Last Updated on March 11, 2021
Who is the Data Controller for customers' personal data?
We (hereinafter referred to as the "Company") collect personal data from our recipe site. The protection of personal data is very important to us in ensuring safe and convenient use through our websites. We handle personal data in compliance with the following regulations.
When the Company Collects Personal data
The Company collects personal data from its customers with their consent, when it is required by law, to the extent necessary to accomplish the purposes of use of the Company.
When the Company Uses Personal data
The Company uses personal data collected from its customers only for the purposes of use prescribed by the Company.
How the Company Saves and Stores Personal data
The Company saves and stores personal data, taking security of the system into account in order to prevent leakage of the information collected from its customers.
Deletion and Erasure of Personal data
Response to Inquiries from Customers
The Company accommodates requests from its customers for notification of the purposes of use, disclosure, correction, addition, removal, cessation of use, erasure, suspension of provision to third parties of Retained Personal Data and prohibition of discrimination in compliance with applicable laws.
Safety Control Measures etc.
The Company will educate all staff engaged in VELTRA service operations about the importance of protecting personal data, and will take necessary and appropriate measures to ensure the safety control of personal data.
- Personal data the Company Collects and the Purposes of Use
- Provision of Personal Data to Third Parties
- When the company entrusts third parties with handling Personal Data to the extent necessary to accomplish the above-mentioned purposes.
- When the Company is required to do so by laws and regulations.
- When it is necessary for the protection of the life, body or property of a person, and it is difficult to obtain the consent of the customer.
- When it is especially necessary for improving public health or promoting the sound growth of children, and it is difficult to obtain the consent of the customer.
- When the data is needed by the national or local government in executing the affair prescribed by laws and regulations, and obtaining consent from the customers likely to impede the execution of such affairs.
- Entrustment of Handling of Personal Data
- Security Control Measures for Personal Data
- What are the customers' data protection rights and how can customers exercise them ?
- Right of access
- Right of rectification
- Right to erasure/right to be forgotten and right to restriction
- Right to data portability
- Right to withdraw your consent
- Right to object, at any time
- Right to access to Personal Data
- Right of deletion of Personal Data
- Right not to be discriminated
- Right to opt-out of the sale of Personal Data
- International transfer of customers data
- Request for Disclosure, Correction, and Suspension of Use etc.
- External Links
The provision of the above personal data, where requested, is necessary for the adequate performance of the contract between its customers and the Company and to allow the Company to comply with the Company's legal obligations. Without it, the Company may not be able to provide customers with all the requested services.
We collect certain information automatically and keep it in a log file. The certain information includes IP (Internet Protocol) address, kind of browser, ISP(Internet Service Provider), web pages that are seen or closed, operating system and time stamp. We use the information in order to detect unauthorized access to its websites. We also conduct trend analysis of its customers to manage its websites and track user behavior. However, we use the information while making it impossible to identify an individual, and never use obtained information for the purposes other than as described above.
The types of cookies we collect are below.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
On the legal basis of where customers give their consent
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
On the legal basis of where customers give their consent
If CCPA applies, Personal Data collected, disclosed or shared during the last 12-month period for business purposes are, from the categories set forth above as follows:
|Category of Personal Data||Collected from||Purpose of collection||Provided to|
|Performance cookies||customers(visitors)||User behavior analysis||Google Analytics|
|Targeting cookies||customers(visitors)||Advertising||Google Adsense|
When the company entrusts third parties with handling of personal data of its customers within the extent required for the achievement of the purposes of use of the Company according to the provisions in the preceding paragraph, the company will take necessary and appropriate measures regarding supervision of the entrustees. When the entrustee re-entrusts its operations to another party, the Company will, directly or indirectly, supervise whether the entrustee takes necessary and appropriate measures to supervise the party. The same will be applied to further entrustment.
The Company takes systematic, technical and physical security control measures to prevent leakage, plagiarism, misuse, unauthorized access, falsification or destruction of Personal Data. The Company also limits access to the server in which it stores Personal Data only to specific employees who have ID and password, and especially for certain Personal Data, the Company minimizes the number of employees who have access rights to manage it. Additionally, the Company distributes the Personal Data which contains credit card information in several data centers, and keeps in secure environments. Furthermore, the Company introduces Secure Sockets Layer（SSL）into all its webpages related to transactions. Using SSL-capable browsers enables the maintenance of confidentiality of Personal Data and credit card information transmitted online. The employees who handle customer Personal Data use monitors with a password-secure screen saver function when they do not use the devices. The Company conducts education and training about the importance of protecting personal data every 6 months on a company-wide basis, but once a month in some departments, and does the minutes of such education.
5.1 Under the General Regulation (EU) 2016/679, of 27 April 2016, on Data Protection (GDPR), the following rights are recognized in relation to the processing of customer personal data:
5.2 Under the CCPA, the following rights are recognized in relation to the processing of customer personal data:
If CCPA applies, individuals (including any of your employees to whom CCPA applies; the same applies hereinafter) who are "consumers" under CCPA have the following rights. "Consumers" are able to exercise these rights by contacting the Company set forth in 10. below.
Customers' personal data are processed in at the Data Controller's registered office and at the offices of other entities to which data may be provided in order to provide the services requested of the Data Controller.
Given the fact that the Company is an international travel agency, the Company also transfers customers' personal data to:
The Company accommodates requests from its customers for notification of the purposes of use, disclosure, correction, addition and removal, cessation of use or erasure, suspension of provision to third parties of Personal Data and prohibition of undiscrimination (hereinafter referred as to "Disclosure etc.") through the contact center written in 10 below.
Data Protection Officer (DPO) at firstname.lastname@example.org.