ANA 隱私權政策
相關網站
修訂日期:2026 年 4 月 1 日
第 1 章記載適用於所有顧客的個人資料處理事宜,而第 2 章、第 3 章、第 4 章、第 5 章則針對位於或居住在歐洲經濟區/英國、中華人民共和國、美國加州、泰國的顧客提供區域特定性的資訊。
第 1 章 ANA針對所有顧客個人資料處理
1. 前言
本隱私權政策說明ALL NIPPON AIRWAYS CO., LTD. (下稱:「ANA」或「我們」,或於所有格時稱:「我們的」)取得的顧客及其他個人之個人資料係如何被使用及其被使用之原因。提供個人資料給 ANA 或使用 ANA 的商品或服務前,請務必事先詳細閱讀本隱私權政策。
本隱私權政策的第 1 章提供了關於我們如何使用您個人資料的概要。
額外的政策可能適用於ANA 的商品或服務,其詳細內容會另行提供或記載於該項服務之條款等。
另外,針對居住在日本的顧客,本章中之個人資料,係指與生存之個人有關之資料,其含有姓名、出生年月日或其他可用以識別出特定個人的內容等資訊,或個人識別符號者。
2. 適用範圍
當顧客或其他個人提供個人資料給 ANA 時,或是使用 ANA 的服務及商品時,即適用此隱私權政策。
3. 個人資料之使用目的
ANA 基於下列目的,使用其自顧客取得的個人資料。但即使於目的範圍內,ANA 不會以任何可能鼓勵或誘導違法或不當行為的方式,使用顧客的個人資料。
- (1) 航空運輸服務相關之預訂、機票販售、劃位報到、機場服務、機內服務
- (2) 聯航運輸、共同承運、代碼共享、連續運輸,及受託運輸相關之預訂、機票販售、劃位報到、機場服務
- (3) 對ANA 哩程俱樂部會員提供服務
- (4) ANA 服務/商品使用情形的研究與分析
- (5) 上述 (1)~(4)之目的所有附帶、相關之業務
- (6) 對ANA提供之服務、商品等實施問卷調查
- (7) 開發新服務及商品
- (8) 與ANA提供之服務及商品有關之通知
- (9) 與ANA、ANA 集團公司及合作公司等實施的各種活動與促銷有關之營運及管理
- (10) 提供與ANA、ANA 集團公司及合作公司等之服務、商品、活動、促銷有關的資訊,及以包含直接郵寄、電子報、通知、及廣告等方法提供各種資訊
- 顧客之個人資料 (使用ANA、ANA 集團公司等之服務與商品之詳細內容,或 ANA 網站、行動應用程式瀏覽紀錄等之分析資料等),可能會被透過使用 AI (人工智慧)等方式進行分析,藉此推斷顧客的興趣、喜好、購物傾向、屬性等,且其結果可能會被用於向顧客投放廣告或行銷等措施。
- (11) 回應洽詢及請求
- ANA可能會利用AI(人工智慧)和其他技術,分析顧客的洽詢、請求、溝通和語音內容,並將其用於向顧客提供的顧客支援服務。
除上述(1)至(11)之目的外,個人資料亦將被使用於本章第8條「8.共同使用」所列載之目的。
4. 蒐集個人資料
為達成上述目的,ANA 會以公正且適當的方式,取得下列個人資料。
(1) 個人身份資訊、聯絡資訊、及付款資訊等
顧客姓名、地址、電話號碼、傳真號碼、電子郵件地址、就業資訊 (公司名稱、顧客所屬部門、職稱、地址、電話號碼、傳真號碼)、收件地址、護照資訊、與搭機有關的身體及疾病相關資訊、飲食限制、包括信用卡/簽帳卡及其他付款方式之詳細內容的付款資訊等
(2) 旅遊資訊
旅遊計畫及安排之詳細內容,包含ANA 及其他航空公司的航班資訊、住宿及其他交通安排等
(3) 顧客之ANA 哩程俱樂部會員相關資訊及資格限定服務之相關使用資訊
顧客之ANA 哩程俱樂部會員號碼、會員卡種類、會員狀態、會籍所屬地區、哩程狀態、信用卡號碼及有效期限、信用卡使用紀錄及相關資訊、輪椅或其他特殊安排之需求、航班預訂及取消資訊、航班及其他服務使用紀錄等
(4) 向 ANA 洽詢以及申訴之詳細內容
因包含個人姓名或其他原因,而可用以識別特定個人的聲音錄音資訊及其他類似資訊
- 為確認任何給予我們的指示、訓練目的、預防犯罪、提升我們的顧客服務品質,我們可能會監控、記錄、儲存及使用與您之電話、電子郵件或其他溝通內容。
(5) 包含 ANA 網站及行動應用程式之使用資訊在內的 IT 及系統資料
諸如顧客於 ANA 網站及行動應用程式上的相關使用資訊,包含ANA 可用以識別特定個人之Cookie、廣告識別碼 (IDFA/GAID)、位置資訊、裝置固有ID、IP 位址、作業系統以及瀏覽器類型,以及網頁上之活動紀錄之詳細內容等 (關於 Cookie 的使用目的及其他相關事項之詳細內容,請參閱 ANA Cookie 政策中之「3. Cookie 的使用目的」等)
除受法律或法規要求或經顧客同意之情形外,ANA 不會取得及利用諸如種族、信仰、社會地位、病歷、犯罪紀錄、曾因他人犯罪而受害之事實等顧客之具敏感性質之資訊 (下稱「敏感性資訊」)。
5. 個人資料關聯資訊之取得
ANA 可能會直接從顧客或自第三方或ANA集團公司取得顧客之個人資料關聯資訊。本章中之「個人資料關聯資訊」,係指與生存之個人有關之資料,且不該當日本「個人資料保護相關法律」 (平成十五年法律第五十七號) 中所定義個人資料、擬匿名加工資料及匿名加工資料者。
(個人資料關聯資訊之舉例)
上述「4. 蒐集個人資料 (5) 包含ANA 網站及行動應用程式之使用資訊在內的 IT及系統資料」中列出的 Cookie、廣告識別碼 (IDFA/GAID)、位置資訊、裝置固有ID、IP 位址等詳細內容中,ANA 無法用以識別特定個人者。
(接收個人資料關聯資訊之舉例)
自第三方或 ANA 集團公司取得廣告識別碼用以投放廣告
如我們將該等個人資料關聯資訊與 ANA 或 ANA 集團公司所持有之顧客個人資料連結並用作個人資料,我們會事先取得顧客同意,且除非我們表明其他目的,我們將依照「3. 個人資料之使用目的」所載明之使用目的,妥善處理該等資訊。
6. 顧客的選擇
原則上,ANA均依顧客之意願取得個人資料。如顧客拒絕提供個人資料,顧客可能遭遇因ANA系統之部分功能無法運作而無法使用所導致的不利情況,諸如無法利用 ANA 所提供的各種服務,或無法取得促銷活動通知或其他ANA之資訊。請留意顧客可隨時依 ANA 另行指定的方式變更其聯絡資訊及是否欲接收電子報之決定。
7. 對第三方之資訊揭露與提供
(1) 當ANA 揭露或提供顧客個人資料予第三方時
除有下列情形之外,ANA不會將顧客之個人資料揭露或提供予任何第三方。另外,關於包含顧客敏感性資訊之個人資料,除經法律及法規允許或經顧客之同意允許外,於任何情形下ANA皆不會揭露或提供予第三方。請留意,基於共同使用或業務委託而提供資訊,不會構成對第三方之揭露或提供。
- 獲顧客同意時
- 揭露或提供係在法律或法規允許範圍內所需者
- 難以取得顧客同意,但為保護人類生命、健康或財產所需之揭露
