Privacy Policy for JAPANiCAN

Part 1 General Terms and Conditions

JTB Corp. which has its registered offices at 2-3-11 Higashi-Shinagawa, Shinagawa-ku, Tokyo, Japan offers travel and destination management services and other services worldwide.

This Privacy Policy for JAPANiCAN sets forth the manners in which JTB Corp. (“JTB Corp.”, “we”, “us”, “our”) handles and safeguards your personal information in connection with our JAPANiCAN services in accordance with the Act on the Protection of Personal Information of Japan, the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures (“Individual Numbers Act”) and our internal policies and rules regarding the protection of personal information.

Please use our JAPANiCAN services after you have carefully read and understood this Privacy Policy for JAPANiCAN.

For Residents of Member States of the European Economic Area (EEA):

Please see and read carefully the special and supplemental provisions in Part 2 below for EEA residents under the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) (click here) in addition to this general terms and conditions .

For Residents of the States of California, United States:
Please see and read carefully the special and supplemental provisions in Part 3 below for California residents under the California Consumer Privacy Act (“CCPA”) (click here) in addition to this general terms and conditions.

1 Category of Information We Collect and Purposes of Processing

JTB Corp. collects directly and indirectly, retains as searchable personal data files and uses your personal information in connection with our JAPANiCAN services as follows:

(1) For Membership Services

We collect and use and process your information necessary for JAPANiCAN membership services (including incentive programs) such as name, phone number, e-mail address, nationality, account ID, password and IP address for the following purposes:

  • Registration, management and guidance on our membership programs
  • Providing our membership services and other related services
  • Considering, preparing, entering into or performing contracts or other relationship
  • Responding to your queries or requirements
  • Maintaining our relations with you or re-establishing our relationships

(2) For Travel And Accommodation Related Services For Which You Enter Into An Arrangement Agreement With JTB Corp.

We collect, use and process your information necessary for JAPANiCAN travel and accommodation related services under our JAPANiCAN services for which you enter into an service arrangement agreement with JTB Corp. such as your name, phone number, e-mail address, nationality, passport information, credit card information (if necessary), account ID, password and IP address for the following purposes:

  • Making accommodation or hotel arrangements
  • Making transportation arrangements
  • Making restaurant arrangements or other food arrangements
  • Making insurance service arrangements
  • Making other related services arrangements
  • Procedures for payment of travel expenses
  • Considering, preparing, entering into or performing contracts or other relationship
  • Responding to your queries or requirements
  • Maintaining our relations with you or re-establishing our relationships

Please note that in the case where you enter into an accommodation agreement or another service agreement directly with an accommodation facility or another service provider through JAPANiCAN site, such accommodation facility or another service provider directly collect and process your data through JAPANiCAN site, and the terms and conditions and the privacy policy of such accommodation facility or another service provider should be applied.

(3) For Service Improvement, Research and Development, Customer Relation Management, Promotion and Advertisement and Safety Use

We also collect and use and process above your information for the following purposes:

  • Conducting questionnaires, surveys and other activities such as requests for the provision of opinions and impressions
  • Maintaining and improving the site or tailoring the user experience
  • Providing after-sales service relating to products or services
  •  Internal training
  • Developing, improving or reforming products or services (*1)
  • Providing information on or distributing advertisements for products, services, various campaigns or events or other sales promotion activities of us or our business partners (*2)
  • Selecting, providing or operating privileges, prizes, point programs, etc. of us or our business partners
  • Considering, preparing, entering into or performing contracts or other relationship
  • Responding to your queries or requirements
  • Maintaining our relations with you or re-establishing our relationships
  • Maintaining or operating products, services, networks, systems, etc., and preventing disabilities, defects, incidents, etc., of products, services, networks, systems, etc., and responding the event of such accidents
  • Preventing and mitigating illegal, fraudulent or other improper activities or protecting rights or interests or safety of customers, JTB or JTB group companies and/or other third parties, including but not limited to the preventing, identifying, monitoring, investigating, analyzing, taking countermeasures on or against scams, cyber-attacks, and other potentially illegal, fraudulent or other improper activities.
  • Exercising a right or obligation conferred or imposed by law, including responding to request and legal demands.
  • providing to a third party in order to achieve each of the above-mentioned purpose of use

(※1) We will use Cookie, etc. (including web beacons, UIDs, and other technologies, and hereinafter simply referred to as “Cookie, etc.”) and, by or through Cookie, etc., we acquire customer purchase history, service provision history, browsing and other behavior history, information on terminals used, network information (IP addresses, etc.), analyze these as personal information of customers or information related to customers, and use these information to develop, improve, or reform products or services or advertise or promote or provide information on products or services according to induvial interest, preferences, trends, etc.

