1. Protection of Personal Information
MORI HOSPITALITY CORPORATION obtains and utilizes information such as our customer's name, address, telephone number, e-mail address and individual identification code to facilitate the execution of our businesses. We recognize that proper protection of the Personal Information of our customers (hereinafter, "Personal Information") to be a serious obligation, and, to fulfill this obligation, we handle Personal Information pursuant to the policy below.
- MORI HOSPITALITY CORPORATION will comply with Act on the Protection of Personal Information, other related laws and regulations, and relating guidelines on the protection of Personal Information that are applied to Personal Information, and adhere to and abide by the generally accepted practices on the handling of Personal Information, and handle Personal Information properly. We will also strive to improve on the handling of Personal Information.
- MORI HOSPITALITY CORPORATION will make the rules and regulations on handling of Personal Information clear, and disseminate and fully inform our employees of them. We will also request our business counterparts to handle Personal Information properly.
- With respect to acquisition of Personal Information, the purpose of usage will be specified and notified or disclosed, and any Personal Information will be handled within the scope of said purpose.
- When Personal Information of our customers is provided to relevant consignees as a result of consignment of all or part of the handled Personal Information to third parties, within necessary limits, to achieve the purpose of usage, upon confirmation that the Personal Information at the relevant consignee is protected adequately, an agreement on protection of Personal Information shall be concluded, and appropriate steps taken. When Personal Information of our customers is provided to relevant consignees in a foreign country, such consignees in a foreign country shall be required by contract, etc., to conduct Personal Information management which conforms to standards prescribed by rules of the Personal Information Protection Commission, and an appropriate supervision shall be conducted.
- Necessary steps shall be taken in order to perform proper management to prevent leakage, loss, and falsification of Personal Information.
- With respect to the Personal Information stored at MORI HOSPITALITY CORPORATION, when our customers personally make requests for disclosure, correction, deletion, or suspension of usage, we will respond in good faith.
We will comply with the specific items below.
2. Purpose of Usage
MORI HOSPITALITY CORPORATION will acquire Personal Information necessary for conducting business, and will use Personal Information only within the scope of the purposes stated below:
a) For guests using Roppongi Hills Club, ARK Hills Club and Hills Spa:
- To provide food and beverages, banquet, wedding, spa and fitness and other services, and to confirm customer information and members information in receiving dining reservation and party reservation;
- To confirm use history of members and customers;
- Confirmation and identification of members and customers when they arrive;
- To send e-mail newsletters, seasonal publications, direct mails and invoices, etc., relating to businesses of MORI HOSPITALITY CORPORATION, MORI BUILDING Co., Ltd., and its affiliated companies;
- Marketing research for the businesses of MORI HOSPITALITY CORPORATION and MORI BUILDING Co., Ltd.;
- To invite members and customers for events and functions that MORI HOSPITALITY CORPORATION, and MORI BUILDING Co., Ltd, its affiliated company or a member hosts, co-sponsors, sponsors, supports, or collaborates on (hereinafter, “Event, etc.”), to inform members and customers of the Event, etc., and to send season's greetings to our members and customers; and
- To perform other operations relating to the businesses of MORI HOSPITALITY CORPORATION and MORI BUILDING Co., Ltd.
b) For guests using Grand Hyatt Tokyo and Andaz Tokyo:
- To provide and charge for the accommodations, food and beverages, banquet, wedding, spa and fitness and other services, to confirm customer information and members information in receiving dining reservation and party reservation, to confirm use history of members and customers, and confirmation and identification of members and customers when they arrive;
- Marketing activities in order to provide you with information regarding the services and goods, etc., and to provide you with the latest information;
- To conduct a survey about the services and goods;
- Used as statistical analysis for the purpose of marketing in a form which precludes personal identification; and
- Used in the course of carrying out business.
c) For guests visit our website:
- Cookies: to provide proper information and to ensure security.
- Access log: for statistical analysis for website maintenance and usage.
3. Control and Security
With respect to the handling of Personal Information provided by our customers, MORI HOSPITALITY CORPORATION will work on maintaining the accuracy of Personal Information through proper and stringent controls via the appointment of a security administrator of Personal Information.
Furthermore, with respect to the risks of improper access from outside and prevention of any leakage of information, based on the rules and regulations on Personal Information protection and the detailed rules on handling and management of Personal Information, we will implement safety measures at the necessary and appropriate levels, and work on safety management of the Personal Information of our customers.
4. Thorough Employee Education
We clarify the rule for handling Personal Information to our employees and educate them so that they fully understand the importance of Personal Information and the rule and system to protect Personal Information.
