Privacy Policy
Policies Relating to Privacy
IKEA Japan K.K. (the "Company") treats the personal information collected from its customers ("Personal Information") as a valuable asset and uses it in an appropriate manner to provide better products and services, with the aim of achieving its vision of "creating a better everyday life for the many people" through its high-quality, low-cost home furnishing business. Based on the above statement, the Company has set forth this Privacy Policy as a policy for dealing with matters relating to Personal Information.
Handling Customers' Personal Information
1. Purpose of Use of Personal Information
In order to provide customers with a comfortable and efficient service, the Company shall use the Personal Information it gathers for the following purposes:
(1) to verify a customer's identity when they are purchasing, reserving, returning, or exchanging a product;
(2) to process registrations with and withdrawals from the Company's various membership services;
(3) to inform customers when a product is in stock;
(4) to handle billing, deliveries, product installations, the purchasing or claiming of furniture, and after-sales services;
(5) to issue IKEA Digital Gift Cards and IKEA Digital Return Cards;
(6) to detect, prevent and mitigate fraudulent or illegal activities;
(7) to communicate with external delivery companies in the event that a customer has entrusted delivery to an external company;
(8) to communicate with external companies if, upon customer request, a specialist external company is entrusted by the Company to provide furniture assembly or construction services;
(9) to prepare product warranties;
(10) to inform customers of recall information, safety notices, lost property, etc.;
(11) to reply to any contacts, requests or questions received by the Company's customer service or customer support centres;
(12) to conduct surveys;
(13) to register customers in prize competitions and notify them of winnings;
(14) to provide product information in the form of advertisements, etc., via documentation, email, or external advertisement distributors *
(15) to notify customers of sales, contests, and other events, or to invite them to such events *
(16) to verify customer identity when applying for, or ordering by phone, various planning services;
(17) to verify a customer's identity at the time of application for babysitting service;
(18) to manage and improve the Rewards from IKEA Family, including calculating points for purchases and interactions, adjusting points for returns, sending customers necessary communication regarding their points, and evaluating user preferences and website design;
(19) to provide additional services related to any of the previous items;
(20) to generate statistical documentation regarding product purchases, etc.;
(21) to analyse information gathered on browsing history, purchase history, etc., for use in new product or service advertisements tailored to customer interests and preferences;
(22) to review and improve our products and services;
(23) to analyse and improve our products and services using AI technology.
*Only when desired by the customer (if the customer has requested that such communication be ceased, communication being prepared at the time of such a request may still be sent out).
2. Collection Methods
The main methods the Company employs to gather Personal Information are as follows:
(1) Obtained verbally (including audio recordings *) or in writing when a product is purchased, returned, exchanged, delivered, or during after-sales services;
(2) provided by the customer through electronic means, such as via a Company website or app;
(3) obtained during enquiries via phone, email, web chat, online meeting systems, fax, or social media, as required.
*Please note that all inbound and outbound calls to and from our customer support centre are recorded.
3. Use and Management of Personal Information
(1) In order to provide its customers with the best possible service, the Company shall collect customers' Personal Information and, pursuant to the relevant laws and ordinances, shall use it as necessary for the purposes set forth in Article 1.
(2) If a customer provides the Company with information for a specific service that does not match the Personal Information previously obtained by the Company from said customer, the most recently provided information shall be considered the most up-to-date, and the customer's Personal Information with respect to said service shall be updated accordingly.
4. Security Control Measures
The Company shall appoint someone to manage customers' Personal Information, and shall manage such information internally in a proper manner, in accordance with relevant legislation. Moreover, the Company shall put in place the following appropriate security control measures with respect to any foreseeable risks relating to Personal Information:
(1) Formulate a basic policy
A basic policy (corresponds to this Privacy Policy) shall be formulated so the organisation can ensure proper handling of Personal Information.
(2) Put in place rules that govern the handling of Personal Information
Rules shall be formulated for the handling of Personal Information that cover handling methods, the people responsible for said handling, and their duties, for each stage of the process, including the collection, use, storage, provision, deletion, and disposal of Personal Information.
(3) Technological and physical security control measures
• Managing access to Personal Information via restrictions on access rights (including immediately deactivating the accounts of transferred or retired employees), system access controls, storing activity logs, periodically changing passwords, locking accounts when suspicious activity is detected, room access management, etc.
• Placing restrictions on Personal Information being taken outside the Company through measures such as encryption technology, prohibiting unnecessary external storage media, email security measures, and internal regulations.
• Establishing firewalls and other measures to prevent unauthorised external access.
• Establishing endpoint security to prevent the infiltration of viruses and other harmful code.
• Installing security patches and running scans of settings to reduce the number of threats resulting from insecure software.
(4) Organisational security control measures
• Appointing a "Personal Information responsible" to take charge of the management of Personal Information, and clearly stipulating the responsibilities and access rights of employees who handle personal data.
• Controlling system access based on employees' work responsibilities.
