AVA Intelligence Inc. (hereinafter referred to as the “Company”) recognizes the importance of protecting personal information. We are committed to observing the Act on the Protection of Personal Information (hereinafter referred to as the “APPI”) and striving for the appropriate handling and protection of such information in accordance with this Privacy Policy (hereinafter referred to as “this Policy”). Unless otherwise specified herein, the definitions of terms used in this Policy shall follow the provisions of the APPI.
1. Definition of Personal Information
In this Policy, “Personal Information” refers to information regarding a living individual that falls under any of the following categories: (1) Information that can identify a specific individual by name, date of birth, or other descriptions contained therein (including matters written, recorded, or expressed by voice, movement, or other methods in documents, drawings, or electromagnetic records). This includes information that can be easily cross-referenced with other information to identify a specific individual. (2) Information containing an individual identification code.
2. Purpose of Use of Personal Information
The Company shall use Personal Information for the following purposes: (1) To provide the AI travel proposal service, travel arrangement service, and other services offered by the Company (hereinafter referred to as the “Services”); (2) To provide information regarding the Services and to respond to inquiries; (3) To provide information regarding the Company’s products and services; (4) To address violations of the Company’s terms, policies, etc. (hereinafter referred to as “Terms, etc.”) regarding the Services; (5) To notify users of changes to the Terms, etc. regarding the Services; (6) To improve the Company’s services and develop new services; (7) For employment management and internal procedures (regarding personal information of officers and employees), and for selection and communication during recruitment activities (regarding personal information of applicants); (8) For shareholder management and compliance with procedures under the Companies Act and other laws (regarding personal information of shareholders, stock acquisition right holders, etc.); (9) To analyze service usage status and create statistical data processed into a format that cannot identify individuals; and (10) For other purposes incidental to the above.
3. Changes to the Purpose of Use
The Company may change the purpose of use of Personal Information within a scope reasonably recognized as relevant to the original purpose. In the event of such a change, the Company shall notify the individual who is the subject of the Personal Information (hereinafter referred to as the “Individual”) or publish the change.
4. Restrictions on Use of Personal Information
4.1 The Company shall not handle Personal Information beyond the scope necessary to achieve the purpose of use without obtaining the Individual’s consent, except as permitted by the APPI or other applicable laws and regulations. However, this restriction does not apply in the following cases: (1) Cases based on laws and regulations; (2) Cases where there is a need to protect human life, body, or property, and it is difficult to obtain the Individual’s consent; (3) Cases where there is a special need to improve public health or promote the sound growth of children, and it is difficult to obtain the Individual’s consent; (4) Cases where there is a need to cooperate with a national government organ, local government, or a person entrusted by them in performing affairs prescribed by laws and regulations, and obtaining the Individual’s consent is likely to impede the performance of such affairs; or (5) Cases involving the provision of personal data to an academic research institution, etc., where said institution needs to handle the data for academic research purposes (including cases where part of the purpose is academic research, but excluding cases where there is a risk of unjustly infringing on the rights and interests of individuals).
4.2 The Company shall not use Personal Information in a manner likely to encourage or induce illegal or unjust acts.
5. Proper Acquisition of Personal Information
5.1 The Company shall acquire Personal Information properly and shall not acquire it through deception or other improper means.
5.2 The Company shall not acquire Special Care-Required Personal Information (as defined in Article 2, Paragraph 3 of the APPI) without obtaining the Individual’s consent in advance, except in the following cases: (1) Cases falling under any of the items in Paragraph 4.1; (2) Cases where Special Care-Required Personal Information is acquired from an academic research institution, etc., for necessary academic research purposes (subject to certain conditions where the business operator and the institution jointly conduct research); (3) Cases where said information has already been disclosed by the Individual, a government body, an academic research institution, etc., or other persons prescribed by the Rules of the Personal Information Protection Commission; (4) Cases where information clearly visible from the Individual’s appearance is acquired by visual observation or photography; or (5) Cases where the information is received from a third party, and said provision falls under any of the items in Paragraph 8.1.
