We take your privacy seriously. When we process your personal data, we commit ourselves to ensure compliance with applicable personal data protection laws, including the Act on the Protection of Personal Information of Japan (the “APPI”), the General Data Protection Regulation of the European Union as applied in the European Economic Area and the said regulation as transposed to and applied as a domestic law in the United Kingdom pursuant to the Data Protection Act 2018 of the said country (the “GDPR”).
This Privacy Policy is intended for our guests from the European Economic Area and the United Kingdom, explaining how we collect, use, disclose and/or store your personal data in connection with your visit and use of our website “VISIT OKINAWA JAPAN” (https://visitokinawajapan.com/) (the “Website”).
In this Privacy Policy, “we”, “us” and “our” refer to Okinawa Convention & Visitors Bureau, a general incorporated foundation, established at Okinawa Industrial Support Center 2nd Floor, 1831-1 Oroku, Naha City, Okinawa, Japan 901-0152.
We may, from time to time, amend, add to, or delete part of this policy. You can obtain the latest version at the following link: https://visitokinawajapan.com/privacy-policy-eea-and-uk
1. How we collect and use your personal data (Purposes)
When you use our Website, we collect and use the following categories of your personal data for the respective purposes on the respective lawful grounds as described below.
(1) Responding to your inquiries
When you make inquiries to us by email or over the phone and we response to them, we collect your personal data such as your contact details (e.g., your name, email address, telephone number), what information you requested from us and our response. We do so on the lawful ground that such processing of your personal data is necessary for the purpose of our legitimate interests, namely serving you by providing you with the information you request from us.
(2) Surveying on the Website usage
When you visit the Website and interact with it, we collect your personal data, including your source IP address, browser type/version, operating system/version, the pages served, time, your approximate location (countries), the preceding page views (what web page you come from) and other technical data about your usage of the Website, including unique identifiers (“Device Identifiers”) by which we could identify the web browser you use to access the Website. We refer to the categories of data described above collectively as the “Automatically Collected Data”.
We analyze the Automatically Collected Data to obtain insights about the usage of the Website, including the demographic composition of our audience and the popularity of each page, item, and article. These insights help us provide contents that better fit with the demand from our audience. Such processing of your personal data is based on the lawful ground that it is necessary for the purpose of our legitimate interest, namely serving you better by improving the Website. Such processing is by no means aimed at profiling you in order to personalize contents shown to you on the website according to your profile.
(3) Improving the Website security
In addition to the purpose (2) above, we monitor the Website and analyze the Automatically Collected Data in order to detect and prevent unlawful use and security breach of the Website, on the lawful ground that such processing is necessary for the purpose of our legitimate interest, namely, protecting you and the Website from any security threat.
(4) Facilitating your interaction with social network services
When you click on the social buttons placed on the Website, we enable you to share your favorite items or articles along with your comments thereof with your friends on your social network timelines (Facebook, Twitter and Pocket). Such processing is based on the lawful ground of your consent. When you voluntarily share items and articles by clicking on the social buttons, we deem that you give us consent to our facilitating such sharing.
2. Cookie and similar technologies
We and certain third parties deploy cookies and other similar technologies on the Website, where we use data processing or storing capabilities of your browser or we read data from your browser, in order to collect some of the Automatically Collected Data for the purposes described above. Except where the use of these technologies is strictly necessary to provide you with services you requested, we ask for your prior consent thereto.
You can find the full information about how we deploy these technologies here. You can, at any time, withdraw your consent or customize your cookie settings here.
3. Who we share your personal data
We disclose your personal data to the following third-parties:
(1) Web analytics service provider
We engage web analytics service providers to collect and analyze the Automatically Collected Data and disclose such data to such providers for the purpose (2) above.
(2) Social network operators
Where, based on your consent, we enable you to share your favorite items or articles on your timelines with some social network services, we disclose your personal data (your identity, your comments, and your favorite items or articles) to such social network operators, e.g., Facebook, Twitter, or Pocket for the purpose (4) above.
(3) Other service providers
We may use third-party service providers to process your personal data for purpose(s) as described above, and disclose your personal data to such providers. They act as processors in the meaning of the GDPR, and are bound by contracts with us to process your personal data only on our instruction and only for the purpose designated by us, commit themselves to confidentiality, and have appropriate security measures in place.
(4) Business successors
In the event that we sell or transfer a portion or all of our business, your personal data we have collected may be transferred by us to the purchasing or acquiring entity as part of the transaction. We will continue to ensure the confidentiality of your personal data before such transaction occurs, and after such transaction, we will delete your personal data we have collected as soon as reasonably practicable after such transaction.
(5) Competent public authorities
We may be obliged to disclose your personal data we have collected, as required by law, regulation or order, to investigative, judicial, and regulatory authorities. We may also be required to disclose your personal data we have collected to competent data protection authorities in order for them to investigate privacy complaints filed by you or any data breach incidents involving your personal data.