(※2) We may acquire information related to individuals other than personal information (including purchase history, location information, browsing and other behavior history, terminal information, and network information (IP address, etc.) obtained through Cookie, etc.) from a third party and use such information to develop, improve, or reform products and services with personal information held by us, as well as to advertise or promote or provide information on products or services in accordance with individual interest, preferences, or trends, etc.

If you need to get in touch with our customer support team or reach out to us through other means (such as through social media, or communicating with your accommodation through us), we will collect information from you too.

Where you submit reviews regarding your accommodation or other ancillary services available on our website, we will collect information from you included in your reviews, including your name and country of residence.

You can decide to participate in our promotions, provide us with feedback or ask for help with using the Sites or our various communications platforms, and these also mean providing us with related personal data.

Where you are making a booking with other guests whose details you provide to us as part of your reservation, or if you make a booking on behalf of someone else, it is your responsibility to ensure that the person or people you have provided personal information are aware that you have done so, and have understood and accepted how JTB Corp. uses their information (as described in this Privacy Policy).

Every customer is free to determine what personal information he/she provides to us. However, we may be unable to provide you with our services or contact you if you decide to provide us with no personal information or only limited information.

When you use our JAPANiCAN services or access the related sites, we collect and use cookie related information, IP address and your device information for service improvement, research and development, customer relation management and promotion and advertisement (including but not limited to tailoring your experience on the Site, providing you with high-quality and relevant content (including interest based advertising), and developing and improving our products and services).

In addition, your personal data may be converted into statistical or aggregated data which cannot be used to identify you and then used to produce statistical research and reports. This aggregated data may be shared and used in the ways described above.

2 Transfer of Personal Information to Third Parties

  1. We will provide name, ID, gender, age, address, telephone number, e-mail address, passport information, credit card information, information on emergency contacts, and other necessary personal information by electromagnetic means etc., to facilities for transportation, accommodation facilities, service providers, insurance companies, public offices, etc., to the extent necessary for arrangements for the travel services you have applied for and procedures for receipt of such services, to the extent necessary for the procedures for insurance covering our travel contract responsibilities, expenses in the event of an accident, to the extent necessary for providing information relating to safety or health or contacting a customer for confirmation of its safety, etc.
  2. We may provide personal data of our customers to souvenir stores or other dealers for the convenience of customers’ shopping at our travel destinations. In this case, personal data pertaining to the customer’s name, passport information, and the flight name to be boarded will be provided by sending in advance by electromagnetic means, etc.
  3. In case of illness or accident during a trip, we may ask for personal information to whom we may contact. This personal information will be used if we acknowledge that in the event of illness or other illness, we need to contact the contact person. The customer shall obtain the contact’s consent to provide us with the personal information of the contact.
  4.  To the extent necessary for the arrangement or provision of the various services that you have applied for, we will provide our business partners, service providers, or public offices with personal information such as your name, ID, gender, age, address, telephone number, e-mail address, and other necessary personal information by electromagnetic means, etc.
  5. To the extent necessary for responding to customer opinions, requests, and inquiries, including inquiries about products or services, or preparing contracts, we will provide the customer’s name, ID, gender, age, address, telephone number, e-mail address, credit card information, and other necessary personal information by electromagnetic means, etc to the transportation/accommodation facility, service provider, other related organizations and corporations, etc.
  6. We will provide customers’ names, IDs, genders, ages, addresses, telephone numbers, e-mail addresses, purchase information, etc., by electromagnetic means, etc. to our business partners for various points or other privilege granting programs, various campaigns, prizes, events or other sales promotion activities implemented by us or our business partners or for providing customers with information on these programs or activities.
  7. In order to prevent or respond to the occurrence of any disability, malfunction, or accident relating to products, services, networks, or systems, we will provide the customer’s name, ID, gender, age, address, telephone number, e-mail address, and other necessary personal information to the relevant authorities or parties by electromagnetic means, etc.
  8. We will provide personal data such as your name, gender, age, address, telephone number or e-mail address, passport information, credit card information, and other personal data by electromagnetic means, etc. to the government, public offices, investigative organizations, and business partners to the extent necessary to provide an environment in which you can use products or services safely, such as monitoring, preventing, analyzing, and taking countermeasures on or against illegal, fraudulent or any other improper acts, or to resolve disputes, or to protect life, body, or property or any other rights of JTB Corp or our group companies or any third parties.
  9. We will provide the customer’s name, gender, and e-mail address telephone numbers, addresses, etc. which are hashed (“hash” means processing of converting them into irregular character strings) or converted into secure data form to advertising distribution companies and/or related service providers (including those located in foreign countries) through electromagnetic means, etc.in order to deliver advertisements, etc. that are highly relevant to the customer , to perform effectiveness measurement and/or carrying out an analysis, etc.
  10. We will provide the customer’s personal data by electromagnetic means, etc., with the consent of the customer or to the extent permitted by law.
  11. Where required or permitted by an applicable law or regulation – such as to protect ourselves against liability, to respond to subpoenas, judicial processes, legitimate requests, warrants or equivalent by law enforcement officials or authorities, to investigate fraud or other wrongdoing or as otherwise required or necessary in order to comply with applicable law, protect our legitimate interests or to the purchasers in connection with any sale, assignment, or other transfer of all or a part of our business or company. We may also, in compliance with applicable law, disclose your information to enforce or apply the terms and conditions applicable to our services or to protect the rights, property, or safety of JTB Corp, our users, or others.
  12. Business Reorganization – such as part of any sale, assignment or other transfer of our business, or transition of service to another provider. We will ask for your consent if required by applicable law.

