Obscura Flux
Legal

Privacy Policy

Last updated: 15 May 2026

This Privacy Policy explains how Obscura Flux (“we”, “our”, “us”), operated from 1-1 Chiyoda, Chiyoda City, Tokyo 100-0001, Japan, collects, uses, discloses, and safeguards personal information when you access or use our website at obscuraflux.com (the “Site”). Please read this policy carefully. If you do not agree with its terms, please discontinue use of the Site.

1. Information We Collect

We collect information in two principal ways: information you provide to us voluntarily, and information collected automatically as you navigate the Site.

1.1 Information You Provide Voluntarily

When you contact us by email or telephone — for example, to enquire about a tour, request further historical information, or submit a research question — you may provide us with personal information including your name, email address, telephone number, and the content of your enquiry. We collect only the information you choose to share and do not require account registration to access the Site's content.

1.2 Information Collected Automatically

When you visit the Site, certain technical data is collected automatically by our web server and any analytics services we operate. This may include your IP address, browser type and version, operating system, the URL of the page you visited before arriving, the pages you view, the time and date of your visit, the duration of your session, and other standard web log data. This information is used in aggregate to understand how visitors interact with the Site and to improve our services.

1.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect certain information automatically. For full details of the cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

2. Legal Basis for Processing

Where applicable data protection law requires a legal basis for processing personal data, we rely on the following grounds:

  • Legitimate interests: We process web log data and aggregated analytics data on the basis of our legitimate interests in operating a secure and well-functioning website and improving our services.
  • Contract performance: Where you book a guided tour or request a bespoke research service, we process your personal data to fulfil our contractual obligations to you.
  • Consent: Where we rely on consent — for example, for non-essential cookies — we will request your consent at the point of collection and you may withdraw it at any time.
  • Compliance with legal obligations: We may process your personal data where necessary to comply with applicable Japanese law, the GDPR where applicable, and any other relevant legislation.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

  • To respond to your enquiries, questions, and requests, including tour bookings and historical research queries.
  • To provide you with the services you have requested, including guided tours and bespoke historical itineraries.
  • To administer and improve the Site, including diagnosing technical problems and analysing usage patterns.
  • To send administrative communications, including confirmations of bookings or enquiries.
  • To comply with applicable legal obligations and to enforce our Terms of Service.
  • To protect the security and integrity of the Site and our systems against fraudulent or unlawful activity.

We do not use your personal information to send unsolicited marketing communications. We do not sell, rent, or trade personal data to third parties for their own marketing purposes.

4. Disclosure of Your Information

We do not sell, rent, or trade your personal information. We may disclose your personal data to the following categories of recipients:

  • Service providers: Third-party companies who assist us in operating the Site — including web hosting providers, analytics services, email delivery services, and payment processors. These providers are contractually required to handle your data securely and only as instructed by us.
  • Professional advisers: Lawyers, auditors, and accountants who require access to your data in connection with the professional services they provide to us.
  • Law enforcement and regulatory bodies: Where we are required by law, court order, or governmental authority to disclose personal data, we will comply with such requirements.
  • Business transfers: In the event that we merge with, are acquired by, or substantially transfer our assets to another entity, personal data we hold may be transferred as part of that transaction, subject to applicable data protection law.

5. International Data Transfers

Obscura Flux is operated from Japan. If you are located outside Japan, please be aware that information you provide may be transferred to, stored, and processed in Japan or in other countries where our service providers maintain facilities. Japan's Act on the Protection of Personal Information (“APPI”) governs the handling of personal data domestically. Where we transfer data to countries that do not provide equivalent levels of protection, we implement appropriate safeguards such as standard contractual clauses.

6. Data Retention

We retain personal information only for as long as is necessary for the purposes set out in this Privacy Policy, or as required by applicable law:

  • Enquiry and correspondence records are retained for up to three years from the date of last contact, after which they are securely deleted.
  • Tour booking records are retained for seven years to satisfy accounting, tax, and legal compliance requirements.
  • Web log and analytics data is retained in aggregated, anonymised form; identifiable log data is deleted after 12 months.
  • Cookie preference records are retained for 12 months from the date of your consent or refusal.

When personal data is no longer required, we destroy it securely using methods appropriate to the format in which it is held.

7. Security of Your Information

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, accidental loss, destruction, or disclosure. These measures include: encrypted transmission via HTTPS; access controls limiting access to personal data to authorised personnel only; regular security reviews of our web infrastructure; and supplier contracts requiring equivalent security standards.

However, no method of transmission over the internet or method of electronic storage is completely secure. If you believe that your interaction with us is no longer secure, please contact us immediately using the details in Section 11.

8. Your Rights

Depending on your location and applicable law, you may have the following rights in relation to your personal data:

  • Right of access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request that inaccurate or incomplete data be corrected.
  • Right to erasure: In certain circumstances, you have the right to request that we delete your personal data.
  • Right to restriction: You have the right to request that we restrict the processing of your data in certain circumstances.
  • Right to data portability: Where processing is based on consent or contract and carried out by automated means, you may have the right to receive your data in a structured, machine-readable format.
  • Right to object: You have the right to object to processing based on our legitimate interests where your interests override our own.
  • Right to withdraw consent: Where we process data on the basis of consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us using the details in Section 11. We will respond within 30 days. There is no fee for exercising your rights, though we reserve the right to charge a reasonable fee for manifestly unfounded or excessive requests.

9. Third-Party Websites and Services

The Site may contain links to third-party websites not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of those sites. We strongly advise you to review the privacy policy of every external site you visit. This Privacy Policy does not apply to any third-party site or service.

10. Children's Privacy

The Site is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected such information without verifiable parental consent, we will take steps to delete it as promptly as possible. If you believe we have collected personal information from a child under 13, please contact us immediately using the details in Section 11.

11. How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us:

We aim to respond to all privacy-related enquiries within 30 calendar days of receipt. If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the “Last updated” date at the top of this document. Where changes are material, we will take reasonable steps to bring them to your attention. Your continued use of the Site after any changes become effective constitutes your acknowledgement of the revised Privacy Policy.