HIKARI

Privacy Policy

Last updated: Oct 8th, 2025

At Hikari (“we,” “our,” or “us”), we respect your privacy. This Privacy Policy explains how we collect, use, store, and protect personal information from users (“you”) who visit our website or use our services.

By using our platform, you agree to the terms of this Privacy Policy.

1. Who We Are

Hikari is the data controller responsible for your personal information.

Contact details: [email protected]

If you have any questions about how we handle your data or wish to exercise your rights, please contact us using the details above.

2. Legal Basis for Processing

We process your personal data under the following legal bases as defined by UK GDPR:

  • Contractual necessity: To fulfill our contract with you when you book lessons or register as an instructor/ski school
  • Legitimate interests: To operate and improve our platform, prevent fraud, and ensure safety
  • Legal obligation: To comply with applicable laws, including tax and financial regulations
  • Consent: For marketing communications and non-essential cookies (which you can withdraw at any time)

3. Information We Collect

We collect the information we need to provide our services safely and effectively. This may include:

Information you provide directly:

  • Your name, email address, and contact details when you create an account or make a booking
  • Payment information when you make or receive payments (handled securely through our payment provider)
  • Instructor and ski school profile details such as qualifications, certifications, photos, descriptions, and business registration information. By creating an account on Hikari you grant us license to display the information we collect on your public profile and you confirm you have permission to use any images.
  • Booking details including dates, locations, lesson preferences, and participant information
  • Communications you send to us or other users through our platform
  • Feedback, reviews, and ratings

Information we collect automatically:

  • Device and usage information (such as IP address, browser type, device identifiers, and site activity)
  • Location data (when you access our services)
  • Cookies and similar tracking technologies (see Section 9 for details)

Information from third parties:

  • Payment verification data from our payment processor
  • Identity verification information where required

We do not collect more information than necessary, and we do not sell your data to anyone.

4. How We Use Your Information

We use your personal information to:

  • Process bookings and facilitate lessons between Guests and Instructors/Ski Schools
  • Create a publicly viewable instructor profile
  • Create publicly viewable reviews and testimonials
  • Process payments and prevent fraud
  • Verify Instructor and Ski School qualifications, insurance, and right-to-work status
  • Communicate with you about your account, bookings, or support requests
  • Send important service updates and safety information
  • Improve our website, services, and user experience
  • Analyze usage patterns and conduct research to develop new features
  • Comply with legal obligations including tax reporting and safety requirements
  • Resolve disputes and enforce our Terms & Conditions
  • Protect against fraud, abuse, and security threats

Marketing communications: With your consent, we may send promotional emails about new features, special offers, or relevant content. You can unsubscribe at any time using the link in our emails or by contacting us.

5. Sharing Your Information

We only share your information when necessary to provide our service or as required by law.

We share data with:

  • Instructors, Ski Schools, and Guests: To facilitate bookings and lessons (names, contact details, booking information)
  • Payment processors: To securely process transactions (payment providers)
  • Service providers: Who help us operate our platform, including cloud hosting providers, email communication services, analytics and performance monitoring tools, and customer support platforms
  • Legal and regulatory authorities: When required by law or to protect rights and safety
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner

We do not share your data with third parties for their own marketing purposes without your explicit consent.

All third-party service providers are required to protect your data in accordance with UK GDPR and are only permitted to process it for specified purposes.

6. International Data Transfers

Our platform operates internationally, with services provided primarily in Japan. Your data may be transferred to and processed in:

  • United Kingdom (where Hikari is based)
  • Japan (where lessons take place)
  • Other countries where our service providers operate

When we transfer data outside the UK, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions: Transferring to countries recognized by the UK as providing adequate data protection
  • Standard Contractual Clauses (SCCs): Approved by the UK Information Commissioner's Office
  • Other approved transfer mechanisms under UK GDPR

7. Payment Information and Security

All payment transactions are processed by our secure third-party payment provider (Stripe or similar PCI-DSS compliant processor).

We never store your full credit card details on our servers. Only tokenized payment information is retained for processing future transactions.

Instructors' and Ski Schools' payout information (such as bank details) is stored securely and used only to process payments.

8. Data Security

We take appropriate technical and organizational measures to protect your personal information from unauthorized access, loss, misuse, or disclosure, including:

  • Encryption of data in transit and at rest
  • Secure server infrastructure with regular security updates
  • Access controls limiting who can view personal data
  • Regular security assessments and monitoring
  • Passwords are securely hashed using industry-standard algorithms and are never stored in plain text
  • Staff training on data protection practices

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data breach notification: If a data breach occurs that poses a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours as required by UK GDPR.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve user experience, analyze traffic, and provide personalized content.

Types of cookies we use:

  • Essential cookies: Necessary for the website to function (e.g., keeping you logged in)
  • Performance cookies: Help us understand how visitors use our site (e.g., Google Analytics)
  • Functional cookies: Remember your preferences and settings
  • Marketing cookies: Used to show relevant advertisements (only with your consent)

You can manage cookie preferences through our cookie banner or your browser settings. Disabling cookies may affect website functionality.

10. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

  • Active accounts: Data retained while your account is active
  • Booking records: Retained for 7 years for legal, tax, and accounting purposes
  • Marketing data: Retained until you withdraw consent
  • Legal requirements: Some data may be retained longer if required by law

When data is no longer needed, we securely delete or anonymize it.

You can request deletion of your account at any time (subject to legal retention requirements).

11. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure (“right to be forgotten”): Request deletion of your data in certain circumstances
  • Right to restrict processing: Request that we limit how we use your data
  • Right to data portability: Receive your data in a structured, commonly used format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Withdraw consent for processing at any time (without affecting prior processing)
  • Rights related to automated decision-making: Not be subject to decisions based solely on automated processing that significantly affect you

How to exercise your rights: Contact us at [email protected] with your request. We will respond within one month (extendable by two months for complex requests).

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have mishandled your data: ico.org.uk

12. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete it.

Lessons may be booked for minors, but bookings must be made by an adult who is responsible for the child's participation.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

When we make significant changes, we will:

  • Post a notice on our website
  • Update the “Last updated” date at the top of this policy
  • Email you directly if the changes materially affect your rights

Continued use of our services after updates means you accept the revised policy.

15. Contact Us

If you have any questions about how we handle your personal information or wish to exercise your rights, please contact us:

Data Controller: Hikari — [email protected]

Supervisory Authority: Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF — ico.org.uk