3 The Shared Use of Personal Information

In order to contact customers, simplify future travel product bookings and facilitate the arrangement and management of your travel needs and for other purposes specified in 1 above, we will share and jointly use the personal information of our customers/users as follows.

(1) Personal Information

Name, gender, age, address, telephone number, e-mail address, ID or other identification information (including CookieID), purchase history, location information, browsing and other activity history of customers’ personal information

(2) Scope of joint users

Our group companies (Please refer to the following for our group companies)

https://www.jtbcorp.jp/jp/jtb_group/

(3) Manager in charge of joint use under Japanese law

JTB Corp.

4 Outsourcing

We may entrust all or part of the business including handling personal information of customers to a third party for the purpose of arranging travel, managing travel, travel attendance services, intermediary services at airports, travel services such as payment of travel expenses, and other our services, and for the purpose of use as described in 2 above or for our businesses. In this case, we will select the such third party based on our standards and entrust the personal information after entering into an agreement including confidentiality.

5 Transfer of personal information to a third party in a foreign country

(1)In order to arrange travel services provided by transportation/accommodation facilities in the travel for which the customer applies or for the purpose of use as set forth in 2(1) above, we may, upon informing the customer of the country or region in which the customer’s personal information is to be provided, transfer personal information to transportation/accommodation facilities, service providers, or other third parties in the country or region in which the customer’s personal information is to be provided. In this case, it is as follows.

 Country or region to which personal information is transferred

We will inform you orally, pamphlets, brochures, travel terms and conditions documents, notice documents, or websites, e-mails or other electromagnetic means.

• Systems for the protection of personal information in the said country or region and measures for the protection of personal information to be taken by a third party: See below.

https://www.jtb.co.jp/privacy/

(2)We may transfer personal information to a third party in a foreign country after taking measures such as concluding an agreement with such third party to implement appropriate measures for the protection of personal information.

6 Safety Management Measures

We have taken necessary and appropriate safety management measures to protect personal data, such as preventing leakage, loss, or damage. The main contents of these measures are as follows

  • Establishment of basic policy
  • In order to comply with laws and regulations and ensure proper handling of personal information, we have formulated a personal information protection policies, and based on these policies, we have established this handling rule and other related internal rules concerning the acquisition, use, provision, and disposal of personal information.

(2) Development of disciplines regarding the handling of personal information

(3) Institutional security control measures

  • In addition to establishing a person responsible for the handling of personal data, we will clarify the employees who handle personal data and the scope of personal data handled by those employees. We have also established a system to report any violations or threats of violation of laws and regulations our internal rules to the Personal Information Management Officer.
  •  We conduct periodic self-inspections of the status of the handling of personal data and conduct audits by our audit department.
  • When outsourcing businesses, including the handling of personal information, we includes clauses related to the handling of personal information in our contracts.

