Privacy Policy

The special provisions are intending to supplement the main body of the Policy so please be aware of the contents before you read and understand the below.

In relation to Sections 3 (“Use and Retention of Your Information”) and 4 (“Disclosure of Information about You”), we always have the legitimate reason, legal basis, for each processing activity and in most cases, the basis on which we rely will be one of the followings (the “Basis”):
(1)to fulfil our contractual obligations to you, for example to provide the Membership Service and the Services, which includes services for you and a Merchant to arrange a commercial transaction;
(2)to comply with our legal obligations, for example obtaining proof of your identity to enable us to meet our anti-money laundering obligations; and
(3)to meet our legitimate interests, for example to understand how you use the Membership Services and the Services and to improve them and to provide tailored marketing messages to you via certain channels. Our legitimate interests to process your personal information consist of our missions and desires to provide you with a unique and personalized experience.

Additionally, we may ask you to give us your consent to collect and use certain types of personal information, for example, when we would like to send you e-mail marketing messages and process Sensitive Information. If we ask for your consent to process your personal information, we will ensure that you may withdraw your consent at any time.

We will keep your personal information necessary for the Basis for a period of 10 years after your reservation has been completed. Notwithstanding the above, even within such 10 years, once such personal information become unnecessary for the Basis, we will promptly erase such personal information. Other information, such as Device information and information obtained using Cookie Technologies, will used and retained at maximum for 2 years after the collection. We will only retain your personal information after this time if we are required to do so to comply with the law, or if there are outstanding claims or complaints that will reasonably require your personal information to be retained.

We may share your personal information, in accordance with the Sections 3 (“Use and Retention of Your Information”) and 4 (“Disclosure of Information about You”), with third parties under the following circumstances:
(1)Merchants, service providers and business partners;
(2)Law enforcement agencies, courts, regulators and government authorities.

Because we operate as part of a global business, the recipients referred to above may be located outside the jurisdiction in which you are located (or in which we provide the services). See the Section 4 (“Disclosure of Information about You”) above for more information.

In relation to Sections 5 (“Your Choices”) and 6 (“Updating Your Information”), you may be granted the additional rights under the GDPR, including the followings:
(1)The right to correct and/or erase your personal information;
(2)The right to restrict our use of your personal information;
(3)The right to object to our use of your personal information; and
(4)The right to receive your personal information in a usable electronic format and transmit it to a third party (right to data portability).

If you would like to discuss or exercise such rights, please contact us via the method described in Section 9 (“Contact Us”). However, please note that your rights of privacy or personal data will not be absolute rights so we may not be responsible for accepting your requests when the law permits us not to do so.

We handle records of all processing of personal data in accordance with the obligations established by the GDPR (Article 30), both where we might act as a controller or as a processor. In these records, we reflect on all the information necessary in order to comply with the GDPR and cooperate with the supervisory authorities as required (Article 31).