Japanet Holdings Co., Ltd. and its group companies (“we”, “us” or “our”) may provide your personal data to a third party in a foreign country in the following cases.

1.　Cases of providing your personal data
We may provide your personal data to a third party in a foreign country in the following cases.

1. When your consent has been obtained
   For instance, if you have applied for our travel contract, this corresponds to a case of providing your name, gender, address and other contact information to the transportation company or accommodation to the extent required for performing such travel contract.
   For specific third-party recipients and the countries/regions where the third parties are located, please read the pamphlet, travel terms and conditions, and website of the travel contract that you will be applying for.
2. When the service provider in a foreign country has established an appropriate system for the protection of personal information
   We may provide your personal data to a service provider in a foreign country, to the extent required for the service provider to perform the entrusted service, upon confirming that the service provider has established an appropriate system for the protection of personal information.

2.　Foreign countries where third parties that may receive the provision of your personal information are located
In cases where the third party to receive the provision of your personal data is located in a foreign country, information concerning the provision of personal information in such foreign country is as follows.

1. EU/EEA and UK
   EU/EEA and the United Kingdom have been designated by the Personal Information Protection Commission of Japan has foreign countries, etc. having personal data protection systems that are recognized as having the same level of protection as Japan.
   Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Liechtenstein, Iceland, Norway, United Kingdom.
2. Countries and regions that have obtained the adequacy decision based on Article 45 of the GDPR
   These are countries and regions acknowledged by the European Commission has having sufficient data protection standards based on the GDPR.
   Argentina, Andorra, United Kingdom, Israel, Uruguay, Canada, South Korea, Switzerland, Denmark, New Zealand.
3. Members of APEC’s CBPR (Cross-Border Privacy Rules) System
   These countries and regions have laws that are compliant with APEC’s privacy framework.
   USA, Mexico, Canada, Singapore, South Korea, Australia, Taiwan, Philippines.
4. Country that is compliant with all eight principles of the OECD Privacy Guidelines (OECD Privacy Guidelines prescribe the following eight principles as their fundamental principles: (i) collection limitation, (ii) data quality, (iii) purpose specification, (iv) use limitation, (v) security safeguards, (vi) openness, (vii) individual participation, and (viii) accountability) China

The personal data protection systems of the various countries and regions are published on the Personal Information Protection Commission’s website.
To access the Personal Information Protection Commission’s website, click here.

3.　Personal data protection system of third party
When we are to provide your personal data to a third party, we will take necessary measures so that your personal data will be properly handled by the third party, in the same manner that we handle your personal information, by executing an agreement with the third party prescribing the proper measures to be taken in handling your personal data.

Japanet Holdings Co., Ltd.
President and CEO, Akito Takata
Inquiries: Inquiries concerning personal information