This privacy policy applies to the processing of the personal information of customers to be conducted according to applicable laws and regulations (as amended) in relation to the online reservation system provided by member hotels of JR Hotel Members ("JR Hotel Members") managed by Nippon Hotel Co., Ltd. ("we", "us," and "our"), services provided in business related to JR Hotel Members, and the website of JR Hotel Members (the "Website").
Under this privacy policy, we will provide information in accordance with laws and regulations concerning the processing of personal information. This privacy policy sets forth the basis based on which we process the personal information of customers provided to us or the personal information of customers we obtain from another source. Please read this privacy policy in order to gain a sufficient understanding of it.
In the event of any inconsistency between the provisions of this privacy policy and the provisions of our Privacy Policy , the provisions of this privacy policy shall prevail to the extent of the inconsistency.
1. Basic policy
We have established this privacy policy and the organizational system on the handling of the personal information of customers who use the online reservation system, services by member hotels of JR Hotel Members, or the Website and strives for the appropriate protection of personal information.
(1) Acquisition of personal information
We acquire the personal information stated in this privacy policy for the purpose of providing the services of JR Hotel Members or conducting necessary business operations of JR Hotel Members or member hotels of JR Hotel Members. We only acquire personal information within the scope of its intended purposes of use and clearly explain such purposes of use, the scope of use, and how to contact our inquiries office.
(2) Prohibition on the use of personal information beyond its intended purposes and provision of personal information to third parties
We use personal information only within the scope of its intended purposes of use, have appointed a Personal Information Protection Manager and established an organizational system for the protection of personal information. We manage personal information appropriately and only provide or disclose personal information to third parties under special circumstances.
(3) Outsourcing processing of personal information
In the event that we outsource the processing of personal information, we will prohibit outsourced persons from leaking or providing personal information to third parties by entering into an agreement with them and supervising such outsourced persons to ensure that it is managed appropriately.
(4) Rights of provider of personal information (Persons Concerned)
Providers of personal information ("Person/s Concerned") have the right to withdraw their consent to our use of their personal information at any time even if they previously consented to the intended purposes of use. In addition, Persons Concerned have the right to request that we take procedures to cease the use of, disclose, or take other action with respect to the retained personal information pursuant to the provisions of applicable laws and regulations.
(5) Procedures for requesting cessation of use, disclosure, or the taking of other action with respect to personal information
In the event that Persons Concerned wish to request that we cease the use of, disclose, or take other action with respect to the retained personal information, they must contact the inquiries office specified by us. We will respond promptly to the extent reasonably possible.
(6) Observance of laws and regulations
We observe laws, regulations, and standards applicable to the retained personal information, provide in-house education concerning the protection of personal information, inform employees of our policy, and aim to improve employee awareness. We also provide information on matters concerning confidentiality in our work rules.
(7) Maintenance and improvement of the protection of personal information
We regularly evaluate and review this privacy policy and the systems for the protection of personal information, and conduct audits to maintain and improve the above efforts and actions for the protection of the retained personal information.
(8) Personal information on link destinations
We shall bear no responsibility for the protection of personal information on websites of other entities or individuals linked to the Website.
(9) Maintenance of personal information
In the event that a portion of the personal information acquired by us is managed in the database of an overseas third-party service provider with whom we have a contractual relationship, we will implement security control measures based on our knowledge of the system for the protection of personal information in the country concerned
2.Acquisition and purposes of use of personal information
We acquire and use the personal information below for the following intended purposes. We do not use personal information beyond the scope of its intended purposes of use without the consent of the Persons Concerned.
(1) Personal information of customers
1. Personal information acquired/method of collection
We may collect information that Persons Concerned provide to us, whether by means of a form on the Website, by email, in a letter, or otherwise, such as membership number, password, name, age, gender, date of birth, occupation, employer information, address, telephone number, email address, nationality, and passport number, within the scope necessary for the following purposes of use.
We may also receive the above personal information from Online Travel Agents (OTA), travel agents, and restaurant booking sites.
2. Purposes of use
<1> Performing work required to provide the services of member hotels of JR Hotel Members (accommodation, restaurants, shops, banquets, wedding receptions, and catering).
<2> Providing online booking, sales and other services or products, as well as handling matters incidental to them.
<3> Handling matters such as inquiries and requests for informational materials.
<4> Providing necessary information on the products, services, events and other related business activities of JR Hotel Members or member hotels of JR Hotel Members.
