Privacy Policy: Details of how we process your personal data

EAST JAPAN RAILWAY TRADING CO., LTD. (Hereinafter referred to as "Company", "We", "Our" or "Us") announces that based on the Personal Data Protection Act 2012 (No.26 of 2012) (as amended from time to time) and/or other relevant laws and regulations as well as guidelines applicable in Singapore (the "PDPA"), will strive to appropriately collect, use, disclose, manage and protect personal data (as defined in the PDPA) of customers who use our services (Hereinafter referred to as "Customer", "You", "Your", or "Users") in accordance with the PDPA.

This Privacy Policy (Hereinafter referred to as this "Policy") applies to personal data in our possession or under our control, including personal data in the possession of organizations which we have engaged to collect, use, disclose or process personal data for our purposes. Please take a moment to read this Policy to understand the purposes for which we collect, use, disclose, manage and/or protect your personal data.

Article 1 Observance of laws and standards

1.1. Company respects the privacy of individuals and recognizes the need to treat personal data in an appropriate and lawful manner, and is committed to comply with its obligations in this regard, in respect of all personal data it handles.

1.2. Company may change some parts or all of the contents of this Policy from time to time to ensure that this Policy is in line with the legal and regulatory requirements, as well as the regulations and constitutive documents of Company. Hence, we advise you to check regularly for updated information on the handling of your personal data.

1.3. If you consider that this Policy does not follow the PDPA in respect to the personal data about you or others, you should raise the matter with our Data Protection Officer as soon as possible.

Article 2 Personal data we collect

2.1. In general, we collect the following personal data in a lawful, fair appropriate manner including but not limited to the following:

(a) Obtained from Customer;

(b) Obtained when Customer attending events or conferences;

(c) Mechanically obtained by accessing a website and so forth;

(d) Mechanically obtained by Cookies (Cookies), About Using Web Beacons; or

(e) Mechanically obtained by Using Google Analytics.

If you do not provide us above mentioned personal data that are necessary for each business operation and service provision, such business and service may not be able to be provided.

2.2. In general, we collect use and/or disclose your personal data in connection with the scope of Company's activities such as the provision of various services, collaborations with other third-party service providers. The followings are examples of the purposes for which we collect your personal data:

(a) to provide information on our products/services and other information related to our business activities;

(b) to conclude and perform a contract with your company, its subsidiaries and its affiliated entities as well as managing the contract;

(c) to comply with legal requirements;

(d) to conclude a contract;

(e) to respond to inquiries from Customer;

(f) to resolve complaints, and handling requests of and enquiries;

(g) to distribute appropriate information to Customer, etc.;

(h) for communication and marketing purposes;

(i) for internal record keeping;

(j) for information and communication related to the provision of services;

(k) for information and communication related to other services;

(l) for information on new services and campaigns, sending email newsletters, direct mail, etc.; and

(m) for creation of statistical data for marketing and sales promotion, provision of various information, conducting and tabulating surveys and questionnaires.

2.3. Your personal data will be retained by Company for as long as necessary for the fulfilment of the purposes stated in clause 2.2 or is required to satisfy any legal or business purposes.

2.4. Company will take reasonable steps to protect your personal data against unauthorized collection, use and/or disclosure.

2.5. The following are examples of information collected by Company, some of which are not personal data and are not covered by obligations and responsibilities relating to the protection of personal data:

(a) Information obtained from Customer

i. Name, date of birth, gender, addresses, company name, company address and so on described on exchanged business cards;

ii. Telephone numbers, e-mail addresses;and

iii. All other information provided by Customer to Company.

(b) Information mechanically obtained by accessing a website and so forth.

iv. Information such as terminal identifier, mobile terminal identifier, IP address, name associated with the terminal, type of terminal, phone number, country, and username, mail address, etc., when you use websites, applications, etc. provided by Company on the terminal or mobile terminal;

v. Information about your current location in the event that you use our  services, apps, etc. on your terminal or mobile terminal and have authorized the provision of location information there; and

vi. When Customer uses services and apps provided by us, various information concerning the usage and usage of the services and apps provided by Customer to us directly or through a third party who provides Company's services and apps.

(c) Cookies (Cookies), About Using Web Beacons
Company may use cookies, web beacons and other similar technologies to analyse your browsing habits of websites and HTML emails, or to provide you with more customized services and information. Cookies, web beacons, etc. are used as anonymized information for statistical analysis, etc., and may be associated with information that identifies customers in order to provide more customized services for various services. A cookie is a piece of information that a website transfers to your computer for the purpose of storing usage history and input, but does not include any personally identifiable information. If your browser settings allow you to send and receive cookies, your website can retrieve cookies from your browser. If you choose to reject cookies, please note that you may be restricted from using the website. Web beacons embed invisible images into websites and HTML emails, and when a customer views them, the information is recorded on the webserver. When you browse websites or read HTML emails, your browsing information may be recorded in Company as personally identifiable information rather than as anonymous information. If you do not consent to our use of cookies, please take steps such as suspending the delivery of HTML mail, adjusting your browser settings accordingly and/or do not use any of Company's services.

