Privacy Policy

1. About This Policy

We will process your personal data in compliance with every applicable law and any laws that replace them in the future (including the European Union’s General Data Protection Regulation, Regulation (EU) 2016/679).

In this privacy policy (this “Policy”), we provide information based on such laws related to processing your personal data. This Policy sets out the basis on which any personal data that you provide to us, or that we obtain about you from other sources, will be processed by us. Please take the time to read and understand this Policy.

This Policy may be changed from time to time.

2. Information about us

For the purpose of data protection law, we, Ohta Publications Co., Ltd. (“we”, “us” and “our”) is a data controller in respect of your personal data. And we are committed to respecting your privacy.

  1. Our office address:
    Sigma Ginza First Building 3F, 4-10-16 Ginza, Chuo-ku, Tokyo, Japan
  2. Our email address:

3. Definitions

In this Policy:

  1. your “personal data” means any data which relates to you and from which you can be identified.
    It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you;
  2. “processing” means any activity or operation that is carried out in respect of your personal data, such as collecting, storing, using, transferring or deleting it;

4. How we collect your personal data and what personal data we collect

We will process the following personal data about you. This includes information about you that you give us by writings, e-mails, or when you use our website. The information you give us are:

your name, address, nationality, e-mail address, phone number, date of birth, sex, company name, person’s/company’s name who introduced you to TARO, password, occupation, and passport number.

We will also process your access data, such as cookies, IP addresses, and device identifiers. For more details about access data we collect about you, please see our “Policy Regarding Use of Access Data”.

5. Purpose and legal basis of processing personal data

We use the personal data that we hold about you for the following purposes:

  • To manage members who use our website;
  • To deal with purchases in our e-commerce business;
  • To provide a transport service, travel-related services, concierge services;
  • To provide information and communications; to conduct questionnaires relating to products, services, various events, campaigns, and such;
  • To conduct sales analysis, investigations and research; to develop new services and products;
  • To conduct operations relating to the above; to respond to inquiries, etc.; and
  • To conduct web analytics, etc.

The legal basis for the processing of your personal data is:

  • Performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract in accordance with Art.6 (1)(b) GDPR
  • Where the processing of your personal data is necessary for the pursuance of our legitimate interests in accordance with Art.6 (1)(f) GDPR
  • Consent. This is where you have given consent for us to process your personal data in accordance with Art 6 (1) (a) GDPR.

We do not process your “sensitive data” (information about your race, ethnic origin, religion, physical or mental health, political opinions, sexual life, any actual or alleged criminal offences, and genetic and biometric data).

We will only use your personal data to the extent that it is necessary to do so to fulfil the purposes described above.

6. Disclosure of personal data to recipients

We may share your personal data with recipients in the situations described below:

  • Employees of ours who are authorized and need to access this data; and
  • Outsourcing parties of ours such as payment service providers, travel agencies, customer service providers, internet service providers, web analytics service providers, and cloud service providers.

7. Transfers of personal data outside the European Economic Area

The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”); this especially applies to the transfer to our headquarters in Japan.

Where we transfer your personal data outside the EEA, we will ensure that the recipient destination has been subject to a finding from the European Commission that it ensures an adequate level of protection for the rights and freedoms that you possess in respect of your personal data.

On 23 January 2019 the European Commission adopted on an adequacy decision on Japan. More information on this decision is available on

8. Storage limit of personal data

We will retain the personal data that we collect about you while you are a member of our service except where we are required by law to retain it for a longer period, in which case, we will retain it for that period.

9. Your rights

  1. Access, rectification, erasure, restriction, data portability

    With regard to the processing of personal data, you have the following rights:

    • Request from us access to your personal data pursuant to Art. 15 GDPR.
    • Request from us rectification of your personal data pursuant to Art. 16 GDPR
    • Request from us erasure of your personal data pursuant to Art. 17 GDPR
    • Request from us restriction of processing pursuant to Art. 18 GDPR
    • Right to data portability pursuant to Art. 20 GDPR
  2. Right to object
    You have the right to object on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(f) GDPR (see section 5 above), including profiling based on those provisions pursuant to Art. 21(1) GDPR.
  3. Right to withdraw consent
    Where the processing is based on your consent (Art. 6(1)(a) or Art. 9(2)(a) GDPR (see section 5 above), you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  4. Right to lodge a complaint
    You have the right to lodge a complaint with a supervisory authority pursuant to Art. 57(1)(f) GDPR.

10. Contacts

If you have any questions about this Policy, your rights, or any other issues regarding the protection of your personal information, you can reach us using the information about us above in Section 2.