隱私政策

關於個人信息處理的基本事項

關於獲取個人信息

我們將僅在業務需要的範圍內通過以下方式適當獲取您的個人信息。
・從個人直接獲取：電話、口頭、書面（包括電磁記錄）、名片、網絡等）
・從本人正式授權的人處獲取：第三方，如使用申請人、介紹人、旅行社、商業夥伴等。
・ 從公開渠道獲得：報紙、互聯網、電話簿、書籍等。
・經我們許可使用我們商標的經營者和管理和運營酒店的三菱地產（與我們公司管理和運營的酒店一起，以下稱為皇家花園酒店Group Hotels”）從我們的集團公司和相關方收購，證券報告書或集團公司名錄中記載的（以下稱為本公司集團公司等）：相關事業者的隱私政策中規定的適當的個人信息取決於共同使用的方式

關於個人信息的利用目的

我們會在以下情況下使用您的個人信息。
・在我們公司提供住宿，飲食和宴會等酒店設施運營服務時
・當我們提供有關設施、產品、服務等的信息時。
・為了改善服務，向客戶發送問卷等調查請求合作時
・用於提供有關我們會員系統的各種信息和服務時
・經個人同意向第三方提供時
・用於與我公司、皇家花園酒店Group 酒店、我們集團公司等的商業化支持和合作。
・用於本公司、皇家花園酒店Group酒店、本公司集團公司等的PR活動和IR活動的各種溝通和指導時。
・用於本公司、皇家花園酒店Group旗下酒店、本公司集團公司等的環境活動和CSR活動中的各種溝通和指導、交付物和出版物等的運營和管理。
・用於本公司、皇家花園酒店Group Hotels或集團公司等作為秘書處的各種組織等的運營時
・用於本公司求職者的招聘活動時
・我們在獲取個人信息時明確的使用目的範圍內使用個人信息的情況下，或者在回應附帶或與我們的業務相關的事項時

論個人信息的共享利用

為了提供客戶高附加價值服務，我們將在嚴格的管理和適當的安全措施下共同使用以下個人資訊。
・共同使用個人資訊的各方：參與皇家花園酒店飯店的管理與營運的經營者、集團公司等。
・共同使用的目的：
(1) 在皇家花園酒店集團旗下酒店提供住宿、餐飲、宴會等酒店設施管理業務服務時。
(2)當皇家花園酒店飯店提供設施、產品、服務等資訊時
(3) 為了改善皇家花園酒店集團飯店的服務，我們請您配合調查，例如向我們的顧客發放問卷。
(4) 用於提供有關皇家花園酒店集團酒店會員制度的各種資訊和服務時。
(5) 為了因應皇家花園酒店集團酒店業務附帶或相關的事項或在獲取個人資訊時公開的使用目的範圍內使用個人資訊的情況。
・共同使用的個人資料項目：顧客姓名、會員號碼、電話/傳真號碼、國籍、護照號碼、地址、電子郵件地址（包括其他同等社群媒體ID等）、年齡、性別、需要的資訊項目考慮生日、週年紀念日、工作資訊、其他請求、使用歷史記錄等。
・分享個人資訊管理負責人：三菱地所飯店及度假村株式會社

關於第三方提供個人信息

除以下情況外，我們不會向第三方提供或披露個人信息。
1. 顧客本人同意時
2. 法律要求時
3. 人的生命、身體或財產等特定權益可能受到侵害，需要提供個人信息保護時，難以取得客戶本人的同意
4.為改善公共衛生或促進兒童健康發展特別需要，又難以徵得本人同意時。
5. 政府機構等在執行皇家花園酒店合作的民間企業等）可能會妨礙就向相關國家的機構等提供個人信息，在徵得客戶同意的情況下執行相關事務。
6. 當第三方為學術研究機構等，且第三方需要為學術研究目的處理個人資料時（處理個人資料的部分目的為學術研究目的），但不包括以下情況存在不公正地侵犯個人權益的風險。）

