• Compliance with Laws, Regulations and Guidelines Governing Personal Information
• The Company understands the purpose and content of the Act on the Protection of Personal Information, related laws and regulations, guidelines established by relevant ministries and agencies and this Privacy Policy, and will comply with such laws and regulations, and will make every reasonable effort to manage and protect personal information.
• Establishment of a Personal Information Protection Management System
• The Company shall ensure that its directors and employees understand the details and importance of personal information protection and establish a management system for the protection of personal information.
• Improvement of Personal Information Protection
• The Company shall make continuous efforts to improve and ensure the proper management and protection of personal information.
• Prompt Response to Queries and Complaints
• The Company shall promptly respond to requests for notification of the purposes of use of personal information, disclosure of personal information or records of provision to third parties, correction, addition, or deletion of personal information, cessation of use, erasure, or cessation of provision to third parties and other opinions and requests regarding the handling of personal information. The contact point for enquiries is as described in clause "11. Contact for Privacy Policy" hereunder.

Management of Personal Information

Pursuant to the "Basic Policy," the Company shall comply with laws, regulations, and other norms related to the protection of personal information and shall manage such information in an appropriate manner.

• 1. Acquisition of Personal Information
• The Company shall acquire your personal information in an appropriate and fair manner by the following methods.
• a) Information provided directly from you in skyticket through user registration, application information input, telephone or e-mail enquiries and similar methods
• Information to be acquired includes name, gender, date of birth, passport information (e.g., nationality and passport number), the same information regarding accompanying passengers mentioned above, e-mail address, phone number, fax number, address, booking information, details of travel services arranged by the Company, payment and settlement-related information, and details of enquiries (e.g., e-mail records, recorded calls).
  *The credit card information you entered on skyticket is obtained directly by the payment processing company without going through our site and sent directly to credit card companies and fraud detection companies. For details, please refer to the privacy policy of the payment processing company.
• • GMO Payment Gateway, Inc.
  • Worldpay, LLC
  • Infibeam Avenues Limited.,
  • 2C2P Pte. Ltd.
  • Viva Republica Inc.
• b) Receiving your information above from a third party based on your consent
• c) Automatically recording and retrieving information when you access skyticket website
• The Company collects your information such as cookies, IP addresses, advertising identifiers (AAID/IDFA), device information, and log information related to Internet usage such as location information and activity history (hereafter referred to as "information related to personal information"). When you provide "information related to personal information" to the Company, the Company may link your "information related to personal information" to your personal information, whereby such "information related to personal information" shall also be regarded as personal information.
• d) Receiving "information related to personal information" from third parties that operate advertising tools that were clicked on prior to your access to skyticket
• For the purposes of evaluating the effectiveness of advertisements, etc., the Company obtains "information related to personal information", such as information on advertisements that have been clicked on before visiting skyticket from tools operated by third parties (date of click and advertised site, etc.,) and only if you agree to this Privacy Policy, the Company may use the "information related to personal information" in conjunction with your personal information. Such information will be regarded as personal information.
• 2. Purposes of Use
• The Company uses personal information for the following purposes (see "7. Usage of Cookies" for details on the use of "information related to personal information" such as cookies).

• Purposes of Use
  (1) For the arrangement and sale of travel services	(1-1) For the sale of airline tickets (1-2) For the sale of non-airline travel services (e.g., helicopter reservations, study abroad programs) (1-3) For the sale of non-airline travel services (e.g., tours, highway buses, bullet trains, hotels, restaurant reservations)
  (2) For member management	―
  (3) For the preferential sale of event and travel tickets (skyticket Premium Service)	―
  (4) For insurance agency services	―
  (5) For acting as an intermediary for cancellation guarantee services	―
  (6) For responding to enquiries	―
  (7) For improving and streamlining enquiry response operations	―
  (8) For the utilization of national and local government subsidy programs	―
  (9) For maintaining the proper functionality of systems	―
  (10) For monitoring and preventing fraudulent credit card use	―
  (11) For compliance with legal obligations under applicable laws	―
  (12) For asserting, proving, or defending the Company's rights	―

