Privacy Policy
Yomiuri Travel Service's Personal Information Protection Policy
Yomiuri Travel Service Co., Ltd., (hereinafter the “Company”) believes that, for personal information protection, conducting extremely careful and appropriate management is a social responsibility that is a matter of course. The personal information (hereinafter “Personal Information”) that we receive through business activities is the relevant person's important asset, and in order to ensure that the relevant person's rights and interests will not be wrongfully infringed, we have stipulated the Personal Information Protection Policy below and will regularly reconsider it and continuously improve it.
1. About acquisition and use of Personal Information
When Personal Information is acquired, we will specify its purposes of use and conduct such acquisition by lawful and fair means within the scope of the Company's legitimate business. Excluding cases in which the relevant person's agreement has been obtained in advance and cases in which it is allowed based on a law or regulation, we will handle Personal Information only within the scope that is necessary for accomplishing the stipulated purposes of use.
2. Matters related to compliance with laws, regulations, guidelines stipulated by the national government, and other standards
The Company will comply with laws, regulations, and guidelines and other standards stipulated by the national government that are related to the handling of Personal Information.
3. About proper management of Personal Information
The Company will appoint a person responsible for management related to Personal Information; follow the guidance of the person responsible for management to stipulate internal regulations related to personal information protection that take guidelines stipulated by the national government into consideration; introduce appropriate security measures against such risks as leaks, loss, or damage of Personal Information; and endeavor to prevent and correct those risks.
Person responsible for personal information management
4. Employees' awareness about personal information protection
The Company will educate all officers and employees about the prevention of use of Personal Information for matters other than its purposes and security measures that have been stipulated in internal regulations and endeavor to improve awareness about personal information protection.
5. Supervision of consigned parties
In some cases, the Company will consign the handling of acquired Personal Information to third parties within the scope that is necessary for accomplishing the purposes of use. The Company will select those third parties after confirming that they are at a sufficient security level for handling of Personal Information and will conduct the necessary and appropriate supervision through an agreement or other means.
For the work that is necessary for settlement of prices of products and services, the Company is consigning that work to third-party external business operators. The names of the business operators to which that consignment is made are as stated below.
Names of the business operators to which consignment is made
DG Financial Technology (https://www.veritrans.co.jp)
Econtext, Inc. (https://www.econtext.jp/)
GMO Payment Gateway, Inc. (https://www.gmo-pg.com/)
6. About provision to third parties
For acquired Personal Information, excluding cases in which there is a necessity to do so under a law or regulation and cases of joint use or provision to a party to which work is consigned, the Company will not provide Personal Information to third parties without the relevant person's agreement.
7. About joint use
In some cases, we will conduct joint use of Personal Information acquired at the Company for service quality improvement, provision of information about services, and marketing of each company of the Yomiuri Group and Yomiuri Shimbun venders (Yomiuri Center: YC) that are stipulated in publicly announced matters. Each company will take responsibility and manage the relevant Personal Information.
Name of the person who has responsibility for personal information management in joint use:
Takashi Sadahiro, President, Yomiuri Travel Service Co., Ltd., 2-5-3 Tsukiji, Chuo-ku, Tokyo
Publicly announced matters concerning joint use by the Yomiuri Shimbun Group
8. About inquiries concerning Personal Information
For Personal Information that the Company possesses, we will appropriately handle opinions, inquiries, complaints, and consultations concerning its disclosure, correction, cessation of use (provision of information about products or services), elimination, or other handling of Personal Information based on the provisions of laws and regulations.
In the event that a problem, such as outflow of Personal Information occurs, the Company will immediately contact the customer, investigate the facts, and then implement measures to ensure safety. We will also promptly give public announcement of the facts on our homepage or another place.
Office for inquiries
Customer Consultation Office of Yomiuri Travel Service Co., Ltd.
Yomiuri Tsukiji Building, 2-5-3 Tsukiji, Chuo-ku, Tokyo 104-8420
TEL: 03-6859-4301
E-mail: customercontact@yomiuri-ryokou.co.jp
(Hours when inquiries are accepted: 10:00-17:00)
*For an inquiry received on a Saturday, Sunday, or public holiday or during the end-of-year and New Year period or the Golden Week period, we will handle the inquiry on or after the following business day.
If resolution between the parties is not possible for a difference of opinion between the customer and the Company concerning Personal Information, the customer can ask the association stated below for assistance for resolution of that matter.
