Personal Information Protection Policy for GDPR

Handling of Personal Data for Residents in the EU (including the European Economic Area (EEA))

日本語ページ >

Initiatives for EEA Personal Data Protection

NOE CORPORATION (“the Company”) shall handle the personal information obtained from its customers (“EEA Personal Data”) by a legal, fair, and transparent means. The Company shall also securely manage the EEA Personal Data and take protective measures to prevent a leak, loss, or corruption thereof.

(1) Company’s internal management structure
  • (i) The Company shall clarify the roles and responsibilities/authorizations for its EEA Personal Data management system and appoint a security manager for each department and an organization manager for each operational organization. The Company shall also ensure that the EEA Personal Data is properly managed by these managers.
  • (ii) The Company shall develop the its internal rules and conduct regular employee training and audits regarding the protection of the EEA Personal Data, in order to store its customers’ EEA Personal Data strictly.

EEA Personal Data Acquired from Customers

The main categories of the EEA Personal Data that the Company acquired from customers when they apply for travel plans, the purposes of use, and storage period thereof are specified below.

  • (i) Main categories of acquired information
    A customer’s name, address, telephone number, email address, birthdate, and other information
  • (ii) Purposes of use
    ■To undertake the procedures necessary to arrange and receive the services provided by transportation, accommodation, and other agencies (the principal transportation, accommodation, and other agencies are indicated in a customer’s itinerary) for a travel plan the customer applied for;
    ■To provide a customer with companies’ general insurance as well as incidental and related services, which insurance companies commissioned the Company to offer;
    ■To provide a customer with services, including goods, services, and information about campaigns, which the Company or its affiliated companies offer;
    ■To contact a customer who requested the consultation, and to communicate and confirm the details of the consultation with related agencies to the extent necessary;
    ■To request a customer’s opinions and impressions after the customer participates in a travel plan; and
    ■To request a customer to complete a questionnaire about the customer’s travel plan.
    Although the Company might ask a customer for personal information for a purpose other than the purposes of use listed above, the customer may provide this information at the customer’s discretion, except for the minimum required information fields. The decision whether the customer will provide the Company with the EEA Personal Data necessary to perform an agreement, such as a travel agreement, is at the customer’s discretion. The Company, however, might not be able to offer certain services in an appropriate manner, if the customer does not provide the necessary fields of information.
  • (iii) Storage period
    The Company shall keep the EEA Personal Data it acquired from a customer as long as necessary to perform each acquisition’s purposes of use. However, the Company shall promptly remove (delete) the EEA Personal Data when it is no longer necessary.

Handling Requirements for EEA Personal Data

The Company shall handle the EEA Personal Data only when the Company obtains the customer’s consent for handling it, including for the purposes of use, and when any of the following situations applies.

(1) If handling the EEA Personal Data is necessary to perform an agreement, of which the customer is a party (※1), or if handling the EEA Personal Data is necessary to undertake procedures (measures) in response to a customer’s request before executing an agreement;

※1 When preceding Paragraph 1-(2) applies. For example, when the Company notifies the customer’s data, including the customer’s address, to the transportation or accommodation agency, in the event of receiving an application for a travel plan and making arrangements with the transportation or accommodation agency specified by the customer, or when the Company undertakes the procedures (such as, obtaining a visa) necessary for the customer’s travel plan;

(2) If performing the matters (services) for the benefit of the customer, who applied for the travel plan;
(3) If it is necessary for the Company to handle the EEA Personal Data in accordance therewith to comply with legal obligations (※2);

※2 For example, when the Company complies with a data disclosure order from a government body pursuant to a law or regulation;

(4) If handling the EEA Personal Data is necessary to protect a substantial benefit for the customer or another individual (※3);

※3 For example, when providing the customer’s data to a related agency, such as the police or a hospital, is required, in the event the customer’s life is seriously threatened due to accidents or other situations during the customer’s travel; or

(5) If the Company conducts a necessary investigation, prevents, or takes measures against illegal acts or acts suspicious thereof, such as providing evidence, exercising a right, or making a rebuttal, when making legal assertions.

Special Categories for EEA Personal Data

The Company shall obtain a customer’s prior consent to undertake the procedures regarding the customer’s travel plan. Furthermore, the Company shall acquire, use, and transfer a customer’s EEA Personal Data in special categories (such as, a customer’s health condition and physical features), within the scope of fulfilling the purpose of the customer’s travel plan. The Company will not handle this EEA Personal Data for a purpose other than the indicated purpose of use.

International Transfers of EEA Personal Data

The Company shall develop, appropriately implement, and manage its structure to conform with the standards set forth in the General Data Protection Regulation (GDPR) regarding EEA Data, when it transfers the EEA Personal Data to outside the EEA (including relocation).

