Osaka Convention & Tourism Bureau, a public interest incorporated foundation (hereinafter referred to as "the Bureau"), recognizes the importance of protecting personal information in today's advanced information and communications society, and with the correct handling of personal information as its basic philosophy, strives to protect the privacy of users (hereinafter referred to as "Users") of the Bureau's services (hereinafter referred to as "Bureau Services") in accordance with the following policy (hereinafter referred to as "this Policy").
Our website (hereinafter referred to as the "Authority Site") and our app (hereinafter referred to as the "Authority App") may contain links to external websites. When you use linked websites, the privacy policy of the linked website will apply. Please note that we are not responsible for how personal information is handled at linked websites. When submitting personal information to external websites, please check the privacy policy of that website.
If you are located in the European Economic Area ("EEA"), please also see the attached Appendix to this Policy ("Appendix"), which contains additional terms regarding our use of your personal information. If there is a conflict between any provision in this Appendix and the main body of this Policy, this Appendix will take precedence.
1. Compliance with Laws and Regulations The Agency will comply with the Act on the Protection of Personal Information (Act No. 57 of 2003) and related laws and regulations, as well as guidelines from relevant ministries and agencies.
2. Information obtained from users For the purposes set out in this Policy, we collect and use the following categories of personal information about you ("User Information"):
2.1 Information provided by users
We will collect the name, username, password (including authentication information when using external linkage functions), email address and other contact information provided by Users to us when they use our Services, as well as User information included in surveys, complaints or questions.
2.2 Information we collect automatically
We collect details about your use of or visits to our Sites and Apps, and information obtained through cookies and other similar technologies, including IP addresses, domain names, browser information, operating system, traffic data, language preferences, country, location information, and information about how and when you use our Sites and Apps.
2.3 Information obtained from third parties
We obtain information from other sources, for example, public databases, business partners, marketing service providers and social media.
3. Notification or public disclosure of the purpose of use When acquiring and using user information, the authorities will notify the individual or publicly disclose the purpose of use, except as otherwise provided for by law.
4. Purposes and Legal Basis of Use4.1 We may collect and process your information to pursue our legitimate interests, as detailed below.
(1) To ensure that content on our Sites or Apps is presented in the most effective manner for users.
(2) To notify you about changes to our services.
(3) To manage your account.
(4) To fulfill our obligations arising from any contract between you and us.
(5) To respond to user questions and inquiries.
(6) To inform users about our policies and terms.
(7) To improve safety and security, including by monitoring fraud and investigating suspected or potential illegal activities or violations of our policies or terms.
(8) For data analysis, research, or audits.
(9) To provide, improve, and develop our services.
(10) To carry out procedures and make contact regarding applications for conferences, events, etc. hosted by the authorities.
(11) To ensure the continuity of our business.
4.2 Subject to your prior express consent, we may collect and process your information for the following purposes:
(1) To provide information that may be of interest to users.
(2) To provide information about business activities, services, or products sponsored by the Authority.
(3) To send newsletters and e-mail magazines issued by the Agency.
(4) To conduct business analysis.
(5) To use jointly with partner companies that may provide information about products and services.
(6) For other purposes specified at the time of collecting the information.
Users may withdraw their consent at any time. However, the withdrawal of consent will not affect the lawfulness of processing of user information based on consent before its withdrawal.
5. Provision of User Information to Third Parties
Except as required by applicable laws and regulations, we will not provide your information to any third party without your prior consent.
6. Management of User Information We will keep User Information accurate and up-to-date, and manage it safely, and will take necessary and appropriate safety management measures to protect User Information, such as preventing its leakage, loss, damage, falsification, and unauthorized access. We will also appoint the General Manager of the General Affairs Department as the person responsible for personal information management, and will implement appropriate management of User Information.
7. Use of Cookies Cookies are small text files that are placed on your computer or mobile phone when you visit a website. Cookies are widely used to make websites work, or to make them work more efficiently. Our Sites and Apps also use cookies. Cookies help our Sites and Apps to recognize your device and remember information about your use of our Services.
