Tokaido Sanyo Kyushu Shinkansen Internet Reservation Service Privacy Policy

This Tokaido Sanyo Kyushu Shinkansen Internet Reservation Service Privacy Policy
(hereinafter referred to as this “Privacy Policy”) stipulates the terms and conditions concerning
the use of the Tokaido Sanyo Kyushu Shinkansen Internet Reservation Service (hereinafter
referred to as the “Service”), which Central Japan Railway Company (hereinafter referred to
as “JR Central”), West Japan Railway Company (hereinafter referred to as “JR West”), and
Kyushu Railway Company (hereinafter referred to as “JR Kyushu”; JR Central, JR West and
JR Kyushu are sometimes referred to herein as the “Three Companies”) provide to customers,
and travel products exclusively for members of the Service (hereinafter referred to as the “Travel
Products”) which JR TOKAI TOURS, INC. (hereinafter referred to as “JTT”) and Nippon
Travel Agency Co., Ltd. (hereinafter referred to as “NTA;” JR Central, JR West JR Kyushu,
JTT, and NTA are sometimes referred to herein individually as a “Party” and collectively as
the “Parties”) provide to customers.

1. Collection, etc. of personal information by the Parties 

The Parties acquire the following personal information of customers through proper and  fair means: 

(1) A customer’s name, date of birth, phone number, e-mail address, credit card expiration  date and information related to public transport IC card, as well as changes to such  information (excluding credit card number); 

(2) A history of past purchases of train tickets and travel-related products as well as  services related thereto collected by the Parties from transactions with a customer; (3) Device information and Cookies collected by the Parties from transactions with a  customer; 

(4) Opinions, questions, inquiries and the like which concern the use of the Service and  which are made by a customer by phone or e-mail; and 

(5) Name, gender, age, address, telephone number, and e-mail address of the customer, as entered at the time of application for Travel Products, and information on  transportation, accommodations, tourist facilities, and events used by the customer at  the time of use of the Travel Products. 

2. Purposes of use, etc. of personal information by the Parties 

(1) The Parties collect, use and keep personal information of customers for the following  purposes: 

(i) For transactions with customers concerning, or for provision to customers of,  train tickets, travel-related products and other services related thereto and the  like; 

(ii) For delivery of promotional materials and printed materials, as service  information by mail, the Internet or any other means; 

(iii) For sales analysis, product development, and improvement of our websites and  other services; and 

(iv) For the purposes of conducting investigations necessary to respond to requests  made by customers and analysing and preparing statistics on member trends. (2) In the event that the Parties outsource to another company the collection of personal  information and any actions that fall under any of the purposes of use set forth herein,  the Parties shall, to the extent necessary for such company to conduct such outsourced  actions, entrust to the company the handling of personal information set forth in  Section 1 after having taken the measures to protect the personal information.

3. Shared use of personal information 

Customers agree to the shared use of personal information as follows. The Parties shall be  responsible for the shared use, and the Tokaido Sanyo Kyushu Shinkansen Internet Reservation  Service Customer Center, as stipulated in Section 7, shall be the point of contact for inquiries  concerning this matter. 

(1) Personal information subject to shared use 

(i) A customer’s name, date of birth, phone number, e-mail address, credit card  expiration date and information related to public transport IC card, as well as  changes to such information (excluding credit card number); 

(ii) A history of past purchases of train tickets and travel-related products as well  as services related thereto collected by the Parties from transactions with a  customer; 

(iii) Device information and Cookies collected by the Parties from transactions  with a customer; and 

(iv) Opinions, questions, inquiries and the like which concern the use of the  Service and which are made by a customer by phone or e-mail. 

(2) Shared users 

The users engaged in the shared use shall be the Parties and consolidated subsidiaries of the Three Companies, as indicated in the annual securities reports of the Three  Companies. 

(3) Purposes of use 

(i) For transactions with customers concerning, or for provision to customers of,  train tickets, travel-related products and other services related thereto and the  like; 

(ii) For delivery of promotional materials and printed materials, as service  information, by mail, the Internet or any other means; 

(iii) For sales analysis, product development, and improvement of our websites and  other services; and 

(iv) For the purposes of conducting investigations necessary to respond to  requests made by customers and analyzing and preparing statistics on  member trends. 