(4) Human security control measures

  • We provide regular training to our employees regarding matters to be careful on the handling of personal information.
  • Matters concerning the confidentiality of personal information are described in our work rules and other internal rules.

(5) Physical security control measures

  • In areas where personal data is handled, we control the entry and exit of employees and take measures to prevent access to personal data by unauthorized persons
  • We establish rules for storage and disposal of documents and electronic media containing personal information.
  • Measures are taken to prevent theft or loss of equipments such as password setting and remote control measures.

(6) Technical security control measures

  • Access control is implemented to limit the persons and the scope of databases handled by employees.
  • We have introduced mechanisms to protect the systems handling personal data from unauthorized access from outside or from unauthorized software.

(7) Survey of the external environment

  • We store a part of personal information in some foreign counties such as the U.S, Singapore, etc. We confirm the outline of the personal information protection legislation in such regions and take measures such as concluding a contract on the handling of personal information with a third party to whom we transfer personal information.

7 Inquiries and Disclosure Regarding Customer Personal Information

If you wish us to notify the purpose of use or disclose, correct, add or delete your personal data, discontinue to use or erase your personal data, or cease to provide it to a third party, please contact the following inquiry desk. Provided, however, that we are unable to comply with your request if such request may seriously interfere with the proper conduct of our business. We will take necessary measures without delay in accordance with laws and regulations and our internal rules. If we are unable to comply with your request in whole or in part, we will explain the reason. Our contact point for handling personal information is as follows.

JTB Customer Service Office Address: 2-3-11 Higashi-Shinagawa, Shinagawa-ku, Tokyo

8 Handling of Specific Personal Information

  • We use Individual Numbers only within the scope of the purpose of use stipulated in the Individual Numbers Act.
  • We will not provide to any third party other than the recipients stipulated in the Individual Numbers Act.
  • We will promptly delete or remove the relevant Individual Number upon completion of any Individual Number Administrative Procedures as set forth under the Individual Numbers Act.

9 Handling of anonymously processed information

We will take appropriate protective measures to prevent the identification of specific individuals and the restoration of such personal information used for production, and will prepare anonymously processed information and provide such information to third parties to the extent permitted by law.

(1)How to create anonymously processed information

When preparing anonymously processed information, we process the information appropriately according to the following in accordance with the standards stipulated by the Personal Information Protection Law and the Rules of the Personal Information Protection Committee.

  • Deleting a description that identifies a specific individual
  • Deleting a Individual Identification Code
  •  Eliminating the sign that connects information with each other
  • Deleting unique descriptions, etc.
  • Taking other appropriate measures based on the nature of the personal information database, etc.

(2)Items included in anonymously processed information

  • Personal Attribute Information of Customers [Gender and Year of Birth of Representatives]
  • Information on use of us [Application date (month/year), Stores (prefecture/municipality/type), Travel information (departure date/return date, area, and accommodation facility (name/type), Number of users (by adult, male, female, and child) • Product grade, product type, product form, travel purpose, and type of participation]

(3)Provision of anonymously processed information to a third party

Items and methods of provision of information included in anonymously processed information prepared by us and provided to third parties are as follows.

  • Items (1) and (2) in (2) above
  • We will inform the recipients of such information that such data is anonymously processed information and provide such information after stipulating a contract to prevent improper handling of such information as identifying acts.
  • To provide anonymously processed information to a third party by a secure electromagnetic manner such as encrypting data files.

(4)Other safety management measures for anonymously processed information

  • Clarify the authority and responsibility of the person handling information such as the processing method.
  • We have established rules and regulations concerning the handling of such information, such as processing methods, and provide education and supervision to employees who handle such information.

10 Amendment of these Regulations

These Regulations may be changed or revised from time to time depending on the necessity to comply with changes in laws and regulations and the business necessity. Such changes shall be posted on this website. You are requested to fully confirm the latest contents of these Regulations after any changes, etc., that are posted on this website.

11 In the event of leakage of personal information

Should a problem arise, such as the leakage of personal information, we will notify customers, ensure safety, suspend our system as necessary, and publicize the facts on our website, etc., in accordance with laws and regulations.

JTB Building., 2-3-11, Higashi-Shinagawa, Shinagawa-ku, Tokyo

JTB Corp.

