Privacy Policy
Final Revision: March 4, 2025
NAVITIME JAPAN Co., Ltd.
NAVITIME JAPAN Co., Ltd.
(hereinafter known as the 'Company')
adheres to the rules stipulated below (hereinafter known as 'these Rules') when handling Personal
Data acquired by the Company pertaining to the provision of 'Japan Travel by
NAVITIME' (hereinafter known as the
'Service') as offered by the Company. Moreover, with respect to these
Rules, in the event there is any discrepancy between the English version and
the version translated into other languages, the English version shall
supersede.
1. Definitions
In these Rules:
'Data Protection Laws' means, in relation to a user, all
applicable laws, rules, regulation, directives and governmental requirements
relating in any way to the privacy, confidentiality, security, integrity and
protection of Personal Data, including without limitation: the Data Protection
Act 2018; the UK General Data Protection Regulation ('UK GDPR'); the EU General Data Protection Regulation 2016/679 ('EU GDPR'), the EU ePrivacy Directive
2002/58/EC, each as amended or superseded from time to time, and any EU Member
State national implementing legislation; and the Act on the Protection of
Personal Information in Japan ('PPI').
'Personal Data'
means any data relating to an identified or identifiable person, such as name,
addresses, email addresses, telephone numbers and dates of birth.
'process' or 'processing' or 'processed' means any operation performed upon Personal Data, such
as collection, recording, organization, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission,
dissemination or otherwise making available, alignment or combination,
restriction, erasure, or destruction;
'user' means any individual that uses the Service and is the
subject of Personal Data that is processed by the Company.
2. Information to be Acquired
The Company shall acquire the Personal Data listed below
(hereinafter collectively known as 'Acquired
Information') through the provision of this Service.
(1) Information to be Acquired through Entry by
Users
1
Information
to be registered in relation to acquisition of NAVITIME ID
(e-mail address and passwords, etc.)
2
Information
registered in a questionnaire for this Service
(Nationality, gender, purpose of visit to Japan, number of
visits to Japan)
3
Information
registered pertaining to the use of this Service
(My Spot (location specified by the user), station, line,
favorites (spots, articles, itineraries, etc.), collections, travel plans
created, collections and travel plans shared, etc.)
(2) Information Automatically Acquired
through Use of this Service (This excludes information given in (3) below.)
1
Information
related to the User's history of use of this Service
(Functions used, time and date used (time stamps),
characters entered for search, images entered for search, IP address, travel
route information etc.)
2
Information
related to the User's device
(Device type, OS, language used on device, browser type,
device specific ID, advertising identifier (‘Identification for Advertisers’
(IDFA), Google
advertising ID) etc.)
3
Location
information measured through the GPS function
4
Information used for social login
(social media login)
(Identifiers (access tokens, etc.) for carrying out
authentication)
(3) Information Automatically Acquired
through the Information Gathering Module (Profile Passport SDK) of Blogwatcher,
Inc.
(Device type, OS, identifier
assigned to device by information gathering module ‘Profile Passport UUID’,
BeaconID, Beacon signal strength, signal detection time) , location information
determined through the GPS function)
(4) Information Obtained through
Inquiries etc.
(Name, telephone number, e-mail
address, details of inquiry etc.)
3. Handling of Acquired Information
The Company shall handle the Acquired Information in
accordance with the “Personal Information Protection Policy” separately
established by the Company and Paragraphs (1) – (4) of this Section 3 (Handling
of Acquired Information).
The Company will use Acquired Information for the following
purposes:
(1) as necessary for the provision
of this Service;
(2)
for its legitimate business interests, such as:
-
Business related to the improvement of the convenience of this Service;
-
Business related to the study of the development of new services;
-
Business related to responding to inquiries and consultations;
-
Business related to the distribution of advertisement;
-
Business related to e-mail
distribution and other e-mail marketing;
-
Business related to the preparation and submission of statistical
documentation (documentation that cannot be used to identify a specific
individual); and
-
Business related to surveying/analyzing foreign tourists visiting Japan,
but only to the extent that the
Company has carried out an assessment of its legitimate business interests
against the rights and freedoms of the individual concerned and has concluded
that these are not harmed;
(3)
where necessary to comply with its obligations under applicable Data
Protection Laws, including business related to the protection of privacy; and
(4)
where necessary to make contact with an individual when necessary to
protect life, physical health or property.
If the Company intends to use the
Acquired Information for a purpose other than those listed above, it will
provide the user with information on that purpose and if necessary under
applicable Data Protection Laws, obtain consent.
