1. Basic Policy

 We, Tobu Hotel Management Co., Ltd., recognize the importance of our customers’ personal information. We believe that protecting our customers’ personal information is our social responsibility. In order to gain our customers’ continuous trust, we will comply with laws and ordinances relating to the protection of personal information and implement and maintain the efforts described below .

With respect to our customers to whom the General Data Protection Regulation will apply including those who reside in the European Economic Area, please also refer to Exhibit A “Additional Rules concerning the Processing of Personal Data of EEA Residents (individuals to which GDPR applies)”.

2. Collecting Our Customers’ Personal Information
2-1. Collecting Personal Information
We may collect our customers’ personal information such as their name, address and contact information when they use our services. When we collect personal information, we will disclose to our customers for what and to what extent we will use the information, and will collect only to the extent necessary for our business and will use legal and fair means to collect.

2-2. How We Will Collect
We may collect our customers’ personal information through the following channels:
(1) Directly from customers
By telephone, orally, in writing (including electromagnetic records), through business cards or over the Internet, etc.
(2) Through parties duly authorized by customers
Through application forms, introducers, travel agencies or affiliated third parties, etc.
(3) From publicly available sources
From newspapers, the Internet, phone books, periodicals and other publications, etc.

3. Using Our Customers’ Personal Information
3-1. Purposes of Using Personal Information
We may use any personal information which we collect for any of the following purposes:
(1) To reserve and provide our services such as accommodation, banquets, wedding ceremonies and restaurants;
(2) To introduce our facilities and product services;
(3) To analyze answers to our questionnaires for improving our services, market research, customer trend analysis and business analysis (Analysis will be performed statistically and no information will be used to identify individuals.);
(4) To provide information and services concerning our membership system;
(5) To ship ordered products;
(6) To conduct drawing for and to ship presents;
(7) To receive or make payments and other related matters; or
(8) To make contact in case of emergency.
3-2. Joint Use of Personal Information
We may jointly use personal information to provide our customers with value-added services as follows:
(1) Personal information which we will jointly use
Name, date of birth, address, telephone or fax number, e-mail address, age, gender, anniversaries, work related information, requests and usage history.
(2) Parties which we will jointly use
Tobu Hotel Management Co., Ltd. and all Hotel and Restaurant properties under its ownership and/ or management.

4. Provision of Personal Information to Third Parties
No personal information of our customers will be disclosed or provided to third parties without the relevant customer’s consent unless exceptionally permitted by laws and ordinances.

5. Outsourcing Handling of Personal Information
In case we, along with outsourcing our business, outsource any handling of personal information, we will, to the extent necessary and in an appropriate manner, supervise our subcontractors through subcontracting agreements to ensure appropriate safety measures are taken.

6. Handling of Collected Personal Information
We will take appropriate measures to maintain our customer’s personal information in an accurate and up-to-date state.

7. Safety Management of Personal Information
7-1. Compliance with Laws and Ordinances and Rules
We will comply with the Act on the Protection of Personal Information and rules including guidelines to protect personal information in a proper manner.
7-2. Safety Management Measures
We will strictly manage our customers’ personal information and will take preventative measures and safety measures against unauthorized access, loss, destruction, tampering and leakage of personal information.
7-3. Internal Structure
We will, with respect to the handling of personal information which we will use in conducting our business, enact internal regulations and establish a management structure to protect personal information in accordance with our business situation. In addition, we will make efforts to protect personal information by giving education and training on the protection of personal information to our employees and by ensuring the contents of such education and training is thoroughly known by all our employees.

8. Disclosure, Correction and Suspension of Usage of Personal Information Which We Possess if, with respect to any personal information which we possess, the relevant customer requests the purpose of its usage to be notified, its disclosure, its correction, any addition, its deletion, suspension of its usage, its erasure or cessation of provision to a third party (hereinafter “Disclosure Etc.”), unless laws and ordinances provide that Disclosure Etc. is unnecessary, we will take appropriate actions to the extent such action is legal and reasonable.
8-1. When We Will Refrain from Disclosure Etc.
No Disclosure Etc. will be carried out in any of the following cases and no handling fees will be returned.
(1) If Disclosure Etc. may harm the life, body, property or rights and interests of the person pertaining to the personal information or any third party;
(2) If Disclosure Etc. may bring significant obstacles to the appropriate execution of our business;
(3) If making a Disclosure Etc. may violate any laws and ordinances;
(4) If the personal information pertaining to the request is non-existent.
(5) If the identity of the person making the request cannot be confirmed (such as if there is any mismatch among the address written on the request form, the address written on the documents to confirm the identity of the person making the request and the address registered with us);
(6) If the authority of any agent making a request cannot be confirmed; or
(7) If the person making the request failed to pay the prescribed handling fee.
We would like to ask for our customer’s understanding and cooperation if we are unable to provide any of our services as a result of any suspension of usage or erasure of personal information. (We may not be able to meet requests for suspension of usage or erasure of personal information if possession of the personal information is required by relevant laws and ordinances.)

