GDPR PRIVACY POLICY

When processing Personal Information, Japan Contemporary Art Platform (“JCAP”) will comply with the applicable restrictions relating to data protection in the EU and EU member states, in particular General Data Protection Regulations (“GDPR”).
This GDPR Privacy Policy complements JCAP Privacy Policy and sets forth policy in relation to the GDPR in particular.
This GDPR Privacy Policy applies to cases in which personal data is provided to JCAP via the Website by persons located in EU member states or Iceland, Norway, or Lichtenstein, which form part of the European Economic Area (EEA); users of the Website in such cases are specifically referred to as “Data Subject(s)”.

1.Definition of Personal Data

In this GDPR Privacy Policy, “Personal Data” is defined as follows:
Any information relating to an identified or identifiable natural person (“Data Subject(s)”) ; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.Name and Address of Controller

Name: Japan Contemporary Art Platform
Address: 5-4-30 Minamiaoyama Minato-ku, Tokyo
Email: hidemi.nishida@artweektokyo.com

3.Name and Address of Data Protection Officer (DPO)

Name: Hidemi Nishida
Address: 5-4-30 Minamiaoyama Minato-ku, Tokyo
Email: hidemi.nishida@artweektokyo.com

4.Purpose, Legal Basis, and Period of Processing of the Personal Data

  1. Purpose of Use
    As set forth in Article 3 of this Privacy Policy, ‘Purpose of Use’.
  2. Legal Basis for Use
    The legal basis for the use of the Personal Data is as follows:
    (i) The Data Subject has given consent to the processing of his or her Personal Data for one or more specific purposes; *In cases where use is pursuant to the consent of the Data Subject in (i) above, the Data Subject has the right to withdraw his or her consent.
    (ii) Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract.;
    (iii) Processing is necessary for compliance with a legal obligation to which the Controller is subject;
    (iv) Processing is necessary in order to protect the vital interests of the Data Subject or of another natural person;
    (v) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
  3. Term of Use
    JCAP will promptly destroy the Personal Data of the Data Subject after the passage of a period of time reasonable for the purpose in question. The Personal Data of the Data Subjects collected for the purpose of participation in events being conducted, collaborated with, or co-sponsored, etc. by JCAP will be stored until the event or the like has ended. In the case of ongoing events, and the like, the Personal Data will be stored until the last session has ended. After said events and the like have ended, the Personal Data collected will be disposed of or anonymized within a reasonable period of time so that the Data Subject cannot be identified, unless the Data Subject has provided its individual consent to JCAP to the use of its Personal Data.
  4. Parties with which the Personal Data is Shared
    JCAP may only share online identifier out of the Personal Data of Data Subjects with third parties for the purpose of outsourcing access analysis of the Website. JCAP protects the Data Subject’s rights relating to the Personal Data by imposing data security and confidentiality obligations on the third parties by concluding a data processing agreement with the third parties that conforms to the GDPR Article 28.
  5. Sensitive Personal Data
    The Service will not collect sensitive categories of the Personal Data as defined in Articles 9 and 10 of the GDPR from users of the Service.

5.Rights of Data Subject

The Data Subject enjoy the following rights under applicable privacy laws and regulations, including the GDPR. In order to assert these rights, the Data Subject is able to contact the Data Protection Officer designated by JCAP.

  1. Right of Access (Article 15 of the GDPR)
    The Data Subject shall have the right to access to the Personal Data concerning him or her that is being processed by the Controller.
  2. Right to Rectification (Article 16 of the GDPR)
    The Data Subject shall have the right to obtain from the Controller the rectification of the inaccurate Personal Data concerning him or her.
  3. Right to Erasure (“Right to be Forgotten”) (Article 17 of the GDPR)
    The Data Subject shall have the right to obtain from the Controller the erasure of the Personal Data concerning him or her without undue delay under certain circumstances.
  4. Right to Restriction of Processing (Article 18 of the GDPR)
    The Data Subject shall have the right to obtain from the Controller restriction of processing the Personal Data concerning him or her under certain circumstances.
  5. Right to Data Portability (Article 20 of the GDPR)
    The Data Subject shall have the right to receive the Personal Data concerning him or her in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller to which the Personal Data have been provided.
  6. Right to Object (Article 21 of the GDPR)
    The Data Subject shall have the right to object to processing of the Personal Data relating to him or her under certain circumstances.
  7. Right to Lodge a Complaint with a Supervisory Authority (Article 77 of the GDPR)
    The Data Subject shall have the right to lodge a complaint with a supervisory authority established by the EU member states regarding the processing of the Personal Data of JCAP.

6.Profiling and other Automated Decision-Making

JCAP will never subject the Personal Data of Data Subjects to profiling or other automatic processing of the nature described in Article 22 of the GDPR.