The company recognizes that the personal information, pseudonymized information and anonymized information (hereinafter referred to collectively as “personal information”) and personal numbers and specific personal information (hereinafter referred to collectively as “specific personal information”) of customers are important assets and considers the protection thereof to be our social responsibility. In order to ensure the proper handling of personal information and specific personal information, the company has established the following Basic Policy for the Protection of Personal Information and Specific Personal Information.
1. Purpose of Basic Policy for the Protection of Personal Information and Specific Personal Information
The company will appropriately protect the personal information and specific personal information of customers in order to gain the ongoing trust of customers.
2. Basic Policy for the Protection of Personal Information and Specific Personal Information
- (1) Acquisition of personal information and specific personal information The company will acquire personal information and specific personal information by lawful and fair means.
- (2) Use of personal Information and specific personal Information The Company clearly specifies the purpose of the use of personal information and use such personal information legally and legitimately in accordance with the purpose. Further, specific personal information will be used only to the extent stipulated by law.
- (3) Provision of personal information and specific personal information to third parties Except where stipulated by law, the company will not provide personal information to third parties without obtaining the prior consent of customers. Furthermore, except where stipulated by law, the company will not provide specific personal information to third parties.
- (4) Outsourcing of operations with respect to the use of personal information The Company may outsource certain operations such as the dispatch of notices to customers, implementation of campaigns and analysis of customer trends to third parties. In this case, the Company will supervise contractors according to the Act on the Protection of Personal Information.
- (5) Use of pseudonymized information For the purpose of studying and developing new products and new services, the Company may use pseudonymized information processed in such a way that customers are not identified without checking other information. In this case, it will handle such information properly by complying with related laws, regulations and guidelines.
- (6) Compliance with related laws and guidelines When handling personal information and specific personal information, the company will comply with the Act on the Protection of Personal Information, the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures, the Guidelines on the Act on the Protection of Personal Information (General Rules), the Guidelines on the Appropriate Handling of Specific Personal Information (Business Operators), and other related laws and guidelines.
- (7) Matters concerning security management measures The Company has established in-house regulations to prevent leakage, loss or damage of personal information and specific personal information as well as to ensure appropriate management of personal information and specific personal information and will take necessary and appropriate security management measures.
- (8) Continuous improvement The company strives to continuously improve the handling of personal information and specific personal information.
3. Handling of personal data of customers located in the European Economic Area (hereinafter referred to as "EEA")
- (1) Purpose The purpose of the company's handling of personal data is that stated in paragraph 2 of the Matters to be Disclosed Under the Act on the Protection of Personal Information below.
(2) Legal basis for handling of personal data
The legal basis for handling of personal data is as follows.
- When the consent of the customer has been obtained
- When it is required to fulfil a contract with the customer or to implement procedures at the request of the customer prior to concluding a contract
- When it is required in order for the company to comply with its legal obligations
- When it is required for legitimate benefit sought by the company or a third party
- (3) Withdrawal of consent Customers may withdraw the consent referred to in the preceding item at any time.
- (4) Data transfer outside the EEA region The company may transfer personal data to third countries outside the EEA, in which case it will take appropriate and necessary protection measures.
- (5) Personal data storage period The company will retain personal data within the period necessary to achieve the purpose of item 1 and will delete the said data promptly when it is no longer needed.
- (6) Appeal to supervisory authority Customers can file an objection to the handling of personal data by the company.
- (7) If personal data is not provided If personal data is not provided, customers may be unable to use the company’s services in whole or in part.
[Point of contact for the handling of personal information and specific personal information]Please direct comments or inquiries regarding the company's handling of personal information and specific personal information to the following:
■Tobu Railway Co., Ltd. Customer Personal Information Service CenterOshiage 2-18-12, Sumida-ku, Tokyo, Japan 131-8522 (Postal address）
Oshiage 1-1-2, Sumida-ku, Tokyo
Tobu Railway Co., Ltd.
Yoshizumi Nezu, President and Representative Director
Matters to Be Disclosed Under the Act on the Protection of Personal Information
Regarding the personal information held by the company, the following matters will be disclosed under the Act on the Protection of Personal Information (hereinafter referred to as “the Act”).
1. Matters concerning the purpose of use when acquiring personal information
When the company obtains personal information directly from customers in writing (including records created in electromagnetic form), it will expressly state the purpose of use each time.
When personal information is otherwise acquired directly or indirectly, the purpose of use will be notified or announced when it is acquired, except in cases where the purpose of use has been announced on the company’s website beforehand.
2. Matters concerning purpose of use of retained personal data
（1）The purpose of use of data retained by the company is as follows:
- To provide products and services as well as to communicate, provide information, and provide after-sales service in respect of the said products and services
- To investigate the usage status of products and services, and to study and develop new products and services
- To conduct surveys, hold events, offer prizes, mount campaigns, and recruit and manage testers, as well as to communicate, provide information, ship products, and deal with other associated matters
- To conduct market research, customer trend analysis, business analysis, etc.
- To accept and respond to inquiries, feedback, etc.
- To contact the customer when their belonging is found or in an emergency
- To use for shareholder affairs such as convening a general meeting of shareholders or payment of dividends
- To fulfil the company’s obligations, exercise its rights, and deal with other attendant measures
- Matters incidental to each purpose stated above
（2）The Company will analyze and use the browsing and purchase histories acquired and apply the results for the following purposes.
Providing information on the Company's new products and services that respond to customers' interests and tastes
3. Matters Regarding Procedures for Responding to Requests for Disclosure, etc. of Retained Personal Information.
The Company has the following procedures in place to respond to requests regarding notices on the purpose of use, namely, the disclosure/correction and termination of use, etc. of retained personal data (hereinafter "disclosure, etc.") or those regarding the disclosure of records on the provision of personal data to third parties. When the Company receives requests for disclosure, etc. of owned personal data from the relevant persons or their proxies, it will respond to those requests through such procedures within the scope that is reasonable and necessary.