Use 12FOR11 and get 1 free box with a 12-month plan

USD
  • SGD
  • USD
  • TWD

Privacy Policy

1. About this Policy

We, JR East Business Development SEA Ptd. Ltd. (representative: Toshio Omiyama) (“we”, “us,” and “our”), collect, use and disclose Personal Data in order to operate our e-commerce business “JAPAN RAIL CLUB”.

2. Definitions

In this Policy:

(a) “Personal Data” means any information relating to an identified or identifiable natural person;

(b) “Process/Processing” means any activity or operation that is carried out in respect of the Personal Data, such as collecting, storing, using, transferring, or deleting it.

3. How we collect your Personal Data and what Personal Data we collect

4. Purpose of Processing Personal Data

We collect the following Personal Data from you.

(1) Purchasing of our services/products

(a) Personal Data collected when you use our product/service website
• Our product/service website collects cookies, device number, operating system, action history (accessed URL, contents, order, advertising history, browsing time, browsing method, etc.), location information as your access information.

(b) Personal Data registered for creating an account for the online purchasing website
• We collect your account information, including name, user name, birthdate, address, telephone number, e-mail address, credit card number (including tokenized information).

(c) Personal Data related to inquiries on the website
• We collect the date of membership registration, membership number, name, address, telephone number (including contact information for residence in Japan), and reply mail address as your inquiry information (In case you forget your password, we also collect your birthdate, gender, and telephone number).

(d) Personal Data you register at the time of purchase of our products/service
• We collect your name, e-mail address, telephone number, birthdate, passport number, nationality, gender, and agent booking ID for certain services.

(2) Contact information we collect from attendees of the events

(a) Personal Data related to attended events
• We collect your name, age, address, telephone number, and e-mail address. In addition , the event may be filmed and photograph, audio, video may be collected.

(b) Personal Data collected for providing information on services/products and other information related to our business activities
• We collect your contact information which includes your name, age, address, telephone number, and e-mail address.

(3) Personal Data we automatically collect when you use our online (website) services

(a) Personal Data related to the use of our web site
• We collect cookies, device number, operating system, action history (accessed URL, contents, order, advertising history, browsing time, browsing method, etc.), and location information as your access information.
A cookie is a technology that allows sites to store information in the browser of your computer, etc. and the information can be retrieved later. There are some contents using cookies in our web site. It is possible to disable cookies in your browser settings at any time, but please notice that in this case there may be some contents which cannot function properly or be shown correctly. For more information about cookies, please [find our Cookie Policy below].
• We use Google Analytics, a web analytics service provided by Google, LLC. We may use your purchase history in addition to your cookies, action history (accessed URL, contents, order, advertising history, browsing time, browsing method, etc.). For more information about the data collecting and processing by using Google Analytics, please visit the Google’s page below, “How Google uses data when you use our partners’ sites or apps” : www.google.com/policies/privacy/partners/(Link). For information on how to opt-out, please [find our Cookie Policy below].

If you do not provide Personal Data that are necessary for each operation and service, the service may not be able to be provided.

We process your Personal Data for the following purposes.

(1) Purchasing of our services/products

(a) For the conclusion and performance of a contract including provision of our services/products such as tickets, the management of a contract and the after-sales service of provided products/services

(b) For the contact necessary for providing our services/products (including the case of requesting delivery agencies to deliver products, etc.)

(c) For providing information on our services/products and other information related to our business activities

(d) For the billing and credit protection of fares and charges concerning our services/products (including the case of requesting a credit company for credit card payment, etc.)

(e) For receiving and responding to your inquiries and requests

(f) For registration of membership information for our services/products

(g) For the market research on our business, or other researches or surveys

(2) Contact information we collect from attendees of the events

(a) For providing information on our services/products and other information related to our business activities

(b) For invitations

(3) Personal Data we automatically collect when you use our online (website) services

(a) For the market research on our business, or other researches or surveys

(b) For business analysis related to our business

(c) For ensuring security of our customers and employees

(d) For the selection and development of software, systems, equipment, devices etc. for ensure security

(e) For the operation and maintenance of facilities, equipment and devices and the management of the usage status of them

(f) For analyzing our website usage status

5. Showing advertisements by using Personal Data

By analyzing Personal Data collected from you using our online service (website), we may show you advertisements that are relevant to you. Advertisement to be shown is mainly based on the following information:

  • Access information (cookie, action history, etc.) when you use our online service
  • Log information (browsed page, advertising history, browsing time, browsing method, etc.) when you use our service

6. Disclosure of Personal Data to recipients

In order to run each business and service, we share/provide your Personal Data with our group companies and external partners. Our group companies and external partners with whom we share Personal Data are as follows.

