GDPR Compliant Privacy Statement
1.Principles of processing personal data
The Hankyu-Hanshin-Daiichi Hotel Group (“the Group”) shall process personal data in accordance with the following principle
The Group shall:
- Process personal data lawfully, fairly and in a transparent manner in relation to a data subject.
- Process personal data only to the extent necessary for achieving the purposes specified in advance.
- Store personal data for the period necessary for achieving the purposes.
- Maintain personal data accurately and kept up to date to the extent necessary for the purposes.
- Process personal data by implementing appropriate technical and organisational measures.
2.The purposes of personal data processing
The purposes of processing the personal data processed by the Group are as follows:
- For personal data of the general public and persons from business counterparties
- In cases regarding hotel reservations
- In cases regarding restaurant reservations
- In cases regarding the request of various materials
- In cases regarding applications and reservations for weddings, banquets, and various services
- In cases regarding applications to become a member of the Hankyu-Hanshin-Daiichi Hotel Group Members’ Club Card
- In cases regarding responses to questionnaires
- In cases the need arises for the Group to contact the customer for some reason
- Other (For services not included above, in the case when the customer’s personal information is received, the treatment of the personal information, including its use and content, will be made explicit and then explained to the customer.)
3.Acquisition of information when the customer has accessed the website
The Group uses Google Inc.’s Google Analytics for collecting and analyzing data such as the number of times the website has been accessed. Also, information regarding the customer’s interests and activity, such as their page viewing history when accessing the Group’s website, may be acquired. This includes information such as the URL of the website that you visited just before accessing the Group’s website, the type of browser, or the customer’s IP address.
4.Legal basis of processing personal data
The Group shall process personal data based on one of the following legal bases:
- In the cases the data subject’s consent has been obtained or the required matters have been notified to the data subject in accordance with the law
- In the cases it is required for the fulfillment of the contract with the data subject
- In the cases it is required for the Group to fulfill its legal obligations
- In the cases it is required for the Group to protect its legitimate interests
5.Providing personal data to a third party
- If the Group provides personal data concerning a data subject to a third party, it shall communicate the information of the recipient to the data subject as part of the processing of personal data based on the applicable legal basis.
- If the Group transfers personal data from the territory of European Economic Area (EEA) to outside the EEA, it shall implement safeguards required under applicable laws and regulations.
6.Obtaining personal data from a third party
The descriptions and source of personal data that the Group obtains from a third party are specified as follows:
- Personal data acquired from a third party
- The customer’s basic information (such as address, name, gender, date of birth, nationality, email address, phone number, fax number, postal address)
- Additional customer information (such as occupation, workplace information (name of company, address, phone number, department, position), date of marriage, family information (name, relationship, date of birth))
- Payment information (such as credit card number, bank account information, billing address)
- Service usage information (such as usage of the facilities, products purchased)
- The content of the contact made (such as of emails, website form entries, faxes, phone messages, letters, and questionnaire responses)
- Origins of the data
- Travel agents
- Online travel agents
- Restaurant reservation sites
7.Taking actions on the rights of data subjects
The Group shall take appropriate actions on the data subject’s requests on the processing of personal data concerning him or her in accordance with applicable laws and regulations. The requests of the data subject shall include:
- Access to the personal data
- Rectification or erasure of the personal data
- Restriction on the processing of the personal data
- Lodging a complaint against the processing of the personal data
- The data subject may lodge a complaint with the supervisory authority.
- Data portability of the personal data
- Withdrawal of consent on the processing of the personal data
- Contest against the processing of the personal data
8.Safeguards for the protection of personal data
- The Group shall implement appropriate, necessary measures including measures against, including but not limited to, illegal access, computer viruses to prevent incidents such as loss, destruction, manipulation or leakage of personal data. The Group shall also provide appropriate, necessary supervision over its employees, contracted processors, etc. to ensure the protection of personal data.
- Hankyu Hanshin Hotels Co., Ltd.
- General Affairs Department
- 1-16-1 Shibata, Kita-ku, Osaka