Central Japan Railway Company
West Japan Railway Company
Kyushu Railway Company
This Tokaido Sanyo Kyushu Shinkansen Internet Reservation Service Privacy Policy (hereinafter referred to as this “Privacy Policy”) stipulates the terms and conditions concerning the use of the Tokaido Sanyo Kyushu Shinkansen Internet Reservation Service (hereinafter referred to as the “Service”), which Central Japan Railway Company (hereinafter referred to as “JR Central”), West Japan Railway Company (hereinafter referred to as “JR West”), and Kyushu Railway Company (hereinafter referred to as “JR Kyushu”; JR Central, JR West and JR Kyushu are sometimes referred to herein individually as a “Party” and collectively as the “Parties”) provide to customers.
The Parties acquire the following personal information of customers through proper and fair means:
(1) A customer’s name, date of birth, phone number, e-mail address, credit card expiration date and information related to public transport IC card, as well as changes to such information (excluding credit card number);
(2) A history of past purchases of train tickets and travel-related products as well as services related thereto collected by the Parties from transactions with a customer;
(3) Information on the Internet use environment, and device information, such as Cookies, collected by the Parties from transactions with a customer; and
(4) Opinions, questions, inquiries and the like which concern the use of the Service and which are made by a customer by phone or e-mail.
(1) The Parties collect, use and keep personal information of customers for the following purposes:
(i) For transactions with customers concerning, or for provision to customers of, train tickets, travel-related products and other services related thereto and the like;
(ii) For delivery of service information by the Internet or any other means;
(iii) For sales analysis and product development; and
(iv) For the purposes of conducting investigations necessary to respond to requests made by customers and analysing and preparing statistics on member trends.
(2) In the event that the Parties outsource to another company the collection of personal information and any actions that fall under any of the purposes of use set forth herein, the Parties shall, to the extent necessary for such company to conduct such outsourced actions, entrust to the company the personal information set forth in Section 1 after having taken the measures to protect the personal information.
Customers agree to the shared use of personal information as follows. The Parties shall be responsible for the shared use, and the Tokaido Sanyo Kyushu Shinkansen Internet Reservation Service Customer Center, as stipulated in Section 7, shall be the point of contact for inquiries concerning this matter.
(1) Personal information subject to shared use
(i) A customer’s name, date of birth, phone number, e-mail address, credit card expiration date and information related to public transport IC card, as well as changes to such information (excluding credit card number);
(ii) A history of past purchases of train tickets and travel-related products as well as services related thereto collected by the Parties from transactions with a customer;
(iii) Information on the Internet use environment, and device information, such as Cookies, collected by the Parties from transactions with a customer; and
(iv) Opinions, questions, inquiries and the like which concern the use of the Service and which are made by a customer by phone or e-mail.
(2) Shared users
The users engaged in the shared use shall be the Parties and their consolidated subsidiaries as indicated in the annual securities reports of the respective Parties.
(3) Purposes of use
(i)For transactions with customers concerning, or for provision to customers of, train tickets, travel-related products and other services related thereto and the like;
(ii) For delivery of service information by the Internet or any other means;
(iii) For sales analysis and product development; and
(iv) For the purposes of conducting investigations necessary to respond to requests made by customers and analysing and preparing statistics on member trends.