• 3. Safe Management of Personal Information
• The Company has implemented the following security control measures to prevent the leakage, loss, destruction or damage of personal information and to appropriately manage personal information in a secure manner.
• a) Establishment of a basic policy
• The Company has established a basic policy in internal regulations pertaining to the handling of personal information.
• b) Establishment of disciplinary regulations in the management of personal information
• The Company has established internal regulations with regards to the management of personal information and makes every effort to ensure that all employees have a proper knowledge and understanding of such regulations.
• c) Implementation of safety management practices in the organization
• ⅰ) Development of an organizational structure
• A specific division has been formulated to manage and supervise all matters pertaining to the protection of personal information.
• ⅱ) Operations in compliance with rules and regulations pertaining to the handling of personal information
• Pertinent operations are executed in compliance with the Company's internal rules for the protection and handling of personal information.
• ⅲ) Maintaining a means of verifying the handling status of personal information
• The Company conducts routine periodic inspections and internal audits.
• ⅳ) Development of a system to respond to leakage and other incidents related to personal information
• The Company develops a manual for handling personal information related incidents and establishes an incident response team in accordance with the manual.
• ⅴ) Monitoring of handling status and reviewing safety control measures
• Regular checks are conducted on the status of handling of personal information and safety control measures are revised when deemed necessary.
• d) Individual security management
• Employees are trained on a regular basis on the protection of personal information.
• e) Physical security management
• ⅰ) Management of zones where personal information is handled
• Areas where personal information are handled are access-controlled by IC (Integrated Circuit) cards.
• ⅱ) Prevention of theft
• All paper documents are stored in cabinets secured with locks.
• ⅲ) Prevention of leakage when transferring electronic media
• Passwords are set for all electronic media.
• ⅳ) Deletion of personal information and disposal of devices and electronic media
• All electronic media are disposed of in an unrecoverable manner.
• f) Technical security management
• ⅰ) Access control and prevention of unauthorized external access
• WAF (Web Application Firewall) is used to restrict illegal or unauthorized access.
• ⅱ) Identification and authentication of accessors
• Accessors are restricted to the minimum necessary and controlled by identity (ID) submissions.
• ⅲ) Prevention of leakage arising from the use of information systems
• Encryption of data stored in the database is implemented.
• g) Identification of the external environment
• Regular checks are conducted on external factor risks pertaining to the protection of personal information. Provision of personal information to foreign third parties is as set forth in clause 6. hereunder.
• 4. Entrusting of Personal Information Handling
• The Company may entrust, in whole or in part, the handling of collected personal information to the extent necessary for the achievement of the purpose of use. In such cases, the Company shall select appropriate trustees and shall enter into an agreement that includes provisions regarding the protection of personal information and shall exercise all necessary and appropriate supervision over the trustees.
• *Trustees: Ticketing agents, wholesalers, website administrators, shipping companies, marketing tool providers and other such related vendors.
• 5. Retention Period
• The Company retains your personal information for the period as long as necessary to achieve the purposes of use stipulated in clause 2. above or as required by applicable laws. After the expiration of this period, the Company will delete or anonymize your personal information.
• 6. Provision of Personal Information to Third Parties
• The Company shall provide your personal information to third parties within the scope of the purposes of use stipulated in clause 2 above. The categories of third parties to whom personal information is provided and the purposes of such provision are as follows.

• Categories of Third Parties	Purposes of Provision
  ・Airline Companies	・For the sale of airline tickets
  ・Other Service Providers (e.g., helicopter tour companies, language schools)	・For the sale of non-airline travel services (e.g., helicopter reservations, study abroad programs)
  ・Other Service Providers (e.g., bus companies, ferry companies, accommodation facilities, land operators, tour companies)	・For the sale of other travel services (e.g., tours, highway buses, bullet trains, hotels, restaurant reservations)
  ・Welfare Service Providers	・For the preferential sale of event and travel tickets (e.g., skyticket Premium Service)
  ・Insurance Companies	・For insurance agency services
  ・Cancellation Guarantee Service Providers	・For acting as an intermediary of cancellation guarantee services
  ・National and Local Governments	・For the utilization of national and local government subsidy programs
  ・Public Authorities (e.g., Police)	・For compliance with the Company's legal obligations under applicable laws
  ・Dispute Resolution Bodies and Legal Representatives (e.g., Courts, Lawyers)	・For asserting, proving, or defending the Company's rights