個人信息咨詢窗口 (主管部門) 等

關於本公司持有的個人信息的公開等請求手續和本公司個人信息的處理的咨詢、意見等，請聯係以下窗口。確認咨詢等是本人的情況下，進行對應(但是，在某些情況下可能無法滿足您的要求。)。

三菱地所飯店及度假村有限公司
個人資訊諮詢處
郵遞區號：107-0062
地址：東京都港區南青山1-1-1新青山大廈東館13樓

論個人信息管理體制

本公司將努力對個人信息進行適當的管理和保護，如下所示。

個人信息保護

我們成立了信息管理委員會，以促進信息管理並努力保護個人信息免受未經授權的訪問。
・為確保個人信息的安全，我們從運營管理和系統兩方面採取安全措施，以防止未經授權訪問系統以及個人信息的丟失、破壞、篡改、洩漏等。
・登記個人信息的數據庫存儲在受外部訪問機制（防火牆）保護的系統中。
・在本網站上，顧客與互聯網之間的個人信息的收發，使用SSL（Secure Sockets Layer）加密通信，有可能無法訪問或輸入信息。
・我們可能會在我們的網站等上使用稱為 cookie 的信息，以提高客戶的便利性。您可以通過更改瀏覽器設置來禁用 cookie 功能，但因此您可能無法使用某些服務。
・我們可能會出於網站使用調查等統計分析的目的使用訪問日誌信息，但不包括可以識別個人身份的信息。

內部結構

・本公司為確保員工徹底保護客戶的個人信息，實施必要的安全措施。
・在委託處理個人信息的全部或一部分時，公司將對受託方的個人信息處理等進行定期檢查，以確保對受託個人信息的安全管理進行適當的監督。
・在國外處理個人信息時，公司定期收集和了解有關該國個人信息保護系統的信息，並採取安全控制措施。

鏈接目標中的個人信息

本公司的主頁為了向顧客提供更方便和有用的信息和服務，介紹了向第三者(其他公司、團體)的主頁 (網站) 的鏈接。關於鏈接網站 (網站) 上進行的個人信息的收集、處理， 本公司概不負責。

其他

・如果公司需要更改“隱私政策”的內容，該內容將在公司網站等上公佈。請注意，對於因未檢查而造成的任何問題，我們概不負責。
・如果您的註冊信息有任何變更，或者您希望刪除它，請盡快聯繫註冊的酒店，以便順利提供服務。

資訊管理經理
三菱地所飯店及度假村有限公司
社長大島雅也

• PRIVACY POLICY（GDPR）

  MITSUBISHI ESTATE HOTELS & RESORTS Co., Ltd. PRIVACY POLICY (LAST UPDATED: [APRIL 1, 2022])

  Mitsubishi Estate Hotels & Resorts Co., Ltd. (the “Company”) is aware that information that could identify an individual customer of the Company (“Personal Information”) is valuable information, and has therefore established regulations on information management in order to handle Personal Information with the utmost care. Please review the Company’s basic policy on the handling of Personal Information set forth below.

  Ⅰ. Collection of Personal Information

  The Company collects Personal Information only to the extent appropriate and necessary to conduct the Company’s business using the methods set forth below.
  1. Direct collection from customers: Collection via telephone, orally, in writing (including electronic records), from business cards, online (including information that is input when using websites of hotels managed and operated by the Company and information input when performing member registration), and so on. The information we collect from you is likely to include.
  2. Collection from third parties duly authorized by customers: Collection from third parties such as users, potential users, referral agencies, travel trade professionals, and business partners. The information we collect from such third parties is likely to include
  3. Collection from publicly available sources: Collection from newspapers, online, telephone directories, books, and other such sources. The information we collect from such publicly available sources is likely to include　your name, telephone or fax number, nationality, address, email address (including social media IDs and the like associated with email addresses), age, gender, date of birth, anniversary date, employer information, requests, and use history.
  4. Collection from businesses engaged in the management and operation of the hotels that use the Company’s trademarks under license from the Company (referred to collectively with hotels managed and operated by the Company as “Royal Park Hotels Group Hotels”), Mitsubishi Estate Co., Ltd., its group companies listed in financial statements or on the list of group companies, and other relevant parties(“Mitsubishi Estate Group”): Personal Information will be collected by the relevant businesses and shared by means of shared use of Personal Information, as specified in the privacy policies of these businesses. The information we collect from such businesses is likely to include your name, membership registration number, telephone or fax number, nationality, passport number, address, email address (including social media IDs and the like associated with email addresses), age, gender, date of birth, anniversary date, employer information, requests, and use history.

