Pocket Concierge Privacy Policy

Pocket Concierge Co., Ltd. (hereinafter “the Company”), with regard to the Company's “Pocket Concierge” concierge service or booking agent services for dining provided through American Express Company or its subsidiaries (hereinafter “the Service”), shall handle information regarding the Company's users and registered restaurants (hereinafter “Customer Information”) in the manner prescribed below.

Article 1 (General Provisions)

  1. In order to protect Customer Information, the Company shall comply with the Act on the Protection of Personal Information, guidelines issued by government ministries and agencies, and other related laws.
  2. The “Pocket Concierge” Privacy Policy (hereinafter “this Policy”) shall apply to the Service (including other services provided by the Company that are incidental to the Service). In addition, where the handling of Customer Information is stipulated in privacy policies on websites operated by the Company or in other personal information protection policies or terms of service relating to “Pocket Concierge”, these stipulations shall also be applied. However, where such stipulations conflict with this Policy, this Policy shall take priority.
  3. This Policy shall not apply to services related to the Service that are provided by parties other than the Company. For information about the handling of Customer Information by Outside Services, please refer to the separately stipulated privacy policies of the business/businesses providing the service in question.

Article 2 (Information Obtained)

  1. The Company, through the Service, shall obtain Customer Information, including personal information (as defined in the Act on the Protection of Personal Information, Article 2, Paragraph 1: hereinafter referred to as “Personal Information”), in the manner stipulated below.
    (1) Information provided by users
    a. Name and email address
    We have users provide this information in order to register accounts, confirm identities, and prevent improper use.
    b. Name, email address, gender, telephone number, date of birth and other information specified by the Company relating to the person(s) visiting the restaurant
    We have users provide this information in order to confirm the identity of the person(s ) visiting the restaurant and for restaurants to provide optimal services relating to food and drinks.
    c. The credit card's brand information, the last four digits of the credit card number and the expiration date of the credit card
    We have users provide this information in order to confirm users' eligibility for use of the Service and to conduct other verification processes.
    (2) Information provided by registered restaurants (and representatives)
    a. Name, email address and telephone number, date of birth, address, information stated on identification documents with a photo, etc. and IP address of the representative
    b. Publicly available information contained in official gazettes and telephone directories, etc., and information notified by registered restaurants, etc. to the Company at the time of and after registration as a member
    We have registered restaurants provide this information in order to register as a member in relation to the Company's services for dining, to confirm identities, to prevent improper use, and to smoothly provide, maintain and enhance the Service.
    (3) Information gathered by the Company when customers use the Service
    a. Device information
    The Company may gather unique information about the device used by users and registered restaurants (individual identification information such as unique device IDs) in order to operate systems necessary for provision of the Service, maintenance and enhancement of the Service, or prevention of fraudulent activities.
    b. Log information and action history information
    For the purposes of maintenance and enhancement of the Service and prevention of fraudulent activities, the Company may gather information relating to the circumstances of a user's or registered restaurant's utilization of the Service, access - log information, and action history information.
    c. Location information
    In order to identify restaurants based on the current location of a user and registered restaurants, and utilize this information to provide optimal services, the Company may gather location information transmitted from the user's and registered restaurants' smartphones, tablets, or other digital devices (hereinafter “Digital Device”). Note that although it is possible to change the settings of a Digital Device to halt the transmission of location information, doing so may prevent utilization of certain aspects of the Service.
    d. Cookies and anonymous IDs (ANIDs)
    In the course of providing the Service, “Cookies” and other such technologies may be utilized. “Cookies” are an industry-standard technology used by web servers to identify users' and registered restaurants' computers. Although “Cookies” enable identification of users' and registered restaurants' computers, they cannot be used to identify individual users and registered restaurants. Note that although it is possible to change the settings of a Digital Device to disable the Cookies function, doing so may prevent utilization of some or all aspects of the Service.
  2. The Company shall obtain Customer Information in a legitimate manner and shall not use deceitful or improper methods to obtain Customer Information. In addition, if the Company is to obtain Customer Information through methods other than through users' and registered restaurants' use of the Service, the Company shall notify the users and registered restaurants or publicize this action in advance.
  3. Users and registered restaurants have a “right to be forgotten” and may, at any time, remove their account from the service via the account page. Please be aware that any outstanding reservations or payments will need to be handled through fulfilment or cancellation of them before the system will allow account removal.
  4. Users and registered restaurants may, at any time, submit a formal request for a copy of all their stored data held within the service. This request will be processed within 5 business days and the information will be sent to the email address registered to that user or registered restaurant account.