5. Supervision to Outsourcing Agents and Subcontractor
We supervise our outsourcing agents and subcontractors so that they execute proper administration to protect Personal Information and take other proper measures by executing an agreement with them regarding the protection of Personal Information.
In case of providing personal data to a third party in a foreign country, we will make an agreement which requires the third party to implement Personal Information management conforming to standards prescribed by rules of the Personal Information Protection Commission, and will conduct appropriate supervision over the third party.
6. Providing of Personal Information to Third Parties
Without the consent of the individual, MORI HOSPITALITY CORPORATION will not provide Personal Information to any third party, except for cases permitted under the related laws or regulations, or except in the cases prescribed in the following article.
7. Joint Use
There may be cases where Hyatt Hotels Corporation (including Grand Hyatt Tokyo, Andaz Tokyo) and MORI HOSPITALITY CORPORATION jointly use Personal Information (personal data), such as names, addresses, phone numbers and all other items that are provided by our guests, for marketing activities and provision of information regarding Hyatt Hotels Corporation. In such cases, MORI HOSPITALITY CORPORATION is responsible for management of personal data.
With respect to Personal Information stored at MORI HOSPITALITY CORPORATION, when our customer personally requests disclosure of his/her information, except in the case as required by ordinances, we provide disclosure within a reasonable timeframe, to a reasonable extent, upon verification that the requestor is the actual customer.
9. Corrections, Additions and Deletions
With respect to Personal Information stored at MORI HOSPITALITY CORPORATION, when our customer personally requests corrections, additions, or deletions of his/her information, when our details differ from fact, we make corrections, additions, or deletions within a reasonable timeframe, to a reasonable extent, upon verification that the requestor is the actual customer.
10. Suspension of Usage, and Removal
With respect to Personal Information stored at MORI HOSPITALITY CORPORATION, when our customer personally requests suspension of the usage or removal of his/her information, or the providing of his/her information to third parties, we will suspend providing information to third parties, or remove or suspend the usage of his/her information without delay, upon verification that the requestor is the actual customer and it is verified that the request of our customer is legitimate, within a reasonable timeframe, to a reasonable extent.
11. Inquiry Desk for Disclosure, etc.
Contact for requests prescribed in 8, 9, and 10 above relating to Personal Information stored at MORI HOSPITALITY CORPORATION, and inquiries and claims relating to our handling of Personal Information are shown below.
The request procedure shall follow the procedure that we have prescribed separately. Procedure for the disclosure, correction, addition, revision, cessation of use or deletion of retained Personal Information described above may be made through the inquiry form by post to ensure a strict identity verification procedure. Please enclose the identity verification documents such as a copy of a document with your photo, name, birthdate, address.
Please be reminded that any request for disclosure or other handling in any other manner may not be accepted.
6-10-3 Roppongi Minato-ku, Tokyo 106-0032, Japan
MORI HOSPITALITY CORPORATION
To the person in charge of Act on the Protection of Personal Information
The cost of the procedure described above shall be 2,000 Japanese Yen for one inquiry and equivalent amount of the postal money order with fixed amount issued by Japan Post Bank (Teigaku-Kogawase) shall be enclosed when you make an inquiry.
When you purchase the postal money order, the fee prescribed by Japan Post Bank will apply. The fee will be borne by you.
If you are a resident of the European Economic Area (EEA), please see Appendix A for additional information regarding our use of your personal information.
Effective Date: April 1, 2005
Amendment Date: January 1, 2010
Amendment Date: April 1, 2013
Amendment Date: April 1, 2017
Amendment Date: June 1, 2018
Amendment Date: April 1, 2019
Added Appendix A: “Additional Provisions Applicable to Processing of Personal Information of EEA Residents.” Appendix A includes detailed information provided pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of Personal Information and on the free movement of such data, commonly referred to as the “General Data Protection Regulation” (GDPR).
Appendix A: Additional Provisions Applicable to Processing of Personal Information of EEA Residents
For individuals residing in the EEA, this Appendix outlines certain additional information that MORI HOSPITALITY CORPORATION is obligated to provide to you, as well as certain rights you have with respect to the processing of your personal information, based on the General Data Protection Regulation (GDPR). This Appendix A shall prevail to the extent it conflicts with any provision in the main body of this Policy.
1. Processing of Personal Information
The purposes of personal information
The purposes of personal information that we handle are set out in Article 2.
The categories of personal information:
Personal Information that we collect and retain includes the following:
① Basic Information (name, address, phone number, e-mail address, individual identification code, sex, date of birth, nationality, fax number, address for service, etc.);
② Additional information (occupation, office information (company name, address, telephone number, department name, managerial position), the day of a wedding, family information (name, relationship, birthday), etc. )
③ Payment information (a credit card number, the bank account information, the billing address, etc.)