Consumer Consultation Office of Japan Travel Agents Association
3-3-3 Kasumigaseki, Chiyoda-ku, Tokyo
TEL: 03-3592-1266
Date of establishment: January 1, 2016
Date of final revision: June 14, 2023
Yomiuri Travel Service Co., Ltd.
2-5-3 Tsukiji, Chuo-ku, Tokyo
Takashi Sadahiro, President
(Announcement Concerning Personal Information)
■ About handling of personal information
-
Purposes of use of the personal information that our company handles
- Purposes of use of personal information (including information obtained from the homepage or e-mail) obtained directly in writing from the relevant person
Classification Purposes of use Travel applicants' customer personal information (also including customers who apply by telephone or for whom an indirect application is made in cases of group travel, in addition to applications made by the relevant person in a document or on the website) - For contact with customers
- For arrangements for services provided by transportation and accommodation organizations during travel for which the customer applied, and for procedures for the purpose of receiving those services
- For procedures for insurance to ensure payment of expenses in times of accidents, at our company's liability under a travel contract
- For provision to transportation and accommodation organizations, insurance companies, and souvenir shops at travel destinations within the scope that is necessary for customers' shopping convenience at souvenir shops at travel destinations
- For provision of information about products, services, and campaigns of the company and companies that conduct tie-ups with the company
- For requests for provision of opinions and impressions after participation in travel
- Requests for responses to questionnaires
- Provision of special services
- For creation of statistical data
E-mail addresses of applicants for e-mail newsletters - For delivery of e-mail newsletters
- For subscriber management
Information about our company's employees - Employees' personnel and labor management and work management
- For health management and security management
Information about people who apply for jobs at our company - For contacting job applicants and for our company's management of hiring work
Customers' personal information obtained through online shopping - For product and service arrangements and shipping in product sales for which customers have made purchases
- For provision of information about products, services, and campaigns of the company and companies that conduct tie-ups with the company
- Purposes of use of personal information obtained by a method other than those of the previous clause
Classification Purposes Customers' personal information obtained through the representative (company etc.) in group travel - For contact with customers
- For arrangements for services provided by transportation and accommodation organizations during travel for which the customer applied and for procedures for the purpose of receiving those services
- For procedures for insurance to ensure payment of expenses in times of accidents, at our company's liability under a travel contract
- For provision to transportation and accommodation organizations, insurance companies, and souvenir shops at travel destinations within the scope that is necessary for customers' shopping convenience at souvenir shops at travel destinations
Customers' personal information obtained through work consignment - For execution of agency work for travel accident insurance
- For work execution for inbound travel business and consigned business
Customers' personal information obtained from a travel agency to which sales are assigned - For arrangements for services provided by transportation and accommodation organizations during travel for which the customer applied, and for receipt of those services
Customers' personal information obtained orally through applications made by telephone - For receiving applications, sending application procedure documents, and handling inquiries made by telephone
- Purposes of use of personal information (including information obtained from the homepage or e-mail) obtained directly in writing from the relevant person
- Personal information protection manager: Takashi Kudo
Department of affiliation: General Affairs Headquarters
Telephone number: 03-5550-1069 - For the purpose of arrangements for travel for which an application is made, we will provide the customer's name, address, telephone number, age, and date of birth to transportation and accommodation organizations and an agent that makes arrangements (limited to the necessary cases) by sending a document or using an electronic method in advance. When an application is made, the customer shall agree to the provision of such personal data.
- In some cases, our company will consign the handling of personal information to another company.
- When our company receives a request from a customer for notification of the purposes of use of possessed personal data or for its disclosure, correction, addition or deletion, cessation of use, elimination, or cessation of provision to third parties, we will promptly handle the request.
Office for inquiries: Customer Consultation Office
Telephone number: 03-6859-4301 FAX: 03-5550-0638
E-mail: customercontact@yomiuri-ryokou.co.jp
Hours when inquiries are accepted: Monday to Friday, 10:00-17:00
Days when the office is closed: Saturdays, Sundays, public holidays, and end-of-year and New Year period - The items of personal information that the customer provides to our company are voluntary, but if the customer does not provide certain items of personal information, there may be cases in which it will not be possible to appropriately provide arrangements or procedures for travel services or cases in which it will not be possible to accept the customer's application or request.
