【世界遺産】紀伊山地の霊場と参詣道

Japan Cultural Heritage Regional Cooperative Association PRIVACY POLICY

PLEASE READ THIS PRIVACY POLICY CAREFULLY

1. OUR PRIVACY STATEMENT

The protection of your personal data is of great importance to Japan Cultural Heritage Regional Cooperative Association. This privacy policy (the “Privacy Policy”) therefore intends to inform users, followers, subscribers, (potential) customers, business partners, contractors, vendors, seminar participants and their respective employees and other third parties outside the Committee who are located in the European Economic Area (the “EEA”; each of the aforementioned persons is referred to as a “Customer, Etc.” or “you” throughout this Policy) about how Committee acting as data controller, collects and processes your personal data that you submit or disclose to us. We also act as data controller when we process your personal data received or obtained through third-parties. We process this personal data in accordance with the applicable EU and Member State regulations on data protection in particular, the General Data Protection Regulation No 2016/679 (the “GDPR”).

We encourage you to read this Privacy Policy carefully. If you do not wish your personal data to be used by us as set out in this Privacy Policy, please do not provide us with your personal data. Please note that, in that case, we will not be able to provide you with our services, you will not be able to access or use some features of our websites, and the level of your satisfaction when interacting with us will be impacted by your failure to provide your personal data.

2. HOW DO WE USE YOUR PERSONAL DATA?

For the purposes specified in this Privacy Policy, we process the personal data obtained from you directly (when you decide to communicate such data to us, i.e., when you contact us, or when you fill in forms displayed on the Website) or indirectly (data provided to us by a third-party). We ensure that the personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. We will always process your personal data based on one of the legal basis provided for in the GDPR (Articles 6 and 7). In addition, we will always process your sensitive personal data, for example, concerning your trade union membership, religious views, or health condition, in accordance with the special rules provided for in the GDPR (Articles 9 and 10).
We may collect and process your personal data for the following purposes:

(1)Purpose: Marketing and Public Relations (PR) Activities

We may have legitimate interest in collecting, directly or/and indirectly, and processing your personal data for the purpose in question, which is required to provide our services, organize business events and contests, send information and communicate with the press, send the requested brochures/newsletters to data subjects, update the social networking pages and improve our online presence, reply to enquiries etc. In certain processing activities the processing may rely on the consent given by the data subject to the processing of his/her personal data for a specific purpose. If we need to process any special category of personal data from you (e.g., health data), we will do it subject to your explicit consent (Article 9(2) (a) GDPR),.

(2) Purpose: Business Operations

We may have legitimate interest in collecting, directly or/and indirectly, and processing your personal data for the purpose in question, which is required to organize the familiarization/media trips and make all the necessary arrangements regarding travel and accommodation, organize e-learning programs, business events, seminars etc.,
maintain operational contact details, manage and evaluate our relationship with the business partners and communicate with them. If we need to process any special category of personal data from you (e.g., health data), we will do it subject to your explicit consent (Article 9(2)(a) GDPR), or further to employment or health regulations (Articles 9(2)(b) and (h) GDPR). In certain processing activities the processing may rely on the consent given by the data subject to the processing of his/her personal data for a specific purpose.

(3)Purpose: Information Technology (IT) and General Administration

We may have legitimate interest in collecting, directly or/and indirectly, and processing your personal data for the purpose in question, which is required to keep record of and ensure contract management of lease agreement for EEA office space/buildings, enable employees to utilize the Cybozu cloud services and process visitors' personal data for security measures.

We will process your personal data for all these legitimate purposes listed above, and will not further process the data in a way that is incompatible with these purposes. If we intend to process personal data originally collected for one purpose in order to attain other objectives or purposes, we will ensure that you are informed of such processing purposes.
We may process your personal data based on legal obligation.

We may process your sensitive personal data based on your consent. Please be aware that you are entitled to withdraw your consent at any time without affecting the lawfulness of processing based on your consent before withdrawal thereof.

