Privacy Policy
Chapter 1 describes the handling of personal information as it applies to all customers. Chapter 2, Chapter 3, Chapter 4, and Chapter 5 provide region-specific information for customers who are located or reside in the European Economic Area/the United Kingdom, the People’s Republic of China, the state of California of the United States, and the Kingdom of Thailand, respectively.
Chapter 1. ANA Sales Americas's Handling of Personal Information of All Customers
1. Introduction
This Privacy Policy explains how and why the personal information of customers and other individuals obtained by ANA Sales Americas. (“ASA”, “we”, “our” or “us”) is used. Please read this Privacy Policy carefully before providing personal information to us or using our products or services.
Chapter 1 of this Privacy Policy provides an overview of how we use your personal information.
Additional policies may apply to certain ANA Sales Americas products or services, details of which will be provided separately or in the terms of such service, etc.
For customers who reside in Japan, “personal information” in this Chapter 1 means information relating to a living individual containing (i) a name, date of birth, or other identifier or the equivalent which can be used to identify a specific individual or (ii) an individual identification code.
2. Scope of application
This Privacy Policy will apply when customers and other individuals provide personal information to ANA Sales Americas or use our services and products.
3. Purpose of using personal information
ANA Sales Americas uses personal information obtained from its customers for the following purposes. However, even within the intended scope, it will not use customers’ personal information in a way that may encourage or induce illegal or improper conduct.
- Reservations, ticket sales, and check-in with regard to air transport services
- Hotel reservations, accommodation arrangements, and check-in/check-out services
- Tour reservations, product sales, lounge services, check-in assistance, and eligibility verification at the ANA Mahalo Lounge
- Waikiki Trolley services (ANA Express Bus alternative) and eligibility verification
- To communicate and coordinate with travel service providers, including airlines, hotels, transportation companies, and tour operators, in connection with travel arrangements.
- Research and analysis of usage of our services/products
- All operations incidental or related to purposes “1.” through “6.” above
- Implementation of questionnaires concerning service and products, etc., offered by us
- Development of new services and products
- Notification relating to services and products offered by ANA Sales Americas
- Operation and management relating to the events and campaigns implemented by ANA, ANA Group companies, partner companies, etc.
- Response to inquiries and requests
4. Acquisition of personal information
ANA Sales Americas will obtain the following personal information by fair and appropriate means for the purpose of achieving the previously mentioned purposes.
(1)Identity, contact and payment information, etc.
The customer’s name, gender, date of birth, address, telephone number, email address, employment information (company name, division/department the customer belongs to, employee number, title, address, telephone number), mailing address, passport information, physical and medical information relating to flying, dietary restrictions, payment information including details of credit/debit card and other payment methods, etc.
(2)Travel information
Details of travel plans and arrangements, including flights with ANA and other airlines, accommodations, and other transportation arrangements, etc.
(3)Information on the customer's ANA Mileage Club membership and information related to the usage of eligible services
The customer’s ANA Mileage Club membership number, type of membership card, membership status, membership area, mileage status, credit card number and expiration date, usage history of credit card and related information, need for wheelchair or other special arrangement, flight reservation and cancellation information, usage history of flights and other services, etc.
(4)IT and system data including information on the usage of the ANA Sales Americas website and mobile application
Information such as that on how customers use the ASA website and mobile application, including details on cookies, advertising identifiers (IDFA/GAID), location information, unique device identifiers, IP address, OS and browser type, etc., and website activity logs by which ASA may be able to identify a specific individual.
ASA will never obtain and use information of a sensitive nature to the customer (hereinafter, “sensitive information”), such as information on race, beliefs, social standing, history of illness, crime records, and history of having been afflicted by crime, unless required by laws and regulations or the consent of the customer is obtained.
5. Acquisition of Information Related to Personal Information
ASA may receive information related to personal information about customers directly from customers or from third parties or ANA Group companies. “Information related to personal information” in this Chapter 1 means information relating to a living individual which doesn’t fall under personal information, pseudonymized personal information or anonymized personal information defined in the Act on the Protection of Personal Information (Act No. 57 of 2003) of Japan.
6. Choice by the customer
As a rule, ASA obtains personal information in accordance with the customer’s intention. Customers may experience disadvantages if they refuse to provide their personal information, such as being unable to make use of the various services provided by ASA, or being unable to receive campaign notices and other ASA information because a part of the functions of ASA’s system become inoperable and thereby unavailable. Please note that customers may change their contact information as well as their decision on whether or not they wish to receive email magazines at any time they wish, in a manner designated separately by ASA.
7. Disclosure and provision of information to a third party
(1)When ASA discloses or provides customers' personal information to third parties
ASA will not disclose or provide customer’s personal information to any third parties except under the following circumstances. Also, customers’ personal information including sensitive information will not be disclosed or provided to third parties under any circumstances, unless allowed by laws and regulations or by consent of the customer. Note that provision of information based on joint use and business entrustment are not deemed to constitute disclosure or provision to third parties.
- Customer consent has been obtained.