We use analytical tools such as Google Analytics to understand how users access and use our websites and apps. In addition, to deliver effective advertisements, Google, Cyber Communications Inc. (CCI), and the other companies listed below collect cookie data using DMP technology on our websites and apps. Please see the links below for information on how each company collects and processes data.
Google
Google Analytics (https://support.google.com/analytics/answer/6004245?hl=ja)
Or Ad Settings (https://policies.google.com/technologies/partner-sites?hl=ja)
DataCurrent
DataCurrent Privacy Policy (https://www.datacurrent.co.jp/datapolicy/)
Facebook
Facebook Data Policy (https://www.facebook.com/privacy/explanation)
and Facebook Cookie Policy (https://www.facebook.com/policies/cookies/)
Instagram
Instagram Data Policy (https://help.instagram.com/519522125107875)
Twitter
Twitter's Privacy Policy (https://twitter.com/en/privacy
and Twitter Cookie Policy (https://help.twitter.com/ja/rules-and-policies/twitter-cookies)
Adinte
Adinte's privacy policy (https://www.adinte.jp/privacy/
and cookie opt-out (https://www.adinte.jp/opt-out/)
ADARA
ADARA's Privacy Promise https://adara.com/ja/%E3%83%97%E3%83%A9%E3%82%A4%E3%83%90%E3%82%B7%E3%83%BC%E4%BF%9D%E8%AD%B7%E3%
81%AB%E9%96%A2%E3%81%99%E3%82%8B%E3%81%8A%E7%B4%84%E6%9D%9F%EF%BC%88%E3%83%97%E3%83%A9%E3%8
2%A4%E3%83%90%E3%82%B7%E3%83%BC/)
and opt-out from ADARA (https://adara.com/ja/6612-2-2/)
Baidu
Baidu Privacy Policy (https://www.baidu.jp/privacy/)
Vpon
Vpon Privacy Policy (https://www.vpon.com/jp/privacy-policy/)
and opt-out from your mobile web browser (http://opt.vpadn.com/cookie/)
8. How to manage cookies Most browsers allow you to manage cookie settings by changing your browser settings. In this case, if you consent to our use of cookies but later change your mind, you can delete cookies that have already been placed at any time through your browser settings and change your browser settings to block all or some cookies in the future. Please refer to the "Help" function of your browser for instructions on how to change your settings.
9. Disclosure, correction, suspension of use, and deletion of user information If a user requests the disclosure, correction, suspension of use, or deletion of user information, the authorities will respond promptly in accordance with the law.
10. Formulation and Implementation of Personal Information Protection Regulations In order to implement this policy, the Agency will formulate a personal information protection compliance program, thoroughly disseminate this program throughout the Agency through training and education, and continuously improve it to maintain the best possible state.
11. Contact point for inquiries regarding this policy Please contact the following point of contact for inquiries regarding this policy.
4-4-21 Minamisemba Chuo-ku, Osaka 542-0081
Osaka Convention & Tourism Bureau a public interest incorporated foundation
General Affairs Department (Tel) 06-6282-5906 (Fax) 06-6282-5915
Reception hours: 9:00 AM to 5:30 PM
12. Changes to this Policy We may change our services in the future, which may result in changes to this Policy. If we change this Policy, we will update the last modified date below.
Supplementary Provisions
This Privacy Policy was last updated on July 24, 2019.
Attachment
Handling of information of EEA residents
This Appendix, "Handling of User Information of EEA Residents," describes how we collect and process User Information protected by General Data Protection Regulation 2016/679 (hereinafter referred to as "GDPR"). We collect and process User Information in accordance with the GDPR and other applicable laws and regulations. In the event of any conflict between this Appendix and any provision in the main body of this Policy, this Appendix shall take precedence.