(d) Using Google Analytics (Google Analytics)
Company Analytics (Google Analytics) is used to track the usage of websites and applications operated by Company. Google Analytics uses cookies to collect logs without personally identifying information. The logs collected by Google Analytics are managed according to Google's privacy policy. *For more information about Google Analytics and Google's privacy policy, visit: https://www.google.com/intl/en/policies/privacy

3. Consent to the Collection, use, and disclosure of Personal Data

3.1. We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party, who has been duly authorized by you to disclose your personal data to us (your"Authorized Representative") after (i) you (or your Authorized Representative) have been notified of the purposes for which the personal data is collected, and (ii) you (or your Authorized Representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of your personal data without consent is permitted or required by the PDPA or other applicable laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorized by law).

3.2. By accessing or using Company's services or otherwise providing us with your personal data, you agree to the terms of this Policy and consent to the collection, use and/or disclosure of your personal data by Company for a part or all of the purposes set out in clause 2.2. If you do not consent to any of these terms, please do not access or use any of our services, or provide us with any of your personal information.

3.3. If you provide us with personal data relating to a third party (e.g. information of your spouse, children, parents or relatives), you represent to us that you have obtained the consent of such third party to provide us with their personal data for the relevant purposes.

4. Third-party provision

4.1. Subject to the provisions of any applicable law or regulations, your personal data may be collected, used and/or disclosed for any purposes listed in clause 2.2 (where applicable), to the following:

(a) Company's staff;

(b) Agents, contractors or third party service providers who provide services to Company;

(c) Our professional advisers such as auditors and lawyers;

(d) Our business partners;

(e) Relevant government regulators, statutory boards or authorities, or law enforcement agencies to comply with any laws, rules, guidelines, regulations or schemes imposed by any governmental authority; and

(f) Any other party to whom you authorise us to disclose your personal data to.

4.2. In addition to clause 4.1, Company will transfer your personal data to the entities outside Singapore, for any purposes listed in clause 2.2.

4.3. Company outsources part of its business relating to personal data. Company considers the management of outsources to be extremely important, and when outsourcing such work, Company selects business operators that meet the level of personal data protection stipulated by the PDPA, and clarifies each other's obligations under non-disclosure agreements, etc. In addition, Company requests the relevant business entities to handle personal data appropriately, and continuously conducts supervision and audits necessary for the security management of personal data.

4.4. As a general rule, Company does not disclose or provide personal data to third parties, except for affiliated subsidiaries, related corporations, service providers, vendors, as an extension of our services to you and regulatory authorities.

4.5. Notwithstanding the preceding paragraph, personal data may be provided to third parties in the following cases. In addition, we will disclose and provide your personal data appropriately in accordance with the PDPA and other applicable laws and regulations.

(a) With the consent of Customer;

(b) Cases where disclosure of personal data is required by a court, public prosecutors' office, police, tax office, bar association, or other organization with equivalent authority;

(c) Where Company outsources all or part of its business to a third party;

(d) Cases where disclosure is made to a person who has a duty of confidentiality with respect to Company;

(e) Cases where disclosure is made to a person who will succeed to the business upon a succession of the business due to a merger, transfer of business or any other cause;

(f) When permitted by the PDPA and/or other laws and regulations; and

(g) Other cases specified separately for each of Company's service.

5. Handling of linked personal data

Links to external websites may be posted on websites operated by Company or in email magazines. The personal data registered on these external sites are not under the jurisdiction of Company, and we are not responsible for their privacy policies and practices. If you are registering your personal data on an external site, please review this Policy for that site.

6. Inquiries on disclosure and deletion

If you wish to disclose and/or delete your personal data, we will confirm your identity and as soon as practicable disclose or delete your personal data (except where we are not required to do so under the PDPA and other applicable laws).

7. Access to and Correction of Personal Data

7.1. If you wish to make (a) an access request for access to a copy of the personal data which Company holds about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which Company holds about you, you may submit your request in writing to the contact details provided below.

7.2. We will respond to your request as soon as reasonably possible. If Company is unable to respond to for your request within 30 days after receiving the request, we shall inform you within 30 days of the time by which we will be able to respond to the request.

7.3. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA and other applicable laws) within 30 days after receiving the request.

7.4. Please be informed that we are entitled to charge a fee to recover the costs directly related to the access of the personal data for the time and effort spent by us in responding to the same, and will let you know the amount accordingly.

