PRIVACY POLICY
The Tokyo Convention & Visitors Bureau (TCVB) states and enforces the following articles on the handling of information that can be used to identify an individual, such as names, e-mail addresses, and telephone numbers (referred to as "personal data" hereafter).
1. Basic Policy
TCVB recognizes the importance of protecting personal data and is committed to safeguarding users’ privacy. In accordance with Japan’s Act on the Protection of Personal Information and related laws, regulations, and guidelines, TCVB appropriately manages and uses personal data and takes all reasonable measures to ensure its protection.
2. Scope of Application
This policy applies solely to this website and does not apply to other websites linked from this site. The handling of personal data on linked websites is the responsibility of each respective organization.
3. Personal Data Collected and Methods of Collection
When users access or use this service, TCVB may collect the following personal data, as voluntarily provided by users:
- Name
- Company/Organization
- User agent information
- Referrer data
- Account-related information
- IP address
- Cookies
- Other information specified by TCVB on this website
4. Purpose of Use
TCVB uses the collected personal data for the following purpose:
- To respond to the demands and inquiries made by users.
5. Collection of Personal Data
Personal data is collected only when voluntarily provided by users. The purpose of collection is clearly stated in advance, and information is collected only within the scope necessary to achieve that purpose.
6. Outsourcing
TCVB may outsource the handling of users' personal data to third parties in order to fulfill the purposes of use set out in Section 4 of this Policy. In such cases, TCVB will carefully select appropriate contractors, enter into agreements with them regarding the protection of personal data, and provide necessary and appropriate oversight of such contractors.
7. Security Control Measures
Regarding personal data that TCVB has collected or intends to collect, the following measures are implemented to prevent leakage, loss, or damage, and to ensure the appropriate management of personal data.
(Establishment of Basic Policy)
- A Privacy Policy has been established to ensure the proper handling of personal data and to provide a point of contact for questions and complaints.
(Development of Rules for Handling Personal Data)
- Personal data handling procedures have been established for each stage — including collection, use, storage, provision, deletion, and disposal — covering handling methods, persons responsible, staff in charge, and their respective duties.
(Organizational Security Control Measures)
- A person responsible for the handling of personal data has been designated.
- Staff members who handle personal data and the scope of personal data they handle have been clearly defined.
- A reporting system to the Personal Information Protection Manager has been established for cases where violations of laws or internal regulations, or signs thereof, are identified.
- Regular self-inspections of personal data handling practices are conducted, along with audits by other departments and external parties.
(Human Security Control Measures)
- Regular training is provided to staff on key considerations regarding the handling of personal data.
- Confidentiality obligations regarding personal data are set out in the employee regulations.
(Physical Security Control Measures)
- In areas where personal data is handled, access control for staff entry and exit is enforced, restrictions are placed on devices brought into such areas, and measures are taken to prevent unauthorized persons from viewing personal data.
- Measures are implemented to prevent theft or loss of devices, electronic media, and documents used to handle personal data.
- When transporting devices or electronic media containing personal data, including within the office premises, measures are taken to ensure that personal data cannot be readily identified.
(Technical Security Control Measures)
- Response procedures for security incidents
- Provision of audit logs
- Vulnerability assessments conducted by third-party organizations
- Use of a private cloud via AWS VPC
- SSH access to servers is restricted through the use of a bastion server
- Server login activity is recorded using AWS Systems Manager (SSM)
- Database access is restricted to database administrators only
8. Disclosure, Correction, and Suspension of Use
When TCVB receives a request from an individual or their authorized representative for disclosure of retained personal data or records of third-party provision, TCVB will respond without delay, except in the following cases. In cases where disclosure is not made, or where the relevant retained personal data does not exist, TCVB will notify the requester accordingly.
- Where there is a risk of harm to the life, body, property, or other rights and interests of the individual or a third party
- Where there is a risk of significant interference with the proper execution of TCVB's operations
- Where disclosure would constitute a violation of laws or regulations
In addition, when TCVB receives a request from an individual or their authorized representative for correction, addition, or deletion of retained personal data, or for suspension of use, erasure, or suspension of third-party provision, TCVB will conduct an investigation and respond in accordance with applicable laws and regulations.
For inquiries regarding the documents to be submitted and the method of requesting disclosure, the method of verifying that the requester is the individual or their authorized representative, and applicable fees, please contact the following:
Tokyo Convention & Visitors Bureau General Affairs Division, General Affairs Section
15F Shinjuku Monolith, 2-3-1 Nishi-Shinjuku, Shinjuku-ku, Tokyo
tcvbinfo@tcvb.or.jp
9. Inquiries
For any opinions, questions, complaints, or other inquiries regarding our Privacy Policy or the handling of personal data, please contact us at the following:
Tokyo Convention & Visitors Bureau General Affairs Division, General Affairs Section
15F Shinjuku Monolith, 2-3-1 Nishi-Shinjuku, Shinjuku-ku, Tokyo
tcvbinfo@tcvb.or.jp
10. Revisions
TCVB reserves the right to revise this Policy at its own discretion. However, where the Act on the Protection of Personal Information or other applicable laws and regulations prescribe procedures required for revision, such revisions shall be made in accordance with those laws and regulations.