(1) Purchasing of our services/products

 Our group companies:
– East Japan Railway Company for operating events (located in Japan)
– Information service vendors for development, operation, maintenance, and management of our system (located in Japan)
– Internet service vendors that respond to inquiries and requests (located in Japan)
– Travel agencies for exchanging/selling our products for overseas customers visiting Japan (located in Japan)
– Travel agencies and regional headquarter companies for operating events (located in Taiwan)

 External business partners:
– Delivery agencies to deliver products
– Travel agencies for the exchanging/selling our products to overseas customers visiting Japan (located in Japan)
– Information service vendors for that process our products for overseas customers visiting Japan (located in Japan)

(2) Personal Data we automatically collect when you use our online (website) services

• Our group companies
– East Japan Railway Company for operating events (located in Japan)
– Information service vendors for development, operation, maintenance, and management of our system (located in Japan)

• External business partners
– Google, LLC

7. Storage period for Personal Data

We will retain your Personal Data that we collect for the period necessary to Process such Personal Data. However, this does not apply if we are required by law to retain your Personal Data for a longer period of time, in which case, we will retain it for the period required by law.

8. Your rights

You have a number of legal rights in relation to the Personal Data that we hold about you. These rights may vary depending on where you are located and which data protection laws apply to the relationship between you and us, but typically will include the following:

(a) Right to obtain information regarding the Processing of the relevant Personal Data and to access the relevant Personal Data that we hold;
(b) Right to request rectification of the relevant Personal Data if it is inaccurate or incomplete;
(c) Right to request erasure of the relevant Personal Data in certain circumstances;
(d) Right to request that we restrict our Processing of the relevant Personal Data in certain circumstances;
(e) Right to object to our Processing of the relevant Personal Data;
(f) Right to receive the relevant Personal Data in a structured, commonly used, and machine-readable format and/or to request that we directly transmit such Personal Data to a recipient where this is technically feasible; and
(g) Right to withdraw your consent to our Processing of the relevant Personal Data at any time (the withdrawal does not affect the lawfulness of Processing of Personal Data based on consent before its withdrawal).

You may exercise any of your rights by contacting us, using the information about us indicated in Section 10 below. You also may lodge a complaint with the data protection authority if you believe that any of your rights have been infringed by us.

9. Security control measures

To control the security of Personal Data, we will implement the items listed below. The following are examples only, and the specific measures to be implemented to control security may differ depending on each Personal Data.

(1) Formulation of basic policies
We will formulate and publicize “Basic Policies Regarding the Processing of Personal Information” in order to ensure the proper Processing of Personal Data.
(2) Development of disciplines regarding the Processing of Personal Data and so on
We will formulate internal rules regarding the Processing of Personal Data in order to properly acquire, store, use, manage, etc. Personal Data.
(3) Organizational security control measures
We will designate a person responsible for Processing Personal Data and we will also clarify those employees who will Process Personal Data; further, we will establish a system for notifying the responsible person in case an accident occurs, such as any leak of Personal Data (including any suspected accident of Personal Data).
(4) Personal security control measures
We will provide regular education and training to employees regarding matters to be noted and so on relating to the Processing of Personal Data; further, we will also include confidentiality matters relating to Personal Data in our internal rules.
(5) Physical security control measures
When we destroy or delete Personal Data, we will dispose of information by cutting, dissolving, physically destroying, or using other methods that make restoration thereof difficult.
(6) Technical security control measures
When we store or transfer Personal Data, we will take measures necessary to prevent leaks thereof, such as encryption and setting passwords.
(7) Understanding the external environment
We will take necessary and proper security control measures to manage Personal Data securely, with an understanding of the legislation for the protection of personal information in the foreign country where the Personal Data is stored.
(8) Supervision of employees
In order to ascertain how employees Process Personal Data, we will confirm that operations are conducted in conformity with laws and regulations, and internal rules, etc. by conducting an audit and so on not less than once a year. If there are any problems, we will promptly improve the situation.
(9) Supervision of outsourcees
In order to ascertain how Personal Data is Processed by outsourcees, we will confirm that operations are conducted in conformity with contracts and laws and regulations, etc. by conducting an audit and so on not less than once a year. If there are any problems, we will take necessary measures.

