Skip to content

Privacy Policy

Last Update : May 25th 2018 (GDPR Compliancy Update)

Who we are

We are committed to maintain the trust and confidence of our visitors to our webshop. In particular, we want you to know that Ninoma is not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes. It doesn't sound right. In this Privacy Policy, we’ve provided lots of detailed information on when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure.

GDPR Compliancy and Privacy Policy in a nutshell

On May 26th, the European Union new framework that sets guidelines on collection and processing of personal information of individuals within the EU has landed. And it is a major improvement for your private information protection, both online and offline.

Wait, I'm an individual living within the EU. And you’re a Japanese shop. So why would you even bother about the GDPR? We simply believe that the GDPR is setting a new model on how companies and organisations should manage their customers or visitors data in a safe and responsible way. Therefore everyone should benefit from it. 

What are those benefits, in few words? - Real Transparency on what data we get from you and what we do with it, including with third-party services.

- The ability for you to “be forgotten” : all your personal data that we may have retain online, either on or through our partners listed below can be deleted at your request. Be aware that in regard of Japanese Law, we have to keep records of orders and transactions for 7 years, including the personal data used to process those past transactions. But we’ll do that offline in the case you want to delete your online presence.

- Data Portability : we can send an easy-to-consult report on the personal data we retain from you.

Types of data we collect to process the service

The service flow is simple : you pay for one or several items to be delivered at an eligible shipping address. The data we need to collect is bound to this task.

First Name, Last Name, E-Mail address, IP Address, Connection to Ninoma History, profile creation date, favourite shipping and billing addresses, phone number, fax number, amount spent on purchases, Wishlist content, Order History, shopping cart content, rewards point data, language used while browsing the website.

We also gather payment details in order to verify transaction eligibility. Data we collect vary along the payment gateway you chose. Please refer to the Partners paragraph below for more details.

Website Cookies

What are cookies?

Like most websites, Ninoma use cookies to collect information. Cookies are small data files which are placed on your terminals as you browse this website. They are used to remember when your terminals accesses our websites. Cookies are essential for the effective operation of our websites and to help you shop with us online. They are also used to tailor the products and services offered and advertised to you, both on our websites and elsewhere.

Information collected

Some cookies collect information about browsing and purchasing behaviour when you access this website via the same computer or device. This includes information about pages viewed, products purchased and your journey around a website. We do not use cookies to collect or record information on your name, address or other contact details. Ninoma can use cookies to monitor your browsing and purchasing behaviour if you have explicitly consent to.

How are cookies managed?

The cookies stored on your computer or other device when you access our websites are designed by third parties who participate with us in marketing programmes (Google Analytics). Please refer to the Third Party Data Politics chapter below for details on how we manage of data sent towards third-party services.

What are cookies used for?

The main purposes for which cookies are used are:
1. For technical purposes essential to effective operation of our websites, particularly in relation to online transactions and site navigation.
2. To enable us to collect information about your browsing and shopping patterns, including to monitor the success of campaigns, social interaction etc. This use is subject to your consent. Won’t collect any data for marketing scope until you give your consent through our cookie manager panel.

How do I disable cookies?

If you want to disable cookies you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use. You’re getting some troubles finding out how to do so? Let us know by email, we’ll give you a hand.But be aware that disabling all cookies might result in our inability to deliver the service properly. This is why we let you choose which kind of cookies to disable or not.


Here is the full list of partners (or third-parties) which with we interact either as a data controller or processor. This means we can either collect, process or send part of your personal data in order to run our service. We can sort those services in the five following categories :

- Payment Services

- Hosting Service

- E-Mailing Service

- Marketing Service

- Communication Service

We can not fulfil our service if you do not consent your data to be used within the Payment, Hosting and E-Mailing (except for the Newsletter subscription) services.

Data sharing within scope of Marketing, Newsletter and Communication services are subject to your full consent before we can start it.

Here is an infography that sums up how we interact with our partners regarding your personal data processing. You can find more details for each partner in the section below.


Amazon Web Services (through Mgt-Commerce GmbH)

Our own data processor in regards of cloud files hosting. Worded differently, this is the service we use to store your data when you register into the shop or place an order.

GDPR Compliant : Yes

Privacy Policy :

AWS & EU Data Protection Directive:


Payment processor. In regards of privacy, the solution we would definitely recommend since they have been extremely transparent and anticipated new standards years before the actual application of GPDR. And they are quite great at managing your payments, securing your transactional data! We do not store any information related to banking activity on our end and entrust Stripe on this part.

GDPR Compliant : Yes

Privacy Policy :


Payment processor. Paypal has recently updated its privacy policy to match GPDR requirements as well their third-party partner list. From your point of view, using Paypal let you purchase on our shop without disclosing any banking or credit card details to us.

GDPR Compliant : Yes

Privacy Policy : (Link)

Third-Parties List : (Link)


Our partner for transactional email processing. As soon as you register, process an order, enlist to our back-in-stock alert and so on, we’ll send you a message which is delivered par SendGrid. This lets us increase the chance that our communication won’t be considered as a spam by your own mail provider and keep track of our transactional mail stats.

GDPR Compliant : Yes

Privacy Policies :


As part of the registration process for our newsletter, we collect personal information, as your email address. We use MailChimp to forward the said newsletters until you decide to unsubscribe. We also gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our content and avoid being considered as the typical clickbait stuff that instantly falls into your spambox. For more information, please see MailChimp’s privacy notice. You can unsubscribe to the maillist at any time by clicking the unsubscribe link at the bottom of any of our newsletter or by emailing us.

GDPR Compliant : Yes

Privacy Policy :

Google Analytics

When someone visits Ninoma, we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site, which part of the world our customer comes from, which pages are the most popular and which website you came from. This information is only processed in a way which does not identify anyone (aka anonymization). We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

GDPR Compliant : Yes

Privacy Policies :

Facebook, Twitter, Reddit

We are active on few social networks which we use to advertise, share our own or third-party contents and respond to any enquiry you may have.

At your request, we can delete our past communications with you or content you own we may have shared after having followed the network policy on content sharing. Although, we can not delete the comments, shared post, reactions or other interaction you might have generated on our own content. You should contact the social network customer service in order to do-so.

GDPR Compliant : Yes

Facebook Privacy Policy :

Twitter Privacy Policy :

Reddit Privacy Policy :


We advertise on MyFigureCollection in order to keep you informed of our stock status on individual figure entry page as well through banners linking to our website. MFC does not share any user personal data which is not already available publicly.

We also have an active shop profile which we use as a regular SNS account. Please refer to the above section regarding this matter.

GDRP Compliant : while MFC is a community-run website, it might not have to comply with the GDRP as a regular enterprise, company or public organisation would. But as stated in the above paragraph, MFC does not share private user data, let us the option to delete any private communication (MP) we might have experienced with you and let you choose if the personal data you input into their database is public or private. Overall, it is a privacy-friendly area.

Access to your personal information

You are entitled to view, amend, forward to another data processor or delete the personal information that we hold. Please contact us using the contact form to make a request.

We are required by the Japan Law to keep sales and transaction data for 7 straight years, including customer personal informations such as addresses, names… Nevertheless in the case you send us a deletion request, we’ll proceed to transfer those data offline in order to both comply to the GDPR requirement on the online part and abide by our local law.

We’ll also work with our partners in order to delete any data entry related to your use of our service. Please see the section above for more details.

Changes to this Privacy Notice

Any change to this Privacy Policy setting will be notified to all registered customers by email, as well as being the subject of a publication on our social network profiles.

Welcome Newcomer