The Acquired Information will be
stored for no longer than necessary for the fulfilment of the purposes listed
above and may be stored for longer periods insofar as Acquired Information will
be processed for statistical purposes.
4. Provision of Acquired Information to Third Parties
(1) In principle, the Company shall not
provide the user's Acquired Information to third parties. The Company will only
provide Acquired Information to third parties in the following circumstances:
1
Should
the user provide consent, if required by applicable Data Protection Laws;
2
Should
the handling of the Acquired Information be consigned, in part or in whole, to
a third party, in accordance with Section 5 (Transferring and Outsourcing the
Handling of Acquired Information);
3
Should
the provision of the Acquired Information accompany the succession of the
business due to a merger or other reason, in which case it will be subject to
the appropriate security measures set out in Section 5 (Transferring and
Outsourcing the Handling of Acquired Information); and
4
Should
the provision of the Acquired Information be authorized by law, or should the
provision be mandated by law or court judgment.
(2)
Notwithstanding
the preceding paragraph, we may provide the following information in Section 2
(Information to be Acquired) to the following third parties by electromagnetic
means for the following purposes:
|
Provided to |
Purpose |
Information to be provided |
|
KDDI CORPORATION |
People Flow
Analysis of the subject user's travel, movement, and visits |
-
User
identifier -
Nationality -
Statistical
information of the location information measured by GPS function |
|
After March 4,
2025 GEOTRA Co., Ltd. https://www.kddi.com/english/corporate/kddi/profile/ |
People Flow
Analysis of the subject user's travel, movement, and visits |
-
User
identifier -
Information
registered in a questionnaire for this Service -
location
information measured by GPS function |
Additionally, the user agrees by
accepting the Terms of Use and Privacy Policy that
the user's Acquired Information will be handled by the Company within the
applicable scope of the laws of Japan, applicable Data Protection Laws and
these Rules. Additionally, the user understands and consents to the possibility
that the extent of protection of their Acquired Information through the laws of
Japan and these Rules may be less effective than the laws of the user's country
and that there may be limitations on the rights set out in this Privacy Policy,
depending on the specific circumstances concerning the data subject’s data and
applicable law.
5.
Transferring and Outsourcing the Handling of Acquired Information
The Company may transfer or
outsource the handling of, in part or in whole, the Acquired Information to a
provider. However, such outsourcing of the Acquired Information shall be
undertaken only within the scope necessary to accomplish the purpose of use
provided for in Section 3 (Handling of Acquired Information) and the Company
shall ensure that appropriate safeguards are in place to ensure an adequate
level of protection for the user and that applicable Data Protection Laws are
complied with.
For EU/EEA/UK Personal Data, please
note that the European Commission has issued a decision and the Information
Commissioner's Office has issued adequacy regulations which state that Japan
has an adequate level of protection for transfers of EU/EEA Personal Data and
UK Personal Data respectively and the Company may therefore transfer Acquired
Information from the UK/EU/EEA to Japan without additional safeguards, other
than those the Company already imposes to protect Acquired Information.
6. Information Collection Modules
and advertising identifier
(1) Use of Information Collection
Modules
The Company uses the following information collection
modules to analyze access and use conditions of this Service. These information
collection modules collect information regarding the use of this Service in a
way that it does not identify a specific individual, and the collected
information will not be used to identify the user.
・Google
Analytics
Provided by: Google LLC
Privacy Policy of Google LLC
(https://policies.google.com/privacy?hl=en)
・Firebase
Analytics
Provided by: Google LLC
Privacy Policy of Google LLC
(https://policies.google.com/privacy?hl=en)
・adjust
Provided by adjust GmbH, adjust Inc.
and adjust KK
Privacy Policy of adjust GmbH,
adjust Inc. and adjust KK
(https://www.adjust.com/privacy-policy/)
・Profile
Passport SDK
Provided by:
Blogwatcher, Inc.
The user may refuse the information to be collected by
Profile Passport SDK by changing the setting of this Service.
・Treasure Data JavaScript SDK
Provided by:Treasure Data, Inc.
Privacy Policy of Treasure Data,
Inc.
(https://www.treasuredata.com/privacy/)
・pinable
Provided by:Switch Smile, Inc.
Privacy Policy of Switch Smile, Inc.
(https://switch-smile.com/privacy-policy)
Advertisements are displayed using GPS Beacon
information acquired using the Bluetooth function on the devices of its
customers. By altering the settings of the Bluetooth function on their devices,
customers can stop pinable from gathering this information.
・Braze SDK
Provided by:Braze, Inc.
Acquired Information of Braze, Inc.
