As part of our pre-requisite to apply for a Live account with Omise, merchants are asked to communicate its policies on the website. There are 2 required policies – the business policy and the privacy policy.

1. Business policy

a.) Businesses selling physical goods

Businesses selling physical goods are required to communicate the following policies to its customers:

• Shipping: When and how the order will be delivered. What are the terms and conditions that may affect in case of delayed delivery.
  
• Cancellation: Is it possible for the buyer to cancel the order, if so what are the terms and conditions?
  
• Refunds: What are the conditions to make a refund, or if it is possible to make a refund at all? In case of no refund, you may simply state “No refund”.
  

b.) Businesses providing services

Businesses providing services are required to communicate the following policies to its customers:

• Cancellation: Is it possible to cancel the booking, if so what are the conditions? How long is the notice period prior to the date required to cancel the booking? And its refund process.
  
• Refunds: What are the conditions to make a refund, or if it is possible to make a refund at all? What is the process to make a refund in case of cancellation?
  

The above policies help give customers an idea of how things are handled which will become helpful to merchants in cases of chargebacks or disputes. There is no specific template required by Omise, but we ask that you make the above clear between you and your customers.

Note: The above policies can be combined all together or separated and modified as applicable to your business.

2. Privacy policy

The Privacy Policy is a statement from merchants that discloses information on how the merchant collects, uses, discloses, and manages a customer's personal data. The merchant will comply with the legal requirements to protect a customer's personal data according to Japan’s Act on the Protection of Personal Information and the General Data Protection Regulation (GDPR).

The Privacy Policy should include the following information:

• What personal data you collect (for example name, email address, telephone number, etc.)
  
• For what purpose or reason you collect the personal data
  
• How long you keep the personal data
  
• How your customers can send a request to delete, disclose or update the personal data you hold.
  
• With whom you share the personal data, now or in the future.
  
• Information on your address, and contact channel details.
  

Please be aware that by law, you are not allowed to collect personal data without due reason and without controls to prevent personal data from being used for anything other than the purpose specified.

If you collect sensitive data of your customers or you intend to track their access on your website or app (for example, Google Analytics), ensure to get their explicit approval by mentioning the exact purpose of collecting the data. For tracking, you need to allow your customers to opt-out.

Related articles:
- What is the dispute process?
- Why do cardholders file a dispute?