- Disclosure or provision is required within the scope allowed by laws or regulations.
- Disclosure is required to protect human life, health, or property in cases where obtaining customer consent is difficult.
- Disclosure is required to cooperate with the public affairs of national or local governments, and when obtaining customer consent is likely to hinder the administration of public affairs.
- Disclosure or provision of information as statistical data (in a format that does not disclose the customer’s identity).
- Provision of information as a result of the succession of business due to a merger, company split, transfer of business or otherwise.
- Provision of information in accordance with procedures based on laws and regulations, under the condition that the following information can be easily checked by the customers themselves through the ANA website, etc., and that the customers have not declared their wish to refuse provision of their information.
- The purpose of obtaining information is to provide such information to a third party
- Specific personal data items to be provided to a third party
- The means by which such personal information is provided to a third party
- Provisions of information will be suspended upon the customers’ request
- Methods for accepting requests from customers
(2)Third parties to which ASA may disclose or provide customers' personal information
ASA may disclose or provide customers’ personal information to the following categories of recipients.
- Affiliates: ASA may disclose or provide customers’ personal information to companies belonging to the ANA Group and organizations related to the ANA Group.
- ASA’s employees: ASA may disclose or provide customers’ personal information to the ASA’s employees who are authorized and who have a need to access such data.
- Service providers: ASA may disclose or provide customers’ personal information to third-party service providers that perform certain services, such as IT service providers (including data server and cloud service providers), data analytics service providers, advertising distribution service providers and legal advisors.
8. Joint use
ASA may share customer’s personal information as follows.
(1) For provision of air transportation services, travel services including tours and hotels, and other products/services handled by ASA or companies that jointly use data
(2) For sending of direct mail and information on products/services, and distribution of questionnaire(s) to customers, etc. by the Company or companies that jointly use data
(3) For sales analysis, other research/studies, and development of new products/services, etc. by ASA or companies that jointly use data
(4) For delivery and transfer of data when we receive inquiries, application for use or other offers from customers regarding products/services provided by ASA or companies that jointly use data
(5) For appropriate and smooth fulfillment of other transactions with customers by ASA or companies that jointly use data
(6) For business management/internal management by the ANA Group
The customer’s ANA Mileage Club membership number, the customer’s name, address, telephone number, fax number, email address, employment information (company name, division/department the customer belongs to, title, address, telephone number), mailing address, passport information, physical and medical information relating to flying, dietary restrictions, payment information including details of credit/debit card and other payment methods, details of travel plans and arrangements, including flights with ANA and other airlines, accommodations, and other transportation arrangements, type of membership card, membership status, membership area, mileage status, credit card number and expiration date, usage history of credit card and related information, need for wheelchair or other special arrangement, flight reservation and cancellation information, usage history of flights and other services, details of enquiries, requests and complaints contained in correspondence with customers, information on the use of ANA website and mobile application, including cookie and activity logs on the website, etc.
ANA Holdings Inc.
Shiodome City Center, 1-5-2, Higashi-Shimbashi, Minato-ku, Tokyo, Japan 105-7140
Koji Shibata, President & Chief Executive Officer
9. Business entrustment
In providing products and services to customers, ASA may entrust a part of its business operations to third parties to which personal information may also be disclosed to the extent required to achieve the purpose of use. In these cases, ASA will implement appropriate measures in managing and supervising such third parties to safeguard the handling of customers’ personal information, including executing agreements on the handling of such personal information.
10. Management of personal information
In receiving customers’ personal information, ASA will manage such information appropriately and take necessary safety management measures to prevent leaks, loss, or alterations. ASA ensures that the board members and employees are properly trained regarding appropriate handling to safeguard the security of information identifying individual customers. An appropriate retention period for personal information will be established in accordance with the purpose for which such information is used. After the purpose of the information has been achieved, ASA will dispose of the information in question by appropriate methods.
If you wish to know the details of the safety management measures, please make a request in accordance with “12. Request about handling of Personal Information”.
*For ASA’s action policy for information security, please refer to “ANA Group Information Security”.
11. Request about handling of Personal Information
If ASA receives a request from a customer, submitted in the manner specified, for the disclosure, correction, deletion, addition, suspension of use, erasure, or information provision concerning personal information protection measures (“disclosure, etc.”) with regard to the customer’s personal information stored in a database held by ASA, the request will be handled in accordance with applicable laws and regulations, within a reasonable timeframe and scope, after confirming that the request was submitted by the customer themselves.
(1) Request for Disclosure
Personal information items, purpose of use, or records on the provision of personal data to third parties will be disclosed in accordance with the customer’s request.
(2) Request for Correction, Deletion, or Addition
Correction, deletion, or addition of personal information will be undertaken after due review of the request and where deemed necessary.
(3) Request for Suspension of Use or Erasure
The use of personal information designated by the customer will be suspended, and the relevant information will be erased if so desired, in accordance with the submitted request. However, please note that such suspension or erasure may prevent customers from being provided with services that they had utilized or services requested by them.