1.管理者の名称及び住所 当局は、別途定めない限り、GDPRに基づくユーザー情報の管理者となります。
名称:公益財団法人大阪観光局
住所:大阪市中央区南船場4-4-21
電話番号:+81-6-6282-5906
Eメール:[email protected]
ウェブサイト:https://osaka-info.jp
2. Complaints to Supervisory Authorities You have the right to lodge a complaint at any time with a supervisory authority in the Member State of your habitual residence, workplace or the place where the alleged infringement of the GDPR occurred. Please refer to the following link for information on supervisory authorities:
https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
However, we would appreciate it if you would contact us in advance so that we have an opportunity to deal with your complaint before you lodge it with a supervisory authority.
3. Sharing of User Information We may share your information with the following third parties, subject to applicable law:
(1) Service providers
We may outsource all or part of the processing of your information to companies that provide services on our behalf, such as hosting, maintenance, support services, email services, marketing, auditing, payment processing, data analysis, and providing customer service.
(2) Business Partners
With your prior consent, your information may also be transferred to, stored by, and processed by business partners who work with us to offer products, services or advertisements or who assist us in marketing to you.
(3) Affiliated companies and business integration
We may share your User Information with our affiliates, and we may transfer your User Information to the relevant third party in the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, sale or disposition of all or any portion of our business (including in connection with any bankruptcy or similar proceedings).
(4) Compliance with laws and regulations
It may be necessary for us to disclose your information—by law, legal process, litigation, or at the request of public or government authorities. We may also disclose your information if we determine that, for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
(5) Relief measures, etc.
We may also disclose your information if we determine in good faith that disclosure is reasonably necessary to protect our rights or pursue available remedies, enforce our Terms of Use, investigate fraud, or protect our operations or users.
4. User Rights Under the GDPR, you have the following rights. If you wish to assert any of these rights, please contact us using the details provided in this Policy.
(1) Right to be informed
Users may obtain from us information about our data processing activities relating to them.
(2) Access Rights
You have the right to confirmation as to whether we are processing your information and, if so, to access that information. You can also request a copy of the information we process.
(3) Right to rectification
You may ask us to correct any inaccurate User Information, and you may ask us to complete any inaccurate User Information.
(4) Right to erasure (right to be forgotten)
In certain cases, users may request that authorities delete user information relating to them without undue delay.
(5) Right to restriction of processing
In certain cases, you can ask authorities to restrict the processing of your information.
(6) Obligation to notify regarding correction, erasure, and restriction of processing of user information
Unless it is clearly impossible or would involve a disproportionate burden, we will notify recipients to whom the data has been disclosed of any corrections or deletions of user information or restrictions on processing made in accordance with (3) to (5) above, and will provide information about recipients if requested by the user.
(7) Right to data portability
In certain cases, you have the right to receive your user information in a structured, commonly used and machine-readable format and to transfer it to another controller.
(8) Right to object
You can object to the processing of your information for the purposes of the legitimate interests pursued by authorities or a third party, and, where your information is processed for direct marketing purposes, you can object at any time to the processing of your information for such marketing.
(9) Right not to be subjected to automated processing, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
5. Cross-border data transfers Authorities may transfer User Information from the EEA to Japan or other countries. When transferring User Information from the EEA to outside the EEA, they may be required to take certain additional measures to protect such User Information. However, some countries outside the EEA, including Japan, have been recognized by the European Commission as having adequate data protection ("adequacy decision") https://ec.europa.eu/info/law/law-topic/data-protection_en, and therefore no additional safeguards are required when transferring to these countries. When transferring to countries that do not have such a decision, authorities will provide an appropriate level of protection as required by law.
6. Retention Period for User Information We will retain User Information for a period of three years unless a longer retention period is required or permitted by law.
7. Children's Information We do not knowingly collect or process User Information about children under the age of 16. If we become aware that we have directly collected or processed User Information about a child under the age of 16, or the minimum age equivalent to that under GDPR, which may vary depending on the laws of the EU member states, we will take steps to delete the information as soon as possible.