Privacy Policy Regarding Japan Rail PassLast Updated: [06/01/2020]

1. About This Privacy Policy

Japan Rail Pass is a ticket for travelling throughout Japan by rail, jointly offered by the six railway companies comprising the Japan Railways Group (the“ Six JR Companies”, “we”, “us” or “our”). We are committed to respecting personal data and protecting the privacy of all individuals who use this website. This Privacy Policy explains how we jointly or individually collect, use, disclose, and protect data that you provide on this website.

We will process your personal data in compliance with applicable data protection laws and any laws that replace them in the future (including the European Union’s General Data Protection Regulation, Regulation (EU) 2016/679).

Some categories of the processing of personal data may be subject to more specific policies. In such cases, such specific policies shall supersede this Privacy Policy to the extent that the clauses set forth in such specific policies contradict the clauses set forth in this Privacy Policy.

This website may contain links to and from third-party websites. These third-party websites and any services that may be accessible through them have their own privacy policies. We are not responsible for these third-parties’ privacy practices. We encourage you to be aware of this when you leave this website and to read the privacy policies applicable to these third-party websites.

2. Definitions

In this Privacy Policy:

  • (a)your “personal data” means any information relating to an identified or identifiable natural person (‘data subject’). It may include contact details, other personal information, photographs, and expressions of opinion about you, etc.;
  • (b)our “affiliates” include our subsidiaries;
  • (c)“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • (d)‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data;
  • (e)‘joint controllers’ are two or more controllers jointly determining the purposes and means of processing.

3. Information about Us

The issuance of a Japan Rail Pass is administered and operated jointly by the six railway companies comprising the Japan Railways Group, which are listed below.

  • (1) Hokkaido Railway Company
     Address: 1-1, Kita 11-jo Nishi 15-chome, Chuo-ku, Sapporo, Hokkaido, Japan
  • (2) East Japan Railway Company
     Address: 2-2-2 Yoyogi, Shibuya-ku, Tokyo, Japan
  • (3) Central Japan Railway Company
     Address: JR Central Towers, 1-1-4, Meieki, Nakamura-ku, Nagoya, Aichi, Japan
  • (4) West Japan Railway Company
     Address: 4-24, Shibata 2-chome, Kita-ku, Osaka, Japan
  • (5) Shikoku Railway Company
     Address: 8-33 Hamano-cho, Takamatsu City, Kagawa, Japan
  • (6) Kyushu Railway Company
     Address: 3-25-21 Hakata-ekimae, Hakata-ku, Fukuoka, Japan

For the purpose of data protection laws, these six railway companies are joint controllers in respect of your personal data. This means that we are all responsible to you for processing your personal data. We have put in place an arrangement clarifying our respective tasks, duties and responsibilities to comply with data protection laws. If you wish to know more about this arrangement, please contact us using the contact information indicated below in Section 12.

4. How We Collect Your Personal Data

We will jointly or individually collect and process the following personal data about you:

  • (a)Information you give us.
    This includes information about you that you give us by applying for a Japan Rail Pass using this website, or by communicating with us, whether by e-mail, letter or otherwise. The information you give us is likely to include your name, address, e-mail address, phone number, gender, nationality, credit card information, and passport number.
  • (b)Information we collect about you.
    When you visit this website, it automatically collects certain types of data related to you (“access data”). These types of data include access logs, web beacons (also known as pixels), cookies, etc. These types of data may remain in your computer and continue to collect data. For more information about how we use your access data and the respective legal bases,please see our Policy regarding the Use of Access Data.
  • (c)Information we obtain from other sources.
    When purchasing a Japan Rail Pass online, the purchaser shall enter information about the person who the purchaser is travelling with. We may obtain your personal data when the purchaser enters information about you who the purchaser is travelling with. This information includes your name and passport information.

5. Legal basis and Purpose of Processing Personal Data

We will process your personal data on the following legal bases.

  • (a)Contract.
    This is where we need to process your personal data to perform the contract we enter into with you.
  • (b)Legal Obligation.
    This is where we need to comply with a legal obligation.
  • (c)Legitimate Interests.
    This is where the processing of your personal data is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests.
  • (d)Your Vital Interests; Public Interest.
    Less commonly, we may process your personal data where it is necessary to protect your vital interests (or someone else's vital interests), or to perform a task carried out in the public interest.
  • (e)Consent.
    This is where you have given consent for us to process your personal data. However, even if we obtain consent from you, we may process your personal data based on other legal grounds. The withdrawal of your consent (please see Section 9(g) of this Privacy Policy below) shall not affect the lawfulness of processing performed based on the consent before your withdrawal.

