1. Introduction

Indowave Co. Ltd. (hereinafter referred to as “the Company,” “we,” “us,” or “our”) operates Travel Your Dreams (accessible at travelyrdreams.com), a destination management company and tour operator based in Tokyo, Japan. We are committed to protecting your privacy and handling your personal information in accordance with Japan’s Act on the Protection of Personal Information (APPI), as amended through 2026, and other applicable data protection laws.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use our services, visit our website, or interact with us. By using our services or providing your personal information to us, you acknowledge that you have read, understood, and agree to this Privacy Policy.

2. Company Information

3. Scope and Applicability

This Privacy Policy applies to:

• All visitors to our website (travelyrdreams.com)
• Current and prospective customers who use our tour services
• Business partners and suppliers
• Individuals who contact us through our inquiry forms, email, or other communication channels
• Newsletter subscribers and social media followers

This policy applies regardless of your location. If you are located outside Japan, please note that your information will be transferred to and processed in Japan, which has been recognized by the European Commission and the UK Information Commissioner’s Office as providing adequate data protection for EU/EEA and UK personal data.

4. Types of Personal Information We Collect

4.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

4.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

• Device Information: Device type, operating system, browser type and version, device ID
• Usage Data: IP address, pages visited, time spent on pages, click patterns, referral URLs, access times and dates
• Location Data: Approximate geographic location based on IP address (with your consent for precise location)
• Cookie Data: Information collected through cookies and similar tracking technologies (see Section 10)

4.3 Information from Third Parties

We may receive information about you from:

• Travel partners and suppliers (hotels, airlines, local guides, activity providers)
• Travel insurance providers
• Payment processors and financial institutions
• Business partners and affiliates
• Social media platforms (if you interact with us through social media)
• Publicly available sources (business registries, travel review sites)

4.4 Sensitive Personal Information

Under APPI, we may collect sensitive personal information with your explicit consent for specific purposes. This includes:

• Health information (dietary restrictions due to allergies, medical conditions, accessibility needs)
• Religious preferences (for meal planning, itinerary customization)
• Nationality and passport information (required for booking accommodations and activities)

5. How We Use Your Personal Information

We use your personal information for the following purposes:

5.1 Service Provision

• Processing and managing your tour bookings and reservations
• Coordinating with hotels, airlines, guides, and other service providers
• Customizing itineraries based on your preferences and requirements
• Providing customer support and responding to your inquiries
• Sending booking confirmations, travel documents, and itinerary updates
• Managing special requests and dietary/accessibility requirements

5.2 Business Operations

• Processing payments and maintaining financial records
• Managing our relationship with you and improving customer service
• Conducting internal administration and record-keeping
• Analyzing service usage to improve our offerings
• Maintaining the security and integrity of our systems

5.3 Legal and Compliance

• Complying with legal obligations (tax, accounting, travel agency regulations)
• Protecting against fraud, security threats, and legal liability
• Enforcing our Terms and Conditions
• Responding to legal requests from authorities
• Managing insurance claims and disputes

5.4 Marketing and Communication (With Your Consent)

• Sending newsletters, promotional offers, and travel inspiration content
• Informing you about new services, destinations, and special deals
• Conducting customer satisfaction surveys
• Remarketing and targeted advertising (with cookie consent)

5.5 Website Improvement

• Analyzing website traffic and user behavior
• Improving website functionality and user experience
• Testing new features and services
• Optimizing content and navigation

6. Legal Basis for Processing

Under APPI and other applicable laws, we process your personal information based on the following legal grounds:

7. Information Sharing and Disclosure

7.1 Service Providers and Business Partners

We share your personal information with trusted third parties who help us deliver our services:

• Accommodation Providers: Hotels, ryokans, hostels for reservation purposes
• Transportation Providers: Airlines, rail companies, bus operators, car rental services
• Activity Providers: Tour guides, museums, attraction venues, restaurants
• Payment Processors: Secure payment gateways for processing transactions
• Technology Providers: Website hosting, email services, CRM systems, analytics tools
• Insurance Providers: Travel insurance companies (when you purchase insurance)
• Business Partners: Travel agencies, corporate clients, affiliate partners

7.2 Legal Requirements

We may disclose your information when required or permitted by law:

• To comply with legal obligations, court orders, or government requests
• To protect our legal rights, property, or safety
• To protect the rights, property, or safety of our customers or the public
• In connection with law enforcement or regulatory investigations
• To prevent fraud or security threats

7.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you of such changes and any impact on your privacy rights.

7.4 Third-Party Disclosure Records

In accordance with APPI requirements, we maintain records of third-party disclosures, including the date, recipient name, purpose, and data categories shared. These records are available for inspection by data subjects upon request.

8. Cross-Border Data Transfers

As an international tour operator, your personal information may be transferred to and processed in countries outside Japan, including:

• Countries where our service providers are located (hotels, activity providers, etc.)
• Countries where our technology infrastructure is based (cloud servers, databases)
• Your home country (when sending travel documents or communications)

8.1 Safeguards for International Transfers

When transferring your data internationally, we ensure adequate protection through:

• Adequacy Decisions: Transfers to countries recognized by Japan’s PPC as having adequate data protection (e.g., EU/EEA countries, UK)
• Standard Contractual Clauses: Legally binding agreements with international partners
• Informed Consent: Obtaining your explicit consent after informing you of the destination country’s data protection standards
• Contractual Safeguards: Requiring recipients to implement APPI-equivalent protections

8.2 Your Rights Regarding Cross-Border Transfers

Before transferring your data internationally, we will inform you of the destination country and obtain your consent where required. You have the right to:

• Withdraw consent for international transfers (subject to service limitations)
• Request information about the countries where your data is processed
• Request details about safeguards in place for international transfers

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, loss, misuse, alteration, or destruction.