- 配合國家或地方政府公共事務所需之揭露,且取得顧客同意可能會妨礙公共事務之施行時
- 以統計資料揭露或提供資訊 (以未揭露顧客身分之形式) 時
- 因公司合併、公司分割、營業讓與或其他事由所產生的事業承繼而提供資訊時
- 在顧客得自行透過 ANA 網站等輕易確認以下資訊,且顧客並未表示拒絕提供其資訊之情況下,依據法律及法規之程序提供資訊
- 資訊之取得目的是為了提供該資訊予第三方
- 提供予第三方之特定個人資料項目
- 該個人資料被提供予第三方之方法
- 資訊之提供將應顧客之請求而停止
- 受理顧客請求之方法
(2) ANA 可能揭露或提供顧客個人資料之第三方
ANA 可能會將顧客之個人資料揭露或提供給下列類型的接收者。
- 關係企業等:
ANA 可能會將顧客之個人資料揭露或提供予隸屬於 ANA 集團的公司以及與 ANA 集團有關的組織。 - ANA之員工:
ANA 可能會將個人資料揭露或提供予獲授權且有需要存取該等個人資料之ANA員工。 - 服務供應商:
ANA 可能會將個人資料揭露或提供予諸如 IT 服務供應商 (包含資料伺服器及雲端服務供應商)、資訊分析服務供應商、廣告投放服務供應商、及法律顧問等履行特定服務之第三方服務供應商。
8. 共用使用
ANA 可能會依下述共享顧客之個人資料。
| 共用資料之事業實體之範圍 | ANA 集團公司 (English only) |
|---|---|
| 使用者使用資料之目的 |
|
| 共享之個人資料項目 | 顧客之ANA 哩程俱樂部會員號碼、顧客之姓名、地址、電話號碼、傳真號碼、電子郵件地址、就業資訊 (公司名稱、顧客所屬部門、職稱、地址、電話號碼、傳真號碼)、收件地址、護照資訊、與搭機有關的身體及疾病相關資訊、飲食限制、包括信用卡/簽帳卡及其他付款方式之詳細內容的付款資訊、包含ANA及其他航空公司的航班資訊、住宿及其他交通安排之旅遊計畫及安排之詳細內容、會員卡種類、會員狀態、會籍所屬地區、哩程狀態、信用卡號碼及有效期限、信用卡使用紀錄及相關資訊、輪椅或其他特殊安排之需求、航班預訂及取消資訊、航班及服務使用紀錄、包含在與顧客往來溝通過程中的洽詢、請求及申訴的詳細內容、包含cookie及網頁上之活動紀錄等之ANA 網站及行動應用程式的使用資訊等 |
| 負責個人資料管理之一方之名稱、住址以及代表人 | ANA Holdings Inc. 〒105-7140 日本東京都港區東新橋 1-5-2 汐留 City Center 取締役會長 芝田 浩二 |
9. 業務委託
於提供商品及服務予顧客時,ANA可能會將部分業務營運委託予第三方,且於達成使用目的之必要範圍內,個人資料可能被揭露予該等第三方。此時,為保障顧客個人資料的處理,ANA將會執行適當的方法以管理及監督該等第三方,包含與該等第三方簽訂處理該等個人資料之合約。
10. 傳輸至日本境外
根據顧客之航班目的地,ANA 可能會傳輸顧客之個人資料 (姓名、護照號碼、旅遊之詳細內容等) 至日本境外。 ANA 有提供服務的國家可於ANA 網站上確認。顧客個人資料所傳輸到的國家或地區,可能不具有與日本同等的個人資料保護制度。
如ANA欲將顧客的個人資料提供予包含受託公司及共用使用之合作對象在內的位於日本境外之第三方業務營運商,除於下列任一情形外,ANA將基於顧客之同意為之。
- (1) 於第三方係位於一被法律及法規明定為具有與日本同等之個人資料保護制度的國家;或
- (2) 第三方已建立一制度,得令其持續採行相應於該等於日本處理個人資料之業務營運商所應採取之措施。
於上述 (2) 之情形,ANA 將採取必要且適當的措施,以確保第三方持續採行該相應措施。如您欲瞭解ANA之措施之詳細內容,請依據「12. 關於個人資料處理之請求」提出請求。
11. 個人資料之管理
ANA 於接收顧客個人資料時,將妥善管理該等資料並採取必要的安全管理措施,以防止外洩、滅失或遭到竄改等情形。ANA 確保董事會成員及員工均受與適當處理有關的適當訓練,以保障可識別顧客之資訊之安全。
適當的個人資料保存期限將會依據該等資料之使用目的而設立。於達成資料之目的後,ANA將以妥善方式銷毀該資料。
如您欲瞭解安全管理措施的詳細內容,請依據「12. 關於個人資料處理之請求」提出請求。
- 請參閱「ANA 集團 資訊安全政策 (English only)」以瞭解ANA對資訊安全的行為政策。
12. 關於個人資料處理之請求
針對儲存在 ANA 之資料庫內的顧客個人資料,如ANA收到顧客依指定方法提出之揭露、更正、刪除、補充、停止使用、除去、關於「10. 傳輸至日本境外」以及「11. 個人資料之管理」中所稱之個人資料保護措施相關資訊之提供 (下稱「揭露等事宜」)之請求時,於確認該請求係顧客自行提出後,該請求將依下述於合理期間及範圍內依法律及法規辦理。
(1) 揭露之請求
個人資料的項目、使用目的,或提供個人資料予第三方之紀錄,將依據顧客之請求揭露。
(2) 更正、刪除、補充之請求
更正、刪除,或個人資料之補充,將於適當審核請求後,在適當且可行之範圍內執行。
(3) 停止使用、除去之請求
顧客指定之個人資料項目,在適當且可行之範圍內,將依據所提出之請求停止使用,且相關資訊將依請求除去。但請留意,該等請求可能使顧客無法再被提供其使用過的服務,或是可能使服務無法依其意願提供。
(4) 提供個人資料保護措施相關資訊之請求
下列資訊將依據顧客之請求提供。
- ANA 接收顧客個人資料時所採取之安全管理措施之詳細內容
- ANA 提供顧客個人資料予位於日本境外之第三方時所採取之措施之詳細內容 (於「10. 傳輸至日本境外」(2) 之情形)
當遵守顧客之請求會嚴重影響 ANA 的業務營運、導致法律或法規之違反,或中斷個人資料的安全管理時,ANA可能無法履行客戶之請求。
13. 提出揭露等事宜之請求
關於顧客提出揭露等事宜之請求方式或ANA接收個人資料使用目的之通知(下稱「揭露等事宜之請求」)之方式以及連絡資訊如下。
揭露等事宜之請求
(1) 提出請求之方式
【如您希望經由郵件接收我們對您揭露請求之回覆】
請將所需文件透過郵寄寄送至下列地址。
地址:
〒850-0078
日本長崎縣長崎市神之島町 1-331-90
ALL NIPPON AIRWAYS CO., LTD. 個人資料處理服務台
【如您希望經由電子檔案形式接收我們對您揭露請求之回覆】
請透過 ANA 網站所載之網路申請表格傳送所需文件。
(2) 所需文件
確認個人身分之所需文件
- (於本人之情況)
- (1) 下列文件之一之影本:駕照、護照、個人編號卡 (僅須正面) 、身體障礙證明、在留卡
- (於代理人之情況)
除(於本人之情況)之文件,尚需以下(1)及(2)點所述之文件。- (1) 委託書 (法定代理人須提供證明文件)
- (2) 可確認代理人身分之文件 (下列文件之一之影本:駕照、護照、個人編號卡 (僅須正面) 、身體障礙證明、在留卡)
