2. GDPR プライバシーポリシー

GDPR Privacy Policy

What is the purpose of this document?

GMO OMAKASE Inc (the Company) respects your privacy and is committed to protecting your personal data. This Privacy Notice informs you about how we use and look after your personal data, including any data you may provide through this website, or when you request information about other services from the Company or otherwise communicate with us, when we provide our services to you as a consumer or As a representative of suppliers registered with us (hereinafter, including restaurants and hotels registered with us, as well as individuals who provide their own services through this service with our permission. The same shall apply hereinafter) or otherwise, and when information and personal data is provided to us relating to our business. This Notice also informs you about your privacy rights and how the law which applies in the United Kingdom protects you.

Who we are

GMO OMAKASE Inc (referred to in this document as “the Company”, “we” or “us”) is a "controller" in relation to personal data when we “process” your personal data, for example when we collect, use, share or store it. The Company is the controller of your personal data because it is responsible for deciding how it uses personal information about you, and for what purpose.
“Personal data” or “personal information” in this document means any information which relates to you where you are identified or identifiable. “Personal data” and “personal information” includes information about individuals who work for companies (such as restaurants) but does not include information about the company (or such as restaurants) itself.
The contact details of each of these companies is included at the end of this Privacy Notice.
As a global company, we operate in a number of territories where the laws differ. This Privacy Notice provides a general overview of our privacy practices and refers to specific rights and obligations in respect of individuals who are in the UK or the European Economic Area and who have the benefit of the UK GDPR and the EU GDPR.
If you are in Japan you should refer to the Privacy Policy which applies to you and which can be found at https://omakase.in/ja/privacy_policy.

Data protection principles

We will comply with data protection law and principles, which means that your data will be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

How we collect your personal data

We may obtain information from you directly. For example you may provide us with your information, by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you enquire about our services whether as a user of our reservation service or as a suppliers registered (or wishing to register) with us, or otherwise. Information you send to us may be stored and processed by the Company. This will include any emails or other electronic messages and any documents, photos or other files stored on or processed through our systems or devices. Please be aware that by entering information onto these systems you are sharing that information with the Company.
We may collect information throughout our relationship with you. This may include information about location, employees, projects, working hours and other relevant information.
If you do not provide personal data that we request, it may mean that we are unable to provide you with the services and/or perform all of our obligations under our agreement with you.
We will also hold information we collect about you from other sources. This could include:

  • the way you are using our services or websites;
  • your interactions with us, for example through our website, platform, social media or other channels;
  • publicly available information about you which is available online or otherwise.

We also collect personal data automatically when you use our website, and when you navigate through the website. Data collected automatically may include:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number. usage details, geo-location data, IP addresses and other data collected through cookies and other tracking technologies.
  • For more information on our use of these technologies, see our Cookie Notice

    The kinds of information we collect

    The information collected will include the following:

    • Identification information - name, title.
    • Contact details - mobile telephone number (including country code), email address.
    • Date of birth, gender, language, place of work, and residential area, address
    • Credit card information
    • Other information entered by you or others on the input form we provide (name of addressee to be written on the receipt, allergy information, food which the user likes or dislikes, how much the user usually eats, favourite alcoholic beverage, interests etc.)
    • Other data which we may notify you of from time to time.

    How we will use information about you

    We are committed to being transparent and fair in our dealings with you, therefore we only collect and hold your information where the law allows. Most commonly, we will use your personal data in the following circumstances:

    • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
    • Legitimate Interest means the interest of our business in conducting and managing our business effectively and efficiently. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
    • Where we need to comply with a legal obligation.
    • Where we need to perform the contract we are about to enter into or have entered into with you or where we need to take steps at your request before entering into such a contract.

    We process your personal data for the following reasons:

    1. Based on our legitimate interest to:

    • inform you of our services through email or SMS text message;
    • send you information on promotional content;
    • remember you when you visit our website and see how you journey through it by using cookies;
    • respond to enquiries and comments about our service and notify you of changes in the terms applying to our services;
    • supply, improve and support the services we provide;
    • keep our website, and systems safe and secure;
    • understand our customer base and trends;
    • defend against or exercise legal claims and investigate complaints; and
    • understand the effectiveness of our marketing.

    2. Based on performance of our contract with you, or in order to take steps at your request to enter into a contract with you, for example:

    • For the purpose of providing our service, such as accepting restaurant registrations, identifying customers, and calculating usage fees relating to the service;
    • If you are a consumer, to make you a table reservation;
    • To enable you to modify and browse your registered information; or
    • To charge for the use of our services.

    3. Pursuant to our legal obligations:

    • data protection;
    • health and safety;
    • anti-money laundering;
    • fraud investigations;
    • assisting law enforcement;
    • and any other legal obligations placed on us from time to time.

    4. We may also process data on the basis of your consent

    • We may obtain consent to collect and use certain types of personal data when we are required to do so by law (for example, sometimes when we process special categories of personal data (such as health information) or when we place cookies or similar technologies on devices or browsers). If we ask for your consent to process your personal data, you may withdraw your consent at any time by following the unsubscribe instructions in our communications with you or by contacting us using the details set out in the Contact Us section at the beginning of this Privacy Notice or, if in relation to cookies or similar, via the cookie policy on https://omakase.in/cookie-policy.
    • Where we rely on your consent for processing this will be brought to your attention when the information is collected from you.

    We may inform you of additional purposes for processing your information when that information is collected from you.