We use the personal data that we hold about you for the following purposes. We will only use your personal data to the extent that it is necessary to do so to fulfil the purposes described below.

  • (a) To allow you to apply for and purchase a Japan Rail Pass and/or other related services and products offered on this website (based on contract or legitimate interests);
  • (b) To allow you to track the products and services purchased (based on contract);
  • (c) To provide you with after-sales services such as responding to your inquiries or claims during your travel (based on contract or legitimate interests);
  • (d) To communicate with you, including to deal with your questions, messages or requests, and to manage your complaints (based on contract or legitimate interests);
  • (e) To check the validity of your ticket and reservation (based on contract or legitimate interests);
  • (f) To deliver confirmation e-mails when you register your membership, purchase your tickets, change purchased contents, request a refund, etc. (based on contract);
  • (g) To provide you with information about your trip (information about whether the trains are operating normally, notifications when the operation is disrupted, etc.) via e-mail or website (based on contract or legitimate interests);
  • (h) To make a refund to you when applicable (based on contract)
  • (i) To improve this website, and our products and services (including the Japan Rail Pass) (see our Policy Regarding the Use of Access Data);
  • (j) To conduct market research and analysis using aggregated data (based on legitimate interests);
  • (k) To analyse data obtained on the website, including frequency of visits, and establish sales and sales activity reports using aggregated data (see our Policy Regarding the Use of Access Data );
  • (l) To gather and maintain evidence for possible legal dispute (based on legitimate interests);
  • (m) To prevent abuse and fraud (based on legitimate interests);
  • (n) To prevent crime and violence, including terrorist offences and other serious crimes (based on legitimate interests);
  • (o) To comply with laws and regulations applicable to us (based on legal obligation);
  • (p) To cooperate with relevant governmental authorities and agencies, including competent data protection authorities and those that are engaged in administrative or criminal investigations (based on contract, legal obligation or legitimate interests).

6. Disclosure of Personal Data to Recipients

We may share your personal data with the following categories of recipients. We require any third party receiving your personal data to process it pursuant to contractual terms which require that the information is kept secure, is processed in accordance with applicable data protection laws, and is used only as we have instructed and not for the third party’s own purposes.

  • (a)The Six JR Companies.
    Your personal data may be disclosed to and shared among us (including our employees having authority to process your personal data). Your personal data may also be disclosed to and shared by our affiliates (including their employees having authority to process the relevant personal data).

    Data Sharing under Japanese Law

    In accordance with Japanese law, we may share personal information among us and our affiliates in the framework of data sharing under the Act on Protection of Personal Information, the details of which are specified as follows.

    Entity With Which Personal Information Is Shared Hokkaido Railway Company

    East Japan Railway Company

    Central Japan Railway Company

    West Japan Railway Company

    Shikoku Railway Company

    Kyushu Railway Company
    Purpose of Sharing
    • • Providing products and services relating to the online sale of the Japan Rail Pass;
    • • Communicating with users, including to deal with questions, messages or requests made by users, and to manage complaints submitted by users;
    • • Checking the validity of tickets and reservations;
    • • Providing information about train operations, etc.;
    • • Making a refund to users where applicable;
    • • Maintaining the regularity of train operations;
    • • Maintaining safety on board, and safety in the buildings and facilities that we manage;
    • • Improving this website, and our products and services (including the Japan Rail Pass);
    • • Conducting market research and analysis;
    • • Analysing data obtained on the website, including frequency of visits, and establishing sales and sales activity reports and marketing profiles;
    • • Gathering and maintaining evidence for possible legal disputes;
    • • Preventing abuse and fraud;
    • • Preventing crime and violence, including terrorist offences and other serious crimes;
    • • Complying with laws and regulations applicable to us;
    • • Cooperating with relevant governmental authorities and agencies, including competent data protection authorities and those that are engaged in administrative or criminal investigations.
    Personal Information To Be Shared name, address, e-mail address, phone number, gender, nationality, credit card information, passport information, and access data
    Party Responsible for Management of Personal Information Hokkaido Railway Company

    East Japan Railway Company

    Central Japan Railway Company

    West Japan Railway Company

    Shikoku Railway Company

    Kyushu Railway Company

    The above six railway companies are joint controllers in respect of your personal data, and are jointly responsible to you for processing your personal data.
  • (b)Travel Agencies.
    For outsourcing of the Japan Rail Pass ticketing service and the handling service for your inquiries, your personal data may be disclosed to and shared by travel agencies that we contract with jointly or individually. These travel agencies may include major Japanese travel agencies.

