Privacy Policy

■ About handling of personal information

1. Purposes of use of the personal information that our company handles
   1. Purposes of use of personal information (including information obtained from the homepage or e-mail) obtained directly in writing from the relevant person

      Classification	Purposes of use
      Travel applicants' customer personal information (also including customers who apply by telephone or for whom an indirect application is made in cases of group travel, in addition to applications made by the relevant person in a document or on the website)	For contact with customers For arrangements for services provided by transportation and accommodation organizations during travel for which the customer applied, and for procedures for the purpose of receiving those services For procedures for insurance to ensure payment of expenses in times of accidents, at our company's liability under a travel contract For provision to transportation and accommodation organizations, insurance companies, and souvenir shops at travel destinations within the scope that is necessary for customers' shopping convenience at souvenir shops at travel destinations For provision of information about products, services, and campaigns of the company and companies that conduct tie-ups with the company For requests for provision of opinions and impressions after participation in travel Requests for responses to questionnaires Provision of special services For creation of statistical data
      E-mail addresses of applicants for e-mail newsletters	For delivery of e-mail newsletters For subscriber management
      Information about our company's employees	Employees' personnel and labor management and work management For health management and security management
      Information about people who apply for jobs at our company	For contacting job applicants and for our company's management of hiring work
      Customers' personal information obtained through online shopping	For product and service arrangements and shipping in product sales for which customers have made purchases For provision of information about products, services, and campaigns of the company and companies that conduct tie-ups with the company

   2. Purposes of use of personal information obtained by a method other than those of the previous clause

      Classification	Purposes
      Customers' personal information obtained through the representative (company etc.) in group travel	For contact with customers For arrangements for services provided by transportation and accommodation organizations during travel for which the customer applied and for procedures for the purpose of receiving those services For procedures for insurance to ensure payment of expenses in times of accidents, at our company's liability under a travel contract For provision to transportation and accommodation organizations, insurance companies, and souvenir shops at travel destinations within the scope that is necessary for customers' shopping convenience at souvenir shops at travel destinations
      Customers' personal information obtained through work consignment	For execution of agency work for travel accident insurance For work execution for inbound travel business and consigned business
      Customers' personal information obtained from a travel agency to which sales are assigned	For arrangements for services provided by transportation and accommodation organizations during travel for which the customer applied, and for receipt of those services
      Customers' personal information obtained orally through applications made by telephone	For receiving applications, sending application procedure documents, and handling inquiries made by telephone

2. Personal information protection manager: Takashi Kudo
   Department of affiliation: General Affairs Headquarters　
   Telephone number: 03-5550-1069
3. For the purpose of arrangements for travel for which an application is made, we will provide the customer's name, address, telephone number, age, and date of birth to transportation and accommodation organizations and an agent that makes arrangements (limited to the necessary cases) by sending a document or using an electronic method in advance. When an application is made, the customer shall agree to the provision of such personal data.
4. In some cases, our company will consign the handling of personal information to another company.
5. When our company receives a request from a customer for notification of the purposes of use of possessed personal data or for its disclosure, correction, addition or deletion, cessation of use, elimination, or cessation of provision to third parties, we will promptly handle the request.
   Office for inquiries: Customer Consultation Office
   Telephone number: 03-6859-4301　FAX: 03-5550-0638　
   E-mail: customercontact@yomiuri-ryokou.co.jp
   Hours when inquiries are accepted: Monday to Friday, 10:00-17:00　
   Days when the office is closed: Saturdays, Sundays, public holidays, and end-of-year and New Year period
6. The items of personal information that the customer provides to our company are voluntary, but if the customer does not provide certain items of personal information, there may be cases in which it will not be possible to appropriately provide arrangements or procedures for travel services or cases in which it will not be possible to accept the customer's application or request.
7. On the site that the Yomiuri Travel Service operates, cookies are used for the purpose of providing efficient service to customers, but customers' personal information will not be collected by cookies.

■ Dissemination of matters related to possessed personal data

In relation to possessed personal data that is retained at our company, for a request from the relevant person or that person's representative for notification of the purposes of use, disclosure, correction, addition, or deletion of content, cessation of use, elimination, or cessation of provision to third parties (hereinafter referred to as the “Request for Disclosure etc.”), we will handle it according to the main points below.

