Privacy Policy

Policy for the protection of personal information

ANA Foods Co., Ltd. (hereinafter referred to as the "Company") recognizes that customers’ personal information entrusted to the Company through its business is indispensable for providing services that fully satisfy its customers. As the Company considers the customers’ personal information entrusted to it very important, it recognizes that protecting customers’ personal information is its social responsibility.
The Company establishes the policy for the protection of personal information as follows, and will implement and maintain it.
Chapter 1 provides for the handling of personal information for all customers and Chapter 2 information for customers located or residing in the European Economic Area/the United Kingdom.

Collection and use of personal Information

The Company clearly specifies the purposes of collecting personal information and collects it only within the scope of such purposes. The company also uses personal information, but only to the extent that it aligns with its stated purposes.

Management and protection of personal information

The Company will strictly manage personal information and will not disclose or provide personal data to third parties unless the Company obtains the customer’s consent to do so. The Company will also take preventive and corrective measures in an appropriate manner to prevent unauthorized access to, loss, destruction, falsification, and leakage of personal information.

Applicable laws, etc.

The Company will comply with applicable laws and regulations and other standards regarding personal information.

Continuous improvement of personal information protection management system and mechanism

The Company will continuously improve its management system and mechanism regarding personal information protection.

Chapter 1
Handling of Personal Information

1.  Introduction

This privacy policy explains how the Company handles customers’ personal information entrusted from its customers. Read this privacy policy carefully before providing the Company with personal information or using the Company’s services or products.
Chapter 1 of this privacy policy outlines how the Company uses customers’ personal information. There are cases in which other policies will apply to the Company’s products and services. Details of such cases will be described along with the terms and conditions of the services.

2.  Scope of application

This privacy policy applies when customers provide the Company with their personal information and when customers use the Company’s services and products.

3.  Purposes of using personal information

The Company will use customers’ personal information for the following purposes. The Company will not use customers’ personal information in a manner that may encourage or induce illegal or improper activities, even if such activities are outside the scope of the purposes:

1. （1）
   Shipping of products and materials handled by Internet shopping sites and stores;
2. （2）
   Providing after-sales services related to (1) above and related information;
3. （3）
   Settlement of payment for products sold by the Company;
4. （4）
   Providing information on products, services, etc. handled by the Company;
5. （5）
   Receiving reservations and applications for products and services handled by the Company, and communication with customers;
6. （6）
   Sending information and prizes related to various events and campaigns;
7. （7）
   Conducting questionnaires regarding the Company’s services, products, etc.;
8. （8）
   Development of the Company’s new products, services, etc.;
9. （9）
   Recruitment activities on the recruitment page; and
10. （10）
    Responding to inquiries, requests, etc.

If any of the above purposes of use are changed, the Company will notify customers in writing, etc. or publicly announce the change on the Company website, etc.
* In addition, customers’ personal information will be used for the purposes described in "8. Joint use of personal information."

4.  Obtaining personal information

In order to achieve the purposes of use set forth in the preceding paragraph, the Company will obtain the following personal information of customers by appropriate and fair means.

1. （1）
   Information on customers’ identity, contact, and the settlement of payment, etc.
   Customers’ name, address, telephone number, FAX number, email address, mailing address of business contact information (company name, department, title, address, telephone number, fax number), passport information, information on the settlement of payment including details of payment method such as credit/debit card, etc.
2. （2）
   Contents of customer inquires asked to the Company and customer opinions, information contained in interactions with customers, and the contents, etc. of inquiries, requests, and opinions (including their causes and solutions to such inquiries and requests).
   * In order to confirm customers’ instructions, use them for training purpose, prevent crime, and improve the quality of customer service, the Company may monitor, record, retain, and use interactions with customers via telephone, email, etc.
3. （3）
   Information on how the Company’s website and mobile apps are used by its customers. This incudes IT system data cookie and website activity logs, etc., that show how the Company’s website and mobile apps are used
   Information on how the Company’s website and mobile apps are used by its customers. This incudes IT system data cookie and website activity logs, etc., that show how the Company’s website and mobile apps are used

5.  Choice by customers

Provision of personal information by a customer to the Company will be, in principle, made of the customer's own volition. If a customer does not provide his or her personal information to the Company, the customer may not be able to use various services provided by the Company, or it may prevent some of the functions of the system from working and the customer may not be able to use such functions. This may cause such a disadvantage that the Company may not be able to send the customer campaign information, etc. Note that customers may change their contact information, distribution of e-mail newsletters, etc., at any time in accordance with the method separately determined by the Company.