We will keep your personal data only for as long as it is necessary for us to comply with our legal obligations to ensure that we provide an adequate service, and to support its business activities (Article 5 and 25(2) GDPR).

4. HOW DO WE SHARE YOUR PERSONAL DATA?

We may share your personal data between the offices of Organization and with third parties in accordance with the GDPR. Where we share your data with a data processor, we will put the appropriate legal framework in place in order to cover such transfer and processing (Articles 26, 28 and 29 GDPR). Furthermore, where we share your data with any entity outside the European Economic Area, we will put appropriate legal frameworks in place, notably controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) Standard Contract Clauses approved by the European Commission, in order to cover such transfers (Articles 44 GDPR).

Due to the size and complexity of data processing by Organization, it is not possible to list each recipient of your personal data individually in this Privacy Policy, which is why only categories (and some examples of each category) of recipients are specified in accordance with the requirement under the GDPR.
* Strategic Partners (operating as Controllers)
Your personal data may be transferred to, stored and further processed by our strategic partners that work with us to provide our products and services or help us conduct business with customers and provide assistance with managing our relationship with our staff. We may currently share your personal data with the following categories of partners: suppliers, e.g. travel services, airlines, travel insurance, project management service providers, IT service providers, marketing service providers, communication service providers, webinar platform providers, meetings, incentives, conferences and exhibitions (MICE) organization service providers, public authorities, seminar organizers, project contractors, advertising service providers.
Your personal data will only be shared by us with these companies for the purposes specified above in this Privacy Policy.

* Service Providers (operating as Processors)
We share your personal data with companies which provide services on our behalf, such as software companies, consulting companies, suppliers, e.g. travel services, airlines, travel insurance, e-learning platforms providers, project management service providers, IT service providers and consultants, Social Networking Service (SNS) providers (Facebook, Twitter, YouTube, Instagram), IT service providers, PR consultants,meetings, incentives, conferences and exhibitions (MICE) organization services, project contractors, project management services and service providers social insurance. Your personal data will only be shared by us with these companies for the purposes specified above in this Privacy Policy.

* Corporate Affiliates and Corporate Business Transactions
We may share your personal data with all Organization’s affiliates. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to the relevant third party.

* Legal Compliance and Security
It may be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – to disclose your personal data. We may also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.

* Data Transfers
Such disclosures may involve transferring your personal data out of the European Union to Japan. Such transfer may take place in order to ensure the provision of services by vendors and service providers to the Organization, and the sharing of useful information within the Organization. For each of these transfers, we make sure that we provide an adequate level of protection to the data transferred, in particular by entering into standard contract clauses as defined by the European Commission decisions 2004/915/EC and 2010/87/EU, or by any standard data protection clauses adopted by the European Commission pursuant to Article 46(2)(c) of the GDPR. You may obtain a non-confidential copy of the mentioned safeguards of transfers we carry out by contacting us. Please see our contact details below.

4. OUR RECORDS OF DATA PROCESSING

We handle records of all processing of personal data in accordance with the obligations established under the GDPR (Article 30)both where we might act as a controller or as a processor . In these records, we reflect all the information necessary in order to comply with the GDPR and cooperate with the supervisory authorities as required (Article 31).

5. SECURITY MEASURES

We process your personal data in a manner that ensures their appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage. We use appropriate technical or organizational measures to achieve this level of protection (Article 25(1) and 32 GDPR).

6.NOTIFICATION OF DATA BREACHES TO THE COMPETENT SUPERVISORY AUTHORITIES

In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you (Articles 33 and 34 GDPR).

6.NOTIFICATION OF DATA BREACHES TO THE COMPETENT SUPERVISORY AUTHORITIES

7. PROCESSING LIKELY TO RESULT IN HIGH RISK TO YOUR RIGHTS AND FREEDOMS

We have mechanisms and policies in place in order to identify data processing activities that may result in high risk to your rights and freedoms (Article 35 GDPR). If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organizational safeguards are in place in order to proceed with it.
In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations (Article 36 GDPR).

