Taste of Japan in Your Kitchen
Taste of Japan in Your Kitchen

Privacy policy

Last Updated on March 11, 2021

Who is the Data Controller for customers' personal data?

VELTRA Corporation, registered address at Yaesu Takaracho Bldg. 5F, 1-18-1 Kyobashi, Chuo, Tokyo 104-0031 Japan.

We (hereinafter referred to as the "Company") collect personal data from our recipe site. The protection of personal data is very important to us in ensuring safe and convenient use through our websites. We handle personal data in compliance with the following regulations.

When the Company Collects Personal data

The Company collects personal data from its customers with their consent, when it is required by law, to the extent necessary to accomplish the purposes of use of the Company.

When the Company Uses Personal data

The Company uses personal data collected from its customers only for the purposes of use prescribed by the Company.

How the Company Saves and Stores Personal data

The Company saves and stores personal data, taking security of the system into account in order to prevent leakage of the information collected from its customers.

Deletion and Erasure of Personal data

The Company retains customers' personal data for as long as is required to achieve the purposes and to fulfill the activities as set out in this Privacy Policy, otherwise communicated to the customers or for as long as is permitted by applicable law. The Company deletes or erases personal data that is no longer needed for the purposes and will fulfill the activities as set out in this Privacy Policy without any delay after the reasonable period of time.

Response to Inquiries from Customers

The Company accommodates requests from its customers for notification of the purposes of use, disclosure, correction, addition, removal, cessation of use, erasure, suspension of provision to third parties of Retained Personal Data and prohibition of discrimination in compliance with applicable laws.

Safety Control Measures etc.

The Company will educate all staff engaged in VELTRA service operations about the importance of protecting personal data, and will take necessary and appropriate measures to ensure the safety control of personal data.

  1. Personal data the Company Collects and the Purposes of Use
  2. The Company collects personal data only logfile and cookies below and uses it. The Company will not collect Special-Care Required personal data without obtaining consent from its customers.

    In case where the purposes of use of personal data have not been published when the information is collected from customers, the Company will give notices of such purposes of use to the customers or make such purposes public. The Company will not collect personal data from children under 16 years old without obtaining consent from their parents and/or guardians. The Company assumes that the customers providing personal data of those who are under 16 years old bear consent from their parents and/or guardians. In case where the Company becomes aware of no such consent existing, the Company will use the personal data only for the purposes of contacting the parents and/or guardians or actions related to such purpose.

    The provision of the above personal data, where requested, is necessary for the adequate performance of the contract between its customers and the Company and to allow the Company to comply with the Company's legal obligations. Without it, the Company may not be able to provide customers with all the requested services.


    We collect certain information automatically and keep it in a log file. The certain information includes IP (Internet Protocol) address, kind of browser, ISP(Internet Service Provider), web pages that are seen or closed, operating system and time stamp. We use the information in order to detect unauthorized access to its websites. We also conduct trend analysis of its customers to manage its websites and track user behavior. However, we use the information while making it impossible to identify an individual, and never use obtained information for the purposes other than as described above.


    Cookies are data stored in the user's hard disk which includes information about the customers (users). We shall not use Cookies to identify an individual. We use Cookies for purposes such as improving its services, measuring the effects of customization and advertisements of its websites. Additionally, we identify items of higher interest degree of customers by performing statistical processing on Cookies and make good use of the results. Also, we apply it in the prevention of unauthorized access to its websites. Cookies can be invalid upon the customer's request, but the customer will no longer be able to use the Services.

    The types of cookies we collect are below.

    Performance cookies

    These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

    On the legal basis of where customers give their consent

    Targeting cookies

    These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

    On the legal basis of where customers give their consent

    If CCPA applies, Personal Data collected, disclosed or shared during the last 12-month period for business purposes are, from the categories set forth above as follows:

    With regard to the above categories of Personal Data, party from which Personal Data is collected, commercial purpose of collection, and scope within which Personal Data is provided or shared are as follows:

    Category of Personal Data Collected from Purpose of collection Provided to
    Performance cookies customers(visitors) User behavior analysis Google Analytics
    Targeting cookies customers(visitors) Advertising Google Adsense

    If CCPA applies, and Personal Data classified under a category other than those enumerated in this Privacy Policy is to be used, or Personal Data classified under a category enumerated in this Privacy Policy is to be used for purposes other than those set forth herein, the Company will first take the steps, if any, required under this Privacy Policy, and use Personal Data after changing or updating this Privacy Policy to comply with such use.

