Processing of Personal Data of Customers in EU

In order to strictly protect customers' information (hereinafter referred to as "EU personal data"), Kinki Nippon Tourist Metropolitan Co., Ltd. (hereinafter referred to as "this company") is implementing the following measures.

  1. For EU personal data provided at the time of travel application, in addition to using it for contacting customers, this company will use it within the range necessary for the arrangement and receipt of services provided by transportation and accommodation organizations on customer's travel.
    In addition, this company may use customer's EU personal data at this company and dealers in order to develop better travel products and inform customers about the information on travel products, as well as the damage insurance of each company which is entrusted by each insurance company, and to provide incidental and related services.
    Providing EU personal data is essential for fulfillment of the contract, and if customers cannot provide EU personal data on their own judgment, provision of service to customers and so forth may be interfered and it may cause damage or loss.
  2. For the conditions of handling of EU personal data

    3. This company shall deal with EU personal data only if this company obtains consent from the customer and in any one of the following cases.

    1. When handling is necessary for the performance of the contract where the customer is a party concerned (e.g., in the case where to notify customer’s information such as address to the hotel to arrange a hotel designated by customer).
      Or when handling is necessary according to customer's request before the contract is concluded.
    2. When handling is necessary to comply with the legal obligation that this company shall abide by (When following information disclosure orders based on laws from government agencies, etc.).
    3. When handling is necessary to protect the serious interests of customers or other individuals (e.g., in the event that the life of customer or accompanying person falls into a serious crisis due to an accident during the trip, provide customer’s or accompanying person’s data to relevant organizations such as police and hospitals).
    4. When it is deemed appropriate to investigate, prevent, or take measures against illegal acts or suspicious acts.
  3. For the special categories of EU personal data
    In order to carry out various procedures concerning customers' travels, and to manage the itinerary for participation in special tours (extreme tour such as Antarctica, and climbing tours), in principle, this company shall obtain consent from the customer in advance, and acquire, use, relocate customers’ special categories of EU personal data (health condition, physical characteristics, etc.) within the necessary scope of purpose. The EU personal data shall not be processed other than for this purpose.
  4. For international transfer of EU personal data
    EU personal data may be stored in servers after they are transferred to the group companies and outsourcing contractors, etc. in Japan. Japan has not been determined to be adequacy on data protection from the European Commission, however this company shall manage customer's EU personal data appropriately.
  5. For safety management measures
    In order to properly manage the EU personal data of customers, and prevent from leakage, loss or damage of EU personal data and so forth, this company shall implement technical and physical / organizational / personal safety management measures for them.
  6. Joint Use of EU Personal Data
    This company may use EU personal data this company holds jointly with the group companies for the purpose of product development, promotion such as product guidance, and contact or response to customer and so forth.
    Regarding joint use of EU personal data with group companies, this company will define the scope of responsibility for handling personal data and inquiry contact clearly.

    EU Personal data used jointly by the group companies
    Address, Name, Telephone number, Age, Date of birth, Sex, Item purchase history, E-mail address, and Passport number

     

    Group companies

    Club Tourism International Inc. Kinki Nippon Tourist Corporate Business Co., Ltd.
    KNT-CT WEB Travel Co., Ltd. KNT-CT Global Travel Co., Ltd.
    Kinki Nippon Tourist Hokkaido Co., Ltd. Kinki Nippon Tourist Tohoku Co., Ltd.
    Kinki Nippon Tourist Metropolitan Co., Ltd. Kinki Nippon Tourist Kanto Co., Ltd.
    Kinki Nippon Tourist Chubu Co., Ltd. Kinki Nippon Tourist Kansai Co., Ltd.
    Kinki Nippon Tourist Chugokushikoku Co., Ltd. Kinki Nippon Tourist Kyushu Co., Ltd.
    Kinki Nippon Tourist Kanagawa Co., Ltd. Kinki Nippon Tourist Okinawa Inc.
    Tourist Service Hokkaido Co., Ltd. Tourist Experts Inc.
    United Tours Co., Ltd. KNT Business Create Co., Ltd.
    Event & Convention House, Inc. and other Group Companies
  7. International transfer of EU personal data
    This company will transfer customers’ EU personal data to transportation and accommodation organizations (including organizations overseas) within the range necessary.
    In addition, for the convenience of customers' shopping at the travel destination, etc. this company will transfer the customer's EU personal data to the organizations such as the duty free shop of the destination. In this case, this company will relocate EU personal data related to customer's name, and passport number sent by electronic method, etc.
    This company shall transfer customer's EU personal data to group companies and outsourcing contractors, etc. that have subcontracted. This company shall request proper handling of the transferred EU personal data to the corresponding outsourcing contractor, and this company also shall properly manage it accordingly.
  8. Customer's EU personal data will be kept for 2 years and then properly erased and discarded
  9. For the customer's rights
    Customers have the following rights regarding EU personal data concerning themselves.
    1. Right to know customer's EU personal data and relevant information
    2. Right to correct the incorrect EU personal data concerning customers without undue delay
    3. Right to eliminate EU personal data on customers etc. without undue delay
    4. Right to restrict handling of EU personal data concerning customers
    5. Right to receive EU personal data provided by customers in a general format that computer is readable, and the right to relocate (shift) the EU personal data to the management of other organizations without disturbing
    6. Right to object to public interest or handling for the interests of this company or third parties and handling for direct marketing for EU personal data of the customers
    7. Right to not undergo assessment / decisions that have serious impact including legal effects on individuals through automatic processing such as profiling etc.
      *This company does not shall not perform profiling.
    If customers are dissatisfied with the processing of EU personal data of this company, customers may make a complaint to the supervisory authority of EEA member country, or the inquiry desk of this company.
    In addition, customers have the right to withdraw their consent at any time, and withdrawing the consent shall not affect the legitimacy of processing and transferring of EU personal data before withdrawing.
  10. Data Protection Officer
    As a group data protection officer (DPO), this company and group companies have appointed director in charge of general affairs and public relations department of KNT-CT Holdings Co., Ltd. The contact information of the data protection officer is as follows.

Director in charge of general affairs and public relations department
KNT-CT Holdings Co., Ltd.
1-7-8, Higashikanda, Chiyoda-ku, Tokyo, Japan 101-8641
Phone number: +81-3-6891-6840
E-mail: privacysomu@or.knt.co.jp

 

For inquiries regarding this matter, please contact the inquiry desk below.