Personal Information Protection Policy
Each of the terms set forth below (the “Terms, etc.”) is provided in Japanese as an original. If there is any discrepancy between the English translation of each of the Terms, etc. and its Japanese text, the Japanese text shall prevail.
privacy policy
[Concept of Personal Information Protection]
Activity Japan Co., Ltd. (the "Company") is engaged in internet platform business, as well as preparation, sales and whole sales of destination based tourism products, regional promotion business (surveys, marketing, web building, public relations, sales and sales analysis), implementation of activity experiential events and the like as their cores business activities. Personal information acquired from individuals directly through our business activities, as well as personal information of our employees (“Personal Information”) is important information for the Company and we recognize securely protecting such Personal Information as our important social responsibility. The Company shall therefore handle Personal Information acquired through our business activities according to the policy described below, provide “peace of mind” to individuals of such information with regards to the protection of Personal Information and fulfill our social responsibility.
【policy】
- 1. The Company shall acquire Personal Information through legal and fair methods
- ・In relation to the acquisition, use and provision of the Personal Information.
- ・The Company shall use the Personal Information to the extent necessary to achieve the intended purpose of use.
- ・The Company shall acquire consent from the individual of the Personal Information in advance, when providing such Personal Information to a third party.
- ・The Company shall not use the acquired Personal Information for any purposes other than the intended purpose of use. The Company shall also implement measures for this purpose.
- ・In the event a need to use the information for purposes other than initially intended, such information is used after once again acquiring consent for the new purpose of use.
- 2. Information on laws, guidelines established by the government and other standards (hereinafter referred to as the “Laws”)
- The Company shall strive to continuously gain understanding pertaining to the Laws that are relevant to the business of handling Personal Information and the matter shall be thoroughly made aware and strictly observed by employees that engage in business activities of the Company (“Employees”).
- 3. Information on security management of Personal Information
- ・The Company shall build and maintain a framework for rapidly implementing corrective measures for the purpose of security management of Personal Information, in order to prevent such various risks as unauthorized access to Personal Information, leaking of Personal Information, as well as loss or damage of Personal Information.
- ・Inspections shall also be conducted, and corrective actions shall be taken promptly when any violation or incident is discovered, and preventive measures for vulnerable aspects shall also be implemented.
- ・Education on security shall be thoroughly implemented on all Employees.
- 4. Information on complaints and consultations
- A contact for Personal Information inquiries shall be made available and a framework that facilitates rapid responses shall be established to handle complaints and consultations regarding handling of Personal Information and respond to such matters with good faith.
- 5. Information on continual improvements
- ・The Personal Information protection management system of the Company is monitored and audited to determine the compliance status of our internal regulations, with efforts made to discover violations, incidents, accidents and vulnerabilities, with reviews conducted by the management. Such efforts are reflected on our management measures and internal regulations to continuously improve the Personal Information protection management system.
- ・Improvements shall comply with laws and ordinances, as well as JIS Q 15001.
Established date: March 16, 2016
Final revision date” Thursday, April 11, 2024
Activity Japan Co., Ltd.
Ming Ming Chen, Representative Director
[Contact for inquiries on contents of Our Personal Information Protection Policy]
Personal Information Inquiry Contact, Activity Japan Co., Ltd.
WESTALL Yotsuya Building 2F, 1-22-5 Yotsuya, Shinjuku-ku, Tokyo 160-0004
Phone: 03-6862-5311 (weekdays 10:00 to 17:00)
Person responsible for Personal Information: Yuji Ogawa, Personal Information Protection Manager
1. Information on handling of Personal Information
[Information on purposes for using Personal Information]
| Types of Personal Information | Purposes for use | Disclosure category |
|---|---|---|
Information on persons who requested us for materials or made inquiries |
Needed for responding to inquiries and providing information regarding services, etc. |
Disclosed |
Information on persons who are candidates and applicants for personnel recruiting |
Needed for processing recruitment selections, making contact, etc. |
Disclosed |
Employee information |
Needed for conducting employee management and other matters relating to human resources and general affairs |
Disclosed |
Pseudonym processing information |
Needed for internal tabulation work, etc. |
Undisclosed |
[Information on measures implemented for security management of Retained personal data]
| Formulation of basic policies | Personal Information Protection Policy is published on our website | |
|---|---|---|
| Establishment of discipline | Regulations have been established regarding handling methods, persons in charge and their duties for each stage of acquisition, use, provision, waste disposal and the like, while a review is conducted periodically |
|
| Organization security control measures | Self-inspections, internal audits and external audits are conducted periodically | |
| Personnel security control measures | Employees conclude a confidentiality pledge pertaining to confidentiality, and employees are educated on the matter regularly | |
| Physical security control measures | Areas in which Personal Information is handled, as well as relevant equipment and electronic media are protected from theft, etc. | |
| Technical security control measures | Mechanisms are in place for protection against unauthorized access from outside | |
| Gaining understanding on external environments |
Cloud services are utilized to manage Personal Information, etc.
