1. Basic Policy
We, Tobu Hotel Management Co., Ltd., recognize the importance of our customers’ personal information. We believe that protecting our customers’ personal information is our social responsibility. In order to gain our customers’ continuous trust, we will comply with laws and ordinances relating to the protection of personal information and implement and maintain the efforts described below .
With respect to our customers to whom the General Data Protection Regulation will apply including those who reside in the European Economic Area, please also refer to Exhibit A “Additional Rules concerning the Processing of Personal Data of EEA Residents (individuals to which GDPR applies)”.
2. Collecting Our Customers’ Personal Information
2-1. Collecting Personal Information
We may collect our customers’ personal information such as their name, address and contact information when they use our services. When we collect personal information, we will disclose to our customers for what and to what extent we will use the information, and will collect only to the extent necessary for our business and will use legal and fair means to collect.
2-2. How We Will Collect
We may collect our customers’ personal information through the following channels:
(1) Directly from customers
By telephone, orally, in writing (including electromagnetic records), through business cards or over the Internet, etc.
(2) Through parties duly authorized by customers
Through application forms, introducers, travel agencies or affiliated third parties, etc.
(3) From publicly available sources
From newspapers, the Internet, phonebooks, periodicals and other publications, etc.
3. Using Our Customers’ Personal Information
3-1. Purposes of Using Personal Information
We may use any personal information which we collect for any of the following purposes:
(1) To reserve and provide our services such as accommodation, banquets, wedding ceremonies and restaurants;
(2) To introduce our facilities and product services;
(3) To analyze answers to our questionnaires for improving our services, market research, customer trend analysis and business analysis (Analysis will be performed statistically and no information will be used to identify individuals.)
(4) To provide information and services concerning our membership system;
(5) To ship ordered products;
(6) To conduct drawing for and to ship presents;
(7) To receive or make payments and other related matters; or
(8) To make contact in case of emergency.
3-2. Joint Use of Personal Information
We may jointly use personal information to provide our customers with value-added services as follows:
(1) Personal information which we will jointly use
Name, date of birth, address, telephone or fax number, e-mail address, age, gender, anniversaries, work related information, requests and usage history.
(2) Parties which we will jointly use
Tobu Hotel Management Co., Ltd. and all Hotel and Restaurant properties under its ownership and/ or management.
4. Provision of Personal Information to Third Parties
No personal information of our customers will be disclosed or provided to third parties without the relevant customer’s consent unless exceptionally permitted by laws and ordinances.
5. Outsourcing Handling of Personal Information
In case we, along with outsourcing our business, outsource any handling of personal information, we will, to the extent necessary and in an appropriate manner, supervise our subcontractors through subcontracting agreements to ensure appropriate safety measures are taken.
6. Handling of Collected Personal Information
We will take appropriate measures to maintain our customer’s personal information in an accurate and up-to-date state.
7. Safety Management of Personal Information
7-1. Compliance with Laws and Ordinances and Rules
We will comply with the Act on the Protection of Personal Information and rules including guidelines to protect personal information in a proper manner.
7-2. Safety Management Measures
We will strictly manage our customers’ personal information and will take preventative measures and safety measures against unauthorized access, loss, destruction, tampering and leakage of personal information.
7-3. Internal Structure
We will, with respect to the handling of personal information which we will use in conducting our business, enact internal regulations and establish a management structure to protect personal information in accordance with our business situation. In addition, we will make efforts to protect personal information by giving education and training on the protection of personal information to our employees and by ensuring the contents of such education and training is thoroughly known by all our employees.
8. Disclosure, Correction and Suspension of Usage of Personal Information Which We Possess if, with respect to any personal information which we possess, the relevant customer requests the purpose of its usage to be notified, its disclosure, its correction, any addition, its deletion, suspension of its usage, its erasure or cessation of provision to a third party (hereinafter “Disclosure Etc.”), unless laws and ordinances provide that Disclosure Etc. is unnecessary, we will take appropriate actions to the extent such action is legal and reasonable.
8-1. When We Will Refrain from Disclosure Etc.
No Disclosure Etc. will be carried out in any of the following cases and no handling fees will be returned.
(1) If Disclosure Etc. may harm the life, body, property or rights and interests of the person pertaining to the personal information or any third party;
(2) If Disclosure Etc. may bring significant obstacles to the appropriate execution of our business;
(3) If making a Disclosure Etc. may violate any laws and ordinances;
(4) If the personal information pertaining to the request is non-existent.
(5) If the identity of the person making the request cannot be confirmed (such as if there is any mismatch among the address written on the request form, the address written on the documents to confirm the identity of the person making the request and the address registered with us);
(6) If the authority of any agent making a request cannot be confirmed; or
(7) If the person making the request failed to pay the prescribed handling fee.
We would like to ask for our customer’s understanding and cooperation if we are unable to provide any of our services as a result of any suspension of usage or erasure of personal information. (We may not be able to meet requests for suspension of usage or erasure of personal information if possession of the personal information is required by relevant laws and ordinances.)
9. Procedure for Requesting Disclosure Etc. of Personal Information in Our Possession
9-1. How to Request Disclosure Etc.
Any person making the request shall fill in the relevant prescribed request form for Disclosure Etc., enclose any necessary document and handling fee, and send to the address described below in a way that delivery will be recorded (e.g., registered mail, simplified registered mail or delivery recorded mail). Please understand that we may need some time to respond.
<Point of Contact for Personal Information Related Inquiries & Requests>
Personal Information Personnel
General Affairs & Personnel Department
Tobu Hotel Management Co., Ltd.