• 7. Provision of Personal Information to Third Parties in Foreign Countries
• a) The Company may provide or entrust personal information to a third party in a foreign country in any of the circumstances stipulated hereunder.
• ⅰ) When the service provider of the airline ticket or other travel service that you have booked is a third party in a foreign country
• ⅱ) When the Company entrusts all or part of the handling of acquired personal information to a third party in a foreign country to the extent necessary to enable the purpose of use
• When you apply for foreign airline tickets or other travel services via skyticket, arrangements may be made through overseas wholesalers located in the European Union, the United States of America or South Korea. In such cases, the Company shall provide necessary and appropriate supervision of consignees after concluding non-disclosure agreements that include clauses regarding the protection of personal information.
• b) The Company shall obtain your prior consent when providing personal information to a third party in a foreign country, including entrustment, except in foreign countries (*1) designated by the Personal Information Protection Commission where the third party has a system for the protection of personal information that is equivalent to that implemented in Japan.
• c) Information on the protection of personal information of third parties in foreign countries.
• ⅰ) If your personal information is provided or entrusted to a third party in a foreign country, the details regarding the protection of personal information in that foreign country are available in the survey results of the Personal Information Protection Commission (https://www.ppc.go.jp/en/legal/). Specific names of countries to which personal information shall be provided or entrusted to can be found in the confirmation e-mail for the airline ticket or other travel service you have applied for or on "My Page" of this website or by contacting the contact listed in "11. Contact for Privacy Policy".
• ⅱ) Personal information may be provided to countries not listed in the results of the survey by the Personal Information Protection Commission. Please refer to "11. Contact for Privacy Policy" hereunder if a survey is necessitated.
• (*1) https://www.ppc.go.jp/files/pdf/h31kokuji1_rev2023April18.pdf
• 8. Usage of Cookies
• The Company uses cookies to ensure the proper function of services, to provide you with enhanced convenience and satisfaction , and to deliver optimised advertisements and measure their effectiveness.
• Cookies are information stored on computers, cell phones and other devices from the Company's site by your browser.
• The Company uses cookies primarily for the purposes outlined hereunder.
• • Save your past searches and customized display settings
• • Automatic authentication of your accounts and storage of login credentials
• • Analyze your usage status of our services for the purpose of providing improved services
• The Company uses Google Analytics provided by Google LLC to understand and analyse the usage status of our services in order to provide you with convenient and user-friendly services.
• When you access our services, your web browser may automatically send information such as the address of the page accessed and the IP address to Google LLC. Google may also set cookies in your browser to collect data or read existing cookies. This information will only be used to analyse and improve site usage and to provide other services. Such information does not contain any information which directly identify you.
• The method of collection and the use of access information by Google LLC is governed by the Google Analytics Terms of Service and the Google Privacy Policy (Privacy & Terms). You can disable the collection of information (data) by installing the "Google Analytics Opt-out Browser Add-on" on their browsers.
• • Google Analytics Terms of Service
• https://marketingplatform.google.com/about/analytics/terms/us/
• • Google LLC Privacy Policy
• https://policies.google.com/privacy?hl=en
• • Google Analytics Opt-out Browser Add-on
• https://tools.google.com/dlpage/gaoptout?hl=en
• 9. Revisions to this Privacy Policy
• The Company reserves the right to revise its Privacy Policy from time to time. Any revisions shall be notified on the website of the Company. Please check the most up-to-dated Privacy Policy.
• 10. Requests for the Disclosure, etc., of Personal Information
• If you wish to be informed of the purpose of use of your personal information held by the Company, request the disclosure of your personal information or records of its provision to third parties, request correction, addition or deletion of personal information, or request the cessation of its use, deletion, or the suspension of its provision to third parties, please contact our Inquiry Desk Regarding the Handling of Personal Information (Clause 11.) hereunder for guidance on the necessary procedures. Necessary actions will be taken without delay in accordance with applicable laws and our internal regulations. Notwithstanding the aforesaid, in the event that the request cannot be complied with in whole or in part, the reason(s) shall be provided to you.
• 11. Inquiry Desk Regarding the Handling of Personal Information
• For any enquiries pertaining to this Privacy Policy, requests described in clause 10. Requests for the Disclosure, etc., of Personal Information, and/or any other comments or requests relating to the handling of personal information, please contact us at the contact addresses hereunder. Please note that a fee of 1,000 yen (including tax) will be charged for per disclosure request.
• Contact Information
• • Email: info@skyticket.com
• • Mailing Address: 24F Yebisu Garden Place Tower, 4-20-3 Ebisu, Shibuya Ward, Tokyo, Japan 150-6024