(4) Request for Information Provision concerning Personal Information Protection Measures
The following information will be provided in accordance with the customer’s request:
- Details of the safety management measures taken by ASA in receiving and managing customers’ personal information.
ASA may not be able to fulfill all or part of a customer’s request if compliance with such request may harm the life, health, property, or other rights and interests of the customer or a third party, seriously impact ASA’s business operations, or result in a violation of applicable laws and regulations.
12. Submission of a request for disclosure, etc.
The method for submitting a request for disclosure, etc. or notification of purpose of use of personal information (“requests for disclosure, etc.”) received by ASA from customers, and contact information are as follows.
Company:ANA Sales Americas
Email : cp@anasalesa.com
Tel : 310-533-8685
13. Modification of the Privacy Policy
This Privacy Policy describes how ASA handles personal information. Customers and other users who use ASA’s services and products are deemed to have fully understood and agreed to the contents of this Privacy Policy.
ASA reserves the right to modify this Privacy Policy at any time. Any revised Privacy Policy shall become effective when it is posted on ASA’s website.
Chapter 2. Handling of personal data of EEA and UK residents by ASA
1. Introduction
This Chapter 2 provides additional information about the handling of personal data of customers and other individuals in the European Economic Area (“EEA”) and/or the United Kingdom (“UK”) in accordance with EU General Data Protection Regulation 2016/679 (“GDPR”) and the UK Data Protection Act 2018 (“DPA 2018”) and other national and international data protection and privacy laws in the EEA and UK (collectively, “Data Protection Laws”).
Please note that the UK’s laws are similar to those in the EEA, and customers from both jurisdictions have very similar rights. Accordingly, references to the GDPR in this Chapter should also be read as references to corresponding UK law.
The consent shall be given or authorized by the holder of parental responsibility in the event that a customer under the age of 16 uses ASA’s service. Customer’s consent to this Privacy Policy must be obtained in the event that a person such as family member applies for ASA’s service on behalf of the customer.
In the event that any provisions of this Chapter 2 contradict those of Chapter 1, the provisions of this Chapter 2 shall prevail.
2. The controller of personal data
The controller of your personal data is ASA.
ASA protects personal data which is collected and used by controllers (who make decisions about how and why your personal data is used) and processors (who act on the controller’s written instructions) on the basis of Data Protection Laws.
3. Our legal basis for processing personal data
ASA protects your personal data by ensuring that it can only be used to the extent necessary for specific purposes (as set out in Part 3 of Chapter 1 of this Privacy Policy) and by requiring that there is a legal basis for each processing activity on the basis of Data Protection Laws.
ASA may process customer personal data on one or more of the following legal basis:
(1) When your consent is obtained for the processing (Article 6(1)(a) GDPR)
Consent will usually only be relied upon for promotional and marketing related processing, or in some cases, in relation to sensitive personal data.(2) When processing is necessary in order to perform or take steps to enter into a contract (Article 6(1)(b) GDPR).
This is typically when we process customer information which is essential to providing our services, including a customer’s identity, contact, payment and travel details, etc.(3) When ASA needs to process the data to comply with a legal obligation (Article 6(1)(c)).
This includes the requirement to share personal data with customs and immigration authorities or law enforcement, as well as ASA’s legal obligations towards its staff and customers.(4) When the processing is required to protect your, or a third party’s, vital interests (Article 6(1)(d)), for example in the event of a medical emergency.
(5) When the processing of personal data is required for legitimate interests of ASA or a third party, and these interests are not overridden by your rights under Data Protection Laws (Article 6(1)(f) GDPR).
This includes the use of personal data necessary to operate ASA’s business and also to maintain, develop and improve its goods and services and provide the best possible customer experience.
4. Request about processing of personal data
(1)Data Protection Laws provide you with the following legal rights:
The customer has the following rights regarding their personal data:
- Request for Access: You can request copies of your personal data and details of how we process it.
- Request for Rectification: Rectifications to personal data will be undertaken where possible after due review of the request.
- Request for Erasure: You may request that we erase all or part of the personal data we hold about you. We will consider your request and, where the personal data is no longer required or the law does not permit us to continue to retain it, we will erase it.
- Request for Data Portability: You can request a copy of your personal data in a structured, commonly used, machine-readable format. This only applies to personal data which we obtain from you and process on the basis of your consent or in order to perform a contract, and which is processed by automated means.
- Objections to Processing: You can object to processing which is carried out for ASA’s or a third party’s legitimate interests or for the purpose of direct marketing. We will cease processing your information unless we can demonstrate compelling legitimate grounds that override your interests. If you object to direct marketing, we will cease the processing.
- Restrictions on Processing: You can restrict our processing of your personal data under certain circumstances. Where this applies, any processing of your personal data (other than storage) will only be carried out with your consent or where required for legal claims, the protection of certain rights, or important public interest reasons.
- Withdrawal of Consent: If we rely on consent to process your personal data, you have the right to withdraw that consent at any time.