<5> Providing important information such as revisions to the membership agreement, terms of service, and member benefits of JR Hotel Members.
<6> Providing information on the products, services, and events of JR Hotel Members or member hotels of JR Hotel Members to customers who have consented to delivery by means such as direct mail, email, or LINE.
<7> Conducting prize contests or campaigns.
<8> Grasping and analyzing the state of usage of the products, services, and events of JR Hotel Members or member hotels of JR Hotel Members to improve their quality.
<9> Exercising rights and performing duties based on the provisions of laws, regulations and the terms and conditions of accommodation.
<10> Other purposes of use indicated at the time of the acquisition of personal information.
3. Legal basis
If the personal information of Persons Concerned must be processed based on a legal basis pursuant to data protection laws and regulations that apply to the relationship between Persons Concerned and us, we will process the same based on one or more of the following legal bases:
(a) Agreement. This is where we need to process the personal information of the Persons Concerned to perform the agreement we enter into with the Persons Concerned.
(b) Legitimate interests. This is where the processing of personal information of the Persons Concerned is necessary for legitimate interests pursued by us or a third party and interests and fundamental rights of the Persons Concerned do not override those interests.
(c) Consent. This is where the Persons Concerned have given consent to us to process personal information. The withdrawal of the consent of the Persons Concerned shall not affect the lawfulness of processing performed based on the consent before the withdrawal.
(d) Legal obligation. This is where the processing of personal information of the Persons Concerned is required by the laws and regulations of the resident country of the Persons Concerned.
4. Agreements of JR Hotel Members
3. Processing of personal information
(1) Appropriate management of personal information
We appropriately manage personal information, take appropriate safety measures, including reasonable technological measures, to prevent unauthorized access, damage, falsification, and leakage of personal information, and continuously strive to maintain and enhance the management system of personal information. We strive to keep the retained personal information accurate and up to date within the scope necessary for the purposes of use, limit employees who can access or handle it, and exercise appropriate supervision over them. We store the acquired personal information on the database of JR Hotel Members or third-party service providers with whom we have entered into agreements. We set expiration dates for the storage of personal information within the necessary period for the purposes of use and delete such personal information without delay after the expiration dates, unless otherwise specified by laws or regulations.
(2) Safety measures on the internet
We implement the following safety technological measures for the use of the on-line booking system; however, these do not guarantee a completely secure environment:
1. SSL
We use SSL (Secure Sockets Layer) encryption technology on the Website on which personal information can be entered by Persons Concerned securely. With SSL, data entered is transmitted to a registered computer through a network after encryption. (SSL is a technology that prevents theft or alteration of data by a third party by encryption and authentication in communications between a browser and a WWW server.)
2. Unauthorized access via hacking
We take every precaution to protect information, such as by installing a firewall to prevent unauthorized access from outside.
4. Disclosure/sharing of personal information
We may share personal information of the Persons Concerned with the following categories of recipients:
(1) Affiliates
We may share personal information of the Persons Concerned to the member companies of our group and organizations related to our group.
(Sharing of information)
Under Japanese law, JR Hotel Members and member hotels of JR Hotel Members may share personal information of Persons Concerned within the scope of its intended purposes of use in the framework of joint use under the Personal Data Protection Act as follows.
In cases where the joint user companies have separately established policies for processing the personal information of Persons Concerned, their policies shall apply to their use.
(a) Sharing of personal information on the business of JR Hotel Members and member hotels of JR Hotel Members (accommodation, restaurants, shops, banquets, wedding receptions, and catering)
1. Scope of joint users
Member companies of JR Hotel Members (*1), the JR Hotel Group (*2), and JR-East Hotels (*3).
(*1): Those stated in Article 1 of the JR Hotel Members Terms of Use
(*2): In addition to (*1) above, JR Hokkaido Hotels Co., Ltd.
(*3): Those included in (*1) above
2. Purposes of shared use
Providing services by JR Hotel Members or member hotels of JR Hotel Members (accommodation, restaurants, shops, banquets, wedding receptions, and catering) and offering on-line booking reservations and other related business.
3. Categories of shared information
Member number, password, name, age, gender, date of birth, address, telephone number, email address, employer information, and history for provision and use of points and other information necessary for and within the scope of the above purposes of shared use.
4. Personal Information Protection Manager
Nippon Hotel Co., Ltd.
