Privacy PolicyPrivacy Policy

Protection of Personal Information

MORI HOSPITALITY CORPORATION (“We” “Our” or “Us”) obtains and utilizes personal information such as our customer's name, address, telephone number, e-mail address and individual identification code to facilitate the execution of our businesses. We recognize that proper protection of the personal information of our customers is a serious obligation, and, to fulfill this obligation, we handle personal information pursuant to the policy below.

  1. We shall comply with the Act on the Protection of Personal Information, other related laws and regulations, and related guidelines on the protection of personal information, and adhere to and abide by generally accepted practices on the handling of personal information, and handle personal information properly. We shall also strive to improve on the handling of personal information.
  2. We shall make the rules and regulations on handling of personal information clear, and disseminate them and fully inform our employees of them. We shall also request our business counterparts to handle personal information properly.
  3. With respect to acquisition of personal information, the purpose of usage shall be specified and notified or disclosed, and any personal information shall be handled within the scope of said purpose.
  4. When personal information of our customers is provided to relevant consignees as a result of consignment of all or part of the handled personal information to third parties, within necessary limits, to achieve the purpose of usage, upon confirmation that the personal information at the relevant consignee is protected adequately, an agreement on protection of personal information shall be concluded, and appropriate steps taken.
  5. Necessary steps shall be taken in order to perform proper management to prevent leakage, loss, falsification, etc. of personal information.
  6. With respect to the personal data retained by us, when our customers personally make requests for disclosure, correction, deletion, or suspension of usage, etc., we shall respond in good faith.

Purpose of Usage

We shall acquire personal information necessary for conducting business, and shall use personal information only within the scope of the following purposes:

a) For guests using ARK HILLS CLUB, Roppongi Hills Club and HILLS SPA:

  1. To provide food and beverages, banquet, wedding, spa and fitness and other services, and to confirm customer information and member information in receiving dining reservations and party reservations;
  2. To confirm the use history of members and customers, etc.;
  3. To confirm and identify members and customers when they arrive;
  4. To send e-mail newsletters, seasonal publications, direct mails and invoices, etc., relating to the businesses of MORI BUILDING Co., Ltd. and its group companies (including MORI HOSPITALITY CORPORATION, hereinafter collectively referred to as the “MORI BUILDING GROUP.” (Please refer to the Mori Building Co., Ltd. website ( https://www.mori.co.jp/en/company/group.html )for information on major group companies.);
  5. To conduct marketing research for the businesses of MORI BUILDING GROUP;
  6. To invite members and customers to events and functions that MORI BUILDING GROUP or a member hosts, co-sponsors, sponsors, supports, or collaborates on (hereinafter, “Event, etc.”), to inform members and customers of the Event, etc., and to send season's greetings to our members and customers; and
  7. To perform other operations related to the businesses of MORI BUILDING GROUP.

b) For guests using Grand Hyatt Tokyo, Andaz Tokyo, Hotel Toranomon Hills and Janu Tokyo:

  1. To provide accommodation, food and beverage, banquet, wedding, spa and fitness and other services, and to confirm customer information and member information in receiving dining reservations and party reservations;
  2. To confirm the use history of members and customers;
  3. To confirm and identify members and customers when they arrive;
  4. To provide information on the hotel's services, products, etc., and to provide marketing activities and the latest information;
  5. To conduct statistical analysis in a form that does not identify individual customer of the hotel; and
  6. To conduct other operations of the hotel.

All personal information provided by our guests using Grand Hyatt Tokyo, Andaz Tokyo and Hotel Toranomon Hills shall be safeguarded under this Privacy Policy and the "Privacy Policy for Guests" of Hyatt Hotels Corporation (the "Hyatt Privacy Policy"). (Hyatt Privacy Policy: Please visit the website prescribed in 12.)
All personal information provided by our guests using Janu Tokyo shall be safeguarded under this Privacy Policy and the "Janu Tokyo Privacy Notice." (For details of the Janu Tokyo Privacy Notice, please visit the website prescribed in 12.)

c) For guests visiting our website:

  1. Cookies: to provide proper information and to ensure security.
  2. Access log: for statistical analysis for website maintenance and usage.

