Privacy Policy

エスパシオエンタープライズ株式会社(以下「当社」といいます)は、お客様の満足を第一に、社会から信用と信頼を得られる事業活動をするうえで、企業としての社会的責任を深く自覚し、次のとおり「プライバシーポリシー(個人情報保護方針)」(以下「本方針」といいます)を定め、その確実な履行に努めてまいります。
なお、欧州経済領域(EEA)または米国カリフォルニア州在住のお客様は、「GDPR and CCPA/CPRA Privacy Policy」も併せてご確認ください。

1.法令の遵守と個人情報保護体制について

当社は、個人情報に関する関係法令、ガイドラインを遵守するとともに、個人情報保護に係る管理体制を確立し、継続的な改善に努めます。

2.個人情報の取得について

当社は、個人情報を適正な手段により取得します。また、個人情報の取得にあたり、ご本人に利用目的を通知または公表します。

3.個人情報の利用について

当社は、個人情報をご本人に通知または公表した目的の範囲内で取り扱います。また、違法または不当な行為を助長する等の不適正な方法により個人情報を利用しません。

4.個人情報の第三者への提供について

当社は、個人情報を法令に定める場合を除き、あらかじめご本人の同意を得ることなく第三者に提供しません。

5.個人情報の管理について

当社は、個人情報を正確かつ最新の内容に保つよう努めるとともに、個人情報の盗難、漏えい、改ざん、紛失等の危険にさらされることのないよう、組織的、人的、物理的および技術的な安全管理措置を講じます。

6.お問い合わせについて

当社は、ご本人から個人情報の開示、訂正、利用停止等を求められた場合、法令の定めに従い、適切に対応します。また、ご本人から苦情を受けた場合は、遅滞無く事実を調査した上で、誠意をもって対処するよう努めます。

※おことわり
関係法令または当社内部規則等の変更に伴い、このプライバシーポリシーを改定する場合があります。
2021年(令和3年)7月1日制定
2022年(令和4年)8月1日一部改定
2022年(令和4年)8月20日一部改定
2023年(令和5年)11月1日一部改訂

エスパシオエンタープライズ株式会社(以下、「当社」といいます)は、「個人情報の保護に関する法律」に基づき、個人情報取扱事業者として以下の事項を公表します。

1.個人情報の取得・利用目的について

<個人情報の取得>
当社は、当社の施設及び商品(宿泊、料飲、宴会、物品販売、その他付帯商品の提供・販売、サービスの提供、催事の実施等)に関する取引、当社と提携する事業者との取引等に際し、以下の方法により個人情報を取得します。

  1. ご本人からの直接取得
    電話、書面(電磁的記録を含む)、名刺、口頭、インターネット等
  2. ご本人から正当な権限を授権された方からの取得、利用申込者、紹介者、旅行斡旋事業者、提携先及びパッケージ商品等の受付事業者等
  3. 公表されているものからの取得
    インターネット、新聞、電話帳、書物その他の刊行物等
  4. Cookieその他類似技術による取得

<当社が保有する個人情報>
本方針における「個人情報」とは、特定の個人を識別することができる情報(他の情報と容易に照合することができ、それにより特定の個人を識別することができることとなる情報を含みます。)をいいます。当社が取り扱う個人情報には以下のものが含まれます。

  1. 氏名、性別、生年月日、住所、電話番号、メールアドレス、結婚日、勤務先情報(会社名、住所、電話番号、部署、役職)、家族情報(氏名、続柄、誕生日)
  2. 購入した商品及びサービス、特別なリクエストの内容、サービスの好みに関する所見(部屋の好み等)を含む滞在情報
  3. 各会員組織における会員情報、オンラインのユーザーアカウント情報
  4. アンケート調査、プロモーション特典等に参加する過程でお客様が提供する情報
  5. 監視カメラ、カードキー、セキュリティシステム等の使用を通じて収集される情報
  6. 当社と取引のある法人、アカウントや外部業者の従業員及びその他の個人(旅行代理店や会議及びイベントプランナー等)の連絡先情報とその他の関連情報
  7. Webサイト閲覧履歴、メール開封状況等のインターネット上での行動履歴情報

<個人情報の利用目的>
お客様から個人情報を取得する場合は、その利用目的を明らかにし、以下の利用目的の範囲内で利用させていただきます。また、利用目的の範囲を超えて利用する必要が生じた場合、法定の例外を除き、お客様本人にその旨の同意を得たうえで行います。
尚、利用目的の達成にあたり「当社が保有する個人情報」を分析した上で利用することがあります。

