Privacy Policy

Article 1. Application

This Privacy Policy (“Policy”) applies when providing personal information to ANA Narita Airport Services (“NRTAS”). When agreements, rules, precautions and other provisions relating to personal information protection (collectively “Separate Rules”) are established separately from this Policy, and when the content prescribed in this Policy and the content prescribed in the Separate Rules differ, application of the content prescribed in the Separate Rules takes precedence unless specially provided otherwise.

Personal information provided as part of business processes outsourced from other ANA Group companies, including airline ticket information and other information used in air transport services, is not applicable to this Policy.

Article 2. Personal information

Personal information refers to personal information designated in the Act on the Protection of Personal Information (“Personal Information Protection Act,” Act No. 57 of 2003), is information about individuals who are alive, and refers to information able to identify specific individuals through inclusion of name, date of birth, and other descriptions or an individual identification code in said information.

Article 3. Purpose of use of personal information

NRTAS obtains the personal information of customers and uses the obtained information within the necessary scope for the following purposes. When using personal information beyond the scope of the following purposes, NRTAS shall obtain prior consent from customers using a suitable method. Even when within the scope of use, NRTAS does not use customers’ personal information in ways that risk encouraging or inducing illegal or unjust acts.

1. To execute and manage making announcements, providing information, and conducting questionnaires about various types of events and the like held by NRTAS
2. To respond to inquiries, requests, and the like
3. To perform all business processes accompanying and related to the aforementioned business processes
4. To conduct hiring activities and internship activities

*Personal information is also used for the purposes described in “Article 7. Shared Use of Personal Information.”

Article 4. Obtained personal information

NRTAS obtains the following personal information of customers using appropriate and fair methods to fulfill the purposes of use provided in the preceding article.

1. Information about the person in question, contact information, etc.
   Customers’ name, address, telephone number, fax number, email address, etc.
2. Details of inquiries and opinions submitted to NRTAS
   Information known through interactions with customers, details of inquiries, requests, and opinions (including the reasons for them and how they were addressed), etc.
3. Information pertaining to employment screenings and internship activities
   In addition to the items listed in (1), personal information including school names, career background, details of disabilities and considerations required, such as severity of the disability, etc.

Except when stipulated by laws and regulations and when consented to by customers, NRTAS does not obtain or use customers’ sensitive information, including information about race, religious faith, social status, medical history, and incidents of harm incurred as the victim of crime (“Sensitive Information”).

Article 5. Disclosure and provision to third parties

NRTAS strictly manages personal information, and except in the following cases, does not disclose or provide personal information to third parties without customers’ consent. Furthermore, providing personal information through shared use or business process outsourcing does not correspond to disclosure or provision to third parties.

1. When required to protect human life, bodily safety, or property, and obtaining the customer’s consent is not feasible
2. When cooperation is required for the improvement of public health or the healthy development of children, and obtaining the customer’s consent is not feasible
3. When cooperation is required for execution of legally mandated matters by a national government organization, local government body, or party contracted to perform such matters, and obtaining the customer’s consent may hinder execution of said matters
4. When personal information is provided as part of a merger or business succession by other means
5. Other cases permitted by laws and regulations

Article 6. Outsourcing handling of personal information

NRTAS may outsource all or a portion of personal information handling within the scope necessary to fulfill the purposes of use. In this case, NRTAS sufficiently audits the party’s suitability as an outsourcing partner, stipulates matters in agreements including matters pertaining to the duty of confidentiality, and performs the necessary and appropriate oversight of the outsourcing partner.

Article 7. Shared Use of Personal Information

NRTAS may engage in shared use of customers’ personal information within the following scope and purposes of use.

