It is the text from here.

Privacy Policy

You are encouraged to read through this Privacy Policy carefully.

1. Statement on our privacy protection

It is very important for Oita Prefectural Tourism Association (“Tourism Oita” or “we”) to protect your personal information. Therefore, this privacy policy (“the Privacy Policy”) is designed to achieve your understanding of how Tourism Oita, as a data controller, collects and processes the personal information that you submitted or disclosed to us. When we process your personal information received or obtained through third parties, we assume a role as a data controller and process such information pursuant to applicable regulations set by EU and its member nations, and the General Data Protection Regulation No. 2016/679 (“the GDPR”) as the regulation for data protection, among others.

We recommend you read through the Privacy Policy carefully. You do not have to provide your personal information to us when you are not comfortable with us using it in the ways stipulated in the Privacy Policy. Please keep in mind that such a case may result in a situation where you cannot receive our services, get access to, or use partial functions of this website, leading to give some impact on your customer experience.

Please access tourism@we-love-oita.or.jp to contact us for any inquiries or comments on the Privacy Policy.

2. Our processing methods of your personal data

Whenever processing your personal data, we will process it under one of the legal bases stipulated in the GDPR (Articles 6 and 7). Moreover, we ensure that we will process your sensitive personal data, such as trade union membership, religious belief, or health status, pursuant to the special rules set forth in the GDPR (Articles 9 and 10).

We will collect and process your personal data to serve the following purposes. Achieving these purposes is required for us to seek our legitimate interests and provide you with satisfactory services.

  • Marketing activities including online advertising
  • Provision of newsletters and other information aiming for sales promotion
  • Publication of pamphlets
  • Entry registration on competitions or sortition sponsored by us
  • Invitation to office receptions
  • Participation and partnership in activities on social networking services. Participation in our planned or sponsored trips to strengthen mutual exchange
  • Replies to questionnaires and surveys conducted by us
  • Participation in our online training and leaning programs such as an e-learning program
  • Participation in tourism exhibitions
  • Management of lists and contact information of our suppliers and business partners
  • Invoice processing, reporting, and other administrative duties
  • Management of office lease agreements and contract documents
  • Responses to visitors to tourist information centers
  • Information processing in IT matters when you visit our website and use other online services
  • Recruiting
  • Performance evaluation of local staffs
  • Management of staff’s work and health conditions
  • Management of personnel relocation
  • Preparation of business cards
  • Accounting processing and responding to auditing
  • Attendance management and travel arrangement

Based on performance of the contract entered into between you and us, we may collect and process your personal data for the following purposes:

Handling of salaries, bonuses, and expenses
You have the right to withdraw your consent on our processing your personal data anytime; however, please keep in mind that your withdrawal in this regard does not have any influence on the legitimacy of the personal data processing, which has been conducted under your consent before the withdrawal.

In order to achieve these identified explicit and legitimate purposes, we will process your personal data. Further, we will not process your personal data in ways that do not comply with these purposes. When we intend to process your personal data for other objectives or purposes than the initial purpose for which we collected your data, we will confirm with you about such processing. We will store your personal data to the extent necessary for us to ensure provision of adequate services based on our legal obligations and to support such business activities. Please refer to the following for more details about our processing of your personal data.


As part of our tasks related to human resources and employment, we will process our employees’ personal data. Personal data processed for these purposes include their first name and last name, company name, job title, full-time/part-time, telephone number, mobile-phone number, e-mail addresses for business and private use, pay stubs and history, payroll information, health data, resumes, social security/fiscal number, bank account information, etc. We will process such personal data to perform contracts with our employees (GDPR Article 6 (1) (b)). When execution of the contracts does not require processing of personal data, we may process the data in order to manage and maintain a contractual relationship appropriate to the legitimate interests that both our employees and we pursue (GDPR Article 6 (1) (f)). When processing is required, we will process the data according to labor law obligations (GDPR Article 6 (1) (c)). When we process your personal data falling under any specific category such as health data, we will process the data based on your explicit consent (GDPR Article 9 (2) (a)) or employment or health provisions (GDPR Article 9 (2) (b) and (h)).

In addition, for the purpose of marketing and public relations activities, we will process your personal data. Personal data processed for these purposes include photographs for photography contests, e-mail addresses to send newsletters, press releases, pamphlets, etc. Since we operate online, we may process personal data necessary to deliver online advertisements or provide information through social networking services, such as IP addresses, e-mail addresses, personal interests. For the purpose of our legitimate interests, we will process such personal data so that we can provide various services to you and you can receive our services (GDPR Article 6 (1) (f)). We will seek to obtain your consent before providing any advertisements or information to you, when mutual consent is required.

