1. OMAKASE
  2. Privacy policy

Privacy Policy

GMO OMAKASE Inc. (hereinafter referred to as "the Company") hereby establishes this Privacy Policy (hereinafter referred to as "this Policy") concerning the handling of user information, including personal information about users, in the services provided by the Company (hereinafter referred to as "the Services").

Article 1 (User Information Collected and Methods of Collection)

In this Policy, "User Information" refers to information relating to the identification of users, behavioral history in communication services, and other information generated or accumulated in relation to users or users' devices such as smartphones and PCs, which the Company collects based on this Policy.

The User Information collected by the Company in the Services includes the following, depending on the method of collection:

(1) Information Provided by Users

The information provided by users to utilize the Services is as follows:

  • ・Name
  • ・Email address, password
  • ・Telephone number (country)
  • ・Date of birth, gender, language used, company affiliation, residential area
  • ・Credit card information
  • ・Other information entered by users in the input forms specified by the Company (name on receipts, allergy information, favorite foods, disliked foods, serving sizes, preferred alcoholic beverages, etc.)

(2) Information Provided from Other Services with User's Permission for Integration

If users permit integration with external services such as social networking services when utilizing the Services, the following information will be collected from such external services based on the consent given at the time of permission:

  • ・User IDs or other information used to identify the users on the external services
  • ・Other information that users have allowed to be disclosed to integrated services based on the privacy settings of the external services

(3) Information Collected by the Company When Users Utilize the Services

The Company may collect information regarding access status and usage patterns of the Services. This includes the following information:

  • ・Device information
  • ・Log information, behavioral history information
  • ・Cookies and anonymous IDs
  • ・Location information

Article 2 (Purposes of Use)

User Information will be used for providing the Services as set forth in Paragraph 2 of this Article, and may also be used for other purposes as set forth in Paragraph 3.

2. The specific purposes for using User Information related to providing the Services are as follows:

  • (1) For registration, identity verification, calculation of service fees, and other purposes related to the provision, maintenance, protection, and improvement of the Services
  • (2) For billing users for the service fees related to the Services
  • (3) For providing information, responding to inquiries, contacting users, and notifying users about the Services
  • (4) For responding to violations of the Company's terms, policies, etc. (hereinafter referred to as "Terms and Policies") related to the Services
  • (5) For providing services other than the Services (including those provided by partner companies)
  • (6) For allowing users to view and modify their registered information
  • (7) For notifying changes to the Terms and Policies related to the Services
  • (8) For purposes incidental to the above purposes

3. Purposes of use other than those stated in the preceding paragraph are as follows:

  • (1) For creating statistical data in a form that does not identify individuals, in relation to the Company's services
  • (2) For delivering or displaying advertisements by the Company or third parties
  • (3) For other marketing purposes

Article 3 (Safety Management Measures)

The Company will endeavor to maintain the accuracy and timeliness of User Information, and implement necessary and appropriate safety management measures to protect it from unauthorized access, alteration, leakage, loss, and damage. A dedicated information manager will be appointed to appropriately manage personal information-related activities.

Article 4 (Provision to Third Parties)

1. The Company will disclose User Information, excluding passwords and credit card information, to the stores where users wish to make reservations or use services, and users are requested to consent to this. If users do not consent, they will not be able to use the Services.

2. Except for the cases stated in the preceding paragraph, the Company will not provide personal information, which is part of User Information, to third parties without obtaining prior consent from users. However, this does not apply in the following cases:

  • (1) When the Company outsources the handling of personal information, in whole or in part, to the extent necessary to achieve the purposes of use
  • (2) When personal information is provided due to business succession resulting from a merger or other reasons
  • (3) When cooperation is necessary for a national agency, local government, or an entity entrusted by them to perform statutory duties, and obtaining consent from users may impede the performance of such duties
  • (4) When necessary to protect a person's life, body, or property, or when particularly necessary for the improvement of public health or the sound development of children, and obtaining consent from the person is difficult
  • (5) When the provision of personal information to third parties is included in the previously announced purposes of use, and the content, method, and the fact that the provision of personal information to third parties will be stopped upon request from users, are also announced
  • (6) When based on the Personal Information Protection Act or other laws and regulations

3. In the cases set forth in the preceding paragraph, particularly when providing personal information to third parties located in foreign countries, the Company will also provide users with information regarding the names of the foreign countries, the personal information protection systems in those countries, and the measures taken by the third-party recipients to protect personal information.

4. In addition to the preceding paragraphs, the Company may provide information about viewers and users (hereinafter collectively referred to as "Users, etc.") of the Services to third parties as specified below:

Tool Name Tool Provider Overview of Information Obtained Purpose of Use
Google Analytics Google Inc. Data on pages viewed by users (e.g., page URLs) Understanding usage status, considering service improvements
Brevo Sendinblue, Inc. Email open status of users (if possible depending on user's environment) Periodically distributing useful information from the Services to users
Mailbluster ThemeWagon, Inc Email open status of users (if possible depending on user's environment) Periodically distributing useful information from the Services to users

*1 Regarding Behavioral History Information and Access Logs
When Users, etc. access the Company's websites, the Company will obtain behavioral history information (accessed URLs, accessed content, viewing status (including non-transmission viewing status), etc.), attribute information (non-personally identifiable information such as age, gender, device information, etc.), and access logs (internet service provider name, domain name, IP address, browser type and version, operating system type, access date and time, etc.). The Company will use the obtained access logs for improving the functions and convenience of the Company's websites and providing services to Users, etc., but in such cases, individuals will not be identified.

