Privacy and Cookie Policy

Discover Niigata Privacy Policy

Enacted: 02 17, 2026

1. Introduction

This Privacy Policy sets forth the policies and procedures of Discover Niigata regarding the collection, use, protection, management, and disposal of personal data when users access and use this website.

Discover Niigata is operated by the Niigata Inbound Promotion Association (hereinafter referred to as the “Association,” “we,” “us,” or “our”). The Association processes personal data in compliance with all applicable data protection laws and regulations, including, where applicable, the EU General Data Protection Regulation (GDPR).

By using this website, you acknowledge that you have read and agreed to the terms of this Privacy Policy. If you do not agree to the processing of your personal data as described in this Policy, please refrain from using this website.

2. Data Controller

For the purposes of the GDPR and other applicable data protection laws, the Data Controller is as follows:

• Name: Niigata Inbound Promotion Association
• Secretariat: Within the Niigata International Tourism Promotion Division
• Address: 4-1 Shinko-cho, Chuo-ku, Niigata-shi, Niigata 950-8570, Japan
• Email: ng*******@*************lg.jp

3. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings set forth below:

• Cookies: Small text files placed on your computer, mobile device, or any other device by a website, containing details of your browsing history on that website among its many uses.
• Device: Any device capable of accessing the Website, including but not limited to computers, smartphones, and tablets.
• Personal Data: Any information relating to an identified or identifiable natural person.
• Service: Refers to the Website.
• Service Provider: Any natural or legal person who processes data on behalf of the Association. This includes third-party companies or individuals employed by the Association to facilitate the Service, to provide the Service on behalf of the Association, to perform Service-related tasks, or to assist the Association in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
• Usage Data: Data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
• Website: Refers to Discover Niigata, accessible from https://discover-niigata.com/.
• User: The individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

4. Information Collected

(1) Personal Data Provided by Users

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

• Email address
• First name and last name
• Usage Data

(2) Usage Data

Usage Data is collected automatically when using the Service. Usage Data may include information such as your Device’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data. When you access the Service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use, and other diagnostic data.

(3) Tracking Technologies and Cookies

We use Cookies and similar tracking technologies (such as beacons, tags, and scripts) to track the activity on our Service and store certain information. Except for Essential Cookies, these technologies are used only when the User has provided prior explicit consent, and the User may withdraw such consent at any time.

• Web Beacons: Used for obtaining statistical information, such as counting users who have visited those pages or opened an email, and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
• Essential Cookies: Indispensable for providing the Service and preventing fraudulent use.
• Functionality Cookies: Used to remember choices you make (such as login details or language preferences) to provide a more personal experience.
• Tracking and Performance Cookies: Used to track information about traffic to the Website and how users use the Website, or to test new advertisements, pages, features, or new functionality of the Website. These may be managed by third parties.

5. Purposes of Using Personal Data

The Association may use Personal Data for the following purposes:

• To provide and maintain our Service: Including to monitor and analyze the usage of our Service.
• To manage your requests: To attend and manage your inquiries or requests to us.
• For other purposes: Such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve our Service.
• To provide news and promotional information: Such as newsletters and other information.

The Association may entrust the processing of Personal Data to Service Providers (Data Processors) to the extent necessary to achieve the purposes set forth in this Privacy Policy. In such cases, the Association shall enter into appropriate data protection agreements with such Service Providers and exercise necessary and appropriate supervision. Except as otherwise provided herein, the Association will not provide Personal Data to third parties without your prior consent, unless required by law.

6. Retention of Personal Data

The Association will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

7. Transfer of Personal Data

Your information, including Personal Data, is processed at the Association’s operating offices and in any other places where the parties involved in the processing are located. If you are located outside Japan, your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. The Association will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, and We do not transfer Personal Data to organizations or countries that lack adequate data protection frameworks.

8. Disclosure of Personal Data

(1) Compliance and Law Enforcement

Under certain circumstances, the Association may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

(2) Other Legal Requirements

The Association may disclose your Personal Data in the good faith belief that such action is necessary to:

• Protect and defend the rights or property of the Association.
• Prevent or investigate possible wrongdoing in connection with the Service.
• Protect the personal safety of Users of the Service or the public.
• Protect against legal liability.

9. Detailed Information on the Processing of Personal Data

Service Providers used by the Association may have access to your Personal Data for the purpose of monitoring and analyzing the use of our Service. The specific Service Providers used are as follows:

• Google Analytics: A web analytics service that tracks and reports website traffic.
• Looker Studio: A data visualization and reporting tool used to analyze usage trends and performance.

10. GDPR Privacy Policy

(1) Legal Basis for Processing Personal Data under GDPR (Article 6)

The Association may process Personal Data under the following conditions:

• Consent: You have given your consent for processing Personal Data for one or more specific purposes.
• Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
• Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which the Association is subject.
• Vital interests: Processing Personal Data is necessary in order to protect your vital interests or those of another natural person.
• Public interests: Processing Personal Data is related to a task that is carried out in the public interest (e.g., promotion of tourism) or in the exercise of official authority vested in the Association.
• Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Association.

(2) Your Rights under the GDPR

Users located within the European Economic Area (EEA) have the following rights:

• The right to access, update, or delete the information we have on you.
• The right of rectification: The right to have your information rectified if that information is inaccurate or incomplete.
• The right to object: The right to object to our processing of your Personal Data.
• The right of erasure: Also known as the “right to be forgotten.”
• The right of data portability: The right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
• The right to withdraw consent: The right to withdraw your consent at any time where the Association relied on your consent to process your personal information.

(3) Exercising of Your GDPR Data Protection Rights

You may exercise your rights by contacting the Association. Please note that we may ask you to verify your identity before responding to such requests. You also have the right to complain to a Data Protection Authority about our collection and use of your Personal Data.

11. Children’s Privacy

Our Service does not address anyone under the age of 16. We do not knowingly collect personally identifiable information from anyone under the age of 16. If we become aware that we have collected Personal Data from anyone under the age of 16 without verification of parental consent, we take steps to remove that information from our servers. If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent’s consent before we collect and use that information.

12. Links to Other Websites

Our Service may contain links to other websites that are not operated by us. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

13. Changes to this Privacy Policy

The Association may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via a prominent notice on our Service prior to the change becoming effective and update the “Enacted” date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes.

14.Handling of Anonymously Processed Information and Anonymized Data

The Association may handle personal data by processing it into “Anonymously Processed Information” (as defined under the Japanese Act on the Protection of Personal Information) or “Anonymized Data” (as defined under the GDPR) in such a manner that the individual can no longer be identified.

Anonymously Processed Information or Anonymized Data may be used for the following purposes:

• Analysis of tourism trends and the creation of statistical reports.
• Improvement of our Service and consideration of new initiatives.
• Surveys and research regarding regional tourism promotion and related matters.
• Non-profit utilization through collaboration with public or academic institutions.

When creating Anonymously Processed Information, the Association shall take appropriate measures to ensure that individuals cannot be identified and shall implement strict technical and organizational controls to prevent re-identification. Furthermore, if the Association provides Anonymously Processed Information to a third party, it shall publicly announce the items of information to be provided and the method of provision, and clearly state that the information being provided is Anonymously Processed Information.

Where the GDPR applies, the Association shall confirm that the data is in a state where individuals can no longer be identified (anonymization) and shall handle such data on the basis that it falls outside the scope of the GDPR in accordance with Recital 26 of the GDPR.

Contact Us

If you have any questions about this Privacy Policy, you can contact the Association:

• The Association’s Website: https://discover-niigata.com
• By Email: ng*******@*************lg.jp