1. Basic Policy

 We, Tobu Hotel Management Co., Ltd., recognize the importance of our customers’ personal information. We believe that protecting our customers’ personal information is our social responsibility. In order to gain our customers’ continuous trust, we will comply with laws and ordinances relating to the protection of personal information and implement and maintain the efforts described below .

With respect to our customers to whom the General Data Protection Regulation will apply including those who reside in the European Economic Area, please also refer to Exhibit A “Additional Rules concerning the Processing of Personal Data of EEA Residents (individuals to which GDPR applies)”.

2. Collecting Our Customers’ Personal Information
2-1. Collecting Personal Information
We may collect our customers’ personal information such as their name, address and contact information when they use our services. When we collect personal information, we will disclose to our customers for what and to what extent we will use the information, and will collect only to the extent necessary for our business and will use legal and fair means to collect.

2-2. How We Will Collect
We may collect our customers’ personal information through the following channels:
(1) Directly from customers
By telephone, orally, in writing (including electromagnetic records), through business cards or over the Internet, etc.
(2) Through parties duly authorized by customers
Through application forms, introducers, travel agencies or affiliated third parties, etc.
(3) From publicly available sources
From newspapers, the Internet, phone books, periodicals and other publications, etc.

3. Using Our Customers’ Personal Information
3-1. Purposes of Using Personal Information
We may use any personal information which we collect for any of the following purposes:
(1) To reserve and provide our services such as accommodation, banquets, wedding ceremonies and restaurants;
(2) To introduce our facilities and product services;
(3) To analyze answers to our questionnaires for improving our services, market research, customer trend analysis and business analysis (Analysis will be performed statistically and no information will be used to identify individuals.);
(4) To provide information and services concerning our membership system;
(5) To ship ordered products;
(6) To conduct drawing for and to ship presents;
(7) To receive or make payments and other related matters; or
(8) To make contact in case of emergency.
3-2. Joint Use of Personal Information
We may jointly use personal information to provide our customers with value-added services as follows:
(1) Personal information which we will jointly use
Name, date of birth, address, telephone or fax number, e-mail address, age, gender, anniversaries, work related information, requests and usage history.
(2) Parties which we will jointly use
Tobu Hotel Management Co., Ltd. and all Hotel and Restaurant properties under its ownership and/ or management.

4. Provision of Personal Information to Third Parties
No personal information of our customers will be disclosed or provided to third parties without the relevant customer’s consent unless exceptionally permitted by laws and ordinances.

5. Outsourcing Handling of Personal Information
In case we, along with outsourcing our business, outsource any handling of personal information, we will, to the extent necessary and in an appropriate manner, supervise our subcontractors through subcontracting agreements to ensure appropriate safety measures are taken.

6. Handling of Collected Personal Information
We will take appropriate measures to maintain our customer’s personal information in an accurate and up-to-date state.

7. Safety Management of Personal Information
7-1. Compliance with Laws and Ordinances and Rules
We will comply with the Act on the Protection of Personal Information and rules including guidelines to protect personal information in a proper manner.
7-2. Safety Management Measures
We will strictly manage our customers’ personal information and will take preventative measures and safety measures against unauthorized access, loss, destruction, tampering and leakage of personal information.
7-3. Internal Structure
We will, with respect to the handling of personal information which we will use in conducting our business, enact internal regulations and establish a management structure to protect personal information in accordance with our business situation. In addition, we will make efforts to protect personal information by giving education and training on the protection of personal information to our employees and by ensuring the contents of such education and training is thoroughly known by all our employees.

