Privacy Policy

Final Revision: September 1, 2025

NAVITIME JAPAN Co., Ltd.

NAVITIME JAPAN Co., Ltd. (hereinafter known as the 'Company') adheres to the rules stipulated below (hereinafter known as 'these Rules') when handling Personal Data acquired by the Company pertaining to the provision of 'Japan Travel by NAVITIME' (hereinafter known as the 'Service') as offered by the Company. Moreover, with respect to these Rules, in the event there is any discrepancy between the English version and the version translated into other languages, the English version shall supersede. 

1. Definitions

In these Rules:

'Data Protection Laws' means, in relation to a user, all applicable laws, rules, regulation, directives and governmental requirements relating in any way to the privacy, confidentiality, security, integrity and protection of Personal Data, including without limitation: the Data Protection Act 2018; the UK General Data Protection Regulation ('UK GDPR'); the EU General Data Protection Regulation 2016/679 ('EU GDPR'), the EU ePrivacy Directive 2002/58/EC, each as amended or superseded from time to time, and any EU Member State national implementing legislation; and the Act on the Protection of Personal Information in Japan ('PPI').

'Personal Data' means any data relating to an identified or identifiable person, such as name, addresses, email addresses, telephone numbers and dates of birth.

'process' or 'processing' or 'processed' means any operation performed upon Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;

'user' means any individual that uses the Service and is the subject of Personal Data that is processed by the Company.

2. Information to be Acquired

The Company shall acquire the Personal Data listed below (hereinafter collectively known as 'Acquired Information') through the provision of this Service.

1.  Information to be Acquired through Entry by Users

1. Information to be registered in relation to acquisition of NAVITIME ID

(e-mail address and passwords, etc.)

2. Information registered in a questionnaire for this Service

(Nationality, gender, purpose of visit to Japan, number of visits to Japan) 

3. Information registered pertaining to the use of this Service

(My Spot (location specified by the user), station, line, favorites (spots, articles, itineraries, etc.), collections, travel plans created, collections and travel plans shared, etc.)

2. Information Automatically Acquired through Use of this Service (This excludes information given in (3) below.)

1. Information related to the User's history of use of this Service

(Functions used, time and date used (time stamps), characters entered for search, images entered for search, IP address, travel route information etc.)

2. Information related to the User's device

(Device type, OS, language used on device, browser type, device specific ID, advertising identifier (‘Identification for Advertisers’ (IDFA),  Google advertising ID) etc.)

3. Location information measured through the GPS function
4. Information used for social login (social media login)

(Identifiers (access tokens, etc.) for carrying out authentication)

3. Information Automatically Acquired through the Information Gathering Module (Profile Passport SDK) of Blogwatcher, Inc.

(Device type, OS, identifier assigned to device by information gathering module ‘Profile Passport UUID’, BeaconID, Beacon signal strength, signal detection time) , location information determined through the GPS function)

4. Information Obtained through Inquiries etc.

(Name, telephone number, e-mail address, details of inquiry etc.)

3. Handling of Acquired Information

The Company shall handle the Acquired Information in accordance with the “Personal Information Protection Policy” separately established by the Company and Paragraphs (1) – (4) of this Section 3 (Handling of Acquired Information).

The Company will use Acquired Information for the following purposes:

(1) as necessary for the provision of this Service;

(2)  for its legitimate business interests, such as:

-  Business related to the improvement of the convenience of this Service;

-  Business related to the study of the development of new services;

-  Business related to responding to inquiries and consultations;

-  Business related to the distribution of advertisement;

-  Business related to  e-mail distribution and other e-mail marketing;

-  Business related to the preparation and submission of statistical documentation (documentation that cannot be used to identify a specific individual); and

-  Business related to surveying/analyzing foreign tourists visiting Japan,

but only to the extent that the Company has carried out an assessment of its legitimate business interests against the rights and freedoms of the individual concerned and has concluded that these are not harmed;

(3)  where necessary to comply with its obligations under applicable Data Protection Laws, including business related to the protection of privacy; and

(4)  where necessary to make contact with an individual when necessary to protect life, physical health or property.

If the Company intends to use the Acquired Information for a purpose other than those listed above, it will provide the user with information on that purpose and if necessary under applicable Data Protection Laws, obtain consent.  

