3. Provision of Personal Data
H.I.S. does not disclose or provide personal data provided by customers to any third parties, except with the consent of the customer from whom the data was obtained, or when there is a legitimate other reason for such disclosure (such as legal obligations to do so).
H.I.S. will not disclose personal data of a customer to third parties without the consent of the customer from whom the data was obtained, except in the following cases:
(a) Protection of human life and health
H.I.S may provide personal data when the disclosure is necessary for the protection of human life, human health or property and when it is difficult to obtain the consent of the person from whom the data was obtained. In addition, H.I.S may disclose it when it is particularly necessary for enhancement of public health or promotion of sound growth of children and when it is difficult to obtain the consent of the person from whom the data was obtained.
(b) Competent authorities
H.I.S will disclose personal data to law enforcement insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud. H.I.S may need to further disclose personal data to competent authorities to protect and defend H.I.S’ rights or properties.
(c) Local H.I.S. offices
In order to provide the services, a customer’s details may be shared with subsidiaries of the H.I.S below, its corporate family. For a description of our corporate structure, please refer to our About page. (https://www.his.co.jp/english/about.html)
(d) Third-party service providers
H.I.S. may use arrangement agents (e.g. accommodation agent) and/or service providers (e.g. hotel or airline) to process the customer’s personal data on behalf of H.I.S in order to provide its services to the customer. Third party service providers are bound by confidentiality clauses and are not allowed to use his/her personal data for other purposes. Where data is transmitted out of the EEA to a processor in a third country appropriate safeguards are in place to ensure the safety of the customers’ personal data.
(e) Special provision for transfer of personal data from the EEA to third countries
Where an individual from whom data has been collected is located in the EEA and such data will be transferred to any entity outside the EEA, H.I.S. will at any time ensure the safety of the personal data. In case of the absence of an adequacy decision of the European Commission, H.I.S. will only transfer data to third countries under the provision of appropriate safeguards required under the European General Data Protection Regulation. H.I.S. has entered into Standard Contractual Clauses for the protection of personal data with its business partners in third countries, which at any time ensure an adequate level of protection of personal data as well as enforcement of the rights of individuals regarding their personal data. In cases where such safeguards cannot be ensured, H.I.S. will only share personal data after having notified the individual and retrieved consent for such transfer or where it is absolutely necessary to perform the obligations towards such individuals under the agreement with H.I.S.(such as disclosure of personal data to a hotel for the purpose of booking the accommodation for the customer).