(b) Sharing of personal information for the provision of services at all tenant shops in hotels at which member hotels of JR Hotel Members operate
1. Scope of joint users
All tenant shops in the hotels that member hotels of JR Hotel Members operate
2. Purposes of joint use
For providing services by member hotels of JR Hotel Members (accommodation, restaurants, shops, banquets, wedding receptions, and catering) and other related businesses.
3. Categories of shared information
Name, age, gender, date of birth, address, telephone number, email address, and other information necessary for and within the scope of the above purposes of shared use.
4. Personal Information Protection Manager
Nippon Hotel Co., Ltd.
(2) Employees
We may disclose personal information of the Persons Concerned to our employees who have the authority and need to access it.
(3) Service providers
We may disclose the personal information of Persons Concerned to third party service providers that provide specific services, such as IT service providers (including data server and cloud service providers) and legal advisors.
Other than the above, please refer to the information below with respect to the provision of personal information to third parties under Japanese law.
(Provision of personal information to third parties under Japanese law)
We do not provide personal information to third parties without obtaining the consent of Persons Concerned in advance, except in the cases set forth in the following categories:
(I) Where JR Hotel Members provide personal information to third parties
I. Where disclosure or provision is required under laws and regulations
II. Where there is a need to protect a human life, body, or property, and when it is difficult to obtain the consent of Persons Concerned
III. Where there is a special need to enhance public health or to promote the raising of healthy children, and when it is difficult to obtain the consent of Persons Concerned
IV. Where there is a need to cooperate with a state or local government, or a person entrusted by them to perform public affairs, and there is a possibility that obtaining the consent of the Persons Concerned would interfere with the performance of the said public affairs
V. Where the disclosure or provision of information to a third party has been requested clearly by Persons Concerned
(II) Disclaimer regarding provision to third party
We shall bear no responsibility whatsoever with regard to the acquisition of personal information by third parties in the following cases:
I. Where personal information is disclosed to an accommodation facility by Persons Concerned of their own volition (if Persons Concerned disclose the personal information of their companions at the time of the reservation, the consent of those companions shall be deemed to have been obtained at the responsibility of the Persons Concerned)
II. Where personal information is disclosed to third parties by Persons Concerned
III. Where personal information is provided to or used on external websites linked to the Website by Persons Concerned
IV. Where third parties obtain information that could identify an individual (password, etc.) for reasons not attributable to JR Hotel Members
(III) Appropriate management and supervision of outsourced persons
In the event that we outsource the processing of personal information to third parties within the scope of the intended purposes of use, we will appropriately consider the selection of outsourced persons, enter into a non-disclosure agreement with them, provide guidance on the proper management of personal information, and exercise appropriate supervision over them.
5.Transfers of personal information outside the resident country of the Persons Concerned
Personal information of the Persons Concerned may be transferred to, and stored by, a third party outside the resident country of the Persons Concerned. Where we transfer personal information to a third party outside the resident country of the Persons Concerned, we will ensure that:
(a) the recipient destination guarantees ensuring an adequate level of protection for the rights and freedoms that the data subject possesses in respect of its personal data in the resident country of the Persons Concerned;
(b) the recipient enters into data transfer agreements as required by data protection laws or regulations of the resident country of the Persons Concerned with us; or
(c) we take other measures as required by data protection laws or regulations of the resident country of the Persons Concerned.
More details of the protection given to personal information when it is transferred outside the resident country of the Persons Concerned can be obtained by contacting our information inquiries office indicated in Section 12 below.
6.Retention period of personal data
We will retain personal information that we collect for the period necessary to process such personal information. However, this does not apply if we are required by laws or regulations to retain personal information for a longer period of time, in which case, we will retain it for the period required by laws or regulations.
7.Exercise of rights by the information provider (Persons Concerned)
Persons Concerned have a number of legal rights in relation to the personal information that we hold. These rights may vary depending on where the Persons Concerned are located and which data protection laws and regulations apply to the relationship between the Persons Concerned and us, but typically will include the following:
(a) Right to obtain information regarding the processing of the relevant personal information and to access the relevant personal information that we hold;
(b) Right to request correction of the relevant personal information if it is inaccurate or incomplete;
(c) Right to request deletion of the relevant personal information under certain circumstances;
(d) Right to request that we restrict our processing of the relevant personal information under certain circumstances;
(e) Right to make an objection to us regarding the processing of the relevant personal information;
(f) Right to receive the relevant personal information in a structured, commonly used, and machine-readable format and/or to request that we directly transmit such personal information to a recipient where this is technically feasible ("data portability right"); and
(g) Right to withdraw consent to the processing of the relevant personal information at any time.