6.  Disclosure and provision of personal information to third parties

The Company will not disclose or provide customers’ personal information to third parties except in the following cases. In addition, the Company will not disclose or provide customers’ personal information, including the Sensitive Information, to third parties under any circumstances, except as required by law and regulations or with the consent of customers. In the case of joint use or provision through outsourcing, it does not fall under the category of disclosure or provision to third parties.

1. （1）
   When customers give consent in advance.
2. （2）
   When disclosing or providing statistical data, etc. in a form that does not allow the identification of the individual.
3. （3）
   When disclosure or provision is required by law and regulations.
4. （4）
   When it is necessary to protect the life, body, or property of an individual and it is difficult to obtain the customer's consent.
5. （5）
   When it is necessary to cooperate with the national or local government in the execution of public affairs, and obtaining the customer's consent may interfere with the execution of such affairs.
6. （6）
   When providing personal information in connection with the succession of business due to a merger, corporate split-up, transfer of business, or other reasons.
7. （7）
   When the customer can easily confirm the following information on the Company’s website, etc., and when personal information is provided in accordance with the procedures required by laws and regulations on condition that there is no indication of the customer's intention to refuse the provision of personal information.

   1. 1）
      Provision to third parties is the purpose of using personal information.
   2. 2）
      Items of personal data provided to third parties.
   3. 3）
      Means or method of provision to third parties.
   4. 4）
      To stop providing personal information to third parties when requested by customers.
   5. 5）
      How to accept a request from customers.

7.  Outsourcing of personal information-related business

In the course of providing products and services to customers, the Company may entrust a subcontractor with a part of its business and provide personal information to the subcontractor within the scope of achieving the purpose of use. In such cases, the Company will appropriately manage and supervise the subcontractor, including entering into an agreement with the subcontractor regarding the handling of customers' personal information.

8.  Joint use of personal information

Scope of persons for joint use: ANA Group Companies

(Purpose of use for persons who jointly use personal information)

1. （1）
   To provide air transportation service, travel service such as tour and hotel, etc., and other products and services handled by the Company or companies that jointly use personal information.
2. （2）
   In order for the Company or companies that jointly use personal information to send direct mails and information on products and services, and to conduct questionnaires, etc.
3. （3）
   To analyze the sales of the Company or companies that jointly use personal information and conduct other surveys and research, as well as to develop new products and services, etc.
4. （4）
   To communicate and hand over to the company in charge in the event of a customer inquiry, application for use, or other request regarding products or services provided by the Company or companies that jointly use personal information.
5. （5）
   In addition, in order for the Company or companies that jointly use personal information to perform transactions with customer appropriately and smoothly.
6. （6）
   For the business management and internal management of ANA Group Companies.

(Items of personal information to be jointly used)
Customers’ name, address, telephone number, FAX number, email address, information contained in interactions with customers,contents of inquires, requests, and opinions (including their causes and solutions to such inquiries and requests).

(Name, address, and representative of the party responsible for management of personal information)
ANA HOLDINGS INC.
Shiodome City Center, 1-5-2, Higashi-Shimbashi, Minato-ku, Tokyo, Japan 105-7140
Koji Shibata, President & Chief Executive Officer

9.  Transfer of personal information outside of Japan

When the Company provides customers' personal information to third parties such as business entities, etc. outside of Japan, including subcontractors and joint users, the Company will take necessary and appropriate measures in accordance with what is required by laws and regulations.