(4) Addresses of the parties responsible for the shared use, and the names of their representatives
(i)JR Central: https://global.jr-central.co.jp/en/privacy/making-public.html
(ii) JR West: https://www.westjr.co.jp/global/en/privacy/
(iii) JR Kyushu: https://www.jrkyushu.co.jp/company/info/outline/ (Japanese)
The personal information acquired from customers shall be managed properly by the Parties, and shall not be disclosed or provided to a third party except in any of the following cases:
(1) Cases in which the consent of the principal is obtained;
(2) Cases in which the disclosure or provision of personal information is based on laws and regulations of Japan;
(3) Cases in which the disclosure or provision of personal information is necessary for the protection of the life, body or property of an individual, and when it is difficult to obtain the consent of the principal;
(4) Cases in which the disclosure or provision of personal information is particularly necessary for improving public health or promoting the sound growth of children, and when it is difficult to obtain the consent of the principal;
(5) Cases in which the disclosure or provision of personal information is necessary for cooperating with a Japanese state organ, a Japanese local government or an individual or a business operator entrusted by either of the former two in executing the affairs prescribed by laws and regulations of Japan, and obtaining the consent of the principal is likely to impede the execution of the affairs concerned; or
(6) Cases in which the disclosure or provision of personal information is necessary for cooperating with the issuers of customers’ credit cards, and with the credit card payment agents used by the Parties for smart EX payments, in order for credit card issuers to detect and prevent any unauthorized use of credit cards.
The Parties use the “retained personal data” for the following purposes:
(1) For transactions with customers concerning, or for provision to customers of, train tickets, travel- related products and other services related thereto and the like;
(2) For delivery of service information by the Internet or any other means;
(3) For sales analysis and product development; and
(4) For the purposes of conducting investigations necessary to respond to requests made by customers and analysing and preparing statistics on member trends.
The Parties will respond to any request or claim by the principal or his or her representative for the notification of the purposes of use, disclosure, discontinuation of use, removal, discontinuation of provision to a third party, of retained personal data, or the correction, addition or deletion of any item of retained personal data (hereinafter referred to as a “Request for Disclosure, Etc.”) pursuant to the Act on the Protection of Personal Information of Japan (hereinafter referred to as the “Personal Information Protection Act”).
(1) Items that are subject to a Request for Disclosure, Etc. (Information that assists in identifying “retained personal data”)
(i) A customer’s name, date of birth, phone number, e-mail address, credit card expiration date and information related to public transport IC card, as well as changes to such information (excluding credit card number);
(ii) Information collected by the Parties from transactions with a customer, such as a history of past purchases of train tickets and travel-related products as well as services related thereto; and
(iii) Information on the Internet use environment, and device information, such as Cookies, collected by the Parties from transactions with a customer.
(2)Where and how to send Requests for Disclosure, Etc.
A Request for Disclosure, Etc. is accepted when submitted by e-mail. Please download the application form [A] below, fill in all the designated information, and send the form to Tokaido Sanyo Kyushu Shinkansen Internet Reservation Service Customer Center by e-mail (privacy@jr-central.co.jp), together with the image data of an identification document [B] (in JPG, PNG, or PDF file format). Responses will be provided by sending a file to the applicant’s e-mail address used for the request.
[A] Application forms designated by the Parties
• Application form for notification of purposes of use, or disclosure, of retained personal data
• Application form for correction, etc. of retained personal data
• Application form for discontinuation of use, etc. of retained personal data
[B] Identification documents
•One of the following: Passport or driver’s license
(Note)
Please note that, with respect to requests for the correction, addition, or deletion of retained personal data that falls under any of the information indicated in the above (1)(i), the customer is requested to change or correct the information on the member information amendment page that appears after the customer logs in to his or her Service.
(3)Request for Disclosure, Etc. by a representative
If the person making a Request for Disclosure, Etc. is a statutory representative for the principal, a minor or an adult ward, or a representative to whom the principal has entrusted the Request for Disclosure, Etc., please send the form [A] and document [B] of Section 6 (2) above for the principal by e-mail, together with the image data of the documents below (in JPG, PNG, or PDF file format).
[C] The representative’s identification document (same as [B] of Section 6 (2))
[D] Power of attorney or any other equivalent document (A power of attorney or any other document to prove the authority to act as a representative concerning the Request for Disclosure, Etc.)
(4)“Purposes of use” of the personal information acquired in connection with the Request for Disclosure, Etc.