• 1. Controller
• The controller of your personal data is the Company.
• 2. Purpose and Lawful Basis for Processing Your Personal Data
• The Company processes your personal data on skyticket for the following purposes, relying on the respective lawful bases:

• Purposes of Processing		Categories of Personal Data	Lawful Bases
  (1) For arranging and sale of travel services	(1-1) For the sale of airline tickets	・Name, gender, date of birth, passport information (e.g., nationality and passport number), the same information regarding accompanying passengers mentioned above, email address, phone number, fax number, address, booking information, details of travel services arranged by the Company, payment and settlement information	・Necessary for the performance of a contract with you.
  	(1-2) For the sale of non-airline travel services (e.g., helicopter reservations, study abroad programs)	・Name, gender, date of birth, passport information (e.g., nationality, passport number), the same information regarding accompanying passengers mentioned above, email address, phone number, fax number, address, booking information, details of the travel services arranged by the Company, payment and settlement information	・Necessary for the performance of a contract with you.
  (2) For member management	―	・Name, gender, date of birth, passport information (e.g., nationality, passport number), the same information regarding accompanying passengers mentioned above, email address, phone number, fax number, address, booking information, details of the travel services arranged by the Company, payment and settlement information	・Necessary for your and the Company’s legitimate interests (appropriate member management on skyticket).
  (5) For acting as an intermediary for cancellation guarantee services	―	・Name, gender, date of birth, phone number, email address, details of the arranged cancellation guarantee services	・Necessary for the performance of a contract with you.
  (6) For marketing activities	(6.1) For implementing point programs	・Name, date of birth, email address, phone number, device information, purchase history	・Necessary for your and the Company’s legitimate interests (appropriate implementation of point programs);
  	(6.2) For improving marketing measures through analytics	・Information acquired through device identifiers (cookies, etc.) (e.g., browser identification information)	・Your consent
  (7) For responding to enquiries	―	・Name, email address, phone number, booking information, etc.	・Necessary for your and the Company’s legitimate interests (appropriate response to enquiries).
  (8) For improving and streamlining enquiry response operations	―	・Name, email address, phone number, booking information, details of enquiries (e.g., email records, recorded calls), etc.	・Necessary for the Company’s legitimate interests (improvement and streamlining of enquiry response operations).
  (10) For maintaining the proper functionality of systems	―	・All information	・Necessary for the Company’s legitimate interests (maintaining the proper functioning of systems).
  (11) For monitoring and preventing fraudulent credit card use	―	・Email address, name, gender, date of birth, phone number, passport information (e.g., nationality, passport number), IP information (e.g., IP address, country, city), device information (e.g., device ID, language), reservation details	・Necessary for your and the Company’s legitimate interests (monitoring and preventing fraudulent credit card use).
  (12) For compliance with the Company’s legal obligations under applicable laws	―	・Name, email address, phone number, reservation details, etc.	・Necessary for compliance with legal obligations.
  (13) For asserting, proving, or defending the Company’s rights	―	・Information necessary to achieve the purpose	・Necessary for the Company’s legitimate interests (asserting, proving, or defending its legal rights).