10.  Management of personal information

When the Company receives customers’ personal information, it manages it appropriately and take necessary security control measures to prevent leakage, loss, falsification, etc. The Company provides internal training to its directors and employees regarding the protection and appropriate handling of customers' personal information, sets a retention period for personal information according to the purpose of use, and disposes of personal information in an appropriate manner when the purpose of use is achieved.
If customers wish to confirm the details of the security control measures, make a request in accordance with "11. Request for information on the handling of personal information.”
* Refer to “ANA Group Information Security" for the Company’s information security policy.”

11.  Request for information on the handling of personal information

If the Company receives a request from a customer to disclose, correct, delete, add, discontinue use of, or erase the customer's personal information held in the Company’s database, or to provide information on personal information protection measures as described in "9. Transfer of personal information outside of Japan” and “10. Management of personal information” (hereinafter referred to as the "Disclosure, etc."), the Company will respond to such a request as follows within a reasonable period and scope and in accordance with laws and regulations after confirming that the person making such a request is the customer himself/herself.

1. （1）
   Request for disclosure
   The Company will disclose the items of personal information, the purpose of use, or record concerning provision to third party requested by the customer.
2. （2）
   Requests for correction, deletion or addition
   The Company will confirm the details of a customer’s request and correct, delete, or add to the contents of the customer’s personal information to the extent appropriate and possible.
3. （3）
   Request for the suspension of use or deletion
   According to the contents of a customer’s request, the Company will stop using the items of personal information specified by the customer to the extent appropriate and possible, and if the customer requests, the Company will erase the information. Note that the discontinuation of use or deletion of personal information may make it impossible for the Company to provide services that were previously available or services according to the customer's request. Customers are kindly requested to understand such unavailability of services in advance before submitting a request.
4. （4）
   Request for information on measures to protect personal information
   The Company will provide information on the following according to a customer’s request.
   1) Details of the security control measures taken by the Company when customers entrust the Company with their personal information.
   2) Details of measures taken by the Company when providing customers’ personal information to third parties outside of Japan (if such provision falls under "((2) of 9. Transfer personal information outside of Japan").

The Company may not be able to respond to a request as requested by a customer if it will cause significant hindrance to the Company’s normal business operations or if responding to such request may violate laws and regulations.

12.  Method of requesting disclosure, etc. and contact information for inquiries

The method of requesting disclosure, etc. or notification of the purpose of use regarding personal information entrusted to the Company from its customers, and the contact information for inquiries, are as follows.

Request for disclosure, etc.

1. （1）
   Contact information for inquires
   For customers’ personal information held in the Company database, refer to (2) How to make a request below.
2. （2）
   How to make a request
   Customers may contact the data manager by filling out （https://www.ana-foods.co.jp/en/contact/form/）the contact form provided on the Company website.

Data manager: ANA Foods Co.,Ltd.
38F, Shiodome City Center, 1-5-2, Higashi-Shimbashi, Minato-ku, Tokyo, Japan
Contact information for the Company’s data protection officer: ml_notice_generaladministration_dept@anafoods.co.jp

13.  Privacy policy changes

The Company may change this privacy policy. When the Company changes the privacy policy, it will be posted on the Company website, and customers are kindly requested to check the contents of change carefully after the change.

Chapter 2
Handling of Personal Information of Customers Located in the European Economic Area and in the United Kingdom

1.  Introduction

In Chapter 2, the handling of the personal information of customers located in the EEA and/or the UK is explained, based on the EU General Data Protection Regulation 2016/679 (hereinafter referred to as the "GDPR"), the UK Data Protection Act 2018 (hereinafter referred to as “DPA 2018”), and other national and international data protection and privacy laws and regulations in the European Economic Area (hereinafter countries in the area collectively referred to as the "EEA") and/or in the UK (hereinafter collectively referred to as the "Data Protection Laws").
Note that the UK law is similar to the EEA law and customers in both the UK and the EEA have very similar rights. Therefore, references to the GDPR in this chapter should also be read as references to the corresponding the UK law.
Customers under 16 years of age are kindly requested to have their parent or guardian consent to use the Company’s services and others, or to obtain their permission to give their consent. A customer who applies to use the Company’s services on behalf of another customer is also requested to apply after obtaining another customer's consent to the Company's handling of personal information.
In the event of any conflict between what is stipulated in Chapter 1 and what is stipulated in Chapter 2, the provisions in Chapter 2 will prevail.

