1. Our Privacy Policy

At Japan Institute of Education Co., Ltd. (hereafter JAPIE), we take privacy very seriously. We comply with the Act on the Protection of Personal Information and believe strongly in the need to protect the privacy not only of our customers, but of every party with whom we do business. In order to achieve this goal, we implement the following policies:

1. Regarding the collection, utilization, and disclosure of personal information, such information is to be collected by legal and fair means, and only as necessary for our business operations. Moreover, we will not use personal information or share it with third parties for reasons beyond the scope of its stated purpose. If it becomes necessary at any time to handle personal information in ways other than those initially specified, we will first obtain the approval of the personal information protection manager and then notify the customer and request their consent. Appropriate measures will be taken to ensure that the personal information in question is at no point used for purposes other than those stated. Specific Personal Information acquired will be used or shared with third parties only within the scope allowed by the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures  (hereafter, My Number Act).

2. Reasonable preventive and corrective measures are to be implemented at the organizational and technical levels against the risks of unauthorized access, loss, destruction, falsification, leakage, etc. of all personal information managed by our company

3. We comply with laws, guidelines, social norms and public order and morals regarding the protection of privacy and the proper handling of Specific Personal Information.

4. We make our contact information public in order to receive and respond to complaints, inquiries, or requests for disclosure regarding our handling of personal information. We will respond promptly and in good faith to requests from customers.

5. Regarding personal data protection management, we conduct regular audits and implement improvements on a continuing basis.

2. Regarding the Handling of Personal Information

In keeping with the Act on the Protection of Personal Information, My Number Act, and our company’s own Privacy Policy, we endeavor to manage and secure personal information as outlined below:

2-1. Personal Information Held by Our Company

(1) Some of the personal information provided to us by customers applying for travel, etc., is retained as personal data.

(2) The personal information of applicants for employment and employees who work for us is held as personal data.

(3) We retain personal numbers (“My Number”) for our employees, their dependents, and individuals whose ongoing contractual relationship with us necessitates the creation of payment records, etc., as personal data.

2-2. Intended Use of Our Customers’ Personal Information

(1) Personal information submitted by customers applying for travel may be used to contact the customer, to arrange for or receive travel services such as transportation or accommodations (as described in the written contract), or in the course of processing payments for travel services, but will be used only as is necessary.

※In addition, we may use a customer’s personal information for the following purposes:

1. To provide information on products, services, and campaigns offered by our company and/or affiliate companies
2. To request feedback from customers who have used our services
3. To request participation in surveys
4. To offer special perks or rewards
5. To aid in the creation of statistical data
6. In order to provide increased peace of mind to our customers by performing monitoring, prevention, and analysis of fraudulent activities and taking appropriate countermeasures

(2) We use personal information submitted by applicants for employment when necessary to conduct recruitment or employment-related business, such as conducting personal identification checks or communicating with prospective employees.

2-3. Disclosure of Personal Information to a Third Party

(1) In order to meet customer requests for travel organization, to carry out procedures necessary for the fulfillment of such services, or to arrange insurance to cover our travel contract liability, accident costs, etc., we may use an electronic or other secure method to provide customer information to facilities providing transportation or accommodations, insurance companies, and the like. The information provided may include name, sex, age, address, telephone number, email address, and passport and credit card information.

(2) For the convenience of our customers, we may share personal data with souvenir shops or other businesses. This data will be limited to things like name, passport number, and flight information, and will be sent in advance using an electronic or other secure method.

(3) In case of illness or accidents while travelling, we may ask customers to provide personal information for the person they list as their contact person. We will use this personal information only if the customer becomes ill or have an accident and we deem it necessary to notify their designated contact person. The customer will be responsible for obtaining consent in order to provide us with their contact person’s information.

(4) In order to maintain an environment that allows our customers peace of mind, we may provide personal data to government agencies, research institutions, business partners, etc. to aid in monitoring, prevention, analysis, and countermeasures against fraudulent activities. In such a case, the data (such as name, gender, age, address, telephone number, email address, or passport and credit card information), will be sent by electronic or other secure methods.

2-4. Collection and Utilization of Customers’ Personal Information

We ask that you be aware that we collect and use personal information for our customers as described below.

 (1) We will clearly display (in brochures, on our website, and on application forms, etc.) our purpose for collecting personal information and the scope of its usage, and obtain consent.

 (2) We will not use personal information for reasons other than the purpose for which it was collected without consent.

 (3) When sharing information with a third party, we will inform the subject in advance and obtain consent.

 (4) If the customer is a minor, we will obtain the consent of a legal guardian.

 (5) We may share customer data with business partners in order to simplify future travel requests or manage existing orders and itineraries, but rigorous measures will be taken to keep all data secure.