The Acquired Information will be stored for no longer than necessary for the fulfilment of the purposes listed above and may be stored for longer periods insofar as Acquired Information will be processed for statistical purposes.

4. Provision of Acquired Information to Third Parties

1. In principle, the Company shall not provide the user's Acquired Information to third parties. The Company will only provide Acquired Information to third parties in the following circumstances:

1. Should the user provide consent, if required by applicable Data Protection Laws;
2. Should the handling of the Acquired Information be consigned, in part or in whole, to a third party, in accordance with Section 5 (Transferring and Outsourcing the Handling of Acquired Information);
3. Should the provision of the Acquired Information accompany the succession of the business due to a merger or other reason, in which case it will be subject to the appropriate security measures set out in Section 5 (Transferring and Outsourcing the Handling of Acquired Information); and
4. Should the provision of the Acquired Information be authorized by law, or should the provision be mandated by law or court judgment.

2. Notwithstanding the preceding paragraph, we may provide the following information in Section 2 (Information to be Acquired) to the following third parties by electromagnetic means for the following purposes:

Additionally, the user agrees by accepting the Terms of Use and Privacy Policy that the user's Acquired Information will be handled by the Company within the applicable scope of the laws of Japan, applicable Data Protection Laws and these Rules. Additionally, the user understands and consents to the possibility that the extent of protection of their Acquired Information through the laws of Japan and these Rules may be less effective than the laws of the user's country and that there may be limitations on the rights set out in this Privacy Policy, depending on the specific circumstances concerning the data subject’s data and applicable law.

5. Transferring and Outsourcing the Handling of Acquired Information

The Company may transfer or outsource the handling of, in part or in whole, the Acquired Information to a provider. However, such outsourcing of the Acquired Information shall be undertaken only within the scope necessary to accomplish the purpose of use provided for in Section 3 (Handling of Acquired Information) and the Company shall ensure that appropriate safeguards are in place to ensure an adequate level of protection for the user and that applicable Data Protection Laws are complied with.

For EU/EEA/UK Personal Data, please note that the European Commission has issued a decision and the Information Commissioner's Office has issued adequacy regulations which state that Japan has an adequate level of protection for transfers of EU/EEA Personal Data and UK Personal Data respectively and the Company may therefore transfer Acquired Information from the UK/EU/EEA to Japan without additional safeguards, other than those the Company already imposes to protect Acquired Information.

6. Information Collection Modules and advertising identifier

(1) Use of Information Collection Modules

The Company uses the following information collection modules to analyze access and use conditions of this Service. These information collection modules collect information regarding the use of this Service in a way that it does not identify a specific individual, and the collected information will not be used to identify the user.

・Google Analytics

Provided by: Google LLC

Privacy Policy of Google LLC

（https://policies.google.com/privacy?hl=en）

・Firebase Analytics

Provided by: Google LLC

Privacy Policy of Google LLC

（https://policies.google.com/privacy?hl=en）

・adjust

Provided by adjust GmbH, adjust Inc. and adjust KK

Privacy Policy of adjust GmbH, adjust Inc. and adjust KK

（https://www.adjust.com/privacy-policy/）

・Profile Passport SDK

        Provided by: Blogwatcher, Inc.

The user may refuse the information to be collected by Profile Passport SDK by changing the setting of this Service.

・Treasure Data JavaScript SDK

Provided by：Treasure Data, Inc.

Privacy Policy of Treasure Data, Inc.

（https://www.treasuredata.com/privacy/）

・pinable

Provided by：Switch Smile, Inc.

Privacy Policy of Switch Smile, Inc.

（https://switch-smile.com/privacy-policy）

Advertisements are displayed using GPS Beacon information acquired using the Bluetooth function on the devices of its customers. By altering the settings of the Bluetooth function on their devices, customers can stop pinable from gathering this information.

・Braze SDK

Provided by：Braze, Inc.

Acquired Information of Braze, Inc.

(https://www.braze.com/docs/en/user_guide/data_and_analytics/user_data_collection/sdk_data_collection)

(2) iOS advertising identifier ‘Identification for Advertisers’ (IDFA) (For iOS)

The Company uses iOS advertising identifier ‘Identification for Advertisers’ (IDFA) (hereinafter known as 'IDFA') to display behavior targeting advertisements. IDFA will never be used to identify the user.

