Our aim is to establish a relationship with our customers firmly built on trust by providing high-quality service that meets a myriad of requests. By fully utilizing the ORIX Group's comprehensive power as a member, we deem our customers' privacy as a critically important information asset, and will accumulate it through fair and legal practices, ensuring that it is appropriately used, controlled and protected in accordance with the following policies. The purpose of this document is to publicize our uses and explain our handling measures, pursuant to the provisions of the Act on Identity theft prevention measures.
Purpose behind personal information use
We will only use customer personal information for the following purposes. We will not use any personal information of customers beyond the scope of necessity for achievement of the following purposes without consent of the customer:
If we intend to use any personal information for any purposes other than those listed above, we will specify the purpose of such usage and obtain prior consent from the relevant customer.
Sharing of Personal Data
The ORIX Group responds and meets the various needs of its customers by fully utilizing its comprehensive power under its consolidated management; therefore, we may share personal information of customers held by us with ORIX Group companies. Please refer to the following:
Compliance with laws
We recognize that for the purposes of identity theft protection, it is necessary that all directors and employees adequately understand laws and regulations and other norms on the handling of personal information and comply with them, and will ensure that said understanding and compliance is thoroughly realized.
Continuous improvement of the compliance program
The company will create a compliance program that includes items on the handling of personal information; and periodically review, maintain and improve it.
Protection and control of personal data
Based on established company rules etc., the personal data of customers is appropriately controlled under the custody of a compliance officer, who is appointed to each department, taking the utmost care to prevent such information from being leaked to the outside. Furthermore, we have taken security measures in an adequate and reasonable level against risks such as unauthorized access from outside, loss, destruction, and falsification.
Commission of handling of personal data
In order to provide better services for customers, we may commission outside persons to perform our
business. In this case, we may also commission these persons to perform all or part of our handling of
personal data. In selecting such persons to be commissioned, we carefully make evaluations based on our
standards for appropriate handling, which have been established in terms of the control of personal
data, confidentiality, and restriction on re-commission, prevention of identity theft, etc. Upon
contracting these services, we supervise and control such commissioned persons.
Examples of commissioned persons:
Information processing companies, direct mail posting companies, shuttle service companies and other companies which are necessary for our business operation.
Provision of personal data to a third party
We will not disclose or provide any personal data of customers held by us to or for any third party without consent of the customer; except, however, in the following events:
Notification of purpose of use, disclosure, correction etc. and termination of use etc. of held personal data
In the case that a customer requests notification of purpose of use, disclosure, correction etc. and termination of use etc. of held personal data, it will be necessary to perform identity verification procedures as stipulated by the company and then perform application procedures as stipulated by the company. Furthermore, a processing fee may also be charged. For details of the procedures and fees required, please contact the “Personal Information Inquiry Service” as shown below. Moreover, customers’ personal data listed on accommodation logs will be deleted upon request only after passage of the retention period stipulated under the Inns and Hotels Act.
Personal Information Inquiry Service
ORIX Hotel Management Corporation
Nippon Life Hamamatsucho Crea Tower.14th Floor, 2-3-1, Hamamatsu-cho, Minato-ku, Tokyo 105-0013
Tel : +81 (0)3-5776-3421
Fax : +81 (0)3-5776-3427
Email adress : email@example.com
To provide customers with useful information, our website may include links to other companies’ websites, but we cannot be held responsible for the protection of privacy on those websites.
(Date of latest update: Jan 15, 2020)
To run our business, we process information about you (referred to as “Personal Data”), as prospective and current customers, representatives of our prospects, customers and suppliers, and visitors to our websites.
protection of Personal Data is important to us. We therefore process any Personal Data entrusted to us, as data controller or data processor, in full compliance with applicable law, in particular, GDPR.
We process your Personal Data to achieve the purposes set forth below.
We may also obtain personal data from our third party service providers and from public sources and combine that with information we collect from you where we believe that it is necessary to help manage our relationship with you.
We may process your Personal Data based on the following legal grounds:
In relation to the processing of your Personal Data, our legitimate interests include:
In the case of processing your Personal Data for purposes other than the foregoing, we will notify you in advance of such purposes and other matters as required by applicable law.
The Personal Data that you are to provide is necessary for us to provide our services to you. Therefore, without the Personal Data, there may be cases where we will not be able to provide the services to you, in whole or in part.
We will only retain your Personal Data for as long as such Data is necessary to fulfil the purpose for which it was collected to provide the services to you and for any period thereafter as legally required or permitted by applicable law. We will promptly delete your Personal Data when such Data is no longer needed.
We may transfer your Personal Data to personnel within our Company and to other ORIX Group companies.. Such other ORIX Group companies will either act as another independent controller or will process your Personal Data on our behalf and upon our request (thereby acting as “data processor”). In all cases, the Personal Data will be processed only for the purposes set out above.
For clarity, such affiliate companies within the ORIX Group may or may not “ORIX” in
their company name. For details regarding affiliate companies not including “ORIX”
in their names, please refer to the "List of Co-Users". (https://www.orix-realestate.co.jp/group_en.html)
*Affiliate companies are subject to change.
We may also transfer Personal Data to third parties outside our Company and the ORIX Group, including our (IT) systems, cloud service and database providers, hotel management companies, outside contractors and professionals (including accounting firms, tax firms and law firms), to achieve the purposes set out above, to the extent they need it to carry out the instructions we have given to them or the agreements we have entered into with them. As data processors or joint controllers, the above third parties enter into an agreement with us to process the Personal Data in compliance with applicable law (including GDPR).
Where required, we may also transfer your personal data to:
The Personal Data may be transferred to entities in countries or jurisdictions outside the EEA, such as Japan, if required for the purposes described above. Please note that such countries or jurisdictions may not have the same data protection laws as the EEA and that they may not afford many of the rights conferred upon you in the EEA. We will ensure that any such international transfers are made subject to appropriate and suitable safeguards as required by GDPR or other relevant laws. When doing so, we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of the Personal Data. This may include entry into the relevant EU standard contractual clauses as approved by the EU Commission prior to such transfer to ensure the required level of protection for the transferred Personal Data. You may request additional information in this respect.
Effective date: 2020/1/31
Unazuki Hotel K.K