1.0

Privacy Policy

 
TravelWallet Japan Co., Ltd. (hereinafter referred to as "the Company") recognizes the importance of personal information protection, complies with the Act on the Protection of Personal Information (hereinafter referred to as "Personal Information Protection Act"), and will strive for appropriate handling and protection in accordance with the following Privacy Policy (hereinafter referred to as "this Privacy Policy"). Unless otherwise specified in this Privacy Policy, the definition of terms in this Privacy Policy shall comply with the Personal Information Protection Act.
 

1. Definition of Personal Information

In this Privacy Policy, "Personal Information" shall mean personal information as defined in Article 2, Paragraph 1 of the Personal Information Protection Act.
 

2. Purpose of Use of Personal Information

The Company will use personal information for the following purposes:
  1. For user registration at the start of use of the Company's products/services (hereinafter referred to as "Company Services, etc.")
  1. For identity verification at the time of transactions when providing Company Services, etc.
  1. For providing Company Services, etc.
  1. For providing information and responding to inquiries regarding Company Services, etc.
  1. For distributing campaign information, providing advertisements, and conducting surveys regarding Company Services, etc.
  1. For responding to acts that violate the Company's terms, policies, etc. (hereinafter referred to as "Terms, etc.") regarding Company Services, etc.
  1. For necessary notifications regarding the operation of Company Services, etc., such as changes to the Terms, etc.
  1. For detecting, preventing, and taking other measures regarding fraudulent acts, unauthorized use, and security/technical problems
  1. For resolving disputes between users or with affiliated merchants
  1. For providing information to financial institutions or partner companies as necessary to use Company Services, etc.
  1. For contributing to the improvement of Company Services, etc., and the development of new services, products, etc.
  1. For understanding and analyzing acquired browsing history, behavior history, and usage history information, implementing improvements and feature additions to Company Services, etc., and developing and advertising new products/services tailored to interests and preferences
  1. For employment management and internal procedures (regarding personal information of officers and employees)
  1. For shareholder management and procedures under the Companies Act and other laws and regulations (regarding personal information of shareholders, etc.)
  1. For creating statistical data processed into a form that cannot identify an individual in relation to Company Services, etc.
  1. Other purposes incidental to the above purposes of use
 

3. Change of Purpose of Use of Personal Information

The Company may change the purpose of use of personal information to the extent that it is reasonably deemed to be related to the purpose of use before the change, and if changed, the Company shall notify or publicly announce the change to the individual who is the subject of the personal information (hereinafter referred to as "the person").
 

4. Restriction on Use of Personal Information

Except in cases permitted by the Personal Information Protection Act or other laws and regulations, the Company will not handle personal information beyond the scope necessary to achieve the purpose of use without the consent of the person. However, this shall not apply to the following cases:
  1. Cases based on laws and regulations
  1. Cases where it is necessary for the protection of a person's life, body, or property, and it is difficult to obtain the consent of the person
  1. Cases where it is particularly necessary for the improvement of public health or the promotion of the sound growth of children, and it is difficult to obtain the consent of the person
  1. Cases where it is necessary to cooperate with a national agency, a local public body, or a person entrusted by them in executing the affairs prescribed by laws and regulations, and obtaining the consent of the person is likely to impede the execution of the said affairs
  1. Cases where personal data is provided to an academic research institution, etc., and the academic research institution, etc. needs to handle the personal data for academic research purposes (including cases where a part of the purpose of handling the personal data is for academic research purposes, excluding cases where there is a risk of unjustly infringing on the rights and interests of individuals)
 

5. Appropriate Acquisition of Personal Information

The Company shall acquire personal information appropriately and shall not acquire it by deception or other fraudulent means.
 

6. Security Management of Personal Information

The Company shall exercise necessary and appropriate supervision over its employees to ensure the security management of personal information against risks such as loss, destruction, alteration, and leakage of personal information. Furthermore, when the Company entrusts the handling of all or part of the personal information, the Company shall exercise necessary and appropriate supervision over the consignee to ensure the security management of the personal information. The outline of the Company's security management measures is as follows:
  1. The Company complies with the Personal Information Protection Act, related laws and regulations, and applicable guidelines, and accepts questions, consultations, and complaints regarding the handling of personal data at the contact point indicated in Section 15.
  1. The Company establishes internal rules regarding the handling of personal information within the Company, and defines handling methods, responsible persons/person in charge, and their duties for each stage such as acquisition, use, storage, provision, deletion, and disposal.
  1. A responsible person for the handling of personal data is appointed, and the responsible person confirms that personal data is handled in accordance with the established handling methods. Furthermore, the Company establishes a reporting and communication system from employees to the responsible person in the event of grasping facts or risks of violating laws, regulations, or internal rules, etc. In addition, the responsible person conducts regular inspections of the personal data handling status.
  1. Necessary training is conducted for employees regarding precautions for handling personal data. Furthermore, matters concerning confidentiality of personal data are stated in the rules of employment.
  1. Measures are implemented to ensure that employees who can handle personal data and persons other than the person themselves cannot easily view the personal data. Furthermore, to prevent theft or loss of equipment, electronic media, documents, etc., that handle personal data, electronic media on which personal data is recorded or documents containing personal data are stored in lockable cabinets or archives, etc. In addition, if the information system that handles personal data is operated only with equipment, the said equipment is secured with a security wire, etc. In addition to the above, necessary measures are taken to prevent theft or loss of equipment, electronic media, documents, etc., that handle personal data, and when carrying the said equipment or electronic media, etc., including movement within the business premises, measures are implemented to ensure that personal data is not easily identifiable.
  1. The equipment that can handle personal data and the employees who handle the said equipment are clarified, and unnecessary access to personal data is prevented. A mechanism is introduced to protect equipment that handles personal data from unauthorized access or unauthorized software from external sources.
  1. When personal data is deleted, or equipment and electronic media, etc., on which personal data is recorded are disposed of, the responsible person confirms it.
 