  • (c)Other Service Providers.
    These service providers include internet service providers and service providers in the information technology industry, in addition to credit card companies, and settlement agencies when using credit card settlement.

7. Transfers of personal data outside the European Economic Area

The personal data that we hold about you may be transferred to, and stored by, a third party outside the EEA.

Where we transfer your personal data to a third party outside the EEA, we will ensure that :

  • (a) the recipient destination has been subject to a finding from the European Commission that it ensures an adequate level of protection for the rights and freedoms that you possess in respect of your personal data;
  • or
  • (b) the recipient enters into standard data protection clauses with us that have been approved by the European Commission.

You can obtain more details of the protection given to your personal data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us in accordance with the information indicated below in Section 12.

8. Storage limit of personal data

We will retain the personal data that we collect about you for a period necessary to process personal data, for a term not exceeding 100 days, except to the extent that we are required by law to retain it for a longer period of time in which case, we will retain it for the period required by law. In addition, we will retain a pseudonymised version of the personal data, from which it is impossible to identify a specific person without the addition of a certain specific information, for three years.

9. Your rights

You have a number of legal rights in relation to the personal data that we hold about you. These rights may vary depending on where you are located and which data protection laws will apply to the relationship between you and us, but would typically include:

  • (a) the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
  • (b) the right to request that we rectify your personal data if it is inaccurate or incomplete;
  • (c) the right to request that we erase your personal data in certain circumstances. This may include (but is not limited to) circumstances in which:
    • (i) it is no longer necessary for us to retain your personal data for the purposes for which we collected it;
    • (ii) we are only entitled to process your personal data with your consent, and you withdraw your consent; or
    • (iii) you object to our processing of your personal data for our legitimate interests, and our legitimate interests do not override your own interests, rights and freedoms;
  • (d) the right to request that we restrict our processing of your personal data in certain circumstances. This may include (but is not limited to) circumstances in which:
    • (i) you dispute the accuracy of your personal data (but only for the period of time necessary for us to verify its accuracy);
    • (ii) we no longer need to use the personal data except for the establishment, exercise or defence of legal claims; or
    • (iii) you object to our processing your personal data for our legitimate interests (but only for the period of time necessary for us to assess whether our legitimate interests override your own interests, rights and freedoms);
  • (e) the right to object to us about our processing of your personal data.
  • (f) the right to receive any personal data which we process about you on the basis of your consent or on a contract (as opposed to any other legal ground) and where the processing is carried out by automated means in a structured, commonly used and machine-readable format and/or request that we transmit that data to a recipient where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
  • (g) the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we can rely on another legal ground for doing so.

You can exercise your rights by contacting us using the information about us indicated below in Section 12. You can also lodge a complaint with the data protection regulator if you think that any of your rights have been infringed by us.

10. Children’s Privacy

When you who the purchaser is travelling with are under the age of 16 and when we process personal data based on consent as the legal ground for that, we may collect his or her personal data on the basis of consent given by the holder of parental responsibility over the minor. If you who the purchaser is travelling with are under 16, and you intend to send us your personal data, please make sure that your parent has consented to your action. If we learn that we have collected information from a child under the age of 16 without a lawful basis, we will promptly take all reasonable steps to delete the data from our system.

11. Changes to This Privacy Policy

We may modify this Privacy Policy from time to time and will post the updated Privacy Policy with a “Last Updated” effective date of the revisions. We recommend that you review this Privacy Policy periodically. If we make a material change to this Privacy Policy, you will be provided with appropriate notice such as it being posted on a website.

12. Contacts

If you have any questions about this Privacy Policy, your rights, or any other issues regarding the protection of your personal information, you can reach us using the contact information below.

JAPAN RAIL PASS Reservation Support Center
E-mail Address: jrpreservation@tabiorder.jp

You can also contact our EU representative using the contact information below.

EU Representative
Address: DP-Dock GmbH Japan Rail Pass Ballindamm 39 20095 Hamburg Germany
E-mail Address: japan-rail-pass@gdpr-rep.com

revision history

  • 06/01/2020create a new entry
Loading...

Current time in Japan (UTC + 9:00)

(MM/DD/YYYY HH:MM)