1. Business operator's name and address, and representative's name
   Yomiuri Travel Service Co., Ltd.
   Yomiuri Tsukiji Building, 2-5-3 Tsukiji, Chuo-ku, Tokyo 104-8420
   Takashi Sadahiro, President
2. Personal information protection manager
   Manager's name: Takashi Kudo
   Department of affiliation: General Affairs Headquarters
   Telephone number: 03-5550-1069
3. Purposes of use for all possessed personal data
   ■ Refer to 1. (1) of “About handling of personal information.”
4. Place for submitting complaints concerning handling of possessed personal data
   Customer Consultation Office of Yomiuri Travel Service Co., Ltd.
   Yomiuri Tsukiji Building, 2-5-3 Tsukiji, Chuo-ku, Tokyo 104-8420
   TEL: 03-6859-4301
   E-mail: privacy@yomiuri-ryokou.co.jp
   (Hours when inquiries are accepted: 10:00-17:00*)
   *For an inquiry received on a Saturday, Sunday, or public holiday or during the end-of-year and New Year period or the Golden Week period, we will handle the inquiry on or after the following business day.
5. Certified personal information protection organization
   At present, there is no certified personal information protection organization that our company has joined.
6. Procedures for handling requests for disclosure of possessed personal data or records of provision to third parties
   1. Place for submitting a request for disclosure
      Please submit a request for disclosure to the Customer Consultation Office stated above.
   2. Procedures related to requests for disclosure
      1. After receipt of a request, our company will provide, either by postal mail or by an electronic or magnetic record, the prescribed request form Written Request for Disclosure of Possessed Personal Data that is to be used.
      2. Please submit the request form that you have filled out, if the request is made by a representative, a document that confirms that the person is the representative, and a postal money order for service charges (only in a case of a request for notification of purposes of use or disclosure) to the office for inquiries about personal information that is stated above.
      3. After we receive the request form stated above, in order to confirm the customer's identity, we will make an inquiry about approximately two items of information (example: telephone number and date of birth) from among the personal information that the customer has registered with our company and by which it is possible to confirm the customer's identity.
      4. In principle, a reply will be made to the relevant person either in a document (a sealed letter sent by postal mail) or in an electronic or magnetic record.
   3. In the case of a request by a representative, documents that confirm that the person is the representative
      If the person requesting disclosure is a representative, please enclose a document that proves that the person is the representative and a document that proves the representative's identity. For permanent domicile information that is included in each document, please show information only up to the prefecture and conduct processing, such as blacking out of more detailed information. In addition, for each document, please either send something that does not include a personal number or conduct processing, such as blacking out all of the digits of the personal number.
      1. Documents that prove that the person is the representative
         A case of a representative who the relevant person delegated for requesting disclosure
         Letter of authorization by the relevant person (original copy)
         A case in which the representative is a minor's legal representative
         A copy of one of the following:
         Certified copy of family register
         Resident card (a card that states the representative's relationship to the minor)
         Another official document by which it is possible to confirm authority for legal representation
         A case in which the representative is an adult ward's legal representative
         A copy of either of the following:
         Certificate of registered matters concerning guardianship registration
         Another official document by which it is possible to confirm authority for legal representation
      2. Documents that prove the representative's identity
         Driver's license
         Passport
         Insurance card for health insurance (Please submit it after blacking out all of the digits of the insured person's symbols and numbers.)
         Resident card
   4. Service charge for a request for notification of the purposes of use or disclosure
      JPY 500 per one instance of a request
      (Please enclose a postal money order or a postage stamp with the request form that you send.)
7. Measures that are implemented for the purpose of safety management
   Our company has, in accordance with the personal information protection risks for the personal information that we handle, formulated a Personal Information Protection Policy for the purposes of prevention of leaks, loss, or damage and other safety management of personal information, stipulated the Personal Information Protection Regulations based on that policy, and is implementing the necessary and appropriate measures below.
   (Formulation of basic policies)
   • In order to ensure proper handling of personal data, we are formulating basic policies concerning compliance with related laws, regulations, and guidelines and the office for handling consultations and complaints.
   (Maintenance of rules for handling of personal data)
   • We have stipulated regulations concerning handling and are endeavoring to properly manage personal information at each stage, such as personal information's acquisition, use, provision, storage, and deletion or disposal.
   (Organizational safety management measures)
   • We have appointed a person responsible for information management and are maintaining a system for reports and contact.
   • We will regularly conduct self-inspection concerning handling of personal information in daily work, and audits by the Audit Department are being conducted.
   (Human safety management measures)
   • We are conducting regular training for employees concerning appropriate handling of personal information.
   (Physical safety management measures)
   • We are managing employees' entry into and exit from rooms and restricting the devices that are brought into the company.
   (Technical safety management measures)
   • We have introduced mechanisms that protect information systems that handle personal data from unauthorized access or malicious software from external parties that use computer viruses.
   (Ascertainment of the external environment)
   • When a customer's personal information is provided to a third party in a foreign country, we ascertain the foreign country's system related to protection of personal information and then implement safety management measures.

