Privacy Policy

THE TOKYO PASS Privacy Policy

THE TOKYO PASS Secretariat (hereinafter referred to as the “Secretariat”) is announcing the following regarding the collection and processing of (personal) data from both visitors to our Website (hereinafter referred to as the “Webite”), customers of “THE TOKYO PASS” services operated by TANSEISHA Co., Ltd. (hereinafter referred to as “the Company”), and Users of the iOS/Android mobile App (hereinafter referred to as the “App”).

We recommend you read the following paragraph in order to know your rights regarding the protection of your personal data.

If you are a resident in a Member State of the European Economic Area (EEA):

In addition to the general policy below, please read the “GDPR Privacy Policy” (click on the underlined section to go to “GDPR Privacy Policy” below) for special and supplementary rules that apply under the General Data Protection Regulation (Regulation (EU) 2016/679 (“GDPR”).

1. Personal data protection policy

1.1 Compliance with applicable laws, regulations, and other standards regarding the protection of personal data

The Company shall comply with the Act on the Protection of Personal data of Japan (Act No.57, 2003) and any other related laws, regulations, standards, and guidelines.

1.2 Personal data collected

We collect certain personal data (such as name, e-mail address, date of birth, passport issuing country, location data, etc.) provided by the customer through the registration form, by e-mail, when the customer purchases a product or makes an inquiry. We collect your location data if you are only in Japan. Please note that if you object to providing personal data you may be excluded from the services provided by the Company.

1.3 Automated data collection when using the Website or the App

When you use this Website or the App, the following data may be collected: your IP address, location data, settings system specifications, and any other information. Once we get access to your location, we will know which mobile device you are using, and we can find nearby attractions that match your interests and share suitable attractions with you that are located nearby. If you no longer want to share location data with us, you can withdraw your consent at any time by changing the privacy settings on your device or browser.

1.4 Purpose of data collection

Your personal data will be processed for the following purposes by the Company:

  • (a) It will be used for marketing purposes
  • (b) In order to help with the strategic development of the services
  • (c) To understand how our Site and App is being used.

1.5. Purpose and use of personal data

Personal data will not be used for other purposes than described in this Privacy and Cookie Policy. We use personal data obtained through the Website and App only for the purposes mentioned below. We shall always obtain explicit consent from individuals in advance before collecting their personal data in connection with the purposes stated below.

  • (a) Making our services available and the execution of related services
  • (b) Product sales and product management
  • (c) Improving our services, such as customer support
  • (d) Communications and notifications regarding our products and services
  • (e) Conducting market research, such as questionnaires and surveys
  • (f) Market analysis to develop and improve our products and services
  • (g) Create statistical reports
  • (h) Processing to anonymously processed

1.6. Third-party processors of your data

The Company will never share any information or personal data to a third party without your explicit consent, except in the following situations:

  • (a) In order to prevent fraudulent or illegal activities, to protect our legal rights and those of third parties, in which case we may share your name, e-mail address, date of birth, passport issuing country, location data, credit card-related information, and any other information to the public authorities and, if necessary, third-party companies.
  • (b) We may disclose your personal data to third party service providers located in Japan and overseas when it is necessary to perform our legal duties.

1.7. Your rights

If you do not wish to receive information about our products and services or those of other affiliated organizations necessary to perform our services, you may opt-out from receiving such e-mails from us.

If you have any questions or concerns regarding your privacy and the protection of your personal data, if you do not want us to use or keep your personal data after you have shared it with us, or if you have provided incorrect information to us, please send an e-mail to privacy@mytokyopass.com. We will then verify your identity, and fulfil your request, either by correcting or deleting your personal data.

1.8 Retention period of personal data

We will not retain your personal data obtained through the Website or App for a longer period of time than is strictly necessary to achieve the purposes mentioned in this Privacy Policy. We will immediately delete your personal data after we have received a request to do so, or when we decide that permanent erasure of the personal data is necessary as a result of a review of and changes in our data protection policies.

1.9 Technical measures to protect personal data

The Company will take all appropriate and industry-standard security measures to store and process your personal data in a secure manner, and in order to prevent unauthorized access and data leaks.

1.10 Updating our Privacy Policy

When there are any changes in the applicable law, information gathering and usage methods, site functionality, or technological advances, we may revise this Privacy Policy to reflect such changes. If we change or correct the way we collect or use your personal data, it will be reflected in this Privacy Policy. The most recent version of our Privacy Policy and its publication date can be found under the footer at the beginning of this Privacy Policy. We recommend you review this Privacy Policy from time to time to make sure that you are aware of the latest version of our privacy and data protection practices. When applicable, we will ask again for your consent.