Control and Security

With respect to the handling of personal data provided by our customers (including personal information that we collect or intend to collect, which we are planning to handle as retained personal data; the same shall apply hereinafter in this Article 3), as set forth below, we shall work on maintaining the accuracy of personal data through proper and stringent controls via the appointment of a security administrator of personal information.
Furthermore, with respect to the risks of improper access from outside and prevention of any leakage of information, based on the rules and regulations on personal information protection and the detailed rules on handling and management of personal information, we shall implement safety measures at the necessary and appropriate levels, and work on safety management of the personal data of our customers.
We shall promptly dispose of our customers’ personal data if the retention period prescribed by laws and regulations has passed, or when the handling of our customers’ personal data is no longer necessary.

  1. Enactment of basic policy
    This Privacy Policy is enacted as an organizational effort to secure the proper handling of personal data and to give notification to our customers of the inquiry desk for questions and complaint processing.
  2. Preparation of rules regarding the handling of personal data
    We shall prepare rules for personal data protection with respect to the handling method, responsible persons, and their duties, etc. regarding each stage of acquisition, usage, storage, provision, deletion, and disposition, etc. of personal data as rules regarding the specific handling of personal data for the purpose of the prevention of leakage, etc. of personal data that is handled and other safety management of personal data.
  3. Organizational security management measures
    As well as appointing a security administrator of personal information, we shall clarify the employees handling personal data and the scope of the personal data that such employees shall handle, and establish a reporting and communication system for the responsible person in the event a fact of a breach of a law or rules and regulations on personal information or an indication thereof becomes known. We shall also prepare a means to confirm the status of the handling of personal data.
  4. Personal security management measures
    We shall fully inform employees of the appropriate handling of personal data, and shall also provide appropriate education for employees.
  5. Physical security management measures
    We shall appropriately manage the areas where important information systems such as servers or main computers that handle personal information databases, etc. are managed and areas where administrative work that handles other personal data is conducted. In addition, we shall conduct appropriate management in order to prevent the theft or loss, etc. of equipment, electronic media, and documents, etc. that handle personal data, and we shall also take safety measures so that personal data is not easily revealed if electronic media or documents, etc. on which personal data is recorded are transported.
  6. Technical security management measures
    We shall execute appropriate access controls in order to limit the scope of persons in charge and the personal information databases, etc. that are handled, and we shall introduce and appropriately operate structures to protect the information system handling personal data from outside unauthorized access or unauthorized software.
  7. Understanding the external environment
    If we handle personal data in a country other than Japan, we shall take necessary and appropriate measures for the purpose of security management of personal data upon understanding the system, etc. for the protection of personal information in such country.

Supervision to Outsourcing Agents and Subcontractor

If we outsources all or part of the handling of personal data to a third party, we shall supervise such outsourcing agents and subcontractors so that they execute proper administration to protect personal information and take other proper measures by executing an agreement with them regarding the protection of personal information.
In case of outsourcing all or part of the handling of personal data to a third party in a foreign country, we shall make an agreement that requires the third party to implement personal information management conforming to standards prescribed by rules of the Personal Information Protection Commission, and shall conduct appropriate supervision over the third party.

Providing of Personal Information to Third Parties

Without the consent of the individual, we shall not provide personal information to any third party, except for cases permitted under the related laws or regulations, or except in the cases prescribed in the following article.

Joint Use

All personal data items provided by members and customers to ARK HILLS CLUB, Roppongi Hills Club and HILLS SPA, including name, address, telephone number and e-mail address, shall be shared with the MORI BUILDING GROUP for the purposes described in Article 2. a) above.
The person responsible for the management of personal data falling under joint use is as follows.

MORI HOSPITALITY CORPORATION
6-10-3 Roppongi, Minato-ku, Tokyo
Hiroo Mori, President and CEO

Disclosure

With respect to personal data retained by us, when our customer personally requests disclosure of retained personal data that can identify him/her or the purpose of use thereof, we shall provide disclosure in accordance with the provisions of laws and regulations and within the scope prescribed in laws and regulations, upon verification that the requestor is the actual customer.