7.5. You should ensure that all personal data submitted to us is complete and accurate. Failure to do so may result in our inability to provide you with the information or services you requested.

7.6. Company shall make a reasonable effort to ensure that the personal data collected by or on behalf of Company is accurate.

7.7. You may also request that your personal data is transferred to another person (data portability).

8. Request to withdraw consent

8.1. The consent you provided for the collection, use, and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. Should you wish to withdraw your consent to our collection, use, disclosure of your personal data, you may give reasonable notice of the withdrawal to the Data Protection Officer in writing ("Withdrawal Notice"). Upon the Data Protection Officer receipts of a Withdrawal Notice, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and we will, as far as possible, notify you of the likely consequences of withdrawing consent, and should you wish to persist with the withdrawal of your consent after having been notified of the likely consequences thereof, we will cease to collect, use and/or disclose your personal data in question unless the collection, use and/or disclosure of such information is required or authorized under the PDPA or other applicable laws.

8.2. Please note that once consent is withdrawn, it may not be possible for us to accomplish the purposes as set out in clause 2.2, and hence, we may be unable to continue providing the requisite services to you.

8.3. Please note that withdrawing consent does not affect Company's right to continue to collect, use and disclose personal data where such collection, use, and disclosure without consent is permitted or required under the PDPA and applicable laws.

9. Personal data management and security measures

9.1. Company will strictly manage personal data and make reasonable security arrangements to prevent unauthorized or improper access, collection, use, disclosure, copying, modification, loss, destruction, falsification, leakage or similar risks through the development and improvement of systems and introduction of appropriate administrative, physical and technical measures for the protection of personal data, education and enlightenment activities for employees, access control and information security measures, etc.

9.2. You should be aware, however, that no method of transmission over the internet or electronic storage is 100% secure. While security cannot be guaranteed, we strive to protect the security of the personal data and will constantly review and enhance our information security measures. In the event that we have credible grounds to believe that an incident of personal data breach has occurred, we will take reasonable and expeditious steps in accordance with the PDPA.

9.3. Company shall cease to retain documents containing personal data or otherwise remove the means by which the personal data can be associated with you as soon as it is reasonable to assume that the purpose for which such information was collected is no longer served by retention of the said information and retention is no longer necessary for legal or business purposes, or where otherwise required under applicable laws. We will also ensure that any personal data that we do not retain is disposed of, anonymized, and/or deleted in an appropriate manner. To protect the security of personal data, we use Secure Sockets Layer (Secure Sockets Layer) technology to prevent such information from being intercepted, obstructed or altered.

10. Transfer of personal data outside of Singapore

The personal data we collect from you may be transferred to multiple destinations outside Singapore, including but not limited to Japan, for the fulfilment of the purposes stated in clause 2.2. Company will ensure that any transfers of your personal data to a territory outside of Singapore will be in accordance with the PDPA so as to ensure a standard of protection to personal data so transferred that is comparable to the protection under the PDPA.

11. Retention period, deletion and disposal of the collected personal data

We retain the personal data for the period necessary to fulfill the purposes stated in clause 2.2 unless a longer or shorter retention period is required or allowed by PDPA. After the purpose of processing is accomplished, your personal data will be properly deleted, disposed or anonymized in the way where the individuals cannot be identified in accordance with the rule of personal data processing we specified.

12. Appointment of the Data Protection Officer

12.1. Company shall designate at least one person as the Data Protection Officer ("DPO") to be responsible for ensuring the compliance with this Policy and the PDPA. The compliance with the PDPA remains the responsibility of Company notwithstanding the appointment of the DPO.

12.2. Company may appoint one or more representatives if necessary to assist the DPO to oversee the personal data protection practices and compliance with this Policy and the PDPA.

12.3. Company shall disclose the contact information of the DPO in Company's website.

12.4. Company shall make information available on request about this Policy and the complaint procedure.

12.5. In cases where employees of Company are not sure if it is their responsibility to respond to any requests related with the personal data, such requests shall be passed on to the DPO immediately.

12.6. Data protection processes are subjected to regular audit by the DPO or external parties to ensure an effective and continuous protection of the personal data.

13. Continuous Improvement

We will continuously review and improve its personal data protection management system, including this Policy, in order to maintain the appropriate level of handling and protection of personal data in the light of requests from business partners and changes in social conditions.

14. Inquiry desk

East Japan Railway Trading Company

2-2-2 Yoyogi Shibuya-ku Tokyo, 151-0053, JAPAN

E-mail address: Otherservices-gb@ejrt.co.jp

15. Revision

We may revise all or part of this privacy policy without prior notice. In that case, all revisions will be notified on this webpage. Any changes to this Policy shall apply from the time Company posts them on this website.