HomeHOME Tickets & Passes Privacy Policy

Tickets & Passes

WEST QR service Privacy Policy

This Policy applies to the processing of personal data by West Japan Railway Company ("we", "us," or "our"), performed pursuant to applicable data protection laws, with regard to your personal data that we collect in connection with the use of the WEST QR service operated by us for foreign tourists visiting Japan (the "Service").

This Policy explains the grounds for our processing of personal data you provide to us, or personal data about you that we obtain from other information sources.If the provisions of this Policy conflict with the provisions of our other privacy policies, the provisions of this Policy will prevail, to the extent of the conflict(s).

1. Controller for Processing of Your Personal Data

We are the controller for processing of your personal data. Please check section 11 below for our contact details.

2. Categories of Personal Data to be Collected and Purpose of Processing of Your Personal Data

Regardless of the method, such as via the website or e-mails about the Service, we collect and process the following categories of your personal data for the following purposes.

  1. (1) To provide the Service to you
    Your user name (name or handle), country of residence, e-mail address, passwords you set at the time of membership registration, membership number, issued ticket No. (ticket ID) and (only in situations where QR codes displayed by you at station you enters/exits cannot be used, for any reason), device location information when you use the Service, ticket purchase and issuing records, ticket cancellation, refund, usage histories, and any other user records or histories.
  2. (2) To respond to your inquiries
    In addition to the information set forth in subsection (1) above, information about the details of your inquiries.
  3. (3) To respond to threats of cyber attacks, etc.
    Your IP address and log data
  4. (4) To analyze the use of the Service for marketing purposes
    Your country of residence, membership number, and issued ticket No. (ticket ID)
  5. (5) To comply with laws and regulations applicable to us, or to respond to court orders and legal procedures
    Information set forth in subsections (1) through (4) above and any and all other necessary information

To use the Service, you need to provide your personal data. If you refuse to provide your personal data to us, our provision of the Service will be limited.

3. Legal Basis for Processing of Your Personal Data

Where applicable data protection laws require processing of your personal data based on a legal basis, we will process your personal data based on either of the legal bases set forth below and similar concepts permitted under applicable data protection laws.

  1. (1) Contract: Where it is necessary to process your personal data for performance of the contract entered into between you and us (including the terms of use of the Services), or in order to take steps at your request prior to entering into a contract.
  2. (2) Legitimate interests: Where it is necessary for us to process your personal data to pursue our legitimate interests or those of a third party (e.g., responses to your inquiries and complaints), and your interests or basic rights do not prevail over the aforementioned interests.
  3. (3) Consent: Where we obtain your consent to the processing of your personal data
  4. (4) Legal obligation: Where it is necessary for us to process your personal data for purposes of compliance with legal obligations, pursuant to the laws and regulations of your country of residence.

The legal basis on which we rely on for each of the purposes of processing of the personal data described in section 2 above are as follows:

  1. i.To provide the Service to you: Contract or consent
  2. ii.To respond to your inquiries and complaints: Contract, legitimate interests, or consent
  3. iii.To protect against threats of cyber attacks: Legitimate interests or consent
  4. iv.To analyze the use of the Service for marketing purposes: Legitimate interests or consent
  5. v.To comply with applicable laws and regulations, or to respond to court orders and legal procedures: Legitimate interests or legal obligations

4. How and Where We Process Your Personal Data

  1. (1) We perform various kinds of processing of personal data, such as collection, storage, use, organization, transmission, provision, disclosure, and deletion.
  2. (2) We process personal data in Japan, the People's Republic of China, Taiwan, and Hong Kong.

5. Disclosure of Personal Data

We may disclose your personal data to the following persons, within the extent of the purposes of processing set forth in section 2 above.

  1. (1) Service Providers
    We may disclose your personal data to IT service providers (including enterprises that handle development, maintenance, and operation of systems relating to the Service, and data server and cloud services providers), customer service providers, online travel agent (OTA), and other third-party service providers who supply certain services.
  2. (2) Employees
    We may disclose your personal data to our employees who have the authority, and are required, to access your personal data.

6. Transfers of Your Personal Outside Your Resident Country

Your personal data may be transferred to third parties outside your resident country . Where we transfer your personal data to third parties located in countries or territories outside those in which you are located, we comply with applicable data protection laws by methods such as ensuring the items below, or obtaining your consent thereto.