Article 3 (Purpose of Use)

  1. The Company shall handle Customer Information obtained through the Service in a legitimate manner within the scope of the purposes listed below. Customer Information will not be used beyond the scope of the purposes listed below without the consent of the users and registered restaurants.
  2. Purposes of use Details of purposes of use Information used
    Provision, maintenance, or enhancement of the Service for users ・For identification of users registering accounts for the Service and prevention of improper use of the Service
    ・For smooth provision, maintenance, and enhancement of the Service
    ・For confirmation of eligibility for the use of the Service and other verification processes.
    ・Name and email address
    ・Name, email address, gender, telephone number, date of birth and other information required for the provision of services relating to the person(s) visiting the restaurant, etc.
    ・Location information
    ・Device information
    ・Log information and action history information
    ・Cookies
    ・Voice information derived from recorded phone calls
    ・The credit card's brand information, the last four digits of the credit card number and the expiration date of the credit card
    Provision, maintenance, or enhancement of the Service for registered restaurants ・For identification of registered restaurants registering as a member of the Service and prevention of improper use of the Service
    ・For smooth provision, maintenance, and enhancement of the Service
    ・Name, email address and telephone number, date of birth, address, information stated on identification documents with a photo, etc. and IP address of the representative of the registered restaurant
    ・Publicly available information contained in official gazettes and telephone directories, etc., and information notified by registered restaurants, etc. to the Company at the time of and after registration as a member
    ・Location information
    ・Device information
    ・Log information and action history information
    ・Cookies
    ・Voice information derived from recorded phone calls
    Notification and response, etc. to users and registered restaurants ・For provision of information relating to the Service and response to inquiries etc.
    ・For notifications regarding new services relating to the Service or for provision of such services.
    ・For notifications regarding the terms of use of the Service; changes to this Policy; termination or suspension of the Service or contract cancelation; or other important notifications regarding the Service."
    ・Name, email address, telephone number, date of birth, gender and other information, etc. required for the provision of services relating to the user
    ・Name, email address, telephone number and address of the registered restaurant
    ・Publicly available information contained in official gazettes and telephone directories, etc., and information notified by registered restaurants, etc. to the Company at the time of and after registration as a member
    ・Information obtained by the Company as a result of customer inquiries (including voice information derived from recorded phone calls)
    Provision of user data to third parties Third parties receiving the information listed on the right shall use the information for the purposes listed below.
    ・For the provision of Affiliated Services
    ・In order to display advertisements that match the needs and interests of users
    ・In order to analyze the effectiveness of advertisements
    ・In order to carry out market analysis and marketing
    ・In order to confirm Users' eligibility for the use of the Service and to conduct other verification processes.
    ・Telephone number
    ・Device information
    ・Log information and action history information
    ・Cookies
    ・In order to confirm Users' eligibility for the use of the Service and to conduct other verification processes.
    Provision of registered restaurant data to third parties Third parties receiving the information listed on the right shall use the information for the purposes listed below.
    ・In order to provide online payment services through Stripe
    ・Name, email address and telephone number, date of birth, address, information stated on identification documents, etc. and IP address of the registered restaurant (and its representative)
    Dissemination of information regarding the business of the Company and American Express Company ・ Dissemination of business information by mail, telephone or email, etc., regarding membership for the Service
    ・Sales and solicitation of financial instruments and services, etc. of American Express Company
    ・Market research, statistics creation, and product development
    ・Name and email address of the user
    ・Name, email address, telephone number and address of the registered restaurant
    ・Publicly available information contained in official gazettes and telephone directories, etc., and information notified by registered restaurants, etc. to the Company at the time of application for and after registration as a member restaurant
  3. The Company may change the purposes of use stipulated in the preceding section if the relevant purpose of use after the change is reasonably related to the purpose of use before the change. If such a change is made, the Company shall notify users and registered restaurants or publishthe relevant information in a manner prescribed separately.
  4. Any personally identifiable information (PII) provided by users and registered restaurants will be treated with absolute sensitivity without exception. The Company will never provide access to PII for any unrelated third-party services without first formally requesting full consent from a user or registered restaurant.

Article 4 (Protection of Personal Information)

The Company shall appoint staff responsible for the handling of Personal Information, and shall establish a system to provide appropriate management of Personal Information that prevents fraudulent access to Personal Information, and loss, alteration, and leakage, etc. of Personal Information.

Article 5 (Provision to Third Parties)

  1. The Company shall not provide Customer Information that constitutes Personal Information to third parties, except in the cases below.
    (1) When the consent of users and registered restaurants is obtained
    (2) When required to do so in accordance with laws or regulations
    (3) When taking necessary measures in response to the actions of users or registered restaurants that, in the course of using the Service, engage or attempt to engage in actions that violate the terms of use such as harming the interests of others, or acting in a manner that runs counter to public order and morals
    (4) When it is necessary for the protection of a person's life, health, or assets, and receiving direct consent from the customer is difficult
    (5) When the Company is required to cooperate with government institutions or local authorities, or parties entrusted by them, and there is a possibility that receiving consent from the customer may interfere with the execution of such duties stipulated by laws and regulations
    (6) When business succession resulting from mergers, demergers, or business transfers, etc. occurs and involves the transfer of users' and registered restaurants' Personal Information
  2. The Company shall, after having received the consent of users and registered restaurants, be able to provide Customer Information to businesses that provide services affiliated with the Service (hereinafter “Affiliated Companies” and “Affiliated Services” respectively).