(4) Addresses of the parties responsible for the shared use, and the names of their  representatives  

(i) JR Central: https://global.jr-central.co.jp/en/privacy/making-public.html

(ii) JR West: https://www.westjr.co.jp/global/en/privacy/ 

(iii) JR Kyushu: https://www.jrKyushu.co.jp/company/info/outline/ (Japanese)

(iv) JTT:https://www.jrtours.co.jp/st-direct/en/corporate/ 

(v) NTA:https://www.ntainbound.com/privacy-policy/ 

4. Disclosure and provision to third parties 

The personal information acquired from customers shall be managed properly by the Parties,  and shall not be disclosed or provided to a third party except in any of the following cases: (1) Cases in which the consent of the principal is obtained; 

(2) Cases in which the disclosure or provision of personal information is based on laws  and regulations of Japan; 

(3) Cases in which the disclosure or provision of personal information is necessary for  the protection of the life, body or property of an individual, and when it is difficult to  obtain the consent of the principal; 

(4) Cases in which the disclosure or provision of personal information is particularly  necessary for improving public health or promoting the sound growth of children, and  when it is difficult to obtain the consent of the principal; 

(5) Cases in which the disclosure or provision of personal information is necessary for  cooperating with a Japanese state organ, a Japanese local government or an individual  or a business operator entrusted by either of the former two in executing the affairs  prescribed by laws and regulations of Japan, and obtaining the consent of the principal  is likely to impede the execution of the affairs concerned; or 

(6) Cases in which the disclosure or provision of personal information is necessary for  cooperating with the issuers of customers’ credit cards, and with the credit card  payment agents used by the Parties for smart EX payments, in order for credit card  issuers to detect and prevent any unauthorized use of credit cards. 

5. Retained personal data 

The Parties use the “retained personal data” for the following purposes: 

(1) For transactions with customers concerning, or for provision to customers of, train  tickets, travel- related products and other services related thereto and the like; (2) For delivery of promotional materials and printed materials, as service information, by  mail, the Internet or any other means; 

(3) For sales analysis, product development, and improvement of our websites and other  services; and 

(4) For the purposes of conducting investigations necessary to respond to requests made  by customers and analysing and preparing statistics on member trends. 

6. Request for disclosure of retained personal data 

The Parties will respond to any request or claim by the principal or his or her representative for  the notification of the purposes of use, disclosure, discontinuation of use, removal,  discontinuation of provision to a third party, of retained personal data, or the correction,  addition or deletion of any item of retained personal data (hereinafter referred to as a “Request  for Disclosure, Etc.”) pursuant to the Act on the Protection of Personal Information of Japan 

(hereinafter referred to as the “Personal Information Protection Act”).

(1) Items that are subject to a Request for Disclosure, Etc. (Information that assists in  identifying “retained personal data”) 

(i) A customer’s name, date of birth, phone number, e-mail address, credit card  expiration date and information related to public transport IC card, as well as  changes to such information (excluding credit card number); 

(ii) Information collected by the Parties from transactions with a customer, such  as a history of past purchases of train tickets and travel-related products as  well as services related thereto; 

(iii) Device information and Cookies collected by the Parties from transactions with  a customer; and 

(iv) Name, gender, age, address, telephone number and e-mail address of the  customer, as entered at the time of application for Travel Products, and  information on transportation, accommodations, tourist facilities, and events  used by the customer at the time of use of the Travel Products. 

(2) Where and how to send Requests for Disclosure, Etc. 

A Request for Disclosure, Etc. is accepted when submitted by e-mail. Please  download the application form [A] below, fill in all the designated information, and  send the form to Tokaido Sanyo Kyushu Shinkansen Internet Reservation Service  Customer Center by e-mail (privacy@jr-central.co.jp), together with the image data of an identification document [B] (in JPG, PNG, or PDF file format). Responses will  be provided by sending a file to the applicant’s e-mail address used for the request. [A] Application forms designated by the Parties 

• Application form for notification of purposes of use, or disclosure, of retained personal data 

• Application form for correction, etc. of retained personal data 

• Application form for discontinuation of use, etc. of retained personal data [B] Identification documents 

• One of the following: Passport or driver’s license  

(Note) 

Please note that, with respect to requests for the correction, addition, or deletion  of retained personal data that falls under any of the information indicated in the above (1)(i), the customer is requested to change or correct the information on  the member information amendment page that appears after the customer logs in to his or her Service. 

(3) Request for Disclosure, Etc. by a representative 

If the person making a Request for Disclosure, Etc. is a statutory representative for  the principal, a minor or an adult ward, or a representative to whom the principal has  entrusted the Request for Disclosure, Etc., please send the form [A] and document [B]  of Section 6 (2) above for the principal by e-mail, together with the image data of the  documents below (in JPG, PNG, or PDF file format). 

[C] The representative’s identification document (same as [B] of Section 6 (2)) [D] Power of attorney or any other equivalent document (A power of attorney or any  other document to prove the authority to act as a representative concerning the  Request for Disclosure, Etc.) 

(4) “Purposes of use” of the personal information acquired in connection with the Request  for Disclosure, Etc. 