The Persons Concerned may exercise any of their rights by contacting our information inquiries office indicated in Section 12 below. The Persons Concerned also may lodge a complaint with the competent data protection authority if they believe that any of their rights have been infringed by us.
Please also refer to the method for exercising rights provided under Japanese law below. Please contact our information inquiries office indicated in Section 12 below for the method for exercising such rights provided under the laws or regulations of countries other than Japan.
(Method for exercising rights provided under Japanese law)
In the event that Persons Concerned make a request, such as a request that we cease use of, disclose, or take other action with respect to the personal information we retain, we shall respect the will of the Persons Concerned, confirm the identity of the Persons Concerned, and respond within a reasonable period and within the scope of the provisions of applicable laws or regulations.
However, we may refuse said request where:
➢ there is a possibility of violating the laws or regulations;
➢ there is a possibility of harming a third party's life, body, property or other rights and interests;
➢ there is a possibility of interfering with JR Hotel Members performing its business,
➢ the relevant personal information does not exist;
➢ we cannot confirm the identity of the Persons Concerned; and
➢ Persons Concerned have not paid the prescribed fee.
When Persons Concerned wish to make a request that we cease use of, disclose, or take other action with respect to the personal information we retain, they must fill out the required matters of the prescribed application form and send the application form by registered mail, together with documents confirming the identity of the Persons Concerned or their agent ("Identification Documents") and the administrative fee, to the personal information inquiries office below. Please note that we will not respond to any requests made otherwise (including direct visits).
(1) Requests by Persons Concerned
If a request is made by the Persons Concerned, the Persons Concerned must affix their signature and seal on the application form, and send the application form by registered mail, together with identification documents to the personal information inquiries office below.
● Application form
● Application form to request disclosure, correction, cessation of use, or to notify the purpose of use of personal information retained [PDF]
● Identification documents
A copy of one of the following must be enclosed:
● Driver's license
● Certified copy of abridged family register (address, name, and other necessary information only)
● Copy of residence certificate (address, name, and other necessary information only)
● Insurance identification certificate for various types of health insurance
● Insurance identification certificate of long-term care insurance
● Pension book
● Pension certificate
● Passport
(2) Requests by persons other than Persons Concerned
If a request is made by an agent of the Persons Concerned, the following documents must also be enclosed, in addition to the application form (with the signature and seal of the agent) and identification documents of the Persons Concerned and the agent, and sent by registered mail to the personal information inquiries office below.
● Required documents
A copy of one of the following must be enclosed:
● Proxy [PDF]
● Registration certificate of the seal affixed on the proxy (issued within three months from the issuance date of the proxy)
● (Guardian only) A copy of the official gazette (kanpo) or a written determination of the family court
(3) Administrative fee
An administrative fee of 600 yen will be charged for each notification of the purpose of use or disclosure of personal information. Please enclose a postal money order for the amount of the fee with the application documents.
(4) Personal information inquiries office
[Personal information inquiries office]
"Personal information inquiries office" of Nippon Hotel Co., Ltd.
* Company overview of Nippon Hotel Co., Ltd.
(5) Method for notifying the results of the request
A notification will be sent to the applicant (name and address or e-mail address of the requestor as stated in the application form for disclosure or other requests) by mail (Japan Post limited personal delivery service) or e-mail. In the event that the cessation of use, disclosure, or other requested action will not be made, the reason for its refusal will be included in the notice. Please note that it may take a few days for the notification to be made.
(6) Purpose of use of personal information obtained through requests to cease use of, disclose, or take other action
Personal information obtained through requests to cease use of, disclose, or take other action will be used only to the extent necessary for procedures related to cessation of use, disclosure, or the taking of other action. Further, the submitted documents will be properly disposed of.
8.Protection of personal information of minors
We process the personal information of minors appropriately in accordance with this privacy policy. When Persons Concerned are minors, we may require the consent of persons in parental authority for acquisition of such personal information. If the Persons Concerned are under 13 years of age, we will give special consideration to the processing of their personal information, such as by clarifying that the consent of persons in parental authority is required when providing such personal information.