Please note that the rights set out above are not absolute and do not apply in every situation. Legal exemptions may apply in certain circumstances, meaning that a request may be refused. If a request is refused, we will inform you of the reasons when responding.
Records of requests made to us will be retained so that we can demonstrate compliance with our legal obligations.
(2)Method for submitting a request
You may exercise your rights free of charge. However, ASA may charge a reasonable fee or refuse a request if it is manifestly unfounded, excessive, or repetitive. The method for submitting a request is as follows:
(Website)
You may contact the Data Controller (please refer to Section 1.12, “How to Submit Requests for Disclosure, etc. and Contact Information”) by completing and submitting the contact form available on our website: https://anasalesa.com/contact-forms/general-contact-form/
(3)Responding to a request
We will respond without undue delay and usually within one month. In some cases, ASA may ask for identification or, if the request is made on behalf of a third party, proof of authority to submit the request. If the request is particularly complex or if multiple requests have been made, it may take longer to provide a detailed response. Please also note that the rights described above are subject to certain exceptions and may not apply in all situations.
If you are not satisfied with ASA’s response to a data protection request, or if you believe your personal data has been mishandled, you have the right to lodge a complaint with a supervisory authority. Please refer to Part 9 of this Chapter 2 (“Lodging a complaint with an authority”) for further details.
5. Data sharing which is necessary to provide goods or services
ASA’s goods and services are provided with the assistance of other companies and organizations, and ASA will often need to share personal data with third parties in order to operate its business. These third parties include:
(1) Other companies within the ASA Group
(2) Organizations with which ASA is legally required to share personal data
including: government organizations, regulatory and law enforcement authorities, judicial, customs and immigration authorities, and other third-party organizations, etc.
(3) Service providers
including: subcontractors handling ASA flights, airports and airlines with whom ASA partners, various service providers, and providers with whom ASA has marketing partnerships, etc.
Where ASA instructs companies, contractors, or service providers to process data on its behalf, ASA will ensure that such processing is carried out pursuant to a contract that meets the requirements of applicable Data Protection Laws.
6. Marketing communications
ASA sends out marketing communications from time to time to notify interested persons of news and provide details of goods and services that may be of interest to them. ASA will only do this if the recipient has consented to receive marketing communications or if they are an existing customer who purchased goods or services from ASA and were given the opportunity to opt out of marketing communications at the time but chose not to do so.
7. Where your personal data is stored and transferred
ASA is located in the United States, and many of the service providers and other organizations with whom ASA shares your personal data are located in jurisdictions outside the EEA and the UK. The United States is not generally considered by the European Commission to provide an unconditional adequacy decision for personal data protection. However, under the EU–US Data Privacy Framework adopted in July 2023, the European Commission has granted an adequacy decision for organizations participating in and certified under the framework, and transfers of personal data within that framework are considered lawful under the GDPR.
When transferring personal data to third parties, ASA will ensure compliance with the requirements of applicable Data Protection Laws, including the EU–US Data Privacy Framework (in relation to certified participating entities), the EU General Data Protection Regulation (GDPR), and relevant US laws governing onward transfers. However, please note that recipients outside the EEA and the UK may be subject to local laws that do not necessarily provide the same level of protection for your personal data.
If you would like more information regarding where your personal data is stored or transferred, please contact ASA using the details set out in Part 13 of Chapter 1 (“Submission of a request for disclosure, etc. and contact information”).
8. Retention of personal data
ASA retains personal data for as long as is necessary to achieve the purposes for which it was collected and used, and for such additional period as may be required to comply with applicable laws and regulations, resolve disputes, and fulfill contractual obligations.
9. Lodging a complaint with an authority
Customers have the right to lodge a complaint regarding the processing of their personal data with the data protection authority having jurisdiction over their place of residence.
(1) EEA residents: Please contact your national supervisory authority, details of which can be found on the European Data Protection Board’s website (https://edpb.europa.eu/about-edpb/board/members_en).
(2) UK residents: Please contact the Information Commissioner’s Office (https://www.ico.org.uk).
10. The contact information of the controller and ASA's Data Protection Officer
Controller::ANA Sales Americas
Address: 21250 Hawthorne Blvd., Suite 200
Torrance, CA 90503
Data Protection Officer email:cp@anasalesa.com
Chapter 3. Handling of personal information of China residents by ASA
Besides Chapter 1, Chapter 3 also applies to the handling of personal information of persons residing in the People’s Republic of China (hereinafter, “China”) based on China’s Personal Information Protection Law and related regulations (hereinafter, “PIPL etc.”). In the event that any provisions of this chapter contradict those of chapter 1, the provisions of this chapter shall prevail.
1. Introduction
A guardian’s consent or permission must be obtained in the event that a customer under the age of 18 uses ASA’s service. In the event that a person such as a family member applies for ASA’s service on behalf of the customer, the consent of the customer (when he/she is under the age of 14, his/her guardian) to this Privacy Policy must be obtained.