(3) 手續費
依據請求之類型,可能收取手續費。針對多筆預訂及登機資訊之揭露,每一航班會被計為一個揭露項目。請留意處理程序可能依據相關國家之法律及法規而有不同。
- 請留意ANA 預訂確認、登機確認或 ANA 哩程俱樂部會員資訊更新等,由 ANA 網站 (www.ana.co.jp) 或ANA電話窗口受理。請求僅會在得以確認顧客身分之情況下受理。
14. 停用 Cookie及廣告識別碼
- (1) 停用 Cookie
請參閱 ANA Cookie 政策中之「5. 停用 Cookie」。 - (2) 停用廣告識別碼
ANA 取得並使用廣告識別碼 (於Apple 之 iOS系統為「Identification For Advertisers (IDFA)」,於Google之 Android OS系統等為「Google Advertising ID (GAID)」)。
如您希望停止使用廣告識別碼的廣告投放,請依據下述設置您的裝置設定。
15. 隱私權政策之變更
ANA可能會變更此隱私權政策之內容。隱私權政策如有變更,其詳細內容將刊載於 ANA 網站 (www.ana.co.jp)。
ALL NIPPON AIRWAYS CO., LTD.
代表取締役社長 井上 慎一
〒105-7140 日本東京都港區東新橋 1-5-2 汐留 City Center
Chapter 2. Handling of personal data of EEA and UK residents by ANA
1. Introduction
This Chapter 2 provides additional information about the handling of personal data of customers and other individuals in the European Economic Area ("EEA") and/or the United Kingdom ("UK") in accordance with EU General Data Protection Regulation 2016/679 ("GDPR") and the UK Data Protection Act 2018 ("DPA 2018") and other national and international data protection and privacy laws in the EEA and UK (collectively, "Data Protection Laws").
Please note that the UK's laws are similar to those in the EEA, and customers from both jurisdictions have very similar rights. Accordingly, references to the GDPR in this Chapter should also be read as references to corresponding UK law.
The consent shall be given or authorized by the holder of parental responsibility in the event that a customer under the age of 16 uses ANA's service. Customer's consent to this Privacy Policy must be obtained in the event that a person such as family member applies for ANA's service on behalf of the customer.
In the event that any provisions of this Chapter 2 contradict those of Chapter 1, the provisions of this Chapter 2 shall prevail.
2. The controller of personal data
The controller of your personal data is ANA.
ANA protects personal data which is collected and used by controllers (who make decisions about how and why your personal data is used) and processors (who act on the controller's written instructions) on the basis of Data Protection Laws.
3. Our legal basis for processing personal data
ANA protects your personal data by ensuring that it can only be used to the extent necessary for specific purposes (as set out in Part 3 of Chapter 1 of this Privacy Policy) and by requiring that there is a legal basis for each processing activity on the basis of Data Protection Laws.
ANA may process customer personal data on one or more of the following legal basis:
- (1) When your consent is obtained for the processing (Article 6(1)(a) GDPR)
Consent will usually only be relied upon for promotional and marketing related processing, or in some cases, in relation to sensitive personal data. - (2) When processing is necessary in order to perform or take steps to enter into a contract (Article 6(1)(b) GDPR).