9. Procedure for Requesting Disclosure Etc. of Personal Information in Our Possession
9-1. How to Request Disclosure Etc.
Any person making the request shall fill in the relevant prescribed request form for Disclosure Etc., enclose any necessary document and handling fee, and send to the address described below in a way that delivery will be recorded (e.g., registered mail, simplified registered mail or delivery recorded mail). Please understand that we may need some time to respond.
<Point of Contact for Personal Information Related Inquiries & Requests>
Personal Information Personnel
General Affairs & Personnel Department
Tobu Hotel Management Co., Ltd.
<Prescribed Request Forms for Disclosure Etc.>
Request Form for Disclosure of Personal Information in Possession
Request Form for Correction of Personal Information in Possession
Request Form for Suspension of Usage of Personal Information in Possession
Request Form for Notification of Purpose of Usage of Personal Information in Possession
10. Changing Handling of Personal Information
We may change how we handle personal information under this policy without prior notice due to any revision or abolition of laws and ordinances, changes in the social norm or for other reasons. In case we change, we will inform our customers through this site. We encourage our customers to check this site from time to time for the latest information. We accept no responsibility for any problems caused by our customers’ failure to check this site.
Revised on October 24, 2017
Revised on July 1, 2019
Revised on August 1, 2020
Tobu Hotel Management Co., Ltd.

Appendix 1
Additional Rules concerning the Processing of Personal Data of EEA Residents (individuals to which GDPR applies)
We process in accordance with the EU and EU Member States’ regulations on data protection, in particular the General Data Protection Regulation 2016/679 (“GDPR”) personal data (Article 4 of GDPR) of customers to whom those regulations apply.
These additional rules provide for how we, as a data controller, process our guests’ personal data. If there is any discrepancy between the provisions of those of our Privacy Policy (“Policy”) and these additional rules, the provisions of these rules shall take precedence.
1.Processing of Personal Data
Our means and purpose of processing our guests’ personal data, the categories of our guests’ personal data which we process, and the provision of our guests’ personal data to third parties are as provided for in Articles 2 and 3 of the Policy.
2.The Legal Grounds of Using Personal Data
In principle, our usage of personal data is legally based on our guest’s consent.
Our usage of personal data without our guest’s consent is legally based on (a) the need for performing agreements with our guests such as for staying, dining, banqueting, holding weddings at the hotels and restaurants which we operate, (b) the need for processing our guest’s requests made prior to entering into any agreement, (c) the need to pursuit legitimate interest which is required by us or any third party, or (d) the need to comply with any legal obligation which we need to comply with.
The legitimate interest which pursuit is required by us or any third party includes increasing operating profits such as by marketing and improvement of services, and improving the convenience and security of our website.
3.Provision/Sharing of Personal Data
We may, for the purposes of meeting the needs mentioned in 2 above, share personal 

data with the following third parties:
 Tobu Hotel Management Co., Ltd. and all Hotel and Restaurant properties under its ownership and/ or management.
 Professional specialists such as lawyers, tax accountants, certified public accountants;
 Financial institutions;
 Present, past or future employees;
 Service providers; and
 Suppliers
In case sharing is necessary, we will comply with applicable privacy laws and regulations

4.Transfer of Personal Data to Japan
We will, for the purpose of performing the agreements with our guests or for the purpose of processing requests made by our guests prior to entering into any agreement, transfer to Japan personal data which has been acquired outside Japan. While Japan has, with respect to the protection of personal data, secured adequacy decision from the European Commission pursuant to Article 45 of the GDPR (https://ec.europa.eu/info/law/law-topic/data-protection_en), we will process our guest’s personal data by using adequate security and confidentiality measures. Please note that, we will process in accordance with the GDPR any personal data which has been provided to us from inside the EEA based on the adequacy decision, even if it will be deleted within 6 months after its acquisition regardless of the provisions of Japanese laws.
5.Retention Period of Personal Data
We will retain personal data so long as there is a need. The actual retention period will be determined by taking into account the purpose of acquiring/using the personal data, the nature of the personal data, and the legal and business need to retain the personal data. We will, within a reasonable period, delete or anonymize in a safer manner any personal data which retention period has elapsed.

