-
1.(適正な個人情報の取得)
-
-
(1)当社は、偽りその他不正の手段による個人情報の取得はいたしません。
-
(2)当社は、要配慮個人情報を取得する場合は、あらかじめお客様の同意を得るものとします。
-
-
2.(利用目的の特定、利用目的による制限、不適正な利用の禁止)
-
-
当社は、別途利用目的をお示しする場合又は法令に定めのある場合を除き、お客様の個人情報を、以下の利用目的で利用いたします。当社は、お客様の承諾がない限り、以下の利用目的以外で個人情報を利用しません。また当社は、違法又は不当な行為を助長し、または誘発するおそれがある方法により個人情報を利用しません。
-
-
3.(データの正確性の確保)
- 当社は、個人情報を正確かつ最新の内容に保つとともに、利用する必要がなくなったときは、当該個人情報を削除するよう、適切な措置を講じます。
-
4.(安全管理措置)
-
当社は、当社は、個人情報の取扱いにあたっては、改ざん、破壊、紛失、漏洩などを防止するよう安全管理に留意し、以下の措置を講じます。
なお、詳細については、後記「上記の個人情報の取扱いに関する苦情の受付」までお問い合わせください。 -
5.(社内体制、従業員の教育)
- 当社は、各部署に個人情報部門管理者を置き、社内の管理体制を整備し、従業員の教育に努めるとともに、継続的な見直しを行っていきます。
-
6.(委託先の監督)
- 当社は、取引等において、業務の全部または一部を委託する場合、委託先へは、個人情報を厳重に管理することを義務付け、監督いたします。
-
7.(第三者提供の制限)
-
当社は、法令に定める場合を除き、あらかじめご本人の同意を得ることなく、個人情報を第三者に提供しません。
なお、法令に則ったうえで、第三者提供の例外として、次のとおり「委託」「承継」「共同利用」を行う場合があります。 -
-
(1)委託
個人情報の取扱いに関し、委託先において安全管理措置が適切に講じられるよう必要かつ適切な監督を行ったうえで、業務の全部または一部を委託する場合があります。
-
(2)承継
合併その他の事由による事業の承継に伴って個人データが提供される場合があります。
-
(3)共同利用
当社は、一部の個人データを次のとおり共同利用いたします。
なお、別途個人情報の取扱いについて定めている場合は、それによります。
-
-
8. 個人関連情報の取得
- 当社は、Google LLC、Meta Platform Inc. 等の広告プラットフォーム事業者から、当社サービスの申込みを行った方が広告経由であるという情報、当社ホームページへの経路情報、当該事業者が推定した属性情報を受け取り、当該情報を個人情報に紐づけて利用することがあります。かかる場合、当社は、紐づけられた情報を、「2.(利用目的の特定、利用目的による制限、不適正な利用の禁止)」に記載の目的で取り扱うことがあります。
-
9. Google Analytics
-
当サイトでは、お客様の当サイトの訪問状況を把握するためにGoogle社のサービスであるGoogle Analyticsを利用しています。
当サイトでGoogle Analyticsを利用しますと、当サイトが発行するCookieをもとにして、Google社がお客様の当社サイトの訪問履歴を収集、記録、分析します。
当社は、Google社からその分析結果を受け取り、お客様の当サイトの訪問状況を把握します。
Google Analyticsにより収集、記録、分析されたお客様の情報には、特定の個人を識別する情報は一切含まれません。また、それらの情報は、Google社により同社のプライバシーポリシーに基づいて管理されます。
お客様は、ブラウザのアドオン設定でGoogle Analyticsを無効にすることにより、当サイトのGoogle Analytics利用によるご自身の情報の収集を停止することも可能です。Google Analyticsの無効設定は、Google社によるオプトアウトアドオンのダウンロードページで 「Google Analyticsオプトアウトアドオン」をダウンロードおよびインストールし、ブラウザのアドオン設定を変更することで実施することができます。なお、お客様がGoogle Analyticsを無効設定した場合、お客様が訪問する本サイト以外のウェブサイトでもGoogle Analyticsは無効になりますが、お客様がブラウザのアドオンを再設定することにより、再度Google Analyticsを有効にすることも可能です。 Google Analyticsの利用規約に関する説明についてはGoogle Analyticsのサイトを、Google社のプライバシーポリシーに関する説明については同社のサイトをご覧ください。
Google Analyticsの利用規約に関する説明についてはGoogle Analyticsのサイトを、Google社のプライバシーポリシーに関する説明については同社のサイトをご覧ください。
Google Analyticsの利用規約:http://www.google.com/analytics/terms/jp.html
Google LLCのプライバシーポリシー:http://www.google.com/intl/ja/policies/privacy/
Google Analyticsオプトアウトアドオン:https://tools.google.com/dlpage/gaoptout?hl=ja -
10. (開示、訂正、問合せ等)
- 当社は、当社の保有個人データにつき、ご本人又は代理人から利用目的の通知、開示、訂正、追加、削除、利用停止、消去、第三者への提供の停止又は第三者提供記録の開示を受けた場合には、法令の要件を確認した上、下記の担当部署が速やかに対応します。 株式会社近鉄・都ホテルズ 総務部 個人情報保護推進事務局 TEL.06-6774-7658