2. Collection of sensitive personal information
For the purpose of use, ASA may handle personal information that can be classified as sensitive personal information under the PIPL, etc., such as information about one’s passport, health condition, payment, or accommodations.
Since sensitive personal information can negatively affect the interests of customers if it is leaked or used unlawfully (for example, it is likely that individual dignity will be damaged or that personal safety and asset security will be put at risk), ASA will carefully manage such information and handle it in a lawful manner.
3. Retention period for personal information
ASA retains personal data for as long as is necessary to achieve the purposes of use and collection, and for such period as is required to comply with applicable laws and regulations, resolve disputes, and perform contractual obligations.
4. Technology and measure to protect customers' personal information
(1) ASA takes security measures to protect customers’ personal information from leakage, alteration, or loss. Specifically, ASA takes the following measures to protect customers’ personal information:
- ASA establishes and implements an internal management system and operational rules relating to the protection of personal information.
- ASA conducts classification management for personal information.
- ASA develops its website with HTTPS and uses SSL encryption to secure the transmission of important customer data (such as credit card information) between the customer’s web browser and the server.
- ASA uses encryption technology to protect personal information.
- ASA allocates access rights appropriately and controls access so that unauthorized access to personal information is prevented.
- To raise employee awareness of the importance of protecting personal information, ASA provides education and training on security and privacy protection.
- ASA establishes and implements emergency response plans for personal information incidents.
(2) ASA takes all reasonable and practicable steps to ensure that no irrelevant personal information is collected. ASA retains customers’ personal information only for the shortest period necessary to achieve the purposes stated in this Privacy Policy, unless a longer retention period is permitted by law.
(3) In the event of a personal information incident, ASA will promptly inform customers of the relevant circumstances of the incident in accordance with the requirements of the PIPL, etc. and report it to the relevant regulatory authorities.
5. Request about handling of Personal Information
In the event that ASA receives a request regarding the personal information it holds of a customer who is a resident of China, the request will be handled within a reasonable timeframe and scope in accordance with the PIPL, etc. and Chapter 1 “Part 12 Request about handling of Personal Information”. In responding to the request, ASA may confirm that it was submitted by the customer himself/herself.
(1)Request for withdrawal of consent
If the handling of the customer’s personal information is based on his/her consent, the customer has the right to withdraw such consent.
Personal information items designated by the customer will be deleted in accordance with the customer’s request, wherever possible and appropriate.
However, please note that such deletion may prevent customers from being provided with services that they had utilized, or may impede the provision of services in accordance with their wishes.
(2)Request for interpretation/explanation of Privacy Policy
Customers have the right to ask for the interpretation/explanation of this Privacy Policy.
(3)Methods for submission of a request
Request Contact Details
(Web)
You may contact the data controller (please refer to Chapter 1, Part 12 “Request about handling of Personal Information”) by completing and submitting the inquiry form available on our website:
https://anasalesa.com/contact-forms/general-contact-form/
Contact Information
Email: cp@anasalesa.com
Phone : +1-310-533-8685 (charges apply)
6. Provision to third parties and transfer outside China
When ASA provides personal information of customers to third parties (including cases of provision due to shared use and business entrustment that involves the transfer of such information outside China), it will do so in accordance with the PIPL, etc.
7. Change of purposes of use of personal information
In the case of a change to the purposes of use of personal information, ASA will announce the revised Privacy Policy in advance on ASA website (https://anasalesa.com/en/privacy-policy/) and ASA will use personal information in accordance with the new purposes of use of personal information after obtaining consent from customers.
8. Basic information of Controller of personal information
ANA Sales Americas
Address: 21250 Hawthorne Blvd., Suite 200, Torrance, CA 90503
Chapter 4. Handling of personal information of California residents by ASA
Besides Chapter 1, Chapter 4 also shall apply to the handling of personal information of persons residing in California, United States of America based on the California Consumer Privacy Act of 2018 as amended under the California Privacy Rights Act of 2020 (hereinafter “CCPA”). In the event that any provisions of this Chapter contradict those of Chapter 1, the provisions of this Chapter shall prevail.
The terms used in this Chapter are based on the definitions provided in the CCPA. For example, the term “sale” means ASA’s selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information to a third party for monetary or other valuable consideration. The term “sharing” means ASA’s sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration. However, if ASA concludes an appropriate agreement concerning the handling of personal information with a third party, the activities mentioned above are not regarded as a “sale” from the perspective of the CCPA.
1. Acquisition and use of personal information
Personal information collected by ASA in the preceding 12 months or likely to be collected in the future is classified as defined in the following table. ASA uses such information for the purposes set forth in Chapter 1, Part 3 (Purpose of using personal information). It will acquire such personal information directly from customers.
The customer’s name, address, telephone number, fax number, mailing address, email address, passport information, and ASA Mileage Club membership number (10-digit number), personal online identifier, etc.
The customer’s physical and medical information relating to flying, credit card number, and payment information including details of credit/debit card and other payment methods, etc.
The customer’s dietary restrictions, etc.