The locations (regions) of data centers for such cloud services are primarily in Japan, the United States, the EU, etc.*1
The Company ensures that appropriate access control is implemented to such cloud services and strives to maintain understanding on Personal Information protection systems in such countries and regions.*2
*1: Some data centers distribute their sites across multiple regions around the world and do not publish such locations for security reasons and as such, it is realistically difficult to maintain understanding on all regions. *2: Although maintaining understanding about Personal Information protection systems in all regions is difficult to achieve due to the reason described in *1, however, the Company endeavors to select services that have been certified for high reliability, such as ISO/IEC 27001, ISO/IEC 27017 and ISO/IEC 27018. |
[Information on request procedures for disclosures]
Procedures for the individual of Personal Information or a representative thereof, to request for responsive actions pertaining to personal data in possession of the Company, with regards to notification on purpose of use, disclosure, correction of details, addition or deletion, suspension of use, erasure and suspension of provision of information to third parties, as well as record of provisions made to third parties (“request for disclosure”), shall be as described below.
- 1. Destination for submission of request for disclosure
A request for disclosure may be filed, by using the Personal Information Disclosure Request, through means that are convenient for the applicant (email, fax or post).
In the event posting is selected as the means for submission, using a method that offers a way to verify a delivery record, such as registered mail or simple registered mail, is requested.
Furthermore, noting “Personal Information Disclosure Request enclosed” in red letters on the envelope would be appreciated.
Please contact us for details, in the event filing by attaching documents to an email message is desired.
- 2. Submitted documents to request for disclosure
Please enter all prescribed details on the Personal Information Disclosure Request form to request for disclosure.
Responsive actions for disclosure of personal data in our possession shall be taken with methods specified by the applicant, as a general rule. Please specify the desired method for disclosure, such as electromagnetic records, disclosure by documentation, as well as other methods determined by the Company, in the prescribed column on the Personal Information Disclosure Request form.
*In the event using the method specified by the applicant for disclosure causes a significant burden on the Company, such as a large amount of expenses are required for disclosure, the Company may reluctantly select an alternative method as determined by the Company for disclosure.
- 3. Verification of identity
The Company conducts authentication by phone, to verify the identity of the applicant, who requests for a disclosure and the like. In the event an authentication cannot be conducted by phone, the applicant may be asked to present a copy of their driver's license, resident card, health insurance card or the like.
- 4. Request for disclosure and the like through a representative
In the event a representative is delegated to request for a disclosure and the like, prepare following documents in addition to the Personal Information Disclosure Request form.
(1) Documents (copies) for confirmation of identity of the representative
One copy of the representative’s driver's license, resident card, or health insurance card
*Prepare a copy with the individual’s permanent domicile blotted out.
(2) Power of attorney (the applicant to affix personal seal on the power of attorney and attach the seal registration certificate for that seal; In the event the representative is a legal representative such as a parent, a document that proves such relationship may be submitted in lieu of a power of attorney)
- 5. Fees related to request for disclosure and notification on purpose of use
In the event a disclosure of Personal Information and notification on purpose of use are requested, a fee of 2,000 JPY shall be charged for each request.
Deposit 2,000 JPY by bank transfer to pay the fee.
*The bank account information will be provided at the time the identity is authenticated.
*The bank transfer fee shall be borne by the payer.
Note that in the event any relevant fee is insufficient or if the fund transfer cannot be confirmed, we will not be able to disclose any information or notify you on the purpose of use.
- 6. Methods for responding to disclosure requests
A method that is convenient for the applicant (email, fax, mail) shall be used to provide responses.
In the event there are any questions or complaints or a need for consultation regarding personal data held by the Company, inquire with the following contact.
Personal Information Inquiry Contact, Activity Japan Co., Ltd.