10. Data Protection Officer

If you have any queries or feedback, or wish to make a complaint, related to this privacy policy or our handling of your Personal Information, you may contact our Data Protection Officer, by e-mail, or postal mail at the contact details below. Please note that we will not respond to any inquiry by way of any methods (including directly visiting our office) other than these.
(a) E-mail address: [email protected]
(b) Postal mail address:
・To: JR East Business Development SEA Ptd. Ltd.
・Address: 20 Anson Road, #11-01 Twenty Anson, Singapore 079912

For customers in the EEA and the UK

This section applies to customers in the EEA and the UK.

1. Legal basis

The legal basis for Processing your Personal Data is as follows:

(a) When the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract

(b) When the processing is necessary for compliance with a legal obligation to which we are subject (e.g. when following the information disclosure orders from government/court based upon laws and regulation announced by government agencies/courts)

(c) When the processing is necessary in order to protect the vital interests of yours or of another individual

(d) When the processing is necessary for the purpose of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your privacy related rights, interests, and freedom. The legitimate interests pursued by us or a third party are as follows:
・Customer satisfaction improvement;
・Service improvement;
・Direct marketing;
・Illegal act prevention;
・Regular communication with business partners and others;
・Protection of assets (security) of our customers and our company; and
・Safety of our employees.

2. Transfers of Personal Data outside the EEA or the UK

Your Personal Data may be transferred to, and stored by, a third party outside the EEA or the UK (e.g. Japan and Singapore). Where we transfer your Personal Data to a third party outside the EEA or the UK, we will ensure that:

(a) the recipient destination has been subject to a finding from the European Commission or has been designated by the government of the UK as ensuring an adequate level of protection for the rights and freedoms that you possess in respect of your Personal Data; or

(b) the recipient enters into standard data protection clauses that have been approved by the European Commission, or other contracts for the transfer of Personal Data as required by data protection laws, with us.

You can obtain more details of the protection given to your Personal Data when it is transferred outside the EEA or the UK by contacting us using the information about us indicated in Section 10 above.

For Customers in California (Addendum for California Consumer Privacy Act)
Last Updated: 9/1/2022

If you are a California “consumer” within the meaning of the California Consumer Privacy Act of 2018 (“CCPA”), this Addendum for California Consumer Privacy Act (“CCPA Addendum”) applies to you. The CCPA Addendum supplements our Privacy Policy (the “Policy”) and prevails over any conflicting provisions in the Policy.

This CCPA Addendum uses certain terms that have the meanings given to them in the CCPA, including:

• “Personal Information,” which means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

• “Sell,” “selling,” “sale,” or “sold,” which means the selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, the Personal Information by a business to another business or a third party for monetary or other valuable consideration.

• “Share,” “shared,” or “sharing,” which means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, the Personal Information by a business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged.

For Customers in California (Addendum for California Consumer Privacy Act)

Last Updated: 9/1/2022

If you are a California “consumer” within the meaning of the California Consumer Privacy Act of 2018 (“CCPA”), this Addendum for California Consumer Privacy Act (“CCPA Addendum”) applies to you. The CCPA Addendum supplements our Privacy Policy (the “Policy”) and prevails over any conflicting provisions in the Policy.

This CCPA Addendum uses certain terms that have the meanings given to them in the CCPA, including:

• “Personal Information,” which means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

• “Sell,” “selling,” “sale,” or “sold,” which means the selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, the Personal Information by a business to another business or a third party for monetary or other valuable consideration.

• “Share,” “shared,” or “sharing,” which means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, the Personal Information by a business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged.

1. Our Collection, Use, and Disclosure of Your Personal Information

A. Categories, Sources, Purposes and Retention Period of Your Personal Information Collected or to Be Collected

The table below describes the categories of your Personal Information that we collect, or have collected during the 12-month period prior to the effective date of this CCPA Addendum.

Category of Personal Information Collected

Example

• Identifiers: Name, user name, birthdate, address, e-mail address, passport number, Pay user information

• Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): Telephone number, credit card number

• Protected classification characteristics under California or federal law: Age, gender, nationality

• Commercial information: [Agent booking ID], the date of membership registration, membership number, purchase history

• Internet or network activity information: Cookie, device number, operating system, action history (accessed URL, contents, order, advertising history, browsing time, browsing method, etc.)

