commercial transactions
Noborioji Hotel, Ltd. (hereinafter referred to as “the Hotel”) handles the personal information or personal data of its the Guest and external stakeholders (hereinafter referred to as “the Guest”) in accordance with the following policy. Any revisions will be announced on this page.
1. Scope of personal
information
Personal information in this policy refers to personal information as defined in Article 2.1 of the Act on the Protection of Personal Information (Act No. 57 of 2003, hereinafter referred to as the “Personal Information Protection Act”).
2. Acquisition of personal information
When acquiring personal information, the Hotel will clearly state the purpose for which the information is to be used and will acquire the information in a lawful and fair manner.
- 1)Direct acquisition from the Guest
Telephone, written documents (including electromagnetic records), business cards, oral, internet, etc. - 2)Acquisition from a person duly authorized by the Guest
Introducers, travel agents, business partners, and businesses accepting package deals, etc. - 3)Acquired from publicly available information media
Internet, newspapers, telephone books, books and other publications, etc.
For those under 18 years of age, personal information will only be handled with the consent of a parent or guardian in addition to confirmation and consent of the individual.
3. Management of personal information
- 1) The Hotel will comply with the Personal Information Protection Act, the various guidelines established in relation to the Act, and this policy.
- 2) The Hotel will take necessary and appropriate measures for the safe management of personal information, including internal management and supervision, employee training, and supervision of contractors, to prevent leakage, loss, or damage of personal information.
- 3) The Hotel will acquire personal information and use the acquired information to the extent necessary for the purposes set forth in this policy. If the Hotel intends to use personal information beyond the scope of the purposes set forth in this policy, the Hotel will obtain prior consent from the Guest in an appropriate manner.
- 4) In order to prevent leakage, loss, falsification, etc. of personal information, the Hotel will manage the information appropriately in accordance with the security control measures set forth in this policy.
4. Purposes of use
of personal information
The Hotel will use the personal information of the Guest for the following purposes
- 1)Personal information of the Guest who are planning to purchase or have already purchased the Hotel’s goods or services
- a) Provision of the Hotel’s goods and services and related correspondence
This includes the following uses: - ・Process reservations, changes, and cancellations with regards to the use of the Hotel
- ・Provide reminders regarding dates of stay at the Hotel
- ・Provide lodging, food and beverage, sales of goods, and other incidental services at the Hotel
- ・Issue invoices, process payments, issue receipts, process refunds, and conduct other settlement with regards to consideration for the services offered by the Hotel
- ・Respond to inquiries regarding the Hotel’s goods and services
- ・Verify the history of usage in the event of a request for after-sales service (lost and found)
- b)Implementation of improvements and enhancements to the Hotel’s goods and services
This includes the following uses: - ・Conduct surveys regarding the Hotel’s goods and services
- ・Create internal records if any problems with the Hotel’s goods or services occur
- ・Analyze feedback on new goods and services
- c)Distribution of advertisements regarding the Hotel’s goods and services
This includes the following uses: - ・Notify campaigns and events related to the Hotel’s goods and services
- ・Send catalogs and promotional materials related to the Hotel’s goods and services
- ・Distribute e-mail newsletters regarding the Hotel’s goods and services
- d)Continuation of the Hotel’s business operations
This includes the following uses: - ・Perform obligations or exercise rights stipulated in a contract
- ・Manage potential and existing guests
- ・Develop sales and product strategies based on purchase and service history
- ・Ensure the safety and health of the Guest staying at the Hotel
- ・Maintain information security on IT systems managed by the Hotel
- ・Maintain operation and safety of the facilities managed by the Hotel
- ・Respond to legal requirements or guidance from governmental authorities
- ・Implement other purposes of use clearly indicated at the time of acquisition of personal information
- a) Provision of the Hotel’s goods and services and related correspondence
- 2)Personal information of other business partners including suppliers
- a)Purchases of goods and services of suppliers and related interactions
This includes the following uses: - ・Set up meetings with business partners regarding their goods and services
- ・Implement internal procedures with regards to the payments for the purchase of goods and services from business partners
- ・Coordinate delivery schedules for business partners’ goods and services
- ・Confirm payment for goods and services provided by business partners
- ・Inquire about the goods and services provided by our business partners
- ・Inquire about or make requests for after-sales service
- b)Continuation of the Hotel’s business operations by the Hotel
This includes the following uses: - ・Perform obligations or exercise of rights stipulated in contracts
- ・Manage existing and new business partners
- ・Distribute information related to the Hotel’s business operations, etc.