The user may refuse the use of IDFA to display behavior targeting advertisements. In order to refuse such use, follow the procedure below.

On the user's device: 'Settings' → 'Privacy' → 'Ads' → activate 'Restrict Tracking Ads'

*This operation may not be available or may differ depending on the OS versions of the user's device.

(3) Android OS advertising identifier ‘Google advertising ID’ (For Android OS)

The Company uses the Android OS advertising identifier ‘Google advertising ID’ (hereinafter known as 'Google advertising ID') to display behavior targeting advertisements. Google advertising ID will never be used to identify the user.

The user may refuse the use of Google advertising ID to display behavior targeting advertisements.

In order to refuse such use, follow the procedure below.

On the user's device: 'Google Settings' → 'Ads' → place a check in 'Opt Out of Interest Base Ads'; or

On the user's device: 'Settings' → 'Google' → 'Ads' → place a check in 'Opt Out of Interest Base Ads'

*This operation may not be available or may differ depending on the OS versions of the user's device.

7. Restriction of Use by Minors under the Age of 13

Users who are minors under the age of 13 cannot use this Service. If you believe that the Company is retaining information of a minor below the age of 13, please contact the Personal Information Protection Desk indicated in Section 13 (Inquiries Regarding Acquired Information).

8. Requests for Disclosure etc.

Please note that there may be limitations on the rights set out in this Privacy Policy, depending on the specific circumstances concerning the data subject’s data and applicable laws.

(1)  The Company shall respond to the following requests with respect to the user’s Acquired Information made by the user or his/her agent within the scope provided as mandatory for the Company under PPI, UK GDPR, EU GDPR or any other applicable Data Protection Laws. For details of procedures, please refer  to the contact details set forth in Section 13 (Inquiries Regarding Acquired Information). A fee corresponding to the actual costs may be charged for such requests pursuant to applicable Data Protection Laws.

The Company will respond to requests made by users to exercise their legal rights in relation to Acquired Information that the Company holds about them and covered by the PPI, subject to applicable exemptions:

1. Notification of purpose of use
2. Disclosure
3. Revisions, additions or deletion
4. Suspension of use, deletion or suspension of provision to a third party

The Company will respond to requests made by users to exercise their legal rights in relation to Acquired Information that the Company holds about them and covered by the UK or EU Data Protection laws, subject to applicable exemptions:

1. To be informed about any Acquired Information held about them by the Company;

2. To request access to their Acquired Information and be provided with information in relation to that data to ensure it is being lawfully processed. Please refer to Section 13 (Inquiries Regarding Acquired Information) for more details.

3. Rectification of any incomplete or inaccurate Personal Data held about them by the Company (although the Company may need to verify the accuracy of any new data provided);

4. Erasure of Acquired Information where there is no compelling reason for the Company continuing to process it; where the user has successfully exercised its rights to object to processing (below), where the Company has processed Acquired Information unlawfully or where the Company is required to erase its Acquired Information to comply with the local law in which that the user is based. Please note that the Company can refuse to delete or remove Acquired Information where it requires information for defence of legal claims;

5. To restrict processing of Acquired Information; a user may exercise this right where (i) it is requesting rectification, in which case processing is suspended until the information is verified, (ii) the Company is processing its Acquired Information unlawfully and as an alternative to exercising its right to request erasure, (iii) the Company no longer needs to process its Acquired Information but the user needs the Acquired Information for the establishment, exercise or defence of legal claims; or (iv) a user has exercised its right to object to processing of Acquired Information which relies on legitimate interests as a basis for lawful processing, and the Company needs to verify that it has such legitimate interests;

6. Object to processing of Acquired Information on the basis that it impacts on user's rights and freedoms, however in some cases the Company may demonstrate that it has compelling legitimate grounds to process Acquired Information which overrides the rights and freedoms of a user or where it requires that information for defence of legal claims;

7. To receive a copy of Acquired Information in a machine-readable format or request the transfer of Acquired Information to another party;

8. To not be subject to automated decision-making, including profiling, which has a legal or other significant effect on the user. The Company does not carry out automated decision-making however, to the extent that this changes, the Company will update this privacy policy and notify you of those changes. and

9. To make a complaint at any time to the relevant Supervisory Authority (within the meaning of EU/UK GDPR), please see Section 11 (Where to File Complaints) for details. However, the Company would welcome the chance to deal with a user's concerns before it approaches the Supervisory Authority; please Section 13 (Inquiries Regarding Acquired Information) for details.