9.Use of cookies
The Website may use cookies to improve the information and services provided and to offer comfortable use of The Website.
For details, please refer to the "Cookie policy"of The Website.
10.Acquisition of access logs
The Website may acquire access logs to improve the use of the Website and to prepare statistical data. JR Hotel Members do not disclose access logs to third parties unless otherwise provided by laws and regulations. If you refuse to send access logs, you may not have full use of the Website.
11.Revision of this privacy policy
We will correct and revise this privacy policy to respond to changes in matters such as related laws, regulations or the social environment by posting the corrected or revised privacy policy on the Website.
12.Personal information inquiries office
Please contact the personal information inquiries office below if you have any questions about this privacy policy.
Personal Information Inquiries Office, Nippon Hotel Co., Ltd.
Email address: cpo@nihonhotel.com
Office hours: 10.00 - 17.00 (excluding weekends and public holidays)
Personal Information Protection Manager: General Manager, General Affairs
Division, Nippon Hotel Co., Ltd.
Last updated: [1/31/2025]
JR HOTEL MEMBERS Secretariat
Addendum
For customers in the European Economic Area (EEA) and the UK
This section applies to customers in the EEA and the UK.
1. Legal basis
Notwithstanding Section 2 of this privacy policy, we will process the personal information of Persons Concerned based on one or more of the following legal bases:
(a) Agreement. This is where we need to process the personal data of the Persons Concerned to perform the agreement we enter into with the Persons Concerned.
(b) Legitimate interests. This is where the processing of personal data of the Persons Concerned is necessary for legitimate interests pursued by us or a third party and interests and fundamental rights of the Persons Concerned do not override those interests. More details of the legitimate interests can be obtained by contacting our information inquiries office indicated in Section 12 of this privacy policy.
(c) Consent. This is where the Persons Concerned have given consent to us to process personal data. The withdrawal of the consent of the Persons Concerned shall not affect the lawfulness of processing performed based on the consent before the withdrawal.
(d) Legal obligation. This is where the processing of personal data of the Persons Concerned is required by the laws and regulations of the EU or the domestic laws of the member states of the EEA.
2. Transfers of personal data outside the EEA or the UK
Personal data of the Persons Concerned may be transferred to, and stored by, a third party outside the EEA or the UK. Notwithstanding Section 5 of this privacy policy, where we transfer personal data to a third party outside the EEA or the UK, we will ensure that:
(a) the recipient destination has been subject to a finding from the European Commission or has been designated by the government of the UK as ensuring an adequate level of protection for the rights and freedoms that the Persons Concerned possess in respect of their personal data; or
(b) the recipient enters into standard data protection clauses (in relation to UK-derived personal data, this refers to data modified based on the Addendum formulated by the Information Commissioner's Office in the UK) that have been approved by the European Commission, or other agreements for the transfer of personal data as required by data protection laws or regulations with us.
More details of the protection given to personal information when it is transferred outside the EEA or the UK can be obtained by contacting our information inquiries office indicated in Section 12 of this privacy policy.
3. Rights of Persons Concerned
Notwithstanding Section 7 of this privacy policy, Persons Concerned have a number of legal rights in relation to their personal data that we hold. An overview of the rights Persons Concerned may exercise is as follows:
(a) Right to obtain information regarding the processing of the relevant personal data and to access the relevant personal data that we hold;
(b) Right to request correction of the relevant personal data if it is inaccurate or incomplete;
(c) Right to request deletion of the relevant personal data under certain circumstances. Certain circumstances include, but are not limited to, the following:
(i) where we no longer need to retain the personal data of the Persons Concerned in light of the purposes for which the personal data was collected;
(ii) where we can only process personal data on the basis of the consent of the Persons Concerned, and the Persons Concerned have withdrawn their consent; or
(iii) where the Persons Concerned object to our processing of their personal data on the basis of legitimate interests, and our legitimate interests do not override the interests, rights, or freedoms of the Persons Concerned.
(d) Right to request that we restrict our processing of the relevant personal data under certain circumstances. Certain circumstances include, but are not limited to, the following:
(i) where the Persons Concerned object to the accuracy of their personal data (only for as long as is necessary for us to verify its accuracy);
(ii) where we no longer need to use the personal data except to raise or exercise legal claims or defend against them; or
(iii) where the Persons Concerned object to our processing of their personal data on the basis of legitimate interests (for as long as is necessary for us to determine whether our legitimate interests override the interests, rights, or freedoms of the Persons Concerned).