This is typically when we process customer information which is essential to providing our services, including a customer's identity, contact, payment and travel details, etc. - (3) When ANA needs to process the data to comply with a legal obligation (Article 6(1)(c)).
This includes the requirement to share personal data with customs and immigration authorities or law enforcement, as well as ANA's legal obligations towards its staff and customers. - (4) When the processing is required to protect your, or a third party's, vital interests (Article 6(1)(d)), for example in the event of a medical emergency.
- (5) When the processing of personal data is required for legitimate interests of ANA or a third party, and these interests are not overridden by your rights under Data Protection Laws (Article 6(1)(f) GDPR).
This includes the use of personal data necessary to operate ANA's business and also to maintain, develop and improve its goods and services and provide the best possible customer experience.
4. Request about processing of personal data
(1) Data Protection Laws provide you with the following legal rights:
- Request for access: You can request copies of your personal data and details of how we process it.
- Request for rectification: Rectifications to personal data will be undertaken where possible after due review of the request.
- Request for erasure: You may request that we erase all or part of the personal data we hold about you. We will consider your request and, where the personal data is no longer required or the law does not permit us to continue to retain it, we will erase it.
- Request for data portability: You can request a copy of your personal data in a structured, common, machine-readable format. This only applies to personal data which we obtain from you and process on the basis of your consent or in order to perform a contract, and which is processed by automated means.
- Objections to processing: You can object to processing which is carried out for ANA's or a third party's legitimate interests or for the purpose of direct marketing. We will cease processing customer's information unless we can prove any legitimate grounds to show that the legitimate interests override the customer's interests. If you object to direct marketing, we will cease the processing.
- Restrictions to processing: You can restrict our processing of the customers' personal data under certain circumstances. Where this applies, any processing of your personal data (other than storing it) will only be lawful with your consent or where required for legal claims, protecting certain rights or important public interest reasons.
- Withdrawal of consent: If we rely on consent to process your personal data, you have the right to withdraw that consent at any time.
Please note, the rights set out above are not absolute and do not apply in every situation. There are also legal exemptions which apply in some situations and mean a request may be refused. If the request is refused, we will inform you of the reasons for this when we respond.
Records of requests made to us will be retained so that we can demonstrate that we have complied with the legal obligations.
(2) Method for submitting a request
You can exercise your rights free of charge (except in the case of unreasonable, excessive or repeated requests in which case we may charge a fee or refuse the request). The method for submitting a request and contact information are as follows.
(Website)
Please send the required documents via the webform listed on ANA's website.
(Required documents)
(3) Responding to a request
We will respond without undue delay and usually within one month. We may, in some cases, ask for identification or (if you are making the request on behalf of a third party) proof of your authority to submit a request. If your request is particularly complex or you have made a number of requests, it may take longer to provide a detailed response. Please also bear in mind that there are exceptions to the rights above and some situations where they do not apply.
If you are not satisfied with our response to a data protection request or if you think your personal data has been mishandled, then you have the right to complain to a supervisory authority. Please see Part 9 of this Chapter 2 ("Lodging a complaint with an authority") for further details.
5. Data sharing which is necessary to provide goods or services
ANA's goods and services are provided with the assistance of other companies and organizations and often ANA will need to share personal data with third parties in order to run its business. These third parties include:
- (1) Other companies in the ANA Group
- (2) Organizations with which ANA is legally required to share personal data
including: government organizations, regulatory and law enforcement authorities, judicial, customs and immigration authorities, third-party organization, etc. - (3) Service providers
including: subcontractor handling ANA flights, airports and airlines whom we partner with, various service providers, providers with whom we have a marketing partnership, etc.
Where ANA instructs companies, contractors or service providers to process data on its behalf, then it will ensure that it does so pursuant to a contract which meets the requirements of applicable Data Protection Laws.
6. Marketing communications
ANA sends out marketing communications from time to time to notify interested persons of news and provide details of goods and services which may be of interest to them. ANA will only do this if the recipient has consented to receive marketing or if they are an existing customer who purchased goods or services from ANA and were given the opportunity to opt-out from marketing at the time but chose not to do so.
7. Where your personal data is stored and transferred
ANA is located in Japan and many of the service providers and other organizations with whom we share your personal data will be located in jurisdictions outside the EEA and UK. It should be noted that Japan has been recognized by the European Commission as providing adequate protection for personal data.
When transferring personal data to third parties ANA will ensure that it complies with the requirements of Data Protection Laws, including the EU-Japan adequacy decision and the onward transfer requirements under the related Japanese laws. However, please note that recipients outside the EEA and UK may be subject to national laws which do not necessarily provide equivalent protection for your personal data. If you would like more information regarding where your personal data is stored and transferred, please contact ANA using the details set out in Part 13 of this Chapter 1 ("Submission of a request for disclosure, etc.").
8. Retention of personal data
ANA retains customers' personal data until the purpose of use is achieved. Particularly, ANA has set the retention period for personal data as follows. For most other personal data, the appropriate retention period will be determined based on the nature of the information and the purpose for having it by reference to legal and accounting requirements and our business needs.
- (1) Personal data of ANA Mileage Club membership
Until withdrawal of the ANA Mileage Club membership - (2) Personal data of passengers
Until completion of transportation and related services stipulated in Conditions of Carriage for Domestic Flights and Conditions of Carriage for International Flights - (3) Other personal data
Required period for the purpose which customers have consented
9. Lodging a complaint with an authority
Customers have the right to lodge a complaint on the processing of their personal data with the data protection authority having jurisdiction over their residence.
- (1) EEA residents: Please contact your national supervisory authority, details of which can be found on the European Data Protection Board's website (https://edpb.europa.eu/about-edpb/board/members_en).
- (2) UK residents: Please contact the Information Commissioner's Office (www.ico.org.uk).
10. The contact information of the controller and ANA's Data Protection Officer
Controller: ALL NIPPON AIRWAYS CO., LTD.
Address: Shiodome City Center, 1-5-2 Higashi-Shimbashi, Minato-ku, Tokyo, Japan
Data Protection Officer email: dataprotection@ana.co.jp
- Please note that this e-mail address is for data protection related matters only.