Eijiro Yamakita, President and Chief Executive Officer

Title and contact address of the Personal Information Management Officer

Senior Manager of Legal Affairs

(Contact address: same as above)

12 Transmission of User Data, including Cookie data, to Third Partiesonal information

This website uses services provided by third parties and transmits user data, including but not limited to cookie data, of users of this website to these third parties. Please confirm the details at the webpage (click here), including but not limited to, the contents of user data transmitted to third parties, the purpose of transmitting user data to third parties, names of such third parties to whom user data is transmitted and how to stop the transmission of user data.

Part 2 Special Provisions for Residents of Member States of the European Economic Area

The provisions below are the special and supplemental provisions under the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) for Residents of member states of the European Economic Area. These special and supplemental provisions apply to you in the case where the GDPR applies to our collection or processing of your data and is available on our website and through other channels. Please read carefully these special and supplemental provisions in addition to the General Terms and Conditions (Part 1) before you commence use of our JAPANiCAN services.

1. Legal basis:

Under the GDPR, our collection and processing of your data under Section 1 of Part 1 is based on our and/or your legitimate interests such as provision of our JAPANiCAN services

In addition, your personal data may be converted into statistical or aggregated data which cannot be used to identify you and then used to produce statistical research and reports. This aggregated data may be shared and used in the ways described above.

JTB processes your personal data in its interest as well as your interest, so JTB provides and you receive the travel related services that you have requested and other related services specified in the above.

Where GDPR requires us to ask you to give us your consent to collect and use certain types of personal information such as personal data that GDPR considers as special categories, we will seek separate explicit consent from you prior to obtaining that data.

In all your dealings with us you must ensure that others you may represent are aware of the content of our Privacy Policy and consent to you on their behalf.

We will process your data for as long as possible in order to fulfil our service to you and comply with the applicable fiscal, tax, securities and commercial law regulations on retention of business and financial documentation.

2. Retention periods

We keep your personal data as long as there is a statutory or legal requirement to do so or in order to provide the aforementioned services to you. For accounting or auditing purposes we may retain your personal data for a period of time after our direct business dealings have ended.

3. Data storage and transfer

Furthermore, we may share your personal data with JTB group companies as well as with other companies which may be located within or outside the EEA and provide travel and business process services related to the provision of the services indicated above (including cases under Section 2 and 3 of Part 1), for example: airlines, hotels, accommodations, transportations, restaurants, tour operators, travel agencies, other service providers (including service providers for JTB). Where a company is located outside the EEA, we will arrange adequate safeguards such as Binding Corporate Rules or Standard Contact Clause arrangement or transfer your personal data based on appropriate legal basis.

When we process your personal data, we will store it on our systems located within EEA, Japan or other countries. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to the relevant third party.

Your data may also be processed by staff operating outside the EEA who works for us or for one of our suppliers (e.g., travel guides, transportation services). Such staff may be engaged in, among other things, the provision of support services.

  • Service providers

For the purpose of providing you with our services, including your booking of flight, hotel, security, incident/accident management etc., we may disclose and process your personal data outside of the EEA countries. In order for you to travel abroad, it may be mandatory as required by government authorities at the point of departure and/or destination to disclose and process your data for immigration, border control and/or any other purposes. Also we need to provide airlines/accommodation providers with your name, passport number, contact detail, etc. in accordance with their terms and conditions.

  • Legal compliance and security

It may be necessary for us - by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence - to disclose your personal data. We may also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.

  • Safeguards to protect your personal data

Where we share your data with a data processor, we will put the appropriate legal framework in place in order to cover such transfer and processing (Articles 26, 28 and 29). Furthermore, where we transfer your data from EEA to any entity outside the EEA, we will put appropriate legal frameworks in place, notably Binding Corporate Rules (Article 47 GDPR), controller-to-controller and controller-to-processor Standard Contract Clauses approved by the European Commission, in order to cover such transfers (Articles 44 ff. GDPR), or we will share your data based on rules of the GDPR.

By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, in particular, by adopting Binding Corporate Rules or Standard Contract Clauses or based on other GDPR rules.

  • Booking on behalf of someone else

Where you are making a booking with other guests whose details you provide to us as part of your reservation, or if you make a booking on behalf of someone else, it is your responsibility to ensure that the person or people you have provided personal information about are aware that you have done so, and have understood and accepted how JTB Corp. uses their information (as described in this Privacy Notice).