• Geolocation data: Location information

• Audio, electronic, visual and similar information: Photograph, audio, video

• Sensitive Personal Information: Passport number

Business or Commercial Purposes. The business or commercial purposes for which your Personal Information is collected or used are as described in Section 4 of the Policy. We do not use or disclose your sensitive Personal Information for purposes other than those specified in the CCPA. In addition, we do not collect or use your sensitive Personal Information for the purpose of inferring characteristics about you .

Categories of Sources. The categories of sources from which your Personal Information was collected during the 12-month period prior to the effective date of this CCPA Addendum are as follows.

• Obtained directly from you

Retention Period. The retention period of your Personal Information is as described in Section 7 of the Policy.

 

B. Sale, Sharing and Disclosure of Your Personal Information

(A) Sale and Sharing of Your Personal Information

We do not sell, share, and have not sold or shared during the 12-month period prior to the effective date of this CCPA Addendum, your Personal Information, including the Personal Information of consumers under the age of 16.

(B) Disclosure of Your Personal Information for a Business Purpose

The table below describes: (i) the categories of your Personal Information that we have disclosed for our operational business purposes during the 12-month period prior to the effective date of this CCPA Addendum; and (ii) the categories of third parties to whom we have disclosed such Personal Information for our operational business purposes during the 12-month period prior to the effective date of this CCPA Addendum.

Third Parties to whom Personal Information Was Disclosed in the Last 12 Months

Our group companies, external business partners, public organizations

2. Your Rights and Requests

If you are a California consumer, you have certain rights regarding your Personal Information, as described below:

I. Access: You have the right to request, twice in a 12-month period, that we disclose to you the following information we have collected, used, and disclosed about you during the 12 months preceding your request:

(I) The categories of Personal Information we collected about you;

(II) The categories of sources from which we collected such Personal Information;

(III) The business or commercial purposes for collecting your Personal Information;

(IV) The categories of third parties with whom we disclosed such Personal Information; and

(V) The specific pieces of Personal Information we have collected about you.

II. Deletion: You have the right to request that we delete certain Personal Information we collected from you.

III. Correction: You have the right to request that we correct inaccurate Personal Information we collected from you.

How to Submit a Request. To make an access or deletion or correction request, please contact us using the information about us indicated in Section 10 of the Policy.

Verifying Requests. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your Personal Information or complying with your deletion or correction request.

Upon receiving an access or deletion or correction request from you, we first will verify your identity by requiring you to submit Personal Information you have provided us already (such as your name or e-mail address), and by matching the information you submitted with what we already have. If we are unable to verify your identity because you have not submitted this information, we may refuse your request.

If you use an authorized agent to make an access or deletion or correction request on your behalf, we may require the agent to provide documents proving that you have given the agent signed permission to make the request. We also may require you to (1) verify your own identity directly with us, or (2) directly confirm with us that you provided the authorized agent permission to submit the request.

Additional Information. If you exercise any of your rights under the CCPA, you have the right not to receive discriminatory treatment from us. To the extent permitted by applicable laws and regulations, we may charge a reasonable fee to comply with your request.

3. Changes to this CCPA Addendum

We may change this CCPA Addendum from time to time. The date “Last Updated” at the top of this CCPA Addendum states when this CCPA Addendum was last updated. Any changes will become effective upon us posting the revised CCPA Addendum.

We will post a prominent notice on the site to notify you of any significant changes to this CCPA Addendum and indicate the date it was most recently updated.

4. Contact Details

If you have any questions or concerns regarding this CCPA Addendum or our privacy practices, please contact us using the information about us indicated in Section 10 of the Policy.

For Customers in the Republic of Korea (Addendum for the Republic of Korea)

For Customers in the Republic of Korea (Addendum for the Republic of Korea)
Last Updated:●/●/ 2023

This Addendum supplements our Privacy Policy (the “Policy”) and sets forth, in greater detail, the information related to how we collect, use, and disclose the Personal Data of users in South Korea.

1. Transfers of Personal Data

Specifically , we transfer your [(i) name, e-mail address, telephone number, nationality, passport number, gender, agent booking ID and birthdate for the purpose of purchasing tickets online on Japan Rail Club and issuing the ticket based on the purchase, (ii) cookies for the purpose of counting the number of visitors to Japan Rail Club website, (iii) e-mail address, membership number and name (birthdate, passport number , gender, nationality and telephone number, if necessary) for the purpose of responding to customer inquiries on Japan Rail Club to the following companies outside South Korea (within Japan) during a certain retention period as long as necessary to fulfill the purposes: JR EAST View Tourism and Sales Co., Ltd., LINKTIVITY Inc., East Japan Railway Company, [CREATIVE TRAVEL (TAIWAN), LTD. (located in Taiwan), JRE Business Development Taiwan, Inc. (located in Taiwan)], RAILWAY INFORMATION SYSTEMS CO.,LTD., JR East Information Systems Company, and JR East Net Station Co.,Ltd.. ]