  1. 宿泊・料飲・宴会等
    装飾・装花、衣装、美容、司会、演出、筆耕、写真、引出物等の商品・サービスのための利用
  2. 宿泊・料飲・宴会等のパッケージプラン
    エステ等の商品・サービスのための利用
  3. 施設内サービス
    プール、マッサージ、テナント等の清算・サービスのための利用
  4. 法令の定めによるお客様情報のご登録
  5. 当社施設の会報誌・各種ご優待・各種商品プラン・イベント情報の送付等、営業案内のための利用
  6. 利用動向調査、新商品開発、お客様満足度調査のため、個人を特定しない仮名加工情報として加工し、統計的情報として利用
  7. 各会員組織における会員情報の管理及び会員に対して行うサービス等のための利用
  8. アンケート等でいただいたご意見に対して、文書・電話・電子メールでご連絡させていただくための利用
  9. 取引等に関連して行う案内・確認等のための連絡、商品の発送、代金の支払い・精算、その他関連する事項への利用
  10. 広告の効果測定及び改善のための利用
  11. 問合せ、依頼等への対応
  12. その他当社の商品・サービス提供全般に関わる利用

2.第三者への開示・提供について

<第三者への提供>
当社は、以下のいずれかに該当する場合を除き、お客様の個人情報を第三者へ開示または提供しません。

  1. ご本人の同意をいただいている場合
  2. 法令に基づき開示・提供を求められた場合
  3. 人の生命、身体または財産の保護に必要な場合であって、ご本人の同意をいただくことが困難である場合
  4. 公衆衛生の向上または児童の健全な育成のために必要な場合であって、ご本人の同意をいただくことが困難である場合
  5. 国または地方公共団体等が法令の定める事務を実施するために協力が必要な場合であって、ご本人の同意をいただくことにより当該事務の実施に支障を及ぼすおそれがある場合
  6. その他、法令で認められた措置を講じている場合

<委託に関する事項>
当社は、上記以外に、当社の業務を円滑に遂行するため、業務の全部あるいは一部を委託し、委託先に対し必要な範囲で個人情報を預託する場合がありますが、この場合当社は、委託先との間で個人情報の適切な取り扱いに関する契約を締結し、委託先に対して適切な監督を行います。

<共同利用に関する事項>
当社は、保有する個人情報を、以下の範囲内で、共同して利用する場合があります。なお、当該個人情報の共同利用に関する管理については当社個人情報の管理責任者が責任をもって行います。

  1. 共同利用される個人情報の項目
    ・氏名、性別、生年月日、住所、電話番号、メールアドレス、勤務先情報(会社名、住所、電話番号、部署、役職)
  2. 共同して利用する者の範囲
    ・興和グループ各社 (興和グループウェブサイト「主な関係会社 」)
  3. 利用する者の利用目的
    本方針、個人情報の取り扱いについて 、1.個人情報の取得・利用目的について<個人情報の利用目的>に記載の目的に準ずる
  4. 個人情報の管理責任者
    エスパシオエンタープライズ株式会社
    名古屋市中区錦三丁目 23 番 18 号
    代表取締役社長 本中野 真

3.安全管理のために講じた措置

  1. 基本方針の策定
    個人情報の適正な取り扱いの確保のための基本方針を策定しています。
  2. 個人情報の取り扱いに係る規律の整備
    取扱方法、責任者・担当者およびその任務等について個人情報の取扱規定を策定しています。
  3. 組織的安全管理措置
    個人情報の取り扱いに関する責任者を設置するとともに、取扱基準を明確化し、漏えい等事案の発生または法令違反等を把握した場合の責任者への報告連絡体制を整備しています。
  4. 人的安全管理措置
    個人情報の取り扱いに関する留意事項について、従業員に定期的な研修を実施しています。個人情報についての秘密保持に関する事項を就業規定に記載しています。
  5. 物理的安全管理措置
    重要な情報システムを管理する区域等において、従業員等の入退室管理を行っています。個人情報を取り扱う機器、電子媒体および書類等の盗難または紛失等を防止するための措置を講じるとともに、容易に個人情報が判明しないよう措置を実施しています。
  6. 技術的安全管理措置
    アクセス制御を実施して、担当者および取り扱う個人情報の範囲を限定しています。個人情報を取り扱う情報システムを外部からの不正アクセスまたは不正ソフトウェアから保護する仕組みを導入しています。
  7. 外的環境の把握
    個人情報を保管している各国における個人情報の保護に関する制度を把握した上で安全管理措置を実施しています。

