- Information relating to identifiable particular individuals among our customers and people associated with H.I.S., namely personal data, is an important and indispensable asset for H.I.S. This valuable personal data is socially required to be kept confidential and to be handled accurately and securely. In order to meet this social requirement, H.I.S. appropriately protects personal data in accordance with the following basic policy based on the spirit of H.I.S. corporate charters, observing Personal Data Protection Laws and other relevant laws and regulations.
1. Purpose of Use of Personal Data
H.I.S. utilizes personal data within the scope of the intended use that is clearly communicated to its customers. H.I.S. obtains personal data filled in or input into an application form by a customer for the purpose of arrangement and receipt of travel services provided by transportation facilities and/or accommodation facilities and provision of insurance services as well as its communication with the customer.H.I.S. utilizes personal data filled in or input into an application form by a customer at the time of request of travel arrangement and relevant insurance application, for the purpose of utilizing it to the necessary extent for arrangement and receipt of travel service provided by transportation facilities and/or accommodation facilities and provision of insurance services as well as its communication with the customer. Besides that, H.I.S. utilizes personal data of a customer for the purpose of marketing analysis for development of better products or services in the future, delivering information of products or service of H.I.S. and its other associated companies to customers, requesting customers for comments or opinions after the travel, or providing benefit service to customers. In any case, a customer has a choice to provide H.I.S. with his/her personal information or not, and the customer is kindly requested to recognize and acknowledge that the customer may not be provided a product or service of H.I.S., unless the customer provides H.I.S. with relevant particulars of personal data which are indispensable for H.I.S.’ service requested by the customer. H.I.S stores the personal data provided by customer at the time of request of travel arrangement in its database. Such data will be stored 5 years or until necessary for the performance of the contract, legitimate interests or to comply with legal obligations.
2. Legal bases on process the personal data
H.I.S. processes personal data relaying on the following legal bases: (1)Performance of contract, (2)Legitimate interests, (3)Compliance with legal obligations and (4)Consent.H.I.S. processes personal data relaying on the following legal bases;
(1)Performance of a contract The use of customers’ information may be necessary to perform the contracts that the customers have entered into with H.I.S. For example, if a customer uses H.I.S.’s services to make a reservation, H.I.S. will use information provided by the customer to carry out H.I.S.’s obligation to complete and administer that reservation.
(2)Legitimate interests H.I.S. may use the customers’ information for H.I.S.’s legitimate interests, such as to provide the customers with the best suitable content of the website, emails and newsletters (where customer’s opted to receive them), to improve and promote H.I.S.’s products and services and the content on H.I.S.’s website, and for administrative, fraud detection and legal purposes.
(3)Compliance with legal obligations. Other than as mentioned herein, we will at times have to process and disclose information about you to third parties, if we are legally obliged to do so (either directly by law or via a court order) or where we need to comply with our contractual duties to you. For instance, we may need to pass on certain information to tax accountants or public authorities under applicable tax or social security law.
(4)Consent H.I.S. may at times provide certain services and use a customer’s data only with his/her consent, e.g. were a reservation is made in a third country where appropriate data protection safeguards cannot be ensured. Furthermore, HIS requests the customer’s consent for the use of a customer’s personal information for marketing purposes. The customers may withdraw his/her consent at any time by contacting H.I.S. at one of the addresses below.
3. Provision of Personal Data
H.I.S. does not disclose or provide personal data provided by customers to any third parties, except with the consent of the customer from whom the data was obtained, or when there is a legitimate other reason for such disclosure (such as legal obligations to do so).H.I.S. will not disclose personal data of a customer to third parties without the consent of the customer from whom the data was obtained, except in the following cases:
(a) Protection of human life and health H.I.S may provide personal data when the disclosure is necessary for the protection of human life, human health or property and when it is difficult to obtain the consent of the person from whom the data was obtained. In addition, H.I.S may disclose it when it is particularly necessary for enhancement of public health or promotion of sound growth of children and when it is difficult to obtain the consent of the person from whom the data was obtained.
(b) Competent authorities H.I.S will disclose personal data to law enforcement insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud. H.I.S may need to further disclose personal data to competent authorities to protect and defend H.I.S’ rights or properties.
