Privacy Policy

In compliance with the Act on the Protection of Personal Information (hereinafter referred to as the “Personal Information Protection Act”) as well as any other laws, governmental regulations, guidelines, and the like applicable to handling of personal information, and in order to ensure appropriate handling of users’ personal information, the Japan Pavilion Secretariat, Expo 2025 (hereinafter referred to as the “Secretariat”) has established this Privacy Policy (hereinafter referred to as “this Privacy Policy”) covering the handling of personal information in the course of provision of the Secretariat’s services (hereinafter referred to as “Services”).
This Privacy Policy applies to the handling of any and all personal information in Services. However, if a user is provided with any particular Service and there is a separate rule or regulation applicable with respect to the handling of personal information in that Service, the handling of personal information in that Service shall be governed by such separate rule or regulation.
Unless otherwise provided for in this Privacy Policy, terms used herein shall have the meanings given to them in the Personal Information Protection Act.

1. Personal information obtained by the Secretariat and purposes of its use

The Secretariat will obtain personal information through adequate procedures in accordance with the Personal Information Protection Act, including clarifying the purpose of use of such personal information, and will not use users’ personal information for any purpose other than those described in this Privacy Policy.

1. Personal information obtained by the Secretariat
   Personal information collected by the Secretariat includes the following categories of information concerning a user:
   1. the user’s basic information (such as name, nickname, gender, date of birth, address (zip code, prefecture, and municipality), telephone number, email address, passport number, and information regarding nationality or country of residence);
   2. payment and settlement information (such as credit card number);
   3. location information;
   4. biometric information (such as facial image and voice);
   5. affiliation information (such as company name, organization name, department name, and job title);
   6. medical information (such as disability information);
   7. Social media-related information (i.e., information on LINE, X, Facebook, Instagram, Google and other social media accounts, and information related to social media authentication results) only if the user has individually authorized the integration of their social media account with Services;
   8. input information (such as language preference, e-mail delivery settings, and other information that the user inputs or transmits by methods specified by the Secretariat including the Secretariat’s input forms) excluding any information included in the above categories; and
   9. information obtained from the user’s terminal or otherwise (such as terminal type, OS, terminal identifier, IP address, browser type and other browser information, referrer information, cookie ID, information related to browsing history, purchase history, etc. obtained by means of cookies and cookie-like technologies, and identification for advertisers such as IDFA and AAID, etc.).
2. Purposes of use of personal information obtained
   Personal information obtained by the Secretariat will be used by the Secretariat for the purpose of:
   1. authentication and identity verification of users;
   2. providing users with Services, including the implementation of events;
   3. requesting users to provide feedback on Services;
   4. investigating and analyzing users’ use of Services, and maintaining, protecting, and improving Services and other functionality;
   5. registering reservation information and managing and operating events in a safe and smooth manner;
   6. responding to inquiries regarding Services;
   7. responding to any violation of the Secretariat’s rules and regulations relating to Services;
   8. notifying users of amendments to any rules and regulations relating to Services;
   9. preventing failures, malfunctions and incidents of or involving systems for Services, and responding to such failures, malfunctions and incidents when they occur;
   10. providing personal information to third parties as described in Section 2 “Provision of personal information to third parties”; and
   11. receiving personal information (or information related to personal information) obtained by the Secretariat’s business partners, based on the user’s consent to this Privacy Policy, and using such information in combination with the user’s personal information already held by the Secretariat for the purposes described in this Subsection 1.(2) “Purpose of use of personal information obtained”. Personal information (or information related to personal information) so obtained may include the following information:
       　 terminal type, OS, terminal identifier, IP address, browser type and other browser information, referrer information, cookie ID, browsing history and purchase history information obtained by using cookies and cookie-like technologies, and identification for advertisers such as IDFA or AAID, etc.