4.クッキー(Cookie)の使用について

クッキーは、特定のウェブサイトにアクセスされた際、ウェブサーバからお客様のブラウザに送信する情報で、お客様のコンピューターに記録されます。お客様が当社ウェブサイトに再訪問された際、より便利に閲覧していただくためにクッキーを使用しております。お客様ご自身が、ブラウザ設定を操作することで、クッキーを無効にすることも可能です。この場合、いくつかの機能が利用できなくなる場合があります。クッキーに関する設定方法は、お使いのブラウザの「ヘルプ」メニュー等でご確認ください。

5.個人情報の開示、訂正、利用停止等について

  1. 個人情報の開示について
    当社は、個人情報の利用目的の通知、内容の開示、第三者提供記録の開示のご要望をいただいた場合、遅滞無く、その有無も含めて開示します。
  2. 個人情報の訂正、追加、削除、利用停止、消去、第三者提供の停止(以下、「訂正等」といいます)
    当社は、個人情報の訂正等のご要望をいただいた場合、そのご要望内容について、遅滞無く調査を行った上で合理的範囲において訂正等を行い、その結果をお知らせします。
  3. 開示・訂正等の請求手続き
    個人情報の開示または訂正等のご要望は、次の書類を当社相談窓口宛にお送りください。なお、安全確保の観点から、郵送のみにさせていただきます。ご了承賜りたくお願い申し上げます。
    ・ 別添の「個人情報開示・訂正等申込書
    ・ 次の本人確認書類(コピー)のうちいずれか2つ
     ①運転免許証、②パスポート、③健康保険証
     ④個人番号カード(写真面)、⑤年金手帳
     ⑥納税証明書(または所得証明書)、⑦住民票
     ⑧印鑑証明書、またはこれらに準ずる公的証明書
    ・ 所定の郵便切手を貼付した返信用封筒
    代理人によるご請求の場合、上記に加え、代理人である事を証する書類(委任状、健康保険証等)および代理人の本人確認書類(上記と同様)をお送りください。本人確認書類に記載されたご住所宛に返信しますので、現住所が記載されている本人確認書類をお送りください。本人確認書類は、回答書に同封して返却します。

送付先:〒460-0003
名古屋市中区錦三丁目 23 番 18 号
エスパシオエンタープライズ株式会社
個人情報お問い合わせ窓口
個人情報開示・訂正等申込書

6.個人関連情報に関する同意取得

以下の表に定める「個人情報の提供元」より「提供を受ける個人関連情報の項目」に記載のある情報を受け取り、当該当該情報を個人情報に紐づけて利用することがあります。
その場合の利用目的は、「利用目的」に記載の通りです。

個人関連情報の提供元 提供を受ける個人関連情報の項目 利用目的
GoogleLLC等の広告
プラットフォーム運営事業者		 ・お客様が当社ウェブサイトに至るまでに経由した広告(弊社出稿)のキャンペーン情報
・上記キャンペーン情報から取得可能な、お客様の属性情報/検索キーワード等		 <個人情報の利用目的>に記載の利用目的

※横にスクロールできます

7.お問い合わせ先

個人情報に関して苦情・相談その他のお問い合わせがある場合は、以下の当社相談窓口宛にご連絡ください。この際にご本人または代理人の方であることの確認を必要とする場合、別途、確認の手続をさせていただきますのでご了承ください。

 郵送の場合
〒 460 - 0003
名古屋市中区錦三丁目 23 番 18 号
エスパシオエンタープライズ株式会社
個人情報お問い合わせ窓口
 お電話の場合
TEL:052-211-9017
受付時間:9:00~17:30(土・日・祝日、年末年始を除く)
 電子メールの場合
privacy-policy@espacioenterprise.com

1. General

We at Espacio Enterprise Co. Ltd. (hereinafter referred to as “we”, “us”, “our” or “Espacio”) value your privacy and are committed to take care of your data, and we take this responsibility very serious. Please take the time to carefully read our Privacy Policy, which explains why we collect your Personal Data and how we process it when you:

