We strive to handle personal information in a manner which is consistent with the local privacy laws that apply in the various international jurisdictions in which JNTO operates.
Collection of personal information
The types of personal information that we collect will depend on the nature of your dealings with us. For example, we may collect personal information directly from you when you:
- Subscribe to any of our publications or register to receive brochures;
- Apply to attend or exhibit at a JNTO event, or enter a promotion or competition;
- Have business dealings with us (whether as an employee of one of our external service providers, or if you work for any agencies or companies we deal with, or in the context of a transaction, or if you volunteer personal information to us).
We need to collect personal information so that we can provide you with the publications or services you have requested. The particular purpose for which we collect personal information will either be explained when we collect that information, or will be obvious from the context in which it is collected.
Access to personal information
You have the right to request access to any information held by JNTO, which relates to you. You also have the right to request the correction of any information which relates to you and is inaccurate. Any request for access or corrections should be advised to us in writing.
Online Privacy Issues
In general, you can visit our websites without telling us who you are or revealing any personal information about yourself. However there are times when we may need to collect personal information from you.
For instance, if you register to receive our brochures, publications, attend an event, or participate in a competition, we may be required to collect some personal information from you.
In general on our website, IP addresses are logged to track a user’s session while the user remains anonymous. We may analyze this data for certain trends and statistics, such as which parts of our site users are visiting and how long they spend there. When we receive information about your session or about you, we may also use it for research or to improve our site and the services we offer you.
We strive to ensure the security, integrity and privacy of personal information submitted to our sites, and periodically updates its security measures in light of current technologies.
You need to be aware of inherent risks associated with the transmission of information via the Internet. We cannot guarantee or warrant the security of any personal information you submit to our sites. If you have concerns in this regard, we have other ways of obtaining and providing information. Normal mail, telephone and fax facilities are available.
Our website may also be linked to websites operated by third parties. These links are meant for your convenience only. Links to third party sites do not constitute sponsorship or endorsement or approval of these sites. Visitors to those sites should refer to their separate privacy policies and practices.
- By Email: email@example.com
1. OUR PRIVACY STATEMENT
2. HOW DO WE USE YOUR PERSONAL DATA?
We may collect and process your personal data for the following purposes:
Ⅰ. Purpose: Marketing and Public Relations (PR) Activities
We may have legitimate interest in collecting, directly or/and indirectly, and processing your personal data for the purpose in question, which is required to provide our services, organize business events and contests, send information and communicate with the press, send the requested brochures/newsletters to data subjects, update the social networking pages and improve our online presence, reply to enquiries etc. In certain processing activities the processing may rely on the consent given by the data subject to the processing of his/her personal data for a specific purpose. If we need to process any special category of personal data from you (e.g., health data), we will do it subject to your explicit consent (Article 9(2)(a) GDPR),.
Ⅱ. Purpose: Business Operations
We may have legitimate interest in collecting, directly or/and indirectly, and processing your personal data for the purpose in question, which is required to organize the familiarization/media trips and make all the necessary arrangements regarding travel and accommodation, organize e-learning programs, business events, seminars etc., maintain operational contact details, manage and evaluate our relationship with the business partners and communicate with them. If we need to process any special category of personal data from you (e.g., health data), we will do it subject to your explicit consent (Article 9(2)(a) GDPR), or further to employment or health regulations (Articles 9(2)(b) and (h) GDPR). In certain processing activities the processing may rely on the consent given by the data subject to the processing of his/her personal data for a specific purpose.
Ⅲ. Purpose: Information Technology (IT) and General Administration
We may have legitimate interest in collecting, directly or/and indirectly, and processing your personal data for the purpose in question, which is required to keep record of and ensure contract management of lease agreement for EEA office space/buildings, enable employees to utilize the Cybozu cloud services and process visitors' personal data for security measures
We will keep your personal data only for as long as it is necessary for us to comply with our legal obligations to ensure that we provide an adequate service, and to support its business activities (Article 5 and 25(2) GDPR).
3. HOW DO WE SHARE YOUR PERSONAL DATA?
We may share your personal data between the offices of Organization and with third parties in accordance with the GDPR. Where we share your data with a data processor, we will put the appropriate legal framework in place in order to cover such transfer and processing (Articles 26, 28 and 29 GDPR). Furthermore, where we share your data with any entity outside the European Economic Area, we will put appropriate legal frameworks in place, notably controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) Standard Contract Clauses approved by the European Commission, in order to cover such transfers (Articles 44 GDPR).
