Privacy Policy
Last updated: 2026-06-19 · Effective: 2026-01-01
DrollWolf Media ("we", "us") operates drollwolf.com (the "Site"). We protect personal information we collect from Site users under Japan's Act on the Protection of Personal Information (APPI), the European General Data Protection Regulation (GDPR), and other applicable laws. This policy explains the categories of personal information we collect, our purposes, third-party sharing, retention, your rights, and how to reach us.
1. Personal information we collect
- Contact form submissions: name, email, subject, message
- Automatically collected: IP address, browser type/version, OS, referrer, timestamp, page viewed, dwell time, device type, screen resolution
- Cookies and similar technologies: see the Cookie Policy
- Analytics: aggregate data collected by Google Analytics 4, Cloudflare Web Analytics, and Google Search Console
- Affiliate partners: click ID, referrer, UTM parameters tracked by each affiliate network at the time of click-through
2. Purposes
- To respond to your enquiries
- To analyse and improve Site usage
- To enhance content quality and personalisation
- To measure traffic and conversion via affiliate links
- To detect and prevent unauthorised access, spam, and cyber attacks
- To comply with legal obligations (e.g., responding to lawful requests from authorities)
3. Legal basis (GDPR users)
For users in the EEA, UK, and Switzerland, the legal bases for processing are:
- Consent (Art. 6(1)(a)) — non-essential cookies, email subscriptions
- Performance of a contract (Art. 6(1)(b)) — responding to your enquiries
- Legitimate interests (Art. 6(1)(f)) — Site analytics, security, improvements
- Legal obligation (Art. 6(1)(c)) — regulatory compliance
4. Third-party sharing
We do not share personal information with third parties except:
- With your prior consent
- As required by law (e.g., judicial warrant)
- To protect life, body, or property
- With service providers (hosting, CDN, analytics, email) under contractual data-protection obligations, and only to the extent necessary
5. Service providers
| Service | Provider | Purpose | Location |
|---|---|---|---|
| Cloudflare Pages / CDN / Web Analytics | Cloudflare, Inc. | Hosting, DDoS protection, analytics | USA |
| Google Analytics 4 | Google LLC | Site analytics | USA |
| Google Search Console | Google LLC | Search performance | USA |
| Google Fonts | Google LLC | Web font delivery | USA |
| Affiliate networks | Various | Conversion tracking | Various |
See Google's privacy policy and Cloudflare's privacy policy for their respective practices.
6. International data transfer
Some service providers above are located outside Japan. We rely on appropriate safeguards (Standard Contractual Clauses, EU–US Data Privacy Framework, etc.) to transfer the minimum necessary personal information.
7. Retention
- Contact form data: 3 years from resolution (record-keeping / prevention), then deleted
- Access logs: up to 13 months. Google Analytics retention is set to 14 months.
- Cookies: vary by type — see the Cookie Policy
- Information subject to legal retention: kept for the required period
8. Your rights
You have the following rights in respect of personal information about you:
- Access — request a copy of personal information we hold about you
- Correction / addition / deletion — request rectification of inaccurate data or erasure where lawful
- Restriction / cessation of processing / objection — request that we stop processing or sharing your data outside the original purpose
- Withdraw consent — without affecting the lawfulness of pre-withdrawal processing
- Data portability (GDPR) — receive your data in a structured format
- Complaint — lodge a complaint with the relevant supervisory authority
Send requests to [email protected] or via the contact form. We will verify identity and respond within a reasonable period.
9. Cookies and tracking
We use cookies and similar technologies. Details and opt-out instructions are in the Cookie Policy.
10. Security measures
- Site-wide HTTPS (TLS 1.3)
- Least-privilege access control for servers and databases
- Regular security audits and vulnerability scanning
- Staff training and confidentiality obligations for personnel with access to personal information
- Prompt breach notification (GDPR Art. 33 / APPI Art. 26) on detection of unauthorised access
11. Minors
The Site is for users 20 and older. We do not knowingly collect personal information from anyone under 20. If we learn that we have collected such information,
we will delete it promptly. Parents who believe a minor's data has been submitted should email [email protected].
12. Policy changes
We may revise this policy in response to legal changes, service changes, or operational needs. Material changes will be announced on the Site homepage. The most recent revision date is shown at the top of this page.
13. Contact / Data Protection
| Operator | DrollWolf Media |
|---|---|
| Privacy Manager | DrollWolf Editorial (Editor-in-Chief) |
| Privacy / GDPR contact | [email protected] |
| General contact | contact form |
14. Supervisory authorities
- Japan: Personal Information Protection Commission (ppc.go.jp)
- EU: Your national supervisory authority (EDPB member list)
- UK: Information Commissioner's Office (ico.org.uk)