Privacy Policy

1. Introduction & Scope

NipponTicketHub ("we," "us," "our," or "Company") respects your privacy and is committed to transparent data practices. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information when you use our website, mobile applications, and services (collectively, the "Services"). This policy applies to all users, including customers, vendors, partners, and job applicants. By using our Services, you acknowledge that you have read and agree to this Privacy Policy. If you do not agree, please discontinue use immediately.

2. Information We Collect

Personal Information You Provide: When you create an account, make a booking, contact support, or subscribe to communications, we collect name, email address, phone number, date of birth, payment information (processed securely via third-party providers), billing and delivery addresses, and any messages or communications you send us.

Automatically Collected Information: When you use our Services, we automatically collect IP addresses, device identifiers, browser type and version, operating system, pages visited, time spent, referring URLs, and clickstream data via cookies and similar tracking technologies. We also collect location data (with your consent) to provide localized event recommendations.

Third-Party Information: We may receive information about you from payment processors, venue partners, third-party login providers (Google, Apple), and analytics services. If you provide a friend's contact information for referrals, we will use that data solely for the referral purpose.

3. How We Use Your Information

We use your personal information for the following purposes:

• To process and fulfill ticket bookings, deliver digital tickets, and manage reservations
• To communicate with you about bookings, support requests, policy updates, and promotional offers (with your consent)
• To authenticate your account, prevent fraud, and enhance security
• To personalize your experience and recommend relevant events
• To analyze usage patterns, improve Services, and conduct market research
• To comply with legal obligations, enforce our Terms of Service, and protect our rights and safety
• To troubleshoot technical issues and provide customer support
• To process refunds, handle disputes, and manage payment reconciliation

4. Legal Basis for Processing

Legitimate Interest: We process personal data when it is necessary for our legitimate business interests—including fraud prevention, security, analytics, customer support, and Service improvement—provided such interests do not override your privacy rights.

Consent: For marketing communications, cookie usage, and certain analytics, we rely on your explicit consent, which you may withdraw at any time via account settings or clicking "Unsubscribe" in our emails.

Contractual Necessity: We process personal data necessary to fulfill our Services Agreement with you, including ticket delivery and payment processing.

Legal Compliance: We may process data to comply with applicable laws, regulations, court orders, and regulatory requests in Japan and other jurisdictions.

5. Data Sharing & Disclosure

Venue & Organizer Partners: We share your name, email, and ticket details with venues and event organizers as necessary to deliver tickets and manage check-in. They may use this data according to their own privacy policies.

Payment Processors: Payment information is processed by third-party payment providers (e.g., Stripe, Square) under their privacy and security standards. We do not store full credit card details on our servers.

Service Providers: We engage vendors for hosting, analytics (Google Analytics), email delivery, customer support, and fraud prevention. These vendors are contractually bound to protect your data and use it only for the purposes we specify.

No Sale or Rental: We do not sell, rent, or lease personal information to third parties for marketing purposes. We never share data with unaffiliated advertisers for their own marketing without explicit consent.

Legal Disclosure: We may disclose personal information when required by law, court order, subpoena, or government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Security & Encryption

We implement PCI-DSS Level 1 security standards and bank-grade encryption (TLS/SSL 256-bit) to protect personal information both in transit and at rest. We employ multi-factor authentication for user accounts, regular security audits, firewalls, intrusion detection systems, and restricted access controls. However, no security measure is completely foolproof. We cannot guarantee absolute security, and you use our Services at your own risk. We recommend using strong, unique passwords and keeping your account credentials private.

In the event of a data breach involving sensitive personal information, we will notify affected users and regulatory authorities within 72 hours as required by applicable law.