Strategic Partners (operating as Controllers)
Your personal data may be transferred to, stored and further processed by our strategic partners that work with us to provide our products and services or help us conduct business with customers and provide assistance with managing our relationship with our staff. We may currently share your personal data with the following categories of partners: suppliers, e.g. travel services, airlines, travel insurance, project management service providers, IT service providers, marketing service providers, communication service providers, webinar platform providers, meetings, incentives, conferences and exhibitions (MICE) organization service providers, public authorities, seminar organizers, project contractors, advertising service providers.
Service Providers (operating as Processors)
We share your personal data with companies which provide services on our behalf, such as software companies, consulting companies, suppliers, e.g. travel services, airlines, travel insurance, e-learning platforms providers, project management service providers, IT service providers and consultants, Social Networking Service (SNS) providers (Facebook, Twitter, Youtube, Instagram), IT service providers, PR consultants, meetings, incentives, conferences and exhibitions (MICE) organization services, project contractors, project management services and service providers social insurance.
Corporate Affiliates and Corporate Business Transactions
We may share your personal data with all Organization’s affiliates. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to the relevant third party.
Legal Compliance and Security
It may be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – to disclose your personal data. We may also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.
Such disclosures may involve transferring your personal data out of the European Union to Japan. Such transfer may take place in order to ensure the provision of services by vendors and service providers to the Organization, and the sharing of useful information within the Organization. For each of these transfers, we make sure that we provide an adequate level of protection to the data transferred, in particular by entering into standard contract clauses as defined by the European Commission decisions 2004/915/EC and 2010/87/EU, or by any standard data protection clauses adopted by the European Commission pursuant to Article 46(2)(c) of the GDPR. You may obtain a non-confidential copy of the mentioned safeguards of transfers we carry out by contacting us. Please see our contact details below.
4. OUR RECORDS OF DATA PROCESSING
We handle records of all processing of personal data in accordance with the obligations established under the GDPR (Article 30)both where we might act as a controller or as a processor . In these records, we reflect all the information necessary in order to comply with the GDPR and cooperate with the supervisory authorities as required (Article 31).
5. SECURITY MEASURES
We process your personal data in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage. We use appropriate technical or organisational measures to achieve this level of protection (Article 25(1) and 32 GDPR).
6. NOTIFICATION OF DATA BREACHES TO THE COMPETENT SUPERVISORY AUTHORITIES
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you (Articles 33 and 34 GDPR).
7. PROCESSING LIKELY TO RESULT IN HIGH RISK TO YOUR RIGHTS AND FREEDOMS
We have mechanisms and policies in place in order to identify data processing activities that may result in high risk to your rights and freedoms (Article 35 GDPR). If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organizational safeguards are in place in order to proceed with it.
In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations (Article 36 GDPR).
8. YOUR RIGHTS
You have the following rights regarding personal data collected and processed by us.
- Information regarding your data processing: You have the right to obtain from us all the requisite information regarding our data processing activities that concern you (Articles 13 and 14 GDPR).
- Access to personal data: You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain related information (Article 15 GDPR).
- Rectification or erasure of personal data: You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay, and to complete any incomplete personal data (Article 15 GDPR). You may also have the right to obtain from us the erasure of personal data concerning you without undue delay, when certain legal conditions apply (Article 17 GDPR).
- Restriction on processing of personal data: You may have the right to obtain from us the restriction of processing of personal data, when certain legal conditions apply (Article 18 GDPR).
- Object to processing of personal data: You may have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, when certain legal conditions apply (Article 21 GDPR).
- Data portability of personal data: You may have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without our hindrance, when certain conditions apply (Article 20 GDPR).
- Not to be subject to automated decision-making: You may have the right not to be subject to automated decision-making (including profiling) based on the processing of your personal data, insofar as this produces legal or similar effects on you, when certain conditions apply (Article 22 GDPR). We inform you that we do not carry out currently automated decision making, including profiling as defined by Article 22 GDPR.
- Withdrawal of your consent: You may withdraw your consent at any time without affecting the lawfulness of processing based on your consent before withdrawal thereof.
If you intend to exercise such rights, please refer to the contact section below.
If you are not satisfied with the way in which we have proceeded with any request, or if you have any complaint regarding the way in which we process your personal data, you may lodge a complaint with a Data Protection Supervisory Authority.
Our products and services are intended for adult customers. Thus, we do not knowingly collect and process any personal data of children under sixteen (16). If we discover that we have collected and processed the personal data of a child under sixteen (16), or the equivalent minimum age depending on the concerned jurisdiction, we will take steps to delete the information as soon as possible.
10. LINKS TO OTHER SITES
We may propose hypertext links from the Website to third-party websites or Internet sources. We do not control and cannot be held liable for third parties’ data protection practices and content. Please read carefully their privacy policies to find out how they collect and process your personal data.