The type of customer’s ASA Mileage Club membership card, membership status, membership area, mileage status, credit card expiration date, usage history of credit card and related information, need for wheelchair or other special arrangement, flight reservation and cancellation information, usage history of flights and other services, details of travel plans and arrangements, including flights with ASA and other airlines, accommodations, and other transportation arrangements, information contained in correspondence with customers, details of inquiries, requests and complaints, etc.
Information such as that on how customers use the ASA and ANA website and mobile application, including details on cookies, advertising identifiers (IDFA/GAID), location information, unique device identifiers, IP address, details on OS and browser type, etc., and website activity logs
Employment information (company name, division/department the customer belongs to, title, address, telephone number, fax number) and related information
Passport information, information on physical condition or disease of the customer relevant to his/her boarding, the customer’s dietary restrictions, the necessity to arrange for a wheelchair, and location information, etc.
2. The disclosure of personal information
(1)Sale of personal information
ASA does not sell customers’ personal information (including personal information concerning minors) to any third parties, and has not sold the same in the past 12 months.
(2) The sharing of personal information
ASA does not share customers’ personal information (including personal information concerning minors) with any third parties, and has not shared the same in the past 12 months.
(3)Disclosure of personal information for business purposes
The types of customers’ personal information that ASA has disclosed in the past 12 months for business purposes and the types of third parties to which such personal information has been disclosed are shown below. ASA discloses these types of personal information to third parties for the purposes specified in Chapter 1, Part 3 (Purpose of using personal information) and Part 8 (Joint use).
The customer’s name, address, telephone number, mailing address, email address, passport information, and ANA Mileage Club membership number (10 digit number), personal online identifier, etc.
Other companies in the ANA Group, subcontractor handling ANA flights, airports and airlines who we partner with, various service providers, providers with whom we have a marketing partnership, government organizations, regulatory and law enforcement authorities, judicial, customs and immigration authorities, third-party organization, etc.
The customer’s physical and medical information relating to flying, credit card number, and payment information including details of credit/debit card and other payment methods, etc.
Other companies in the ANA Group, subcontractor handling ANA flights, airports and airlines who we partner with, various service providers, providers with whom we have a marketing partnership, government organizations, regulatory and law enforcement authorities, judicial, customs and immigration authorities, third-party organization, etc.
Other companies in the ANA Group, subcontractor handling ANA flights, etc.
The type of customer’s ANA Mileage Club membership card, membership status, membership area, mileage status, credit card expiration date, usage history of credit card and related information, need for wheelchair or other special arrangement, flight reservation and cancellation information, usage history of flights and other services, details of travel plans and arrangements, including flights with ANA and other airlines, accommodations, and other transportation arrangements, information contained in correspondence with customers, details of inquiries, requests and complaints, etc.
Other companies in the ANA Group, subcontractor handling ANA flights, airports and airlines who we partner with, various service providers, providers with whom we have a marketing partnership, government organizations, regulatory and law enforcement authorities, judicial, customs and immigration authorities, third-party organization, etc.
Other companies in the ANA Group, various service providers, providers with whom we have a marketing partnership, government organizations, regulatory and law enforcement authorities, judicial, customs and immigration authorities, third-party organization, etc.
Employment information (company name, division/department the customer belongs to, title, address, telephone number) and related information
Other companies in the ANA Group, various service providers, providers with whom we have a marketing partnership, government organizations, regulatory and law enforcement authorities, judicial, customs and immigration authorities, third-party organization, etc.
Passport information, information on physical condition or disease of the customer relevant to his/her boarding, the customer’s dietary restrictions, the necessity to arrange for a wheelchair, and location information, etc.
3. Sensitive personal information
ASA does not use or disclose sensitive personal information of customers for any purpose other than certain purposes permitted under the CCPA. ASA does not collect or process sensitive personal information of customers for the purpose of inferring characteristics about customers.
4. Retention of personal information
ASA retains personal data for as long as is necessary to achieve the purposes of use and collection, and for such period as is required to comply with applicable laws and regulations, resolve disputes, and perform contractual obligations.
5. Request about handling of personal information
Customers residing in California have the following rights concerning their personal information:
(1)Right to know
Customers have the right to make a request to ASA for the disclosure of the following information regarding their personal information collected/used/disclosed by ASA within the 12 months before the date of request (hereinafter “Right to know”), up to twice in 12 months.
- Type of the customer’s personal information collected by ASA
- Source of the collection of such personal information
- Business or commercial purposes for the collection of such personal information
- Type of third party with which such personal information has been shared
- The customer’s specific personal information collected by ASA
- Type of the customer’s personal information disclosed by ASA for a business purpose
- Type of third parties to which each type of such personal information has been disclosed
(2)Right to delete
Customers have the right to make a request to ASA for the deletion of their certain personal information collected by ASA (hereinafter “Right to delete”).
(3)Right to correct
Customers have the right to request ASA to correct incorrect personal information held by ASA (hereinafter the “Right to correct”).
(4)Right to opt-out of sharing
Customers have the right to direct ASA to cease sharing their personal information with a third party (hereinafter the “Right to opt-out of sharing”).