The personal information and the like that has been acquired in connection with the  Request for Disclosure, Etc. shall be handled only within the scope required for the  Request for Disclosure, Etc., except for when such personal information and the like  is returned at the discretion of any of the Parties. The documents that have been  submitted will be kept for two years after completion of the response to the Request  for Disclosure, Etc. before they are discarded. 

(Guidance) Reasons for refusal to disclose retained personal data 

Disclosure of retained personal data shall be refused in the following cases. If a decision to  refuse disclosure is made, a notification to that effect will be sent along with the reason for  the refusal. 

• If the principal cannot be identified due to, among other reasons, any inconsistency  between the information indicated on the application form, the information indicated on  the identification document and the content of retained personal data 

• If the authority of representative cannot be confirmed when an application form is sent by  a representative 

• If any of the designated application documents is insufficient 

• If the target of the Request for Disclosure, Etc. does not fall under retained personal data • If there is a risk of harming the life, body or property, or any of the rights and interests of  the principal or of a third party 

• If there is a risk of significantly impeding the proper execution of the Parties’ businesses • If any provision of any laws and regulations of Japan other than the Personal Information  Protection Act requires that all or part of such retained personal data capable of identifying the principal be disclosed to the principal by a method equivalent to the method prescribed  in the main clause of Article 33, paragraph 2 of the Personal Information Protection Act. • If disclosure will constitute a violation of any other laws or regulations of Japan. 

7. Matters related to complaint contact point

Please contact the Customer Center below with complaints concerning the handling of  personal information by the Parties. 

○ For contact by phone 

Tokaido Sanyo Kyushu Shinkansen Internet Reservation Service Customer Center  JR Central Shinagawa Building-A Wing 

2-1-85 Konan, Minato-ku, Tokyo 108-8204 

Phone number (Not toll-free): +81-(0) 3-6632-5130 (English) 

Business hours: 5:30–23:30 (JST)

○ For contact via the Internet or by mail 

Where an inquiry is made via the Internet or by mail using a Party’s contact point, we are  unable to respond to inquiries concerning individual personal information. Please note that  we may respond by a phone call or by other means. 

○ Visit to a Party’s place of business 

Please note that personal visits to a Party’s place of business in relation to complaints cannot  be accepted. 

8. Measures that the Parties Have Taken to Securely Manage the Retained Personal Data The measures that the Parties take to securely manage the retained personal data acquired from  customers, etc. are as follows: 

(1) Formulation of a basic policy: 

• Formulate this “Privacy Policy” as a basic policy for compliance, etc. with the  relevant laws and regulations, and guidelines to secure the proper handling of  personal information; 

(2) Development of personal data handling rules: 

• Formulate internal rules and manuals for the handling method, managers and  responsible persons, and their duties, etc. for the respective stages of acquisition,  use, storage, provision, deletion, destruction, etc.; 

(3) Organizational measures for secure management: 

• Appoint a manager responsible for the handling of personal data; clearly define the  employees who handle personal data, and the scope of personal data handled by  those employees; and develop a system to report to the manager when any leakage,  etc., or violation of internal rules occurs or is found to be likely to occur; and 

• Conduct internal audits to ensure that personal data are handled in compliance with  the relevant laws and regulations, guidelines and internal rules; 

(4) Measures for secure management by human resources: 

• Provide employees with regular training for consideration in handling personal data; (5) Physical measures for secure management: 

• Manage employees’ entries in and exits from the areas where personal data are  handled, and restrict the devices, etc. used in those areas; and take measures to  prevent unauthorized persons from accessing personal data; and 

• Take measures to prevent theft, loss, etc. of devices, electronic media, documents,  etc., with, on or in which personal data are handled; and take measures to protect  the confidentiality of personal data to ensure that they are not easily identified when  carrying such devices, electronic media, etc., including moving within the Company  premises; 

(6) Technical measures for secure management: 

• Control access and restrict the scope of responsible persons, and the personal  information databases, etc. handled by those persons; and 

• Implement a mechanism to protect the information systems used to handle personal  data against unauthorized access by outsiders, or unauthorized software; and

(7) Understanding the external environment: 

• When handling personal data in a foreign country, implement measures for secure  management by understanding the personal information protection system in the  foreign country. 

9. Change to the Privacy Policy 

The Parties shall make efforts to review, as necessary, the condition of operations concerning  the handling of customers’ personal information, as well as to make continuous improvements.  The Parties may change this Privacy Policy at any time as needed. 

Revision Date: September 16, 2023 

Notice:For Customers in  

・European Economic Area ("EEA") and UK 

・USA 

・Canada  

・Australia  

・Singapore  

・Hong Kong  

・Malaysia  

・Taiwan 

・Thailand 

Please see supplements here 

※EEA&UK Supplement is not subject to consent.

PAGE TOP
MENU

Home