  1. (1) The recipient destination is designated as countries and territories that ensure an adequate level of protection for the rights and freedoms that you possess with respect to personal data under the applicable data protection laws.
  2. (2) The recipient enters into a contract with us into data transfer agreements as required by applicable data protection laws.

You may confirm additional details about the protection given if your personal data is transferred to outside your residence country by contacting us using the contact details in section 11 below.

7. Storage Period of Personal Data

We will store your personal data for the period necessary for the purposes of use of the relevant personal data. Specifically, your personal data shall be stored for the respective periods set forth below:

  1. (1) E-mail address: the earlier of two years from your last use of a ticket pursuant to the Service, or cancellation of your membership of the Service.
  2. (2) User name (name or handle) and passwords: the earlier of two years from your last use of a ticket pursuant to the Service, or one month after cancellation of your membership of the Service.
  3. (3) Membership number, ticket purchase and issuing records, ticket cancellation, refund, usage histories, and any other user records or histories: two years from your last use of a ticket pursuant to the Service.
  4. (4) Issued ticket No. (ticket ID): two years from the ticket issue date.
  5. (5) Location information for devices with which you use the Service: until the end of use of the ticket for which location information was used pursuant to the Service.
  6. (6) Country of residence: two years from your last use of a ticket pursuant to the Service.
  7. (7) Log data: one month from the time of the log record.
  8. (8) IP address: the earlier of three months from your log in, or one month after cancellation of your membership of the Service.
  9. (9) Information about the details of your inquiries and related information: two years from the receipt of inquiries

However, the foregoing shall not apply if storage of personal data is required for a longer period pursuant to applicable laws and regulations, and in such cases, the relevant personal data shall be stored for the period required by laws and regulations.

8. Procedures for and Method of Destruction of Personal Data

We will destroy your personal data without delay when it is no longer required, e.g., when the storage period of your personal data has expired or the purpose for which it was processed has been achieved. The procedures and methods for the destruction of personal data are as follows:

  1. (1) Destruction procedures: In situations in which we confirm that personal data is no longer necessary, the person responsible for processing the personal data shall destroy the personal data.
  2. (2) Destruction methods: We destroy personal data that is recorded and stored in the form of electronic files via methods that ensure that the personal data cannot be restored or recovered, and destroy personal data that is recorded and stored on paper media using shredders, or by incineration.

9. Your Rights

You have several legal rights in relation to personal data that we hold about you. These rights may vary depending on where you are located and which data protection laws apply to the relationship between you and us, but typically will include the following contact information:

  1. (1) the right to obtain information regarding the processing of personal data about you and to access personal data about you that we hold;
  2. (2) the right to request that we correct your personal data if it is inaccurate or incomplete;
  3. (3) the right to request that we erase your personal data in certain circumstances;
  4. (4) the right to request that we restrict our processing of your personal data in certain circumstances;
  5. (5) the right to object to our processing of your personal data;
  6. (6) the right to receive any personal data in a structured, commonly used, and machine-readable format and/or to request that we directly transmit that personal data to a recipient, where doing so is technically feasible;
  7. (7) If we process your personal data on the basis of your consent, the right to withdraw your consent to our processing of your personal data at any time, provided however withdrawal of consent does not affect the lawfulness of processing of personal data before its withdrawal).

You may exercise any of your rights by contacting us at the contact details set forth in section 11 below. You also may lodge a complaint with the relevant data protection authority if you believe that we have infringed any of your rights.

10. Security Control Measures

In addition to establishing rules on the processing of personal data, we take necessary and appropriate measures to prevent any leaks or loss of, or damage to your personal data to be processed, and otherwise to control the security of personal data, such as periodic self-inspection of the status of processing personal data, periodic training of employees regarding the processing of personal data, prevention of theft or loss of equipment for processing personal data, etc. We also exercise appropriate supervision over our contractors and employees who process personal data.

By contacting us using contact details set forth in section 11 below, you may confirm additional details about security control measures implemented by us with regard to the processing of personal data.