- For requests for processing of personal data (access, erasure, rectification, etc.), please refer to Part 4 of this Chapter 2 (Request about processing of personal data, (2) Method for submitting a request).
- For inquiries regarding reservations, tickets, baggage, ANA Mileage Club, services, etc., please access Contact Information in Each Region and ANA Branch Office.
- Please choose your city and language.
Chapter 3. Handling of personal information of China residents by ANA
Besides Chapter 1, Chapter 3 also applies to the handling of personal information of persons residing in the People's Republic of China (hereinafter, "China") based on China's Personal Information Protection Law and related regulations (hereinafter, "PIPL etc."). In the event that any provisions of this chapter contradict those of chapter 1, the provisions of this chapter shall prevail.
1. Introduction
A guardian's consent or permission must be obtained in the event that a customer under the age of 18 uses ANA's service. In the event that a person such as a family member applies for ANA's service on behalf of the customer, the consent of the customer (when he/she is under the age of 14, his/her guardian) to this Privacy Policy must be obtained.
2. Collection of sensitive personal information
For the purpose of use, ANA may handle personal information that can be classified as sensitive personal information under PIPL etc., such as information about one's passport, health condition, payment, or accommodations.
Since sensitive personal information can negatively affect the interests of customers if it is leaked or used unlawfully (for example, it is likely that individual dignity will be damaged or that personal safety and asset security will be put at risk), ANA will carefully manage such information and handle it in a lawful manner.
3. Retention period for personal information
ANA will retain the customer's personal information until the purpose of use is achieved. In particular, ANA sets the retention period for personal information as follows.
- (1) Personal information of ANA Mileage Club membership
Until ANA Mileage Club membership cancellation - (2) Passengers' personal information
Until the completion of transportation and related work stipulated in the Conditions of Carriage for Domestic Flights and Conditions of Carriage for International Flights - (3) Other personal information
The shortest required period for the purpose to which customers have consented
4. Technology and measure to protect customers' personal information
- (1) ANA takes security measures to protect customers' personal information from leakage, alteration or loss. Specifically, ANA takes the following measures to protect customers' personal information.
- ANA establishes and implements an internal management system and operational rules relating to the protection of personal information.
- ANA conducts classification management for personal information.
- ANA develops website with https and sets SSL encryption to secure important customers' data (credit card information, etc.) communication between the customers' web browser and the server.
- ANA uses encryption technology for protecting personal information.
- ANA allocates access rights reasonably and controls access, so that access by unauthorized persons to personal information will be prevented.
- In order to raise employee awareness of the importance of protecting personal information, ANA provides education and training on security and privacy protection.
- ANA establishes and implements emergency response plans for personal information incidents.
- (2) ANA will take all reasonable and practicable steps to ensure that no irrelevant personal information is collected. ANA will only retain customers' personal information for the shortest period of time required to achieve the purposes stated in this Privacy Policy, unless an extension of the retention period is permitted by law.
- (3) In the event of a personal information incident, ANA will promptly inform customers of the relevant circumstances of the incident in accordance with the requirements of PIPL, etc. and report to the regulatory authorities.
5. Request about handling of Personal Information
In the event that ANA receives a request regarding the personal information it holds of a customer who is a resident of China, the request will be handled in a reasonable timeframe and scope in accordance with PIPL, etc. and Chapter 1 "Part 12 Request about handling of Personal Information". In responding to the request, ANA may confirm that it was submitted by the customer himself/herself.
(1) Request for withdrawal of consent
If the handling of the customer's personal information is based on his/her consent, the customer has the right to withdraw such consent.
Personal information items designated by the customer will be deleted in accordance with the customer's request, wherever possible and appropriate.
However, please note that such deletion may prevent customers from being provided with services that they had utilized, or may impede the provision of services in accordance with their wishes.
(2) Request for interpretation/explanation of Privacy Policy
Customers have the right to ask for the interpretation/explanation of this Privacy Policy.
(3) Methods for submission of a request
Customers may submit a request by following methods.
1. Submission of a request
Website:
Please send the required documents via the webform listed on ANA's website.
2. Required documents
Application form
Documents required for confirmation of identification of individual, etc.
- (For individuals)
- (1) A Copy of one of the followings: Official ID Card with a photo, such as Driver's License, Passport, etc.
- (For representatives)
In addition to "(For individuals)," the following documents described in (1) and (2) below are required.- (1) Power of Attorney (legal representatives must provide a certifying document)
- (2) Documents to identify the representative (A Copy of one of the followings: Official ID Card with a photo, such as Driver's License, Passport, etc.)
3. Contact Desk
China
4008-82-8888
(Charged)
6. Provision to third parties and transfer outside China
When ANA provides personal information of customers to third parties (including the cases of provision due to shared use and business entrustment that involves the transfer of such information outside China), it will do so in accordance with PIPL, etc.
7. Change of purposes of use of personal information
In the case of a change to the purposes of use of personal information, ANA will announce the revised Privacy Policy in advance on ANA website (www.ana.co.jp) and ANA will use personal information in accordance with the new purposes of use of personal information after obtaining consent from customers.
8. Basic information of Controller of personal information
ALL NIPPON AIRWAYS CO., LTD.
Address: Shiodome City Center, 1-5-2 Higashi-Shimbashi, Minato-ku, Tokyo, Japan
Chapter 4. Handling of personal information of California residents by ANA
Last updated on April 1, 2026
Besides Chapter 1, Chapter 4 also shall apply to the handling of personal information of persons residing in California, United States of America based on the California Consumer Privacy Act of 2018 as amended under the California Privacy Rights Act of 2020 (hereinafter "CCPA"). In the event that any provisions of this chapter contradict those of chapter 1, the provisions of this chapter shall prevail.
The terms used in this chapter are based on the definitions provided in CCPA. For example, the term "sale" means ANA's selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information to a third party for monetary or other valuable consideration. The term "sharing" means ANA's sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration. However, if ANA concludes an appropriate agreement concerning the handling of personal information with a third party, the activities mentioned above are not regarded as "sale" from the perspective of CCPA.