  • Other Transfer

In connection with other purposes and manners of the transfer of personal information, please see Section 2, 3 and 4 of the General Terms and Conditions 

4. Children

Our products and services are intended for adult customers. However, we may knowingly collect and process personal data on children under sixteen (16). On these occasions, we will take account of this event when processing the personal data of children and implementing the legal basis for such processing. For example, where the processing of personal data of children is based on their consent such as the processing of his/her sensitive personal data, we will seek the consent of parents, tutors, or other adults holding parental responsibility over children, if required under the GDPR.

5. Links to other sites

We may propose hypertext links from our websites to third-party websites or Internet sources. We do not control and cannot be held liable for third parties’ privacy practices and content. Please read carefully their privacy policies to find out how they collect and process your personal data.

6. Our Records of Data Processes

We handle records of all processing of personal data in accordance with the obligations established by the GDPR (Article 30), both where we might act as a controller or as a processor. In these records, we reflect all the information necessary in order to comply with the GDPR and cooperate with the supervisory authorities as required (Article 31).

7. Security Measures

We process your personal data in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage. We use appropriate technical or organisational measures to achieve this level of protection (Article 25(1) and 32 GDPR).As to details of such security measures, please see Section 6 of the General Terms and Conditions.
We will retain your personal information for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8. Notification of Data Breaches to the Competent Supervisory Authorities

In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects(if necessary),  (Articles 33 and 34 GDPR).

9. Processing Likely to Result in High Risk to your Rights and Freedoms

We have mechanisms and policies in place in order to identify data processing activities that may result in high risk to your rights and freedoms (Article 35 of the GDPR). If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organisational safeguards are in place in order to proceed with it.

In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations (Article 36 GDPR).

10. Your Rights

As a customer you have a number of rights as follows:

  • Access to personal data: You have the right to be provided full information about your personal data that we hold.
  • Data correction: You have the right to require that we correct any incorrect information we hold about you.
  • Data deletion: You may also have the right to ask that we delete your personal data. Please note that certain conditions may apply to the exercise of this right.
  • Restriction on processing of personal data: You may have the right to ask that we restrict the use of your personal data. Please note that certain may conditions apply to the exercise of this right.
  • Object to processing of personal data: You may have the right to object to the use of your personal data by us. Please note that certain conditions may apply to the exercise of this right.
  • Portability of personal data: You may have the right to receive your personal data in a structured and commonly used format. Please note that certain conditions may apply to the exercise of this right.
  • You also have the right to obtain from us a copy of the Binding Corporate Rules or of any Standard Contract Clauses that we use if we transfer your personal data outside the EEA and take such arrangement.

To exercise your rights, or if you require further information about how your personal data is used by us, you can contact the staff member in charge of your travel or write to us at: private@jtb.com.

Following is the procedure when you want to execute these rights;

  1. Upon receiving your request, we will contact you to confirm the request is being handled, and we will indicate the reasonable timeframe for us to respond.
  2. Our special team will make an initial assessment of the request to decide whether it is a valid request and whether confirmation of identity is required.
  3. If no further action from you is required, we will proceed with the processing of your request.
  4. At the end of our assessment and internal procedure, we will provide a confirmation as to our compliance or processing of your request.
  5. For any unfounded or excessive (e.g., further repeated) requests, we may charge a reasonable fee based on administrative costs.

11. When you want to complain about your personal data

We have appointed appropriate staff with management support to oversee and ensure compliance with the GDPR.
You can bring complaints in writing by contacting the JTB Data Protection Team at private@jtb.com .

You can also contact the JTB Data Protection Team members or other employees to complain about the way we handle your personal data. The employees to have been confronted with the complaint will inform you about the contract details to file a complaint in accordance with the present procedure or pass the complaint to the JTB Data Protection Team whichever appropriate.

After receiving the complaint the Data Protection Team will send an acknowledgement of receipt within one week to you. The confirmation may include further questions necessary for the clarification of the issues. The Data Protection Team or local Human Resources Department will provide an answer to you as soon as reasonably practicable, but no later than one month upon receiving the complaint. If, due to complexity of the complaint, a substantive response within one month cannot be provided, you will be notified with a reasonable estimate of the timeframe, but not exceeding two months from the notice.

You may also raise the complaint to the relevant Data Protection Authority or lodge a claim with a court of competent jurisdiction.

12. Changes to our Privacy Policy

We may revise or update this Privacy Policy from time to time. Any changes we may make to our Privacy Policy in the future will be posted on this webpage. If we make changes which we believe are significant, we will inform you through the website to the extent possible and seek your consent where applicable.