11. Our Contact Details

If you have any questions about this Policy, your rights, or any other matter relating to the protection of personal data, please contact us at the following contact information:

West Japan Railway Company
4-24 Shibata 2-chome, Kita-ku, Osaka
Personal Information Inquiry Desk: Click here for the online inquiries form

EU Representative
DP-Dock GmbH
Ballindamm 39, 20095 Hamburg, Germany
E-mail: jr-west@gdpr-rep.com

U.K. Representative
DP Data Protection Services UK Ltd.
16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom
E-mail: jr-west@gdpr-rep.com

You also may contact our data protection officer (DPO) at the contact address below:
DPO's e-mail address: west_japan_railway_dpo@westjr.co.jp

■ For those in the People's Republic of China

This Addendum applies to you in the People's Republic of China.

1. Sensitive Personal Information

Use of the Service by Minors
We process the personal information of minors under the age of fourteen (14) only if we obtain parental consent.

Location information
We process highly-precise location information as sensitive personal information. The necessity of processing sensitive personal information and its effects on individual rights and interests are as follows:

Necessity of processing
If the QR code is not displayed on your device for any reason or if it is not possible for you to enter or exit ticket gates by using the QR code, we believe that highly-precise information on your location will be necessary for us to determine the station in which you are located and have you comfortably use our train ride service.

Effects on individual rights and interests
We will not obtain highly-precise information on your location unless you provide us with your consent; further, even if we have obtained location information, we will delete it immediately after we have determined your location based on the information necessary for you to enter or exit ticket gates. Accordingly, we believe that the possibility of such processing affecting your rights and interests is low.

2. Provision of Personal Data to Third Parties

We will provide your personal information to the following third parties outside of the People's Republic of China:

Name of Recipient Contact Information Purpose of Processing Method of Processing Type of Transferred Personal Data Method of Exercising Your Rights
JR West Customer Relations Co., Ltd. Tel: +81-(0)570-00-8691 Customer support Consultation and use From among the personal data specified in section 2 of this Policy, your personal data, excluding the location information of your device You can exercise your rights by contacting the recipient using the Contact Information on the left column.

■ For those in the Republic of Korea

This Addendum applies to our customers in the Republic of Korea.

1. Transfer of Personal Data

We may transfer your personal data in accordance with section 6 of this Policy as described below.

(1) Provision of Personal Data to Third Parties

We process your personal information only within the scope of the processing purposes expressly specified in "2. Categories of Personal Data to be Collected and Purpose of Processing of Your Personal Data"; further, we will provide your personal data to third parties only if Articles 17 and 18 of the Personal Information Protection Act of Korea ("PIPA") apply, such as where your consent has been obtained or there is a special statutory provision, and we will not provide your personal data to third parties in any other cases. If any information is provided to third parties as stated above, we will obtain consent from you or disclose necessary information in this Policy pursuant to the PIPA.

(2) Outsourcing of Personal Data Processing to Outsourcees Outside Korea

We outsource the processing of your personal data to outsourcees outside Korea as follows:

Name and (if a legal entity) Contact Information of Outsourcee Details of Outsourced Service Item(s) of Personal Data to Be Transferred Country to Which Personal Data is Transferred Time of Transfer Method of Transfer Storage Period and Use by the Outsourcee Legal basis of the cross-border transfer
JTRweb Limited
contact@jtrweb.com		 Providing our QR code ticket issuing system, system maintenance for the Service From among the personal data specified in section 2 of this Policy, your personal data, excluding the location information of your device China/Hong Kong Periodic transfer after collection of personal data Network transfer of personal data entered and provided by you Storage period specified in section 7 of this Policy PIPA Article 28-8(1)(iii)
E TICKETING RESOURCES CO.,LTD (Re-outsourced from JTRweb)
contact@jtrweb.com		 system maintenance for the Service and communication with the customers From among the personal data specified in section 2 of this Policy, your personal data, excluding the location information of your device Taiwan Periodic transfer after collection of personal data Network transfer of personal data entered and provided by you Storage period specified in section 7 of this Policy PIPA Article 28-8(1)(iii)
JR West Customer Relations Co., Ltd.
+81-(0)570-00-8691		 Customer support to you From among the personal data specified in section 2 of this Policy, your personal data, excluding the location information of your device Japan Periodic transfer after collection of personal data Network transfer of personal data entered and provided by you Storage period specified in section 7 of this Policy PIPA Article 28-8(1)(iii)

You have the right to refuse to have your personal data be transferred outside Korea, and you can exercise this right by contacting us using the contact details in section 11 of this Policy. Please note that our provision of Services to you might be limited if you exercise this right.