8. Disclosure, Correction and Suspension of Usage of Personal Information Which We Possess if, with respect to any personal information which we possess, the relevant customer requests the purpose of its usage to be notified, its disclosure, its correction, any addition, its deletion, suspension of its usage, its erasure or cessation of provision to a third party (hereinafter “Disclosure Etc.”), unless laws and ordinances provide that Disclosure Etc. is unnecessary, we will take appropriate actions to the extent such action is legal and reasonable.
8-1. When We Will Refrain from Disclosure Etc.
No Disclosure Etc. will be carried out in any of the following cases and no handling fees will be returned.
(1) If Disclosure Etc. may harm the life, body, property or rights and interests of the person pertaining to the personal information or any third party;
(2) If Disclosure Etc. may bring significant obstacles to the appropriate execution of our business;
(3) If making a Disclosure Etc. may violate any laws and ordinances;
(4) If the personal information pertaining to the request is non-existent.
(5) If the identity of the person making the request cannot be confirmed (such as if there is any mismatch among the address written on the request form, the address written on the documents to confirm the identity of the person making the request and the address registered with us);
(6) If the authority of any agent making a request cannot be confirmed; or
(7) If the person making the request failed to pay the prescribed handling fee.
We would like to ask for our customer’s understanding and cooperation if we are unable to provide any of our services as a result of any suspension of usage or erasure of personal information. (We may not be able to meet requests for suspension of usage or erasure of personal information if possession of the personal information is required by relevant laws and ordinances.)

9. Procedure for Requesting Disclosure Etc. of Personal Information in Our Possession
9-1. How to Request Disclosure Etc.
Any person making the request shall fill in the relevant prescribed request form for Disclosure Etc., enclose any necessary document and handling fee, and send to the address described below in a way that delivery will be recorded (e.g., registered mail, simplified registered mail or delivery recorded mail). Please understand that we may need some time to respond.
<Point of Contact for Personal Information Related Inquiries & Requests>
Personal Information Personnel
General Affairs & Personnel Department
Tobu Hotel Management Co., Ltd.
<Prescribed Request Forms for Disclosure Etc.>
Request Form for Disclosure of Personal Information in Possession
Request Form for Correction of Personal Information in Possession
Request Form for Suspension of Usage of Personal Information in Possession
Request Form for Notification of Purpose of Usage of Personal Information in Possession
10. Changing Handling of Personal Information
We may change how we handle personal information under this policy without prior notice due to any revision or abolition of laws and ordinances, changes in the social norm or for other reasons. In case we change, we will inform our customers through this site. We encourage our customers to check this site from time to time for the latest information. We accept no responsibility for any problems caused by our customers’ failure to check this site.
Revised on October 24, 2017
Revised on July 1, 2019
Revised on August 1, 2020
Tobu Hotel Management Co., Ltd.

Appendix 1
Additional Rules concerning the Processing of Personal Data of EEA Residents (individuals to which GDPR applies)
We process in accordance with the EU and EU Member States’ regulations on data protection, in particular the General Data Protection Regulation 2016/679 (“GDPR”) personal data (Article 4 of GDPR) of customers to whom those regulations apply.
These additional rules provide for how we, as a data controller, process our guests’ personal data. If there is any discrepancy between the provisions of those of our Privacy Policy (“Policy”) and these additional rules, the provisions of these rules shall take precedence.
1.Processing of Personal Data
Our means and purpose of processing our guests’ personal data, the categories of our guests’ personal data which we process, and the provision of our guests’ personal data to third parties are as provided for in Articles 2 and 3 of the Policy.
2.The Legal Grounds of Using Personal Data
In principle, our usage of personal data is legally based on our guest’s consent.
Our usage of personal data without our guest’s consent is legally based on (a) the need for performing agreements with our guests such as for staying, dining, banqueting, holding weddings at the hotels and restaurants which we operate, (b) the need for processing our guest’s requests made prior to entering into any agreement, (c) the need to pursuit legitimate interest which is required by us or any third party, or (d) the need to comply with any legal obligation which we need to comply with.
The legitimate interest which pursuit is required by us or any third party includes increasing operating profits such as by marketing and improvement of services, and improving the convenience and security of our website.
3.Provision/Sharing of Personal Data
We may, for the purposes of meeting the needs mentioned in 2 above, share personal 

data with the following third parties:
 Tobu Hotel Management Co., Ltd. and all Hotel and Restaurant properties under its ownership and/ or management.
 Professional specialists such as lawyers, tax accountants, certified public accountants;
 Financial institutions;
 Present, past or future employees;
 Service providers; and
 Suppliers
In case sharing is necessary, we will comply with applicable privacy laws and regulations