    Special categories of data

    If we collect special categories of personal data, such as data related to your health for the purposes of accessibility or food allergies, we would do so on the basis that it was with explicit consent or necessary for reasons of substantial public interest, or to establish, exercise or defend any legal claims. In any case, we carry out the processing in accordance with applicable laws.

    Automated decision-making

    You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

    Why might you share my personal information with third parties?

    For the purposes set out in the ‘How we will use information about you?’ section above, we may share your personal information with:

    • Seivice that you as a consumer wish to book or use. We cannot provide you with our service without disclosing this information. We do not disclose passwords and credit card information to the suppliers.
    • Our third party service providers. These may include for example:
      • those companies we engage to host and maintain the website and our IT systems
      • providers of customer support and administration services
      • analytics and search engine service providers that assist us in the improvement and optimisation of our website
      • payment processing and data services platforms
      • providers of push notification and messaging services
      • legal and other professional advisers
      • those who assist us with or partner with us in marketing campaigns, such as the providers of email marketing tools and platforms
    • If you are a supplier, the contact details of the manager of the supplier may be supplied to customers in relation to their customer service enquiries where necessary.
    • Other companies in the GMO Internet Group Co., Ltd group of companies from time to time (https://www.gmo.jp/company-profile/groupinfo/) for the purpose of promoting and improving activities such as service development and service guidance and enabling communication with customers and other data subjects. We have a written group policy defining the scope of responsibilities relating to the processing of any shared personal data which we jointly process, as well as the contact details of the person in the relevant group companies to contact with enquiries about such processing. Categories of personal data which may be shared in this way include name, email address and other items necessary for the purpose of the sharing with the group company.

    Additionally, we will disclose your personal information to the relevant third party:

    • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
    • To third parties when it is necessary for the establishment, exercise or defence of legal claims.
    • If we are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
    • If we choose to exercise a legal power to do so.
    • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply contractual terms or other agreements; or to protect the rights, property, or safety of ourselves our customers, our regulator, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and prevention of money laundering and credit risk reduction.

    All our third-party service providers and other entities in the GMO Internet group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

    Data security

    We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
    We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

    International Transfers

    If you live in the UK or the European Economic Area (EEA) , the personal data relating to you that we collect may be transferred to, and stored at, locations outside those territories. It may also be processed by staff operating outside the UK or EEA who work for us or for one of our service providers. For example your information may be transferred to GMO Internet group companies in Japan.
    As described in this Privacy Notice, we may also share personal data relating to you with third parties who are located overseas, for business purposes and operational, support and continuity purposes, for example, when we use IT service providers or data storage services. For example some of our third party service providers are located in the USA.
    Countries where personal data relating to you may be stored and/or processed, or where recipients of personal data relating to you may be located, may have data protection laws which differ to the data protection laws in your country of residence. By submitting your personal data, you accept that personal data relating to you may be transferred, stored or processed in this way. We take measures to ensure that any international transfer of information is managed carefully and in accordance with data protection law to protect your rights and interests and in accordance with this Notice.

    These measures include:

    • Transfers of your personal data to countries which are recognised as providing an adequate level of legal protection for personal data (including Japan);
    • We have obtained the consent of data subjects to the international transfer of their personal data;
    • Transfers to organisations where we are satisfied about their data privacy and security standards and protected by contractual commitments such as signing the International Data Transfer Agreement or Standard Contractual Clauses and, where available, further assurances such as certification schemes; and
    • If transferred to the United States of America, the transfer is to organisations that have certified themselves for the purposes of the UK-US Data Bridge.

    You have the right to ask us for more information about our safeguards.

    Third party links

    Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

    How long will you use my information for?

    We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
    To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

    Your rights in connection with personal information

    Under certain circumstances and depending where you are located, by law you have the right to:

    • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you, the basis on which we hold it and how we use and share it. This enables you to check that we are lawfully processing it.
    • Request correction of the personal information that we hold about you. This enables you to have any incomplete, out of date, misleading or inaccurate information we hold about you corrected.
    • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
    • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
    • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
    • Request the transfer to another party of personal information you have provided to us.
      If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Cerulean Tower, 26-1 Sakuragaoka-cho, Shibuya-ku, Tokyo in writing.
    • Withdraw consent to the processing of your information
      If we ask for your consent to process your personal data, you may withdraw your consent at any time by following the unsubscribe instructions in our communications with you or by contacting us using the details set out in the Contact Us section below.

    You have the right to make an official complaint about the way we handle your information. In the first instance, please contact Cerulean Tower, 26-1 Sakuragaoka-cho, Shibuya-ku, Tokyo. If you do not feel that your complaint has been suitably addressed, you can contact your local data protection regulator.
    Within the UK, this is the Information Commissioner’s Office (ICO). You can get in touch with the ICO by going to their website: www.ico.co.uk, by calling them on 0303 123 1113 or by writing to them. Their address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF.

    Contact Us

    Cerulean Tower, 26-1 Sakuragaoka-cho, Shibuya-ku Tokyo, 150-8512 Japan
    Company Number 0109-01-039866 etc

    UK GDPR Representative:
    Shakespeare Martineau LLP,
    60 Gracechurch Street, London EC3V 0HR, England.

    EU GDPR Representative:
    Congreslaan 27 B-9000 Ghent BELGIUM

    This Privacy Notice will be reviewed periodically and updated as required. Please check back to it regularly for any updates which may affect you.

    Last updated: April 1st,2024