(6) Other third parties
Where necessary for the purposes described above, for example, where we need to ask for advice or further information in order to respond to your inquiry, we may disclose your personal data to relevant third parties. Where we find it out of your reasonable expectation to disclose your personal data to particular third parties, we ask for your consent thereto before we do so.
4. How long we use your personal data
We will continue to retain your personal data for as long as necessary for each purpose specified above. When we no longer require your personal data for the purpose, we will destroy them or irreversibly anonymize them so that the processed data could never be used to identify you.
5. International transfer of your personal data
We regularly transfer your personal data as described above to the following entities (the “Recipients”) for the purposes described above, which are located outside of the European Economic Area:
- ・Our analytics service providers (Google Analytics);
- ・Social network operators (Facebook, Twitter, Pocket);
- ・Other service providers.
Where the Recipients are located in Japan, your personal data is protected in accordance with the APPI. The European Commission has decided that Japan ensure an adequate level of data protection (the “Adequacy Decisions”) and that personal data can be lawfully transferred to Japan without requiring any specific authorization.
Where we need to transfer your personal data to countries or territories that are not covered by the Adequacy Decisions, we will protect your personal data by virtue of data transfer contracts with the concerned Recipients in line with the Standard Contractual Clauses adopted the European Union or the United Kingdom pursuant to the GDPR.
6. Data security
We systematically assess information security risks of the Website, establish and implement appropriate security control to avoid or mitigate such risks, and periodically review and improve its implementation to ensure effective protection of your personal data.
7. Children’s privacy
We are committed to complying with all applicable laws and regulations regarding the collection, storage and use of personal data concerning children. The Website is intended for a general audience; it is not directed to children and we do not knowingly collect personal data from anyone under the age of 16. If you are a parent or guardian and are concerned that your child has provided his/her personal data to us without your consent, you should contact us, so that we can immediately destroy such data.
8. Sensitive personal data
We usually do not collect or use sensitive personal data as defined in Article 9 and 10 of the GDPR. Where we collect and use sensitive categories of your personal data, we will obtain your prior and explicit consent thereto, unless we are required to do so in order to perform our statutory obligations or to protect vital interest of you or another person in emergency.
9. Your legal rights
Provided that certain conditions are met, you have legal rights to request from us the following:
- ・Access to your personal data and to certain supplementary information covered by this policy;
- ・Correction of your personal data if inaccurate or incomplete;
- ・Erasure of your personal data;
- ・Suspension of using your personal data;
- ・Stopping processing your personal data; and
- ・Obtaining your personal data in a structured, commonly used, and computer-readable format; and
-
・Withdraw your consent you have previously given to us at any time.
If you wish to exercise your right, please contact us.
10. Complaint
You can lodge complaints about how we process your personal data with data protection supervisory authorities. You can find your local supervisory authority at the following link: https://edpb.europa.eu/about-edpb/about-edpb/members_en
11. Our contact
If you have any privacy concern, complaint or inquiry, or if you wish to exercise your legal rights, please contact our representative:
Our representative in the EEA countries:
As we are based outside of the EU, Article 27 required that we appoint an EU representative to handle certain data subject requests and queries. In compliance with this, we have appointed DataRep* to act as our representative. Any queries requiring the input of our representative, should please be directed to them as follows:
*’DataRep’ is the trade name of ‘Data Protection Representative Limited’
- ・sending an email to DataRep at datarequest@datarep.com quoting <Okinawa Convention & Visitors Bureau> in the subject line,
- ・contacting us on our online webform at www.datarep.com/data-request, or
- ・mailing your inquiry to the following address;
DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
Please note that if you choose to mail your enquiry, it is essential that you mark your letters for ‘DataRep’ and not ‘Okinawa Convention & Visitors Bureau’, or your enquiry may not reach them. Please refer clearly to Okinawa Convention & Visitors Bureau in your correspondence.
Our representative in the United Kingdom:
As we are based outside of the UK, Article 27 required that we appoint an UK representative to handle certain data subject requests and queries. In compliance with this, we have appointed DataRep to act as our representative. Any queries requiring the input of our representative, should please be directed to them as follows:
- ・sending an email to DataRep at datarequest@datarep.com quoting <Okinawa Convention & Visitors Bureau> in the subject line,
- ・contacting us on our online webform at www.datarep.com/data-request, or
- ・mailing your inquiry to the following address;
DataRep, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom
Please note that if you choose to mail your enquiry, it is essential that you mark your letters for ‘DataRep’ and not ‘Okinawa Convention & Visitors Bureau’, or your enquiry may not reach them. Please refer clearly to Okinawa Convention & Visitors Bureau in your correspondence.