  • visit our website www. espacioenterprise.com, www.nagoyakankohotel.co.jp, www.houoh.jp (coming soon)(see, in particular, Section 3.1)
  • use our products and/or services such as making a booking with us (see, in particular, Section 3.2)
  • are a potential customer (see, in particular, Section 3.3)
  • are our supplier or business partner (see, in particular, Section 3.4)
Controller Espacio Enterprise Inc:
23-18, Nishiki 3-chome,
Naka-ku, Nagoya-shi, Aichi
Nagoya, Aichi 460-0003

*horizontal scroll

2. Definitions

Unless otherwise indicated, capitalized terms used in this Privacy Policy are defined in Annex 1. Most of the definitions are derived from the California Consumer Privacy Act of 2018 (CCPA) which you can access from here and the California Privacy Rights Act of 2020 (CPRA) , and the General Data Protection Regulation (GDPR) which you can access from here.

3.How do we process your Personal Data?

We process your data in different ways depending on whether you visit our website, make a reservation with us, are our supplier, business partner or job applicant.

We do not sell your Personal Data within the meaning of Section 1798.140 (ad) of the CPRA. The term Selling has a broad meaning and includes selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration, according to Section 1798.140. (ad) (1-2) of the CPRA.

3.1 Processing of Personal Data relating to visitors of your website
Like many other websites, we use so-called “cookies”. Cookies are small text files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. If you have given your consent to our use of cookies, we do so to improve the use of our website. You can revoke your consent any time.

3.2 Processing of Personal Data relating to use of our products and services
Purpose and legal basis
When you use our products and services such as making a reservation with us, we process your Personal Data. For all Personal Data we collect from other sources please have a look at Section 4: Collection of Personal Data from sources other than the directly from the Data Subject (Art 14 GDPR). The primary purpose for processing data when you use our products and services such as making a reservation with us is to fulfil the contractual relationship between you and Espacio, ensuring that we can provide you the products and services you have requested. We further might process Personal Data to comply with legal obligations, such as for tax reporting purposes.

We may process Personal Data concerning health or allergies voluntarily provided by you or obtained through direct communication with our staff for the purpose of ensuring your safety and satisfaction during your stay. Where we process any such allergen information, we will obtain your explicit consent to the processing at the point at which such information is collected.

Besides that, we use your contact information to send you information on our products and services as a form of Direct Marketing. Your email address might be added to a contact list of those who may receive email messages containing information of commercial or promotional nature as a result of signing up to our website or after making a reservation.

The processing activity related to Direct Marketing is based on Legitimate Interest. You have the right, at all times, to object to the Processing of your Personal Data for the purpose of Direct Marketing, without being required to state your reasons, and can do so by sending us a letter or emailing us at [event@nagoyakankohotel.co.jp]. The Processing of your Personal Data for the purpose of Direct Marketing is not required in order to conduct our contractual relationship.

Personal Data processed
We mainly process the Personal Data you provide us with. For all Personal Data we collect from other sources please have a look at Section 4: Collection of Personal Data from sources other than the directly from the Data Subject (Art 14 GDPR).

We collect:

Identifiers (CPRA Category A)

  • Name
  • E-mail address
  • Billing address
  • Social security number
  • Passport or ID

Personal information (CPRA Category B)

  • Telephone number
  • Payment data
  • Credit/Debit card number,
  • Reservation number
  • Memberships

Protected classification characteristics under California or federal law (CPRA Category C)

  • Date of Birth

Sensitive information (CPRA Category L)

  • Information on allergies and other health information

Recipients
To achieve the objectives described above, it may be necessary to disclose your Personal Data to the following Recipients in certain cases. This includes the transmission of Personal Data to the e-commerce platforms engaged by us when we are sending our newsletter. Personal Data may be disclosed by being transferred, disseminated, or provided by other means to:

Recipient Data Location Basis for transfer to third party country
1 Satori Japan Adequacy Decision
2 Futureshop Japan Adequacy Decision
3 Tax and Legal consultants Japan Adequacy Decision
4 Vendors Japan Adequacy Decision
5 Government and Law
Enforcement agencies		 Japan Adequacy Decision

*horizontal scroll

Retention period
Personal Data necessary for tax purposes, especially contracts, invoices and other bookkeeping documents as well as relevant correspondence in relation to our contractual relationship we store to comply with legal obligations or upon order of an authority.
Furthermore, we may be allowed to retain Personal Data whenever you have given consent to such processing (e.g. subscription to our newsletter), as long as such consent is not withdrawn.