6.Our Guests’ Rights
Our guests have against us the following rights based on laws and regulations. Our guests may exercise these rights by contacting the contact regarding personal information which is set forth in Article 9 of the Policy. We will, in case we have been exercised these rights and unless there is any ground for exception, after verifying the identity of the guest, react in good faith.
① The right to receive information concerning data processing
The right to receive from us all necessary information concerning our data processing activities concerning our guests (Articles 13 and 14 of the GDPR)
② The right to have access to personal data
The right to obtain confirmation as to whether our guests’ personal data are processed, and, where that is the case, to access the personal data and any ancillary information (Article 15 of the GDPR)
③ The right to rectify personal data
The right to obtain rectification of any inaccurate personal data of our guests, and to have incomplete personal data completed (Article 16 of the GDPR)
④ The right to erasure of personal data
The right to obtain erasure of personal data of our guests in certain cases (Article 17 of the GDPR)
⑤ The right to restriction of processing of personal data
The right to obtain restriction of processing of personal data of our guests in certain circumstances (Article 18 of the GDPR)
⑥ The right to object to processing of personal data
The right to object to processing of personal data based on our or third party’s legitimate interests (Article 21 of the GDPR)
⑦ The right to data portability of personal data
With respect to any personal data provided by our guests to us, the right of our guests to receive in a structured, commonly used and machine-readable format and to transmit those to another business entity (controller) without hindrance (Article 20 of the GDPR)

7.Withdrawal of Consent
Our guest may withdraw his/her consent at any time.

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Our guest may withdraw his/her consent by contacting the contact regarding personal information which is set forth in Article 9 of the Policy.

Booking.com은 어떤 절차를 통해 제3자와 고객 정보를 공유하나요?

  • Booking.com: 당사는 Booking.com B.V. (www.booking.com | 주소: Herengracht 597, 1017 CE Amsterdam, The Netherlands) (이하 Booking.com) 측과 제휴하여 고객에게 온라인 예약 서비스를 제공하고 있습니다. 웹사이트 콘텐츠를 제작하고 예약 내용을 제공하는 주체는 모두 당사이나, 예약 처리 과정은 Booking.com을 통해 진행됩니다. 따라서 당사 웹사이트에 고객이 입력한 정보는 Booking.com 및 그 그룹사와 공유하게 됩니다. 해당 개인 정보는 고객 성명, 연락처, 결제 정보, 동반 투숙객 성명, 그외 고객이 예약 과정에서 설정한 각종 선호 사항을 포함합니다. Booking.com 그룹사에 대한 보다 자세한 정보는 Booking.com 소개 페이지에서 확인하시기 바랍니다.
  • Booking.com은 고객에게 예약 확정 이메일, 체크인 안내 이메일을 전송하고, 당사에 등록된 숙소와 주변 지역에 대한 정보를 제공합니다. 또한 Booking.com은 전 세계 곳곳에 위치한 고객 서비스 센터를 통해 20개 이상의 언어로 24시간 고객을 지원하고 있습니다. 고객이 Booking.com의 글로벌 고객 서비스 직원에게 정보를 공유할 경우, 필요할 때 적절한 도움을 받을 수 있습니다. 나아가 Booking.com은 Booking.com 개인정보 보호정책에서 명시한 바에 따라 기술, 데이터 분석, 마케팅 목적으로 고객의 개인 정보를 사용할 수 있습니다. 해당 정책은 고객이 관심을 가질 만한 여행 관련 상품에 대한 정보를 제공하고 가장 최적화된 서비스를 제공하기 위한 목적으로 해당 고객의 정보를 Booking Holdings Inc. 그룹사에 제공할 수 있다는 내용을 포함하고 있습니다. 이때 관련 법규에 따라 필요하다고 판단될 경우, Booking.com 측에서 우선 고객의 동의를 요청할 예정입니다. 유럽경제지역(European Economic Area) 밖에 위치한 국가로 고객의 정보가 전달될 경우, Booking.com은 유럽 기준에 상응한 수준으로 해당 정보가 보호받을 수 있도록 계약상으로 요구할 것입니다. Booking.com에서 개인 정보를 처리하는 방법에 대해 문의사항이 있을 경우, 다음 이메일 주소로 전달해주시기 바랍니다: dataprotectionoffice@booking.com.
  • BookingSuite: 귀하의 개인 정보는 본 웹사이트와 suite.booking.com의 운영 주체인 BookingSuite B.V.(주소: Herengracht 597, 1017 CE Amsterdam, the Netherlands) 측과 공유될 수 있습니다.