Privacy Policy
Itonoba Works ("the Company") establishes this Privacy Policy to govern the handling of personal information in connection with the websites operated by the Company (itonoba.com and related subdomains, collectively the "Site") and all associated services. This Policy is prepared in compliance with the EU General Data Protection Regulation ("GDPR") and other applicable privacy legislation.
1. Personal Information Collected
The Company collects the following categories of personal information:
(1) Information provided directly by users at the time of enquiry or service application: full name, email address, telephone number (optional), and the substance of the enquiry. In connection with the Concierge Service, such information may additionally include travel dates, accommodation preferences, and experience-related requests.
(2) Information collected automatically upon access to the Site: IP address, browser type and version, operating system, referring URL, pages visited and timestamps, device type, and cookie-based identifiers and similar tracking data.
2. Purpose of Use
The Company uses collected personal information for the following purposes:
(1) Responding to enquiries and conducting related communications
(2) Arranging, providing, and managing the Concierge Service
(3) Delivering web marketing and consulting services
(4) Improving, developing, and evaluating the Company's services
(5) Providing information regarding the Company's services, where consent has been obtained
(6) Access analytics, advertising effectiveness measurement, and the use of collected information for marketing analysis and advertising delivery
(7) Preventing unauthorised use and maintaining security
(8) Fulfilling legal and regulatory obligations
3. Disclosure to Third Parties
The Company does not disclose personal information to third parties except in the following circumstances:
(1) Where the consent of the individual has been obtained
(2) Where disclosure to a service provider or contractor is necessary to deliver the requested services; such parties are contractually required to maintain appropriate data protection standards
(3) Where disclosure is required by law, court order, or governmental authority
(4) Where disclosure is urgently necessary to protect the life, body, or property of an individual and obtaining consent is not practicable
(5) In connection with a merger, acquisition, or transfer of business
4. External Data Transmission
For the purposes of service improvement, advertising delivery, and campaign measurement, the Company transmits certain user data to the third-party providers listed below. Users may opt out of each service at any time via the links provided.
Google Analytics (Google LLC)
| Data Transmitted | Client ID, IP address, page URLs, referrer, device type, OS, browser type, language, screen resolution |
|---|---|
| Purpose | Access analytics and site improvement |
| Privacy Policy | Google Privacy Policy |
| Opt-Out | Google Analytics Opt-out Add-on |
Google Ads (Google LLC)
| Data Transmitted | On-site behavioural data, browsing history, demographic attributes, location data |
|---|---|
| Purpose | Remarketing, ad optimisation and performance measurement |
| Privacy Policy | Google Privacy Policy |
| Opt-Out | Ad Settings |
Meta Ads (Meta Platforms, Inc.)
| Data Transmitted | On-site actions (page views, searches, etc.), page URLs, geographic location, device and browser information |
|---|---|
| Purpose | Remarketing, ad optimisation and performance measurement |
| Privacy Policy | Meta Privacy Policy |
| Opt-Out | Ad Preferences |
X Ads (X Corp.)
| Data Transmitted | On-site actions (page views, conversions, etc.), IP address, device identifiers, browser information |
|---|---|
| Purpose | Remarketing, ad optimisation and performance measurement |
| Privacy Policy | X Privacy Policy |
| Opt-Out | X Personalisation and Data Settings |
TikTok Ads (TikTok Inc. / ByteDance Ltd.)
| Data Transmitted | On-site actions (page views, conversions, etc.), IP address, device identifiers, browser information, behavioural data |
|---|---|
| Purpose | Remarketing, ad optimisation and performance measurement |
| Privacy Policy | TikTok Privacy Policy |
| Opt-Out | TikTok Ads Settings |
5. Cookies and Tracking Technologies
The Company uses cookies, pixel tags, and similar tracking technologies on the Site for purposes of access analytics, advertising delivery, and improving usability. Users may disable cookies through their browser settings; however, doing so may affect the availability of certain Site features.
6. Legal Basis for Processing (GDPR)
For users located in the EU or EEA, personal data is processed on the following legal bases: performance of a contract, where processing is necessary to arrange or deliver the Concierge Service (Article 6(1)(b)); legitimate interests, in respect of analytics, fraud prevention, and service improvement (Article 6(1)(f)); consent, for marketing communications and cookie-based advertising (Article 6(1)(a)), which may be withdrawn at any time without affecting the lawfulness of prior processing; and compliance with a legal obligation, where applicable (Article 6(1)(c)).
7. Rights of Data Subjects (GDPR)
Individuals located in the EU or EEA are entitled to exercise the following rights in respect of their personal data: the right of access; the right to rectification; the right to erasure; the right to restriction of processing; the right to data portability; the right to object to processing; and the right to withdraw consent. Requests may be directed to the contact details set out in Section 12 and will be addressed without undue delay. Users also retain the right to lodge a complaint with their competent supervisory authority.
8. International Data Transfers
The use of certain third-party services described in Section 4 may involve the transfer of personal data to countries outside the EU/EEA, including Japan and the United States. Such transfers are conducted on the basis of appropriate safeguards, including where applicable the Standard Contractual Clauses adopted by the European Commission or other GDPR-compliant transfer mechanisms.
9. Retention
The Company retains personal information for the period necessary to fulfil the purposes for which it was collected. Where applicable law requires a longer retention period, such requirements take precedence.
10. Security
The Company implements necessary and appropriate security measures, including SSL/TLS encrypted communications and access controls, to protect personal information against unauthorised access, loss, alteration, and destruction.
11. Access and Correction Requests
Where a user or their duly authorised representative requests disclosure, correction, deletion, suspension of use, or suspension of third-party disclosure of personal information, the Company will verify the identity of the requestor and respond within a reasonable period. Requests should be directed to the contact details set out in Section 12.
12. External Links
The Company shall bear no liability, except where attributable to causes within the Company's responsibility, for the handling of personal information on any external website linked from the Site. Users are encouraged to review the privacy policy of each external site directly.
13. Amendments
The Company may revise this Policy at any time. Where changes are material, notice will be provided via the Site. Users are encouraged to review the latest version of this Policy before using the Company's services. Revised versions take effect upon publication on the Site.
14. Contact
Enquiries regarding this Policy or requests to exercise data rights should be directed to:
Itonoba Works
3-11-6, Jinbocho, Kanda, Chiyoda-ku, Tokyo 101-0051, Japan
https://itonoba.com/contact/