Our Commitment to Personal Data Protection
MIKI Tourist Co., Ltd. (hereafter referred to as “the Company”) recognizes the importance of protecting personal data in an advanced information and telecommunications society. We comply with the Act on the Protection of Personal Information (APPI) and related laws, as well as with other national guidelines and standards.
To ensure the secure protection of personal data concerning our customers and all other related parties (including personal data we have acquired or intend to acquire, which we plan to handle as personal data), we are implementing the following initiatives based on this policy.
1. Acquisition of Personal Data
We acquire personal data through lawful and fair means, with your consent. This consent can be withdrawn at any time.
2. Use of Personal Data
We acquire personal data through methods such as written forms (including online forms), telephone calls, and emails. In addition to the purposes explicitly stated at the time of acquisition, we use the data for the purposes listed below.
When using personal data, we will do so through appropriate and fair means within the scope of the stated purpose of use. We have implemented measures to prevent use for purposes other than those specified and will not use the data in a way that may promote or encourage illegal or improper acts.
Personal Data Provided for Inquiries and Consultations
We use the personal data you provide for inquiries and consultations to contact you. We may also use this information as needed to contact or verify with relevant organizations regarding the content of your consultation.
Personal Data Provided for Travel Bookings
We use the personal data provided when you book a trip to contact you and to make necessary arrangements for the travel services (provided by transportation, accommodation, and other providers, with major ones listed in the contract) you have requested.
Additionally, we use the personal data of your emergency contact in Japan only if we deem it necessary to contact them in case of illness, injury, or other emergencies during your trip.
Personal Data Provided for Other Products and Services
We use this personal data to contact you and within the necessary scope to provide the services you have requested.
Additionally, with regard to Specific Personal Information (Individual Number = My Number), we will only use and provide it within the scope of purposes stipulated by the Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure. The information will be deleted or erased once the related social insurance administrative tasks are complete.
* When you apply for our travel or other services, we will retain some of the personal data you provide.
* In all cases, you have the choice of whether or not to provide your personal data to us. However, please be aware that if the information you do not provide is indispensable for the provision of the travel or other services you are applying for, you may not be able to use our services.
3. Provision of Personal Data to Third Parties
We do not provide personal data to any third party, except in the cases listed below.
When we do provide data, we ensure through a contract that the recipient handles the personal data appropriately.
- When we have the customer’s consent.
- When required by law.
- When it is necessary for the protection of a person’s life, body, or property and it is difficult to obtain the individual’s consent.
- When it is particularly necessary for the improvement of public health or the promotion of sound development of children, and it is difficult to obtain the individual’s consent.
- When it is necessary to cooperate with a state organ, a local government, or an individual entrusted by either of the two in executing affairs prescribed by law, and obtaining the individual’s consent is likely to impede the execution of the said affairs.
4. Personal Data Management
We ensure the accuracy of personal data and manage it securely.
To prevent the leakage, loss, or damage of personal data, we take appropriate security management measures as described below.
Establishment of Basic Policy
- This basic policy has been established to ensure the proper handling of personal data and to provide a point of contact for questions and complaints.
Establishment of Rules for Handling Personal Data
- We have established Personal Data Handling Regulations that define the methods, responsibilities, and duties for each stage of personal data handling, including its acquisition, use, storage, provision, deletion, and disposal.
Organizational Security Measures
- Appoint a person responsible for personal data handling (Personal Information Manager).
- Clearly define the employees who handle personal data and the scope of data they are authorized to handle.
- Establish a reporting system to the Personal Information Manager for any actual or potential violation of laws or internal policies.
- Conduct regular internal audits of personal data handling.
Human Security Measures
- Conduct regular training for employees on key points regarding the handling of personal data.
- Include provisions on the confidentiality of personal data in the company’s rules of employment.
Physical Security Measures
- Implement measures to control employee access to and from areas where personal data is handled. This includes restricting equipment brought into these areas and preventing unauthorized viewing of personal data.
- Take measures to prevent the theft or loss of devices, electronic media, and documents that handle personal data, such as securing paper records in locked storage.
- When transporting devices or electronic media containing personal data, even within the office, implement measures to ensure the data cannot be easily identified.
Technical Security Measures
- Implement access controls to limit the scope of personal data handled by authorized personnel.
- Introduce a system to protect the information system that handles personal data from unauthorized external access or malicious software.