④ Service Utilizing Information (facility use state, a merchandise purchase state, etc.);
⑤ Informative matters/Messages (e-mail, website form input, fax, a phone note, letter, the answers to the questionnaires, etc. )
⑥ Information collected by using security systems (security camera, card key, etc.)
⑦ Information automatically collected on our website (cookies, IP address, etc.)
⑧ Hotel register items (address, name, occupation, nationality, passport number, age, previous place of stay (coming from ~), next place of stay (going to ~), arrival date and time, departure date and time, guest room name, etc.)
Acquisition of Personal Information
We collect personal information from the following sources in conducting business related to our facilities, services and products.
① Direct acquisition from an individual:
by telephone, letter (including electro-magnetic records), business cards, verbally, through the internet, etc.
② Acquisition from persons with proper authorization to provide information for an individual:
an individual applying on behalf of another, a party introduced by as second party, travel agents, business partners and agents selling retail packaged plans.
③ Acquisition from published material or public sources:
internet, newspapers, telephone directories, books and other publications, etc.
Provision to a third party
We provide Personal Information to a person who falls under any of the following items:
① a business operator whom we entrust with the handling of Personal Information;
② a Joint User among which we jointly use personal Information; and
③ information providing destination specified by laws and regulations, etc., in case of provision of Personal Information under laws and regulations, etc.
2. Legal Basis
We process customer’s personal information based on the customer’s consent in principle. The processing of personal information in the absence of the customer’s consent shall be based on the necessity for the performance of the contract with the customer, the necessity to take steps at the request of the customer prior to entering into a contract, the necessity for the purposes of the legitimate interests pursued by us or a third party, or the necessity for compliance with a legal obligation to which we are subject. The legitimate interests pursued by us or a third party include an increase in operating income from marketing and improvement of services, and improvement of the convenience, security, etc., of our website.
3. Transfer of Personal Information to a Third Country.
For the purposes of fulfilling the contract with the customer, or for taking procedures according to the customer’s request prior to entering into a contract, personal information acquired outside Japan will be transferred to Japan.
Japan has received an adequacy decision on protection of personal information from the European Commission.
We handle the customer’s personal information with appropriate security and confidentiality measures.
4. Retention Period
We retain personal information for the period necessary to accomplish its purpose of processing. Following the retention period, we eliminate or anonymize such personal information in a secure way within a reasonable period of time.
5. Customer’s Rights
You have the following rights with respect to us based on laws and regulations.
A customer may exercise these rights by contacting the Inquiry Desk stated in Article 11 of the Policy.
In the event that you exercise these rights, we will respond in good faith, barring statutory exceptions, after confirming that the requesting person is the person in question.
① The right of access
The right to obtain confirmation as to whether or not personal information concerning you is being processed, and where that is the case, (the right to) access to the personal information and the accompanying information.
② The right to rectification
The right to obtain the rectification of inaccurate personal information concerning you.
③ The right to erasure
The right to obtain the erasure of personal information concerning you in certain cases.
④ The right to restriction of processing
The right to obtain restriction of processing in certain cases.
⑤ The right to object to processing
The right to object the processing of personal information based on the purposes of the legitimate interests pursued by us or third parties.
⑥ The right to data portability
The right to receive the personal information concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us.
6. Withdrawal of Consent
You can withdraw consent on the processing of your personal information at any time. Withdrawing consent does not affect the lawfulness of the processing based on consent before the withdrawal. You can withdraw consent by contacting the Inquiry Desk stated in Article 11 of the Policy.
7. Lodging a Complaint with an Authority
Customers have the right to lodge a complaint on the processing of their personal information with the protection authority having jurisdiction over their residence.
8. Personal Information Necessary for Accommodations
We require the following information to provide accommodation services to our customers. In particular, the laws of Japan require that we keep the information on the hotel register for three years. Should you be unable to provide the required information, we may not be able to provide you with accommodation services.
① Basic information (name, telephone number, etc.)
② Hotel register items (name, address, occupation, nationality, passport number, sex, age, etc.)
9. Personal Information from Children
A guardians consent or permission must be obtained in the event that a customer under the age of 16 uses our service and consents to the Policy.
10. Automated Individual Decision-Making, including profiling
We do not make decisions based solely on automated processing, including profiling.
11. Free of Charge
Notwithstanding Article 11 of this Policy, no postal money order with fixed amount issued by Japan Post Bank (Teigaku-Kogawase) shall be enclosed when you make an inquiry.