  3. Provision of Personal Data to Third Parties
    1. The Company will not provide Personal Data to third parties except for the following situations. When customers give prior consent to the Company for the provision of personal data to third parties (including social media service providers and advertisement delivery service companies conducting their business in foreign countries) by means of agreeing with this privacy policy or others.
    2. When the company entrusts third parties with handling Personal Data to the extent necessary to accomplish the above-mentioned purposes.
    3. When the Company is required to do so by laws and regulations.
    4. When it is necessary for the protection of the life, body or property of a person, and it is difficult to obtain the consent of the customer.
    5. When it is especially necessary for improving public health or promoting the sound growth of children, and it is difficult to obtain the consent of the customer.
    6. When the data is needed by the national or local government in executing the affair prescribed by laws and regulations, and obtaining consent from the customers likely to impede the execution of such affairs.
  4. Entrustment of Handling of Personal Data
  5. When the company entrusts third parties with handling of personal data of its customers within the extent required for the achievement of the purposes of use of the Company according to the provisions in the preceding paragraph, the company will take necessary and appropriate measures regarding supervision of the entrustees. When the entrustee re-entrusts its operations to another party, the Company will, directly or indirectly, supervise whether the entrustee takes necessary and appropriate measures to supervise the party. The same will be applied to further entrustment.

  6. Security Control Measures for Personal Data
  7. The Company takes systematic, technical and physical security control measures to prevent leakage, plagiarism, misuse, unauthorized access, falsification or destruction of Personal Data. The Company also limits access to the server in which it stores Personal Data only to specific employees who have ID and password, and especially for certain Personal Data, the Company minimizes the number of employees who have access rights to manage it. Additionally, the Company distributes the Personal Data which contains credit card information in several data centers, and keeps in secure environments. Furthermore, the Company introduces Secure Sockets Layer(SSL)into all its webpages related to transactions. Using SSL-capable browsers enables the maintenance of confidentiality of Personal Data and credit card information transmitted online. The employees who handle customer Personal Data use monitors with a password-secure screen saver function when they do not use the devices. The Company conducts education and training about the importance of protecting personal data every 6 months on a company-wide basis, but once a month in some departments, and does the minutes of such education.

  8. What are the customers' data protection rights and how can customers exercise them ?
  9. 5.1 Under the General Regulation (EU) 2016/679, of 27 April 2016, on Data Protection (GDPR), the following rights are recognized in relation to the processing of customer personal data:

    1. Right of access
    2. To receive confirmation of the existence of customer personal data, access its content and obtain a copy.

    3. Right of rectification
    4. To update, rectify and/or correct customer personal data.

    5. Right to erasure/right to be forgotten and right to restriction
    6. To request the erasure of customer data or the restriction of customer data which has been processed in violation of the law, including cases when the storage of which is unnecessary in relation to the purposes for which the data was collected or otherwise processed; where the Company has made customers' personal data public, customers also have the right to request the erasure of customers' personal data and to take reasonable steps, including technical measures, to inform other data controllers which are processing the personal data that customers have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

    7. Right to data portability
    8. To receive a copy of customer personal data provided to the Company for a contract or with customers' consent in a structured, commonly used and machine-readable format (e.g. data relating to customers' purchases) and to ask the Company to transfer that personal data to another data controller.

    9. Right to withdraw your consent
    10. Wherever the Company relies on customers' consent, customers will always be able to withdraw that consent, although the Company may have other legal grounds for processing personal data for other purposes.

    11. Right to object, at any time
    12. Customers have the right to object to the processing of personal data at any time in some circumstances (in particular, where the Company doesn't have to process the data to meet a contractual or other legal requirement, or where the Company is using personal data for direct marketing).

      Customer rights in relation to your personal data might be limited in some situations. For example, if fulfilling the customer's request would reveal personal data about another person or if the Company has a legal requirement or a compelling legitimate ground, the Company may continue to process customers' personal data which customers have asked the Company to delete.

      Customers may also have the right to make a complaint if the customers feel their personal data have been mishandled. The Company encourages customers to make a complaint to the Company in the first instance but, to the extent that this right applies to customers, customers are entitled to complain directly to the relevant Data Protection Supervisory Authority.

    5.2 Under the CCPA, the following rights are recognized in relation to the processing of customer personal data:

    If CCPA applies, individuals (including any of your employees to whom CCPA applies; the same applies hereinafter) who are "consumers" under CCPA have the following rights. "Consumers" are able to exercise these rights by contacting the Company set forth in 10. below.

    1. Right to access to Personal Data
    2. You have the right to access your Personal Data up to twice in a 12-month period. The Company will provide you with the information, free of charge, in a readily useable and portable format within 45 days of receiving your request.

