1. HOME
  2. ZIPAIR Tokyo Co., Ltd. Processing of Personal Data in GDPR

ZIPAIR Tokyo Co., Ltd. Processing of Personal Data in GDPR

ZIPAIR Tokyo Co., Ltd. process and protect customers' personal data as follows, pursuant to the General Data Protection Regulation (hereinafter referred to as "GDPR") and the JAL Group's Basic Policies for Information Security and Personal Data Protection.

1. Protection and Management of Personal Data
ZIPAIR Tokyo Co., Ltd. properly manage and protect customers' personal data pursuant to the JAL Group's Basic Policies for Information Security and Personal Data Protection.
2. Personal Data Controller and Data Protection Officer
  1. Personal Data Controller
    ZIPAIR Tokyo Co., Ltd.
    Address: 1-1 Naritazuka Odori Farm, Narita City, Chiba , Narita Airport Terminal 1 North Wing 4F NA407, 282-0011
  2. Data Protection Officer
    Address:1-1 Naritazuka Odori Farm, Narita City, Chiba , Narita Airport Terminal 1 North Wing 4F NA407, 282-0011
    E-mail:dpo@zipair.net
3. Purpose and Legal Basis for Processing Personal Data

ZIPAIR Tokyo Co., Ltd. properly process customers' personal data within the scope of the following purposes:

Purpose of Processing Legal Basis
1. To provide air transportation services (Reservations, sales, check-in, airport handling, cabin services, etc. Including cases of interline transportations, joint operations, code-sharing, contract operations, etc. in addition to normal transportation services) Contract performance
2. To provide other products and services Contract performance
3. To provide information and communications; to conduct questionnaires relating to products, services, various events, campaigns, and such Legitimate interests
4. To conduct sales analysis, investigations and research; to develop new services and products Legitimate interests
5. To conduct operations relating to 1-5 above; to respond to inquiries, etc. Contract performance
Legal obligations
Legitimate interests
4. Personal Data Categories

ZIPAIR Tokyo Co., Ltd. process customers' personal data necessary for the purposes stated in "3. Purpose and Legal Basis for Processing Personal Data". Such personal data includes:

Basic Data
Name, address, contact details (TEL/FAX numbers, e-mail address), gender, date of birth, country/region of residence, passport number, credit card number, information on employment (company name, department, job title, address, TEL/FAX numbers), etc.
Data for Making Reservations and Itineraries
Reservation /boarding information (flight name, etc.), itinerary information, copy of e-ticket, EMD, (online) check-in, accompanying passengers, incidental services (upgrades, additional baggage, etc.), mailing address of items sent to customers, e.g. ticket, itinerary, etc.
Communications Data
Records of communications with the JAL Group Airlines (recordings of phone calls to the call centre, records of responses to questions submitted via e-mail or web inquiry forms, etc. Where necessary, records of questions or complaints, etc. received at airport counters or when boarding, may be kept)
Data Collected from Websites and Apps, etc
Website access logs (IP address, Cookies, etc.) and data collected by apps, etc.

Where a customer reserves ZIPAIR Tokyo Co., Ltd. services via a third party such as travel agents or other airline companies, some of the above-stated personal data may be collected from such third party. This policy also applies to personal data collected in such way.

Collection and Use of Sensitive Personal Data
ZIPAIR Tokyo Co., Ltd. may collect and use sensitive personal data on customers when providing air transportation services. The collection and use of such sensitive personal data is limited to cases in which customers request Priority Guest Support when using air transportation services, and such data is not used for any other purpose
Examples of Processing Sensitive Personal Data
  • Where requesting escort from check-in counter to departure gates for passengers that use a wheelchair or are visually impaired
  • Where requesting rental medical oxygen bottles or permission to carry-on a medical oxygen bottle
  • When requesting permission to carry-on syringes or other medical equipment for a chronic disease
  • When a pregnant passenger requests to board a flight within 28 days expected delivery date

Where a customer requests a special in-flight meal, etc., data may be processed that is not sensitive personal data but may indicate a customer's religious beliefs or state of health.
Customers have the right to withdraw consent for the processing of sensitive personal data. Customers wishing to withdraw consent should contact where he or she applied for the service. It may not be possible to provide all or some services if consent is withdrawn.

