KRÖFT is committed to handling personal information responsibly. This policy explains how we collect, use, share and protect personal information in the course of providing wholesale, white-label destination management services to the travel trade. It reflects global best practice and the requirements of Japan's Act on the Protection of Personal Information (APPI), and — where relevant to partners in those regions — the principles of the EU and UK General Data Protection Regulation (GDPR).
KRÖFT is a destination management company operating in Japan, providing wholesale, white-label travel arrangements to travel agencies, designers, concierge services, hotels and fellow operators ("partners"). In this policy, "we", "us" and "our" refer to KRÖFT; "you" refers to the partner or individual we deal with. Depending on the interaction, we act either as a data controller (deciding how information is used — for example, our own partner records) or as a data processor (handling information on a partner's behalf — for example, traveller details supplied to us to arrange a journey).
We collect personal information in three ways:
We collect only what we need to respond to enquiries and deliver services. Depending on the engagement, this may include:
We do not take payments from, or hold financial details of, your clients. We do not knowingly collect information relating to anyone under 18 without the consent of a parent or guardian, obtained through our partner.
We use personal information to prepare quotations, design and operate itineraries, make bookings with suppliers on your behalf, provide on-the-ground support during travel, meet our legal and accounting obligations, and maintain our business relationship with you. We may also use limited website data to keep the site secure and improve it. We do not sell personal information, and we do not market to your clients.
Where data-protection law requires a legal basis, we rely on: the performance of a contract with our partner; our legitimate interests in operating and promoting a trade-only business and in keeping it secure; consent, where we ask for it (which you may withdraw at any time); and compliance with legal obligations. Under the APPI, we handle personal information within the scope of the purposes set out in this policy.
To deliver a journey we share necessary details with the suppliers involved — guides, drivers, accommodation, restaurants, experience providers and our owned or partner destination management companies. We share only what each supplier needs, and we require them to handle it confidentially and appropriately. We may disclose information where we are legally required to do so. We never sell or rent personal information to third parties.
Where a partner provides us with personal information about their clients, the partner is responsible for ensuring they have the right to share it and that their clients have been informed of how it will be used. We act on the partner's instructions and process that information solely to deliver the arrangements requested.
Because we operate in Japan and work with partners and suppliers in other countries, personal information may be transferred and processed across borders, including into Japan. Where this happens, we take steps to ensure it remains protected to an appropriate standard and work only with parties who maintain comparable safeguards.
We keep personal information only as long as necessary for the purposes set out above and to meet legal, tax and accounting requirements, after which it is securely deleted or anonymised. Where you ask us to delete information, we will do so unless we are required or permitted by law to retain it.
We apply reasonable technical and organisational measures to protect personal information against loss, misuse, alteration or unauthorised access — including controlled access, secure handling practices and care in our choice of suppliers. No method of transmission or storage is completely secure, so we encourage care when sharing sensitive information with us.
Our website uses only the cookies necessary for it to function and, where enabled, basic analytics to understand how it is used and to maintain performance. You can control or disable cookies through your browser settings, though some features may not work as intended if you do.
Subject to applicable law, you may request access to, correction of, or deletion of the personal information we hold about you; object to or restrict certain processing; withdraw consent where we rely on it; and request a copy of certain information in a portable form. To make a request, contact us using the details below. We may need to verify your identity before responding, and where we hold information on behalf of a partner we may direct the request to that partner.
Our services are directed at the travel trade, not at children, and our website is not intended for them. We do not knowingly collect information from anyone under 18 without verifiable parental or guardian consent obtained through our partner. If we become aware that we hold such information without that consent, we will delete it.
We may update this policy from time to time to reflect changes in our practices or in the law. The date above reflects the latest version, and the current policy will always be posted on this page. We recommend reviewing it periodically.
For any privacy question or request, write to us at [email protected].
KRÖFT · Japan