2. Periods of Retention of Personal Data

If required to retain Personal Data pursuant to applicable Korean laws, such as those set forth below, we will retain Personal Data solely for the retention periods and purposes prescribed thereunder:

(a) Records on contracts or withdrawal of offers and the like
• Reasons for retention: Article 6 of the Act on Consumer Protection, etc. in E-commerce (“E-commerce Act”); and Article 6 of the Enforcement Decree thereof
• Duration of Retention: 5 years

(b) Records on payment settlement and supply of goods, etc.
• Reasons for retention: Article 6 of the E-commerce Act; and Article 6 of the Enforcement Decree thereof
• Duration of Retention: 5 years

(c) Records on Processing of consumer disputes and complaints
• Reasons for retention: Article 6 of the E-commerce Act; and Article 6 of the Enforcement Decree thereof
• Duration of Retention: 3 years

(d) Records on access
• Reasons for retention: Article 15-2 of the Communications Secrecy Protection Act; and Article 41 of the Enforcement Decree thereof
• Duration of Retention: 3 months

3. Procedures/Methods for Destruction of Personal Data

• Procedures of destruction

We select the Personal Data to be destroyed (i.e., Personal Data whose purpose of processing is achieved or whose retention period has expired) and destroy it.

• Method of destruction

If printed on paper, the Personal Data will be destroyed by shredding, incinerating, melting, or some other similar method, and if saved in electronic form, the data will be destroyed by technical methods which ensure that the data cannot be restored or recovered.

4. Rights and Obligations as a Data Subject and How to Exercise Them

Notwithstanding Article 8 (Your rights) above of the Policy, users may exercise their rights within the scope recognized under the Korean Personal Information Protection Act. A user and/or their legal guardian may access, correct, or delete the user’s registered Personal Data at any time. A user and/or their legal guardian may also withdraw consent to the collection, use, provision, or storage of Personal Data that the user provided in order to use the services. Please contact the Privacy department responsible for handling matters related to Personal Data protection in Article 5. (Contact Us) below of this Addendum if you wish to exercise any of these above rights.

5. Contact Us

If you have any questions or concerns about our use of your Personal Data, or wish to inquire about our Personal Data handling practices, and exercise your rights to access, correct or inquire about deletion of Personal Data, please contact us using the information about us indicated in Section 10 of the Policy.

 

For Customers in the Kingdom of Thailand (Addendum for the Kingdom of Thailand)

Last Updated:●/●/ 2023

This addendum applies to data subjects in Thailand. In addition to those other laws and regulations applicable to us, we will respect and fulfil our duties under the Personal Data Protection Act B.E. 2562 (2019) (the “Thai PDPA”), where applicable. The addendum supplements our Privacy Policy (the “Policy”) and prevails over any conflicting provisions in the Policy.

The term “Personal Data” used in this Addendum shall have the same meaning given to it in the Thai PDPA, i.e. any information relating to a natural person, which enables the identification of such natural person, whether directly or indirectly. However, it shall not include information of a deceased person.

1. Legal Basis Processing your Personal Data

We will handle your Personal Data consistent with the consent you give to us. However, we are also able to rely on grounds described under the Thai PDPA to Process your Personal Data without having to obtain your consent. Said grounds include but are not limited to:

1) Where it is for vital interests to prevent or suppress any danger to a person’s life, body or health;

2) Where it is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract;

3) Where it is necessary for legitimate interests of us or of a third party to Process your Personal Data. However, if we rely merely on the basis of legitimate interests to Process your Personal Data, we will take into account interests or fundamental rights you have as a data subject; and

4) Where we have to comply with our statutory obligations.

2. Whether Your Provision of Personal Data is Necessary?

In most cases, providing your Personal Data is not mandatory.