2.  Personal information manager

Customers’ personal information manager is the Company.
Based on the Data Protection Laws, the Company protects personal information collected and used by managers (who determine the method of handling and purpose of using customers’ personal information) and processors (who act based on the written instructions of the managers).

3.  Legal basis for handling personal information

Based on the Data Protection Laws, the Company protects customers’ personal information by handling it only to the extent necessary for the specific purposes (as described in 2. Purposes of using personal information of Chapter 1).
The Company will handle customers’ personal information based on one of the following legal bases.

1. （1）
   When customers consent to the Company’s handling of personal information (Article 6 (1) (a) of the GDPR).
   Customers’ consent generally applies only to the handling of personal information related to promotion and marketing or, in some cases, to handling related to the Sensitive Information.
2. （2）
   When necessary for the performance of a contract or to take measures for the conclusion of a contract (Article 6 (1) (b) of the GDPR).
   This is usually the basis for handling customer information that is essential for the Company to provide its services, such as customer identity, contact information, settlement of payment, and travel information, etc.
3. （3）
   When ANA Foods Co.,Ltd. needs to handle customers’ personal information in order to comply with its legal obligations (Article 6 (1) (C) of the GDPR).
   This includes sharing personal information with customs and immigration authorities, law enforcement agencies, etc., as well as legal obligations, etc. to customers and the Company’s employees.
4. （4）
   Where necessary to protect the life of a customer or a third party, such as a case of a medical emergency (Article 6 (1) (d) of the GDPR).
5. （5）
   When the handling of personal data becomes necessary for the purpose of the Company’s or a third party's legitimate interests, and customers’ rights under the Data Protection Laws (Article 6 (1) (f) of the GDPR) do not override such interests.
   This includes not only the use of personal information necessary to operate the Company’s business, but also the use of personal information necessary to maintain, develop, and improve the Company’s products and services, as well as to provide the best possible experience to customers.

4.  Request for information on the handling of personal information

The Data Protection Laws grant customers the following legal rights.

1. （1）
   Request for disclosure
   Customers may request a copy of their personal information held by the Company and details of how the Company handle it.
2. （2）
   Request for correction/update
   The Company will correct or update personal information when possible after reviewing the details of customers’ request.
3. （3）
   Request for deletion
   Customers may request the Company to delete the whole or part of their personal information held by the Company. The Company will review the details of customers’ requests and delete the requested information if it is no longer necessary or if the Company is unable to continue to retain the information by law.
4. （4）
   Transfer of personal information
   Customers may request a copy of their personal information in a structured, common, machine-readable format. The transfer of personal information may only be made for individuals whose personal information was obtained by the Company and can be handled by automated means, based on customers’ consent or in order to perform a contract.
5. （5）
   Objections to the handling of personal information
   Customers may object to the handling of personal information for the purpose of the Company's or a third party's legitimate interests or to the handling of personal information for the purpose of direct marketing. The Company will stop the handling of customers’ personal information unless the Company can prove that there is a legitimate basis for the handling of personal information for the purpose of the Company’s or a third party’s legitimate interests that override customers’ interests. If a customer objects to direct marketing, the Company will stop handling the customer’s personal information.
6. （6）
   Restriction on the method of using personal information
   Customers may restrict the Company’s use of their personal information under certain circumstances. When restrictions apply, customers’ personal information (excluding retention) will be lawfully handled only when customers’ consent is obtained, or when necessary for legal claim, the protection of certain rights, or important public interests.
7. （7）
   Right to withdraw consent
   If the handling of customers’ personal information is based on their consent, customers have the right to withdraw their consent at any time.
   Note that the above right is not absolute and does not apply to all situations. In some circumstances, legal exceptions may apply, and the Company may decline customers’ request in such cases. If the Company declines a customer’s request, it will explain the reason for declination at the time of responding to the customer.
   Records of requests made to the Company are retained for the Company to be able to ascertain that it complies with its legal obligations.