When, among the rights set out above, exercising the right to know, the right to delete or the right to correct, please contact us using any of the following methods. Once ASA receives such a request, it will be handled according to the related laws and regulations within a reasonable timeframe and manner, after confirming, through the procedures for individual identification described below, that the request was submitted by the customer himself/herself.
- Submission of a request:ANA Sales Americas
Email : cp@anasalesa.com
Phone : 310-533-8685 - Procedures for individual identification
(For individuals)
Upon receiving a request for the exercise of the right to know, the right to delete or the right to correct, ASA will ask the customer to submit information sufficient to confirm that such request was submitted by such customer himself/herself, such as his/her name and email address, and compare the submitted information with the information held by ASA.(For representatives)
In addition to the information required for the identification of individual in “(For individuals),” the customer needs to submit a certificate signed by him/her certifying that the representative is authorized to exercise rights on his/her behalf. In addition, ASA may ask the customer to directly contact ASA to confirm that he/she has granted the representative authority to exercise the right to know, the right to delete or the right to correct. - Opt-Out Method
Customers may exercise their right to opt out of sharing personal information using the following method.
Using the CookiePro Consent Tool
Through the OneTrust CookiePro Banner Consent tool displayed on our website, you can manage your cookie preferences and opt out of the sharing of personal information with third parties. By selecting the “Do Not Sell or Share My Personal Information” option within the tool, you can stop the sharing of personal information.
ASA will not discriminate against customers who exercise their rights by, for example, changing the level or quality of services provided. However, please note that deletion of personal information may result in the inability to provide services that were previously available or services that meet customer requests. Please make such requests with this in mind.
- Submission of a request:ANA Sales Americas
6. Security Measures
ASA takes reasonable technical and organizational security measures to protect the personal information it collects. However, ASA cannot guarantee complete security in the transmission of information over the internet, and customers are asked to use such services at their own risk.
7. Contact for inquiries
ANA Sales Americas
Address : 21250 Hawthorne Blvd., Suite 200, Torrance, CA 90503
Email : cp@anasalesa.com
Tel : 310-533-8685
Chapter 5. Handling of personal data of Thailand residents by ASA
1. Introduction
This Chapter 5 provides additional information about the collection, use, or disclosure (“processing”) of personal data of customers and other individuals in the Kingdom of Thailand (“Thailand”) in accordance with the Personal Data Protection Act of Thailand B.E. 2562 (A.D. 2019) (“PDPA”).
If consent is required for processing of personal data relevant to the use of ASA’s services of customers who are minors, quasi-incompetents or incompetents under the law of Thailand and cannot lawfully give consent by themselves, consent of the holder of parental responsibility over the child, their curators or custodians (as the case may be) shall also be obtained. If customers are under the age of 10, only consent of the holder of parental responsibility over the child shall be obtained.
If ASA is not aware that the customers are minors, quasi-incompetent persons or incompetent persons prior to the collection of their personal data, upon learning that ASA has collected personal data of minors without the consent of the holder of parental responsibility over the child (when it is required and the minors cannot lawfully give consent by themselves), or from quasi-incompetent persons or incompetent persons without the consent of their legal curator or custodian, ASA will delete the personal data at the earliest convenience unless ASA can rely on other legal grounds apart from consent for such processing.
The customer’s consent to this Privacy Policy must be obtained in the event that a person such as a family member or an agent authorized to act on their behalf applies for ASA’s service on behalf of the customer.
In the event that any provisions of this Chapter 5 contradict those of Chapter 1, the provisions of this Chapter 5 shall prevail.
2. The controller of personal data
The controller of your personal data is ASA.
ASA protects personal data which is collected and used by controllers (who make decisions about how and why your personal data is used) and processors (who act on the controller’s written instructions) on the basis of the PDPA.
3. Our legal basis for processing personal data
ASA protects your personal data by ensuring that it can only be used to the extent necessary for specific purposes (as set out in Part 3 of Chapter 1 of this Privacy Policy) and by requiring that there is a legal basis for each processing activity on the basis of the PDPA.
ASA may process customer personal data on one or more of the following legal bases:
(1) When your consent is obtained for the processing (Article 19 PDPA)
Consent will usually only be relied upon for promotional and marketing-related processing, or in some cases, in relation to sensitive personal data.
(2) When processing is necessary in order to perform or take steps to enter into a contract (Article 24(3) PDPA)
This is typically when ASA processes customer personal data which is essential to providing its services, including a customer’s identity, contact, payment, and travel details, etc.
(3) When ASA needs to process the personal data to comply with a legal obligation (Article 24(6) PDPA)
This includes the requirement to share personal data with customs and immigration authorities or law enforcement, as well as ASA’s legal obligations towards its staff and customers.
(4) When the processing is required to protect your, or a third party’s, vital interests (Article 24(2) PDPA), for example in the event of a medical emergency.