7. Cookies & Tracking Technologies

We use cookies, web beacons, and similar technologies to remember your preferences, analyze usage, and provide personalized content. Types of cookies we use include:

• Essential Cookies: Enable core functionality (login, session management, security)
• Analytics Cookies: Track page views, user behavior, and engagement (Google Analytics)
• Preference Cookies: Remember language, theme, and display settings
• Marketing Cookies: Track campaign effectiveness and display retargeted ads

You can control cookies via your browser settings or our cookie consent banner. Disabling non-essential cookies may impact Service functionality. Third-party partners (Google, Meta) may place cookies for their own analytics and advertising purposes—see their privacy policies for details.

8. Your Privacy Rights & Data Access

Right to Access: You have the right to request a copy of personal information we hold about you. Submit a written request to privacy@calmmeadowbreeze.com, and we will provide this within 30 days.

Right to Correction: You may correct, update, or complete inaccurate personal information via your account dashboard or by contacting us. We will make corrections within 15 business days.

Right to Deletion: You may request deletion of personal data, subject to legal retention obligations. We will delete your account and associated data upon request, except where retention is required by law or for legitimate business purposes (e.g., dispute resolution).

Right to Opt-Out: You may opt out of marketing communications at any time via the unsubscribe link in emails or your account preferences. We will stop sending promotional content within 5 business days.

Right to Object: You may object to certain processing activities (e.g., marketing profiling). Contact us to exercise this right.

9. International Data Transfers

NipponTicketHub is based in Japan. If you access our Services from outside Japan, your personal information will be transferred to, stored in, and processed in Japan. By using our Services, you consent to this transfer and processing. We comply with applicable international data transfer regulations and implement safeguards (such as standard contractual clauses or binding corporate rules) to ensure adequate protection.

10. Data Retention

We retain personal information for as long as necessary to provide Services and fulfill the purposes outlined in this Privacy Policy. Booking records, payment data, and communication history are typically retained for 7 years to comply with tax and contractual dispute resolution requirements. Marketing preferences are retained until you opt out. Log data and analytics are typically retained for 12 months. Account information is retained after account closure for 2 years unless you request deletion, except where deletion is restricted by law or regulatory requirements.

11. Children's Privacy

Our Services are not intentionally directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it immediately. Parents or guardians who believe a child has provided information to us should contact us at privacy@calmmeadowbreeze.com. Users between 13 and 18 years old may have limited rights and must provide parental/guardian consent for certain activities.

12. Third-Party Links & Services

Our website may contain links to third-party websites and services (social media, payment processors, venue websites) that are not operated by us. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices. We encourage you to review their privacy policies before providing information. We do not endorse or accept liability for third-party content or practices.

13. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA). You have the right to know what personal information we collect, use, and share; to delete personal information we collect; to opt out of the sale or sharing of personal information (we do not sell information); and to non-discrimination for exercising your rights. To submit a verified request, contact privacy@calmmeadowbreeze.com. We will respond within 45 days. You may designate an authorized agent to make requests on your behalf with proper authorization documentation.

14. European Privacy Rights (GDPR)

If you are an EU or UK resident, the General Data Protection Regulation (GDPR) and UK GDPR apply. In addition to the rights listed in Section 8, you have the right to data portability (receive a machine-readable copy of your personal information) and the right to lodge a complaint with your national data protection authority. Our Data Protection Officer (DPO) is available at dpo@calmmeadowbreeze.com. For EU residents, you may lodge complaints with your supervisory authority (e.g., CNIL for France, ICO for UK).

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via email or a prominent notice on our website at least 30 days before the changes take effect. Your continued use of our Services after such changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy regularly.

16. Contact Us & Data Protection Authority

Privacy Questions: If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

NipponTicketHub, Inc.
1-1-2 Oshiage, Sumida City
Tokyo 131-0045, Japan
Email: privacy@calmmeadowbreeze.com
Phone: +81-3-1234-5678
Data Protection Officer: dpo@calmmeadowbreeze.com

We will respond to all inquiries within 15 business days. If you are dissatisfied with our response, you may file a complaint with your local data protection authority.