WESTALL Yotsuya Building 2F, 1-22-5 Yotsuya, Shinjuku-ku, Tokyo 160-0004
Phone: 03-6862-5311 (weekdays 10:00 to 17:00)
Person responsible for Personal Information: Yuji Ogawa, Personal Information Protection Manager
2. Information on shared use of Personal Information
Among the Personal Information provided by customers, the Company shares with a company in the KKday corporate group such details as names, addresses, telephone numbers, email addresses, passport numbers and the like for purposes of developing such products as package tours, sales promotion activities involving introduction of products, as well as to contact and respond to our customers, and for purposes of service improvements, research and development. The entity responsible for managing such Personal Information shall be the Company (location: WESTALL Yotsuya Building 2F, 1-22-5 Yotsuya, Shinjuku-ku, Tokyo; Chen Mingming, Representative).
[Company of Corporate Group]
KKDay Japan Co., Ltd.
3. Notes on voluntary provision of Personal Information
Our customers may refuse to provide the Personal Information described in Section 1-1 above, but there may be instances where the Company will not be able to fulfill actions for purposes described above.
4. Information on proper management of Personal Information
The Company strives to maintain acquired Personal Information accurate and up to date within the scope of purpose of use described above, and implements necessary and optimum safety control measures to prevent unauthorized access, tampering, leaks, etc. Furthermore, the Company shall provide the necessary training to our officers, employees and other relevant parties, to facilitate the proper handling of Personal Information.
5. Information on consignment and provision of Personal Information to third parties
Personal information acquired by the Company shall not be provided to third parties except in cases 1) to 5) described below. In addition to cases 1) to 5), the Company may consign Personal Information to third parties with whom the Company has concluded a memorandum on handling of Personal Information for the purpose of fulfilling purposes of use as described above.
- 1) In the event there is consent from the individual 2) In the event actions are taken according to laws and ordinances 3) In the event actions are necessary to protect life, physical wellbeing or properties of an individual, where obtaining consent from such an individual is difficult
- 4) In the event the information is specifically required for the purpose of improving public health or promoting healthy growth of children, where obtaining consent from the individual is difficult
- 5) In the event the information must provided to an organization of the national government or local public organization or entities that have been consigned to perform work on their behalf, in order to fulfill duties as specified by laws and ordinances, for which obtaining consent from the individuals can potentially impede on the fulfillment of such work
6. Management of outsources
The Company shall instruct outsources described in the preceding section, to ensure that Personal Information is handled appropriately, and to manage the information in such a way that it is not provided to third parties or used for purposes other than intended.
7. Information on complaints about handling of Personal Information
The Company responds in good faith to complaints relating to handling of Personal Information held by the Company, as well as fulfilling actions for notification on purpose of use, disclosure of Personal Information, amendments, additions or deletion of details in Personal Information, as well as suspension of use or deletion or suspension of provision to third parties.
Notify the Company at the Complaints and Consultations Contact described below, to file a complaint regarding handling of Personal Information, to receive notification on purpose of use, disclosure of Personal Information, as well as amendment, addition or deletion of details in Personal Information, suspension of use or deletion or suspension of provision to third parties, declaration of refusal to use or provide the information. Details on procedures shall be explained to the customer at the time contact is made.
Once the authentication that the applicant of such requests is indeed the person of information is achieved, the Personal Information of the customer shall be disclosed, amended or deleted and the like, within a reasonable time period and to a reasonable extent.
8. Information on non-disclosure of Personal Information
The information shall not be disclosed in instances stipulated below. A notification shall be provided in the event a decision is made not to disclose the information, along with the reason for such decision.
- ● Instances where personal authentication is not possible because the address entered on the application form does not match with the address described on documents provided for personal identification and the address registered with the Company
- ● Instances where the right of representation cannot be verified for a request made by a representative.
- ● Instances where there are flaws with submitted prescribed documents
- ● Instances where the Personal Information held by the Company could not be identified according to the details provided in the application form.
- ● Instances where the relevant Personal Information was consigned to us from a third party
- ● Instances where life, physical wellbeing, properties and other rights and interests of the person or a third party may be in jeopardy
- ● Instances where the proper operation of the Company may be subjected to significant impediment
- ● In other instances where laws and ordinances may be violated
9. Information on amendments
The Company may amend details regarding handling of Personal Information, in response to a change in purpose of use or to seek protection of Personal Information, as well as in response to changes with laws, ordinances and the like. Details of changes shall be posted on our website for a certain time period and notified to our customers.
10. Contact for Complaints and Consultations on Personal Information
The contact for complaints and consultations on Personal Information is described below.
Activity Japan Co., Ltd.
1-22-5 Yotsuya, Shinjuku-ku, Tokyo 160-0004 WESTALL Yotsuya Building 2nd floor
11. Information on cookies
Cookies and other identifiers are used to gain understanding on the user trends of our customers as statistical information at our corporate website and https://activityjapan.com/.The information acquired in this manner, however, cannot be used to identify individuals.