    3. Right of deletion of Personal Data
    4. Unless any of the exceptions permitted under CCPA apply, if you are a "consumer" under CCPA, you have the right to request deletion of your Personal Data that was collected from you. In such case, if the Company provided such Personal Data to a service provider, we will instruct that service provider to make such deletion.

    5. Right not to be discriminated
    6. You have the right not to be discriminated against because you exercised any of your rights under CCPA.

    7. Right to opt-out of the sale of Personal Data
    8. This is a right to direct the Company to stop selling Personal Data, or not to sell Personal Data in the future. The Company has not sold, and will not sell, Personal Data of a "consumer" to a third party.

      If a "consumer" under CCPA requests disclosure of his/her Personal Data pursuant to 1 or 2 above, the Company will respond to such request within the period required under CCPA after verification that the request is being made by the customer himself/herself in a manner set forth below. In any of the following cases, the Company may request submission of information that is only possessed by the "consumer" himself/herself.

      If a "consumer" is requesting disclosure of the categories of Personal Data that the Company has collected, verification will take the form of the Company asking two or more questions on Personal Data of the "consumer" that the Company considers appropriate for verification purpose, and receiving correct answers to these questions.

      If a "consumer" is requesting disclosure of a specific Personal Data, verification will take the form of the Company asking three or more questions on Personal Data of the "consumer" that the Company considers appropriate for verification purpose, and receiving correct answers to these questions, and having the requestor sign and submit a signed declaration under penalty of perjury that the requestor is the "consumer" whose Personal Data is the subject to the disclosure request.

      If, on the other hand, a "consumer" under CCPA requests deletion of his/her Personal Data pursuant to the above, the Company respond to the request within the period required by CCPA upon verifying the request by a method that the Company considers appropriate according to the category of Personal Data being deleted. In such case, the Company may request the "consumer" to provide information that only the "consumer" possesses.

      Request by agent
      A consumer under CCPA may exercise the right set forth in 5.2 through an authorized agent. In such case, such consumers shall submit to the Company a power of attorney signed by itself. In addition, the Company will ask the authorized agent for identification verification in the same manner as set forth above.

  10. International transfer of customers data
  11. Customers' personal data are processed in at the Data Controller's registered office and at the offices of other entities to which data may be provided in order to provide the services requested of the Data Controller.

    Given the fact that the Company is an international travel agency, the Company also transfers customers' personal data to:

    non-European Economic Area (EEA) countries offering an adequate level of data protection in accordance with the "Adequacy decisions" of the EU Commission that recognizes some countries as providing adequate protection;

    non-European Economic Area countries where data protection laws may be less protective than the legislation in the EEA. This happens when:

    The Company discloses customer data to involved companies such as operational tour organizers, travel agencies, transportation facilities, price settlement substituting traders, insurance companies etc. that might process your data outside the EEA in order to provide you with the requested services. We disclose customers' data to social media service providers, advertisement delivery service companies that might be located in a country outside the EEA. When such a transfer happens, the Company ensures that it takes place in accordance with this privacy policy and is regulated by standard contractual clauses approved by the European Commission as ensuring adequate protection for data subjects.

  12. Request for Disclosure, Correction, and Suspension of Use etc.
  13. The Company accommodates requests from its customers for notification of the purposes of use, disclosure, correction, addition and removal, cessation of use or erasure, suspension of provision to third parties of Personal Data and prohibition of undiscrimination (hereinafter referred as to "Disclosure etc.") through the contact center written in 10 below.

  14. External Links
  15. The Umami Recipe website contains external links. This privacy policy only applies to information connected through the Umami Recipe website. The Company does not take any responsibility for privacy policies or contents of privacy policies of other websites. The Company kindly asks its customers to read the privacy policies of each website represented by the links, and confirm how personal data of customers will be handled.

  16. Changing of Privacy Policy
  17. The Company uploads its privacy policy on the Umami Recipe website, and always makes it known to its customers which personal data the Company collects for which purposes and how it is used. The Company also announces any changes made in its privacy policy to its customers by publishing it on the Umami Recipe website. If CCPA applies, this privacy policy will be updated at least once every 12 months.

  18. Contacts
  19. If you have any questions about the Company's privacy policy, its efforts to protect personal data, collection and use of personal data of customers or any request for Disclosure etc., please contact us using the inquiry form below. Please note that depending on the inquiry, comment, or complaint, it may take some time for us to provide a response.

    VELTRA Corporation
    9th floor, Sumitomo Corporation Mitoshiro Building, 1 Kanda Mitoshiro-cho, Chiyoda-ku, Tokyo 101-0053 Japan

    Inquiry Form

    Data Protection Officer (DPO) at dpo@veltra.com.