7. Provision to Third Parties

7.1 Except in cases falling under any of the items of Section 4, the Company will not provide personal information to a third party without the prior consent of the person. However, the following cases do not fall under the provision to a third party stipulated above:
  1. When personal information is provided in connection with the Company entrusting all or part of the handling of personal information to the extent necessary to achieve the purpose of use
  1. When personal information is provided in connection with the succession of business due to merger or other reasons
  1. When joint use is carried out based on the provisions of the Personal Information Protection Act
7.2 Notwithstanding the provision of Section 7.1, except in cases falling under any of the items of Section 4, when the Company provides personal information to a third party located in a foreign country (excluding countries designated by the rules of the Personal Information Protection Commission based on Article 28 of the Personal Information Protection Act) (excluding those who have established a system conforming to the standards designated by the rules of the Personal Information Protection Commission based on Article 28 of the Personal Information Protection Act), the Company shall obtain the prior consent of the person to approve the provision to the third party located in the foreign country or take other measures based on the Personal Information Protection Act.
The Company may provide personal information to a third party located in Korea, which is the Company's parent company, only to the extent necessary for the maintenance of the systems required for the provision of Company Services, etc., and the system development for the development of new products/services. Please check here for an overview of the personal information protection system in Korea. The Company's parent company, which is the recipient, shall implement personal information protection measures in compliance with the Korean personal information protection system.
7.3 When the Company provides personal information to a third party, the Company shall create and store records in accordance with Article 29 of the Personal Information Protection Act.
7.4 When the Company receives personal information from a third party, the Company shall conduct the necessary confirmation in accordance with Article 30 of the Personal Information Protection Act, and create and store records pertaining to the said confirmation.
 

8. Personal-Related Information

  1. When the Company acquires personal-related information (as defined by the Personal Information Protection Act; the same shall apply hereinafter) from a third party and uses it as personal data, the Company shall take measures such as obtaining the person's consent in advance for the Company to acquire the said personal-related information as personal data, and shall use it within the scope of the purpose of use in Section 2.
  1. When the Company provides personal-related information to a third party and it is anticipated that the said third party will use the personal-related information as personal data, the Company shall confirm whether the said third party has obtained the person's consent in advance for the acquisition of the said personal-related information as personal data, etc.
 

9. Disclosure of Personal Information

When the Company is requested by the person to disclose their retained personal data or records of provision to a third party based on the provisions of the Personal Information Protection Act, the Company shall confirm that the request is made by the person themselves, and shall disclose it to the person without delay (if the retained personal data or records of provision to a third party do not exist, the Company shall notify the person to that effect). However, this shall not apply if the Company is not obligated to disclose under the Personal Information Protection Act or other laws and regulations.
 

10. Correction, etc., of Personal Information

When the Company is requested by the person to correct, add, or delete the content (hereinafter referred to as "Correction, etc.") of their personal information based on the provisions of the Personal Information Protection Act on the grounds that the personal information is not true, the Company shall confirm that the request is made by the person themselves, conduct the necessary investigation without delay within the scope necessary to achieve the purpose of use, carry out the Correction, etc., of the content of the personal information based on the result, and notify the person to that effect (if the Company decides not to carry out the Correction, etc., the Company shall notify the person to that effect). However, this shall not apply if the Company is not obligated to carry out the Correction, etc., under the Personal Information Protection Act or other laws and regulations.
 

