HOSPITALITY

MORI HOSPITALITY CORPORATION (“We” “Our” or “Us”) obtains and utilizes personal information such as our customer's name, address, telephone number, e-mail address and individual identification code to facilitate the execution of our businesses. We recognize that proper protection of the personal information of our customers is a serious obligation, and, to fulfill this obligation, we handle personal information pursuant to the policy below.

1. We shall comply with the Act on the Protection of Personal Information, other related laws and regulations, and related guidelines on the protection of personal information, and adhere to and abide by generally accepted practices on the handling of personal information, and handle personal information properly. We shall also strive to improve on the handling of personal information.
2. We shall make the rules and regulations on handling of personal information clear, and disseminate them and fully inform our employees of them. We shall also request our business counterparts to handle personal information properly.
3. With respect to acquisition of personal information, the purpose of usage shall be specified and notified or disclosed, and any personal information shall be handled within the scope of said purpose.
4. When personal information of our customers is provided to relevant consignees as a result of consignment of all or part of the handled personal information to third parties, within necessary limits, to achieve the purpose of usage, upon confirmation that the personal information at the relevant consignee is protected adequately, an agreement on protection of personal information shall be concluded, and appropriate steps taken.
5. Necessary steps shall be taken in order to perform proper management to prevent leakage, loss, falsification, etc. of personal information.
6. With respect to the personal data retained by us, when our customers personally make requests for disclosure, correction, deletion, or suspension of usage, etc., we shall respond in good faith.

We shall acquire personal information necessary for conducting business, and shall use personal information only within the scope of the following purposes:

a) For guests using ARK HILLS CLUB, Roppongi Hills Club and HILLS SPA:

1. To provide food and beverages, banquet, wedding, spa and fitness and other services, and to confirm customer information and member information in receiving dining reservations and party reservations;
2. To confirm the use history of members and customers, etc.;
3. To confirm and identify members and customers when they arrive;
4. To send e-mail newsletters, seasonal publications, direct mails and invoices, etc., relating to the businesses of MORI BUILDING Co., Ltd. and its group companies (including MORI HOSPITALITY CORPORATION, hereinafter collectively referred to as the “MORI BUILDING GROUP.” (Please refer to the Mori Building Co., Ltd. website ( https://www.mori.co.jp/en/company/group.html )for information on major group companies.);
5. To conduct marketing research for the businesses of MORI BUILDING GROUP;
6. To invite members and customers to events and functions that MORI BUILDING GROUP or a member hosts, co-sponsors, sponsors, supports, or collaborates on (hereinafter, “Event, etc.”), to inform members and customers of the Event, etc., and to send season's greetings to our members and customers; and
7. To perform other operations related to the businesses of MORI BUILDING GROUP.

b) For guests using Grand Hyatt Tokyo, Andaz Tokyo, Hotel Toranomon Hills and Janu Tokyo:

1. To provide accommodation, food and beverage, banquet, wedding, spa and fitness and other services, and to confirm customer information and member information in receiving dining reservations and party reservations;
2. To confirm the use history of members and customers;
3. To confirm and identify members and customers when they arrive;
4. To provide information on the hotel's services, products, etc., and to provide marketing activities and the latest information;
5. To conduct statistical analysis in a form that does not identify individual customer of the hotel; and
6. To conduct other operations of the hotel.

All personal information provided by our guests using Grand Hyatt Tokyo, Andaz Tokyo and Hotel Toranomon Hills shall be safeguarded under this Privacy Policy and the "Privacy Policy for Guests" of Hyatt Hotels Corporation (the "Hyatt Privacy Policy"). (Hyatt Privacy Policy: Please visit the website prescribed in 12.)
All personal information provided by our guests using Janu Tokyo shall be safeguarded under this Privacy Policy and the "Janu Tokyo Privacy Notice." (For details of the Janu Tokyo Privacy Notice, please visit the website prescribed in 12.)

c) For guests visiting our website:

1. Cookies: to provide proper information and to ensure security.
2. Access log: for statistical analysis for website maintenance and usage.

With respect to the handling of personal data provided by our customers (including personal information that we collect or intend to collect, which we are planning to handle as retained personal data; the same shall apply hereinafter in this Article 3), as set forth below, we shall work on maintaining the accuracy of personal data through proper and stringent controls via the appointment of a security administrator of personal information.
Furthermore, with respect to the risks of improper access from outside and prevention of any leakage of information, based on the rules and regulations on personal information protection and the detailed rules on handling and management of personal information, we shall implement safety measures at the necessary and appropriate levels, and work on safety management of the personal data of our customers.
We shall promptly dispose of our customers’ personal data if the retention period prescribed by laws and regulations has passed, or when the handling of our customers’ personal data is no longer necessary.

1. Enactment of basic policy
   This Privacy Policy is enacted as an organizational effort to secure the proper handling of personal data and to give notification to our customers of the inquiry desk for questions and complaint processing.
2. Preparation of rules regarding the handling of personal data
   We shall prepare rules for personal data protection with respect to the handling method, responsible persons, and their duties, etc. regarding each stage of acquisition, usage, storage, provision, deletion, and disposition, etc. of personal data as rules regarding the specific handling of personal data for the purpose of the prevention of leakage, etc. of personal data that is handled and other safety management of personal data.
3. Organizational security management measures
   As well as appointing a security administrator of personal information, we shall clarify the employees handling personal data and the scope of the personal data that such employees shall handle, and establish a reporting and communication system for the responsible person in the event a fact of a breach of a law or rules and regulations on personal information or an indication thereof becomes known. We shall also prepare a means to confirm the status of the handling of personal data.
4. Personal security management measures
   We shall fully inform employees of the appropriate handling of personal data, and shall also provide appropriate education for employees.
5. Physical security management measures
   We shall appropriately manage the areas where important information systems such as servers or main computers that handle personal information databases, etc. are managed and areas where administrative work that handles other personal data is conducted. In addition, we shall conduct appropriate management in order to prevent the theft or loss, etc. of equipment, electronic media, and documents, etc. that handle personal data, and we shall also take safety measures so that personal data is not easily revealed if electronic media or documents, etc. on which personal data is recorded are transported.
6. Technical security management measures
   We shall execute appropriate access controls in order to limit the scope of persons in charge and the personal information databases, etc. that are handled, and we shall introduce and appropriately operate structures to protect the information system handling personal data from outside unauthorized access or unauthorized software.
7. Understanding the external environment
   If we handle personal data in a country other than Japan, we shall take necessary and appropriate measures for the purpose of security management of personal data upon understanding the system, etc. for the protection of personal information in such country.

[Request Procedure]

Contact for requests prescribed in Articles 7, 8, and 9 above relating to personal data retained by us, and inquiries and claims relating to our handling of personal information are shown below.
Procedure for the disclosure, correction, addition, deletion, suspension of the usage, removal or suspension of third party provision of retained personal data described above may be made through the inquiry form by post to ensure a strict identity verification procedure. Please enclose identity verification documents such as a copy of a document with your photo, name, birthdate, and address on it.
Please be reminded that any request for disclosure or other handling in any other manner may not be accepted.

Please note that a disclosure fee of 2,000 yen per application is required for the procedures stipulated in Article 7 above. Please enclose a fixed postal money order for 2,000 yen when mailing the required documents. Fixed postal money orders can be purchased at Japan Post Bank or any post office that handles fixed postal money orders. The customer is also responsible for the purchase fee of the money order.