Privacy Policy

Version: 1.0.1 | Last updated: Mar 5, 2024

Privacy Policy


Rakuten Travel Xchange recognizes its responsibilities in relation to the collection, usage, disclosure, storage and transfer of personal data under the Personal Data Protection Act (“PDPA”).

Personal data will be collected only for lawful and relevant purposes and reasonable steps will be taken to ensure that personal data held by Rakuten Travel Xchange is accurate. Rakuten Travel Xchange will take reasonable steps to protect the personal data and to avoid unauthorized access.

Personal Data

We at Rakuten Travel Xchange take the privacy interests of anyone who engages with us seriously. We are committed to protecting the privacy, confidentiality, accuracy and security of the personal data provided to us.

This Privacy Policy explains how we collect, use, disclose, store and transfer your personal data. All our employees are required to comply with our Privacy Policy when they carry out their daily activities.

Personal Data We Collect

Under PDPA, personal data is defined as information about an individual who can be identified from that data; or from that data and other information to which the organization has or is likely to have access. Personal data collected about you and your dependents may include:

  1. Name, email, address and telephone number, age, date of birth, gender
  2. NRIC, Passport, FIN No.

How we use your personal data (Purpose & Notification Obligation)

We may collect and use your personal data to:

  • identify you
  • communicate effectively with you
  • provide product or service recommendations
  • provide you with ongoing services and respond to your inquiries or instructions
  • conduct research and statistical analysis
  • comply with all applicable laws, including reporting to regulatory and industry entities

We will only collect and use personal data in an open, fair and lawful way that is necessary for the purposes identified by us above.

Releasing Your Data to Others (Transfer Out)

We may disclose your personal data to third parties:

  • service providers to provide us with services such as printing, mail distribution, data storage, regulators, law enforcement and government agencies

We will only disclose your personal data as it is reasonably required for the purposes stated above and the data is limited to information necessary for us and these third parties to do the work. These parties are also required to comply with the Singapore Personal Data Protection Act.

We may transfer personal data to service providers outside of Singapore for processing, storage, analysis, disaster recovery or emergency assistance services and this data may be required to be disclosed to those authorized under the applicable laws of that foreign country. These service providers with whom we have contractual relationships are required to provide a standard of protection to the transferred personal data that is comparable to the protection under the Singapore Personal Data Protection Act and consistent with our personal data protection policies and practices.

How We Store Your Data

Your data is securely stored in data centres around the world. Your data will only be processed by 3rd parties who provide contractual safeguards or are in jurisdictions that necessitate privacy standard compliance relating to the information they process. Your data may be stored in countries with different levels of security to your own but we endeavour to ensure these are reasonable.

Using Information for Marketing Purposes

The information you supply will not be provided to third parties for their marketing purposes.


We will take all reasonable efforts to ensure that your personal data collected by us or on our behalf is accurate and complete.

Your Rights of Access & Correction

Under the PDPA, you have the right to request access to any personal data of yours that we have, and know how it is being used and disclosed for the last 12 months to the extent your right is allowed by law. However, you may be charged a reasonable fee for every request for such access.

You also have the right to request correction of your personal data.

Data Protection Rights

Our Company would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request Our Company for copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete the information you believe is incomplete.

The right to erasure – You have the right to request that Our Company erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to Our Company’s processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us

Or write to us: Rakuten Travel Xchange, 138 Market Street, #20-01. CapitaGreen, Singapore 048946

Withdrawing Your Consent

You may refuse or withdraw your consent for us to collect, use or disclose your personal data by giving us reasonable notice so long as there are no legal or contractual restrictions preventing you from doing so.

Protecting Your Personal Data (Security)

We protect your personal data from unauthorized access, collection, use, disclosure, copying, modification or disposal by having physical, technological and organizational safeguards in place that are appropriate to the sensitivity of the data.

All our staff and service providers who act on our behalf must comply with our privacy policies and practices and can only access your data to do their jobs.


We will keep your personal data only for as long as it is needed for the purposes for which it was collected and as required for business or legal purposes. Once your personal data is no longer required for these purposes, we will destroy, erase or make anonymous the data.


Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology

For further information, visit

How We Use Cookies

Functionality – Our Company uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.

Analytics - We use Google Analytics cookies to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc. For more information on Google Analytics, please click here. You can opt out of being tracked via Google Analytics, refer to this link.

How to Manage Cookies

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

Contacting Us

If you have any concern, query or complaint about our personal data protection policies and practices or wish to request access to, update or correct your personal data, please submit a ticket via our service portal at

Changes to this Privacy Policy

We review this Privacy Policy regularly and reserve the right to make changes at any time to take into account any changes in our business or any legal requirements.

We will place updates and our revised Privacy Policy on our website. If the changes are significant and reduces your rights under this Privacy Policy, we will notify you on this website. Any changes will be effective 30 days following the date on which this Privacy Policy is revised and posted on our website.