11. Suspension of Use, etc., of Personal Information

When the Company is requested by the person to suspend the use or erase (hereinafter referred to as "Suspension of Use, etc.") of their personal information based on the provisions of the Personal Information Protection Act on the grounds that the person's personal information is handled beyond the scope of the pre-publicized purpose of use or has been acquired by deception or other fraudulent means, or when the Company is requested by the person to suspend the provision (hereinafter referred to as "Suspension of Provision") of their personal information based on the provisions of the Personal Information Protection Act on the grounds that the personal information is provided to a third party in violation of laws and regulations, and it is found that there are reasons for the request, the Company shall confirm that the request is made by the person themselves, carry out the Suspension of Use, etc., or Suspension of Provision of the personal information without delay, and notify the person to that effect. However, this shall not apply if the Company is not obligated to carry out the Suspension of Use, etc., or Suspension of Provision under the Personal Information Protection Act or other laws and regulations.
When the Company is requested by the person to carry out the Suspension of Use, etc., or Suspension of Provision based on the provisions of the Personal Information Protection Act on the grounds that the Company no longer needs to use the person's personal information, that a situation defined by the rules of the Personal Information Protection Commission as having a high risk of harming the rights and interests of individuals, such as leakage, loss, or damage of personal data stipulated in the Personal Information Protection Act concerning the retained personal data by which the person is identified, has occurred, or that the handling of the retained personal data by which the person is identified may harm the person's rights or legitimate interests, and it is found that there are reasons for the request, the Company shall confirm that the request is made by the person themselves, carry out the Suspension of Use, etc., or Suspension of Provision of the personal information without delay, and notify the person to that effect. However, this shall not apply if the Company is not obligated to carry out the Suspension of Use, etc., or Suspension of Provision under the Personal Information Protection Act or other laws and regulations.
 

12. Handling of Anonymously Processed Information

12.1 When the Company creates anonymously processed information (meaning those stipulated in Article 2, Paragraph 6 of the Personal Information Protection Act and limited to those constituting an anonymously processed information database, etc., stipulated in Article 16, Paragraph 6 of the said Act; the same shall apply hereinafter), the Company shall process personal information in accordance with the standards stipulated by the rules of the Personal Information Protection Commission.
12.2 When the Company creates anonymously processed information, the Company shall implement measures for security management in accordance with the standards stipulated by the rules of the Personal Information Protection Commission.
12.3 When the Company creates anonymously processed information, the Company shall publicly announce the items of information concerning individuals included in the said anonymously processed information as stipulated by the rules of the Personal Information Protection Commission.
12.4 When the Company provides anonymously processed information (including those created by the Company and those provided by a third party; the same shall apply hereinafter unless otherwise specified) to a third party, the Company shall publicly announce the items of information concerning individuals included in the anonymously processed information to be provided to the third party and the method of provision in advance as stipulated by the rules of the Personal Information Protection Commission, and shall clearly indicate to the said third party that the information pertaining to the said provision is anonymously processed information.
12.5 When handling anonymously processed information, the Company shall not (1) collate the anonymously processed information with other information, and (2) acquire the descriptions, etc., or individual identification codes deleted from the said personal information, or information concerning the processing method carried out pursuant to the provisions of Article 43, Paragraph 1 of the Personal Information Protection Act ((2) applies only to the said anonymously processed information provided by a third party) to identify the person related to the personal information used for the creation of the anonymously processed information.
12.6 The Company shall strive to implement necessary and appropriate measures for the security management of anonymously processed information, the processing of complaints regarding the creation and other handling of anonymously processed information, and other measures necessary to ensure the proper handling of anonymously processed information, and to publicly announce the content of the said measures.
 

13. Use of Cookies and Other Technologies

The Company's services may use Cookies and similar technologies. These technologies are useful for the Company to understand the usage status of the Company's services and contribute to service improvement. Users who wish to invalidate Cookies can invalidate Cookies by changing the settings of their web browser. However, if Cookies are invalidated, some functions of the Company's services may become unavailable.
 

14. Use of External Services (Google Analytics)

The Company's services may use the access analysis service "Google Analytics" and "Google Analytics Advertising Features" provided by Google to understand the user's visit status. The functions to be used are as follows:
  • Google Analytics Remarketing
  • Google Display Network Impression Reporting
  • Google Analytics Demographics and Interest Reports
Google Analytics uses Cookies to collect user information. The Company receives the analysis results from Google and understands the customer's visit status to this site. (Please refer to the Google Analytics Terms of Service for details.)
The customer information collected, recorded, and analyzed by Google Analytics does not include information that identifies a specific individual. Furthermore, such information is managed by Google in accordance with its Privacy Policy.
In addition, the Company and third-party distributors including Google combine first-party Cookies (such as Google Analytics Cookies) or other first-party IDs with third-party Cookies or other third-party IDs to analyze the attributes, interests, and preferences of users visiting the Company's services.
It is also possible to stop the collection of customer information by the Company's use of Google Analytics by disabling Google Analytics in the browser's add-on settings. For settings, please use the Google Opt-out Add-on download page.
 

15. Contact Information

For requests for disclosure, opinions, questions, complaints, and other inquiries regarding the handling of personal information, please contact the following window by phone or Email.
〒103-0026
6-5 Nihonbashi Kabutocho, Chuo-ku, Tokyo
Travel Wallet Japan Co., Ltd. (Representatives: Kim Hyung-woo, Yuta Ueda)
Phone Number : 03-6820-9572
E-mail : OO
(The reception hours are from 10:00 am to OOpm on weekdays.)
 

16. Continuous Improvement

The Company shall appropriately review the operational status regarding the handling of personal information, strive for continuous improvement, and may change this Privacy Policy as necessary.
1.0
1.0