Article 6 (Outsourcing of the Handling of Personal Information)

The Company may outsource to third parties the handling of all or part of the Personal Information received from users and registered restaurants (this refers to cases in which the management of data including Personal Information is outsourced, etc.). In such cases, the Company will sign non-disclosure agreements etc. in advance with the third party concerned, based on the content of this Policy. The Company will also carry out the supervision necessary to ensure that information safety is being managed appropriately by the third party concerned.

Article 7 (Joint Use of Information)

The Company may share users' and registered restaurants' Personal Information with Affiliated Companies and other third parties within the scope necessary for the provision of Affiliated Services. In such cases, the Company will publish in advance the name of the Affiliated Company, the purpose of the information sharing, and the type of information to be shared.

Article 8 (Data-Gathering Tools)

The following data-gathering tool is integrated into the Service in order to analyze how the Service is being utilized. Along with this, the Company may provide user data to the provider of the data gathering tool below. The data gathering tool uses Cookies etc. to collect user data that does not include personally identifiable information, and the data gathered shall be managed in accordance with the privacy policies and other regulations of the data-gathering tool provider.

Name: Adobe Analytics
Provider: Adobe Inc.
Privacy policy: https://www.adobe.com/privacy/policy.html

Article 9 (Safety Management System)

We have established a basic policy on the protection of personal information with respect to (i) our compliance with the Act on the Protection of Personal Information and other relevant laws and regulations concerning the protection of personal information, (ii) our obligation to establish a point of contact fo r the receipt of complaints and consultations, and (iii) our obligation to handle personal data appropriately. In addition, in order to handle personal data appropriately, we will establish rules concerning the secure management of personal information and implement the following safety management measures.
  1. Conduct self-verification of the status of handling of personal data and conduct an audit by a person independent of the department handling the personal data.
  2. Provide regular training to employees on the protection of personal information and information security.
  3. Place restrictions on and manage persons entering and leaving the Company building and our Company office, as well as manage equipment and electronic media, etc. that handle personal data.
  4. Implement access control to limit the scope of persons in charge and Personal Information databases etc. handled, and review access authority in the event of changes, etc. of the duties of the persons in charge.
  5. Implement security control measures based on an understanding of the system for the protection of personal information in each country where personal data is stored.

Article 10 (Disclosure and Correction of Customer Information)

We will respond to a request from you or your agent for disclosure, Revision (as defined below) or Discontinuance of Use (as defined below) of your personal information in the manner set out below. In this section, “Revision” means revision, addition and deletion of personal information and “Discontinuance of Use” means discontinuance of use, deletion and/or discontinuation of provision to any third party of the personal information.

    (1) Significant items of personal information for which you can make a disclosure request
    For users
      Name and email address of the person(s) created reservation, and name, email address, gender, telephone number, date of birth and other information specified by the Company relating to the person(s) visiting the restaurant and for restaurants to provide optimal services relating to food and drinks.


    For restaurants
      Name, email address, telephone number, date of birth, address, information stated on identification documents with a photo, etc., IP address of the representative, publicly available information listed in places such as official journals or telephone directories, and information provided by registered restaurants, etc. to the Company at the time of and after its registration as a member.


    (2) Cases where we can refuse to disclose your personal information
    We will not disclose your personal information in any of the cases described below. If we refuse to disclose your personal information, we will notify you of the reason therefor.

    (i) We cannot verify your identity;
    (ii) We cannot verify the power of attorney of your agent if the request is made by your agent;
    (iii) Your application form, identity verification document or other similar document is incomplete;
    (iv) The item of information requested for disclosure does not fall under any of the items of disclosable personal information;
    (v) The disclosure is likely to harm your life, body, property or other right or interest, or that of any third party;
    (vi) The disclosure is likely to seriously impede the proper execution of our business; or The disclosure would result in a violation of any other laws or regulations.


    (3) Revision or Discontinuance of Use
    If you request us to conduct Revision of your personal information on the grounds that such information is incorrect or false, or if we are required to conduct Discontinuance of Use of your personal information pursuant to any laws or regulations, we will conduct an investigation on your request. If we confirm that the reason for your request is legitimate, we will comply with your request for Revision or Discontinuance of Use.