(1) Safety management measures:

The Company shall implement technical, physical, organizational, and personal security management measures to prevent a leak, loss, or corruption of the EEA Personal Data and otherwise to manage other EEA Personal Data securely, in order to manage its customers’ EEA Personal Data appropriately.

(2) Transferring EEA data to third parties:

The Company might provide its EEA Personal Data acquired from customers to a third party to the extent necessary to execute or perform the below-listed agreements depending on the types of services.

  • ■When providing transportation, accommodation, and other agencies with a customer’s name and other information; and
  • ■When making an order to an affiliated company (including a destination’s duty-free shop) to provide services the customer applied for;

In this event, the Company shall send the EEA Personal Data and other information regarding the customer’s name, passport number, and expected flight number by an electronic or other means.

(3) Transferring EEA Personal Data to a contractor of the Company

The Company might contract part of its business externally to provide the customer better services under the Company’s business operations. In this event, the Company shall examine the contractor’s handling conditions, including its secure management measures. Thereafter, the Company shall choose a suitable contractor, determine matters necessary to prevent a leak of the customer’s EEA Personal Data through measures, such as suitable management and confidentiality obligations in an agreement or other similar document, and make the contractor manage the EEA Personal Data appropriately.
In this event, the Company shall transmit its customers’ EEA Personal Data and other information necessary for the contracted services by an electronic or other means.

Compliance with Laws and Regulations related to EEA Personal Data

The Company shall comply with the applicable laws, rules, and regulations regarding its customers’ EEA Personal Data, and shall appropriately review and improve its above-described initiatives. Moreover, the Company might cooperate with an EEA Personal Data announcement based on providing materials during a police investigation or a request from relevant bodies in relation to the occurrence of incidents or other situations.

Customers’ rights regarding EEA Personal Data

A customer has the following rights with respect to the customer’s own EEA Personal Data.

(1) Right to know the customer’s EEA Personal Data and the related data;
(2) Right to request the deletion or removal of the customer’s EEA Personal Data without an unreasonable delay;
(3) Right to make the Company correct the customer’s incorrect EEA Personal Data without an unreasonable delay;
(4) Right to make the Company limit the handling of the customer’s EEA Personal Data;
(5) Right to receive the customer’s EEA Personal Data in a computer-readable format and the right to transfer its management to another organization;
(6) Right to raise an objection about the handling of the customer’s EEA Personal Data necessary for business performance conducted for the public’s benefit and the handling thereof for direct marketing; and
(7) Right not to receive evaluation of information or results using profiling or processing.

The Company would respond to a customer’s request within a reasonable scope, after verifying the customer is the identified person, if the customer desired to examine or revise the customer’s own EEA Personal Data in the above situations.

Use of Cookies

The Company’s website uses cookie technology to provide a certain functionality for customers to be able to use the website easily. The use of cookies, however, does not acquire data that could identify an individual. The cookie is the function of being stored and remembers on a customer’s computer that visited the Company’s website. A customer can refuse to receive the cookie by the browser’s settings the customer uses. However, the customer might not be able to use some of the services, if the customer’s settings refuse to accept the cookie.

Company’s Liability

A customer uses the Company’s website at the customer’s own responsibility.
NOE CORPORATION is not liable in any way for any damages arising due to the use of any information acquired from the Company’s website or other webpages linked by the Company’s website, unless the operating company for the relevant services is liable therefor.

Governing Law and Website Management

The Company’s website can be accessed from all over the world. However, the guidelines and other standards set forth in Japanese laws and by Japan shall apply to both the customers accessing the Company’s website and NOE CORPORATION regarding the use of the Company’s website, regardless if a discrepancy exists with the laws of the country where the Company’s website is accessed.
The Company’s website is operated under the management by NOE CORPORATION.

Data Protection Officer (DPO)

The Company nominates the following person to be the Data Protection Officer for the EEA Personal Data. The details are below.

NOE CORPORATION
Data Protection Officer for EEA Personal Data: Manager of the Corporate Planning Office
Contact: telephone number +81-3-3254-7601

[Help Desk]

The below Help Desk accepts customers’ inquiries regarding the EEA Personal Data.

NOE CORPORATION
Corporate Planning Office
Sumitomo Fudosan Kanda Building No. 2, 15F
1-23-1, Kandasuda-cho, Chiyoda-ku Tokyo, 101-0041
Tel: +81-3-3254-7601 (hours of operation: 9:00-18:00*(Japan time))
Inquiries received on Saturdays, Sundays, national holidays, and during the year-end and new-year period will be handled the following business day.

[Consent Forms, Application Forms, and Reports]

■Consents for EU Personal Data acquisition (Request form for travel)
■Applications/reports including disclosure of EU Personal Data
(These application forms are accepted only by post.)