Summary

Purpose Legal Basis Recipients
Reservation and Service Contract Performance 1-5
Communication Contract Performance -
Invoicing Contract Performance 3-5
Allergen and Health Information Explicit Consent 4
Tax obligation Legal Obligation 3
Direct Marketing Legitimate Interest 1-2
Newsletter subscription Consent 1-2

*horizontal scroll

3.3 Processing of Personal Data relating to potential customers
Purpose and legal basis
When you contact us to inquire about our products and/or services, we process the Personal Data you include in such a message, including the contact form on our website, in emails or collected during phone calls to answer and process such inquiry prior to a booking being made. Such processing is necessary in order to take steps at your request prior to entering into a contract with you and our legal basis for processing such data is Contract Performance. Contract Performance is also the purpose of any processing of your personal data when you decide to make a reservation with us or book a service.

Furthermore, we may process the data you provide as part of your inquiry for Direct Marketing purposes as we have a Legitimate Interest to provide you with information about our services including those that are the same or similar to the ones you have inquired about. You have the right, at all times, to object to the Processing of your Personal Data for the purpose of Direct Marketing, without being required to state your reasons, and can do so by sending us a letter or emailing us at privacy-policy@espacioenterprise.com. The Processing of your Personal Data for the purpose of Direct Marketing is not required in order to conduct our contractual relationship.

Personal Data processed
We mainly process the Personal Data you provide to us during as part of your inquiry and any pre-contractual discussions we have with you prior to you making a booking. For all Personal Data we collect from other sources please have a look at Collection of Personal Data from sources other than the directly from the Data Subject (Art 14 GDPR).

We collect:

Identifiers (CPRA Category A)

  • Name
  • E-mail address and other contact details

Personal information (CPRA Category B)

  • Telephone number

Protected classification characteristics under California or federal law (CPRA Category C)

  • Date of Birth
  • Gender

Internet information (CPRA Category F)

  • IP Address and IP location
  • Number, duration and time of visits (your interaction with our website)
  • Device information

Recipients
To achieve the objectives described above, it may be necessary to disclose your Personal Data to the following Recipients in certain cases. Personal Data may be disclosed by being transferred, disseminated, or provided by other means to:

Recipient Data Location Basis for transfer to third party country
1 Satori Japan Adequacy Decision
2 Futureshop Japan Adequacy Decision

*horizontal scroll

Retention period
Personal Data collected for purposes related to Contract Performance shall be retained until such contract has been fully performed.

We may be allowed to retain Personal Data whenever you have given consent to such processing (e.g. subscription to our newsletter), as long as such consent is not withdrawn.

Summary

Purpose Legal Basis Recipients
Communication with you Contract Performance -
Direct Marketing Legitimate Interest 1-2
Newsletter subscription Consent 1-2

*horizontal scroll

3.4 Processing of Personal Data relating to suppliers and business partners
Purpose and legal basis
Your Personal Data is processed, first and foremost, for the purpose of Contract Performance regarding Espacio’s services. This includes our distribution partners who sell or market our services and products. The purpose of processing your Personal Data is the performance of our legal relationship.

Processed Personal Data
We mainly process the Personal Data you provide us with.

We collect:

Identifiers (CPRA Category A)

  • Name
  • E-mail address

Personal information (CPRA Category B)

  • Telephone number
  • Payment data
  • Billing address

Professional or employment-related information (CPRA Category I)

  • Company name
  • Company address
  • Company phone number

If your company details include a name of an individual, we may be required that you provide us with your Personal Data to enable us to enter into a business relationship with you.

Recipients
To achieve these desired objectives, it may be necessary to disclose your Personal Data to the following Recipients in certain cases. This includes platforms regarding the support of our dealer network to collect dealer contact info and user data for purposes of servicing the account. Personal Data may be disclosed by being transferred, disseminated, or provided by other means to:

Recipient Registered Office (Country) Basis for transfer to third party country
1 Tax and legal consultants Japan Adequacy Decision
2 Accountants Japan Adequacy Decision
3 Law enforcement and Government agencies Japan Adequacy Decision

*horizontal scroll

Retention period
All Personal Data necessary for tax purposes, especially contracts, invoices and other bookkeeping documents as well as relevant correspondence in relation to our contractual relationship we store to comply with legal obligations or upon order of an authority.

