ActiValues routinely collects, uses, stores and transfers a variety of data, including Personal Data. ActiValues is committed to ensure the privacy of Personal Data throughout its global business, and make sure its employees and business partners also take the necessary measures to protect Personal Data.
1. Personal Data
This refers to a combination of personal data such as your name, address, telephone number, email address, travel preference and special needs/disabilities/dietary requirements that you supply us or is supplied to us, including your social preference, activities and any information about other persons you represent such as those on your booking and conversations through our chatbot and/or other services. Your personal data is collected when you contact us, make a booking, use our website(s)/apps, link to or from our website(s)/apps, connect with us via social media and any other engagement we or our business partner have with you.
2. Processing of your Personal Data
We may collect and process your Personal Data for the purposes set out below and disclose your Personal Data to the ActiValues for business purposes and also to our service providers who act as ‘controller’ or ‘processor’ on our behalf.
These purposes include
a. Fulfilling the contract with you and legal obligations (Articles 6(1)(b) and (c) of the GDPR):
To confirm a person’s identity (including biometric identification) when we provide you with services of making room reservations for accommodation, seat reservations for transportation, and purchasing goods. We need to provide service providers with your name, passport number, contact details, and other related information in accordance with their terms and conditions. If you do not provide us with this Personal Data, we might not be able to offer our services to you.
b. Fulfilling your and our legitimate interests (Article 6(1)(f) of the GDPR):
Where it is in both your and our benefit that we further process your Personal Data as part of our business administration, maintaining service quality, customer care, business management, risk assessment/management, security, and operation purposes.
For marketing purposes and other similar data processes that may require your authorization for their processing (Article 6(1)(a) of the GDPR). We will usually inform you before collecting your data if we intend to use your data for such purposes or if we intend to disclose your Personal Data to any third party for such purposes.
d. Explicit consent (Article 9(2)(a) of the GDPR):
Information such as health or religion may be considered ‘sensitive personal data’ under the GDPR. This Personal Data might include information necessary to arrange bookings and travel plans, including your allergies, disabilities, and other relevant health information. We collect it to provide you with our services, cater to your needs or act in your interest, and we are only prepared to accept sensitive Personal Data on the condition that we have your positive consent.
We will process your data for as long as possible in order to fulfill our service to you and comply with the applicable fiscal, tax, securities and commercial law regulations on retention of business and financial documentation.
Links to other websites
We may propose hypertext links from our websites to third-party websites or Internet sources. We do not control and cannot be held liable for third parties’ privacy practices and content. Please read their privacy policies carefully to find out how they collect and process your personal data.
There are cases when ActiValues may transfer personal data to countries outside of the EEA. This includes transfer to third parties (to conduct data processing) such as entities of the cloud service vendors, and service management companies. In these cases, third parties are supervised to ensure that they provide an appropriate level of protection in accordance with the GDPR when handling personal data.
For the purpose of providing you with our services, including reservation services of accommodations, tourist attractions, restaurant, transportation, etc., we may disclose and process your Personal Data outside of the EEA countries.
Legal compliance and security
It may be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – to disclose your personal data. We may also disclose your Personal Data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
We may also disclose your Personal Data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.
By using the ActiValues’s services you agree to the following:
a. In the event that countries outside of the EEA do not have adequate Personal Data protection laws, the same level of protection established by the GDPR cannot be guaranteed.
b. To achieve the ActiValues’s use objectives, Personal Data may be transferred to third parties (to conduct data processing), such as cloud service vendors, and service management companies located in countries outside of the EEA. “
3. Our Records of Data Processes
We handle records of all processing of Personal Data in accordance with the obligations established by the GDPR (Article 30), both where we might act as a controller or as a processor. In these records, we reflect all the information necessary in order to comply with the GDPR and cooperate with the supervisory authorities as required (Article 31).
4. Security Measures
We process your Personal Data in a manner that ensures their appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage. We use appropriate technical or organizational measures to achieve this level of protection (Article 25(1) and 32 GDPR).
5. Notification of Data Breaches to the Competent Supervisory Authorities
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you (Articles 33 and 34 GDPR).
6. Processing Likely to Result in High Risk to your Rights and Freedoms
We have mechanisms and policies in place in order to identify data processing activities that may result in high risk to your rights and freedoms (Article 35 of the GDPR). If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organizational safeguards are in place in order to proceed with it.
In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations (Article 36 GDPR).
7. Your Rights
You have the following rights:
Access to personal data: You have the right to be provided full information about your Personal Data that we hold.
Data correction: You have the right to require that we correct any incorrect information we hold about you.
Data deletion: You may also have the right to ask that we delete your personal data. Please note that certain conditions may apply to the exercise of this right.
Restriction on processing of personal data: You may have the right to ask that we restrict the use of your personal data. Please note that certain conditions may apply to the exercise of this right.
Object to processing of personal data: You may have the right to object to the use of your Personal Data by us. Please note that certain conditions may apply to the exercise of this right.
Portability of personal data: You may have the right to receive your personal data in a structured and commonly used format. Please note that certain conditions may apply to the exercise of this right.
To exercise your rights, make any complaints, or if you require further information about how your personal data is used by us, you can contact us at:firstname.lastname@example.org.
1-30-14 Yoyogi, Shibuya-ku, Tokyo 151-0053 Japan
10. About Cookie
If you prefer not to allow us to collect your information, you can block cookies by modifying your internet browser preferences, but as a result some or all of the website services may become unusable. Please contact your software manufacturer for instructions on how to change your browser settings.
b. ActiValues uses advertisement delivery services provided by third parties. In providing advertisement delivery services, such third parties may collect and use the information of users’ access history to the ActiValues’s website or activity history by using cookies.
Users may discontinue advertisement delivery performed by such third parties using cookies by accessing an opt-out page on the third party’s website.