5.3 When receiving Personal Information from a third party, the Company shall confirm the matters required by the Rules of the Personal Information Protection Commission (such as the third party’s identity and how they acquired the information), unless an exception applies under Paragraph 4.1 or 8.1.
6. Security Management of Personal Information
The Company exercises necessary and appropriate supervision over its employees to ensure the security of Personal Information against risks such as loss, destruction, alteration, and leakage. Furthermore, when entrusting all or part of the handling of Personal Information to a third party, the Company exercises necessary and appropriate supervision to ensure security management at the trustee.
The specific security management measures taken for personal data held by the Company are as follows:
Establishment of Basic Policy To ensure proper handling, we have established this Privacy Policy regarding compliance with laws and guidelines and the contact point for inquiries and complaints.
Establishment of Regulations on Handling Personal Data We have formulated internal regulations defining handling methods, responsible persons, and their duties at each stage (acquisition, use, storage, provision, deletion/disposal).
Organizational Security Measures
Appointment of a responsible officer for personal data handling; clarification of employees handling data and the scope of data handled; and establishment of a reporting system for violations or potential violations.
Periodic self-inspections and audits by other departments or external parties regarding the handling status.
Human Security Measures
Regular training for employees regarding points to consider in the handling of personal data.
Inclusion of confidentiality provisions regarding personal data in employment rules.
Physical Security Measures
Entry/exit controls and device restrictions in areas where personal data is handled; measures to prevent unauthorized viewing.
Measures to prevent theft or loss of devices/media handling personal data; measures to prevent easy identification of data during transport (including movement within the office).
Technical Security Measures
Access control to limit the scope of personnel and databases accessible.
Implementation of mechanisms to protect information systems from external unauthorized access or malware.
Understanding the External Environment Because the Company entrusts the storage of personal data to a service provider located in the United States, we implement safety measures based on an understanding of the personal information protection systems in the United States. When storing personal information in other foreign countries, we similarly implement measures based on the systems of those countries.
7. Reporting of Leakage
In the event of leakage, loss, or damage of Personal Information, the Company shall report the incident to the Personal Information Protection Commission and notify the Individual as required by the APPI.
8. Provision to Third Parties
8.1 The Company shall not provide Personal Information to a third party without obtaining the Individual’s prior consent, except in cases falling under Paragraph 4.1. However, the following cases are not considered provision to a third party: (1) Provision in conjunction with entrusting the handling of Personal Information within the scope necessary to achieve the purpose of use; (2) Provision in conjunction with business succession due to merger or other reasons; (3) Joint use based on the provisions of the APPI.
8.2 Notwithstanding Paragraph 8.1, when providing Personal Information to a third party located in a foreign country (excluding countries designated by the Rules of the Personal Information Protection Commission as having equivalent protection standards), the Company shall obtain the Individual’s prior consent specifically acknowledging the provision to a third party in a foreign country, unless an exception applies.
8.3 When obtaining consent for foreign provision under Paragraph 8.2, the Company shall provide the Individual with information regarding the name of the foreign country, its personal information protection system, and the measures taken by the third party.
8.4 The Company shall create and preserve records of third-party provisions in accordance with Article 29 of the APPI.
8.5 Upon receiving Personal Information from a third party, the Company shall verify necessary matters and record such verification in accordance with Article 30 of the APPI.
9. Disclosure of Personal Information
9.1 When the Company receives a request from an Individual for the disclosure of their Personal Information under the APPI, the Company shall disclose it without delay after verifying the identity of the requester (or notify them if such information does not exist). This does not apply if the Company is not obligated to disclose the information under the APPI or other laws. Note: A fee is charged for the disclosure of Personal Information. The fee amount will be determined within a reasonable range considering actual costs and will be communicated to the Individual without delay upon receipt of the request.
9.2 The provisions of the preceding paragraph apply mutatis mutandis (with necessary modifications) to records regarding third-party provisions (Paragraphs 8.4 and 8.5) regarding Personal Information identifying the Individual. However, no fee shall be charged for the disclosure of these records.