Summary

Purpose Legal Basis Recipients
Cooperation Contract Performance -
Debt Collection Contract Performance 1-3
Invoicing Contract Performance 1-2
Audit Legal Obligation 1-2
Accounting Legal Obligation 2

*horizontal scroll

4. Collection of Personal Data from sources other than directly from the Data Subject (Art 14 GDPR)

Purpose and legal basis
If we process your Personal Data we usually collect Personal Data directly from you when you provide such information to us. Nevertheless, in individual cases, we may also obtain Personal Data from other sources.

Processed Personal Data
The Personal Data we obtain from third sources about you which is stored in our systems is limited to:

Identifiers (CPRA Category A)

  • Name
  • E-mail address
  • Billing address
  • Social security number

Personal information (CPRA Category B)

  • Telephone number
  • Payment data
  • Credit/Debit card number,
  • Reservation number

Protected classification characteristics under California or federal law (CPRA Category C)

  • Date of Birth

Sources

  • Agoda
  • Ateam Brides (Hanayume Desk)
  • ANA
  • ANA Travelers
  • com
  • D-EDGE
  • Gurunavi
  • Hotelbeds
  • IBJ (Omiai)
  • Ikyu
  • i-honex
  • JALPAK
  • Liberty Tours
  • Recruit (Zexy Navi)
  • SATORI
  • Starz Publishing (Ozmall) Starts Publishing Coorporation
  • Table check
  • Tripla Inc.
  • com Group
  • The Leading Hotels of the World
  • Yahoo!

This processing is based on our Legitimate Interest in a complete set of Personal Data required for professional communication, contract performance and our business relationships.

5. Data security

We handle Personal Data only as permitted by data protection regulations. We use a variety of technical and organizational measures to help protect your Personal Data from unauthorized access, disclosure, modification, loss or destruction in accordance with applicable data protection laws.

When handling Personal Data, our employees are obliged to comply with the regulations of the GDPR.

6. What are your rights with respect to Processing of Personal Data?

6.1. Rights under the GDPR
CPRA, GDPR and other applicable data protection laws protect certain rights for Data Subjects. In particular:

Right of Access – right to obtain confirmation of which of your Personal Data is processed and information about it, for instance, which are the purposes of the Processing, what are the conservation periods, among others.

Right to Erasure or “right to be forgotten” – right to erase your Personal Data, provided that there are no valid grounds for its retention, for example in cases where we have to keep the Personal Data to comply with legal obligation or because a court case is in progress.

Right to Data Portability – right to receive the Personal Data you have provided us in a digital format of current use and automatic reading or to request the direct transmission of your Personal Data to another entity that becomes the new responsible for your Personal Data, however only if technically possible.

Right of Rectification – right to request modification of your Personal Data that is inaccurate or request incomplete Personal Data, such as the address, VAT, email, telephone contacts, or others.

Right to object and ADM – Espacio may use personal data for automated decision-making including profiling within the meaning of Art 22 GDPR.

When the Processing of Personal Data, including the Processing for the definition of profiles, is exclusively automatic (without human intervention) and may have effects in your legal sphere or significantly affect it, you shall have the right not to remain subject to any decision based on such automatic Processing, except as otherwise provided by law and shall have the right that we take appropriate measures to safeguard its rights and freedoms and legitimate interests, including the right to have human intervention in decision making by us, the right to express its point of view or contest the decision taken on the basis of automated individual information Processing.

6.2 Rights exclusively under the GDPR

Right to Withdraw Consent or Right of Opposition – right to object or withdraw consent at any time to Processing, for example in the case of Processing for marketing purposes, provided that no Legitimate Interests exist prevailing over your interests, rights and freedoms, such as defending a right in a judicial process.

Right of Limitation – right to request the limitation of the Processing of your Personal Data, in the form of: (i) suspension of Processing or (ii) limitation of the scope of Processing to certain categories of Personal Data or purposes of Processing.

Right to complain – right to complain to the supervisory authority, in addition to us.

For rights asserted by Data Subjects from the EU under the GDPR the period for handling a request is 30 days unless it is a particularly complex request.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

6.3 Rights exclusively under the CPRA

Right to opt-out of third-party sales and sharing – right to opt-out of third-party sharing of your Personal Data for cross-context behavioural advertising purposes and selling this data. This means that whenever you request us to stop selling or/ and sharing your data, we will abide by your request.