Corrections, Additions and Deletions

With respect to personal data retained by us, when our customer personally requests corrections, additions, or deletions of retained personal data that can identify him/her, and details of such retained personal data differ from fact, we shall make corrections, additions, or deletions in accordance with the provisions of laws and regulations and within the scope prescribed in laws and regulations, upon verification that the requestor is the actual customer.

Suspension of Usage, Removal, and Suspension of Third Party Provision

With respect to personal data retained by us, when our customer personally requests suspension of the usage or removal of retained personal data that can identify him/her, or suspension of the providing of retained personal data that can identify him/her to third parties, we shall suspend providing information to third parties, or remove or suspend the usage of such retained personal data without delay, upon verification that the requestor is the actual customer and upon verification that the request of our customer is legitimate, in accordance with the provisions of laws and regulations and within the scope prescribed in laws and regulations.

Inquiry Desk for Disclosure, etc.

[Request Procedure]

Contact for requests prescribed in Articles 7, 8, and 9 above relating to personal data retained by us, and inquiries and claims relating to our handling of personal information are shown below.
Procedure for the disclosure, correction, addition, deletion, suspension of the usage, removal or suspension of third party provision of retained personal data described above may be made through the inquiry form by post to ensure a strict identity verification procedure. Please enclose identity verification documents such as a copy of a document with your photo, name, birthdate, and address on it.
Please be reminded that any request for disclosure or other handling in any other manner may not be accepted.

[Inquiry Desk]
6-10-3 Roppongi Minato-ku, Tokyo 106-0032, Japan
MORI HOSPITALITY CORPORATION
Personal Information Protection Secretariat

Please note that a disclosure fee of 2,000 yen per application is required for the procedures stipulated in Article 7 above. Please enclose a fixed postal money order for 2,000 yen when mailing the required documents. Fixed postal money orders can be purchased at Japan Post Bank or any post office that handles fixed postal money orders. The customer is also responsible for the purchase fee of the money order.

Change to this Privacy Policy

We shall inform you through our website when this Privacy Policy is to be changed.

Links

Privacy Policy for Guests - Hyatt Hotels Corporation
Janu Tokyo Privacy Notice
Appendix A
If you are a resident of the European Economic Area (EEA), please see Appendix A for additional information regarding our use of your personal information.

  • Effective Date: April 1, 2005
  • Amendment Date: January 1, 2010
  • Amendment Date: April 1, 2013
  • Amendment Date: April 1, 2017
  • Amendment Date: June 1, 2018
  • Amendment Date: April 1, 2019

    Added Appendix A: “Additional Provisions Applicable to Processing of Personal Information of EEA Residents.” Appendix A includes detailed information provided pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, commonly referred to as the “General Data Protection Regulation” (GDPR).

  • Amendment Date: April 1, 2022
  • Amendment Date: April 1, 2025

April 1, 2025

MORI HOSPITALITY CORPORATION
6-10-3 Roppongi, Minato-ku, Tokyo
Hiroo Mori, President and CEO

Appendix A: Additional Provisions Applicable to Processing of Personal Information of EEA Residents

For individuals residing in the EEA, this Appendix outlines certain additional information that MORI HOSPITALITY CORPORATION (“We”, “Our” or “Us”) is obligated to provide to you, as well as certain rights you have with respect to the processing of your personal information, based on the General Data Protection Regulation (GDPR). This Appendix A shall prevail to the extent it conflicts with any provision in the main body of this Privacy Policy.

Processing of Personal Information

The purposes of personal information

The purposes of personal information that we handle are set out in Article 2 of this Privacy Policy.

The categories of personal information

Personal information that we collect and retain includes the following

  1. Basic information (name, address, phone number, e-mail address, individual identification code, sex, date of birth, nationality, fax number, address for service, etc.);
  2. Additional information (occupation, office information (company name, address, telephone number, department name, managerial position), wedding date, family information (name, relationship, birthday), etc.);
  3. Payment information (credit card number, bank account information, billing address, etc.);
  4. Service utilizing information (facility use state, merchandise purchase state, etc.);
  5. Informative matters/messages (e-mail, website form input, fax, a phone note, letter, the answers to the questionnaires, etc.);
  6. Information collected by using security systems (security camera, card key, etc.);
  7. Information automatically collected on our website (cookies, IP address, type of browser, date and time of access, etc.); and
  8. Hotel register items (address, name, occupation, nationality, passport number, age, previous place of stay (coming from), next place of stay (going to), arrival date and time, departure date and time, guest room name, etc.)
Acquisition of Personal Information

We collect personal information from the following sources in conducting business related to our facilities, services and products (including accommodations, banquets, foods and beverages, sale of goods, provision/sale of other incidental products, provision of services, holding of events, etc.)