Scope of Parties Engaging in Sharing and Use

ANA Group companies

Purposes of Use of Parties Engaging in Use

1. For provision of air transport services, tour, hotel, and other travel services, and other products and services handled by NRTAS or companies engaging in sharing and use
2. For sending direct mail, providing information about products and services, conducting questionnaires and the like by NRTAS or companies engaging in sharing and use
3. For sales analysis, other surveys and research, development of new products and services, and the like by NRTAS or companies engaging in sharing and use
4. Regarding products and services provided by NRTAS or companies engaging in sharing and use, for communication and handoff to the responsible company when there are inquiries, requests for use, or other requests from customers
5. For the appropriate and smooth execution of other transactions with customers by NRTAS or companies engaging in sharing and use
6. For the business management and internal management of ANA Group

Items of personal information shared and used

Name, address, telephone number, fax number, email address, and information known as part of interactions with customers, details of inquiries, requests, and opinions (including the reasons for them and how they were addressed), etc. of customers

Name, address, and name of representative party responsible for management of personal information

ANA Holdings Inc.
Shiodome City Center, 1-5-2 Higashi-Shimbashi, Minato-ku, Tokyo 105-7140
Koji SHIBATA, President & Chief Executive Officer

Article 8. Transfer outside Japan

When providing customers’ personal information to third parties, such as business operators outside Japan including service provider outsourcing partners and shared use parties, NRTAS engages in provision based on customers’ consent, except in cases of any of the following applying.

1. When the third party is in a country that has established laws and regulations as a country with a personal information protection system with standards equivalent to Japan’s
2. When the third party has built the necessary system to continuously implement measures equivalent to measures that should be implemented by business operators handling personal information from Japan

In addition, in the case of (2), NRTAS implements the necessary and appropriate measures to ensure the continuous implementation of equivalent measures by the third party.

Article 9. Management of personal information

NRTAS appropriately manages customers’ personal information and implements the necessary safety measures to prevent its leak, loss, alteration and similar. NRTAS conducts internal education for officers and employees regarding the protection and appropriate handling of customers’ personal information, establishes the retention period for personal information according to the purpose of use, and destroys personal information using an appropriate method when the purpose of use is achieved.

Article 10. Requests regarding handling of personal information

Regarding the personal information of customers retained by NRTAS, when a request is received from a customer relating to any one of disclosure, correction, deletion, addition, suspension of use, removal, or provision of information about personal information protection measures (“Disclosure, Etc.”), after confirming that the customer making the request is the customer in question, NRTAS responds per the following within a reasonable period of time and scope and in accordance with laws and regulations.

1. Requests regarding disclosure
   NRTAS discloses the items of personal information, purposes of use, or records of provision to third parties desired by the customer.
2. Requests regarding correction, deletion, and addition
   NRTAS confirms the details of the request, and corrects, deletes, or adds details pertaining to the customer’s personal information within the appropriate and possible scope.
3. Requests regarding suspension of use or removal
   Regarding the items of personal information specified by the customer, NRTAS suspends their use and removes them upon request within the appropriate and possible scope, according to the details of the request. Additionally, suspension of use or removal may result in no longer being able to provide services that were previously available up to then or services that align with the customer’s wishes. Please make such requests based on this understanding in advance.
4. Requests for provision of information about personal information protection measures
   NRTAS provides information about the following, according to the details of the request
   1. Details of safety management measures implemented by NRTAS
   2. Details of measures implemented by NRTAS when providing customers’ personal information to third parties outside Japan

NRTAS may not be able to fulfill the details of customers’ requests as requested when an incident would arise that significantly hinders the normal business processes of NRTAS, when there is risk of violating provisions of laws and regulations, or when there is risk of causing harm to life, bodily safety, property, or otherwise harming the rights and interests of customers or third parties.

Article 11. Procedures for changing the privacy policy

NRTAS revises the content of this Policy as appropriate and strives to improve it. The content of this Policy shall be able to be changed, excluding matters provided separately by law or otherwise in this Policy. The Privacy Policy after changes have been made shall take effect after notifying customers using the method prescribed by NRTAS, or after it is published on the NRTAS website.

Article 12. Inquiries

Please contact the following if you have requests or inquiries pertaining to the handling of personal information by NRTAS.

Amended April 21, 2022