(6) As our customer, it is up to you to decide to what extent you provide us with personal information when filling out applications or requesting information. However, without access to information needed to contact you, arrange travel services, or fulfill orders, we may be unable to accept your application and/or fulfill your request.

2-5. Outsourcing of Customers’ Personal Information

We may outsource some or all of the business of managing personal information that you provide. For example, your information may be outsourced to tour companies, intermediary services such as those at airports, or services that process the payment of travel charges. If we must outsource, we will select companies that meet our standards and will share personal data only after confirming that the outsourcing company has security measures in place that are at a level comparable to our own.

2-7. Inquiries and Requests for Disclosure of Customers’ Personal Information

If you wish to receive notification or disclosure regarding our purpose for utilizing your personal data, or if you would like to make corrections, additions, or deletions, or request suspension of use, cancellation, or cessation of data disclosure to third parties, please contact us via the following link and we will assist you. However, regarding requests for data added by us, or for disclosure, suspension of use, cancellation, or cessation of data disclosure to third parties, we will be unable to comply with requests if to do so would significantly interfere with our business operations. For all other requests, we will act promptly in accordance with all relevant laws and statutes and our own internal regulations. In addition, we will provide an appropriate explanation in the case that part or all of your request cannot be met. Contact information for inquiries regarding personal information is as follows.

Japan Institute of Education Co., Ltd.
SATOH Yoshiko, President
1-3 Ishigamidai, Ōiso-machi, Naka-gun, Kanagawa, Japan

※Please contact us via our “Contact Us” Form

2-8. Management of Specific Personal Information

 (1) We use personal numbers (“My Number”) only for purposes within the scope of those allowed by the My Number Act.

 (2) We will not disclose personal numbers (“My Number”) to third parties except where permitted by the My Number Act.

 (3) In compliance with the My Number Act, we will promptly delete or erase personal numbers (“My Number”) upon completion of an administrative task that requires the use of one.

2-9. Managing Anonymously Processed Information

Regarding information listed in article 2-1 (1) above, we will take the following measures when creating Anonymously Processed Information or sharing it with a third party, to the extent permissible by law. In such case, we will put in place appropriate security measures to prevent identification of a specific individual or the restoration of any personal data that was processed.

(1)  Procedure for Creating Anonymously Processed Information

When we create Anonymously Processed Information, we will properly anonymize the information in accordance with the standards set forth in the Act on the Protection of Personal Information and the rules of the Personal Information Protection Commission.

1. Delete any descriptions that could be used to identify a specific individual
2. Delete any personal identification codes
3. Eliminate any codes linking data to other data
4. Delete unique descriptions that could be easily identified
5. Take other measures as appropriate, depending on the unique characteristics of the database in use

(2) Items included in Anonymously Processed Information

1. Information related to a customer’s personal affiliation【subject’s sex or birthyear】
2. Information on how the customer utilizes our services【application date, travel details (departure/arrival dates, destination, name/type of accommodation facilities, number of adults/children, sex, product grade, product type, product form, reason for travel, form of participation)】

(3) Disclosure of Anonymously Processed Information to Third Parties

Types of personal information included in Anonymously Processed Information created by our company and disclosed to third parties, and the methods of disclosure, are as follows.

1. Items in (2) 1 and 2 above
2. We will inform the recipient that the data we are sending is Anonymously Processed Information and will make such data available only after the establishment of a contract to prevent improper handling, including attempts to deanonymize the data.
3. We will send the data by electronic or other secure methods, including the use of data encryption.

(4) Other Measures for the Secure Management of Anonymously Processed Information

1. The authority and responsibilities of data processors will be made clear.
2. Rules will be established regarding data processing methods, and employees involved in this work will be properly educated and supervised.

2-10. Personal Data Leaks

In the unlikely event of a leak of personal data or other problem, we will contact the customer immediately. When necessary for security purposes, we may suspend our system or promptly make details of the situation public on our website.

3. Compliance with the Laws of Stakeholder Nations

We will process your personal data in accordance with the laws of the European Union and stakeholder nations regarding data protection. Below, we disclose how we collect and process the personal data you submit or disclose to us. Also, if we receive or obtain your personal data from a third party, we will act as an information processor. This personal data will be processed in accordance with applicable rules of the European Union and of each member state regarding data protection, in particular the General Data Protection Regulation (“GDPR”) Number 2016/679. If you do not want your personal information to be used as specified in this Privacy Policy, please do not provide it to us. However, if you choose not to provide personal information, please be aware that to not do so may impede our ability to provide you with services and that you may not be able to access or use some features of our website. If you have any questions or comments regarding our Privacy Policy, please contact us using the “Contact Us” Form.