<Prescribed Request Forms for Disclosure Etc.>
Request Form for Disclosure of Personal Information in Possession
Request Form for Correction of Personal Information in Possession
Request Form for Suspension of Usage of Personal Information in Possession
Request Form for Notification of Purpose of Usage of Personal Information in Possession
10. Changing Handling of Personal Information
We may change how we handle personal information under this policy without prior notice due to any revision or abolition of laws and ordinances, changes in the social norm or for other reasons. In case we change, we will inform our customers through this site. We encourage our customers to check this site from time to time for the latest information. We accept no responsibility for any problems caused by our customers’ failure to check this site.
Revised on October 24, 2017
Revised on July 1, 2019
Revised on August 1, 2020
Tobu Hotel Management Co., Ltd.
Additional Rules concerning the Processing of Personal Data of EEA Residents (individuals to which GDPR applies)
We process in accordance with the EU and EU Member States’ regulations on data protection, in particular the General Data Protection Regulation 2016/679 (“GDPR”) personal data (Article 4 of GDPR) of customers to whom those regulations apply.
1.Processing of Personal Data
Our means and purpose of processing our guests’ personal data, the categories of our guests’ personal data which we process, and the provision of our guests’ personal data to third parties are as provided for in Articles 2 and 3 of the Policy.
2.The Legal Grounds of Using Personal Data
In principle, our usage of personal data is legally based on our guest’s consent.
Our usage of personal data without our guest’s consent is legally based on (a) the need for performing agreements with our guests such as for staying, dining, banqueting, holding weddings at the hotels and restaurants which we operate, (b) the need for processing our guest’s requests made prior to entering into any agreement, (c) the need to pursuit legitimate interest which is required by us or any third party, or (d) the need to comply with any legal obligation which we need to comply with.
The legitimate interest which pursuit is required by us or any third party includes increasing operating profits such as by marketing and improvement of services, and improving the convenience and security of our website.
3.Provision/Sharing of Personal Data
We may, for the purposes of meeting the needs mentioned in 2 above, share personal data with the following third parties:
Tobu Hotel Management Co., Ltd. and all Hotel and Restaurant properties under its ownership and/ or management.
Professional specialists such as lawyers, tax accountants, certified public accountants;
Present, past or future employees;
Service providers; and
In case sharing is necessary, we will comply with applicable privacy laws and regulations
4.Transfer of Personal Data to Japan
We will, for the purpose of performing the agreements with our guests or for the purpose of processing requests made by our guests prior to entering into any agreement, transfer to Japan personal data which has been acquired outside Japan. While Japan has, with respect to the protection of personal data, secured adequacy decision from the European Commission pursuant to Article 45 of the GDPR (https://ec.europa.eu/info/law/law-topic/data-protection_en), we will process our guest’s personal data by using adequate security and confidentiality measures. Please note that, we will process in accordance with the GDPR any personal data which has been provided to us from inside the EEA based on the adequacy decision, even if it will be deleted within 6 months after its acquisition regardless of the provisions of Japanese laws.
5.Retention Period of Personal Data
We will retain personal data so long as there is a need. The actual retention period will be determined by taking into account the purpose of acquiring/using the personal data, the nature of the personal data, and the legal and business need to retain the personal data. We will, within a reasonable period, delete or anonymize in a safer manner any personal data which retention period has elapsed.
6.Our Guests’ Rights
Our guests have against us the following rights based on laws and regulations. Our guests may exercise these rights by contacting the contact regarding personal information which is set forth in Article 9 of the Policy. We will, in case we have been exercised these rights and unless there is any ground for exception, after verifying the identity of the guest, react in good faith.
① The right to receive information concerning data processing
The right to receive from us all necessary information concerning our data processing activities concerning our guests (Articles 13 and 14 of the GDPR)
② The right to have access to personal data
The right to obtain confirmation as to whether our guests’ personal data are processed, and, where that is the case, to access the personal data and any ancillary information (Article 15 of the GDPR)
③ The right to rectify personal data
The right to obtain rectification of any inaccurate personal data of our guests, and to have incomplete personal data completed (Article 16 of the GDPR)
④ The right to erasure of personal data
The right to obtain erasure of personal data of our guests in certain cases (Article 17 of the GDPR)
⑤ The right to restriction of processing of personal data
The right to obtain restriction of processing of personal data of our guests in certain circumstances (Article 18 of the GDPR)
⑥ The right to object to processing of personal data
The right to object to processing of personal data based on our or third party’s legitimate interests (Article 21 of the GDPR)
⑦ The right to data portability of personal data
With respect to any personal data provided by our guests to us, the right of our guests to receive in a structured, commonly used and machine-readable format and to transmit those to another business entity (controller) without hindrance (Article 20 of the GDPR)
7.Withdrawal of Consent
Our guest may withdraw his/her consent at any time.
The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Our guest may withdraw his/her consent by contacting the contact regarding personal information which is set forth in Article 9 of the Policy.
How do we share your personal information with third parties?
- Booking.com: We have teamed up with Booking.com B.V., located at Herengracht 597, 1017 CE Amsterdam, The Netherlands (www.booking.com) (hereafter Booking.com) to offer you our online reservation services. While we provide the content to this website and you make a reservation directly with us, the reservations are processed through Booking.com. The information you enter into this website will therefore also be shared with Booking.com and its affiliates. This information may include personal data such as your name, your contact details, your payment details, the names of guests traveling with you and any preferences you specified when making a booking. To find out more about the Booking.com corporate family, visit About Booking.com.
- BookingSuite: Your personal data may be shared with BookingSuite B.V. located at Herengracht 597, 1017 CE Amsterdam, the Netherlands, the company which operates this website and the website suite.booking.com.