(c) Local H.I.S. offices In order to provide the services, a customer’s details may be shared with subsidiaries of the H.I.S below, its corporate family. For a description of our corporate structure, please refer to our About page. https://www.his.co.jp/english/about.html
(d) Third-party service providers H.I.S. may use arrangement agents (e.g. accommodation agent) and/or service providers (e.g. hotel or airline) to process the customer’s personal data on behalf of H.I.S in order to provide its services to the customer. Third party service providers are bound by confidentiality clauses and are not allowed to use his/her personal data for other purposes. Where data is transmitted out of the EEA to a processor in a third country appropriate safeguards are in place to ensure the safety of the customers’ personal data.
(e) Special provision for transfer of personal data from the EEA to third countries Where an individual from whom data has been collected is located in the EEA and such data will be transferred to any entity outside the EEA, H.I.S. will at any time ensure the safety of the personal data. In case of the absence of an adequacy decision of the European Commission, H.I.S. will only transfer data to third countries under the provision of appropriate safeguards required under the European General Data Protection Regulation. H.I.S. has entered into Standard Contract Clauses for the protection of personal data with its business partners in third countries, which at any time ensure an adequate level of protection of personal data as well as enforcement of the rights of individuals regarding their personal data. In cases where such safeguards cannot be ensured, H.I.S. will only share personal data after having notified the individual and retrieved consent for such transfer or where it is absolutely necessary to perform the obligations towards such individuals under the agreement with H.I.S.(such as disclosure of personal data to a hotel for the purpose of booking the accommodation for the customer).
4. Procedure for disclosure of personal data
When a customer makes inquiry or request to H.I.S. for disclosure, deletion, correction of his/ her personal data, or when a customer requests H.I.S. to cease using or providing the data to a third party, the customer is kindly requested to get in touch with H.I.S. H.I.S. responds to the inquiry or request within a reasonable period. In case H.I.S. cannot meet the request partially or wholly, H.I.S. explains the reason to the customer.When a customer makes inquiry or request to H.I.S. for disclosure, deletion, correction of his/her personal data, or when a customer request H.I.S. to cease using or providing the data to a third party, the customer is kindly requested to get in touch with the following contact windows of H.I.S. so that the customer is guided through the necessary procedure. H.I.S. responds to the inquiry or request within a reasonable period in accordance with the laws and the company codes and informs the result to the customer. In case H.I.S. cannot meet the request partially or wholly, H.I.S. explains the reason to the customer. You can reach our data protection officer at firstname.lastname@example.org contact our branch. > contact infomation
5. Security procedures for personal data
In order to prevent leakage, loss, or damage of it, H.I.S, strives to enforce safety procedures which are appropriate and rational from both technical and administrative aspects. If there should occur any leakage, loss or damage of personal data, H.I.S. will immediately inform the responsible supervisory authority as well as the person from whom the data was obtained immediately to that effect and will take necessary and appropriate countermeasures and/or correcting measures.In accordance with European data protection laws, H.I.S. observes reasonable procedures to prevent unauthorized access to, and the misuse of, personal data. H.I.S. uses various technical as well as physical security measures to ensure the safety and integrity of its data processing systems. Furthermore, only authorized and properly trained personnel are permitted to access personal data. H.I.S. conducts constant employee training and engages its employees in various awareness programs regarding the handling of personal data.
6. Data subjects’ rights under the European Data Protection Regulation
The customers have the various rights with respect to the personal data concerning the customers. The customers also have the right to file a complaint with a data protection supervisory authority. H.I.S. responds without delay to request for disclosure of personal data by the person from whom the data was obtained as well as other complaints, or consultations.(1) The customers have the following rights with respect to the personal data concerning the customers: – right to information, – right to rectification or erasure, – right to restriction of processing, – right to object to the processing, – right to data portability.
(2) The customers also have the right to file a complaint about H.I.S. regarding the processing of customers’ personal data with a data protection supervisory authority. For any inquiries regarding your rights, please get in touch with us under email@example.com
7. Other matters
Established as of March 1, 2005
Amended as of May 25, 2018