4.Transfer of Personal Data to Japan
We will, for the purpose of performing the agreements with our guests or for the purpose of processing requests made by our guests prior to entering into any agreement, transfer to Japan personal data which has been acquired outside Japan. While Japan has, with respect to the protection of personal data, secured adequacy decision from the European Commission pursuant to Article 45 of the GDPR (https://ec.europa.eu/info/law/law-topic/data-protection_en), we will process our guest’s personal data by using adequate security and confidentiality measures. Please note that, we will process in accordance with the GDPR any personal data which has been provided to us from inside the EEA based on the adequacy decision, even if it will be deleted within 6 months after its acquisition regardless of the provisions of Japanese laws.
5.Retention Period of Personal Data
We will retain personal data so long as there is a need. The actual retention period will be determined by taking into account the purpose of acquiring/using the personal data, the nature of the personal data, and the legal and business need to retain the personal data. We will, within a reasonable period, delete or anonymize in a safer manner any personal data which retention period has elapsed.

6.Our Guests’ Rights
Our guests have against us the following rights based on laws and regulations. Our guests may exercise these rights by contacting the contact regarding personal information which is set forth in Article 9 of the Policy. We will, in case we have been exercised these rights and unless there is any ground for exception, after verifying the identity of the guest, react in good faith.
① The right to receive information concerning data processing
The right to receive from us all necessary information concerning our data processing activities concerning our guests (Articles 13 and 14 of the GDPR)
② The right to have access to personal data
The right to obtain confirmation as to whether our guests’ personal data are processed, and, where that is the case, to access the personal data and any ancillary information (Article 15 of the GDPR)
③ The right to rectify personal data
The right to obtain rectification of any inaccurate personal data of our guests, and to have incomplete personal data completed (Article 16 of the GDPR)
④ The right to erasure of personal data
The right to obtain erasure of personal data of our guests in certain cases (Article 17 of the GDPR)
⑤ The right to restriction of processing of personal data
The right to obtain restriction of processing of personal data of our guests in certain circumstances (Article 18 of the GDPR)
⑥ The right to object to processing of personal data
The right to object to processing of personal data based on our or third party’s legitimate interests (Article 21 of the GDPR)
⑦ The right to data portability of personal data
With respect to any personal data provided by our guests to us, the right of our guests to receive in a structured, commonly used and machine-readable format and to transmit those to another business entity (controller) without hindrance (Article 20 of the GDPR)

7.Withdrawal of Consent
Our guest may withdraw his/her consent at any time.

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Our guest may withdraw his/her consent by contacting the contact regarding personal information which is set forth in Article 9 of the Policy.

我們如何和第三方分享您的個資?

  • Booking.com:本公司與 Booking.com B.V. 合作(位在 Herengracht 597, 1017 CE Amsterdam, The Netherlands)(www.booking.com)(下稱「Booking.com」)提供您線上訂房服務。若由本站提供內容資料給此網站,且您直接向本站訂房,該訂單將由 Booking.com 處理,您在網站上所填入的資訊也將與 Booking.com 及其合作夥伴分享。上述資料可能包含:您的姓名、您的連絡資料、您的付款資料、同行旅客姓名及訂房時所提供的偏好設定。 如欲了解 Booking.com 企業家族資訊,歡迎前往關於 Booking.com 頁面。
  • Booking.com 將會發送訂房確認函和入住通知給您,提供住宿及當地資訊給您。Booking.com 透過各地辦公室提供超過 20 種語言的客戶服務,24 小時全年無休。當您和 Booking.com 客服聯繫時,我們需將您的資料提供給我們的全球客服人員,以便協助您處理相關事宜。若有技術、分析或行銷之需求,我們將依照 Booking.com 隱私權政策中載明的條款使用您的個資。同時,為了提供您可能會感興趣的旅行相關優惠以及個人化服務,我們可能會將您的資料與 Booking Holdings Inc. 企業家族分享。如果您的資料將被傳輸至歐洲經濟區以外地區,Booking.com 會進行相應合約安排,以確保您的個資受到和歐洲境內相同的規格保護。若您對 Booking.com 對個資的使用方式有任何疑問,歡迎來信至 dataprotectionoffice@booking.com。
  • BookingSuite:本站可能會和 BookingSuite B.V. 分享您的個資。BookingSuite B.V. 位於 Herengracht 597, 1017 CE Amsterdam, the Netherlands,為 suite.booking.com 的營運者。