Established: May 23, 2018
Revised: March 26, 2026
1. Basic Policy
TCVB recognizes the importance of protecting personal data and is committed to safeguarding users’ privacy. In accordance with Japan’s Act on the Protection of Personal Information and related laws, regulations, and guidelines, TCVB appropriately manages and uses personal data and takes all reasonable measures to ensure its protection.
2. Scope of Application
This policy applies solely to this website and does not apply to other websites linked from this site. The handling of personal data on linked websites is the responsibility of each respective organization.
3. Personal Data Collected and Methods of Collection
When users access or use this service, TCVB may collect the following personal data, as voluntarily provided by users:
- Name
- Company/Organization
- User agent information
- Referrer data
- Account-related information
- IP address
- Cookies
- Other information specified by TCVB on this website
4. Purpose of Use
TCVB uses the collected personal data for the following purpose:
- To respond to the demands and inquiries made by users.
5. Collection of Personal Data
Personal data is collected only when voluntarily provided by users. The purpose of collection is clearly stated in advance, and information is collected only within the scope necessary to achieve that purpose.
6. Outsourcing
TCVB may outsource the handling of users' personal data to third parties in order to fulfill the purposes of use set out in Section 4 of this Policy. In such cases, TCVB will carefully select appropriate contractors, enter into agreements with them regarding the protection of personal data, and provide necessary and appropriate oversight of such contractors.
7. Security Control Measures
Regarding personal data that TCVB has collected or intends to collect, the following measures are implemented to prevent leakage, loss, or damage, and to ensure the appropriate management of personal data.
(Establishment of Basic Policy)
- A Privacy Policy has been established to ensure the proper handling of personal data and to provide a point of contact for questions and complaints.
(Development of Rules for Handling Personal Data)
- Personal data handling procedures have been established for each stage — including collection, use, storage, provision, deletion, and disposal — covering handling methods, persons responsible, staff in charge, and their respective duties.
(Organizational Security Control Measures)
- A person responsible for the handling of personal data has been designated.
- Staff members who handle personal data and the scope of personal data they handle have been clearly defined.
- A reporting system to the Personal Information Protection Manager has been established for cases where violations of laws or internal regulations, or signs thereof, are identified.
- Regular self-inspections of personal data handling practices are conducted, along with audits by other departments and external parties.
(Human Security Control Measures)
- Regular training is provided to staff on key considerations regarding the handling of personal data.
- Confidentiality obligations regarding personal data are set out in the employee regulations.
(Physical Security Control Measures)
- In areas where personal data is handled, access control for staff entry and exit is enforced, restrictions are placed on devices brought into such areas, and measures are taken to prevent unauthorized persons from viewing personal data.
- Measures are implemented to prevent theft or loss of devices, electronic media, and documents used to handle personal data.
- When transporting devices or electronic media containing personal data, including within the office premises, measures are taken to ensure that personal data cannot be readily identified.
(Technical Security Control Measures)
- Response procedures for security incidents
- Provision of audit logs
- Vulnerability assessments conducted by third-party organizations
- Use of a private cloud via AWS VPC
- SSH access to servers is restricted through the use of a bastion server
- Server login activity is recorded using AWS Systems Manager (SSM)
- Database access is restricted to database administrators only
8. Disclosure, Correction, and Suspension of Use
When TCVB receives a request from an individual or their authorized representative for disclosure of retained personal data or records of third-party provision, TCVB will respond without delay, except in the following cases. In cases where disclosure is not made, or where the relevant retained personal data does not exist, TCVB will notify the requester accordingly.
- Where there is a risk of harm to the life, body, property, or other rights and interests of the individual or a third party
- Where there is a risk of significant interference with the proper execution of TCVB's operations
- Where disclosure would constitute a violation of laws or regulations
In addition, when TCVB receives a request from an individual or their authorized representative for correction, addition, or deletion of retained personal data, or for suspension of use, erasure, or suspension of third-party provision, TCVB will conduct an investigation and respond in accordance with applicable laws and regulations.
For inquiries regarding the documents to be submitted and the method of requesting disclosure, the method of verifying that the requester is the individual or their authorized representative, and applicable fees, please contact the following:
Tokyo Convention & Visitors Bureau General Affairs Division, General Affairs Section
15F Shinjuku Monolith, 2-3-1 Nishi-Shinjuku, Shinjuku-ku, Tokyo
tcvbinfo@tcvb.or.jp
9. Inquiries
For any opinions, questions, complaints, or other inquiries regarding our Privacy Policy or the handling of personal data, please contact us at the following:
Tokyo Convention & Visitors Bureau General Affairs Division, General Affairs Section
15F Shinjuku Monolith, 2-3-1 Nishi-Shinjuku, Shinjuku-ku, Tokyo
tcvbinfo@tcvb.or.jp
10. Revisions
TCVB reserves the right to revise this Policy at its own discretion. However, where the Act on the Protection of Personal Information or other applicable laws and regulations prescribe procedures required for revision, such revisions shall be made in accordance with those laws and regulations.
Established: May 23, 2018
Revised: March 26, 2026