-
開示等の求めに応じるための手続き
当社は、当社の保有個人データに関するご本人またはその代理人からの「利用目的の通知」、「開示」、「訂正・追加または削除」、「利用の停止または消去」、「第三者提供の停止」および「第三者提供記録の開示」(以下「開示等」といいます。)の各求めに対し、下記のとおり手続を定め、これに対応いたします。-
1.開示等の求めの対象となる保有個人データについて
開示等の求めに当たっては、対象となる保有個人データをできる限り特定していただきますようお願いいたします。
-
2.開示等の求めの申出先
開示等の求めを行う場合は、当社所定の請求書〔下記3.(1)をご覧ください。〕に確認書類および手数料が必要なときはその全額を同封のうえ、次の宛先までご送付ください。なお、開示等の求めにつきましては、郵送のみの受付とさせていただきます。
〒543-0001 大阪市天王寺区上本町6丁目1-55
株式会社近鉄・都ホテルズ 総務部
※封筒に朱書きで「個人情報開示等請求書在中」とお書き添えください。
※書類の授受を確実に行うため、手数料が不要である場合のお申出に当たっても、配達記録郵便のご利用をお勧めいたします。 -
3.開示等の求めに関する手続
(1)開示等の求めに関する書面
[1]ご本人が開示等の求めを行う場合
次のa.の請求書をダウンロードおよび印刷していただき、所定欄に記入および押印のうえ、b.の本人確認書類を同封し、当社宛(送付先については上記2.をご覧ください。)にご郵送ください。
b.本人確認書類
(a)公的証明書〔運転免許証、各種健康保険証、年金手帳、住民票の写し、パスポート(写真および住所のページ)または外国人登録証明書のいずれか〕のコピー
※現在有効なもので住所、氏名および生年月日の記載があるものに限ります。
(b)上記証明書記載の住所と返答先住所が異なる場合は、上記書類に加え、次の書面のいずれかのコピー
ア.公共料金の領収書
イ.国税または地方税の領収書または納税証明書
ウ.社会保険料の領収書
※発行日から6カ月以内で、現住所および氏名の記載があるものに限ります。
なお、ご本人からの開示等の求めの場合、返答の送付先は上記本人確認書類〔(b)をご提出いただいている場合は(b)〕に記載されたご本人の住所に限らせていただきます。[2]代理人が開示等の求めを行う場合
次のa.の請求書をダウンロードおよび印刷していただき、所定欄に記入および押印のうえ、b.の確認書類およびc.の代理人資格の確認書類を同封し、当社宛(送付先については上記2.をご覧ください。)にご郵送ください。なお、ご本人の住所および氏名を記入していただいたうえ、必ず代理人自身による署名および押印をお願いいたします。
b.本人およびその代理人の確認書類(本人およびその代理人の双方について必要です。)
(a)公的証明書〔運転免許証、各種健康保険証、年金手帳、住民票の写し、パスポート(写真および住所のページ)、外国人登録証明書のいずれか〕のコピー
※現在有効なもので住所、氏名および生年月日の記載があるものに限ります。
(b)上記証明書記載の住所と返答先住所が異なる場合は、上記書類に加え、次の書面のいずれかのコピー
ア.公共料金の領収書
イ.国税または地方税の領収書または納税証明書
ウ.社会保険料の領収書
※発行日から6カ月以内で、現住所および氏名の記載があるものに限ります。
c.代理人資格の確認書類
(a)法定代理人による場合
住民票記載事項証明書その他法定代理人の資格を証明する書類
(b)その他の代理人による場合
本人が作成および押印した当該代理人を選任する旨の委任状(委任状にはご本人の実印を押印し、ご本人の印鑑証明書も併せてご提出ください。)なお、代理人からの開示等の求めの場合には、上記b.の確認書類〔(b)をご提出いただいている場合は(b)〕に記載された代理人の住所宛に返答を送付し、これをもって開示等の手続を完了したものといたします。本人とその代理人間の返答の授受について、当社は一切の責任を負いません。
(2)開示等の求めに関する手数料
[1]「開示」または「利用目的の通知」の求めの場合
a.手数料
「開示」または「利用目的の通知」の求め1件につき500円(消費税等含む。)
b.支払方法
請求書に現金500円を同封し現金書留郵便でご送付ください。[2]「訂正・追加または削除」、「利用の停止または消去」または「第三者提供の停止」の求めの場合
保有個人データを特定していただいたうえで、「訂正・追加または削除」「利用の停止または消去」または「第三者提供の停止」の求めを行う場合は、手数料は無料です。
(3)開示等の求めに関する注意事項
- [1]開示等の求めについては、必ず上記の当社所定の請求書〔3.(1)をご覧ください。〕をご使用いただきますようお願いいたします。他の書式による場合には、開示等の求めをお受けできません。
- [2]確認書類の取得費など、開示等の求めの提出にかかる費用については、すべてご本人の負担とさせていただきます。
- [3]開示等の求めに際してご提出いただいた公的証明書等の確認書類は、手続の終了時に返却いたします。
- [4]開示等の求めに際してご提出いただく確認書類に、本籍地や基礎年金番号などの開示等の求めに必要のない記載がある場合、公的証明書のコピーの該当部分を塗りつぶす等、読み取れないようにしていただいても構いません。
- [5]開示等の求めに関し発生した送付中の郵便事故等については、当社の責に帰すべき事由による場合を除き、当社は一切の責任を負いません。
-
4.開示等の求めに対する当社の対応
当社は、開示等の求めに関する請求書等をすべて不備なく当社が受領した時点から手続を開始いたします。なお、保有個人データの特定に時間を要する場合など、当社の作業上、お日にちをいただく場合がございます。
-
5.当社は、次に掲げる場合には開示等の求めに応じかねます。