The personal information and the like that has been acquired in connection with the Request for Disclosure, Etc. shall be handled only within the scope required for the Request for Disclosure, Etc., except for when such personal information and the like is returned at the discretion of any of the Parties. The documents that have been submitted will be kept for two years after completion of the response to the Request for Disclosure, Etc. before they are discarded.
(Guidance) Reasons for refusal to disclose retained personal data
Disclosure of retained personal data shall be refused in the following cases. If a decision to refuse disclosure is made, a notification to that effect will be sent along with the reason for the refusal.
• If the principal cannot be identified due to, among other reasons, any inconsistency between the information indicated on the application form, the information indicated on the identification document and the content of retained personal data
• If the authority of representative cannot be confirmed when an application form is sent by a representative
• If any of the designated application documents is insufficient
• If the target of the Request for Disclosure, Etc. does not fall under retained personal data
• If there is a risk of harming the life, body or property, or any of the rights and interests of the principal or of a third party
• If there is a risk of significantly impeding the proper execution of the Parties’ businesses
• If any provision of any laws and regulations of Japan other than the Personal Information Protection Act requires that all or part of such retained personal data capable of identifying the principal be disclosed to the principal by a method equivalent to the method prescribed in the main clause of Article 33, paragraph 2 of the Personal Information Protection Act.
• If disclosure will constitute a violation of any other laws or regulations of Japan.
Please contact the Customer Center below with complaints concerning the handling of personal information by the Parties.
○ For contact by phone
○ For contact via the Internet or by mail
Where an inquiry is made via the Internet or by mail using a Party’s contact point, we are unable to respond to inquiries concerning individual personal information. Please note that we may respond by a phone call or by other means.
○ Visit to a Party’s place of business
Please note that personal visits to a Party’s place of business in relation to complaints cannot be accepted.
The measures that the Parties take to securely manage the retained personal data acquired from customers, etc. are as follows:
(1) Formulation of a basic policy:
• Formulate this “Privacy Policy” as a basic policy for compliance, etc. with the relevant laws and regulations, and guidelines to secure the proper handling of personal information;
(2) Development of personal data handling rules:
• Formulate internal rules and manuals for the handling method, managers and responsible persons, and their duties, etc. for the respective stages of acquisition, use, storage, provision, deletion, destruction, etc.;
(3) Organizational measures for secure management:
• Appoint a manager responsible for the handling of personal data; clearly define the employees who handle personal data, and the scope of personal data handled by those employees; and develop a system to report to the manager when any leakage, etc., or violation of internal rules occurs or is found to be likely to occur; and
• Conduct internal audits to ensure that personal data are handled in compliance with the relevant laws and regulations, guidelines and internal rules;
(4) Measures for secure management by human resources:
• Provide employees with regular training for consideration in handling personal data;
(5) Physical measures for secure management:
• Manage employees’ entries in and exits from the areas where personal data are handled, and restrict the devices, etc. used in those areas; and take measures to prevent unauthorized persons from accessing personal data; and
• Take measures to prevent theft, loss, etc. of devices, electronic media, documents, etc., with, on or in which personal data are handled; and take measures to protect the confidentiality of personal data to ensure that they are not easily identified when carrying such devices, electronic media, etc., including moving within the Company premises;
(6) Technical measures for secure management:
• Control access and restrict the scope of responsible persons, and the personal information databases, etc. handled by those persons; and
• Implement a mechanism to protect the information systems used to handle personal data against unauthorized access by outsiders, or unauthorized software; and
(7) Understanding the external environment:
• When handling personal data in a foreign country, implement measures for secure management by understanding the personal information protection system in the foreign country.
The Parties shall make efforts to review, as necessary, the condition of operations concerning the handling of customers’ personal information, as well as to make continuous improvements. The Parties may change this Privacy Policy at any time as needed.
Revision Date: June 25, 2022
(Note) Please download [A] Application forms prescribed by the Parties and [D] Power of attorney or any other equivalent document from the website.
Back