8. YOUR RIGHTS

You have the following rights regarding personal data collected and processed by us.
– Information regarding your data processing: You have the right to obtain from us all the requisite information regarding our data processing activities that concern you (Articles 13 and 14 GDPR).
   – Access to personal data: You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain related information (Article 15 GDPR).
   – Rectification or erasure of personal data: You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay, and to complete any incomplete personal data (Article 15 GDPR). You may also have the right to obtain from us the erasure of personal data concerning you without undue delay, when certain legal conditions apply (Article 17 GDPR).
   – Restriction on processing of personal data: You may have the right to obtain from us the restriction of processing of personal data, when certain legal conditions apply (Article 18 GDPR).
– Object to processing of personal data: You may have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, when certain legal conditions apply (Article 21 GDPR).
   – Data portability of personal data: You may have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without our hindrance, when certain conditions apply (Article 20 GDPR).
– Not to be subject to automated decision-making: You may have the right not to be subject to automated decision-making (including profiling) based on the processing of your personal data, insofar as this produces legal or similar effects on you, when certain conditions apply (Article 22 GDPR). We inform you that we do not carry out currently automated decision making, including profiling as defined by Article 22 GDPR.
– Withdrawal of your consent: You may withdraw your consent at any time without affecting the lawfulness of processing based on your consent before withdrawal thereof.

If you intend to exercise such rights, please refer to the contact section below. If you are not satisfied with the way in which we have proceeded with any request, or if you have any complaint regarding the way in which we process your personal data, you may lodge a complaint with a Data Protection Supervisory Authority.

9. CHILDREN

Our products and services are intended for adult customers. Thus, we do not knowingly collect and process any personal data of children under sixteen (16). If we discover that we have collected and processed the personal data of a child under sixteen (16), or the equivalent minimum age depending on the concerned jurisdiction, we will take steps to delete the information as soon as possible.

10. LINKS TO OTHER SITES

We may propose hypertext links from the Website to third-party websites or Internet sources. We do not control and cannot be held liable for third parties’ data protection practices and content. Please read carefully their privacy policies to find out how they collect and process your personal data.

11. UPDATES TO PRIVACY POLICY

We may revise or update this Privacy Policy from time to time. Any changes to this Privacy Policy will become effective upon posting of the revised Privacy Policy via the Services. If we make changes, we will inform you of a new Privacy Policy and seek your consent where applicable.

CONTACT

For any questions or requests relating to this Privacy Policy, you can contact us by FAX　81-75-213-3366

Cookie Policy

1. Introduction

We are committed to transparency and the protection of your privacy at Japan Cultural Heritage Regional Cooperative Association ("we" "us"). This document tells you about our information gathering and data processing practices at our website; which is operated by us.

1.1 Cookies

"Cookies" are small capacity text files that are saved in your browser or onto your device when you visit or use websites, applications, or online media, or see online advertising.

There are a number of different types of cookie. The type of cookie provided by us while you are visiting our website is a "first party cookie". This is because it is provided by us and we operate the domain you are accessing. A cookie provided by a company that does not operate the domain you are accessing is called a "third party cookie". While you are visiting our website, we allow third parties to set cookies on your browser (For details, see 2.2 below.).

Each cookie lasts for a different period of time. A "session cookie" will last only while your browser is open. When you close the browser, this cookie will be automatically deleted and your computer will forget you. A "persistent cookie" will survive even after the browser has been closed. As such, this cookie will recognize your device when you browse the internet by opening up the browser again.

1.2 Similar identification technologies

While this document is a Cookie Policy, it is also intended to cover the use of other identification technologies that we can use or which we can be allowed to be used when providing our website. When this Cookie Policy mentions cookies, it should be understood to include such similar technologies:

“Pixel tags” (also called beacons) are small blocks of code installed in a webpage, application, or online advertisement which can retrieve certain information about your device and browser, including, for example, device type, operating system, browser type and version, website visited, time of visit, referring website, IP address, advertising identifiers, and other similar information, and including the cookie that uniquely identifies the device. Pixels provide the means for third parties to set and read browser cookies from a domain that they do not themselves operate and collect information about visitors to that website, with the permission of the website owner.