However, in some cases, you are under a statutory or contractual obligation to provide the Personal Data to us, or it is necessary for you to provide your Personal Data in order to enter into a contract with us. These include:

If you book, purchase or request our services/products, and if you refuse to provide the necessary Personal Data, this will obstruct us in managing the service relationship with you, and in providing the services to you;

3. Cross border transfer

We may share or transfer your Personal Data with our group companies and external partners as indicated above in Japan, Singapore and Taiwan. In such case, we will ensure that the destination country or international organization that receives your Personal Data shall have adequate data protection standard, and shall be carried out in accordance with the rules for the protection of Personal Data as prescribed by the Thai Personal Data Protection Committee. In the absence of the guidance as to which countries shall be considered as to have adequate data protection standard and the rules for the protection of Personal Data issued by the Thai Personal Data Protection Committee as referred to above, we will share or transfer your Personal Data to our group companies and external partners in such the foreign countries in accordance with your consent, providing that you will be informed of the inadequate Personal Data protection standards of such destination country or international organization, or by relying on other exemptions permitted by the Thai PDPA.

4. Your Rights and Requests

As a data subject, you have certain rights regarding your Personal Data, as described in the Thai PDPA. However, you may not be entitled to exercise all the said rights since your entitlements are subject to the nature or the purpose of the collection, use or disclosure of your Personal Data carried out by us, as will be further explained below. Hence, for your information, and so that you duly understand and recognise each of your rights, we summarise all rights prescribed under the Thai PDPA, as follows:

Right to Withdrawal of Consent: You have the right to withdraw your consent to collect, use and/or disclose your Personal Data so long as there are no restrictions in so doing by law or the contract which gives benefit to you. However, the withdrawal of consent shall not affect the collection, use, or disclosure of Personal Data for which you have already given consent legally.

Right to Access: You have the right to request information about how your Personal Data is collected, used or disclosed, including the right to access to your own Personal Data and to obtain a copy of such Personal Data, as well as to request for disclosure of your Personal Data that you believe we obtained without your consent.

Right to Rectification: You have the right to require us to correct or complete your Personal Data that you believe it is inaccurate or incomplete.

Right to Erasure: You have the right to request us to have your Personal Data erased and to have confirmation of such erasure, or to make your Personal Data anonymous under certain conditions and on certain grounds in accordance with the Thai PDPA, as follows:

• Where your Personal Data is no longer necessary in relation to the purpose for which it was collected, used or disclosed;

• Where your consent for collection, use or disclosure of such Personal Data is withdrawn, and where we have no legal grounds for such collection, use or disclosure;

• Where you have objected to the collection, use or disclosure of your Personal Data, and we have no legal ground to reject such request; or

• Where there is no legal basis for the collection, use or disclosure thereof.

Right to Restriction: You have the right to request us to restrict the use of your Personal Data in the following circumstances:

• Where there is a pending examination process to your request for rectification as stated above;

• Where you have a right to erasure on the grounds that the collection, use or disclosure of your Personal Data carried out by us is unlawful but you do not want such Personal Data to be erased;

• Where your Personal Data is no longer needed for the purpose of collection, use or disclosure but it is still required by you for the establishment, exercise or defence of legal claims; or

• Where you have objected to the collection, use or disclosure of your Personal Data, and the verification of such objection is pending.

Right to Data Portability: You have the right to request that we send or transfer your Personal Data which we collected and arranged to be in a format readable or commonly used by ways of automatic tools or equipment, and which can be used or disclosed by automated means to another organisation or directly to you in accordance with the conditions and grounds specified under the Thai PDPA. Your right in this regard will only apply to the Personal Data which you have consented to be collected, used or disclosed, or which we collect, use or disclose by relying on the necessity for performance of a contract.

Right to Object: You have the right to object to the collection, use or disclosure of your Personal Data in accordance with the conditions and grounds specified under the Thai PDPA, for example, where we rely on the legitimate interest ground to collect, use or disclose your Personal Data without your consent, unless we can demonstrate compelling legitimate grounds for the collection, use or disclosure which override your interests; or where it was done for the establishment, exercise or defence of legal claims.

Right to Lodge a Complaint: You have the right to lodge a complaint to relevant committee(s) under the Thai PDPA if we or our employees, contractors and/or data processors, fail to comply with the Thai PDPA or the announcements issued under the Thai PDPA.

5. Contact details

If you have any questions or concerns regarding this Thai PDPA Addendum or our privacy practices, please contact us using the information about us indicated in Section 10 of the Policy.

Snack Box Subscription

Experience a taste of Japan from the comfort of your home. Subscribe now to enjoy new flavours and beloved classics every month with your preferred subscription plan.
Cta Snack Image

JR EAST PASS

Unlock unlimited railway travel across Eastern Japan with our JR EAST PASS. Journey through iconic destinations at your own pace.

Cta Train Image