  1. Direct acquisition from an individual
    by telephone, letter (including electro-magnetic records), business cards, orally, through the internet, etc.
  2. Acquisition from persons with proper authorization to provide information for an individual
    an individual applying on behalf of another, a party introduced by a second party, travel agents, business partners and agents selling retail packaged plans
  3. Acquisition from published material or public sources
    internet, newspapers, telephone directories, books and other publications, etc.
Provision to a third party

We provide personal information to a person who falls under any of the following items

  1. a business operator whom we entrust with all or part of the work related to the handling of personal information;
  2. a joint user with which we jointly use personal Information; and
  3. information providing a destination specified by laws and regulations, etc., in case of provision of personal information under laws and regulations, etc.

Legal Basis

We process customer’s personal information based on the customer’s consent in principle. The processing of personal information in the absence of the customer’s consent shall be based on necessity for performing the contract with the customer, necessity to take steps at the request of the customer prior to entering into a contract, necessity for purposes of the legitimate interests pursued by us or a third party, or necessity for compliance with a legal obligation to which we are subject. The legitimate interests pursued by us or a third party include an increase in operating income from marketing and improvement of services, and improvement of the convenience, security, etc., of our website.

Transfer of Personal Information to a Third Country.

For the purposes of fulfilling the contract with the customer, or for taking procedures according to the customer’s request prior to entering into a contract, personal information acquired outside Japan shall be transferred to Japan.
Japan has received an adequacy decision on protection of personal information from the European Commission.
We handle the customer’s personal information with appropriate security and confidentiality measures

Retention Period

We retain personal information for the period necessary to accomplish its purpose of processing. Following the retention period, we eliminate or anonymize such personal information in a secure way within a reasonable period of time.

Customer’s Rights

You have the following rights with respect to us based on laws and regulations.
A customer may exercise these rights by contacting the Inquiry Desk stated in Article 10 of this Privacy Policy.
In the event that you exercise these rights, we shall respond in good faith, barring statutory exceptions, after confirming that the requesting person is the person in question.

  1. The right of access
    The right to obtain confirmation as to whether or not personal information concerning you is being processed, and where that is the case, (the right to) access the personal information and the accompanying information.
  2. The right to rectification
    The right to rectify inaccurate personal information concerning you.
  3. The right to erasure
    The right to erase personal information concerning you in certain cases.
  4. The right to restriction of processing
    The right to restrict processing in certain cases.
  5. The right to object to processing
    The right to object to the processing of personal information based on the purposes of the legitimate interests pursued by us or third parties.
  6. The right to data portability
    The right to receive the personal information concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from us.

Withdrawal of Consent

You can withdraw consent on the processing of your personal information at any time. Withdrawing consent does not affect the lawfulness of the processing based on consent before the withdrawal. You can withdraw consent by contacting the Inquiry Desk stated in Article 10 of this Privacy Policy.

Lodging a Complaint with an Authority

Customers have the right to lodge a complaint on the processing of their personal information with the protection authority having jurisdiction over their residence.

Personal Information Necessary for Accommodations

We require the following information to provide accommodation services to our customers. In particular, the laws of Japan require that we keep the information on the hotel register for three years. Should you be unable to provide the required information, we may not be able to provide you with accommodation services.

  1. Basic information (name, telephone number, etc.)
  2. Hotel register items (name, address, occupation, nationality, passport number, sex, age, etc.)

Personal Information from Children

A guardian’s consent or permission must be obtained in the event that a customer under the age of 16 uses our service and consents to the Policy.

Automated Individual Decision-Making, Including Profiling

We do not make decisions based solely on automated processing, including profiling.

Free of Charge

Notwithstanding the second part of Article 10 of this Privacy Policy, it is not necessary to enclose a fixed postal money order as a fee when applying.