• When the Company obtains, uses, or discloses your personal data based on your consent, you may withdraw such consent at any time.
• 3. Retention Period
• The Company retains personal data for the period necessary to achieve the purposes described in clause 2 of this Supplementary Provisions or as required by applicable laws. When the use of personal data is no longer necessary, the Company will delete or anonymize the data in accordance with applicable laws and the Company’s procedures.
• 4. Disclosure of Personal Data
• The Company may disclose your personal data to third parties in the following cases, following necessary procedures under the GDPR, such as entering into contracts with recipients.

• Categories of recipients	Purpose of Disclosure
  ・Airline Companies	・For facilitating the sale of airline tickets.
  ・Service providers for non-airline travel services (e.g., helicopter tour companies, language schools)	・For facilitating the sale of non-airline travel services (e.g., helicopter reservations, study abroad programs).
  ・Welfare Service Providers	・For the preferential sale of event and travel tickets (e.g., skyticket Premium Service).
  ・Insurance Companies	・For the insurance agency services.
  ・Cancellation Guarantee Service Providers	・For acting as an intermediary for cancellation guarantee services.
  ・Payment Service Providers	・For processing payment of the service fees for the Company.
  ・Ad-Tech Companies	・For implementing point programs. ・For improving marketing measures through analytics.
  ・National and Local Governments	・For utilizing national and local government subsidy programs.
  ・Public Authorities (e.g., police)	・For compliance with the Company’s legal obligations under applicable laws.
  ・Dispute Resolution Bodies and Legal Representatives (e.g., courts, lawyers)	・For asserting, proving, or defending the Company’s rights.
  ・Cloud Service Providers	・For providing the infrastructure of skyticket.
  ・System Development Service Providers	・For developing skyticket.
  ・Fraud Monitoring Service Providers	・For monitoring and preventing fraudulent credit card use.
  ・CRM Service Providers	・For streamlining enquiry response operations using cloud services.

• 5. Cross-border Transfers
• Disclosure of your personal data to third parties as stated in Clause 4 of this Annex may involve cross-border transfers to countries or regions outside the EEA and the UK. In such cases, the Company will implement one of the following data protection measures.
• • ・Adequacy decision by the European Commission or the UK government
  • ・Standard Contractual Clauses (SCC) adopted by the European Commission
  • ・International Data Transfer Agreement (IDTA) approved by the UK Parliament or the International Data Transfer Addendum to the European Commission's Standard Contractual Clauses
• If you wish to receive detailed information regarding the legal measures for the cross-border transfer of your personal data, please contact the contact information listed in Clause 8 of this Annex.
• 6. Your Privacy Rights
• • Right to withdraw consent:
• When the Company obtains, uses, or discloses your personal data based on your consent, you may withdraw such consent at any time.
• • Right to Access:
• You have the right to enquire about, verify, and request a copy of the personal data the Company holds about you;
• • Right to Correction:
• You have the right to request correction if the personal data the Company holds is inaccurate. You also have the right to request your personal data be completed if it is incomplete;
• • Right to Erasure:
• You have the right to request the deletion of your personal data under certain conditions;
• • Right to Restriction of Processing:
• You have the right to request the restriction of processing of your personal data under certain conditions; and
• • Right to Object:
• You have the right to object to the processing of your personal data under certain conditions.
• If you wish to exercise these rights or have questions about your rights, please contact the address listed in clause 8. of this Supplementary Provisions.
• 7. Complaints to Supervisory Authorities
• If you have complaints regarding the processing of personal data by the Company, you may lodge a complaint with the data protection authority that has jurisdiction over your region of residence.
• • For residents of the EEA: https://edpb.europa.eu/about-edpb/about-edpb/members_en
  • For residents of the UK: https://ico.org.uk/
• 8. Contact Information
• For questions or enquiries regarding this Supplementary Provisions, please contact:
  sending an email to DataRep at datarequest@datarep.com quoting <Adventure, Inc.> in the subject line.