(5) When it is in ASA’s or a third party’s legitimate interests to process the personal data, and these interests are not overridden by your fundamental rights regarding your personal data under the law (Article 24(5) PDPA).
This includes the use of personal data necessary to operate ASA’s business and to maintain, develop, and improve its goods and services, and provide the best possible customer experience to the extent permissible under the PDPA.
4. Request about processing of personal data
(1)The PDPA provides you with the following legal rights:
The customer has the following rights regarding their personal data:
- Request for disclosure: You can request copies of your personal data and details of how we process it.
- Request for correction or updating: Corrections or updates to personal data will be undertaken where possible after due review of the request.
- Request for erasure: You may request that we erase, destroy, or anonymize all or part of the personal data we hold about you. We will consider your request and, where the information is no longer required or the law does not permit us to continue to retain it, we will delete it.
- Transferring your personal data: You can request a copy of your personal data in a structured, commonly used, machine-readable format. This only applies to personal data which we obtain from you and process on the basis of your consent or in order to perform a contract, and which is processed by automated means.
- Objections to processing: You can object to processing which is carried out on the basis of our or a third party’s legitimate interests or for the purpose of direct marketing. We will cease processing your information unless we can demonstrate legitimate grounds showing that the legitimate interests override your interests. If your objection relates to direct marketing, we will cease the processing.
- Restrictions on processing: You can restrict our processing of your personal data under certain circumstances. Where this applies, any processing of your personal data (other than storing it) will only be lawful with your consent or where required for legal claims, protecting certain rights, or important public interest reasons.
- Withdrawal of consent: If we rely on consent to process your personal data, you have the right to withdraw that consent at any time. However, withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Please note that the rights set out above are not absolute and do not apply in every situation. Legal exemptions may apply in certain cases, meaning that a request may be refused. If a request is refused, we will inform you of the reasons when responding.
Records of requests made to us will be retained so that we can demonstrate compliance with our legal obligations.
(2)Method for submitting a request
You can exercise your rights free of charge (except in the case where expenses may be chargeable under the PDPA). The method for submitting a request and contact information are as follows.
(Website)
Please send the required documents via the webform listed on ASA’s website.
(3)Responding to a request
We will respond without undue delay and usually within thirty (30) days. We may, in some cases, ask for identification or, if you are making the request on behalf of a third party, proof of your authority to submit a request. If your request is particularly complex or you have made a number of requests, it may take longer to provide a detailed response. Please also bear in mind that there are exceptions to the rights above and some situations where they do not apply.
If you are not satisfied with ASA’s response to a data protection request or if you think your personal data has not been mishandled, then you have the right to file a complaint with the Personal Data Protection Committee of Thailand. Please see Part 9 of this Chapter 5 (“Lodging a complaint with an authority”) for further details.
5. Data sharing which is necessary to provide goods or services
ASA’s goods and services are provided with the assistance of other companies and organizations, and ASA will often need to share personal data with third parties in order to run its business. These third parties include:
(1) Other companies in the ASA Group
(2) Organizations with which ASA is legally required to share personal data
including: government organizations, regulatory and law enforcement authorities, judicial, customs and immigration authorities, and third-party organizations, etc.
(3) Service providers
including: subcontractors handling ASA flights, airports and airlines with whom ASA partners, various service providers, providers with whom ASA has a marketing partnership, etc.
Where ASA instructs companies, contractors, or service providers to process data on its behalf, ASA will ensure that it does so pursuant to a contract which meets the requirements of the PDPA.
6. Marketing communications
ASA sends out marketing communications from time to time to notify interested persons of news and provide details of goods and services which may be of interest to them. ASA will only do this if the recipient has consented to receive marketing communications.
7. Where your personal data is stored and transferred
ASA is located in the United States and many of the service providers and other organizations with whom ASA shares your personal data are located in jurisdictions outside Thailand.
When transferring personal data to third parties, ASA will ensure that it complies with the requirements of applicable US laws and the PDPA.
However, please note that recipients outside Thailand may be subject to local laws which do not necessarily provide equivalent protection for your personal data. If you would like more information regarding where your personal data is stored and transferred, please contact ASA using the details set out in Part 13 of Chapter 1 (“Submission of a request for disclosure, etc. and contact information”).
8. Retention of personal data
ASA retains personal data for as long as is necessary to achieve the purposes of use and collection, and for such period as is required to comply with applicable laws and regulations, resolve disputes, and perform contractual obligations. ASA determines retention periods based on the nature of the information and the purposes of retention, taking into account legal and accounting requirements as well as operational needs.
Please note that ASA may retain your personal data for a longer period than mentioned above if it is for the purposes of the establishment or defense of legal claims or the purpose for compliance with the law.
9. Lodging a complaint with an authority
Customers have the right to lodge a complaint on the processing of their personal data with the Personal Data Protection Committee of Thailand.
10. The contact information of the controller and ASA's Data Protection Officer
Controller: ANA Sales Americas
Address: 21250 Hawthorne Blvd., Suite 200
Torrance, CA 90503
Data Protection Officer email: cp@anasalesa.com