1. Acquisition and use of personal information
Personal information collected by ANA in the preceding 12 months or likely to be collected in the future is classified as defined in the following table. ANA uses such information for the purposes set forth in Chapter 1, Part 3 (Purpose of using personal information). It will acquire such personal information directly from customers.
| Type of personal information collected | Example of personal information |
|---|---|
| Identifiers (name or symbol, etc. used to uniquely identify a particular subject) | The customer's name, address, telephone number, fax number, mailing address, email address, passport information, and ANA Mileage Club membership number (10 digit number), personal online identifier, etc. |
| Additional data subject to the California Customer Records statute (personal information categories in Cal. Civ. Code Sec. 1798.80(e)) | The customer's physical and medical information relating to flying, credit card number, and payment information including details of credit/debit card and other payment methods, etc. |
| Characteristics of protected classifications under California or federal law | The customer's dietary restrictions, etc. |
| Commercial information | The type of customer's ANA Mileage Club membership card, membership status, membership area, mileage status, credit card expiration date, usage history of credit card and related information, need for wheelchair or other special arrangement, flight reservation and cancellation information, usage history of flights and other services, details of travel plans and arrangements, including flights with ANA and other airlines, accommodations, and other transportation arrangements, information contained in correspondence with customers, details of inquiries, requests and complaints, etc. |
| Internet or other electronic network activity information | Information such as that on how customers use the ANA website and mobile application, including details on cookies, advertising identifiers (IDFA/GAID), location information, unique device identifiers, IP address, details on OS and browser type, etc., and website activity logs |
| Professional or employment-related information | Employment information (company name, division/department the customer belongs to, title, address, telephone number, fax number) and related information |
| Sensitive personal information | Passport information, information on physical condition or disease of the customer relevant to his/her boarding, the customer's dietary restrictions, the necessity to arrange for a wheelchair, and location information, etc. |
2. The disclosure of personal information
- (1) Sale of personal information
ANA does not sell customers' personal information (including personal information concerning minors) to any third parties, and has not sold the same in the past 12 months. - (2) The sharing of personal information
The types of personal information that ANA may share with third parties in the future, and the types of personal information that ANA has shared with third parties in the past 12 months and the types of third parties with whom ANA has shared personal information during the said period are shown below. ANA shares such personal information with third parties in order to conduct marketing activities (including personalized advertisements), such as provision of information on events and campaigns. ANA will not share the personal information of a customer with a third party if ANA has actual knowledge that the customer is a minor.
| Type of personal information shared | Example of personal information | Type of third party ANA shared personal information with in the past 12 months |
|---|---|---|
| Internet or other electronic network activity information | Information such as that on how customers use the ANA website and mobile application, including details on cookies, advertising identifiers (IDFA/GAID), location information, unique device identifiers, IP address, details on OS and browser type, etc., and website activity logs | Ad network |
- (3) Disclosure of personal information for business purposes
The types of customers' personal information that ANA has disclosed in the past 12 months for business purposes and the types of third parties to which such personal information has been disclosed are shown below. ANA discloses these types of personal information to third parties for the purposes specified in Chapter 1., Part 3. (Purpose of using personal information) and Part 8. (Joint use).
| Type of personal information disclosed | Example of personal information | Types of third parties to which the personal information has been disclosed in the past 12 months |
|---|---|---|
| Identifiers (name or symbol, etc. used to uniquely identify a particular subject) | The customer's name, address, telephone number, fax number, mailing address, email address, passport information, and ANA Mileage Club membership number (10 digit number), personal online identifier, etc. | Other companies in the ANA Group, subcontractor handling ANA flights, airports and airlines who we partner with, various service providers, providers with whom we have a marketing partnership, government organizations, regulatory and law enforcement authorities, judicial, customs and immigration authorities, third-party organization, etc. |
| Additional data subject to the California Customer Records statute (personal information categories in Cal. Civ. Code Sec. 1798.80(e)) | The customer's physical and medical information relating to flying, credit card number, and payment information including details of credit/debit card and other payment methods, etc. | Other companies in the ANA Group, subcontractor handling ANA flights, airports and airlines who we partner with, various service providers, providers with whom we have a marketing partnership, government organizations, regulatory and law enforcement authorities, judicial, customs and immigration authorities, third-party organization, etc. |
| Characteristics of protected classifications under California or federal law | The customer's dietary restrictions, etc. | Other companies in the ANA Group, subcontractor handling ANA flights, etc. |
| Commercial information | The type of customer's ANA Mileage Club membership card, membership status, membership area, mileage status, credit card expiration date, usage history of credit card and related information, need for wheelchair or other special arrangement, flight reservation and cancellation information, usage history of flights and other services, details of travel plans and arrangements, including flights with ANA and other airlines, accommodations, and other transportation arrangements, information contained in correspondence with customers, details of inquiries, requests and complaints, etc. | Other companies in the ANA Group, subcontractor handling ANA flights, airports and airlines who we partner with, various service providers, providers with whom we have a marketing partnership, government organizations, regulatory and law enforcement authorities, judicial, customs and immigration authorities, third-party organization, etc. |
| Internet or other electronic network activity information | Information such as that on how customers use the ANA website and mobile application, including details on cookies, advertising identifiers (IDFA/GAID), location information, unique device identifiers, IP address, details on OS and browser type, etc., and website activity logs | Other companies in the ANA Group, various service providers, providers with whom we have a marketing partnership, government organizations, regulatory and law enforcement authorities, judicial, customs and immigration authorities, third-party organization, etc. |
| Professional or employment-related information | Employment information (company name, division/department the customer belongs to, title, address, telephone number, fax number) and related information | Other companies in the ANA Group, various service providers, providers with whom we have a marketing partnership, government organizations, regulatory and law enforcement authorities, judicial, customs and immigration authorities, third-party organization, etc. |
| Sensitive personal information | Passport information, information on physical condition or disease of the customer relevant to his/her boarding, the customer's dietary restrictions, the necessity to arrange for a wheelchair, and location information, etc. | ANA Group companies, subcontractor handling ANA flights, airports and airlines who we partner with, various service providers, providers with whom we have a marketing partnership, government organizations, regulatory and law enforcement authorities, judicial, customs and immigration authorities, third-party organization, etc. |
3. Sensitive personal information
ANA does not use or disclose sensitive personal information of customers for any purpose other than certain purposes permitted under the CCPA. ANA does not collect or process sensitive personal information of customers for the purpose of inferring characteristics about customers.