  Ⅱ. Purposes of Use of Personal Information

  The Company uses Personal Information for the following purposes.
  1. To provide services through the operation of hotel facilities such as accommodation, dining, and banquet space.
  2. To provide information regarding its facilities, products, services, and so on.
  3. To facilitate customer surveys and the like presented by the Company intended to improve the Company’s services.
  4. To provide various information and services in relation to its membership program provided by the Company.
  5. Provision of personal information to third parties only when granted consent by the person concerned.
  6. For support and collaboration on commercialization of businesses of the Company and its group companies.
  7. For communication/notifications in corporate communication activities/IR activities.
  8. For various communication/notifications and operations/management of delivery of deliverables/publication in environmental activities/CSR activities.
  9. For operations of various organizations where the Company takes the role of administrative office.
  10. For conduct of employment application screening at the Company.
  11. To respond to other matters ancillary or related to its operations when use is within the scope of the intended use specified at the time that the Personal Information was acquired.

  Ⅲ. Shared Use of Personal Information

  In order to add high levels of value to the services provided to customers, the Company shares Personal Information as set forth below under strict controls and with appropriate security measures in place.
  1. Joint users of Personal Information: Businesses engaged in the management and operation of Royal Park Hotels Group Hotels, including guest service providers and Mitsubishi Estate Group.
  2. Purposes of Shared Use:
  (1) When providing services through the operation of hotel facilities such as accommodation, dining, and banquet space at Royal Park Hotels Group Hotels.
  (2) When Royal Park Hotels Group Hotels provide information regarding facilities, products, services, and so on.
  (3) When you participate in customer surveys and the like presented by the Company intended to improve Royal Park Hotels Group Hotel services.
  (4) When the Company provides various information and services in relation to its membership programs provided by Royal Park Hotels Group Hotels.
  (5) When Royal Park Hotels Group Hotels respond to other matters ancillary or related to their operations when use is within the scope of the intended use specified at the time that the Personal Information was acquired.
  3. Personal Information subject to shared use: your name, membership registration number, telephone or fax number, nationality, passport number, address, email address (including social media IDs and the like associated with email addresses), age, gender, date of birth, anniversary date, employer information, requests, and use history.
  4. Administrator of Personal Information subject to shared use: Mitsubishi Estate Hotels & Resorts Co., Ltd.

  Ⅳ. Provision of Personal Information to Third Parties

  Except in the following cases, the Company shall not provide or disclose Personal Information to third parties. Subject to the requirements specified in Articles X and XI, the Company may disclose Personal Information to cloud service providers as long as such cloud service providers are precluded from using the Personal Information provided.
  1. When you consent.
  2. When the disclosure is based on laws and regulations.
  3. When there is a need to protect a human life, body or fortune, and when it is difficult to obtain your consent.
  4. When it is particularly necessary to improve public health or promote the sound development of children, and it is difficult to obtain the consent of the person.
  5. When there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining your consent would interfere with the performance of the said affairs.5.When there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining your consent would interfere with the performance of the said affairs.
  6. Where such third party is an academic research institution, etc., and it is deemed necessary for such third party to handle such personal data for academic research purpose (including cases where part of the purpose of handling such personal data is for academic research purpose, but excluding cases where it is deemed liable to unjustifiably infringe on individuals’ rights and interests).

