Adventure, Inc. (hereafter referred to as the "Company") exercises the utmost care in the protection of personal information in accordance with the following basic policy, in recognition of the social responsibility to comply with the legal laws and regulations of Japan governing the protection of personal information and to manage personal information in an appropriate manner.
- Compliance with Laws, Regulations and Guidelines Governing Personal Information
- The Company understands the purpose and content of the Act on the Protection of Personal Information, related laws and regulations, guidelines established by relevant ministries and agencies and this Privacy Policy, and will observe such laws and regulations, and will make every reasonable effort to manage and protect personal information.
- Establishment of a Personal Information Protection Management System
- The Company shall ensure that its directors and employees understand the details and importance of personal information protection and establish a management system for the protection of personal information.
- Improvement of Personal Information Protection
- The Company shall make continuous efforts to improve and ensure the proper management and protection of personal information.
- Prompt Response to Queries and Complaints
- The Company shall promptly respond to requests for disclosure, correction, addition, suspension of use or deletion of personal information, exercise of rights related to GDPR (General Data Protection Regulation), and other opinions and requests regarding the handling of personal information. The contact point for inquiries is as described in clause "11) Contact for Privacy Policy" hereunder.
- *GDPR refers to the EU General Data Protection Regulation, which aims to protect personal information (data) within the European Economic Area (EEA), including the European Union (EU).
Management of Personal Information
Pursuant to the "Basic Policy," the Company shall comply with laws, regulations, and other norms related to the protection of personal information and shall manage such information in an appropriate manner.
- 1) Acquisition of Personal Information
- The Company shall acquire personal information in an appropriate and fair manner by the following methods.
- a) Information provided directly by users of skyticket through user registration, application information input, telephone or e-mail inquiries and similar methods
- Information to be acquired includes name, gender, date of birth, e-mail address, telephone number, fax number, passport information, name of transfer agent (for bank or postal transfer payments), account information for refund (cancellation refunds), information of accompanying passengers (name, gender, date of birth, passport information), local information for overseas air tickets, information of local accommodation at destination, address and insurance beneficiary information for overseas air tickets (travel insurance policy during travel), personal belongings when boarding a ferry, size of vehicle (car/motorcycle) when travels include boarding of vehicle), payment success or failure, payment-related information required by the payment agency depending on the payment method selected by the user, information required by each service provider for refunds in the event of cancellation and details of enquiries.
- *All credit card information entered by users on skyticket is sent directly to credit card companies and fraud detection companies without passage through skyticket and the Company does not acquire, verify, or retain such information
- b) Receiving the above information of a user from a third party based on the consent of the user
- c) Automatically recording and retrieving information when a user accesses skyticket website
- The Company collects information about individuals (personal information/personally identifiable information) such as cookies, IP addresses, advertising identifiers (AAID/IDFA), device information, and log information related to Internet usage such as location information and activity history. When a user provides personal information to the Company, the Company may link the user's personally identifiable information to the user's personal information, whereby such personally identifiable information shall also be regarded as personal information.
- d) Receiving relevant personal information from third parties that operate advertising tools that were clicked on prior to users accessing skyticket
- For the purpose of evaluating the effectiveness of advertisements, the Company obtains personally relevant information, such as information on advertisements clicked on before visiting skyticket from tools operated by third parties (date of click and advertised site) and only if the user agrees to this Privacy Policy, the Company may use the personally relevant information obtained for the purpose of evaluating the effectiveness of the relevant advertisements. The information will be used in conjunction with the user's personal information by matching it with the user's booking details and other information. Such information will be regarded as personal information.
- Personal information acquired by the Company shall be disposed of at a point in time when it is deemed reasonably no longer necessary under normal business operations by the Company.
- 2) Acquisition Purpose and Use of Personal Information
- The Company uses personal information for the following purposes (see "7) Usage of Cookies" for details on the use of cookies for personally-related information). The Company intends to acquire personal information and will clearly state the purpose of use when it is provided directly by the user in writing or through skyticket or other means. The Company shall not use personal information beyond the scope of the purpose of use without first obtaining the prior consent of the user.