4. Retention of personal information
ANA retains customers' personal information until the purpose of use is achieved. Particularly, ANA has set the retention period for personal information as follows. For most other personal information, the appropriate retention period will be determined based on the nature of the information and the purpose for having it by reference to legal and accounting requirements and our business needs.
- (1) Personal information of ANA Mileage Club membership
Until withdrawal of the ANA Mileage Club membership - (2) Personal information of passengers
Until completion of transportation and related services stipulated in Conditions of Carriage for Domestic Flights and Conditions of Carriage for International Flights - (3) Other personal information
Required period for the purpose which customers have consented.
5. Request about handling of personal information
Customers residing in California have the following rights concerning their personal information:
(1) Right to know
Customers have the right to make a request to ANA for the disclosure of the following information regarding their personal information collected/used/disclosed by ANA within the 12 months before the date of request (hereinafter "Right to know"), up to twice in 12 months.
- Type of the customer's personal information collected by ANA
- Source of the collection of such personal information
- Business or commercial purposes for the collection of such personal information
- Type of third party with which such personal information has been shared
- The customer's specific personal information collected by ANA
- Type of the customer's personal information disclosed by ANA for a business purpose
- Type of third parties to which each type of such personal information has been disclosed
(2) Right to delete
Customers have the right to make a request to ANA for the deletion of their certain personal information collected by ANA (hereinafter "Right to delete").
(3) Right to correct
Customers have the right to request ANA to correct incorrect personal information held by ANA (hereinafter the "Right to correct").
(4) Right to opt-out of sharing
Customers have the right to direct ANA to cease sharing their personal information with a third party (hereinafter the "Right to opt-out of sharing").
When, among the rights set out above, exercising the right to know, the right to delete or the right to correct, please contact us using any of the following methods. Once ANA receives such a request, it will be handled according to the related laws and regulations within a reasonable timeframe and manner, after confirming, through the procedures for individual identification described below, that the request was submitted by the customer himself/herself.
1. Submission of a request
Website:
Telephone:
U.S.
1-800-235-9262
(Toll-free)
310-782-3011
(Charged)
2. Procedures for individual identification
- (For individuals)
Upon receiving a request for the exercise of the right to know, the right to delete or the right to correct, ANA will ask the customer to submit information sufficient to confirm that such request was submitted by such customer himself/herself, such as his/her name and email address, and compare the submitted information with the information held by ANA. - (For representatives)
In addition to the information required for the identification of individual in "(For individuals)," the customer needs to submit a certificate signed by him/her certifying that the representative is authorized to exercise rights on his/her behalf. In addition, ANA may ask the customer to directly contact ANA to confirm that he/she has granted the representative authority to exercise the right to know, the right to delete or the right to correct.
When, among the rights set out above, exercising the right to opt-out of sharing, please contact us using any of the following methods or through the link below. Once ANA receives such a request, it will be handled according to the related laws and regulations within a reasonable timeframe and manner.
ANA responds to an opt-out preference transmitted through the Global Privacy Control and handles it as a valid request based on the right to opt-out of sharing. Please refer to Global Privacy Control for how to set the Global Privacy Control.
As a rule, ANA will not treat customers who have submitted such requests in a discriminatory manner, such as changing their services. Even so, please note that deletion requests may prevent customers from receiving services which they have been provided with, or may impede the provision of services that are in accordance with their wishes.
6. Contact for inquiries
Website:
Telephone:
U.S.
1-800-235-9262
(Toll-free)
310-782-3011
(Charged)
Chapter 5. Handling of personal data of Thailand residents by ANA
1. Introduction
This Chapter 5 provides additional information about the collection, use, or disclosure ("processing") of personal data of customers and other individuals in the Kingdom of Thailand ("Thailand") in accordance with the Personal Data Protection Act of Thailand B.E. 2562 (A.D. 2019) ("PDPA").
If consent is required for processing of personal data relevant to the use of ANA's services of customers who are minors, quasi-incompetents or incompetents under the law of Thailand and cannot lawfully give consent by themselves, consent of the holder of parental responsibility over the child, their curators or custodians (as the case may be) shall also be obtained. If customers are under the age of 10, only consent of the holder of parental responsibility over the child shall be obtained.
If ANA is not aware that the customers are minors, quasi-incompetent persons or incompetent persons prior to the collection of their personal data, upon learning that we have collected personal data of minors without the consent of the holder of parental responsibility over the child (when it is required and the minors cannot lawfully give consent by themselves), or from quasi-incompetent persons or incompetent persons without the consent of their legal curator or custodian, we will delete the personal data at the earliest convenience unless we can rely on other legal grounds apart from consent for such processing.
The customer's consent to this Privacy Policy must be obtained in the event that a person such as family member or an agent authorized to act on its behalf applies for ANA's service on behalf of the customer.
In the event that any provisions of this Chapter 5 contradict those of Chapter 1, the provisions of this Chapter 5 shall prevail.
2. The controller of personal data
The controller of your personal data is ANA.
ANA protects personal data which is collected and used by controllers (who make decisions about how and why your personal data is used) and processors (who act on the controller's written instructions) on the basis of the PDPA.
3. Our legal basis for processing personal data
ANA protects your personal data by ensuring that it can only be used to the extent necessary for specific purposes (as set out in Part 3 of Chapter 1 of this Privacy Policy) and by requiring that there is a legal basis for each processing activity on the basis of the PDPA.
ANA may process customer personal data on one or more of the following legal basis:
- (1) When your consent is obtained for the processing (Article 19 PDPA) Consent will usually only be relied upon for promotional and marketing related processing, or in some cases, in relation to sensitive personal data.
- (2) When processing is necessary in order to perform or take steps to enter into a contract (Article 24(3) PDPA).
This is typically when we process customer's personal data which is essential to providing our services, including a customer's identity, contact, payment and travel details, etc. - (3) When ANA needs to process the personal data to comply with a legal obligation (Article 24(6) PDPA).