“Local storage” generally refers to other places on a browser or device where information can be stored by websites, ads, or third parties (such as HTML5 local storage and browser cache). "Browser fingerprinting" is a way to use the technical information transmitted by the devices for the optimization of web content layout (e.g. system fonts, screen resolution, installed plugins, and what platform your browser runs on) to uniquely identify your browser, without installing a persistent identifier (e.g. a cookie) on the device.

2. How do we use cookies?

2.1 The types of cookies

We use following types of cookies:

"Performance cookies": These cookies collect information about how our visitors use our website, such as information regarding which pages visitors go to most often, and whether they get error messages from web pages. These cookies enable us to ensure that the website works properly and that we can fix any errors. We also use this cookie to improve the way the site works and better present content to you.

"Advertising cookies": These cookies are used to deliver relevant advertisements, or to track email marketing or advertising campaign performance. For example, we and our ad partners may rely on information acquired through these cookies to serve you advertisements that may be interesting to you while you are on our website. Similarly, our business partners may use a cookie to determine whether we have served an advertisement and to give us data about how it performed, including information about how you have interacted with them.

2.2 The purposes of cookies and other information

The table below explains the cookies we use and why.

Cookie type
Name (Duration)
Provider
Purpose
References

Performance cookies

Ckid,cktst,dph,fbh0,

ADARA

These cookies are performance cookies used by ADARA to analyze the action taken

(1) Data Policy
https://adara.com/privacy-promise/

(2) Opt Out

Advertising cookies

gcma, ph(2 years)

by users, including page views and the number of unique users.

These cookies are also advertising cookies. These advertising cookies record information about your website activity such as pages you visit so that we can provide you with targeted advertisement on external websites and analyze the effects of such advertisements.

(ex) If you visit the pages regarding hot springs on our website, our advertisements related to hot springs are shown on our website and external websites. We will receive a report in relation to the effect of such advertisement (e.g. how many users made hotel reservations or booked air travel after clicking on our advertisement).

https://adara.com/opt-out/

Advertising cookie

Fr, wd, xs, sb, pl, dpr, datr, c_user(2 years)

Facebook

These cookies are performance cookies used by ADARA to analyze the action taken by users, including page views and the number of unique users.

(1) Data Policy
https://www.facebook.com/about/privacy

(2) About Facebook Ads
https://www.facebook.com/help/769828729705201/

*See "How Ads Work on Facebook" > "How does Facebook decide which ads to show me and how can I control which ads I see?"

Advertising cookies

APISID, DV, HSID, NID, OTZ, SAPISID, SID, SIDCC, SSID, UULE(2 years)

Google

These advertising cookies record information about your website activity, such as pages you visit, so that we can provide you with targeted　advertisements on external websites and analyse the effects of such advertisements.

(ex) If you visit the pages regarding hot springs on our website, our advertisements related to hot springs are shown on external websites, and we will receive a report regarding the effect of such advertisements.

(1) Privacy Policy
http://www.google.co.jp/intl/en/policies/privacy/
Advertising http://www.google.co.jp/intl/en/policies/technologies/ads/
Remarketing https://support.google.com/adwords/answer/2453998

(2) Settings for Google ads
http://www.google.com/ads/preferences/

*To opt out of DFP(DoubleClick for Publishers) or DFA(DoubleClick for Advertisers) configure "Opt out of interest-based Google ads across the web"

Performance cookies

ga (as long as the service is operated),gat (1 minute),gid (24 hours)

Google

These cookies are used by Google to monitor traffic levels, search queries and visits to our websites.
Google Analytics stores internet protocol ("IP") addresses on its servers in the US. An IP address is a unique number assigned to each device (such as your computer) that allows it to communicate with other devices on a computer network (such as modems, printers or other computers).

