Basic Policy on Handling of Personal Data within EEA
Japanet Holdings Co., Ltd. and its group companies (“we”, “us” or “our”) are positioning the protection of personal information as a top priority issue in our business operation so our customers can enjoy our products and services with a sense of security.
In case that the EU General Data Protection Regulation (hereinafter referred to as the “GDPR”) is applicable to us, for example, when we handle your personal data within the EEA, in order to ensure the proper handling of your personal data according to the GDPR, we have established this Basic Policy on Handling of Personal Data within EEA (hereinafter referred to as this “Policy”).
All of our employees (officers, executive officers, regular employees, contract employees, part-time employees, temporary employees, dispatched employees), employees permanently stationed in our business partners, and our other related persons will observe this Policy, together with the Basic Policy on Protection of Personal Information, and endeavor to protect your personal data.
1. Applicable scope of this Policy
This Policy is preferentially applied to the processing of personal data related to our products and services and to which the GDPR will apply. Nevertheless, even in the foregoing case, matters not prescribed in this Policy shall be pursuant to our Basic Policy on Protection of Personal Information.
2. Personal data to be acquired, purpose of use, and method of use
The types of personal data that we will acquire, and the purpose of use and method of use of such personal data, are as follows, and otherwise as set out in the Basic Policy on Protection of Personal Information.
(Types of personal data subject to the application of the GDPR)
・Name, address, phone number, email address, data of birth, gender, membership number and other contact information
・Payment information, credit information and other information related to payment
・Information related to your health that we directly acquire from you upon obtaining your consent
・Information related to your passport (when required for our travel services)
We may acquire your contact information from our group companies if you have previously provided your personal information directly to our group companies for membership registration or other procedures.
(Purpose of use and method of use of personal information to be subject to the application of the GDPR)
・Communication with you, member registration, provision of ordered products or services
・Provision of information related to products and services upon obtaining your consent
・Creation of statistical data, which is processed so that individuals cannot be recognized or identified, based on your contract information, survey, gender, age and other attribute information, and use of such data for developing and providing new products and services
If you do not agree to provide the foregoing information, you may not be able to use all or a part of our services.
3. Legal basis for handling your personal data
We will acquire and use your personal data based on the following legal basis.
・When we have obtained your consent (you can withdraw your consent)
・When required for performing a contract or making preparations for concluding a contract
・When required for fulfilling our legal obligations
・When required for protecting your life, body or property or those of a third party
・When required for protecting public interests or other legitimate interests (legitimate interests include improving services to be provided to you, and notifying you of changes to our products or services)
4. Your rights
You can exercise the following rights related to your personal data to the extent permitted under laws.
- Right of access
- Right of correction/erasure
- Right of limitation of processing
- Right of data portability
In addition to the above, you are entitled to object to our handling of your personal data in certain cases to the extent permitted under laws.
Furthermore, if you are dissatisfied with our response to your request, you may file a complaint with the data protection supervisory authority.
5. Transfer of personal data
We may handle your personal data by transferring it to a country outside the European Economic Area (EEA) to the extent required for achieving the purposes of use indicated in 2. above. In such a case, when transferring your personal data to a country with an adequacy decision for cross-border data transfers, we will rely on such adequacy decision, and even in other cases, we will take additional measures which are required, such as concluding standards contractual clauses, so that sufficient measures for the protection of your personal data are ensured. For details concerning the above, please contact our inquiry desk.
Transfer of your personal data to Japan will be based on the adequacy decision for cross-border data transfers acquired by Japan.
6. Sharing of personal data
In the following cases, we may share your personal data with our group companies and third parties according to the GDPR.
・When entrusting the handling of your personal data to our business partner with which we have executed a service agreement (delivery company, settlement company, telecommunications carrier, passenger carrier, travel agency, etc.). In the service agreement, we will impose obligations on the service provider for conducting proper security management, and offer necessary and appropriate supervision over the service provider.
・We may conduct our business by using a third party such as a service provider. For instance, in cases where we introduce another company’s product or service to you and you contact us because you are interested in such product or service, this corresponds to a case when we provide your information to such other company so that such other company can contact you and accept your order of such product or service, and otherwise provide customer services. In addition to providing the customers services described above, we may share your personal data with our business partners that provide services such as marketing and data analysis and research for improving services.
・We may share your personal data with all of our group companies to the extent required for achieving the purposes of use indicated in 2. above.
In processing your personal data, we will ensure proper security (including technical, physical and organizational measures). We will retain your personal data only for the period required for achieving the purposes of use indicated in 2. above.
- To manage the information transfer between screens by using a cookie, and verify that it is the same person (owner of the personal data)
- To prevent unauthorized access and ensure security based on (1) above, and at the same time improve the user-friendliness of our website
- To refer to your stored registration information when you log into an authentication service, and provide customized services to you
- To display optimal ads on the sites of other companies based on your interests and status of use of our website
- To check the number of users and traffic of our website
Based on the entrustment to another company’s site for the distribution of our advertisements, we may store and refer to our cookies via such other company’s site. The main advertising services that we use are as follows.
・Yahoo! JAPAN, etc.
While you can disable the cookie function by setting your browser accordingly, in such a case please note that certain functions of our website may not operate properly.
Japanet Holdings Co., Ltd.
President and CEO, Akito Takata
Inquiries: Inquiries concerning personal information