We, Tobu Hotel Management Co., Ltd., recognize the importance of our customers’ personal information. We believe that protecting our customers’ personal information is our social responsibility. In order to gain our customers’ continuous trust, we will comply with laws and ordinances relating to the protection of personal information and implement and maintain the efforts described below .
With respect to our customers to whom the General Data Protection Regulation will apply including those who reside in the European Economic Area, please also refer to Exhibit A “Additional Rules concerning the Processing of Personal Data of EEA Residents (individuals to which GDPR applies)”.
We may collect our customers’ personal information such as their name, address and contact information when they use our services. When we collect personal information, we will disclose to our customers for what and to what extent we will use the information, and will collect only to the extent necessary for our business and will use legal and fair means to collect.
We may collect our customers’ personal information through the following channels:
(1) Directly from customers
By telephone, orally, in writing (including electromagnetic records), through business cards or over the Internet, etc.
(2) Through parties duly authorized by customers
Through application forms, introducers, travel agencies or affiliated third parties, etc.
(3) From publicly available sources
From newspapers, the Internet, phonebooks, periodicals and other publications, etc.
We may use any personal information which we collect for any of the following purposes:
(1) To reserve and provide our services such as accommodation, banquets, wedding ceremonies and restaurants;
(2) To introduce our facilities and product services;
(3) To analyze answers to our questionnaires for improving our services, market research, customer trend analysis and business analysis (Analysis will be performed statistically and no information will be used to identify individuals.);
(4) To provide information and services concerning our membership system;
(5) To ship ordered products;
(6) To conduct drawing for and to ship presents;
(7) To receive or make payments and other related matters; or
(8) To make contact in case of emergency.
We may jointly use personal information to provide our customers with value-added services as follows:
(1) Personal information which we will jointly use
Name, date of birth, address, telephone or fax number, e-mail address, age, gender, anniversaries, work related information, requests and usage history.
(2) Parties which we will jointly use
Tobu Hotel Management Co., Ltd. and all Hotel and Restaurant properties under its ownership and/ or management.
No personal information of our customers will be disclosed or provided to third parties without the relevant customer’s consent unless exceptionally permitted by laws and ordinances.
In case we, along with outsourcing our business, outsource any handling of personal information, we will, to the extent necessary and in an appropriate manner, supervise our subcontractors through subcontracting agreements to ensure appropriate safety measures are taken.
We will take appropriate measures to maintain our customer’s personal information in an accurate and up-to-date state.
We will comply with the Act on the Protection of Personal Information and rules including guidelines to protect personal information in a proper manner.
We will strictly manage our customers’ personal information and will take preventative measures and safety measures against unauthorized access, loss, destruction, tampering and leakage of personal information
We will, with respect to the handling of personal information which we will use in conducting our business, enact internal regulations and establish a management structure to protect personal information in accordance with our business situation. In addition, we will make efforts to protect personal information by giving education and training on the protection of personal information to our employees and by ensuring the contents of such education and training is thoroughly known by all our employees.
If, with respect to any personal information which we possess, the relevant customer requests the purpose of its usage to be notified, its disclosure, its correction, any addition, its deletion, suspension of its usage, its erasure or cessation of provision to a third party (hereinafter “Disclosure Etc.”), unless laws and ordinances provide that Disclosure Etc. is unnecessary, we will take appropriate actions to the extent such action is legal and reasonable.
No Disclosure Etc. will be carried out in any of the following cases and no handling fees will be returned.
(1) If Disclosure Etc. may harm the life, body, property or rights and interests of the person pertaining to the personal information or any third party;
(2) If Disclosure Etc. may bring significant obstacles to the appropriate execution of our business;
(3) If making a Disclosure Etc. may violate any laws and ordinances;
(4) If the personal information pertaining to the request is non-existent.
(5) If the identity of the person making the request cannot be confirmed (such as if there is any mismatch among the address written on the request form, the address written on the documents to confirm the identity of the person making the request and the address registered with us);
(6) If the authority of any agent making a request cannot be confirmed; or
(7) If the person making the request failed to pay the prescribed handling fee.
We would like to ask for our customer’s understanding and cooperation if we are unable to provide any of our services as a result of any suspension of usage or erasure of personal information. (We may not be able to meet requests for suspension of usage or erasure of personal information if possession of the personal information is required by relevant laws and ordinances.)