*2 Regarding Cookies
The Company may use cookies on the Company's websites, etc. Cookies are text data in the form of unique character strings sent to the browsers of users who access the Company's websites, etc., through which the Company may obtain behavioral history information and attribute information of the Users, etc. who accessed the Company's websites, etc. Combining these data may potentially identify individuals, but the IDs are randomly issued to browsers and are not linked to personally identifiable information. The Company will use the information related to cookies and the information obtained through cookies for improving the functions and convenience of the Company's websites, etc., and providing services to Users, etc., but in such cases, individuals will not be identified. Cookies include session cookies that are automatically deleted when the website is closed, and persistent cookies that are stored for a specified period. They are also classified as first-party cookies or third-party cookies based on the attribute of the issuing domain. By changing the settings of the browser used, cookies can be disabled, and histories can be deleted. However, this may result in reduced convenience, such as requiring the input of ID and password each time a website is visited or limiting the use of services. For details on disabling or deleting cookies, please refer to the help or cookie settings of each browser.

Third-Party Provision

In the Services, the personal information obtained from customers will be provided to the following recipients. The Company will be responsible for managing the provided personal information, and inquiries should be directed to the Company's inquiry desk.

1. SaaS Email Marketing Automation Tool

  • (1) Name of Foreign Country
    French Republic
  • (2) Information on the Personal Information Protection System in the Foreign Country
    Information such as the PDF file regarding the country, which is posted on the following website of the Personal Information Protection Commission:
    https://www.ppc.go.jp/enforcement/infoprovision/laws/GDPR/
  • (3) Information on the Measures to Protect Personal Information Taken by the Third-Party Recipient
    Measures are in place to comply with all eight principles of the OECD Privacy Guidelines.

2. Email Marketing Software

  • (1) Name of Foreign Country
    United States of America
  • (2) Information on the Personal Information Protection System in the Foreign Country
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  • (3) Information on the Measures to Protect Personal Information Taken by the Third-Party Recipient
    Measures are in place to comply with all eight principles of the OECD Privacy Guidelines.

3. Payment Processing and Data Services Platform

  • (1) Name of Foreign Country
    United States of America
  • (2) Information on the Personal Information Protection System in the Foreign Country
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  • (3) Information on the Measures to Protect Personal Information Taken by the Third-Party Recipient
    Measures are in place to comply with all eight principles of the OECD Privacy Guidelines.

4. SaaS Provider for Customer Support and Management

  • (1) Name of Foreign Country
    United States of America
  • (2) Information on the Personal Information Protection System in the Foreign Country
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  • (3) Information on the Measures to Protect Personal Information Taken by the Third-Party Recipient
    Measures are in place to comply with all eight principles of the OECD Privacy Guidelines.

5. Mobile Push Notification and Messaging Service Provider

  • (1) Name of Foreign Country
    United States of America
  • (2) Information on the Personal Information Protection System in the Foreign Country
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  • (3) Information on the Measures to Protect Personal Information Taken by the Third-Party Recipient
    Measures are in place to comply with all eight principles of the OECD Privacy Guidelines.

Article 5 (Joint Use)

1. When jointly using personal information with specific parties, the Company will notify the users or make it easily accessible to them regarding the fact of joint use, the content of the personal information to be jointly used, the scope of users, the purposes of use by the users, and the name of the manager responsible for the personal information, before jointly using the users' personal information.

2. The Company will jointly use personal information with GMO Internet Group, Inc. and GMO Internet Group companies (referring to the affiliated companies and subsidiaries listed at https://www.gmo.jp/company-profile/groupinfo/, hereinafter the same) as follows:

  • (1) Scope of Joint Users
    GMO Internet Group, Inc. and GMO Internet Group companies
  • (2) Purposes of Use
    Within the scope of the "Purposes of Use of Personal Information" stipulated by GMO Internet Group, Inc. and GMO Internet Group companies, which will serve as the common purposes of use for all joint users.
  • (3) Personal Information Items to be Jointly Used
    Name, address, email address, telephone number, contact information, and other items necessary for the above purposes of use.
  • (4) Manager Responsible
    GMO Internet Group, Inc.
    (Representative: Masatoshi Kumagai, Group CEO)

Article 6 (Requests for Disclosure of Personal Information)

1. If the Company receives a request from a user based on the provisions of the Personal Information Protection Act for notification of the purposes of use or disclosure of personal information and records of provision to third parties, the Company will notify or disclose the information to the user after confirming that the request is from the user themselves (or notify the user if the personal information does not exist). However, this does not apply in the cases specified below or when the Company is not obligated to do so under the Personal Information Protection Act or other laws and regulations.
Please note that a fee of 1,000 yen per request will be charged for notification or disclosure.