Right to Limit Use and Disclosure of Sensitive Personal Information (SPI) – right to limit the use and disclosure of their SPI to that which is necessary to perform the services or provide the goods.

Right to Opt-Out of ADM technology – right to opt-out of being subject to automated decision-making processes, including profiling.

The exercise of rights is free of charge, except in the case of a manifestly unfounded or excessive request, in which case a reasonable fee may be charged regarding its costs.

The information must be provided in writing but may be given orally if requested. In this case, we should verify your identity by means other than oral.

The response to requests based on the provisions of the CPRA should be provided within a maximum of 45 days. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

For rights asserted by Data Subjects from the EU under the GDPR the period for handling a request is 30 days unless it is a particularly complex request.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

7. Non-Discrimination

We will not discriminate against you for exercising any of your CPRA rights. Unless permitted by the CPRA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

8. Processing data related to children

Our services are not intended for and may not permissibly be used by individuals under the age of 13. Espacio does not knowingly collect personal data from persons under 13 or allow them to register. If it comes to our attention that we have collected or processed personal data from such a person, we may delete this information without notice.

9. Changes to our data protection provisions

We reserve the right to modify this Privacy Policy, so it is always in compliance with the current legal requirements or to implement changes to services in the Privacy Policy, e.g., when introducing new services. In this case, your future visits to our website will be subject to the updated Privacy Policy.

If you have additional questions regarding the processing of your Personal Data, please feel free to contact us directly, either by email at [privacy-policy@espacioenterprise.com] .

10. Contact information

10.1. General
If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data, your choices and rights regarding such use please do not hesitate to contact us:

Phone: [052-211-9017]
Website: [https://www.espacioenterprise.com/privacy/]
Email: [privacy-policy@espacioenterprise.com]
Postal Address: 23-18, Nishiki 3-chome,
Naka-ku, Nagoya-shi, Aichi
Nagoya, Aichi 460-0003

Attn: Personal Information Administration Office

10.2. Data Subject Requests from EU and UK Data Subjects according to the GDPR
We value your Data Subject Rights under GDPR and therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:

European Union (EU)

United Kingdom (UK)

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://prighter.com/q/19363884230

10.3. Requests from California residents according to the CPRA
To exercise the data subject rights described above in 6.1. and 6.3., California residents may submit a verifiable consumer request to us by either:

Email us at [privacy-policy@espacioenterprise.com

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or for disclosure what personal information is sold or shared and to whom, twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Annex 1

ADM means Automated decision-making;
CCPA means the California Consumer Privacy Act (CCPA) signed into law on June 28, 2018, to amend Part 4 of Division 3 of the California Civil Code. http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180AB375
CPRA means the California Privacy Right Act of 2020,
Consent of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her;
Contract Performance means concluding, maintaining, and completing of a contract concluded between the Controller and a Data Subject, including Processing activities which take place at the request of the Data Subject before entering into a contractual relation;
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data; where the purposes and means of such Processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Data Subject is any natural person whose Personal Data is being collected, held or processed. Examples of a Data Subject can be an individual, a customer, a prospect, an employee, a contact person, etc;
Direct Marketing means personal data processed to communicate a marketing or advertising message. This definition includes messages from commercial organisations, as well as from charities and political organisations;
General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA); Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) https://eur-lex.europa.eu/eli/reg/2016/679/oj ;
Legitimate Interest means the Controller’s interest to process Personal Data in order to carry out tasks related to the Controller‘s business activities. The processing of Personal Data in that context may not necessarily be justified by a legal obligation or carried out to execute the terms of a contract with a Data Subject;
Personal Data means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, but is not limited to the term ‘Personal Information’ according to Section 1798.140. (v) (1-3) of the CPRA.;
Personal Information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household, according to Section 1798.140. (v) (1-3) of the CPRA;
Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller;
Recipient means a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as Recipients; the Processing of those Personal Data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the Processing;
Selling means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration, according to Section 1798.140. (ad) (1-2) of the CPRA.
Sensitive Personal Information means personal information that reveals: the social security, driver’s license, state identification card, or passport number. An account log-in, financial account, debit card, or credit card number, or credentials allowing access to an account, the precise geolocation, racial or ethnic origin, religious or philosophical beliefs, or union membership, content of a consumer’s mail, email and text messages unless the business is the intended recipient of the communication, and genetic data, according to Section 1798.140. (ae) (1-3) of the CPRA.

*horizontal scroll