■ About information concerning personal information protection by third parties in foreign countries

• Information concerning personal information protection in a foreign country when a third party to which a customer's personal information will be provided is in that foreign country is as stated below (for specific country names, please check the schedule).
  1. Countries subject to the GDPR (the EU's General Data Protection Regulation) and England (The Personal Information Protection Commission has designated them as foreign countries that have systems related to the protection of personal information that are at the same level of protection as that of Japan.)
     Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Liechtenstein, Iceland, Norway, and England
     (Reference: Notification of the Personal Information Protection Commission No. 1 and No. 5 of 2019)
  2. Countries and regions that have acquired certification of adequacy based on Article 45 of the GDPR (The European Commission has recognized that they have a sufficient data protection level, based on the GDPR.)
     Argentina, Andorra, England, Israel, Uruguay, Canada, Switzerland, and New Zealand
     (Reference: https://www.ppc.go.jp/enforcement/infoprovision/laws/GDPR/)
  3. Member countries and regions of APEC's CBPR system (They have laws and regulations that conform to the APEC Privacy Framework.)
     The United States, Mexico, Canada, Singapore, South Korea, Australia, Taiwan, and
     the Philippines (Reference: https://www.ppc.go.jp/enforcement/cooperation/international_conference/)
  4. Countries that handle all eight principles of the OECD Privacy Guidelines (The OECD Privacy Guidelines have been stipulated with the following eight principles as basic principles: (1) collection limitation principle, (2) data quality principle, (3) purpose specification principle, (4) use limitation principle, (5) security safeguards principle, (6) openness principle, (7) individual participation principle, and (8) accountability principle.)
     China, Brazil, Peru, Morocco, South Africa, and Turkey
  5. Countries that do not handle some of the eight principles of the OECD Privacy Guidelines
     Tunisia (It does not handle some of the [8] accountability principle.)
     Costa Rica and Mongolia (They do not handle some of the [7] individual participation principle.)
     Panama and Qatar (They do not handle some of the [6] openness principle and [7] individual participation principle.)
     Thailand, Malaysia, and Russia (They do not handle the [8] accountability principle.)
     Ukraine (It does not handle some of the [7] individual participation principle. It also does not handle the [8] accountability principle.)
     Laos (It does not handle some of the [2] data quality principle and the [8] accountability principle. It also does not handle some of the [1] collection limitation principle, [3] purpose specification principle, [4] use limitation principle, [5] security safeguards principle, [6] openness principle, and [7] individual participation principle.)
  6. Countries that do not have comprehensive laws and regulations related to protection of personal information
     India, Indonesia, Cambodia, Vietnam, and Myanmar
  7. Country that does not have a system related to the protection of personal information
     United Arab Emirates
• If a third party to which a customer's personal information will be provided is in a foreign country of (i) through (iv) above, that third party is implementing measures for the purpose of personal information protection that correspond to all eight principles of the OECD Privacy Guidelines.
• Matters concerning systems related to protection of personal information in certain countries or regions are open to the public on the Personal Information Protection Commission's homepage.
  (Reference: https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/#gaikoku)
• If a third party to which a customer's personal information will be provided is in a country that does not have comprehensive laws, regulations, or systems related to the protection of personal information, we conclude an agreement with the tour operator on the condition that there is compliance with the eight principles of the OECD Privacy Guidelines.