- On the site that the Yomiuri Travel Service operates, cookies are used for the purpose of providing efficient service to customers, but customers' personal information will not be collected by cookies.
■ Dissemination of matters related to possessed personal data
In relation to possessed personal data that is retained at our company, for a request from the relevant person or that person's representative for notification of the purposes of use, disclosure, correction, addition, or deletion of content, cessation of use, elimination, or cessation of provision to third parties (hereinafter referred to as the “Request for Disclosure etc.”), we will handle it according to the main points below.
- Business operator's name and address, and representative's name
Yomiuri Travel Service Co., Ltd.
Yomiuri Tsukiji Building, 2-5-3 Tsukiji, Chuo-ku, Tokyo 104-8420
Takashi Sadahiro, President - Personal information protection manager
Manager's name: Takashi Kudo
Department of affiliation: General Affairs Headquarters
Telephone number: 03-5550-1069 - Purposes of use for all possessed personal data
■ Refer to 1. (1) of “About handling of personal information.” - Place for submitting complaints concerning handling of possessed personal data
Customer Consultation Office of Yomiuri Travel Service Co., Ltd.
Yomiuri Tsukiji Building, 2-5-3 Tsukiji, Chuo-ku, Tokyo 104-8420
TEL: 03-6859-4301
E-mail: privacy@yomiuri-ryokou.co.jp
(Hours when inquiries are accepted: 10:00-17:00*)
*For an inquiry received on a Saturday, Sunday, or public holiday or during the end-of-year and New Year period or the Golden Week period, we will handle the inquiry on or after the following business day. - Certified personal information protection organization
At present, there is no certified personal information protection organization that our company has joined. - Procedures for handling requests for disclosure of possessed personal data or records of provision to third parties
- Place for submitting a request for disclosure
Please submit a request for disclosure to the Customer Consultation Office stated above. - Procedures related to requests for disclosure
- After receipt of a request, our company will provide, either by postal mail or by an electronic or magnetic record, the prescribed request form Written Request for Disclosure of Possessed Personal Data that is to be used.
- Please submit the request form that you have filled out, if the request is made by a representative, a document that confirms that the person is the representative, and a postal money order for service charges (only in a case of a request for notification of purposes of use or disclosure) to the office for inquiries about personal information that is stated above.
- After we receive the request form stated above, in order to confirm the customer's identity, we will make an inquiry about approximately two items of information (example: telephone number and date of birth) from among the personal information that the customer has registered with our company and by which it is possible to confirm the customer's identity.
- In principle, a reply will be made to the relevant person either in a document (a sealed letter sent by postal mail) or in an electronic or magnetic record.
- In the case of a request by a representative, documents that confirm that the person is the representative
If the person requesting disclosure is a representative, please enclose a document that proves that the person is the representative and a document that proves the representative's identity. For permanent domicile information that is included in each document, please show information only up to the prefecture and conduct processing, such as blacking out of more detailed information. In addition, for each document, please either send something that does not include a personal number or conduct processing, such as blacking out all of the digits of the personal number.- Documents that prove that the person is the representative
A case of a representative who the relevant person delegated for requesting disclosure
Letter of authorization by the relevant person (original copy)
A case in which the representative is a minor's legal representative
A copy of one of the following:
Certified copy of family register
Resident card (a card that states the representative's relationship to the minor)
Another official document by which it is possible to confirm authority for legal representation
A case in which the representative is an adult ward's legal representative
A copy of either of the following:
Certificate of registered matters concerning guardianship registration
Another official document by which it is possible to confirm authority for legal representation - Documents that prove the representative's identity
Driver's license
Passport
Insurance card for health insurance (Please submit it after blacking out all of the digits of the insured person's symbols and numbers.)
Resident card
- Documents that prove that the person is the representative
- Service charge for a request for notification of the purposes of use or disclosure
JPY 500 per one instance of a request
(Please enclose a postal money order or a postage stamp with the request form that you send.)
- Place for submitting a request for disclosure
- Measures that are implemented for the purpose of safety management
Our company has, in accordance with the personal information protection risks for the personal information that we handle, formulated a Personal Information Protection Policy for the purposes of prevention of leaks, loss, or damage and other safety management of personal information, stipulated the Personal Information Protection Regulations based on that policy, and is implementing the necessary and appropriate measures below.