9.1 Security Measures

• Encryption: SSL/TLS encryption for data transmission, encryption of sensitive data at rest
• Access Controls: Role-based access restrictions, multi-factor authentication for staff
• Network Security: Firewalls, intrusion detection systems, regular security audits
• Data Minimization: Collecting only necessary information, regular data purging
• Employee Training: Regular privacy and security training for all staff
• Vendor Management: Security assessments of all third-party service providers
• Incident Response: Procedures for detecting, reporting, and responding to security breaches

9.2 Data Breach Notification

In accordance with APPI amendments effective in 2026, if we experience a data breach that poses a risk to your rights and freedoms, we will:

• Notify the Personal Information Protection Commission without undue delay
• Notify affected individuals promptly when required by law
• Provide information about the nature of the breach, potential consequences, and mitigation measures
• Take immediate steps to contain and remedy the breach

9.3 Your Security Responsibilities

To help protect your information, please:

• Use strong, unique passwords for your account
• Keep your login credentials confidential
• Be cautious about phishing emails or suspicious communications
• Notify us immediately if you suspect unauthorized access to your account

10. Cookies and Tracking Technologies

10.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and analyze website performance.

10.2 Types of Cookies We Use

10.3 Third-Party Cookies

We use the following third-party services that may set cookies:

• Google Analytics: Website traffic analysis (Privacy Policy)
• Google Ads: Advertising and remarketing (Privacy Policy)
• Facebook Pixel: Social media advertising (Privacy Policy)

10.4 Managing Cookies

You can control cookies through:

• Cookie Banner: Accept or reject optional cookies when you first visit our website
• Browser Settings: Configure your browser to block or delete cookies
• Opt-Out Links: Use third-party opt-out tools (Google Analytics Opt-out, Facebook Ad Preferences)

Note: Blocking strictly necessary cookies may affect website functionality and prevent you from using certain features.

11. Your Rights Under APPI

Under Japan’s Act on the Protection of Personal Information (APPI), as amended through 2026, you have the following rights regarding your personal information:

11.1 Right of Access

You have the right to request disclosure of your personal information held by us. We will provide:

• Categories of personal information we hold about you
• Purposes of use
• Third parties to whom your data has been disclosed
• Information about cross-border transfers

Response Time: Within 30 days of verification of your identity

Fee: We may charge a reasonable fee for excessive or repetitive requests

11.2 Right to Correction

If your personal information is inaccurate or incomplete, you have the right to request correction, addition, or deletion of the relevant data.

Response Time: We will correct verified inaccuracies within 30 days

11.3 Right to Suspension of Use or Deletion

You may request that we stop using or delete your personal information if:

• It is being used beyond the originally stated purpose
• It was obtained through deception or improper means
• You withdraw consent (for processing based on consent)
• You no longer require our services

Enhanced Rights (2026 Amendments): You now have strengthened rights to request suspension or deletion of sensitive personal information, including biometric data, even in the absence of misuse.

11.4 Right to Restriction of Third-Party Provision

You may request that we stop providing your personal information to third parties if such disclosure was not properly authorized or exceeds the original purpose.

11.5 Right to Withdraw Consent

For processing based on consent (marketing, cookies, sensitive data), you have the right to withdraw your consent at any time by:

• Clicking “unsubscribe” in marketing emails
• Adjusting cookie preferences in your browser or our cookie settings
• Contacting us directly

Withdrawal will not affect the lawfulness of processing before withdrawal.

11.6 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another service provider.

11.7 Exercising Your Rights

To exercise any of these rights, please contact us at:

11.8 Limitations on Rights

We may refuse or limit your requests if:

• Disclosure could harm the life, body, property, or other rights of you or a third party
• Disclosure would significantly impede the proper conduct of our business
• Disclosure would violate other laws or regulations
• We are legally required to retain the information

We will explain the reason for any refusal.

11.9 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to lodge a complaint with:

12. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations.

12.1 Retention Periods

12.2 Secure Deletion

When retention periods expire, we securely delete or anonymize your personal information using industry-standard methods to prevent recovery or reconstruction.

13. Children’s Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect personal information from children without parental consent. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at privacy@travelyrdreams.com.

When children travel with our tours, we collect their information with explicit parental consent and process it only for travel service provision. Under the 2026 APPI amendments, we provide enhanced protection for minors’ personal data, including stronger rights to deletion.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

• Update the “Last Updated” date at the top of this policy
• Notify you via email if you are a registered customer
• Display a prominent notice on our website
• Obtain your consent if required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

16. Compliance with APPI 2026 Amendments

This Privacy Policy is compliant with the Act on the Protection of Personal Information (APPI) as amended and effective through 2026, including:

• Enhanced rights for data subjects regarding sensitive personal information
• Strengthened data breach notification requirements
• Updated consent mechanisms for third-party data sharing
• Privacy impact assessment considerations
• Administrative fine system awareness
• Enhanced protections for minors’ personal data