The hotel shall comply with the laws and regulations regarding the handling of personal information to protect and manage personal information.

The hotel shall use the personal information for the following purposes.
1. For accommodation arrangements and contact with customers
2. To send various information such as our hotel services to our customers
3. To use for marketing analysis etc,. to improve the service of our hotel

Personal information held by the hotel will not be provided to third parties without the consent of the customer. However, in the following cases, personal information may be provided without the consent of the customer.
1. When outsourcing to a contractor to the extent necessary to achieve the purpose of use, however, it is limited to the contractor who has contracted the confidentiality of personal information.
2. When there are special circumstances due to various laws and regulations.

When the customer requests the disclosure or correction of usage of your personal information, the hotel shall comply to the request, following the necessary procedures only upon verification of its identity. This excludes cases that are legally exempt.

The hotel may revise the personal information protection policy from the viewpoint of improving the protection of personal information or due to changes in laws and regulations.

We recognize that it is our important social responsibility to protect the personal information of all users and use it appropriately, and we will endeavor to operate and manage it safely.

We will manage the personal information that we will receive appropriately and carefully, and take protective measures to prevent the risk of leakage, loss, misuse, falsification, and unauthorized access.

The personal information we keep will be your name, date of birth, gender, address, telephone number, email address, etc., to carry out general accommodation and reservation and when sending replies and guidance to customers. We will use this information when we judge that it is necessary to contact the customer.

All personal information entrusted to us will not be disclosed or provided to a third party without the consent of the customer, except as permitted by law.
To improve the quality of service of the hotel and to improve the convenience of our customers, we may outsource part of the personal information we receive to an outside contractor, but in this case, we will contact you in order to use your personal information we will instruct and supervise this matter very carefully.

Our means and purpose of processing our guests’ personal data, the categories of our guests’ personal data which we process, and the provision of our guests’ personal data to third parties are as provided for in Articles 2 and 3 of the Policy.

In principle, our usage of personal data is legally based on our guest’s consent.
Our usage of personal data without our guest’s consent is legally based on (a) the need for performing agreements with our guests such as for staying, dining, banqueting, holding weddings at the hotels and restaurants which we operate, (b) the need for processing our guest’s requests made prior to entering into any agreement, (c) the need to pursuit legitimate interest which is required by us or any third party, or (d) the need to comply with any legal obligation which we need to comply with.
The legitimate interest which pursuit is required by us or any third party includes increasing operating profits such as by marketing and improvement of services, and improving the convenience and security of our website.

We may, for the purposes of meeting the needs mentioned in 2 above, share personal data with the following third parties:

• ・Hekiundo Hotel & Resorts Co.,Ltd and all Hotel and Restaurant properties under its ownership and/ or management.
• ・Professional specialists such as lawyers, tax accountants, certified public accountants;
• ・Financial institutions;
• ・Present, past or future employees;
• ・Service providers; and
• ・Suppliers
• In case sharing is necessary, we will comply with applicable privacy laws and regulations

We will, for the purpose of performing the agreements with our guests or for the purpose of processing requests made by our guests prior to entering into any agreement, transfer to Japan personal data which has been acquired outside Japan. While Japan has, with respect to the protection of personal data, secured adequacy decision from the European Commission pursuant to Article 45 of the GDPR （https://ec.europa.eu/info/law/law-topic/data-protection_en）, we will process our guest’s personal data by using adequate security and confidentiality measures. Please note that, we will process in accordance with the GDPR any personal data which has been provided to us from inside the EEA based on the adequacy decision, even if it will be deleted within 6 months after its acquisition regardless of the provisions of Japanese laws.

We will retain personal data so long as there is a need. The actual retention period will be determined by taking into account the purpose of acquiring/using the personal data, the nature of the personal data, and the legal and business need to retain the personal data. We will, within a reasonable period, delete or anonymize in a safer manner any personal data which retention period has elapsed.

Our guests have against us the following rights based on laws and regulations. Our guests may exercise these rights by contacting the contact regarding personal information. We will, in case we have been exercised these rights and unless there is any ground for exception, after verifying the identity of the guest, react in good faith.

1. ①The right to receive information concerning data processing The right to receive from us all necessary information concerning our data processing activities concerning our guests (Articles 13 and 14 of the GDPR)
2. ②The right to have access to personal data The right to obtain confirmation as to whether our guests’ personal data are processed, and, where that is the case, to access the personal data and any ancillary information (Article 15 of the GDPR)
3. ③The right to rectify personal data The right to obtain rectification of any inaccurate personal data of our guests, and to have incomplete personal data completed (Article 16 of the GDPR)
4. ④The right to erasure of personal data The right to obtain erasure of personal data of our guests in certain cases (Article 17 of the GDPR)
5. ⑤The right to restriction of processing of personal data The right to obtain restriction of processing of personal data of our guests in certain circumstances (Article 18 of the GDPR)
6. ⑥The right to object to processing of personal data The right to object to processing of personal data based on our or third party’s legitimate interests (Article 21 of the GDPR)
7. ⑦The right to data portability of personal data With respect to any personal data provided by our guests to us, the right of our guests to receive in a structured, commonly used and machine-readable format and to transmit those to another business entity (controller) without hindrance (Article 20 of the GDPR)

Our guest may withdraw his/her consent at any time.
The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Our guest may withdraw his/her consent by contacting the contact regarding personal information which is set forth in Article 9 of the Policy.

Our guests, with respect to our processing of personal data, may, in accordance with laws and regulations, file an appeal to the data protection supervisory authority of the member state located at the guest’s place of residence or work or place where the GDPR violation took place.

We, in order to provide lodging services to our guests, need the following information. In particular, we are, under Japanese laws and regulations, obliged to record and keep the record for three (3) years entries in the rooming list. If the information is not provided, we may not be able to provide the guest with lodging services.

(a) Basic information (i.e. name, telephone number, etc.)
(b) Entries in the rooming list (i.e. name, address, occupation, nationality, passport number, sex, age, etc.)

We will not base our decisions solely on automated processing (such as profiling) of personal data. Our guests will, if certain conditions are met, have the right not to be subject to any decision based solely on automated processing, including profiling, which produces legal effects concerning the guest or similarly significantly affects the guest (Article 22 of the GPPR).

We may change these additional rules from time to time. When we will make any substantial or significant change, we will inform our guests through this website and, if necessary, by notifying our guests by email.