  Ⅴ. Contact Information regarding Personal Information (Responsible Division)

  For inquiries regarding procedures for requesting disclosure, etc. of personal information held by the Company and the handling of personal information by the Company, please contact the following. We will respond after confirming that the inquiry, etc. is made by the person in question.
  

  Company name： Mitsubishi Estate Hotels & Resorts Co., Ltd.
  Address : Shin Aoyama Bldg. East 13F, 1-1-1, Minamiaoyama, Minato-ku, Tokyo 107-0062 JAPAN
  E-mail: privacy-data@rphs.jp

  Ⅵ. Protection of Personal Information

  The Company has established the Information Management Committee to manage Personal Information as it strives to protect Personal Information from unauthorized access. The Information Management Committee has implemented, and will continue to oversee, the following matters.
  - To ensure the security of Personal Information and prevent unauthorized access to systems and the loss, destruction, alteration, or leak of Personal Information, the Company has implemented security countermeasures concerning both operational management and systems.
  - Databases in which Personal Information is recorded are stored on systems protected by mechanisms (including firewalls) to prevent external access.
  - Transmission and receipt of Personal Information with you via the Internet on the Company’s website use encrypted transmissions that employ Secure Sockets Layer (SSL). In cases where you use a browser that does not support SSL, you may not be able to access SSL secure pages or to input information.

  Ⅶ. Internal Systems

  The Company has implemented security measures to ensure that its employees carry out comprehensive protection of your Personal Information, and to appropriately monitor outside contractors and others.

  Ⅷ. Personal Information on Third-Party Linked Sites

  In order to provide more useful information and services to you, the Company’s websites contain links to the websites of third parties (other companies and organizations). The Company assumes no responsibility regarding the collection and handling of Personal Information by such linked third-party websites.

  Ⅸ. Other

  - If it becomes necessary to revise this Privacy Policy, the Company shall provide notice to that effect on its website or by other means. The Company assumes no responsibility regarding any problems that may arise as a result of failure to confirm changes to this Privacy Policy.
  - If any changes occur to information registered with the Company or if you want Personal Information to be deleted, please promptly contact the hotel that registered the information so that the services can be effectively provided.