- [1]請求書に記入漏れや押印漏れがあるなど必要事項が記載されないとき
- [2]確認書類が同封されていない場合など本人あるいは代理人であることが確認できないとき
- [3]手数料が同封されていないまたは不足しているとき
- [4]法第32条第2項但書、第33条第2項但書、第34条第1項ならびに第35条第2項但書、第4項但書および第6項但書に定める場合に該当するときご提出いただいた書類等に不備がある場合は、請求書に記入いただいた住所に当社から連絡をいたします。なお、連絡後一定期間が経過しても訂正、再提出等を行っていただけない場合は、開示等の求めがなかったものとして対応させていただきます。
開示等の求めに応じない場合は、当社からその旨を返答いたします。なお、「開示」および「利用目的の通知」の求めについては、当社がこれに応じない場合であっても当社所定の手数料〔上記3.(2)をご覧ください。〕をいただきます。
-
6.開示等の求めに関して取得した個人情報の利用目的
開示等の求めに伴い、提出いただいた請求書または確認書類等により取得した個人情報は、ご本人またはその代理人への連絡・返答、本人確認または手数料の収受など、開示等の求めへの対応に必要な範囲でのみ利用いたします。
なお、ご提出いただいた確認書類は、開示等の求めへの対応後、返却させていただきます。
上記の個人情報の取扱いに関する苦情の受付
株式会社近鉄・都ホテルズ 総務部 個人情報保護推進事務局 TEL.06-6774-7658
-
This Privacy Policy explains how we may use the Personal Data we collect when you visit our website https://en.miyakohotels.ne.jp/、https://zh-cn.miyakohotels.ne.jp/、https://zh-tw.miyakohotels.ne.jp/、https://ko.miyakohotels.ne.jp/(“Website”), inquire about our products and/or services, such as making a booking with us, subscribe to our marketing communications, are a supplier or business partner, or apply for a position with us. It also explains how we comply with EU legislation related to data protection (EU General Data Protection Regulation “GDPR”) and what your rights are under this legal framework.
Kintetsu Miyako Hotels is the data controller of the services offered through this website. Our registered office is at 6-1-55 Uehommachi, Tennoji Ward, Osaka City, Japan.
-
1. Definitions
- Unless otherwise indicated, capitalized terms used in this Privacy Policy are defined in Annex 1. Most of the definitions are derived from the EU General Data Protection which you can access from here.
-
2. What type of Personal Data do we collect from you?
-
Personal Data means any information relating to you which allows us to identify you, either directly from that data or because we combine that information with other data about you.
When you use our Website, including booking services and/products with us, subscribe to our marketing communications, apply for a position with us or interact with us in relation to our services and/products, you may provide us with your Personal Data, or we may obtain Personal Data about you.
-
We may process the following Personal Data:
-
-
3. Where do we collect your Personal Data from?
-
We will collect Personal Data from several sources. These include the following:
Directly from you: when you use our Website, book our services or products, contact us by email or communicate with us directly in some other way.