  • (1) When there is a risk of harming the life, body, property, or other interests of the user or a third party
  • (2) When there is a risk of causing significant interference with the Company's service provision operations

2. If the Company receives a request from a user (1) to correct the content of personal information based on the grounds that the personal information is not factual, or (2) to stop using personal information based on the grounds that it is being handled beyond the previously announced purposes of use or that it was collected through deception or other wrongful means, as stipulated in the Personal Information Protection Act, the Company will confirm that the request is from the user themselves, conduct necessary investigations, and based on the results, correct the personal information or stop its use, and notify the user accordingly.
However, if the Company decides not to make corrections or stop using the information based on reasonable grounds, the Company will notify the user of this decision.
The Company will not disclose the reasons for these decisions to users.

3. If a user requests the deletion of their personal information, and the Company determines that the request should be fulfilled, the Company will confirm that the request is from the user themselves, delete the personal information, and notify the user accordingly.

4. Regarding the provisions of the preceding two paragraphs, if implementing the measures would involve substantial costs or if it would otherwise be difficult to take such measures, and if there are alternative means available to protect the interests of users, the Company will implement such alternative means. However, the preceding two paragraphs do not apply if the Company is not obligated to fulfill the requests under the Personal Information Protection Act or other laws and regulations.

5. If users wish to make a request as described in the preceding four paragraphs, please follow the Company's prescribed procedures. For details on the procedures, please inquire with the Company.

Article 7 (Inquiry Desk)

For any opinions, questions, or inquiries regarding this Policy, please contact:
Inquiry Desk: GMO OMAKASE Inc.
Email Address: info@omakase-japan.zendesk.com

Article 8 (Anonymously Processed Information)

Anonymously processed information refers to information about an individual that has been processed in accordance with legal measures to prevent the identification of a specific individual, and from which the original personal information cannot be restored.

1. When Creating Anonymously Processed Information from User Information

  • (1) The Company will perform proper processing in accordance with the standards prescribed by law.
  • (2) The Company will implement safety management measures to prevent the leakage of information deleted during processing or information about the processing methods, in accordance with the standards prescribed by law.
  • (3) The Company will disclose the items of information included in the anonymously processed information created as follows:
    • ・Device information
    • ・Log information, behavioral history information
    • ・Cookies and anonymous IDs
    • ・Location information
  • (4) The Company will not collate the anonymously processed information with other information to identify the individuals from whom the original personal information was obtained.

2. When Providing Anonymously Processed Information to Third Parties

  • (1) The Company will disclose in advance the items of personal information included in the anonymously processed information to be provided and the method of provision.
  • (2) The Company will clarify to the third-party recipients that the information being provided is anonymously processed information.

Article 9 (Pseudonymously Processed Information)

Pseudonymously processed information refers to information about an individual that has been processed in accordance with legal measures to prevent the identification of a specific individual unless collated with other information.

1. When Creating Pseudonymously Processed Information from User Information

  • (1) The Company will create pseudonymously processed information by performing proper processing in accordance with the standards prescribed by law.
  • (2) The Company will implement safety management measures to prevent the leakage of information deleted during the processing and information about the processing methods (hereinafter collectively referred to as "Deleted Information, etc."), in accordance with the standards prescribed by law.

2. When Obtaining Pseudonymously Processed Information and Deleted Information, etc.

  • (1) The Company will implement safety management measures to prevent the leakage of Deleted Information, etc., in accordance with the standards prescribed by law.
  • (2) If the Company obtains pseudonymously processed information, which constitutes personal information, the Company will promptly disclose its purposes of use, except in cases where such purposes have been previously announced as set forth in Article 2.

3. When Handling Pseudonymously Processed Information as a Database

  • (1) The Company will implement necessary and appropriate safety management measures to protect against unauthorized access, alteration, leakage, loss, and damage.
  • (2) The Company will not collate pseudonymously processed information with other information to identify the individuals from whom the original personal information was obtained.
  • (3) The Company will not use the contact information or other information included in the pseudonymously processed information to call, send mail or telegrams, transmit by facsimile or electromagnetic means, or visit the residences of the individuals.

Article 10 (Personal Related Information)

Personal related information refers to information about living individuals that does not fall under the categories of personal information, pseudonymously processed information, or anonymously processed information.

1. When Obtaining Personal Related Information Provided by Third Parties as Personal Data by Collating with User Information

Personal related information provided by third parties may become personal data that identifies individuals when collated with user information, and users are requested to consent to this. If users do not consent, they will not be able to use the Services.

The items of personal related information subject to this:
As stated in Article 1, Paragraph 3.
Purposes of use after obtaining:
In accordance with the purposes of use disclosed in Article 2.

Article 11 (Changes to the Privacy Policy)

The content of this Policy may be changed without prior notice to application users. The revised Privacy Policy will take effect when posted on this website. Please note that obtaining new consent is not required solely due to changes in the Privacy Policy.