1.Requesting personal information

In the cases listed below, RIHGA Royal Hotel Tokyo (hereafter referred to as “the Company”) requests and receives personal information directly from customers and from companies such as travel agencies under agreements concluded with the Company.

1. Enrollment with RIHGA Members, RIHGA Royal Gold, RIHGA Royal Classic, or RIHGA Royal L’espoir Club.
2. Hotel accommodation reservation and stay.
3. Restaurant reservation and use.
4. Applications, reservations, use of facilities, inquiries, and requests for information related to weddings, banquets, and hospitality services.
5. Enrollment, application, use of facilities, inquiries, and requests for information with respect to health club membership etc., and various courses, such as cultural lecture meetings, held by Ecole de Royal.
6. Responses to questionnaire surveys for service improvements and marketing purposes.
7. Solicitation for miscellaneous events.
8. Other cases (If the Company requests the personal information of customers for purposes other than stated above, disclosure of the purpose and content will be provided in advance and information provision will be limited to the minimum necessary.)

2.Acquisition methods of personal information

The Company uses the following methods for the acquisition of personal information.

1. Acquisition directly from customers
   By telephone, in writing (including electronic records), business cards, oral communication, Internet, etc.
2. Acquisition from persons duly authorized by customers
   Introduction providers, tour operators, allied service providers, and package product booking intermediaries.
3. Acquisition from published information media
   Internet, newspapers, telephone directories, books, and other publications, etc.

3.Purposes of use of personal information

The Company uses acquired personal information for the following purposes.

1. Transactions involving facilities and merchandise of the Company (hotel accommodation, banquets, restaurant and catering services, sales of goods, other incidental provision or sales of goods, provision of services, implementation of events, etc.), transactions between the Company and its allied business operators, and other related matters in connection with communication, merchandise shipments, payment and settlement.
2. Management of membership information and services, etc., provided to members of the Company’s membership programs.
3. For the dissemination of event information, advertisement, marketing mail, and questionnaire surveys, etc., to customers by email, postal mail, door-to-door delivery, telephone, facsimile, and by other means, in connection with the sales and marketing activities of the Company, its tenants (restaurants, stores, sales and information counters, and businesses, etc., run by business operators other than the Company, with shops or tenancies based on due authorization located on sites or in buildings owned or operated by the Company), and allied business operators.
4. With respect to services, etc., related to the Company, tenants, and the facilities and merchandise of allied businesses, to obtain and analyze usage status information for such services, etc., for the purpose of their improvement, development, and marketing, etc.
5. With regard to cookies, IP addresses, browser types, and access date and time, etc., logged by the Company website, to ensure appropriate information provision and security of the website, and to conduct statistical analysis concerning the website’s maintenance management and usage status.
6. For the creation, provision, and preservation of hotel room guest lists as stipulated in laws and regulations.
7. For responding to inquiries and requests, etc., reaching the Company.
8. In cases other than the above, provided that the consent of customers has been obtained.

4.Legal basis of the use of personal information

The legal basis for the use of personal information by the Company, as a rule, is provided by the consent of customers. In cases where the use of personal information occurs without the consent of customers, the legal basis is provided by the necessity of use for the fulfillment of agreements with customers; the necessity of use for the performance of procedures in accordance with customers’ requests before an agreement is concluded; the necessity of use for the protection of legitimate interests claimed by the Company or a third party; or the necessity of use for compliance with legal duties to be observed by the Company. The said legitimate interests claimed by the Company or a third party applies to the growth of operating income through marketing and service improvements, etc., and improvements to the convenience and security, etc., of the website of the Company.

5.Types of personal information

Personal information acquired and held by the Company includes the following.

1. Basic information on customers (street address, name, sex, date of birth, nationality, e-mail address, telephone number, facsimile number, and mailing address, etc.)
2. Additional information on customers (occupation, employer information (company name, street address, telephone number, department, position) date of marriage, information on family members (name, lineal relation, date of birth), etc.)
3. Payment information (credit card number, bank account information, billing address, etc.)
4. Service usage information (facility usage information, merchandise purchasing information, etc.)
5. Communication details (e-mails, website form inputs, facsimiles, telephone notes, letters, contents of questionnaire survey responses, etc.)
6. Information collected using security systems (security cameras, card keys, etc.)
7. Information automatically collected on the Company’s website (cookie, IP address, type of browser, access date and time, etc.)
8. Hotel guest registry information (street address, name, occupation, nationality, passport number, age, prior-day accommodation location, destination location, arrival date and time, departure date and time, name of guest room, etc.)