3-1. How We Use Your Personal Information

We process your personal information in accordance with the legal grounds described in the GDPR (Articles 6 and 7). In addition, when processing sensitive personal information (such as union membership, religious beliefs, health status, etc.), we will follow the special rules set out in the GDPR (Articles 9 and 10). We may collect and process personal data for the purposes described below, and we may also disclose such personal data to companies that act as information processors on our behalf or to our service providers. The purposes for which we may collect or process personal information include the following:

(1) Execution of customer contracts and fulfillment of legal obligations (GDPR Article 6(1)(b), (c)). In order for you to travel abroad, we may be required by a government agency or agencies in the country of origin or destination to disclose or process your personal information for purposes related to immigration, etc. We will also need to provide your name, passport number, contact details, and other relevant information in accordance with the terms and conditions set forth by airlines or accommodation facilities. If you do not disclose this personal information to us, we may be unable to provide you with the services you desire.

(2) Execution of legitimate interests of the company and customers (GDPR Article 6(1)(f)). We may, as part of our business operations and when in the interest of both parties, undertake secondary processing of your personal data in order to maintain quality of service, provide customer care, manage business, perform risk assessment and management, or for purposes of security or other operations.

(3) Conduct marketing and other similar information processing upon your consent or permission (GDPR Article 6(1)(a)). If we intend to use your personal information or disclose it to third parties for marketing purposes, we will inform you before collecting the information. At the time of collection, we will confirm your willingness to have information used for marketing and related purposes by providing a consent box for you to check. This allows you to exercise your right to prevent such use or processing of your information.

(4) Explicit consent (GDPR Article 9(2)(a)). Information that is categorized as “sensitive personal information” under the GDPR, such as any allergies, health problems, or other relevant health information, may be required when making reservations and travel plans. We may need to acquire such information from you in order to provide you with services, meet your needs, or act in your interest. However, we will only collect sensitive information after gaining your explicit consent.

We process personal data for the above-identified purposes, each of which is explicit and legitimate under the law. We will not process your data secondarily in ways that do not fit these purposes. We will inform you if we intend to process personal data to meet goals or objectives other than those for which it was originally intended. In accordance with our legal obligations, we will retain your personal information for as long as necessary in order to guarantee provision of services and support business operations (GDPR Article 5 and Article 25(2)).

3-2. Types of Personal Information We Use

For purposes specified in this Privacy Policy, we may process any of the personal information noted above, as well as other personal information that has been stipulated in special notifications.

If you decide to provide your personal information to us, you may do so either directly or indirectly (ie. fill out a form in person or send it to us via email or the online “Contact Us” form). We guarantee that any personal information we process is sufficient, relevant, and will be limited to what is necessary in light of the purpose for which it is to be processed.

3-3. How We Share Your Personal Information

(1) In compliance with the GDPR, we may share your personal information with third parties. If your information is to be shared with information processors, we will establish an appropriate legal framework to cover transfers and processing (GDPR Articles 26, 28, 29). We will also establish an appropriate legal framework if we share your information with entities outside the European Economic Area (EEA), in particular the European Commission-approved Controller-Controller type (2004/915/EC) or the Controller-Processor type (2010/87/EU) standard contract clauses of the GDPR (beginning in Article 44).

(2) In order for us to provide products and services, or in order to support us in marketing products and services to you, your personal information may be transferred to strategic partners, who may in turn store the information or process it secondarily. We will only share your personal information with other companies for the purposes of providing or improving our products, services, and relevant advertising. When necessary, we will seek your consent.

(3) We may share your personal information with any of our affiliates. In the event that all or part of our business is sold or disposed of, including in connection with mergers, reorganizations, acquisitions, joint ventures, transfers, spin-offs, or bankruptcies, all or any portion of the personal information in our possession may be transferred to the parties involved.

(4) It may be necessary for us to disclose your personal information at the request of public or governmental organizations in or other than your country of residence and/or due to laws, legal proceedings, or lawsuits. We also may disclose your personal information upon determining that such disclosure is necessary or appropriate for reasons of national security, law enforcement, or other socially important issues.

Furthermore, we may disclose your personal information in cases where we have determined that there is a reasonable need for disclosure to protect our interests, pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our business or users.

(5) Such disclosures may cause your personal information to be transferred abroad. In addition, overseas transfers may be carried out for the purpose of providing you with customer service, making reservations with suppliers such as airlines or hotels, or providing various services to you at your destination. At the time of transfer, we will make absolutely sure that the information will be adequately secured, and in particular that security measures encompass the contents of the standard contractual clauses defined in European Commission resolutions 2001/497/EC, 2002/16/EC, 2004/915/EC, and 2010/87/EU. We will not use personal information for online marketing unless you are our customer, or you expressly agree to such use of your personal information. You may contact us at any time to change your marketing preferences.

3-4.Records of Data Processing

Whether acting as controller or as processor, we comply with the obligation set out in the GDPR (Article 30) to keep records of all personal information that is processed. Records will be reflective of every type of information required by the GDPR. When necessary, we will cooperate with supervisory authorities (Article 31).