  Ⅹ. Handling of Personal Information of EEA and UK residents

  In addition to Articles I-IX above, the provisions in this Article X and Article XI below shall apply to the handling of Personal Information of persons in the European Economic Area (EEA and UK) that is subject to the General Data Protection Regulation (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL). If any provision of these Articles X and XI conflicts with the provisions of Articles I-IX above, the provisions of Articles X and XI shall prevail.
  1. Legal basis for processing: The Company will process and use Personal Information to manage its contractual relationship with you, to pursue a legitimate interest, and/or to comply with a legal obligation.
  It will be necessary for the Company to use your Personal Information to complete a booking you have made with us. For example, we will need to use information such as your contact details and payment information to provide you with the stay and/or restaurant booking you have requested and paid for.
  Alternatively, we may collect and use your Personal Information where you have given your specific consent to us doing so.
  2. Collection of access data: In addition to the information specified in Article I, we automatically collect data related to you when you visit our websites. This data that we obtain from you when you visit us (“access data”) includes access logs, web beacons (also known as pixel tags), cookies, etc. For more information about how we use your access data, please see Article XI below.
  3. Disclosure of your Personal Information to recipients： We may share your Personal Information with businesses engaged in the management and operation of Royal Park Hotels Group Hotels for the purpose described in “III Shared Use of Personal Information”. We may also share your Personal Information with internet service providers, cloud service providers, guest service providers, Most of these recipients are located in Japan. We will ensure an adequate level of protection of your Personal Information when they are disclosed to a recipient located outside the EEA and UK.
  4. Transfer of your Personal Information: Your Personal Information may be transferred to and stored by the Company and our service providers in countries outside the country in which you are located and outside the EEA and UK. The Company operates businesses in multiple jurisdictions, some of which are not located in the EEA and UK, such as Japan, China and the USA. Where we transfer your Personal Information outside the EEA and UK, we will ensure that:
  (a) the recipient destination has been subject to a finding from the European Commission that it ensures an adequate level of protection for the rights and freedoms that you possess in respect of your Personal Information; or
  (b) the recipient enters into standard data protection clauses with us that have been approved by the European Commission.
  You can obtain more detailed information about the protection given to your Personal Information when it is transferred outside the EEA and UK (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Information) by contacting us in accordance with the contact information provided above.
  Retention of Your Personal Information: The Company will keep your information for as long as we need it for the purpose it is being processed for. For example, where you book a stay with us we will keep the information related to your booking, so we can fulfill the specific travel arrangements you have made and after that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the booking. The information may also be retained so that we can continue to improve your experience with us and to ensure that you receive any loyalty rewards which are due to you.
  We will actively review the information we hold and delete it securely, or in some cases anonymize it, when there is no longer a legal, business or customer need for it to be retained.
  5. Your Data Protection Rights: Under certain circumstances prescribed by law, you have the right to:
  - Request information about whether we hold Personal Information about you, and, if so, what that information is and why we are holding and using it.
  - Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Information we hold about you and to check that we are processing it lawfully.
  - Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  - Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no basis for us to continue to process it. You also have the right to ask us to delete or remove your Personal Information where you have exercised your right to object to it being processed.
  - Request restriction of processing of your Personal Information. You may request restriction in certain circumstances. For example, you can request it when you dispute the accuracy of your Personal Information or when you want to confirm the legal grounds for the lawful processing of your Personal Information.
  - Object to the processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and you want to object to processing on this ground owing to some aspect of your particular circumstances. You also have the right to object where we are processing your Personal Information for direct marketing purposes.
  - Object to automated decision-making including profiling. You may request not to be the subject of any automated decision-making which uses your Personal Information or profiles you.
  - Request transfer of your Personal Information in an electronic and structured form to you or to another party (commonly known as the right to “data portability”). This enables you to receive your data from us in an electronically useable format and to transfer your data to another party in an electronically useable format.
  - Withdraw consent. Where you have provided your consent to the collection, processing and transfer of your Personal Information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. If you withdraw this consent, in some circumstances, we will not be able to provide all or parts of the services you have requested from us and you will not be able to earn points, cancel your booking or obtain a refund of any charges you have paid.
  If you want to exercise any of these rights listed above, please send an email to privacy-data@rphs.jp
  You also have the right to lodge a complaint with the competent data protection authority if you think that any of your rights have been infringed by the Company.

  Ⅺ. Use of Access Data

  1. The Company collects and uses the following types of access data from visitors to our websites and users of our services.
  - In some cases, the Company makes use of information known as cookies on its websites and so on for the purpose of enhancing customer convenience. You can disable cookie functionality by changing browser settings, but it may not be possible to use some services as a result. To find out how to change your cookie settings, please select “Help” from the menu bar of your browser and search for the word “cookie”.
  - Access logs. The Company may use access log information for the purpose of statistical analysis such as investigating the number of times that the Company’s website is used, but such information does not include personally identifiable information.
  2. The following third-party providers may have access to the access data collected by us.
  Google Analytics. Google Analytics sets and accesses cookies on your computer or other device to collect information such as the numbers of visitors to our websites, where visitors have come to the websites from, and the pages they have visited. Our websites use Google Analytics to help collect and analyze certain information to engage in analysis, auditing, research and reporting. You may review Google Analytics’ security and privacy principles by clicking here, and opt out of the use of cookies in web browsers by Google Analytics by clicking here.

  Masaya Oshima
  President and Chief Privacy Officer
  Mitsubishi Estate Hotels & Resorts Co., Ltd.