[Notification] System Maintenance Notice Date:
Wednesday, October 9, 2024, 6AM - 7AM (HST) / 8AM - 9AM (PST) / 4PM - 5PM (UTC)
Access to the website, including your My Page and all activity pages, will be temporarily unavailable during the times listed above. We apologize for any inconvenience and appreciate your understanding.
*Please note that the maintenance time may vary.
The Company collects personal data including address, name, birthday, contacts, e-mail address and passport number of customers and uses it. The Company will not collect Special-Care Required personal data without obtaining consent from its customers. In case where the purposes of use of personal data have not been published when the information is collected from customers, the Company will give notices of such purposes of use to the customers or make such purposes public. The Company will not collect personal data from children under 13 years old without obtaining consent from their parents and/or guardians. The Company assumes that the customers providing personal data of those who are under 13 years old bear consent from their parents and/or guardians. In case where the Company becomes aware of no such consent existing, the Company will use the personal data only for the purposes of contacting the parents and/or guardians or actions related to such purpose. The provision of the above personal data, where requested, is necessary for the adequate performance of the contract between its customers and the Company and to allow the Company to comply with the Company’s legal obligations. Without it, the Company may not be able to provide customers with all the requested services.
The Company will not provide Personal Data to third parties except for the following situations.
When the company entrusts third parties with handling of personal data of its customers within the extent required for the achievement of the purposes of use of the Company according to the provisions in the preceding paragraph, the company will take necessary and appropriate measures regarding supervision of the entrustees. When the entrustee re-entrusts its operations to another party, the Company will, directly or indirectly, supervise whether the entrustee takes necessary and appropriate measures to supervise the party. The same will be applied to further entrustment.
The Company takes systematic, technical and physical security control measures to prevent leakage, plagiarism, misuse, unauthorized access, falsification or destruction of Personal Data. The Company also limits access to the server in which it stores Personal Data only to specific employees who have ID and password, and especially for certain Personal Data, the Company minimizes the number of employees who have access rights to manage it. Additionally, the Company distributes the Personal Data which contains credit card information in several data centers, and keeps in secure environments. Furthermore, the Company introduces Secure Sockets Layer(SSL)into all its webpages related to transactions. Using SSL-capable browsers enables the maintenance of confidentiality of Personal Data and credit card information transmitted online. The employees who handle customer Personal Data use monitors with a password-secure screen saver function when they do not use the devices. The Company conducts education and training about the importance of protecting personal data every 6 months on a company-wide basis, but once a month in some departments, and does the minutes of such education.
Under the General Regulation (EU) 2016/679, of 27 April 2016, on Data Protection (GDPR), the following rights are recognized in relation to the processing of customer personal data:
Customer rights in relation to your personal data might be limited in some situations. For example, if fulfilling the customer’s request would reveal personal data about another person or if the Company has a legal requirement or a compelling legitimate ground, the Company may continue to process customers’ personal data which customers have asked the Company to delete. Customers may also have the right to make a complaint if the customers feel their personal data have been mishandled. The Company encourages customers to come to the Company in the first instance but, to the extent that this right applies to customers, customers are entitled to complain directly to the relevant Data Protection Supervisory Authority.
Customers’ personal data are processed in at the Data Controller’s registered office and at the offices of other entities to which data may be provided in order to provide the services requested of the Data Controller. Given the fact that the Company is an international travel agency, the Company also transfers customers’ personal data to: non-European Economic Area (EEA) countries offering an adequate level of data protection in accordance with the “Adequacy decisions” of the EU Commission that recognizes some countries as providing adequate protection; non-European Economic Area countries where data protection laws may be less protective than the legislation in the EEA. This happens when: The Company discloses customer data to involved companies such as operational tour organizers, travel agencies, transportation facilities, price settlement substituting traders, insurance companies etc. that might process your data outside the EEA in order to provide you with the requested services. We disclose customers’ data to social media service providers, advertisement delivery service companies that might be located in a country outside the EEA. When such a transfer happens, the Company ensures that it takes place in accordance with this privacy policy and is regulated by standard contractual clauses approved by the European Commission as ensuring adequate protection for data subjects.
The Company accommodates requests from its customers for notification of the purposes of use, disclosure, correction, addition and removal, cessation of use or erasure and suspension of provision to third parties of Personal Data (hereinafter referred as to “Disclosure etc.”) through the contact center written in 9 below. The Company also deals with the requests for modification of membership information and unsubscription from the newsletter on “My-Pages” of customers.
The VELTRA website contains external links. This privacy policy only applies to information connected through the VELTRA website. The Company does not take any responsibility for privacy policies or contents of privacy policies of other websites. The Company kindly asks its customers to read the privacy policies of each website represented by the links, and confirm how personal data of customers will be handled.
The Company uploads its privacy policy on the VELTRA website, and always makes it known to its customers which personal data the Company collects for which purposes and how it is used. The Company also announces any changes made in its privacy policy to its customers by publishing it on the VELTRA website.
If you have any questions about the Company’s privacy policy, its efforts to protect personal data, collection and use of personal data of customers or any request for Disclosure etc., please contact us using the inquiry form below. We will respond to you within 5 business days.
VELTRA Corporation
5th Floor, Nippon Life Nihonbashi Building 2-13-12 Nihonbashi, Chuo-ku, Tokyo, 103-0027 Japan
Inquiry Form
Data Protection Officer (DPO) at dpo@veltra.com.