(e) Right to make an objection to us regarding the processing of the relevant personal data;
(f) Right to receive the relevant personal information in a structured, commonly used, and machine-readable format and/or to request that we directly transmit such personal information to a recipient where this is technically feasible ("data portability right") where personal data is processed on the basis of the consent of the Persons Concerned or on the basis of an agreement with the Persons Concerned, and there is no other basis, and the processing is conducted by an automated method. Please note that this right is granted only with respect to personal data provided to us by the Persons Concerned.
(g) Right to withdraw consent to the processing of the relevant personal data at any time. Please note, however, that we may continue to process the personal data of the Persons Concerned if we are able to rely on another legal basis.
The Persons Concerned may exercise any of their rights by contacting our information inquiries office indicated in Section 12 of this privacy policy. The Persons Concerned also may lodge a complaint with the competent data protection authority if they believe that any of their rights have been infringed by us.
4. EU/UK representative
You may contact our EU/UK representative using the contact details below.
EU representative
Address: DP-Dock GmbH, Attn: Nippon Hotel Co., Ballindamm 39, 20095 Hamburg, Germany
E-mail address: nippon-hotel@gdpr-rep.com
UK representative
Address: DP Data Protection Services UK Ltd., Attn: Nippon Hotel Co., 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom
www.dp-dock.com
E-mail address: nippon-hotel@gdpr-rep.com
For Customers in the State of California
This addendum applies to customers who are "consumers" under the California Consumer Privacy Act (the "CCPA").
1. Collection, use, and disclosure of personal information by us
A. Categories, source, and purpose of personal information to be collected
Categories of personal information of customers we have acquired during the 12-month period prior to the date of the last update of this addendum shall be as follows:
We will retain collected personal information for the period necessary to fulfill the purposes for which it has been collected. This includes the purposes of fulfilling our agreements with customers, satisfying any legal, regulatory, accounting, reporting obligations we are subject to, and the establishment and defense of legal claims.
| Categories of personal information acquired (as listed in the CCPA) | Specific examples |
|---|---|
| Identifiers | Name, address, email address, passport number, and password |
| Other personal information | Telephone number |
| Characteristics of protected classifications | Age, sex, date of birth, and nationality |
| Professional or employment-related information | Occupation and employer information |
Business or commercial purposes
We have collected the personal information of customers during the 12-month period prior to the date of the last update of this addendum for the business or commercial purposes set forth in Section 2 of this privacy policy. We do not use or disclose customers' sensitive personal information for purposes other than those specified in the CCPA.
We do not collect or process customers' sensitive personal information for the purpose of inferring characteristics about customers.
Categories of sources
The following is a list of the categories of sources from which the personal information of customers was collected during the 12-month period prior to the date of the last update of this addendum:
· Provision from customers themselves
· Collection from Online Travel Agents (OTA), travel agents, or restaurant booking websites
B. Sale of personal information
We have not and will not sell customers' personal information to any third party.
C. Sharing of personal information
We have not and will not share customers' personal information to any third party.
D. Disclosure of personal information
During the 12-month period prior to the date of the last update of this addendum, we disclosed the personal information of the customers stated in A. above to third parties for business purposes. Third parties to whom such information was disclosed are service providers such as IT service providers (including data servers and cloud service providers) and legal advisors.
Business or commercial purposes
The business or commercial purposes of the disclosure above is as stated in Section 2 of this privacy policy.
2.Rights of customers
A.Rights of customers
(1) Notwithstanding Section 7 of this privacy policy, customers' rights under the CCPA include the right to know about personal information of customers that we collect, use, and/or disclose, the right to delete personal information, and the right to correct personal information.
(2) We will not unreasonably engage in discriminatory treatment of customers for the purpose of exercising rights such as the right to know about personal information under the CCPA by using methods including, but not limited to, the following:
I. Refusing the provision of goods or services to customers;
II. Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
III. Providing a different level or quality of goods or services to customers;
IV. Suggesting that customers will receive a different price or rate for goods or services or a different level or quality of goods or services.
B. Exercise of rights (right to know, right to delete, and right to correct) by customers
If customers wish to exercise the right to know, right to delete, or right to correct under the rights of A(1) above, they may contact us”4. Contact information” below. In such cases, they should provide to us anything that may prove their identity, such as their name and email address for personal identification.