2. Legal Basis for Processing of Your Personal Data Other than Consent

We may process your Personal Data under legal bases other than consent, as specified below:

Legal Bases Relevant Data Elements
Where processing is necessary to perform a contract with you, or to take actions at your request in the process of entering into a contract with you (PIPA Article 15(1)(iv))
  • · Your user name (name or handle), country of residence, e-mail address, passwords you set at the time of membership registration, membership number, issued ticket No. (ticket ID) (only in situations where QR codes displayed by you at station you enters/exits cannot be used, for any reason), device location information when you use the Service
  • · Information about the details of your inquiries
Where processing is necessary for our legitimate interests, provided that such legitimate interests clearly outweigh any competing privacy rights (PIPA Article 15(1)(vi))
  • · Your user name (name or handle), country of residence, e-mail address, passwords you set at the time of membership registration, membership number, issued ticket No. (ticket ID) (only in situations where QR codes displayed by you at station you enters/exits cannot be used, for any reason), device location information when you use the Service, ticket purchase and issuing records, ticket cancellation, refund, usage histories, and any other user records or histories
  • · Information about the details of your inquiries
  • · Your IP address and log data

3. Storage Period of Personal Data

If we are required to store personal data pursuant to applicable Korean laws, we will move the personal data to a separate database (DB) or store it in a separate storage location. The following laws and regulations require the storage of personal data:

  • (1) Article 6 of the "Enforcement Decree of the Act on Consumer Protection, etc. in E-commerce"

    • · Records related to labeling and advertising: Six months
    • · Records on processing of consumer complaints or disputes: Three years

  • (2) Article 41 of the "Enforcement Decree of the Communications Secrecy Protection Act"

    • · Date and time of subscriber's telecommunications, start and end times of telecommunications, subscriber numbers of other parties (such as outgoing/incoming communication numbers), number of telecommunications, and location information of outgoing base stations: Six months
    • · Materials recording computer communications or Internet logs and location information of the place of connection: Three months

4. Country Where Personal Data is Directly Collected and Processed

We directly collect from you and process your personal data in Japan.

5. Rights of Legal Representative

If you are the legal representative of a child under the age of 14 who uses our WEST QR service, you may exercise the rights set out in section 9 of this Policy on that child's behalf.

6. Person Responsible for Personal Information Protection

In order to protect personal data and process complaints regarding personal data, we have appointed a person responsible for personal information protection as follows:

- Name: Satoshi, Iwasaki
- Title: Managing executive officer, Manager of Governance Promotion Division
- Contact Information: +81-(0)570-00-8691

7. Installation, Operation and Refusal of Automatic Personal Data Collection Devices

In order to provide you with individualized services and convenience, we use cookies to store and retrieve usage information from time to time. A cookie is a small amount of information sent to your browser by the server (http) used to operate the website and is stored on your device. We only collect strictly necessary cookies and we can not provide you with the Service without them.

8. Revision of This Privacy Policy

We may revise this Privacy Policy if necessary as we regularly review its personal data protection measures and seeks to improve and enhance them as appropriate.

■ For those in the United States

This Addendum provides information regarding data privacy rights that may be applicable to individuals subject to the jurisdiction of certain states within the United States.

Part A applies to individuals who are "consumers" within the meaning of the California Consumer Privacy Act ("CCPA"). Part B applies to individuals of certain other states including Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah and Virginia. Part C contains general provisions applicable to those covered by Part A or B.

Last Updated: 2/12/2025

A. California

1. Our Collection, Use, and Disclosure of Personal Information

(1) Categories, Sources, and Purposes of Personal Information Collected

The table below describes the categories of your personal information that we obtain or have obtained during the 12-month period prior to the "Last Updated" date of this Addendum.

Category of Personal Information Obtained(as specified in the CCPA) Example
Identifiers User name (name or handle), e-mail address, password, membership number and issued ticket No. (ticket ID)
Other personal information Ticket purchase and issuing records, ticket cancellation, refund, usage histories, any other user records or histories and information regarding your inquiries
Internet or other electronic network activity information Strictly necessary cookie information, IP address and log data
Location information data Location information of your device and country of residence

Business or commercial purposes: For the business or commercial purposes described in section 2 of this Policy, we obtain and use, and have obtained during the 12-month period prior to the "Last Updated" date of this Addendum, your personal information.
In this regard, we do not collect or process your sensitive personal information for the purpose of inferring characteristics about you.