2. About THE TOKYO PASS Website and App

2.1 Collecting personal data when using our services

When you are using our Website or downloading our App, we may ask for information such as your name, e-mail address, date of birth, passport issuing country, location data. We may also record information such as the types of services you are interested in, usage patterns, information requested by you, and products you have purchased.

2.2 Marketing and Communication

  • (a) As an integral part of the services we provide, THE TOKYO PASS may occasionally send messages you may find useful via e-mail or through the App containing informational offers, promotions, discounts, events, new services, information about related activities or attractions, and location-based information. Such communications may also be sent by SMS, Whatsapp, and any other available method or technology.
  • (b) These communications may include new or related services we wish to send you from our third-party affiliate companies. If they contact you, we are not responsible for any agreements between you and them, and any personal data you provide is subject to that third-party affiliate company’s respective privacy policy.
  • (c) We have partnered with a number of third-party companies and organizations, such as ticket suppliers and attractions. We may share your personal data with them. Your personal data, including but not limited to your name, e-mail address, is used to confirm or change your reservation with them.
  • (d) If you book an admission ticket through one of our business partners, they may obtain and use your personal data. In such cases, your information will fall under the privacy policy of that respective business partner.

3. Cookies

We use Cookies on this Website. Please check our Cookie Policy for more information.

[Privacy Officer]
9F Shinagawa Season Terrace, 1-2-70 Konan, Minato-ku, Tokyo, Japan 108-8220
Personal data Protection Manager
For more information about THE TOKYO PASS service, please contact us.

THE TOKYO PASS Office, TANSEISHA Co., Ltd.
9F Shinagawa Season Terrace, 1-2-70 Konan, Minato-ku, Tokyo, Japan 108-8220
E-mail: privacy@mytokyopass.com

GDPR Privacy Policy

This GDPR Privacy Policy (“GDPR Policy”) describes, for those individuals residing in the Member States of the European Economic Area, their rights as stated in the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/ 679 and any additional provisions. These rules apply to the collection and processing of personal data from customers by and through “THE TOKYO PASS” website (hereinafter, this Website) and mobile application (hereinafter, this App) operated by TANSEISHA Co., Ltd. (hereinafter, our Company). This GDPR Policy applies when you agree to it before using our App (hereinafter referred to as “the App”) and before starting to use THE TOKYO PASS service (hereinafter referred to as “the Service”). You need to make sure that you have read and understood all the above. In addition to THE TOKYO PASS Privacy Policy, please review these supplemental terms.

1. Legal basis

Under the GDPR, you are required to follow Section “1. Personal Data Protection” in the “THE TOKYO PASS Privacy Policy”. The collection and processing of your data is based on your consent, and is also in accordance with THE TOKYO PASS Privacy Policy.

We may convert personal data into statistical and/or aggregated data, which cannot be used to identify a data subject directly and is solely used to produce statistical studies and reports.

We never collect, process, or use any personal data that under the GDPR is considered sensitive personal data.

2. Storage period

Your personal data shall always be processed in accordance with the purposes mentioned in this document, until you request the deletion of your personal data. However, if your information and personal data are deleted after such a request, we recommend you back it up yourself, as you may need it for legal, tax, or regulatory purposes.

3. Data management

Compliance and security

We may be forced to disclose personal data under the applicable law, after receiving an order from a court of law, or a request from the government or public authorities from your country of residence or any other jurisdiction. We may also disclose your information and personal data if we, at our sole discretion, decide that disclosure is necessary or appropriate for important grounds of national security, law enforcement, or public interest.

We may also disclose your personal data if we believe in good faith that disclosure is necessary to protect our own business interests or those of other users.

4. Responsibility for booking on behalf of others

In the event that you use our services, or make a booking on behalf of someone else, it remains your full responsibility to verify the correctness of individuals’ personal data, and that you understand and agree with the way we use that personal data.

5. Children

This Service is only for customers that are adults according to the applicable law. However, we may unintentionally collect and process personal data from children under the age of sixteen (16). In that case, we will ask for the consent of the parent or legal guardian. We never collect and process personal data from children under the age of thirteen (13). If you suspect this is the case, please contact us immediately.

