In today’s advanced information and communications society, the Osaka Convention & Tourism Bureau (“we,” “our”, and “us”) acknowledges the importance of protecting personal information. Therefore, we are committed to protecting the personal information of the users (“you”/“your”) of our services (“Services”) based on the following policy (“Policy), which is our basic policy for properly handling your personal information.
If you are a resident of the European Economic Area (“EEA”), please see the Appendix to this Policy (“Appendix”) for additional information regarding our use of your personal information. This Appendix has precedence over the main body of this Policy to the extent a discrepancy exists between any provision of the Appendix and in the main body of this Policy.
1. Compliance with laws and regulationsWe shall comply with the Act on the Protection of Personal Information (Act No. 57, 2003) as well as other applicable laws and regulations, and guidelines stipulated by relevant government ministries and agencies.
2. Information we may collect about you
We may collect and process the following categories of users’ personal information (“User Information”) for the purposes specified in this Policy.
2.1 Information you provide to us
We may collect and process the information you provide to us when using the Services, including your name, username, password (including authentication information when using the external linkage function), email address and other contact details, and the User Information contained in a survey response, complaint, or inquiry you send to us.
2.2 Information automatically collected
We may automatically collect and process details of your visit to the Websites or the Applications or when you access them, as well as the information collected through cookies and other similar technologies. This information includes your IP address, domain name, browser information, operating system, traffic data, language preference, country, location data, and information about how and when you use our Websites or Applications.
2.3 Information collected from other sources
We may collect and process information about you from other sources, such as public databases, business partners, marketing service providers, and social media.
3. Notice or disclosure of purposes of use We shall notify you about or disclose our purposes of use when we collect and process the User Information, unless the purpose is provided in applicable laws or regulations.
4. Purposes of use and their legal basis
4.1 We might collect and process your User Information to pursue our legitimate interests as detailed below:
(1) To ensure that content from the Websites or Applications is presented in the most effective manner for you;
(2) To notify you about a change to our Services;
(3) To manage your account;
(4) To perform our obligations arising from an agreement between you and us;
(5) To respond to your requests and inquiries;
(8) To conduct data analysis, research, or audits;
(9) To provide, improve, or develop our Services;
(10) To undertake procedures and communication regarding applying for a meeting or event hosted by us; and
(11) To ensure continuity in our business.
4.2 Subject to obtaining your express prior consent, we may also collect and process the User Information for the following purposes:
(1) To provide you with information which might be of your interest;
(2) To provide information on our projects, services, or products;
(3) To send out our newsletters or online magazines;
(4) To conduct business analysis;
(5) To share the User Information with third-party partners who could send you information regarding their products and services; and
(6) Other purposes made explicit when collecting your information.
Please be advised you are entitled to withdraw your consent at any time, but it will not affect the legality of our processing your information based on your consent before your withdrawal thereof.
5. Providing User Information to a third party
We will not provide the User Information to a third party without your approval, except in situations stated in applicable laws.
6. Handling User Information
We shall maintain the accuracy and recency of the User Information. Moreover, we shall take appropriate measures to safeguard the User Information from leakage, loss, damage, tampering, and any other unauthorized disclosure. We appoint the Head of our General Affairs Team to be the person responsible for managing the User Information and shall take appropriate measures to properly manage it.
7. Using cookies Cookies are small text files that are placed on your computer or mobile phone when you visit a website. They are widely used to make websites work or work more efficiently. Cookies are used on the Websites and Applications, and help them to recognize your device and to remember information about your use of our Services.
We use analytical tools such as Google Analytics to understand how you access and use the Websites or Applications. In addition, Google, Cyber Communications Inc. (CCI) and other companies listed below obtain cookie data by means of DMP technology on the Websites or Applications for more effective advertisement distribution.
Google Analytics（https://support.google.com/analytics/answer/6004245?hl=en and Ad personalization)
hl=en and Ad personalization（https://policies.google.com/technologies/partner-sites?hl=en-GB)
Data Policy（https://en-gb.facebook.com/privacy/explanation and Cookies & other storage technologies https://www.facebook.com/policies/cookies/）
other storage technologies（https://www.facebook.com/policies/cookies/）
9. Disclosure, correction, suspension of use, and cancellation We shall promptly reply to any request from you concerning disclosure, correction, suspension of use, or cancellation of your User Information.
10. Establishment and enforcement of Personal Information Protection Regulations To implement this Policy, we shall establish a Personal Information Protection Compliance Program and keep all our personnel well-informed about this Policy through training and education programs. We shall continuously improve it to maintain the best quality.
11. Contact regarding this Policy
For any questions concerning this Policy, please send your inquiries to:
Osaka Convention & Tourism Bureau
5F Resona Semba Bldg.4-4-21 Minami-Semba, Chuo-ku, Osaka 542-0081
General Affairs Team: (Tel) +81-6-6282-5906 (Fax)+81-6-6282-5915
Office hours: 9:00 A.M. to 5:30 P.M.