In response to inquiries from customers, we will confirm receipt by methods similar to the methods used by customers to contact us within 10 business days from the receipt of such inquiries, and inform customers of the response policy and the deadline for a response. If customers exercise their right to know, delete, or correct, as a rule, we will respond within 45 days, and respond within 90 days from the receipt of such inquiries at the latest, after notifying customers in cases exceeding 45 days. However, if the details of the claim, including those for customer identity verification, cannot be confirmed within 45 days, we may not be able to respond to inquiries related to customers' exercise of such rights.
We will record details of customers' inquiries and retain them for 24-months. If customers exercise their rights through an agent, they must provide us with documents showing that the agent has been entrusted with the exercise of their rights, and such agent's identification documents.
3. Changes to this addendum
We may change this addendum from time to time. The "Last updated" mentioned at the top of this page states the date this addendum was last updated, and any changes will become effective upon our posting of the revised addendum to the extent permitted by applicable laws. Where required by the CCPA or other applicable laws, we will request the consent of customers to any such changes. We will provide the revised addendum by email, or by posting a notice of the changes on our website or through any relevant services.
4. Contact information
Customers may contact us with any questions or concerns about this addendum and customers' choices and rights under the CCPA at:
Company name: Nippon Hotel Co., Ltd.
Address: 1-6-1, Nishi-Ikebukuro, Toshima-ward, Tokyo, Japan
Email address: cpo@nihonhotel.com
For Customers in Taiwan
This addendum applies to customers in Taiwan.
1. Obligation to notify of statutory matters
After providing notification of the statutory matters set forth in Article 8 of the Personal Data Protection Act of Taiwan (the "Taiwan Act"), we will acquire personal information within the scope of the purpose of use.
(a) Purpose of acquisition: See "2. Purposes of use" in Section 2 of this privacy policy and "2. Purpose of use of personal information" of this addendum.
(b) Type of personal information: See "1. Personal information acquired/method of collection" in Section 2 of this privacy policy.
(c) Period, regions, subjects, and method for using personal information
(i) Period: Only for the period reasonably necessary to attain "2. Purposes of use" set forth in Section 2 of this privacy policy, and "2. Purposes of use of personal information" of this addendum
(ii) Regions: Japan and Taiwan, including countries of recipients set forth in Section 4 of this privacy policy, depending on business needs.
(iii) Targets: Company and the recipients set forth in Section 4 of this privacy policy.
(iv) Method: Using personal information with automated equipment or by other non-automated means, including, without limitation, in writing, by phone, short message service, facsimile, e-mail, Internet, in printed form, or other methods deemed appropriate in light of the purposes for which the personal information was collected, depending on the level of science and technology at that time.
(d) Rights that persons concerned are able to exercise pursuant to Article 3 of the Taiwan Act and how those rights are exercised: See "Exercise of rights by the information provider (Persons Concerned)" in Section 7 of this privacy policy.
(e) Persons Concerned may choose whether to provide personal information to us. However, if they choose not to provide such information, there may be cases where we will restrict the provision of services of this website or be unable to provide them.
2. Purposes of use of personal information
We may process (collect, use, store, disclose by transmission, etc.) personal information pursuant to the specific purposes below in "specific purposes and categories of personal information under the Personal Data Protection Act" published by the Ministry of Justice in Taiwan, and in order to achieve the purposes listed in "2. Purposes of use" of Section 2 of this privacy policy.
(a) Marketing (including joint marketing by financial holding companies) (Specific Purpose No. 40)
(b) Administration of contracts and other legal documents similar to contracts (Specific Purpose No. 69)
(c) Business regarding reservations, accommodation registration, and ticket purchases (Specific Purpose No. 77)
(d) Management of and provision of services to consumers and customers (Specific Purpose No. 90)
(e) Investigation, statistics, and research analysis (Specific Purpose No.157)
3. Transfer of personal information outside Taiwan
Personal information may be transferred to third parties outside Taiwan and kept by such third parties. In the event that the Company transfers personal information to third parties outside Taiwan, we will ensure that if the transfer of personal information from Taiwan outside of Taiwan constitutes a transfer restriction event as provided in the laws or regulations related to personal information in Taiwan, and the competent organization prohibits or restricts it, we will not transfer it outside of Taiwan, with or without the consent of the Persons Concerned.