(https://www.braze.com/docs/en/user_guide/data_and_analytics/user_data_collection/sdk_data_collection)
(2) iOS advertising identifier
‘Identification for Advertisers’ (IDFA)
(For iOS)
The Company uses iOS advertising identifier ‘Identification
for Advertisers’ (IDFA) (hereinafter known as 'IDFA') to display behavior
targeting advertisements. IDFA will never be used to identify the user.
The user may refuse the use of IDFA to display behavior
targeting advertisements. In order to refuse such use, follow the procedure
below.
On the user's device: 'Settings' → 'Privacy' →
'Ads' → activate 'Restrict Tracking Ads'
*This operation may not be available or may differ depending
on the OS versions of the user's device.
(3) Android OS advertising
identifier ‘Google advertising ID’ (For Android OS)
The Company uses the Android OS advertising identifier
‘Google advertising ID’ (hereinafter known as 'Google advertising ID') to
display behavior targeting advertisements. Google advertising ID will never be
used to identify the user.
The user may refuse the use of Google advertising ID to
display behavior targeting advertisements.
In order to refuse such use, follow the procedure below.
On the user's device: 'Google Settings' → 'Ads' →
place a check in 'Opt Out of Interest Base Ads'; or
On the user's device: 'Settings' → 'Google' → 'Ads'
→ place a check in 'Opt Out of Interest Base Ads'
*This operation may not be available or may differ depending
on the OS versions of the user's device.
7. Restriction
of Use by Minors under the Age of 13
Users who are minors under the age of 13 cannot use this
Service. If you believe that the Company is retaining information of a minor
below the age of 13, please contact the Personal Information Protection Desk
indicated in Section 13 (Inquiries Regarding Acquired Information).
8. Requests for Disclosure etc.
Please note that there may be limitations on the rights set
out in this Privacy Policy, depending on the specific circumstances concerning
the data subject’s data and applicable laws.
(1)
The Company shall respond to the following requests with respect to the
user’s Acquired Information made by the user or his/her agent within the scope
provided as mandatory for the Company under PPI, UK GDPR, EU GDPR or any other
applicable Data Protection Laws. For details of procedures, please refer to the contact details set forth in Section
13 (Inquiries Regarding Acquired Information). A fee corresponding to the actual
costs may be charged for such requests pursuant to applicable Data Protection Laws.
The Company will respond to requests made by users to exercise their legal
rights in relation to Acquired Information that the Company holds about them
and covered by the PPI, subject to applicable exemptions:
1
Notification
of purpose of use
2
Disclosure
3
Revisions,
additions or deletion
4
Suspension
of use, deletion or suspension of provision to a third party
The Company will respond to requests
made by users to exercise their legal rights in relation to Acquired
Information that the Company holds about them and covered by the UK or EU Data
Protection laws, subject to applicable exemptions:
1
To be informed about any Acquired Information
held about them by the Company;
2
To request access to their Acquired Information and
be provided with information in relation to that data to ensure it is being
lawfully processed. Please refer to Section 13 (Inquiries Regarding Acquired
Information) for more details.
3
Rectification of any incomplete or inaccurate
Personal Data held about them by the Company (although the Company may need to
verify the accuracy of any new data provided);
4
Erasure of Acquired Information where there is no compelling reason
for the Company continuing to process it; where the user has successfully
exercised its rights to object to processing (below), where the Company has
processed Acquired Information unlawfully or where the Company is required to
erase its Acquired Information to comply with the local law in which that the
user is based. Please note that the Company can refuse to delete or remove
Acquired Information where it requires information for defence of legal claims;
5
To restrict processing of Acquired Information; a user may
exercise this right where (i) it is requesting rectification, in which case
processing is suspended until the information is verified, (ii) the Company is
processing its Acquired Information unlawfully and as an alternative to
exercising its right to request erasure, (iii) the Company no longer needs to
process its Acquired Information but the user needs the Acquired Information
for the establishment, exercise or defence of legal claims; or (iv) a user has
exercised its right to object to processing of Acquired Information which
relies on legitimate interests as a basis for lawful processing, and the
Company needs to verify that it has such legitimate interests;
6
Object to processing of Acquired Information on the
basis that it impacts on user's rights and freedoms, however in some cases the
Company may demonstrate that it has compelling legitimate grounds to process
Acquired Information which overrides the rights and freedoms of a user or where
it requires that information for defence of legal claims;
7
To receive a copy of Acquired Information in a
machine-readable format or request the transfer of Acquired Information to
another party;
8
To not be subject to automated
decision-making, including
profiling, which has a legal or other significant effect on the user. The
Company does not carry out automated decision-making however, to the extent
that this changes, the Company will update this privacy policy and notify you
of those changes. and
9
To make a complaint at any time to the relevant
Supervisory Authority (within the meaning of EU/UK GDPR), please see Section 11
(Where to File Complaints) for details. However, the Company would welcome the
chance to deal with a user's concerns before it approaches the Supervisory
Authority; please Section 13 (Inquiries Regarding Acquired Information) for
details.