(Formulation of basic policies)- In order to ensure proper handling of personal data, we are formulating basic policies concerning compliance with related laws, regulations, and guidelines and the office for handling consultations and complaints.
- We have stipulated regulations concerning handling and are endeavoring to properly manage personal information at each stage, such as personal information's acquisition, use, provision, storage, and deletion or disposal.
- We have appointed a person responsible for information management and are maintaining a system for reports and contact.
- We will regularly conduct self-inspection concerning handling of personal information in daily work, and audits by the Audit Department are being conducted.
- We are conducting regular training for employees concerning appropriate handling of personal information.
- We are managing employees' entry into and exit from rooms and restricting the devices that are brought into the company.
- We have introduced mechanisms that protect information systems that handle personal data from unauthorized access or malicious software from external parties that use computer viruses.
- When a customer's personal information is provided to a third party in a foreign country, we ascertain the foreign country's system related to protection of personal information and then implement safety management measures.
■ About information concerning personal information protection by third parties in foreign countries
- Information concerning personal information protection in a foreign country when a third party to which a customer's personal information will be provided is in that foreign country is as stated below (for specific country names, please check the schedule).
- Countries subject to the GDPR (the EU's General Data Protection Regulation) and England (The Personal Information Protection Commission has designated them as foreign countries that have systems related to the protection of personal information that are at the same level of protection as that of Japan.)
Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Liechtenstein, Iceland, Norway, and England
(Reference: Notification of the Personal Information Protection Commission No. 1 and No. 5 of 2019) - Countries and regions that have acquired certification of adequacy based on Article 45 of the GDPR (The European Commission has recognized that they have a sufficient data protection level, based on the GDPR.)
Argentina, Andorra, England, Israel, Uruguay, Canada, Switzerland, and New Zealand
(Reference: https://www.ppc.go.jp/enforcement/infoprovision/laws/GDPR/) - Member countries and regions of APEC's CBPR system (They have laws and regulations that conform to the APEC Privacy Framework.)
The United States, Mexico, Canada, Singapore, South Korea, Australia, Taiwan, and
the Philippines (Reference: https://www.ppc.go.jp/enforcement/cooperation/international_conference/) - Countries that handle all eight principles of the OECD Privacy Guidelines (The OECD Privacy Guidelines have been stipulated with the following eight principles as basic principles: (1) collection limitation principle, (2) data quality principle, (3) purpose specification principle, (4) use limitation principle, (5) security safeguards principle, (6) openness principle, (7) individual participation principle, and (8) accountability principle.)
China, Brazil, Peru, Morocco, South Africa, and Turkey - Countries that do not handle some of the eight principles of the OECD Privacy Guidelines
Tunisia (It does not handle some of the [8] accountability principle.)
Costa Rica and Mongolia (They do not handle some of the [7] individual participation principle.)
Panama and Qatar (They do not handle some of the [6] openness principle and [7] individual participation principle.)
Thailand, Malaysia, and Russia (They do not handle the [8] accountability principle.)
Ukraine (It does not handle some of the [7] individual participation principle. It also does not handle the [8] accountability principle.)
Laos (It does not handle some of the [2] data quality principle and the [8] accountability principle. It also does not handle some of the [1] collection limitation principle, [3] purpose specification principle, [4] use limitation principle, [5] security safeguards principle, [6] openness principle, and [7] individual participation principle.) - Countries that do not have comprehensive laws and regulations related to protection of personal information
India, Indonesia, Cambodia, Vietnam, and Myanmar - Country that does not have a system related to the protection of personal information
United Arab Emirates
- Countries subject to the GDPR (the EU's General Data Protection Regulation) and England (The Personal Information Protection Commission has designated them as foreign countries that have systems related to the protection of personal information that are at the same level of protection as that of Japan.)
- If a third party to which a customer's personal information will be provided is in a foreign country of (i) through (iv) above, that third party is implementing measures for the purpose of personal information protection that correspond to all eight principles of the OECD Privacy Guidelines.
- Matters concerning systems related to protection of personal information in certain countries or regions are open to the public on the Personal Information Protection Commission's homepage.
(Reference: https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/#gaikoku) - If a third party to which a customer's personal information will be provided is in a country that does not have comprehensive laws, regulations, or systems related to the protection of personal information, we conclude an agreement with the tour operator on the condition that there is compliance with the eight principles of the OECD Privacy Guidelines.