- a) For skyticket membership registration, loyalty points program and other skyticket operational purposes
- b) For procedures such as arrangements, cancellations and refunds for travel services (flights, hotels, car rentals, buses, ferries and tours) applied for via the skyticket website
- c) For times of emergency to contact the user in the event of travel injury, illness and/or other emergency during the travel period
- d) For reservation and cancellation procedures of food and beverage services (restaurant/takeout) booked via skyticket
- e) For processing optional travel services (insurance policies and the like) applied for via skyticket
- f) For the provision of skyticket Premium Services
- g) For the shipment of products purchased by users
- h) For necessary communication with users pertaining to each of the aforementioned services
- i) For the distribution of e-mail, newsletters and other advertising and promotional offers for products and services provided on skyticket
- j) For the analysis of users' browsing history, usage history and the like to determine the effectiveness of advertisements, marketing and service improvements
- k) For provision of responses to opinions, consultations, complaints and other communications from users
- l) For the utilization of national and local government subsidy programs
- m) For investigation and response to system malfunctions and errors
- n) For compliance checks, monitoring, prevention, analysis and countermeasures against fraudulent activities and the like
- o) For the provision of personal information to third parties as set forth in clause "5) Provision of Personal Information to Third Parties" hereunder
- 3) Safe Management of Personal Information
- The Company has implemented the following security control measures to prevent the leakage, loss, destruction or damage of personal information and to appropriately manage personal information in a secure manner.
- a) Formulation of basic policies
- Establishment of a basic policy in internal Company Regulations pertaining to the handling of personal information.
- b) Disciplinary regulations in the management of personal information
- The Company has established internal regulations with regards to the management of personal information and makes every effort to ensure that all employees have a proper knowledge and understanding of such regulations.
- c) Implementation of safety management practices in the organization
- ⅰ) Development of an organizational structure
- Formulation of a specific division to manage and supervise all matters pertaining to the protection of personal information.
- ⅱ) Operations in compliance with rules and regulations pertaining to the handling of personal information
- Pertinent operations are executed in compliance with the Company's internal rules for the protection and handling of personal information.
- ⅲ) Maintaining a means of verifying the handling status of personal information
- Conducting routine periodic inspections and internal audits.
- ⅳ) Development of a system to respond to leakage and other incidents related to personal information
- Developing a manual for handling personal information related incidents and establishing an incident response team in accordance with this manual.
- ⅴ) Monitoring of handling status and reviewing safety control measures
- Regular checks are conducted on the status of handling of personal information and safety control measures are revised when deemed necessary.
- d) Individual security management
- Employees are trained on a regular basis on the protection of personal information.
- e) Physical security management
- ⅰ) Management of zones where personal information is handled
- Areas where personal information are handled are access-controlled by IC (Integrated Circuit) cards.
- ⅱ) Prevention of theft
- All paper documents are stored in cabinets secured with locks.
- ⅲ) Prevention of leakage when transferring electronic media
- Passwords are set for all electronic media.
- ⅳ) Deletion of personal information and disposal of devices and electronic media
- All electronic media are disposed of in an unrecoverable manner.
- f) Technical security management
- ⅰ) Access control and prevention of unauthorized external access
- WAF (Web Application Firewall) is used to restrict illegal or unauthorized access.
- ⅱ) Identification and authentication of accessors
- Accessors are restricted to the minimum necessary and controlled by identity (ID) submissions.
- ⅲ) Prevention of leakage arising from the use of information systems
- Encryption of data stored in the database.
- g) Identification of the external environment
- Regular checks are conducted on external factor risks pertaining to the protection of personal information. Provision of personal information to foreign third parties is as set forth in clause 6) hereunder.
- 4) Consignment of Personal Information
- The Company may consign, in whole or in part, of the handling of acquired personal information to the extent necessary for the achievement of the purpose of use. The Company shall enter into a non-disclosure agreement that includes provisions regarding the handling of personal information and shall exercise all necessary and appropriate supervision over the consignee/outsourced contractors.