Privacy notification
12. Information on access logs
Information on IP addresses, browser types, referenced URLs and the like is collected from access logs at https://activityjapan.com/. The collected information is used as statistical information to analyze user trends of the websites and nothing is reflected back on the Personal Information.
Information on handling of Personal Information (matters for consent)
[Information on provision to third parties]
Unless stipulated by law, the Company shall not provide Personal Information of any person to a third party, without first obtaining consent from such person.
[Information on provision to third parties located in foreign countries]
1. Information on provision of Personal Data to third parties located in foreign countries
The Company may provide the Personal Information of our customers to third parties (partner businesses and the like) that are located in foreign countries, to the extent necessary to provide services. Countries eligible for such consideration shall be those countries that satisfy one of conditions described below, as a general rule.
a. Countries that are subject to GDPR (EU and EEA member states) and the United Kingdom (foreign countries that are designated as having a Personal Information Protection Commission with systems in place for the protection of Personal Information that are recognized as offering the same level of protection as in Japan) Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Liechtenstein, Iceland, Norway, and the United Kingdom (Reference: Personal Information Protection Commission Notification No. 1 and No. 5 of 2019)
b. Countries and territories that have sufficient certifications based on Article 45 of the GDPR (where the European Commission has recognized that there is an adequate level of data protection according to the GDPR) Argentina, Andorra, Israel, Uruguay, United Kingdom, Canada, South Korea, Switzerland, Faroe Islands, Kingdom of Denmark, New Zealand
* Reference:https://www.ppc.go.jp/enforcement/infoprovision/laws/GDPR/
c. Member countries and territories of the CBPR System of APEC 16.1.3 (laws and ordinances in place that comply with the privacy framework of the APEC) America, Mexico, Canada, Singapore, South Korea, Australia, Taiwan, the Philippines
*Reference:https://www.ppc.go.jp/enforcement/cooperation/international_conference/
http://cbprs.org/
d. Countries that are considered to have completed the establishment of basic legal systems for the protection of Personal Information (with a certain level of evaluation provided by the Japan Information Processing and Development Center (JIPDEC)) China
*Reference:https://www.jipdec.or.jp/library/itreport/2021itreport_winter03.html
e. Malaysia: Law and ordinances pertaining to Personal Information protection has been established. See below for details.
https://www.ppc.go.jp/files/pdf/malaysia_report.pdf
f. In the event a third party to which Personal Information of our customer is in a country that corresponds to descriptions in Paragraphs a to d under Article 7 above, any and all such third parties shall have measures for protection of Personal Information that complies with provisions of the Eight Principles of the OECD Privacy Guidelines and JISQ15001 (Privacy Mark). Regarding the Socialist Republic of Vietnam, the "Ordinance on Personal Information Protection" is scheduled to come into effect in July 2023, and for the Kingdom of Thailand, the "Personal Data Protection Act (PDPA)" is in place, which is GDPR compliant, and while these measures described above do not apply to protection of Personal Information, we believe that these guarantee the security of information. Click here for details on the investigation of systems relating to protection of Personal Information in foreign countries, provided by the Personal Information Protection Commission.
g. Even in the event a foreign country to which personal data is provided does not correspond to descriptions in Paragraphs a to ed under Article 7 above, the Company shall appropriately implement control of outsources in compliance with provisions for the Privacy Mark, and ensure implementation of secure consignments.
[Information on consigning handling of Personal Information]
The Company may consign a part of business operations to an outsource in order to provide better services in the operation of the business. In such instances, an outsource that is recognized to be handling Personal Information in an appropriate manner is selected, then necessary matters for preventing leaks of Personal Information are established through appropriate control and maintenance of confidentiality prescribed by contracts and the like, to ensure proper control is in place.
[Information on voluntary provision of Personal Information]
Provision of Personal Information to the Company is entirely voluntary. It should be noted, however, that in the event Personal Information is not provided, it may not be possible for the Company to provide responses or services.
Inquire with the following contact regarding questions and consultations on the handling of Personal Information by the Company.
Personal Information Inquiry Contact, Activity Japan Co., Ltd.
WESTALL Yotsuya Building 2F, 1-22-5 Yotsuya, Shinjuku-ku, Tokyo 160-0004
Phone: 03-6862-5311 (weekdays 10:00 to 17:00)
Person responsible for Personal Information: Yuji Ogawa, Personal Information Protection Manager
Established date: March 16, 2016
Final revision date” Thursday, April 11, 2024
Activity Japan Co., Ltd.
Ming Ming Chen, Representative Director
Please wait a moment