    (4) Parties qualified to request for disclosure
    (i) You;
    (ii) Your statutory agent; and
    (iii) Your appointed agent.

    (5) Point of contact for disclosure requests
    Please contact from below link for a request for disclosure, revision or discontinuance of use or any other inquiry. We kindly request that you make a disclosure request by completing our designated application form (please request a copy of our designated application form by calling the point of contact mentioned above) and mailing it to us with the supporting documents attached.

    The point of contact is set out in the following webpage:
    Contact

    (6) Documents to be submitted
    (i) Our designated application form
    You | O
    Your Statutory agent | O
    Your appointed agent | O

    (ii) Document to verify the identity of your agent or yourself*1
    You | O
    Your Statutory agent | O
    Your appointed agent | O

    (iii) Document to certify the power of attorney*2
    You | -
    Your Statutory agent | O
    Your appointed agent | O

    *1 Document to verify the identity of your agent or yourself

    You must submit any of the following documents as a document to verify the identity of your agent or yourself (limited to those documents that have not expired yet or those issued no earlier than three months ago). You must submit either (i) a copy of the document listed as photo ID below or (ii) copies of two or more types of the documents listed as ID without a photo below.
      Photo ID
      Driver's license、Certificate of driving history、Passport、Basic resident registry card with a photo、Special permanent resident certificate、Crew member's pocket ledger、 My Number Card (front side only*) *You do not need to submit a copy of the backside of the card where your My Number is stated. (Notification cards are not acceptable.), Other certificates issued by a public organization.

      ID without a photo

      Health insurance card, Proof of national pension, Proof of employees' pension, Certified copy of your family register (or abridged family register) (original copy issued by a public organization no earlier than three months ago), Resident record (original copy issued by a public organization no earlier than three months ago), Certificate of seal registration (original copy issued by a public organization no earlier than three months ago with the registered seal affixed in the margin), Other certificates issued by a public organization

    If you submit a copy of a document that includes your My Number, basic pension number, place of your registered domicile or insurance number and code or number of the insured, etc., please black out or redact those numbers or inf ormation so that they are unreadable. If your Health insurance card has a QR code, please black it out so that it is unreadable.

    *2 Document to certify the power of attorney

    For statutory agents, the document to certify the power of attorney must be:
    - One of the documents listed below.
    - Limited to those issued no earlier than three months ago.
    - Documents listed below that are marked with * are acceptable only if they are original copies issued by a public organization.
    - If your agent submits a copy of a document that includes the place of your registered domicile or that of your agent, please black it out and redact the same so that it is unreadable.


    Person who has parental authority

    Certified copy of your family register* or your resident record*

    Guardian of a minor

    Certified copy of your family register*, court decision on appointment or certificate of registration of guardianship*

    Guardian of an adult

    Court decision on appointment or certificate of registration of guardianship*

    For appointed agents, the document to certify the power of attorney must be:
    - Our designated letter of attorney (Please affix your signature and registered seal to the letter and attach a certificate of seal registration. If your appointed agent is a lawyer or certified judicial scrivener, please indicate his/her registration or certification number.)

    (7) Fees
    We will not charge any f ees. We will publicly announce any change to the fees in advance.

    (8)Method of providing our reply
    Your statutory agent or yourself
    In general, a disclosure report will be made in writing, and will be sent by mail to the requester of the disclosure. For security reasons, files can also be sent by email when the software/applications that we specified are available.

    Your appointed agent
    In principle, a disclosure report will be sent to the person who is a party to the agreement via the above methods, to the address and/or e-mail address that the person has notified to us in advance. (If there is no e-mail address that has been notified to us in advance, the person must notify us of the e-mail address before applying for the disclosure request.).

Article 11 (Alterations to this Policy)

  1. The Company shall review its handling of Customer Information as necessary and strive to make continuous enhancements. This Policy may therefore be altered as necessary.
  2. When an alteration is made to this Policy, the details of the alteration shall be announced in an easily understood manner through the Service or on websites operated by the Company etc. Note however that when an alteration is made that legally requires the consent of users and registered restaurants, the Company shall obtain the consent of users and registered restaurants through methods prescribed separately by the Company.

Article 12 (Inquiries)

Please send any opinions, questions, and complaints regarding the Company's handling of Customer Information as well as other inquiries regarding the handling of Customer Information to the email address below.

Personal Information Management Inquiries Desk
Kei Tokado, Representative
Address: 1-1 Toranomon 4-chome, Minato-ku, Tokyo 105-6920
Email: info-pocketconcierge@aexp.com
Pocket Concierge Inc.

Established: June 22, 2016
Amended: May 25, 2018
Amended: May 29, 2019
Amended: July 7, 2021
Amended: December 28, 2021
Amended: March 31, 2022
Amended: Sept. 27, 2022

TOP