Understanding the External Environment
- When handling personal data in a foreign country, we will implement security management measures after understanding the data protection system in that country.
When taking personal data outside of our facilities, we will obtain approval from the Personal Information Protection Manager and prevent unauthorized access or disclosure.
We will retain personal data only as long as necessary and will promptly erase it once the purpose of use has been completed.
If a data breach occurs that is determined by the rules of the Personal Information Protection Commission to have a high risk of harming an individual’s rights and interests, we will promptly report the incident to the Personal Information Protection Commission and notify the affected individual after we become aware of the facts.
5. Outsourcing of Operations
To provide products and services to you, we may outsource a part of our operations and, within the necessary scope to achieve the purpose of use, provide your personal data to our business partners.
In such cases, we will appropriately manage and supervise our business partners, in compliance with the Act on the Protection of Personal Information, by, for example, concluding a non-disclosure agreement with them regarding the handling of your personal data.
6. Provision of Personal Data to Third Parties Located in a Foreign Country
In the following cases, we may provide personal data to a third party located in a foreign country (a country or region outside of Japan).
To arrange and receive the travel services you have requested, and within the necessary scope for providing other products and services, we will provide personal information such as your name, gender, age, address, phone number, email address, and passport number to transportation and accommodation providers, insurance companies, and other related parties via electronic or other methods. This is also done within the necessary scope for procedures related to insurance that covers our liabilities under the travel contract and any accident-related costs.
Furthermore, we will only provide your personal data to business operators and other third parties outside of Japan, including our business partners, under the following circumstances:
- When we have the customer’s consent.
- When the third party is located in a country (EEA member states, UK) designated by law as having a personal data protection system equivalent to that of Japan.
- When the third party has established a system to continuously take measures equivalent to those that personal information handling business operators in Japan are required to take.
In case (1) above, the recipient country and third party may include your destination country, as well as hotels, tourist facilities, local travel agencies, and other related parties, so the exact names cannot be determined until your travel details are finalized. Please check this link for information on personal data protection systems in each country.
In case (3) above, we will take necessary and appropriate measures to ensure that the third party continuously implements the equivalent measures. If you wish to confirm the details of these measures, please contact our Personal Information Desk at privacy.jp@group-miki.com.
7. Disclosure, Correction, Suspension of Use, and Deletion of Personal Data
We recognize that you have the right to request the disclosure, correction, suspension of use, or deletion of your personal data or records of its provision to third parties. If such a request is made, we will verify your identity and, in accordance with applicable laws and our internal regulations, respond to your request without delay. We will then notify you of the result in writing or by electronic record. If we are unable to fulfill your request in part or in whole, we will inform you of the reason without delay.
8. Personal Data of Minors
We provide the same level of protection for the personal data of minors as we do for that of adults.
When a travel contract is made with a minor, we will always confirm the consent of a parent or legal guardian.
9. Organizational Structure
Appoint a Personal Information Protection Manager to ensure the proper management of personal data.
Conduct training for all employees, including officers, on the protection and proper handling of personal data, and ensure these practices are strictly followed in daily operations.
10. Formulation, Implementation, Maintenance, and Improvement of a Personal Information Protection Management System
To execute this Personal Information Protection Policy, we have formulated a personal information protection management system (including this policy, our “Basic Regulations for Personal Information Management,” and other rules and regulations). We will ensure this system is thoroughly understood and implemented by all our employees, and we will maintain and continuously improve it.
Note: We may revise the above policy. If we do, we will announce the changes on this website.
11. About Cookies
Our website may use cookies to provide a better service to our customers.
A cookie is a mechanism by which a website provider temporarily writes and stores data on your computer through your web browser when you access the website.
The cookies used by our website do not contain any records that can identify your personal information.
Additionally, we have separate websites for different products, and the cookies used may vary by website.
To check which cookies are being used or for details on how to adjust your settings, please refer to the “Help” menu or similar options in your browser.
Please note that if you choose to reject all cookies, you may experience limitations when using various internet services, such as being unable to access services that require authentication.
12. Point of Contact for Questions and Complaints
For any feedback, questions, or complaints regarding our handling of personal data, please contact us at the following:
MIKI Tourist Co., Ltd.
Our Personal Information Desk
Email: privacy.jp@group-miki.com
Date of Establishment: April 1, 2005
Last Revised: March 17, 2025
MIKI Tourist Co., Ltd.
Katsumi Hine, President and CEO