Michi Cultural Walks
Back to Home

Privacy Policy

Last Updated: January 1, 2025

Introduction and Scope

Michi Cultural Walks ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or book cultural excursions through our platform.

This policy applies to all users of our services, including website visitors, customers who book tours, guides who provide services through our platform, and business partners. By accessing or using our services, you acknowledge that you have read and understood this privacy policy.

Information We Collect

We collect several types of information to provide and improve our services:

Account and Booking Information: When you create an account or make a booking, we collect your name, email address, phone number, billing address, and payment information. For international bookings, we may also collect passport details as required for tour arrangements.

Profile and Preferences: You may choose to provide additional information such as dietary restrictions, accessibility requirements, language preferences, and areas of cultural interest to help us personalize your experience.

Communication Data: We retain records of your correspondence with us, including emails, chat messages, phone calls, and support tickets, to provide customer service and improve our offerings.

Technical Information: When you visit our website, we automatically collect your IP address, browser type, device information, operating system, referring URLs, pages viewed, and time spent on our site through cookies and similar technologies.

How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery: To process bookings, coordinate with guides, send booking confirmations, provide tour information, and deliver the cultural experiences you have purchased.

Payment Processing: To process payments, prevent fraud, and maintain financial records in compliance with applicable laws and regulations.

Customer Support: To respond to your inquiries, resolve issues, handle cancellations and refunds, and provide assistance before, during, and after your tours.

Platform Improvement: To analyze usage patterns, understand customer preferences, test new features, and enhance our website functionality and user experience.

Marketing Communications: With your consent, to send you newsletters, promotional offers, tour recommendations, and updates about new destinations or experiences that may interest you.

Legal Compliance: To comply with legal obligations, enforce our terms of service, protect against fraud and abuse, and respond to legal requests from authorities.

Legal Basis for Processing (GDPR Compliance)

For users in the European Economic Area, United Kingdom, and Switzerland, we process your personal data based on the following legal grounds:

Contractual Necessity: Processing is necessary to fulfill our contract with you, including booking tours, coordinating services, and providing customer support.

Legitimate Interests: We process data to improve our services, prevent fraud, maintain security, and operate our business efficiently, provided these interests do not override your rights.

Legal Obligations: We process data to comply with applicable laws, regulations, and legal processes, including tax reporting and data retention requirements.

Consent: For marketing communications and certain optional data collection, we rely on your explicit consent, which you may withdraw at any time.

Sharing Your Information

We share your information only in the following circumstances:

Tour Guides: We share necessary booking details with the licensed guides conducting your tours, including your name, group size, pickup location, and any special requirements you have communicated.

Service Providers: We work with trusted third-party service providers for payment processing, email delivery, customer support tools, analytics platforms, and hosting services. These providers are contractually obligated to protect your data and use it only for specified purposes.

Business Partners: If you book through a hotel or destination management company partner, we share relevant booking information with them to coordinate your experience.

Legal Requirements: We may disclose information when required by law, court order, government investigation, or to protect our rights, safety, or property and that of our users and the public.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

International Data Transfers

As a global platform operating in Japan and serving international customers, your information may be transferred to and processed in countries outside your country of residence. We implement appropriate safeguards to protect your data during international transfers, including standard contractual clauses approved by regulatory authorities and ensuring our service providers maintain adequate data protection measures.

For data transfers from the European Economic Area to countries without adequacy decisions, we rely on approved transfer mechanisms and conduct transfer impact assessments to ensure appropriate protections are in place.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Booking Data: We retain booking information for seven years after your tour date to comply with tax and accounting regulations, handle potential disputes, and maintain business records.

Account Information: Active account data is retained as long as your account remains open. If you close your account, we delete or anonymize your data within 90 days, except where retention is required for legal compliance.

Marketing Data: If you subscribe to our newsletters, we retain your contact information until you unsubscribe or request deletion.

Technical Data: Website usage data and analytics information are typically retained for 24 months and then automatically deleted or anonymized.

Your Rights and Choices

Depending on your location, you have the following rights regarding your personal data:

Access: You can request a copy of the personal data we hold about you, including details about how we process it.

Correction: You can update or correct inaccurate or incomplete personal information through your account settings or by contacting us.

Deletion: You can request deletion of your personal data, subject to legal retention requirements and legitimate business needs.

Portability: You can request to receive your data in a structured, commonly used format or have it transferred to another service provider.

Objection: You can object to processing based on legitimate interests or for direct marketing purposes at any time.

Restriction: You can request that we restrict processing of your data in certain circumstances, such as while we verify its accuracy.

Withdraw Consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to enhance your experience on our website. For detailed information about the types of cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy.

Essential cookies are necessary for our website to function and cannot be disabled. Optional cookies for analytics and marketing purposes can be managed through your cookie preferences, accessible via the cookie banner or your browser settings.

Security Measures

We implement industry-standard technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit using TLS/SSL protocols; secure storage with encryption at rest for sensitive information; regular security audits and vulnerability assessments; access controls limiting data access to authorized personnel only; employee training on data protection and privacy practices; and incident response procedures to address potential data breaches promptly.

While we take reasonable steps to protect your information, no method of transmission or storage is completely secure. You are responsible for maintaining the security of your account credentials and should notify us immediately if you suspect unauthorized access.

Children's Privacy

Our services are not directed to children under the age of 16, and we do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. We will take steps to delete such information from our systems.

For family bookings involving minors, the adult making the booking is responsible for providing necessary information and consenting to data processing on behalf of minor participants.

Third-Party Links and Services

Our website may contain links to third-party websites, services, or applications not operated by us. This privacy policy does not apply to third-party sites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

When you use integrated third-party services on our platform (such as payment processors or social media plugins), those providers may collect information directly from you according to their own privacy policies.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.

Right to Delete: You can request deletion of personal information we have collected from you, subject to certain exceptions.

Right to Opt-Out: While we do not sell personal information in the traditional sense, you have the right to opt out of certain data sharing practices.

Non-Discrimination: We will not discriminate against you for exercising your privacy rights, including by denying services, charging different prices, or providing different quality of service.

Changes to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices, technologies, legal requirements, or business operations. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date and, where appropriate, by sending you an email notification.

Your continued use of our services after the effective date of changes constitutes your acceptance of the updated policy. We encourage you to review this policy regularly to stay informed about how we protect your information.

Contact Information for Privacy Inquiries

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

Email: privacy@malrenbrook.com

Phone: +81 4-3271-7252

Mail: Michi Cultural Walks
4 Chome-10-2 Hanazono, Hanamigawa Ward, Chiba, 262-0025, Japan

We will respond to all legitimate requests within 30 days, or as otherwise required by applicable law. For European data subjects, you also have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.

Supervisory Authority

If you are located in the European Economic Area and have concerns about how we handle your personal data that we have not adequately addressed, you have the right to lodge a complaint with your local supervisory authority. Contact information for EU data protection authorities can be found at the European Data Protection Board website.