6.Personal information required to be provided by staying guests

In order to provide customers with hotel accommodation services, the Company requires the following information. Notably, hotel guest registry information is subject to a statutory compulsory 3-year retention period. If this information is not provided, the Company may not be able to provide hotel accommodation services to the customer concerned.

1. Basic customer information (address, name, sex, date of birth, nationality, e-mail address, telephone number, facsimile number, mailing address etc.)
2. Hotel guest registry information (street address, name, occupation, nationality, passport number, age, prior-day accommodation location, destination location, arrival date and time, departure date and time, name of guest room, etc.)

7.Protection and management of personal information

The Company practices appropriate personal information management and takes utmost care to prevent leakage of customer information.

1. The Company specifies persons responsible for the handling of personal information and restricts the number of information handling personnel to the minimum necessary.
2. The Company strives to prevent unauthorized access, loss, destruction, tampering, and leakage, etc., of personal information and implements necessary safety management measures.
3. If personal information processing, etc., is outsourced to an external service provider, the Company will select a provider judged to have an appropriate level of data management, prescribe by written agreement requirements pertaining to the handling of personal information, etc., and take all necessary measures to ensure the safety of information.

8. Provision and disclosure of personal information

Personal information provided by customers will not be provided or disclosed to any third party except in the following cases:

1. Shared information use at RIHGA Royal Hotel Group ,Associate Hotels, and InterContinental Hotels & Resorts, of which we are a member hotel.
2. Outsourcing to external service providers with whom the Company has concluded an agreement prohibiting the use of personal information other than for the services contracted by the Company.
3. In cases where customers have given prior consent.
4. In necessary cases based on laws and regulations.

9.Transfer of personal information held within the EEA (European Economic Area: EU Member States and Iceland, Norway, and Liechtenstein)

Personal information acquired by the Company outside of Japan is subject to transfer to Japan for the performance of agreements concluded with individual residents in the EEA area (in the remainder of this article, “customers”) or for the execution of procedures in accordance with the wishes of customers prior to the conclusion of an agreement. Japan has received a determination from the European Commission that Japan guarantees an adequate level of protection of personal information and accordingly, the Company uses appropriate measures to ensure security and confidentiality in the handling of personal information of customers.

10.Retention period of personal information

The Company holds personal information only for the periods necessary to achieve its purpose of use, and takes measures to safely eliminate or anonymize personal information within a reasonable time span after the passing of the retention period.

11.Requests for access to personal information, correction or deletion of personal information, and restrictions on the use of personal information; objection to the use of personal information; data portability

Customers have the following statutory rights against the Company. Customers can exercise these rights by using the form on the Company’s website or by contacting the Company’s personal information inquiry desk. The Company will respond to such requests in good faith, after conducting personal identity verification ascertaining that the exercise is made by the customer concerned.

1. Right of access to personal information
   The right to establish whether the personal information of the customer is being used, and if so, the right to access that personal information and related incidental information.
2. Right of correction of personal information
   The right to have incorrect personal information of a customer corrected.
3. Right of deletion of personal information
   The right in certain cases to have personal information of a customer deleted.
4. Right of restriction of use of personal information
   The right in certain cases to restrict the use of personal information of a customer.
5. Right of objection to the use of personal information
   The right to object to the use of personal information of a customer when that use is predicated on legitimate interests claimed by the Company or a third party.
6. Right of data portability
   The right to receive personal data provided to the Company in a form that is structured for commonly used machine readability, or to transfer the personal data to a different business operator without resistance from the Company.

12.Withdrawal of consent

Customers can, at any time, withdraw their consent concerning the use of personal information. This withdrawal of consent has no legal effect on any consent-based use of personal information that occurred before consent was withdrawn. Customers can withdraw their consent by contacting the Company’s personal information inquiry desk.

13.Appeals to regulators

Customers can, with regard to the handling of personal information by the Company, file an appeal with regulators at the national, regional, or international levels, in accordance with laws and regulations.

14.Automated decisions by profiling, etc.

The Company passes no decisions solely based on automated handling, such as the profiling of personal information.

15.Regulations concerning the handling of personal information

The Company establishes, reviews as necessary, and continuously improves internal regulations concerning the protection and handling of personal information based on standards referencing laws, regulations, and guidelines, etc.

16.Compliance with laws and regulations, etc.

The Company observes laws, regulations, standards, and internal rules relevant to the handling of personal information.