(2)
Notwithstanding the preceding paragraph, should the Company recognize the
following requests made by a user under the PPI is reasonable, the Company
shall respond to such request. Please direct inquiries regarding these requests
to the Desk in Section 13 (Inquiries Regarding Acquired Information). A fee
corresponding to the actual costs may be charged for each request:
1 Request for the issuance of the
user's Acquired Information retained by the Company
2 Request for revision when the user's
Acquired Information retained by the Company is inaccurate
3 Request for deletion of the user's
Acquired Information retained by the Company
9. Voluntary Provision of Some
Acquired Information
1
If
the user does not wish to provide the Company with Acquired Information, please
cease to use this Service or uninstall the application.
2
You
can refuse to provide the information set forth in Section 2 (Information to be
Acquired), Paragraph (1) (Information to be Acquired through Entry by Users) by
not registering the said information.
3
You
can refuse to provide the information set forth in Section 2 (Information to be
Acquired), Paragraph (2) (Information Automatically Acquired through Use of
this Service), Item 3 (Location information measured through the GPS function)
by changing your device settings.
4
You
can refuse to provide the information set forth in Section 2 (Information to be
Acquired), Paragraph (2) (Information Automatically Acquired through Use of
this Service), Item 4 (Information used for social login (social media login))
by changing your social media settings with regard to social login (social
media login).
5
You
can refuse to provide the information set forth in Section 2 (Information to be
Acquired), Paragraph (4) (Information Obtained through Inquiries etc.) by not
making inquiries.
10. Safe Management, Access to and
Deletion of Acquired Information
Regarding the handling of Acquired
Information, the Company sets forth company regulations based on the laws and
guidelines stipulated by the Japanese government and compliant with applicable
Data Protection Laws, makes these rules well-known among its employees, and
takes safe management/preventative measures.
Should the user discontinue the use of this Service, the
Acquired Information provided by the user will be appropriately
deleted/destroyed based on the regulations of the Company.
In addition, should the user wish to have the Acquired
Information they provided to the Company updated, the Company will make efforts
to promptly respond to such request. However, the Company may refuse to respond
to a request if it has been repeatedly made without justifiable cause, or the
request requires excessive technological burden (such as the deletion of the
data from the backed-up data).
11. Where to File Complaints
The Company would welcome the
opportunity to handle a user's complaint, which may be submitted via the
contact details in Section 13 (Inquiries Regarding Acquired Information).
In relation to Japanese data protection issues, the name of
the Company's authorized person-related information protection organization and
the contact point for filing complaints is listed below.
<Name
of Authorized Personal Information Protection Organization>
Japan Information Processing Development Center
(JIPDEC)
<Contact Point for Filing Complaints>
Personal Information Protection Complaints Desk
Address
12F Roppongi First Bldg., 1-9-9 Roppongi,
Minato-ku, Tokyo 106-0032
Inquiry Form
https://contact.jipdec.or.jp/m?f=245
*Please be noted that the above inquiry form is not for inquiries
regarding the products and services of the Company.
In relation to UK data protection
issues, please contact the Information Commissioner's Office ('ICO'), the UK Supervisory Authority
for data protection issues, using the contact details provided on the ICO’s
website at https://www.ico.org.uk
For a list of European Supervisory Authorities, please see https://edpb.europa.eu/about-edpb/about-edpb/members_en
12. Revisions to these Rules
These Rules are subject to revision at the discretion of the
Company for reasons such as to respond to the law or government guidelines etc.
Such revisions shall become valid at the time the revised Rules have been
posted on this website. However, should there be a major revision that will
have a significant impact on the users, a reasonable notification period will
be set in advance, users will be notified in an easy-to-understand way through
this Service, and the revised Rules will be posted to this website. In such
case, after the notification period has passed, the revised Rules shall be
considered valid.
13. Inquiries Regarding Acquired
Information
User inquiries regarding Acquired Information are handled at
the Personal Information Protection Desk provided below.
Inquiries to:
Personal Information
Protection Desk
NAVITIME JAPAN Co.,
Ltd.
3-8-38 Minami Aoyama,
Minato-ku, Tokyo 107-0062
Personal Information
Protection Manager:
Compliance Manager,
Intellectual Property Legal Department
e-mail:
japantravel-privacy@navitime.co.jp