Google allows us to view the report with regards to users who visited our website on an anonymous basis. The report includes:

(a)how many people visited our website, and
(b)how users visited our website (e.g. by clicking specific advertisement); and
(c)the devices used by users to visit our website (e.g. PC or smartphone).

We also use Google Analytics Advertising Features on our website, and we can create segments for targeting advertisement on Google Analytics and check the report regarding the nature of users (e.g. gender, generations, or interests) who viewed our advertisement based on the data on Google AdWords.

(1) "How Google uses data when you use our partners' sites or apps" www.google.com/policies/privacy/partners/

(2) Google Analytics Opt-out Browser Add-on https://tools.google.com/dlpage/gaoptout?hl=en

(3) For Google Analytics Advertising Features, please refer to the following link.
https://support.google.com/analytics/answer/2700409?hl=en&topic=2611283

Advertising cookies

Bkdc, bku(180 days)

Oracle

These advertising cookies record information about your website activity such as pages you visit so that we can provide you with targeted advertisements on external websites and analyze the effects of such advertisements.

(1) Oracle Marketing Cloud & Oracle Data Cloud Privacy Policy
https://www.oracle.com/legal/privacy/marketing-cloud-data-cloud-privacy-policy.html

(2) Interest Based Advertising Enabled by Oracle Data Cloud
https://www.oracle.com/legal/privacy/privacy-choices.html#iba

Advertising cookies

_zlcmid, _mkto_trk,_td,_td_global(2 years)

Treasure Data

These advertising cookies record information about your website activity, such as pages you visit, so that we can provide you with targeted advertisement on external websites and analyse the effects of such advertisements.

If users use the Skyscanner service on our website, these cookies are also used to collect the information what kind of flight users searched on Skyscanner. For more information about Skyscanner, please refer to the following link: https://www.skyscanner.com/

https://www.treasuredata.com/privacy/

Performance cookie

__cfduid (9 months),_ce.s, _ceir (5 years),Cean, first_snapshot_url (1 year),_gcl_au (3 months)

Crazy Egg

These cookies record information about your website activity such as the specific parts (e.g. the certain buttons you have clicked) on the specific page which the user clicked or viewed so that we can analyse the effectiveness of our website, and make further changes to enhance user satisfaction for visiting our website using the heat-map report provided by Crazy Egg.

(https://www.crazyegg.com/heatmap)

https://www.crazyegg.com/privacy

3. Your choices

Your consent

We use cookies listed in Section 2 only if you have given your consent to do so on our homepage. On your first visit to this website you will be presented with pop-up regarding cookies. Please read this cookie policy carefully for more details about the way we use cookies. While this pop-up will not usually appear on subsequent visits you make to our website, you may withdraw your cookie consent at any time by following the instructions in this cookies policy.

Please note that if we have collected information via our cookies from your device which may identify you ("personal data") we will process such information on the basis of your consent.

4. Your rights

You may have the following rights:

Information regarding your data processing: You have the right to obtain from us all the relevant information regarding our data processing activities which concern you.

Access to personal data: You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and when that is the case, to access the personal data and certain related information.

Rectification of personal data: You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay, and to complete any incomplete personal data.

Erasure of personal data: You may also have the right to obtain from us the erasure of personal data concerning you without undue delay, when certain legal conditions apply.

Restriction on processing of personal data: You may have the right to obtain from us the restriction of processing of personal data, when certain legal conditions apply.

Object to processing of personal data: You may have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, when certain legal conditions apply.

Data portability of personal data: You may have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to have that data transmitted to another controller without our hindrance, when certain conditions apply.

However, please note that the re-identification of you in relation to cookies is not always possible for us. In such case, we will require you to provide additional information to enable your identification in order to fulfil your request in order to enable you to exercise your rights as described above.

5. Contact details

For any questions or requests relating to this Cookie Policy, you can contact us by FAX　+81-75-213-3366.

Last modified: November 18, 2019