2. Provision of personal information to third parties

1. The Secretariat may provide a user’s personal information to third parties in accordance with applicable laws and governmental regulations if:
   1. the Secretariat delegates all or part of the handling of personal information, to the extent that such delegation is required to achieve the purpose of use;
   2. the personal information is provided as part of business transfer resulting from, for example, a merger;
   3. such provision of personal information is required for the protection of the life, body or property of an individual and it is difficult to obtain the user’s consent;
   4. such provision of personal information is particularly necessary for the purpose of improving public health or promoting the sound growth of children, and it is difficult to obtain the user’s consent;
   5. there is a requirement to cooperate with a government authority or local government or its agent in performing a statutory function, and obtaining the user’s consent could have a detrimental effect on performance of said function;
   6. the third party is an academic research institution or the like and the third party needs to handle the personal information for academic research purposes (including the case where part of the purpose of handling the personal information is academic research, but excluding the case where there is a risk of unjust infringement of individuals’ rights and interests) or
   7. such provision of personal information is permissible under the Personal Information Protection Act or any other law or regulation.
2. Depending on the content of a Service or Services used by a user, the Secretariat may provide such user’s personal information to the third parties mentioned below, based on the user’s acceptance of this Privacy Policy. Under certain circumstances the user may withdraw their consent to such provision of their personal information to third parties by using the management function on the platform made available by the Secretariat:
   1. persons or entities that host pavilions or events at the Expo (including companies, organizations, overseas pavilion operators, local governments, etc.), regulatory authorities related to the Expo, companies sponsoring the Expo, and other parties involved in the Expo.
3. The Secretariat may receive users’ personal information from any person or entity mentioned in the preceding Subsection (2) based on such users’ consent to this Privacy Policy.

3. Provision of personal information to third parties located in foreign countries

The Secretariat will not provide any user’s personal information to a third party located in a foreign country without such user’s prior consent, unless:

1. such provision falls under any of Clauses (iii) through (vi) of Subsection 2.(1) above;
2. the personal information is provided to a third party located in a country defined under the Personal Information Protection Commission’s order as a foreign country that has a personal information protection system deemed to be of a level equivalent to that of Japan for protecting individuals’ rights and interests;
3. a system has been established with the person or entity to whom the personal information is provided that conforms to the standards prescribed in the Personal Information Protection Commission’s order as necessary to continuously take measures in an appropriate and reasonable manner for such person’s or entity’s handling of said personal information in line with the aim of Chapter 4, Section 2 of the Personal Information Protection Act; or
4. the person or entity to whom the personal information is provided is accredited under an international framework for the handling of personal information.
   For details of measures necessary to ensure the continuous implementation of the corresponding steps by the third party, which are taken by the Secretariat in the case of Section 3 above, please contact the Secretariat using the contact information set forth in the Section titled “Contact Information”.

4. Secure management of personal information

In order to manage personal information accurately and securely, and to prevent loss, falsification, or leakage of personal information, the Secretariat will take necessary and appropriate measures and will exercise necessary and appropriate supervision over the Secretariat’s employees and other persons concerned.
For details of safeguards taken by the Secretariat, please contact the Secretariat using the contact information set forth in the Section titled “Contact Information”.

5. Supervision of personal information processing contractors

If the Secretariat outsources the whole or any part of the handling of personal information to an external contractor, the Secretariat will require the contractor to manage personal information securely and will exercise necessary and appropriate supervision over the contractor, in order to ensure the contractor’s appropriate management of personal information.

6. Disclosure, correction, addition, deletion or other processing of personal information

With respect to any user’s personal information held by the Secretariat, the Secretariat understands that such user has the right to request the disclosure, correction, addition, deletion, suspension of use, removal, suspension of provision to third parties, or disclosure of records of provision to a third party (hereinafter referred to collectively as “Disclosure”). Upon such request, the Secretariat will promptly respond to the request in accordance with the Personal Information Protection Act.
If you wish to request Disclosure from the Secretariat, please contact the Secretariat using the contact information set forth in the Section titled “Contact Information”.

7. Thorough protection of personal information

The Secretariat will comply with the Personal Information Protection Act and other laws, regulations, and guidelines related to handling personal information, thoroughly inform all officers, employees and staff of the Secretariat, as well as its contractors and other relevant parties, about the importance of protecting personal information, and aim to provide training and raise awareness regarding the protection of personal information.

This guideline may be amended, in part or in its entirety, by the Secretariat. In the event of such amendment, notification detailing the amendment will be posted on the Secretariat’s website.

Established: April 13, 2024
Amended: June 22, 2025

This Privacy Policy is written in Japanese and has been translated into English. The Japanese version of this Privacy Policy is authentic, and the English version hereof is for reference purposes only.
In the event of any conflict or inconsistency between the two language versions, the Japanese version shall prevail.

If you have any question regarding this Privacy Policy, please contact:

the Japan Pavilion Secretariat, Expo 2025