   1. 1）
      How to make a request
      Customers may exercise their rights free of charge (however, the Company may charge a fee for an unreasonable, excessive, or repetitive request, or deny such a request). The method of making a request is as follows.（Web）
      Customers can contact the data manager (see Chapter 1, 12. Method of requesting disclosure, etc. and contact information for inquiries, and (2) How to make a request) by filling out the inquiry form (https://www.ana-foods.co.jp/en/contact/form/) on the Company website.
   2. 2）
      Response to customers’ requests
      The Company will usually respond to customers’ requests within one month after receiving their requests. The Company may also ask a customer to verify his or her identity (in cases where a third party is making a request on behalf of the customer), or ask for a proof of authority to make a request on behalf of a customer. If a customer’s request is particularly complex or a customer is making multiple requests, it may take the Company longer to respond in detail. Be advised that there are exceptions to the above right, and there may be cases in which customers are not allowed to exercise the right.
      If customers are not satisfied with the Company’s response to their requests, or if they believe that their personal information are improperly handled, they have the right to file a complaint with the authorities supervising personal information. For details, refer to Chapter 2, 9 (Filing a complaint with the supervising agency).

5.  Sharing of data necessary to provide products and services

As the Company’s products and services are provided in cooperation with other companies and organizations, the Company may share personal information with third parties to perform its business. Such third parties include the following.

1. （1）
   ANA Group Companies
2. （2）
   Organizations required by law to share personal information
   Government agencies, law enforcement agencies, courts, customs, immigration, third party agencies, etc.
3. （3）
   Service providers
   Companies entrusted with the handling of ANA flights, partner airports and airlines, various service providers, marketing partner companies, etc.
   When the Company entrusts service providers with data handling, personal information is handled based on contracts that meet the requirements of the applicable Data Protection Laws.

6.  Marketing communication

The Company distribute marketing information as needed to customers who request it, in order to keep them informed of news and details of the Company’s products and services. Such distribution will be made only if customers consent to receive marketing information, or if customers have purchased the Company’s products or services and have had the opportunity to opt out of marketing but have not chosen to do so.

7.  Where personal information is retained and transferred

The Company is located in Japan and many of the service providers and other organizations with whom the Company shares customers’ personal information are located in jurisdictions outside of the EEA and the UK. Japan has received the adequacy decision from the European Commission for adequate protection of personal information.
When providing personal information to third parties, the Company complies with the requirements for the Data Protection Laws, including the adequacy decision between Japan and the EU and relevant Japanese laws and regulations. Note, however, that in countries outside of the EEA and the UK, customers’ personal information may not be necessarily protected by laws of such countries. If customers wish to know detailed information on where their personal information is retained or transferred, contact the Company through the contact information described in Chapter 1, 12. (Method of requesting disclosure, etc. and contact information for inquiries).

8.  Retention of personal information

The Company will retain customers’ personal information until the purpose of use is achieved. The Company determines the retention period for personal information according to the nature of information and the purpose of retention, taking into consideration legal and accounting requirements, the Company’s business needs, etc.

9.  Filing a complaint with the supervising agency

Customers have the right to file a complaint about the processing of personal data related to them with the data protection authority having jurisdiction over their place of residence.
Customers located in the EEA: Contact the supervising authority in the country of residence.
Details （https://edpb.europa.eu/about-edpb/board/members_en）can be found on the European Data Protection Board's website.
Customers located in the UK: Contact the Information Commissioner-edpb/boa（www.ico.org.uk）

10.  Contact information for the Company’s data manager and the data protection officer

Data manager： ANA Foods Co.,Ltd.
Shiodome City Center, 1-5-2, Higashi-Shimbashi, Minato-ku, Tokyo, Japan
Contact information for the Company’s data protection officer：ml_notice_generaladministration_dept@anafoods.co.jp

(As of January 2024)