• Establishing a system for employees to report to the person in charge when they become aware of a situation that constitutes a legal violation, or suspect that a legal violation may have taken place, in addition to the monitoring of employees (including temporary employees).
• Providing internal rules and manuals on security management and carrying out monitoring to ensure that employees properly comply with said rules.
(5) Personnel security control measures
Providing employees with regular education and training on Personal Information security management.
(6) Understanding overseas environments
Implementing security control measures based on an understanding of Personal Information protection systems in foreign countries where Personal Information is stored.
5. Provision to Third Parties
The Company shall not provide customers' Personal Information to third parties, except in the following cases:
(1) If the customer gives their consent;
(2) If required by legislation;
(3) If required in order to protect a person's life, body, or assets, and the customer's consent cannot be easily acquired;
(4) If cooperation is required in order for a public institution, or an entrusted third party, to fulfil a legal obligation and there is a risk that obtaining the individual's consent may jeopardise the fulfilment of said obligation;
(5) If a third party that has signed a non-disclosure agreement is entrusted with work that involves the handling of customers' Personal Information;
(6) If needed in order to verify payments, detect and prevent unauthorized card use (disclosure of information such as name, phone number, billing address, shipping address, IP address and device information).
6. Entrustment of Operations
The Company may provide customers' Personal Information to third parties that have been entrusted with operations that the Company deems mission critical, such as product delivery, product assembly/installation/setup, management and analysis of product purchasing records, etc. and marketing operations, etc.
When entrusting operations, it shall be ensured that the entrusted party has the correct security control measures in place as set forth by legislation, a work entrustment contract shall be agreed with the entrusted party, and the Company shall be aware of how Personal Information is being handled by the entrusted party.
7. Transferring Outside Japan
The Company is part of a global business group with group companies and service providers operating all over the world, particularly in the European Economic Area.
Customers' Personal Information may be provided to third-party group companies or service providers located outside Japan in the following cases:
(1) If the third party in question is subject to equivalent to personal data protection laws as Japan, and is located in a country or region designated by Japan's Personal Information Protection Commission;
(2) If the necessary systems have been put in place to maintain measures that are equivalent to measures required by parties who handle Personal Information within Japan in accordance with Japan's Act on the Protection of Personal Information.
The Company and other group companies shall establish and apply rules relating to information security and Personal Information protection that are shared across the whole group. Moreover, the Company and other group companies shall set forth and supervise appropriate security management duties of the entrusted party in the work entrustment contract, etc., and shall establish measures necessary for the appropriate protection of Personal Information in line with group-wide security standards, such as proper encryption on access channels to Personal Information.
(3) If the customer uses a payment card and the issuer of such card is located outside Japan.
8. Shared Use of Personal Information
The Company will share use of customers' Personal Information with group companies as follows.
(1) Scope of companies of shared use
Ingka Holding B.V. Group companies and Inter IKEA Systems B.V. Group companies (hereinafter "Shared Use Companies")
See this page for more information on the relationship between the Company and Shared Use Companies.
Shared Use Companies are generally subject to equivalent to personal data protection laws as Japan, and are generally located in countries or regions designated by Japan's Personal Information Protection Commission. Companies that are not located in said countries or regions shall have the necessary systems in place to maintain measures equivalent to measures required by parties who handle Personal Information within Japan in accordance with Japan's Act on the Protection of Personal Information.
(2) Purpose of use
Within the scope set forth in Article 1
(3) Shared-use Personal Information items
Personal Information obtained by the Company including names, addresses, phone numbers, email addresses, member numbers, records of product purchases/returns/exchange, etc.
(4) Responsible party with respect to shared use of Personal Information
Company name: IKEA Japan K.K.
Address: 5F, 2-3-30, Hamacho, Funabashi, Chiba 273-0012 Japan
Company representative: Petra Färe
9. Enquiries about Personal Information
The Company shall set up a Customer Personal Information Hotline, and shall respond promptly and in accordance with Company policy to enquiries received via any of the contact methods below regarding Personal Information disclosure, revision, cease of use, deletion, etc.
Company name: IKEA Japan K.K.
Person responsible: Personal Information responsible
Address: 5F, 2-3-30, Hamacho, Funabashi, Chiba 273-0012 Japan
TEL: 050-4560-0494
Website: https://www.ikea.com/jp/en/customer-service/contact-us/
10. Personal Information of Customers below the Age of 16
Customers under the age of 16 must obtain consent from a parent or guardian before providing Personal Information.
11. Handling of Website Cookies
Cookies are small files that store information provided by customers.
There is normally no chance that customers' Personal Information or computer system information might be stolen via cookies.
Customers can also choose to restrict the use of cookies. However, this may render some services unusable.
12. About the validity of this Privacy Policy
The governing language of this privacy policy shall be Japanese.
Although an English translation hereof is made for reference purpose, only the Japanese original shall be valid, and the English translation shall have no effect.
(Last updated on 17 June 2025)
*Click here for the privacy policy until June 16, 2025