(2) Notwithstanding the preceding paragraph, should the Company recognize the following requests made by a user under the PPI is reasonable, the Company shall respond to such request. Please direct inquiries regarding these requests to the Desk in Section 13 (Inquiries Regarding Acquired Information). A fee corresponding to the actual costs may be charged for each request:

1. Request for the issuance of the user's Acquired Information retained by the Company
2. Request for revision when the user's Acquired Information retained by the Company is inaccurate
3. Request for deletion of the user's Acquired Information retained by the Company

9. Voluntary Provision of Some Acquired Information

1. If the user does not wish to provide the Company with Acquired Information, please cease to use this Service or uninstall the application.
2. You can refuse to provide the information set forth in Section 2 (Information to be Acquired), Paragraph (1) (Information to be Acquired through Entry by Users) by not registering the said information.
3. You can refuse to provide the information set forth in Section 2 (Information to be Acquired), Paragraph (2) (Information Automatically Acquired through Use of this Service), Item 3 (Location information measured through the GPS function) by changing your device settings.
4. You can refuse to provide the information set forth in Section 2 (Information to be Acquired), Paragraph (2) (Information Automatically Acquired through Use of this Service), Item 4 (Information used for social login (social media login)) by changing your social media settings with regard to social login (social media login).
5. You can refuse to provide the information set forth in Section 2 (Information to be Acquired), Paragraph (4) (Information Obtained through Inquiries etc.) by not making inquiries.

10. Safe Management, Access to and Deletion of Acquired Information

Regarding the handling of Acquired Information, the Company sets forth company regulations based on the laws and guidelines stipulated by the Japanese government and compliant with applicable Data Protection Laws, makes these rules well-known among its employees, and takes safe management/preventative measures.

Should the user discontinue the use of this Service, the Acquired Information provided by the user will be appropriately deleted/destroyed based on the regulations of the Company.

In addition, should the user wish to have the Acquired Information they provided to the Company updated, the Company will make efforts to promptly respond to such request. However, the Company may refuse to respond to a request if it has been repeatedly made without justifiable cause, or the request requires excessive technological burden (such as the deletion of the data from the backed-up data).

11. Where to File Complaints

The Company would welcome the opportunity to handle a user's complaint, which may be submitted via the contact details in Section 13 (Inquiries Regarding Acquired Information).

In relation to Japanese data protection issues, the name of the Company's authorized person-related information protection organization and the contact point for filing complaints is listed below.

<Name of Authorized Personal Information Protection Organization>
 Japan Information Processing Development Center (JIPDEC)

<Contact Point for Filing Complaints>
Personal Information Protection Complaints Desk  
 Address
    12F Roppongi First Bldg., 1-9-9 Roppongi, Minato-ku, Tokyo  106-0032
 Inquiry Form

     https://contact.jipdec.or.jp/m?f=245

 *Please be noted that the above inquiry form is not for inquiries regarding the products and services of the Company.

In relation to UK data protection issues, please contact the Information Commissioner's Office ('ICO'), the UK Supervisory Authority for data protection issues, using the contact details provided on the ICO’s website at https://www.ico.org.uk

For a list of European Supervisory Authorities, please see https://edpb.europa.eu/about-edpb/about-edpb/members_en

12. Revisions to these Rules

These Rules are subject to revision at the discretion of the Company for reasons such as to respond to the law or government guidelines etc. Such revisions shall become valid at the time the revised Rules have been posted on this website. However, should there be a major revision that will have a significant impact on the users, a reasonable notification period will be set in advance, users will be notified in an easy-to-understand way through this Service, and the revised Rules will be posted to this website. In such case, after the notification period has passed, the revised Rules shall be considered valid.

13. Inquiries Regarding Acquired Information  

User inquiries regarding Acquired Information are handled at the Personal Information Protection Desk provided below.

Inquiries to:

Personal Information Protection Desk

NAVITIME JAPAN Co., Ltd.

3-8-38 Minami Aoyama, Minato-ku, Tokyo 107-0062

Personal Information Protection Manager:

Compliance Manager, Intellectual Property Legal Department

e-mail:

japantravel-privacy@navitime.co.jp