• ENGLISH
  • 日本語
  • ENGLISH
  • 日本語

EU Personal Data Protection Policy

The Company’s way of thinking on personal data

wondertrunk&co. (hereinafter referred to as “The Company”) considers the appropriate use and protection of the personal data of people living in the EEA region to be The Company’s social responsibility. We establish The Company’s EU Personal Data Protection Policy as follows and will strive for information protection.

Definition of personal data

Information that can identify individuals such as the names and addresses of customers, personnel of companies we do business with, and those entered in The Company’s inquiry form, etc., are managed strictly at The Company as personal data. The definition of personal data is equivalent to that of the GDPR.

Personal data management system

The Company shall appoint the following person as the personal data manager and establish an appropriate personal data management system.
Personal data manager: Arata Miyazaki (wondertrunk&co.inc. Deartech BLDG. 3F, 1-20-13 Jingumae, Shibuya-ku, Tokyo, 150-0001 Japan, arata@wondertrunk.co)

Proper acquisition and handling

The Company gathers various personal data of customers, etc., who have applied for tours. If such information is to be handled, The Company shall specify clearly the purpose and scope of use, etc., in advance, and handle information only if consent to do so has been obtained or in the following cases.

  1. If handling is required to perform a contract to which a customer is a party.
    Or, if handling is required to carry out procedures in response to the request of a customer prior to the conclusion of a contract.
  2. If handling is required to observe a legal duty that The Company should follow. (Cases where an order based on law from a government agency for information disclosure is followed, etc.)
  3. If handling is required to protect an important interest of a customer or another party.
  4. If conducting a survey of, preventing or taking measures against an illegal act or suspected illegal act is considered to be appropriate.
  5. If handling is required for legitimate interests pursued by The Company or a third party within the scope that does not infringe upon the rights, interests or freedom related to privacy of a customer.

Use of personal data

The use of personal data shall be carried out within the scope of use specified clearly in advance. In addition, if The Company changes the purpose of use, The Company shall specify this clearly on this website or contact subjects directly.

1. Gathering of personal data for the provision of travel services

Legal grounds: Performance of contractual duties
Purpose of use: Provision of travel services
Acquired data: “Name, gender, e-mail address, address, mobile phone number (acquisition via the application website, e-mail, fax, or written document)”* If this information cannot be provided, we cannot provide contracted travel services.

Existence of provision to third parties:

The Company provides such personal data to Japanese companies that conduct tours for the implementation and management, etc., of tours that customers have applied for. In addition, The Company provides such personal data to a Japanese system company, and stores such personal data on servers in Japan for the operation and management of the application website.

Further, Japan has not been certified by the European Commission for data protection adequacy, but The Company shall manage personal data appropriately in accordance with this EU Personal Data Protection Policy.

2. Gathering of special categories of personal data for the provision of travel services

Legal grounds: Consent
Purpose of use: Provision of travel services
Acquired data: Height, bodyweight, allergies, shoe size, existence of tattoos, medical history (existence of chronic disease), passport details, existence of dietary restrictions, daily exercise level, existence of smoking, ability to drink alcohol, existence of pregnancy, ability to use public bathing facilities

Existence of provision to third parties:

The Company provides such personal data to Japanese companies that conduct tours for the implementation and management, etc., of tours that customers have applied for. In addition, The Company provides such personal information to a Japanese system company and stores such data personal data on servers in Japan, and provides such information to an American operator company for the outsourcing of operator work for the operation and management of the application website.

Further, Japan and America have not been certified by the European Commission for data protection adequacy, but The Company shall manage such personal data appropriately in accordance with this EU Personal Data Protection Policy.

Storage periods:

The Company shall store customers’ personal data for a period of x years from acquisition and delete it appropriately thereafter.

3. Gathering of cookies at times of viewing of the application website

Legal grounds: Consent
Purpose of use: Increased customer convenience and improvement and increased quality of The Company’s website
Acquired data: Cookies

Existence of provision to third parties:

The Company provides such personal data to a Japanese system company, and stores such personal data on servers in Japan for the operation and management of the application website. Japan has not been certified by the European Commission for data protection adequacy, but The Company shall manage such personal data appropriately in accordance with this EU Personal Data Protection Policy.

In addition, personal data is consigned to Google of America to use Google Analytics. America has not been certified by the European Commission for data protection adequacy, but The Company shall consign such personal data to companies that are registered with the Privacy Shield that the European Commission has adopted and manage such personal data appropriately.

Data acquired with Google Analytics is managed based on Google’s privacy policy.

Please confirm the following with regard to the terms of use of Google Analytics and Google’s privacy policy.

・Terms of use of Google Analytics: http://www.google.com/analytics/terms/jp.html
・Google’s privacy policy: http://www.google.com/intl/ja/policies/privacy/partners/

Storage periods:

The Company shall store customers’ personal data for a period of 2 years from acquisition and delete it appropriately thereafter.

Rights held by customers

Customers may have the following rights with regard to their own personal data that The Company holds.

  • The right to demand access to personal data
  • The right to cause personal data to be corrected or deleted without undue delay
  • The right to restrict the handling of personal data
  • The right to receive personal data in a general format that can be read on a computer and the right to transfer that data to the management of another organization without obstruction
  • The right to express objections with regard to the handling of personal data in the interests of The Company or a third party, and the handling of personal data for direct marketing
  • The right to not be given an evaluation or decision that exerts a serious impact, including legal effects, with regard to the individual based on automatic processing such as profiling, etc. * The Company does not carry out profiling.
  • The right to withdraw at any time consent for the handling of personal data that the customer previously gave (however, this withdrawal of consent shall not exert an impact on the legality of personal data processing and transfers that took place prior to the withdrawal)In addition, if a customer is dissatisfied with The Company’s handling of personal data, they may make a complaint to the regulatory agency of an EEA member state or to The Company’s inquiries window.

Safety management of personal data

The Company shall take preventive measures for the personal data it collects against unauthorized access to personal data, and the loss, destruction, falsification and leakage, etc., of personal data. In addition, The Company shall also take various measures with regard to leaks from inside as well as external risks.

Continuous improvement of legal observance and the personal data management system

The Company shall observe laws, regulations and norms that apply to the personal data it possesses, and shall revise and improve the efforts in each of the items above as appropriate. In addition, if there is a legitimate request form a court, the police, a consumer center or other agency with authority equivalent to these, The Company shall disclose information in response.

Inquiries in regard to personal data

wondertrunk&co.inc: (Deartech BLDG. 3F, 1-20-13 Jingumae, Shibuya-ku, Tokyo, 150-0001 Japan, info@wondertrunk.co)