We will process personal data of our members, customers, business partners, contractors, vendors, seminar participants and their respective employees for the purposes of arrangement of services (e.g., e-learning, online training) and events (e.g., trips to strengthen mutual exchange), as well as provision of survey, reporting, and follow-up documents for such services and events. Such personal data include third-party first and last name, address, telephone number, e-mail address, and other useful information. We will process such personal data to perform contracts with third parties (GDPR Article 6 (1) (b)). When execution of the contracts does not require processing of personal data, we may process the data in order to provide services appropriate to achieve the legitimate interests that both the third parties and we pursue (GDPR Article 6 (1) (f)). When we process your personal data falling under any specific category such as health data, we will process the data based on your explicit consent (GDPR Article 9 (2) (a)).

We will process third-party personal data related to general administration tasks and IT issues. The tasks and issues include handling of office lease agreements and contract documents, and information processing of visitors to tourist information centers and IT-related matters when you visit our website and use other online services. We will process such personal data to perform contracts with third parties (GDPR Article 6 (1) (b)). However, when processing is not required, we may process the data in order to provide services appropriate to achieve the legitimate interests that both the third parties and we pursue (GDPR Article 6 (1) (f)). When your personal data are used for other purposes, we will ask for your consent in this regard (GDPR Article 6 (1) (a)).

3. Types of personal data that we use

We need to collect the abovementioned personal data necessary to achieve each of the purposes described in the Privacy Policy.

We can obtain such personal data directly from you if you provide us with it, for example, by inputting and submitting formats posted on this website. Also, we can obtain the data indirectly from you through your own electronic communication device or Internet browsers. We will process personal data that is enough, relevant, and only to the extent necessary for achieving the purposes certainly.

4. How we share your personal data

Within the scope of GDPR provisions, we are allowed to share your personal data between Tourism Oita’s offices and third parties. When we share your personal data with a data processor, we will comply with legal frameworks appropriate and applicable to transferring and processing such data. In addition, if we share your personal data with any entities located out of the European Economic Area (“EEA”), we will comply with legal frameworks appropriate and applicable to transferring the personal data to such entities, and in particular, the standard contractual clauses for “controller-to-controller transfer” (2004/915/EC) and “controller-to-processor transfer” (2010/87/EU) (GDPR Article 44 ff .) approved by the European Commission.

Strategic partners

Based on your prior consent, we may transfer your personal data to our strategic partners that cooperate with us to provide services, or that support our marketing activities to customers. In that case, such strategic partners may store and process your relevant personal data. We ensure that your personal data will be shared only between such strategic partners and us in order to provide or improve our services and advertisements.

Service providers

We will share your personal data with companies providing services on behalf of us. Such services include hosting, maintenance, support services, e-mail services, marketing, auditing, execution of your orders, payment procedures, information analysis, provision of customer services, customer research and customer satisfaction surveys.

Affiliated companies and inter-enterprise transactions

We may share your personal data with affiliated companies of Tourism Oita. We may transfer all of the personal data that we possess to the relevant third party upon occurrence of merger, rehabilitation, acquisition, joint venture, assignment, divestiture of a business, transfer, sale, or disposition of all or part of our businesses including events related to bankruptcy or similar procedures.

Legal compliance and security

We may need to disclose your personal data based on laws, legal proceedings, judicial actions and/or requests of non-governmental and governmental authorities within or outside your residential country. In addition, when we deem it necessary or appropriate to disclose your personal data for national security, law enforcement, and other publicly important issues, we may disclose your data.

Moreover, we may disclose your personal data if we find it reasonably necessary in good faith to disclose the data in order to defend our rights, seek available remedies, enable fulfillment of provisions stipulated by us, investigate frauds, or protect our operations or users.

Data transfer

In connection with the abovementioned disclosures, your personal data may be transferred from the European Union to the following countries: Japan, Canada, the United States, Russia, Australia, China, India, Indonesia, South Korea, Malaysia, Singapore, Thailand, the Philippines, and Vietnam. Such transfer may be conducted in order that vendors and service providers provide Tourism Oita with their services and useful information is shared within Tourism Oita with absolute certainty. We will ensure that we apply a satisfactory level of protection to such personal data to be transferred, by complying with standard contractual clauses provided in the Resolution of the European Commission (2001/497/EC, 2002/16/EC, 2004/915/EC, and 2010/87/EU) or any standard data protection clauses that the European Commission adopted based on GDPR Article 46 (2) (c).