5. Refusal to Provide Personal Data
The provision of personal data on customers is necessary for customers to be provided with services by ZIPAIR Tokyo Co., Ltd. ZIPAIR Tokyo Co., Ltd. may not be able to provide a service in whole or in part if personal data is not provided.
6. Legitimate Interests of ZIPAIR Tokyo Co., Ltd.
ZIPAIR Tokyo Co., Ltd. have a legitimate business interest in the use of personal data they collect to provide effective services and to perform the operations as airline companies.
7. Disclosure and Provision of Personal Data to other Companies
  1. ZIPAIR Tokyo Co., Ltd. disclose and provide customers' personal data to JAL Group companies to achieve the purposes stated in "3. Purpose and Legal Basis for Processing Personal Data".
    Refer to the following website for details on group companies.

    JAL Group Infomation

  2. Customers' data may be disclosed or provided to partner airlines or companies entrusted with ground handling and check-in operations to provide air transportation services such as when using code share flights or connecting flights, and to achieve purposes such as mileage accumulation.
  3. Where customers have made reservations via a travel agent, customer data is disclosed and provided to such travel agent in relation to the reservation.
  4. Customers' data is transmitted to a server operated by Radixx, a company in United States of America that manages the passenger service system used by ZIPAIR Tokyo Co., Ltd.
  5. ZIPAIR Tokyo Co., Ltd. may conduct surveys relating to their services, etc. using an external web service. When a customer answers a survey, some personal data on customers is disclosed or provided to the operator that provides the web service. When requesting a response to a survey ZIPAIR Tokyo Co., Ltd. indicate the name of the operator and matters concerning the processing of personal data by the operator.
  6. Where required by law, customer data relating to reservations and itineraries (including passport, visa, and API data) may be submitted to the customs authorities or immigration bureaus in the customers' countries to be flown from, into or over, or in countries of transit and transfer.
  7. Customers' personal data may be disclosed or provided to authorities or recipients prescribed in laws and regulations where necessary to comply with EU law or the laws and regulations of members of the EU/EEA.
8. Transfer of Personal Data to Non-EU Third Countries

ZIPAIR Tokyo Co., Ltd. may transfer customers' personal data from within the EU/EEA to non EU/EEA countries and regions where there are ZIPAIR Tokyo Co., Ltd. establishments or airports serviced by JAL Group Airlines in order to achieve the purposes stated in "3. Purpose and Legal Basis for Processing Personal Data".

In such case, except when the European Commission determines that the country or region has secured data protection at an adequate level, in principle, customers' personal data is transferred after executing standard data protection clauses as an appropriate protection measure in accordance with the provisions of the GDPR and the laws and regulations of EU/EEA member states.

Contact the inquiries section stated in "12. Inquiries" with questions, etc. regarding the above stated protection measures.

9. Management of Personal Data

ZIPAIR Tokyo Co., Ltd. retain customers' personal data for the period necessary to achieve the purposes stated in "3. Purpose and Legal Basis for Processing Personal Data". Records concerning boarding by customers, such as reservations records and ticket information, are normally retained after boarding for a maximum of three years.

Data collected during communication with customers (customer service records, records of e-mails received, etc.) is retained for the period necessary to provide even better services to customers.

Access logs, etc. recorded when the ZIPAIR Tokyo website is accessed are retained for the period necessary for analysis by ZIPAIR Tokyo Co., Ltd.

10. How to Request Disclosure, etc. and Make Inquiries
Disclosure

The Company discloses retained personal data that identifies the data subject. (The Company will inform the data subject to such effect if there is no retained personal data that identifies the data subject.) However, where corresponding to any of the following, the Company may notify the data subject of the reason and refuse to disclose data in whole or in part.