13. Contact

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to

JTB Data Protection Team
JTB Group Headquarters
JTB Corp.
17F 2-3-11 Higashi Shinagawa
Shinagawa-ku, Tokyo
JAPAN
Email: private@jtb.com

14. About Cookie etc.

About Cookie etc., please see Section 12 of Part 1.

Part 3   Special Provisions for Residents of States of California, United States

January 1, 2020

The provisions below are the special and supplemental provisions under the California Consumer Privacy Act (“CCPA”) for Residents of States of California, United States. These special and supplemental provisions apply to you in the case where the CCPA applies to our collection or processing of your data and is available on our website and through other channels.  Please read carefully these special and supplemental provisions in addition to the General Terms and Conditions (Part 1) before you commence use of our JAPANiCAN services.

1. Categories and Purposes of Your Collected Personal Information

The categories of personal information which we have collected within the preceding 12 months, and the business or commercial purposes for which such personal information was collected are specified in Section 1 of the General Terms and Conditions (Part 1).

2. Sources of Personal Information

Under JAPANiCAN services, we collect your personal information from you (data subject) or a person who provide your personal information on behalf of you (including but not limited to your parents or guardians).

3. Disclosure of Personal Information

We have disclosed your Personal Information specified in Section 1 of Part 1 to third parties for our operational business purposes specified in Section 2, 3 and 4 of Part 1 and Section  of this Part 3 within the preceding 12 months, and We have disclosed these categories of personal information to the parties specified in Section 2, 3 and 4 of Part 1 and Section  of this Part 3.

4. Do not Sell My Personal Information

Under the CCPA, California residents have the right to opt-out of the “sale” of their personal information. CCPA defines “sale” broadly to include any transfers or disclosures to other businesses or third parties for monetary or other valuable consideration (hereinafter referred as “CCPA-defined transfers”). While we do not obtain financial compensation for your personal information, we may share it with third-parties for service improvement, research and development, customer relation management and promotion and advertisement (including but not limited to tailoring your experience on the Site, providing you with high-quality and relevant content (including interest based advertising), and developing and improving our products and services)

To exercise this right, please visit our “Do Not Sell My Personal Information” page from the following link.

https://www.japanican.com/ccpa.html

5. Your Rights and Requests

If you are a California resident, you have the following rights under the CCPA:

I.          Request to disclose to you the following information covering the 12 months preceding your request:

(I)        The categories of Personal Information we collected about you;

(II)       The categories of sources from which we collected such Personal Information;

(III)      The business or commercial purpose(s) for collecting such Personal Information about you;

(IV)      The categories of third parties with whom we shared such Personal Information; and

(V)       The specific pieces of Personal Information we have collected about you.

II.         Request to delete Personal Information we collected from you

III.        Non-Discrimination for the exercise of the rights under the CCPA

To make a request for the disclosure or deletion described I. and II. above, please contact us by using the following means:

You may only make a verifiable consumer request for access or data portability twice within a 12-month period.

The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include: providing your email and phone verification, known customer information, and/or account sign-up authentication or other information (including but not limited to passport related information and social security related information) needed to verify your identity depending on the sensitivity of personal information in question.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

If you use an authorized agent to submit a request to know or a request to delete described I. and II. above, you may specify your agent by providing the authorized agent written permission to do so. In addition, we will request sufficient information that allows us to reasonably verify your agent is the person about whom you assign.

We use good faith efforts to respond to a verifiable consumer request within forty-five (45) days after its receipt. If we need more time (up to 90 days), we will inform you of the reason and the needed extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. For data portability requests, we will select a commercially reasonable format to provide your Personal Information that is commonly useable and should allow you to transmit the information from one entity to another entity without hindrance, but we do not guarantee that all formats are useable in all media. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

6. Changes to this Privacy Policy

We may change this Privacy Policy from time to time.  The “Date last updated” mentioned at the top of this page states when this Privacy Policy was last updated and any changes will become effective upon our posting the revised Privacy Policy.

Where required by CCPA or other applicable law, we will request your consent to any such changes.  We will provide the revised Privacy Policy by email or by posting notice of the changes on our website or through any relevant services.

7. About Cookie etc.

About Cookie etc., please see Section 12 of Part 1.

8. Contact Us

If you have any questions or concerns regarding this Privacy Policy or our privacy practices, please contact us at private@jtb.com

If you have any other questions or concerns, please visit our contact page or contact our customer service from this link (https://www.japanican.com/info/contact.html)

Amended March 1, 2024