3-5.Security Measures

Your personal information will be processed in a manner that guarantees an appropriate level of security, including protection from unauthorized or unlawful processing or from accidental loss, destruction, or damage. In order to achieve this level of security, we will utilize appropriate technical or organizational measures (GDPR Article 25(1) and 32).

Except in cases where a longer retention period is required or permitted by law, we will retain your personal information for only as long as is necessary to achieve the purposes outlined in this Privacy Policy.

3-6.Notification of Data Leaks to Supervisory Authorities

There are mechanisms and policies in place for confirming and promptly assessing any security breach that occurs in the course of sending, storing, or processing data and results in the accidental or illegal destruction, loss, modification, or unauthorized access or disclosure of personal information. Depending on the outcome of the assessment, we will notify the supervisory authority as required and contact affected data subjects, potentially including our customers (GDPR Articles 33 and 34).

3-7.Processing That Poses a Significant Risk to your Rights and Freedoms

There are mechanisms and policies in place for identifying information processing activities that may pose a significant risk to your rights and freedoms (GDPR Article 35). If an activity is determined to be high risk, we will assess it internally and either block the activity or take steps to ensure that the process is in compliance with GDPR regulations or, if not, that the appropriate technical and organizational security measures are put in place in order to achieve compliance.

When doubts arise, we will contact the data protection authorities for advice and recommendations (GDPR Article 36).

3-8.Your Rights

You have the following rights vis-à-vis any personal information that we collect and process.

(1) Information about the processing of your data: You have the right to obtain information from us about any data processing activities that involve your personal information (GDPR Articles 13 and 14).

(2) Access to personal information: You have the right to obtain confirmation from us as to whether your personal information is being processed and, if it is, to access that information and certain categories of related information (GDPR Article 15).

(3) Correction or erasure of personal information: You have the right to request that we correct personal information about you that contains inaccuracies or omissions, without undue delay (GDPR Article 15). In addition, there are certain legal grounds upon which you may have the right to request erasure of information pertaining to you, without undue delay (GDPR Article 17).

(4) Restrictions on the processing of personal information: If certain legal conditions are met, you may have the right to restrict our processing of your personal information (GDPR Article 18).

(5) Objections to the processing of personal information: If certain legal conditions are met, you may have the right to object at any time to having your personal information processed, for reasons peculiar to your situation (GDPR Article 21).

(6) Data portability of personal information: If certain conditions are met, you may have the right to receive your personal data in a structured and commonly used electronic format and to send that information to another controller without interference from us (GDPR Article 20).

(7) Right to forgo automated decision making: You may have the right not to be subjected to decisions based solely on automated processing, including profiling, when certain conditions are met and if to do so would produce legal or other significant consequences for you (GDPR Article 22).

If you intend to exercise any of these rights, please see the “Contact Information” section below.

If you are dissatisfied with our response to your request, or if you object to how we process your personal information, you can lodge a complaint with the data protection authorities.

3-9.Minors

We market our products and services primarily to adult customers. However, it is possible that we will collect and process the personal information of someone we know to be a minor under the age of 16. If so, we will consider the fact of their age when processing their personal information or when exercising the legal grounds to do so. For example, if a minor’s personal data is being processed with their consent, we will seek the consent of responsible parties such as parents, legal guardians, or teachers.

3-10.Links to Other Websites

We may offer hyperlinks from our website to third party sites or other sources of information on the Internet. Because we do not control the privacy practices or content of third party sites, we cannot be held liable. Please read the privacy statement of each site carefully to find out how your personal information will be collected and processed.

3-11.Privacy Policy Updates

This Privacy Policy may be revised or updated at any time. Any changes to the Privacy Policy will take effect upon issuance of the revised Privacy Policy. If we make a change that we believe to be important, we will notify you via our website when possible and ask for your consent when applicable.

4. Cookie Policy

4-1. What are Cookies?

Cookies are files that are sent and saved to your device when you visit a website, for the purpose of tracking your history on that site. You can disable cookies at any time by changing the settings of your internet browsing software.

4-2. Intended Use of Cookies

We use the information collected through cookies to improve our services and website, for security, and to obtain statistical data. Note that the information collected through cookies is limited to things like login or site history and does not include personal information such as your name or email address.

Contact Information

If you have any questions or requests regarding this Privacy Policy, please contact us using the “Contact Us” form.

The data protection officer is as follows:

Japan Institute of Education Co., Ltd.
Representative: SATOH Yoshiko, President
Address: 1-3 Ishigamidai, Ōiso-machi, Naka-gun, Kanagawa, Japan

Japan Tourism Agency-licensed Class 3 Travel Operator (Travel Agent License: #3-1120, issued by the Governor of Kanagawa Prefecture)

Current as of May 9, 2020