data — IP address, user agent, name, email address, website, and message — is submitted to the Akismet service (owned by Automattic) for the sole purpose of spam checking. The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the owner of the form (i.e. the site author who published the page on which the contact form resides). This email will include the submitter’s IP address, timestamp, name, email address, and message. Data Synced (?): Post and post metadata associated with a user’s contact form submission. If Akismet is enabled on the site, the IP address and user agent originally submitted with the comment are synced, as well, as they are stored in post meta.

Google Analytics

Data Used: Please refer to the appropriate Google Analytics documentation for the specific type of data it collects. For sites running WooCommerce (owned by Automattic) and this feature simultaneously and having all purchase tracking explicitly enabled, purchase events will send Google Analytics the following information: order number, product id and name, product category, total cost, and quantity of items purchased. Google Analytics does offer IP anonymization, which has been enabled by the site owner. Activity Tracked: This feature sends page view events (and potentially video play events) over to Google Analytics for consumption. For sites running WooCommerce-powered stores, some additional events are also sent to Google Analytics: shopping cart additions and removals, product listing views and clicks, product detail views, and purchases. Tracking for each specific WooCommerce event needs to be enabled by the site owner.

Google reCaptcha

Google ReCaptcha is used on logins and contact forms in order to prevent malicious bots from making attempts to gain access to the website and also in order to prevent the website-associated email addresses from being flooded by spam. Some information may be sent to Google in order to verify users via this system.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Payments

We accept payments through PayPal and Stripe. When processing payments, some of your data will be passed to the payment processor of your choice, including information required to process or support the payment, such as the purchase total and billing information.

Who we share your data with

Amazon Cloudfront

Amazon Cloudfront provides CDN services to improve the user experience on this website. URLs accessed as well as IPs accessed from and time of access will be stored on their servers temporarily.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. We will retain contact form entries for a period of six months, analytics records for a period of one year, and customer purchase records for a period of ten years. For users that register on our website, we also store the personal information they provide in their user profile (if any). All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. This information will be retained indefinitely.

What rights you have over your data

If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

We also may send anonymized usage data to Google for analytics purposes to improve our website’s functioning.

Your contact information

Contact information will be retained for registered users and used in order to facilitate purchases on the website as well as for contacting newsletter subscribers via email. Your information may be given to third-party vendors or service providers (ex. postal services) in order to facilitate the successful completion of product purchases. We will never sell your contact information or use it inappropriately.

Additional information

How we protect your data

This website has an automated firewall as well as automated malicious bot protection in order to prevent data breaches. It also uses Google reCAPTCHA in order to prevent malicious bots from attempting to gain access. We do our best to keep up to date with security vulnerabilities relating to software used on our site and keep security up to date in order to prevent breaches.

We also have set up our website in such a way that we do not store your payment details on our site at all. Stripe has the ability to recall your payment information, but it is stored securely on Stripe’s servers if the user opts into using the feature.

What data breach procedures we have in place

In the event of a data breach, all users will be contacted and informed of the breach such that they can take precautions to protect their data and all passwords on site will need to be changed on a per user basis You can contact this website’s administrators at info@kinpatsucosplay.com for further information or inquiries.