Sources: The categories of sources from which we obtained your personal information during the 12-month period prior to the "Last Updated" date of this Addendum are as follows:
· Obtained directly from you

(2) Sale of Personal Information

We do not sell, and have not sold during the 12-month period prior to the "Last Updated" date of this Addendum, your personal information, including the personal information of consumers under 16 years of age, to third parties.

(3) Sharing of Personal Information

We do not share, and have not shared during the 12-month period prior to the "Last Updated" date of this Addendum, your personal information, including the personal information of consumers under 16 years of age, with third parties.

(4) Disclosure of Personal Information for Business Purposes

We have disclosed your personal information described in (1) above to third parties for business purposes during the 12-month period prior to the "Last Updated" date of this Addendum. The third parties to whom we have disclosed such personal information are service providers such as IT service providers (including data server and cloud service providers) and customer service providers. We do not use or disclose your sensitive personal information for purposes other than those specified in the CCPA; therefore, we are not subject to the right to limit the use or disclosure of sensitive personal information.

2. Your Rights

If you are a California consumer, you have certain rights regarding your personal information, as described below.

  • (a) Access: You have the right to request, twice in a 12-month period, that we disclose to you the information we have obtained, used, and disclosed about you during the 12 months preceding your request including the following:

    • · The categories of personal information we have collected about you;
    • · The categories of sources from which the personal information is collected;
    • · The business or commercial purpose for collecting or sharing your personal information;
    • · The categories of third parties to whom we have disclosed your personal information; and
    • · The specific pieces of personal information we have collected about you

  • (b) Deletion: You have the right to request that we delete certain personal information we obtained from you.

  • (c) Correction: You have the right to request that we correct inaccurate personal information we maintain about you.

B. Certain Other States

Laws in other states including those of Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah and Virginia provide residents with certain privacy rights, which may include those listed below. Ultimately the particular law of each applicable state will determine how rights apply to individuals within those states.

  • 1. Rights to Access and Data Portability.You have the right to request details regarding our processing and access to your personal data and to obtain your personal data in a portable format and you may have the right to obtain your personal data in a readily usable format, to the extent feasible. You may have the right to request a list of third parties with whom we share personal information here.
  • 2. Right to Correct.You have the right to request that we correct inaccurate personal data.
  • 3. Right to Delete.You may have the right to request that we delete the personal data we have collected about you.
  • 4. Right to Opt Out.At this time we do not sell or share your personal information to or with third parties. You may have the right to opt out of targeted advertising and the sale of your data (as defined under relevant and applicable law if our policy changes.
  • 5. Exercising Your Local Privacy Rights.To request access to or deletion of your personal data, or to exercise any other privacy right listed above, please contact us using the contact information in section 11 of this Policy.

C. General Provisions

  • 1. How to submit a request.o make an access, deletion, or correction request, please contact us using the contact information in section 11 of this Policy.
  • 2. Verifying requests.To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your deletion or correction request. Upon receiving an access, deletion, or correction request from you, we will first verify your identity by requiring that you submit personal information you have provided us already (such as your name or e-mail address) and by matching the information you provide with the information we already have. If we cannot verify your identity because you do not submit this information, we may deny your request. If you use an authorized agent to make an access, deletion, or correction request on your behalf, we may require that the authorized agent provide documents proving that you gave the agent signed permission to submit the request. Also, we may require that you either (i) verify your own identity directly with us or (ii) directly confirm with us that you provided the authorized agent permission to submit the request.
  • 3. Additional information.Because we do not sell or share your personal information to or with third parties, we do not process opt-out preference signals from Global Privacy Control.
  • 4. Non-discriminatory treatment.Please note, if you choose to exercise your rights under specific laws of various states, you have the right not to receive discriminatory treatment by us.
  • 5. ContactsIf you have any questions or concerns regarding this Addendum or your choices or rights specified in the state privacy law applicable to you, please contact us using the contact information in section 11 of this Policy.
  • 6. Changes to this Addendum for those in the United States.We may change this Addendum from time to time. The "Last Updated" date at the top of this page states when this Addendum was last updated; any changes will become effective upon us posting the revised Addendum. We will post a prominent notice on our website to notify you of any significant changes to this Addendum and indicate the date it was most recently updated.

Ticket Deals and Passes

TOP