  1. Where the data subject's or a third party's life, health, property, or other rights or interests are likely to be harmed
  2. Where the proper implementation of ZIPAIR Tokyo Co., Ltd. operations are likely to be hindered
  3. Where disclosure will violate laws and regulations
Rectification
Where requested to rectify or make additions (hereinafter referred to as "Rectification, etc.") to retained personal data due to the retained personal data that identifies the data subject being incorrect, unless special procedures are prescribed in the provisions of laws and regulations regarding the Rectification, etc. of such details, the Company shall conduct necessary investigations without delay within the scope necessary to achieve purpose of processing. The Company shall notify of details without delay when all or a part of the retained personal data is Rectified, etc. as a result. The data subject shall be notified of such effect, outlining the grounds, if a decision is made not to carry out Rectification, etc.
Erasure
Where requested to erase retained personal data that identifies the data subject, the Company shall conduct necessary checks without delay such as where personal data is necessary in light of the purpose of processing. The Company shall notify of details without delay when all or a part of the retained personal data is erased as a result. The data subject shall be notified of such effect, outlining the grounds, if a decision is made not to carry out erasure.
Suspension of Use, etc.
Where requested to suspend use, erase, or suspend provision to a third party (hereinafter referred to as "Suspension of Use, etc.") of retained personal data, and when there is discovered to be grounds for such a request, the Company shall Suspend Use, etc. of such retained personal data without delay, to the extent necessary; provided, however, that where Suspension of Use, etc. of such retained personal data requires a considerable expense, or where Suspension of Use, etc. is otherwise difficult, the Company may substitute Suspension of Use, etc. with alternative measures necessary to protect the rights and interest of the data subject. The Company shall notify the data subject of such effect without delay when it has Suspended Use, etc. of all or a part of the retained personal data. The data subject shall be notified of such effect, outlining the grounds, if a decision is made not to carry out Suspension of Use, etc.
Data Portability
Where legal requirements are fulfilled, the Company shall provide personal data provided by data subjects that has been structured, generally used, and is in a machine readable format. Furthermore, where technically possible, personal data provided by data subjects shall be transmitted to other data controllers. The data subject shall be notified of such effect, outlining the grounds, if a decision is made not to provide or transmit personal data.
Procedure for Making Requests

Send the applicable request form (*1) and the necessary documentation (*2) (when requesting “disclosure” or “data portability”) to the following

Address:

Personal Information Handling Desk
ZIPAIR Tokyo Co., Ltd.
1-1 Naritazuka Odori Farm, Narita City, Chiba , Narita Airport Terminal 1 North Wing 4F NA407, 282-0011

  1. *1 Download an application form from one of the following links:

  2. *2 Necessary documentation

    [Data Subject Identify Confirmation Documents]
    (Where requests are made by a representative, attach documents concerning the representative)
    A copy of a driver's license, passport, health insurance card, or any other document issued by a public agency that can used to confirm the identity customer

    [Address Confirmation Documents]
    Where the above document (from a government or public office) does not include an address, in order to confirm the addressee, attach a document issued by a public agency that indicates a current address (issued within three months of making the request).

    [Right of Representation Confirmation Documents]

    • Parental Authority:
      Document that confirms the representative has parental authority
    • Guardian of Adult:
      Document that confirms the representative is a guardian of adult
    • Statutory Agent:
      Document that proves the representative is a statutory agent
    • Voluntary Representative:
      Letter of proxy (signed by data subject)

    In the case of requests from voluntary representatives, the Company may confirm delegation with the data subject or directly disclose, etc. personal data to the data subject.

    In order to view PDF documents, you will need to install Adobe Reader on your computer.

    about PDF
11. Complaints Concerning Personal Data
  1. Customers have the right to lodge an objection to the processing of their personal data retained by ZIPAIR Tokyo Co., Ltd. if legal requirements are fulfilled concerning a particular situation. Where an objection is lodged and such objection fulfils legal requirements, ZIPAIR Tokyo Co., Ltd. shall delete or suspend use of retained personal data in whole or in part, and notify the data subject of such effect without delay.
    Where objections are lodged regarding direct marketing, ZIPAIR Tokyo Co., Ltd. shall promptly suspend such direct marketing and notify the data subject of such effect without delay.
    The data subject shall be notified of such effect, outlining the grounds, if a decision is made not to carry out Suspension of Use, etc. due to the lodging of an objection.
  2. Customers have the right to make complaints concerning the processing of their personal data, against the EU/EEA member country in which the customer lives or works, or EU/EEA member countries' supervisory authorities that have engaged in illegal conduct. Contact each supervisory authority concerning specific complaint procedures, etc.
12. Inquiries

If you have any inquiries regarding "ZIPAIR Tokyo Co., Ltd.: Processing of Personal Data in GDPR", please send your letter to the following address:
Personal Information Handling Desk

ZIPAIR Tokyo Co., Ltd.

1-1 Naritazuka Odori Farm, Narita City, Chiba , Narita Airport Terminal 1 North Wing 4F NA407, 282-0011