This includes the requirement to share personal data with customs and immigration authorities or law enforcement, as well as ANA's legal obligations towards its staff and customers. - (4) When the processing is required to protect your, or a third party's, vital interests (Article 24(2) PDPA), for example in the event of a medical emergency.
- (5) When it is in ANA's or a third party's legitimate interests to process the personal data, and these interests are not overridden by your fundamental rights regarding your personal data under the law (Article 24(5) PDPA).
This includes the use of personal data necessary to operate ANA's business and also to maintain, develop and improve its goods and services and provide the best possible customer experience to the extent permissible under the PDPA.
4. Request about processing of personal data
(1) The PDPA provides you with the following legal rights:
- Request for disclosure: You can request copies of your personal data and details of how we process it.
- Request for correction or updating: Corrections or updates to personal data will be undertaken where possible after due review of the request.
- Request for erasure: You may request that we erase, destroy or anonymize all or part of the personal data we hold about you. We will consider your request and, where the information is no longer required or the law does not permit us to continue to retain it, we will delete it.
- Transferring your personal data: You can request a copy of your personal data in a structured, common, machine-readable format. This only applies to personal data which we obtain from you and process on the basis of your consent or in order to perform a contract, and which is processed by automated means.
- Objections to processing: You can object to processing which is carried out on the basis of our or a third party's legitimate interests or for the purpose of direct marketing. We will cease processing customer's information unless we can prove a legitimate grounds to show that the legitimate interest overrides the customer's interest. If your objection is to direct marketing, we will cease the processing.
- Restrictions to processing. You can restrict our processing of the customer's personal data under certain circumstances. Where this applies, any processing of your personal data (other than storing it) will only be lawful with your consent or where required for legal claims, protecting certain rights or important public interest reasons.
- Withdrawal of consent. If we rely on consent to process your personal data, you have the right to withdraw that consent at any time. However, the withdrawal of consent shall not affect the processing of your personal data before its withdrawal to which you have given consent legally.
Please note, the rights set out above are not absolute and do not apply in every situation. There are also legal exemptions which apply in some situations and mean a request may be refused. If the request is refused, we will inform you of the reasons for this when we respond.
Records of requests made to us will be retained so that we can demonstrate that we have complied with the legal obligations.
(2) Method for submitting a request
You can exercise your rights free of charge (except in the case where expenses may be chargeable under the PDPA). The method for submitting a request and contact information are as follows.
(Website)
Please send the required documents via the webform listed on ANA's website.
(Required documents)
(3) Responding to a request
We will respond without undue delay and usually within thirty (30) days. We may, in some cases, ask for identification or (if you are making the request on behalf of a third party) proof of your authority to submit a request. If your request is particularly complex or you have made a number of requests, it may take longer to provide a detailed response. Please also bear in mind that there are exceptions to the rights above and some situations where they do not apply.
If you are not satisfied with our response to a data protection request or if you think your personal data has not been mishandled, then you have the right to file a complaint with the Personal Data Protection Committee of Thailand. Please see Part 9 of this Chapter 5 ("Lodging a complaint with an authority") for further details.
5. Data sharing which is necessary to provide goods or services
ANA's goods and services are provided with the assistance of other companies and organizations and often ANA will need to share personal data with third parties in order to run its business. These third parties include:
- (1) Other companies in the ANA Group
- (2) Organizations with which ANA is legally required to share personal data
including: government organizations, regulatory and law enforcement authorities, judicial, customs and immigration authorities, third-party organization, etc. - (3) Service providers
including: subcontractor handling ANA flights, airports and airlines who we partner with, various service providers, providers with whom we have a marketing partnership, etc.
Where ANA instructs companies, contractors or service providers to process data on its behalf, then it will ensure that it does so pursuant to a contract which meets the requirements of PDPA.
6. Marketing communications
ANA sends out marketing communications from time to time to notify interested persons of news and provide details of goods and services which may be of interest to them. ANA will only do this if the recipient has consented to receive marketing communications.
7. Where your personal data is stored and transferred
ANA is located in Japan and many of the service providers and other organizations with whom we share your personal data will be located in jurisdictions outside Thailand.
When transferring personal data to third parties, ANA will ensure that it complies with the requirements of the PDPA and related Japanese laws. However, please note that recipients outside Thailand may be subject to national laws which do not necessarily provide equivalent protection for your personal data. If you would like more information regarding where your personal data is stored and transferred please contact ANA using the details set out in Part 13 of this Chapter 1 ("Submission of a request for disclosure, etc.").
8. Retention of personal data
ANA retains customers' personal data until the purpose of use is achieved. Particularly, ANA has set the retention period for personal data as follows. For most other personal data, the appropriate retention period will be determined based on the nature of the information and the purpose for having it by reference to legal and accounting requirements and our business needs.
- (1) Personal data of ANA Mileage Club membership
Until withdrawal of the ANA Mileage Club membership - (2) Personal data of passengers
Until completion of transportation and related services stipulated in Conditions of Carriage for Domestic Flights and Conditions of Carriage for International Flights - (3) Other personal data
Required period for the purpose which customers have consented
Please note that ANA may retain your personal data for a longer period than mentioned above if it is for the purposes of the establishment or defense of legal claims or the purpose for compliance with the law.
9. Lodging a complaint with an authority
Customers have the right to lodge a complaint on the processing of their personal data with the Personal Data Protection Committee of Thailand.
10. The contact information of the controller and ANA's Data Protection Officer
Controller: ALL NIPPON AIRWAYS CO., LTD.
Address: Shiodome City Center, 1-5-2 Higashi-Shimbashi, Minato-ku, Tokyo, Japan
Data Protection Officer email: bkkpdpa@ana.co.jp
- Please note that this e-mail address is for data protection related matters only.
- For requests for processing of personal data (disclosure, erasure, correction, etc.), please refer to Part 4 of this Chapter 5 (Request about processing of personal data, (2) Method for submitting a request).
- For inquiries regarding reservations, tickets, baggage, ANA Mileage Club, services, etc., please access Contact Information in Each Region and ANA Branch Office.
- Please choose your city and language.