Any person making the request shall fill in the relevant prescribed request form for Disclosure Etc., enclose any necessary document and handling fee, and send to the address described below in a way that delivery will be recorded (e.g., registered mail, simplified registered mail or delivery recorded mail). Please understand that we may need some time to respond.
＜Point of Contact for Personal Information Related Inquiries & Requests＞
Personal Information Personnel
General Affairs & Personnel Department
Tobu Hotel Management Co., Ltd.
＜Prescribed Request Forms for Disclosure Etc.＞
We may change how we handle personal information under this policy without prior notice due to any revision or abolition of laws and ordinances, changes in the social norm or for other reasons. In case we change, we will inform our customers through this site. We encourage our customers to check this site from time to time for the latest information. We accept no responsibility for any problems caused by our customers’ failure to check this site.
Revised on October 24, 2017
Revised on July 1, 2019
Revised on August 1, 2020
Tobu Hotel Management Co., Ltd.
We process in accordance with the EU and EU Member States’ regulations on data protection, in particular the General Data Protection Regulation 2016/679 (“GDPR”) personal data (Article 4 of GDPR) of customers to whom those regulations apply.
Our means and purpose of processing our guests’ personal data, the categories of our guests’ personal data which we process, and the provision of our guests’ personal data to third parties are as provided for in Articles 2 and 3 of the Policy.
In principle, our usage of personal data is legally based on our guest’s consent.
Our usage of personal data without our guest’s consent is legally based on (a) the need for performing agreements with our guests such as for staying, dining, banqueting, holding weddings at the hotels and restaurants which we operate, (b) the need for processing our guest’s requests made prior to entering into any agreement, (c) the need to pursuit legitimate interest which is required by us or any third party, or (d) the need to comply with any legal obligation which we need to comply with.
The legitimate interest which pursuit is required by us or any third party includes increasing operating profits such as by marketing and improvement of services, and improving the convenience and security of our website.
We may, for the purposes of meeting the needs mentioned in 2 above, share personal data with the following third parties:
In case sharing is necessary, we will comply with applicable privacy laws and regulations
We will, for the purpose of performing the agreements with our guests or for the purpose of processing requests made by our guests prior to entering into any agreement, transfer to Japan personal data which has been acquired outside Japan. While Japan has, with respect to the protection of personal data, secured adequacy decision from the European Commission pursuant to Article 45 of the GDPR (https://ec.europa.eu/info/law/law-topic/data-protection_en), we will process our guest’s personal data by using adequate security and confidentiality measures. Please note that, we will process in accordance with the GDPR any personal data which has been provided to us from inside the EEA based on the adequacy decision, even if it will be deleted within 6 months after its acquisition regardless of the provisions of Japanese laws.
We will retain personal data so long as there is a need. The actual retention period will be determined by taking into account the purpose of acquiring/using the personal data, the nature of the personal data, and the legal and business need to retain the personal data. We will, within a reasonable period, delete or anonymize in a safer manner any personal data which retention period has elapsed.
Our guests have against us the following rights based on laws and regulations.Our guests may exercise these rights by contacting the contact regarding personal information which is set forth in Article 9 of the Policy. We will, in case we have been exercised these rights and unless there is any ground for exception, after verifying the identity of the guest, react in good faith.
Our guest may withdraw his/her consent at any time.
The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Our guest may withdraw his/her consent by contacting the contact regarding personal information which is set forth in Article 9 of the Policy.
Our guests, with respect to our processing of personal data, may, in accordance with laws and regulations, file an appeal to the data protection supervisory authority of the member state located at the guest’s place of residence or work or place where the GDPR violation took place.
We, in order to provide lodging services to our guests, need the following information. In particular, we are, under Japanese laws and regulations, obliged to record and keep the record for three (3) years entries in the rooming list. If the information is not provided, we may not be able to provide the guest with lodging services.
We will not base our decisions solely on automated processing (such as profiling) of personal data. Our guests will, if certain conditions are met, have the right not to be subject to any decision based solely on automated processing, including profiling, which produces legal effects concerning the guest or similarly significantly affects the guest (Article 22 of the GPPR).
We may change these additional rules from time to time. When we will make any substantial or significant change, we will inform our guests through this website and, if necessary, by notifying our guests by email.