- ・Verification identities for events held by the Hotel for business partners
- ・Formulate purchasing strategies based on purchase history
- ・Maintain information security on IT systems managed by the Hotel
- ・Maintain operation and safety of the facilities managed by the Hotel
- ・Respond to legal requirements or guidance from governmental authorities
- ・Implement other purposes of use clearly indicated at the time of acquisition of personal information
- a)Purchases of goods and services of suppliers and related interactions
- 3)Personal information of job applicants and internship students
- a)Implementation of recruitment and internship activities by the Hotel
This includes the following uses: - ・Distribute information regarding the Hotel’s recruitment and internship events
- ・Notify the schedule of the Hotel’s selection process
- ・Notify the Hotel’s selection results
- ・Conduct various types of communications during the internship period
- ・Maintain information security on IT systems managed by the Hotel with regards to any access rights given during the internship
- a)Implementation of recruitment and internship activities by the Hotel
5. Security control measures
regarding personal
information
- 1)Establishment of basic policy
This privacy policy has been established to ensure the proper handling of personal information and to provide a point of contact for questions and complaints.
- 2)Establishment of internal rules in the handling of personal information
The Hotel has established internal rules that stipulate the obligations and handling methods of personal information at each stage of acquisition, use, storage, provision, deletion, disposal, etc., and made every effort to ensure that directors and employees comply with these rules.
- 3)Organizational safety control measures
A person responsible for the handling of personal information (Personal Information Protection Manager) is appointed, and the employees who handle personal information and the scope of their handling are clearly defined. The Hotel has established a system for reporting to the Personal Information Protection Manager in case of a violation or potential violation of related laws and regulations or internal rules is detected, and the Hotel conducts periodic self-inspections and receives audits of the status of personal information handling by other departments. In addition, when the handling of personal information is outsourced, audits of the handling of personal information at the outsourced company are conducted as necessary.
- 4)Personnel safety control measures
The Hotel has established internal rules regarding the confidentiality of personal information and conducts periodic training for employees regarding personal information.
- 5)Physical security control measures
The Hotel strictly controls access to areas where important information systems that handle personal information are managed, controls access grants, and restricts storage of personal information on external devices. In addition, measures are taken to prevent theft or loss of equipment, electronic media, and documents that handle personal information, as well as to prevent easy access to personal information in the event of such an incident.
- 6)Technical security control measures
The Hotel implements access controls, etc. to personal information to limit the number of employees and the scope of their handling. The Hotel also takes measures to prevent unauthorized access from outside and the intrusion of unauthorized software on equipment that handles personal information.
- 7)Understanding external environments
The Hotel does not handle personal data of the Guest in foreign countries.
6. Provision to
subcontractors
To the extent necessary to achieve the purposes of use stipulated in this policy, the Hotel may outsource all or part of the handling of acquired personal information of the Guest to a subcontractor. In such cases, the Hotel contractually obligates the subcontractor to appropriately manage the personal information to prevent it from being used for purposes other than those specified, leaked, or otherwise compromised.
7. Disclosure and
provision to third parties
The Hotel will not disclose or provide personal data to third parties, except in the case of provision to subcontractors as described above, or in any of the following cases
- 1)When the Hotel has the consent of the Guest
- 2)When disclosure or provision is required by law
- 3)When disclosure or provision is necessary for the protection of human life, human health, or property, and it is difficult to obtain the Guest’s consent
- 4)When it is necessary to cooperate with national or local governments in the performance of their official duties and obtaining the Guest consent would interfere with the performance of such duties
8. Information obtained
in connection with
personal information
Regardless of whether or not it falls under the definition of personal information, the Hotel will collect information related to the content and date of purchase of goods and services purchased by the Guest, use and browsing of the website operated by the Hotel (this includes cookie information, access logs and other information related to usage conditions, information on your device, operating system, etc.), or any other information related to the Guest's use of the Hotel's website. The information will be used to improve the functionality of the website operated by the Hotel and to conduct advertisements and promotions related to goods and services based on browsing and purchase histories.
9. Disclosure, etc.
If the Guest wishes to request disclosure of his/her own personal information data held by the Hotel, the Guest may request disclosure of the personal data, correction, addition, deletion, suspension of use or elimination, notification of purpose of use, etc. with regards to the data, in accordance with the procedures prescribed by the Hotel. However, please note that the Hotel may not be able to comply with your request in the following cases:
- 1)When all items required for verification of personal identification as specified by the Hotel are not fulfilled
- 2)When the personal data does not fall under the category of “personal data” as defined in the Personal Information Protection Act
- 3)When the details of the request fall under the exemption from obligations under the Personal Information Protection Act
10. Method and contact
for receiving disclosure, etc.
Any of the above requests or other inquiries regarding personal data held by the Hotel should be made by mail to the following address. To prevent unauthorized requests by spoofing, etc., the Hotel will take reasonable steps to verify the identity of the person making the request, such as requesting the submission of identification documents at the time of the request. However, even in the unlikely event that the request is made by a third party other than the Guest who has access to the Guest’s personal data and identification documents, the Hotel shall not be held liable to the Guest for any loss or damage incurred by the Guest as a result of the Hotel’s handling of the request, unless the damage was caused by the Hotel’s intentional or gross negligence. The Guest is kindly requested to take utmost care in managing your personal information.
Administration Department
Noborioji Hotel, Ltd.
40-1, Noborioji-cho, Nara City, Nara, 630-8213, Japan