- *Consignees: Ticketing agents, wholesalers, website administrators, shipping companies, marketing tool providers and other such related vendors.
- 5) Provision of Personal Information to Third Parties
- The Company shall provide personal information to third parties in writing or by electromagnetic means within the scope of the purposes of use stipulated hereinabove, as provided for below.
- a) Provision of personal information when booking travel services
- ⅰ) Purpose of provision
- For travel service arrangements, ticketing, cancellations refunds and other related procedures
- To ensure the liability of the Company in the event of a travel contract, expenses in the event of an accident and other such related obligations
- ⅱ) Personal information to be provided
- E-mail address, name, gender, date of birth, residential address, telephone number, nationality, passport number, particulars of booking and other information related to the booking request
- ⅲ) Source(s) of provision
- Each service provider for travel services (airlines, bus companies, ferry companies, accommodation facilities, land operators, tour companies and other relevant service providers)
- Travel insurance company(ies)
- b) Provision of personal information when making reservations for food and beverage services (restaurant/take-out)
- ⅰ) Purpose of provision
- Procedures for restaurants and take-out reservations, cancellations and other related services
- Analysis of usage
- ⅱ) Personal information to be provided
- E-mail address, name, telephone number, reservation details, incoming call history, call details and other relevant information deemed required
- ⅲ) Source(s) of provision
- Restaurant(s) reserved for each reservation/booking
- Telephone notification and analysis service companies
- c) Provision of personal information when booking optional travel services (e.g. travel insurance)
- ⅰ) Purpose of provision
- Procedures for the booking of relevant services
- ⅱ) Personal information to be provided
- E-mail address, name, gender, date of birth, telephone number, recipient, booking details and other relevant information
- ⅲ) Source(s) of provision
- Insurance companies and other relevant service providers
- d) Personal information of skyticket Premium Service users
- ⅰ) Purpose of provision
- Registration for membership of employee benefit services
- ⅱ) Personal information to be provided
- E-mail address, name, gender, date of birth, telephone number, booking details and other relevant information
- ⅲ) Source(s) of provision
- Provider(s) of employee benefit services
- e) Personal information of payment service users
- ⅰ) Purpose of provision
- Payment processing and prevention of fraudulent card use
- ⅱ) Personal information to be provided
- Air ticket information, hotel information, e-mail address, name, gender, date of birth, phone number, nationality, passport number, IP information (IP address, country and city name), device information (device ID, language and the like)
- ⅲ) Source(s) of provision
- Payment processing companies, fraud detection tool providers
- f) Personal information of users of subsidy programs
- ⅰ) Purpose of provision
- Subsidy program applications
- ⅱ) Personal information to be provided
- Application details, name, place of residence (prefecture and city) and other relevant information
- ⅲ) Source(s) of provision
- National and local authorities
- The Company shall not provide personal information to third parties other than in the preceding circumstances, except in the instances stipulated hereunder.
- • When the consent of the individual has been obtained in advance
- • When required by law
- • When disclosure is necessary for the protection of the life, body and/or property of an individual and obtaining the consent directly from the individual is not possible
- • When disclosure is specifically required to improve public health or to protect the welfare of children and obtaining the consent directly from the individual is not possible
- • When there is a need to cooperate with a national agency, a local government and/or an individual or entity entrusted by either a national organization or a local government to execute affairs prescribed by laws and regulations and obtaining the consent of the individual is deemed likely to impede the execution of the affairs concerned
- 6) Provision of Personal Information to Third Parties in Foreign Countries
- a) The Company may provide or entrust personal information to a third party in a foreign country in any of the circumstances stipulated hereunder.