12. Updates to this Policy We might change the content of the Services, and consequently, this Policy could change in the future. If we change this Policy, we shall update the date it was last changed below.
Handling of User Information for EEA residents
The “Handling of User Information for EEA residents” described in this Appendix intends to inform you about how we collect and process the User Information protected under the General Data Protection Regulation No 2016/679 (the “GDPR”). We shall collect and process the User Information in accordance with the GDPR and other applicable laws. This Appendix has precedence over the main body of this Policy to the extent a discrepancy exists between any provision of the Appendix and in the main body of this Policy.
1. Controller’s name and contact detailsWe are the controller for the User Information under the GDPR, unless otherwise stated.
Osaka Convention & Tourism Bureau
Postal address: 4-4-21 Minami-Semba, Chuo-ku, Osaka 542-0081
Email address:[email protected]
2. Complaint with a supervisory authority
You have the right at all times to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or the place of an alleged infringement of the GDPR. Please follow this link to see a list of supervisory authorities
We would, however, appreciate the chance to address your concerns before you report to a supervisory authority, and so, please contact us beforehand.
3. Sharing User Information
We might share the User Information with the following third parties in compliance with applicable laws..
(1) Service providers
We might outsource all or part of the User Information processing to companies that provide services on our behalf, such as hosting, maintenance, support services, email services, marketing, auditing, payment processing, data analysis, and providing customer service.
(2) Business partners
The User Information might be transferred to, stored, and further processed by business partners that work with us to provide products, services or advertisements, or help us market ourselves to new users, subject to your prior consent.
(3) Affiliates and business integration
We might share the User Information with our affiliates. Moreover, in the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceeding, we might transfer any and all User Information to the relevant third party.
(4) Legal compliance, etc.
It might be necessary for us to disclose the User Information due to a law, legal process, litigation, or request from a public and governmental authority. We might also disclose the User Information if we determine the disclosure is necessary or appropriate due to purposes of national security, law enforcement, or other issues of public importance.
(5) Remedies, etc.
We might also disclose the User Information if we determine in good faith that the disclosure is reasonably necessary to protect our rights and pursue available remedies to enforce our terms and conditions, investigate fraud, or protect our operations or users.
4. Your rights
You have the following rights under the GDPR. If you were to assert these rights, please contact us by using the contact address specified in this Policy.
(1) Right to be informed
You have the right to obtain from us information regarding our data processing activities that concern you.
(2) Right to access
You have the right to obtain from us our confirmation as to whether or not we are processing the User Information; and if so, you have the right to access your User Information. In addition, you have the right to receive copies of your User Information processed by us.
(3) Right to rectification
You have the right to ask us to rectify your User Information that you think is inaccurate. You also have the right to ask us to complete your User Information that is incomplete.
(4) Right to erasure (Right to be forgotten)
You have the right to ask us to erase your User Information without undue delay in certain circumstances.
(5) Right to restriction
You have the right to ask us to restrict the processing of your User Information in certain circumstances.
(6) Notice regarding rectification, erasure, or restriction of User Information
We will communicate any rectification or erasure of your User Information or restriction of processing your User Information carried out in accordance with above Paragraphs (3), (4) and (5) to each recipient to whom your User Information was disclosed, unless this proves impossible or involves a disproportionate effort. We will inform you about those recipients, if you so request.
(7) Right to data portability
You have the right to receive your User Information, in a structured, commonly used, and machine-readable format, and have the right to transmit that information to another controller in certain circumstances.
(8) Right to object
You have the right to object at any time to our processing your User Information which is based on the legitimate interests pursued by us or a third party. Furthermore, where your User Information is processed for direct marketing purposes, you have the right to object at any time to our processing your User Information for such marketing.
(9) Not to be subject to automated decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
5. Transfer of User Information out of the EEA We may transfer the User Information out of the EEA to Japan or other countries. When we transfer the User Information from inside the EEA to outside the EEA, we might be required to take specific additional measures to safeguard the relevant User Information. However, when we transfer the User Information to certain countries outside the EEA (including Japan) which have been approved by the European Commission as providing an adequate level of data protection (“Adequacy Decisions” )https://ec.europa.eu/info/law/law-topic/data-protection_en, we are not required to take such additional measures. When we transfer the User Information to countries not approved in an Adequacy Decision, we shall maintain the appropriate standards required by applicable laws.
6. Retention period We shall retain the User Information for three (3) years unless a longer retention period is required or permitted by law.
7. Information from minors We may not knowingly collect and process User Information about children under sixteen (16) years old. If we discover that we have collected and processed User Information about a child under sixteen (16) years old directly, or the equivalent age of minority depending on the concerned jurisdiction, we shall take steps to delete the information as soon as possible.