5. Records of our data processing

Whenever we process personal data, we will manage processing records of all personal data based on the obligations stipulated in GDPR (Article 30). In the records, we will include all the information necessary to observe GDPR provisions or to cooperate with the supervisory authorities required by GDPR (Article 31).

6. Safeguards for security

We will make sure to process your personal data under protection with appropriate security measures, including protection from unauthorized or illegal processing, accidental loss, destruction, or damage. We will implement appropriate technical and organizational measures to realize this level of protection (GDPR Articles 25 (1) and 32).

Unless our retention period is extended due to request or permission based on law, we will retain your personal data only for the period required to achieve the purposes stipulated in the Privacy Policy.

7. Notification of personal data leakages to supervisory authorities

In preparation for security breaches leading to accidental or illegal corruption, loss, alteration, unauthorized disclosure of, or access to personal data transferred, stored or processed by other methods, we have put in place the system and policy to conduct rapid responses to such a breach, including their identification and evaluation. Based on an evaluation result of the breach, we will notify them to the supervisory authorities as necessary and inform the affected data subjects including you of the result (GDPR Articles 33 and 34).

8. Processing that may expose your rights and freedom to a high risk

We have put in place the system and policy to identify data processing activities that may expose your rights and freedom to a high risk (GDPR Article 35). When we identify such a data processing activity, we will assess it internally and suspend it. If we continue the identified processing activity, we will make sure that the activity is in line with GDPR provisions or that we have appropriate technical and organizational safeguards against it.

For suspected data processing activities, we will inform the competent supervisory authorities in charge of data protection about the said effect for the purpose of consultation (GDPR Article 36).

9. Your rights

You possess the following rights relating to your personal data that we collect and process.

  • Information related to processing of personal data: The right to obtain from us the necessary information related to processing activities of your personal data (GDPR Articles 13 and 14).
  • Access to personal data: The right to confirm with us regarding the processing status of your personal data. Also, when your personal data have been processed, you are entitled to gain access to the relevant personal data and its related information (GDPR Article 15).
  • Amendment or erasure of personal data: The right to make us amend inaccurate personal data concerning you without any undue delay and compensate for any lack of personal data to make the data complete (GDPR Article 15). You can force us to erase inaccurate personal data concerning you without any undue delay, when a specific legal condition is applicable (GDPR Article 17).
  • Limit on processing of personal data: The right to limit processing of personal data concerning you if a specific legal condition is applicable (GDPR Article 18).
  • Objection to processing of personal data: The right to take objection to processing of personal data concerning you on the basis related to your situation, when a specific legal condition is applicable (GDPR Article 21).
  • Portability of personal data: The right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit the relevant personal data to another data controller without hindrance from us, when a specific legal condition is applicable (GDPR Article 20).
  • No need to follow automated decision-making: The right not to follow decision-making conducted automatically based on processing of your personal data including profiling, when a specific legal condition is applicable (GDPR Article 22). This right, however, can be executed only if procedures for such decision-making will have legal or similar impact on you.

When you intend to execute any of the abovementioned rights, you are required to contact the section described below. If you are not satisfied with our responses to your requests, or if you have any complaint about it, you may file a claim to the supervisory authorities in charge of data protection.

10. Children

The target of our services is adult customers. Therefore, we will not collect and process information related to children below the age of sixteen (16) intentionally. If it turns out that we have intentionally collected and processed information related to children below the age of sixteen (16) or children deemed to be equivalent to the age of sixteen in the relevant jurisdiction, we will delete such information as soon as possible. If you find out that children below the age of sixteen (16) have provided us with their personal information, please inform us of that effect immediately by using the e-mail address described at the end of the Privacy Policy.

11. Links to other websites

We may place on this website hypertext links to third-party websites or materials posted on the Internet. We do not manage and cannot be responsible for privacy practices and content by such third parties. We encourage you to read through privacy policy published by the abovementioned third parties in detail, in order to understand how they collect and process your personal data.

12. Updating of the Privacy Policy

The Privacy Policy is subject to revision and update. A revised or updated version of the Privacy Policy will be valid at the time of posting the revised Privacy Policy on this website. Regarding any revision or update, which is deemed important, we will obtain your consent as necessary by notifying you of such change through the website wherever possible.

Contact

Please contact us by e-mail if you have any questions or requests related to the Privacy Policy.
E-mail address: tourism@we-love-oita.or.jp