- ⅰ) When the service provider of the travel service or food and beverage service that the user has booked is a third party in a foreign country
- ⅱ) When the Company consigns all or part of the handling of acquired personal information to a third party in a foreign country to the extent necessary to enable the purpose of use
- When a user applies for foreign travel services or food and beverage services via skyticket, arrangements may be made through overseas wholesalers located in the European Union, the United States of America or South Korea (The Company shall provide necessary and appropriate supervision of consignees after concluding non-disclosure agreements that include clauses regarding the handling of personal information)
- b) The Company shall obtain the prior consent of a user when providing personal information to a third party in a foreign country, including consignment transactions, except in foreign countries (*1) where the third party has a system for the protection of personal information that is equivalent to that implemented in Japan.
- c) Information on the protection of personal information of third parties in foreign countries.
- ⅰ) If the personal information of a user is provided or commissioned to a third party in a foreign country, the details regarding the protection of personal information in that foreign country are available in the survey results of the Personal Information Protection Commission (https://www.ppc.go.jp/en/legal/). Specific names of countries to which information shall be provided or commissioned to can be found in the confirmation e-mail for the travel service or food and beverage service reservations the user has applied for or on "My Page" of this website or by contacting the contact listed in "11) Contact for Privacy Policy".
- ⅱ) Personal information may be provided to countries not listed in the results of the survey by the Personal Information Protection Commission. Please refer to "11) Contact for Privacy Policy" hereunder if a survey is necessitated.
- *1) Countries subject to GDPR (EU General Data Protection Regulation) and the United Kingdom (designated by the Personal Information Protection Commission as a foreign country with a system for the protection of personal information that is equivalent to the level of protection in Japan)
- *Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Liechtenstein, Iceland, Norway, United Kingdom
- 7) Usage of Cookies
- The Company uses cookies to ensure the proper function of services and/or to provide enhanced convenience and satisfaction to our users.
- Cookies are information stored on computers, cell phones and other devices from the Company's site by the user's browser.
- The Company uses cookies primarily for the purposes outlined hereunder.
- • Save past searches and customized display settings of users
- • Automatic authentication of user accounts and storage of login credentials
- • Analyze the usage status of our services by users for the purpose of providing improved services
- The Company uses Google Analytics provided by Google LLC to understand and analyse the usage status of our services in order to provide convenient and user-friendly services to our users.
- When a user accesses our services, his or her web browser may automatically send information such as the address of the page accessed and the IP address to Google LLC. Google may also set cookies in your browser to collect data or read existing cookies. This information will only be used to analyse and improve site usage and to provide other services. Such information does not contain any personal identifiers.
- The method of collection and the use of access information by Google LLC is governed by the Google Analytics Terms of Service and the Google Privacy Policy (Privacy & Terms). Users can disable the collection of information (data) by installing the "Google Analytics Opt-out Browser Add-on" on their browsers.
- 8) Exercising GDPR (General Data Protection Regulation) Rights
- Users who are residents of EU Member States and subject to the GDPR and who wish to exercise their rights under the GDPR are required to make an initial contact with the contact address listed in clause "11) Contact for Privacy Policy" hereunder.
- Users may appeal to the supervisory authorities if they are dissatisfied with the processing of their personal information by the Company.
- 9) Revisions to this Policy
- The Company reserves the right to change its Privacy Policy from time to time in order to improve the proper management and protection of personal information (data). Any changes shall be notified on the website of the Company and users are advised to check the updated Privacy Policy.
- 10) Requests for the Disclosure of Personal Information
- Users who wish to be notified of the purpose of use of their personal information held by the Company, to disclose it, to correct, add or delete its content, to stop its use and/or to erase or stop its provision to third parties, shall be guided through the necessary procedures and may contact the Personal Information Contact for enquiries as described in clause 11) hereunder. Necessary actions will be taken without delay in accordance with the law and our by-laws. Notwithstanding the aforesaid, in the event that the request cannot be complied with in whole or in part, the reason(s) shall be provided to the user(s).
- 11) Contact for Privacy Policy
- For any enquiries pertaining to this Privacy Policy, requests for disclosure, exercising of rights under the GDPR and/or any other comments or requests relating to the handling of personal information, please contact us at the contact addresses hereunder.