Privacy Notice
1. Purpose of Use of Personal Data
H.I.S. Deutschland Touristik GmbH. (“H.I.S.”) is a company based in Grosse Eschenheimer Strasse 39, 39a, 60313 Frankfurt am Main, Germany. H.I.S. is a subsidiary of H.I.S. Co., Ltd., the headquarter of the H.I.S. Group, on behalf of whose companies this information notice is issued.
H.I.S. and the H.I.S. Group companies obtain personal data filled in by a customer for the purpose of arrangement and receipt of travel services provided by transportation facilities and/or accommodation facilities and provision of insurance services. H.I.S and the H.I.S. group companies store the personal data provided by customer at the time of request of travel arrangement in its database. Such data will be stored for 5 years.
2. Legal bases on processing the personal data
H.I.S. and the H.I.S Group companies process personal data relying on the following legal bases: (1) Performance of a contract, (2) Legitimate interests (such as fraud prevention), (3) Compliance with legal requirements, and (4) Consent.
3. Data Protection Officer
You can reach our data protection officer at gdpr-pj@his-world.com .
4. Our sharing of your personal data with other companies
We may transfer information about you to other group companies for purposes connected with your travel arrangements. In these cases, the H.I.S. Group companies that receive your personal data will use the data in accordance with this Notice, our privacy policy and the applicable data protection legislation. In any case, we have appropriate safeguards in place to ensure the security and confidentiality of your personal data.
H.I.S. and the H.I.S. Group companies do not disclose or provide personal data provided by customers to any third parties for other than the contractually agreed upon purposes, except with the consent of the customer from whom the data was obtained, or when there is a legitimate other reason for such disclosure (such as court orders or legal obligations to do so).
H.I.S. and the H.I.S. Group companies may use arrangement agents (e.g. accommodation agent) and/or service providers (e.g. hotel or airline) to process the customer’s personal data on behalf of H.I.S in order to provide its services to the customer. Third party service providers are bound by confidentiality clauses and are not allowed to use his/her personal data for other purposes.
Please see more details regarding group companies (https://www.his.co.jp/english/about.html)
5. Data transfer to third countries
H.I.S. and the H.I.S. Group companies may send your personal data to other companies outside your country. In particular, if you live in the European Economic Area (EEA), your personal data may be transferred to companies located outside the EEA to a third country without an adequacy decision of the European Commission regarding equivalent data protection standards. This includes in particular transfer to the H.I.S. headquarter located in Japan as well as other group companies, subsidiaries or affiliates of H.I.S. When this is the case, H.I.S. and the H.I.S. Group companies have adopted and implemented Standard Contracts to oblige the company that receives your data to use it fairly and legally. In cases where such safeguards cannot be ensured, H.I.S. and the H.I.S. Group companies will only share personal data after having notified the individual and retrieved consent for such transfer or where it is absolutely necessary to perform the obligations towards such individuals under the agreement with H.I.S. or H.I.S. Group companies such as disclosure of personal data to a hotel for the purpose of booking the accommodation for the customer.
6. Security procedures for personal data
In order to prevent leakage, loss, or damage of it, H.I.S. and the H.I.S. Group companies, strive to enforce safety procedures which are appropriate and rational from both technical and administrative aspects. If there should occur any leakage, loss or damage of personal data, H.I.S. has the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, H.I.S. will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you.
7. Data subjects’ rights under the European Data Protection Regulation
The customers have various rights with respect to the personal data concerning the customers, such as the right to access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. H.I.S. and the H.I.S. Group companies respond without delay to request for disclosure of personal data by the person from whom the data was obtained as well as other complaints, or consultations.
Please see more details in our privacy policy