Besides “Tokaido Sanyo Kyushu Shinkansen Internet Reservation Service Privacy Policy”, this Privacy Policy sets forth the policies which will be applied to the processing of Personal Data of data subjects in the European Economic Area (“EEA”) and the UK in accordance with both the General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”) and domestic law in the UK which will be enforced by adding necessary amendments to the EU GDPR, so that the same contents under the EU GDPR, which were previously enforceable in the UK as part of EU law prior to its departure from the EU, will apply to the UK post-Brexit (“UK GDPR”). In the event of the provisions resulting in a conflict between “Tokaido Sanyo Kyushu Shinkansen Internet Reservation Services Privacy Policy” and this Privacy Policy, this Privacy Policy will prevail.
In this Privacy Policy, “Personal Data” means any data relating to an identified or identifiable natural person. We may collect and process Personal Data, such as membership IDs, names, dates of birth, email addresses, credit card expiration dates, IC card numbers (for transportation systems), IP addresses, cookie information, smartphone terminal IDs, transaction histories, voice recordings, opinions, questions, inquiries, and the like which concern the use of the service and which are collected through the communication between you and us by phone, email, or other forms of communication.
If you purchase train tickets for a companion travelling with you, you will be asked to enter information about the companion. We may obtain your companion's Personal Data when you enter information about him or her. This Personal Data may include your companion's transport IC card number.
(1)Purposes of use of Personal Data
a)We collect, process, and provide your Personal Data in order to achieve the purposes set forth below.
·For transactions with you concerning or for the provision of train tickets, travel-related products, and other services related thereto and the like;
·For the purposes of conducting investigations necessary to respond to requests made by you and analyzing and preparing statistics on trends related to our customers; and
·For sales analysis and product development.
b)We collect, process, and provide your Personal Data in order to achieve the purposes set forth below only if we obtain your explicit consent separately;
·For the delivery of advertising and other items and printed materials, as a way of advertising our business, by the Internet or via any other means.
(2)Legal Grounds for handling Personal Data
We may handle Personal Data based on the following legal grounds:
·To perform your instructions or fulfill the obligations under other contracts with you;
·Your consent expressly given to us to handle the Personal Data in such manner. You may withdraw your consent to this handling at any time. However, this will not affect the lawfulness of any handling activity carried out by us prior to such withdrawal of consent.
·To comply with legal and regulatory obligations; and
·Legitimate interests or those of any third-party recipients of the Personal Data, provided that such interests are not overridden by your interests or fundamental rights and freedoms (e.g. provision of goods and services, investigation and analysis, and product development) For further details regarding legitimate interests, please contact us using the contact information indicated below in Section 4.
(3)Additional processing
In the case of processing Personal Data for purposes other than the foregoing, we will notify you in advance of such purposes of use and other matters as required by applicable laws.
(4)Necessity of providing Personal Data
The Personal Data that you provide is necessary in order for us to provide our services to you. Therefore, without such Personal Data, there may be cases where we will not be able to provide the services to you, either in whole or in part.
(5)Retention period
We will retain your Personal Data for the following periods.
·Membership information: 190 days after withdrawal from membership.
·Usage history information: 2 years and 1 month
·Emergency Report: 8 years and 3 months.
·Certificate of receipt: 8 years and 3 months
Other than as indicated above, we will retain your Personal Data as long as such data is necessary to provide the services to you, but we will promptly delete the same in the case that such data is no longer needed.
(6)Transfer of Personal Data
We may provide your Personal Data to third parties, such as our subsidiaries and affiliates, cloud vendors, outside contractors, and other professionals (including tax firms and law firms), etc., and your Personal Data will be processed by such third parties in order to carry out the purposes of use specified above.
The Personal Data may be transferred to entities in countries or jurisdictions outside the EEA and UK, such as Japan, if required for the purposes as described above. Please note that such countries or jurisdictions may not have the same data protection laws as the EEA and UK and that they may not afford many of the rights conferred to you in the EEA and UK. Unless the recipient destination has been subject to a finding by the European Commission or has been designated by the government of the UK as ensuring an adequate level of protection for the rights and freedoms that you possess in respect of your personal data, we will ensure that any such international transfers are made subject to appropriate and suitable safeguards such as the inclusion of standard data protection clauses as required by the EU GDPR, UK GDPR, or other relevant laws. When doing so, we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your Personal Data.
You may obtain more details of the protection given to your personal data when it is transferred outside the EEA or UK (including a copy of the standard data protection clauses which we have included in the agreements we have entered into with recipients of your personal data) by contacting us in accordance with the information indicated below in Section 4.
You may submit a request to us for access to, correction or deletion of, or restriction of the processing of your Personal Data, and may submit a request for data portability in regard to your Personal Data retained by us. Furthermore, you may object to our processing of your personal data by contacting us. When we receive such a request based on the rights specified above, we will conduct any necessary investigation without undue delay and provide you or a nominated third party with the Personal Data or respond to such requests without undue delay.
Please note that you may raise an objection to the data protection authorities having jurisdiction over us or the location of your domicile with regard to the processing of your Personal Data.
If you have any questions or concerns in regard to this Privacy Policy or our processing of Personal Data, or any requests concerning your rights, please contact us via the following contact information after confirming Section 6(2) of the Global Privacy Policy:
Tokaido Sanyo Kyushu Shinkansen Internet Reservation Service Customer Center
JR Central Shinagawa Building A
2-1-85 Konan, Minato-ku, Tokyo 108-8204
Email Address: privacy@jr-central.co.jp
Phone Number (Not toll-free): +81-(0) 03-6632-5130 (English only)
Representative
The contact information for our representative is as follows:
EEA representative
DP-Dock GmbH
Smart EX
Ballindamm 39
20095 Hamburg, Germany
Email Address: smart-ex@gdpr-rep.com
UK representative
DP Data Protection Services UK Ltd.
Smart EX
16 Great Queen Street, Covent Garden,
London, WC2B 5AH, United Kingdom
Email Address: smart-ex@gdpr-rep.com
We may change the contents of this Privacy Policy when necessary, and we will announce the revised Privacy Policy on our website when a revision is made. Please make sure to regularly check the contents of this Privacy Policy.
Effective date: June 25, 2022
Back