10. Correction of Personal Information
If an Individual requests the correction, addition, or deletion (hereinafter “Correction, etc.”) of their Personal Information on the grounds that it is factually incorrect, the Company shall, after verifying the identity of the requester, conduct a necessary investigation without delay. Based on the result, we will perform the Correction, etc., and notify the Individual (or notify them of a decision not to make such changes). This applies within the scope necessary to achieve the purpose of use and unless the Company is not obligated to do so under applicable laws.
11. Suspension of Use of Personal Information
The Company shall conduct a “Suspension of Use, etc.” (suspension of use or erasure) or a “Suspension of Provision” to third parties without delay if requested by an Individual under the APPI, provided that the request is found to have valid grounds (e.g., use beyond the published purpose, acquisition by wrongful means, non-consensual third-party provision, or if the Company no longer needs the data). The Company will verify the identity of the requester before taking action. However, this obligation does not apply if the Company is permitted to refuse the request under the APPI or other laws.
12. Third-Party Provision of Personally Referable Information
12.1 When providing “Personally Referable Information” (as defined in the APPI, e.g., cookie data not yet linked to a name) to a third party who is expected to acquire it as Personal Data, the Company shall not provide such information without confirming that the third party has obtained the Individual’s consent to link said information to the Individual’s personal data.
12.2 When providing such information to a foreign third party, the Company shall also ensure that the necessary information regarding the foreign system has been provided to the Individual.
12.3 The Company shall maintain records of such provisions and receipts in accordance with the APPI.
13. Handling of Pseudonymously Processed Information
13.1 When creating “Pseudonymously Processed Information” (information processed so that it cannot identify an individual without collating it with other information), the Company shall process the information and manage the deleted information (decryption keys, etc.) in accordance with the Rules of the Personal Information Protection Commission.
13.2 The Company shall not handle Pseudonymously Processed Information (limited to Personal Information) beyond the scope necessary for the purpose of use, except as required by law.
13.3 The Company shall not provide Pseudonymously Processed Information to a third party, except as required by law or in cases of entrustment, business succession, or joint use.
14. Handling of Anonymously Processed Information
14.1 When creating “Anonymously Processed Information” (information processed so that individuals cannot be identified and the data cannot be restored), the Company shall process it in accordance with legal standards.
14.2 The Company shall implement security measures for Anonymously Processed Information and publish the categories of information included therein.
14.3 When providing Anonymously Processed Information to a third party, the Company shall publish the categories of information and the method of provision in advance, and explicitly state that the information is anonymously processed.
14.4 The Company shall not attempt to re-identify individuals from Anonymously Processed Information (e.g., by matching it with other information).
14.5 The Company shall strive to take necessary and appropriate measures for the security management of Anonymously Processed Information and for handling complaints, and shall strive to publish the content of such measures.
15. Use of Cookies and Similar Technologies
The Company’s services may use Cookies and similar technologies. These technologies help us understand the usage status of our Services and contribute to service improvement. Users who wish to disable Cookies can do so by changing their web browser settings. However, please note that if Cookies are disabled, some functions of the Services may not be available.
16. Inquiries
For requests for disclosure, opinions, questions, complaints, or other inquiries regarding the handling of Personal Information, please contact:
AVA Intelligence Inc. Attn: Inquiries Desk (Representative Director: Yuichi Miyazaki) Inside “ANOBASHO”, Growth Toranomon 5th Floor, Sumitomo Fudosan Toranomon Tower 2-2-1 Toranomon, Minato-ku, Tokyo 105-0001 E-mail: info@ava-intel.com (Reception hours: 10:00 to 18:00 on weekdays)
17. Continuous Improvement
The Company shall review its operational status regarding the handling of Personal Information as appropriate and strive for continuous improvement. We may amend this Privacy Policy as necessary.
[Enacted on January 27, 2019]
[Revised on April 19, 2022]
[Last Revised on December 12, 2025]