6. Links to third-party websites

We may provide hypertext links on our Website and in our App that direct to third-party websites or other internet resources. We do not control and are not responsible for the content, privacy, and data protection practices of those third-party websites. Please read their respective GDPR Policy carefully in order to become aware of how these third-parties collect and process personal data.

7. Data processing records

We keep records of the processing of personal data in accordance with our obligations under Article 30 GDPR, and such records contain all information needed to comply with the GDPR and, where appropriate, to co-operate with data protection authorities as stipulated in Article 31 GDPR.

8. Security measures

We process personal data in a secure manner that ensures protection against fraudulent or illegal processing activities, against accidental loss, destruction, or damage. We shall always use any appropriate technical or organizational measures to achieve this level of protection, which is in accordance with Articles 25(1) and 32 of the GDPR.

We will retain your personal data for as long as the law requires it, and as long as it is necessary to fulfill the purposes described in this GDPR Policy.

9. Notification of data breach to data protection authorities

We will have mechanisms and internal policies in place to evaluate the accidental or unlawful destruction or loss of personal data transmitted, stored, or otherwise processed by us, and to discover a security breach leading to tampering, unauthorized disclosure, or access of personal data. Depending on the results of an investigation after such events have occurred, we will notify, if necessary, the data protection authorities and contact the affected data subjects, which may include you (Articles 33 and 34 GDPR).

10. Processing that can pose a high risk to your rights and freedoms

If we conduct a data processing activity that may pose a high risk to your rights and freedoms, we will assess the impact of such activities before we store and process your personal data. After having performed an internal evaluation, we will either stop such activities, confirm they comply with the GDPR, or make sure that appropriate technical and organizational safeguards are implemented in order to proceed with the data processing activity. (Article 35 GDPR)

If you still have questions, we recommend you contact your national data protection authority to advise you on this issue (Article 36 GDPR).

11. Your rights

You have the following rights:

Access to your personal data: You have the right to receive all the information and metadata about the personal data we hold about you.

Data rectification: You have the right to request your personal data to be corrected and rectified if we hold any information about you that is incorrect.

Data removal: You have the right to be forgotten, meaning you may request the full erasure of your personal data.

Restrict the processing of personal data: You have the right to ask us to restrict the use and processing by us of your personal data.

Objections to the processing of personal data: You may have the right to object to our use of your personal data. Please note that certain conditions may apply to the exercise of this right.

Portability of personal data: You have the right to receive personal data in a structured and commonly used format.

If you want to exercise your rights or need more information about how we use your personal data, please contact the Secretariat at privacy@mytokyopass.com.

The steps to exercise your rights are as follows:

  • 1. Once we have received your notice, we will send you a confirmation that we are processing your request. Also, we will indicate our response time, which shall be within a reasonable period of time.
  • 2. We will evaluate your request first in order to confirm your identity and whether the request is valid.
  • 3. If no further information or action from you is required, we will continue with the processing of your request.
  • 4. At the end of evaluating our internal privacy processes, we will provide an answer to your request in connection to our duty to comply with the GDPR.
  • 5. We may charge a reasonable fee based on our administrative costs for either excessive or unsubstantiated requests.

12. If you want to file a complaint about the way we process your personal data

You can file a complaint by contacting THE TOKYO PASS office and sending it to privacy@mytokyopass.com.

After having received your complaint, THE TOKYO PASS office will send you a confirmation of receipt within three working days. This answer may include additional questions necessary to clarify the issue underlying your complaint. THE TOKYO PASS Secretariat will respond with a substantive response as soon as reasonably possible, but at least within one month after receiving your complaint. If we are unable to provide a substantive response within one month due to the complexity of the complaint, we will respond to it within two months after having received it.

13. Amendments

This GDPR Policy may be revised or updated from time to time in the future, and by doing so, we will publish the latest version on this page. We recommend you check our GDPR Policy regularly for any applicable changes by referring to the date of the last version on the top of this page. If the applicable law requires us to ask you again for your consent, we will notify you and make sure you agree with the latest version of our GDPR Policy before we continue to collect your personal data.

14. Contact

We welcome any questions, comments, or requests regarding this GDPR Policy.

THE TOKYO PASS Secretariat
TANSEISHA Co., Ltd.
Address
E-mail: privacy@mytokyopass.com

15. About Cookies

Our Website uses different types of Cookies. Please refer to our Cookie Policy to learn about the way we use those Cookies as they can affect your use of our Website.

Formulated on September 1, 2022