Our website: provides us with information about how you use it and the devices that you use to connect to our Website. Like many other Websites, we use so-called “cookies”. Cookies are small text files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our Website. If you have given your consent to our use of cookies, we do so to improve the use of our Website, analyze our Website or to display advertising on our Website. You can revoke your consent to our use of cookies any time. Please refer to our Cookie Consent Banner for more information on the cookies we use. For details about Cookie, please refer to our Cookie Policy . -
4. Why do we collect your Personal Data and on what legal basis?
-
The table below describes the main purposes for which we process your personal data, the categories of your information involved and our lawful basis for being able to do this.
Purpose Personal Data used Lawful basis So that we can provide our website to you IP address, browser type, device ID, geolocation We have a legitimate interest in our website working properly Ensuring IT support and network security Date and time of access, URL of the page viewed, referrer (the page viewed before the page was viewed) information, website activity, device, OS and browser information, IP address, country of access We have a legitimate interest in ensuring our systems are secure To manage your bookings and provide our services and products to you Name, email address, telephone number, address, date of birth, workplace information, credit card/bank account information, payment data, booking details This is necessary to fulfil our contract with you. To invoice you and receive payments from you Name, email address, billing address, telephone number, date of birth, customer number, and other payment data This is necessary to fulfil our contract with you Marketing products which may be of potential interest to you and offering promotions Name, email address, telephone number, date of birth, email activity and marketing preferences We have a legitimate interest to provide you with information about or products including those that are the same or similar to the ones you have inquired about
If we cannot rely on legitimate interest as our lawful basis for processing, then we will obtain consent from youProvide you with our newsletter Name, email address, marketing preferences We only send you newsletters if you gave us your consent To deal with inquiries, and other communications from you Name, email address, telephone number, content of inquiry, gender This is necessary to fulfil our contract with you To analyse our website usage in order to improve and enhance our services Cookies, IP address, browser type, plug-ins device type and ID, country of access, browsing history, time spent on the website, website activity We only process your personal data for analysing purposes if you gave us your consent To optimize our ad delivery on our website Cookies, IP address, browser type, plug-ins device type and ID, country of access, browsing history, time spent on the website, website activity We only process your personal data for advertisement purposes if you gave us your consent For the purpose of complying with any legal and regulatory requirements, such as audit and accounting Name, address, gender, telephone number and e-mail address, date of birth, workplace information, information required for payment, such as credit card details/account details, job title, contact history, bank account, information on services used We have a legal obligation to comply with any legal or regulatory requirements To claim and enforce claims Name, address, telephone number/email address and other contact information (including social networking IDs), date of birth, customer number, workplace related information, information on bank account, contract information, information on solvency This is necessary to fulfil our contract with you To manage and select candidates who applied for a position with us Name, address, date of birth, gender, telephone number and e-mail address, photograph, information provided in your CV and application This is necessary to fulfil our contract with you Storage of records relating to you and also records relating to our business All the personal information we collect about you To be able to manage and fulfil our contract with you, we may have a legal and/or regulatory obligation to do so and we also have a legitimate interest to keep proper records. -
Some of your Personal Data may be required due to legal, contractual, or other obligations. Failure to provide this data may impact our ability to fulfil our contract with you or comply with relevant legal obligations. For other Personal Data, whilst you may not be under an obligation to provide it to us, if you do not provide it, we may not be able to properly perform our services for you. Without your Personal Data, you may be unable to complete bookings or purchases on our Website.
Providing Personal Data for marketing and newsletters is optional. Refusal to provide this data has no negative consequences but means that we cannot offer personalised marketing messages or promotional offers. If you gave us your consent for marketing purposes, you can revoke your consent or object the processing at any time by sending a message following the information in section “Contact Information”. -
5. Who we share your Personal Data with?
-
In order to operate our Website and provide you with the services and products you have booked we may need to share your Personal Data with third parties. This includes sharing your Personal Data with companies engaged by us to manage our relationship with you and provide you the services described above.
-
We may share your personal data with the following recipients:
-
-
6. Direct Marketing
-
From time to time, we may contact you by email with information about services and products we believe you may be interested in.
Marketing emails and newsletters will only be sent when you tell us that you wish to receive marketing related messages, subscribe to our newsletter or when you have booked similar services and/ products with us previously.
[You can opt out any time if you do not wish to receive any marketing messages by clicking on the unsubscribe link in any marketing email you receive to unsubscribe from future marketing communications.] -
7. International data transfers
- In the course of our operations, it may be necessary to transfer your Personal Data to recipients located outside the European Economic Area (EEA). These transfers may be to our, partners or service providers who are located in regions, such as the United States, Singapore or China with differing data protection laws than those in your country. When transferring your Personal Data internationally we implement appropriate safeguards to ensure the security and confidentiality of your data. These safeguards, when we cannot rely on an issued Adequacy Decision, may include for example Standard Contractual Clauses (SCCs) approved by the European Commission.
-
8. How long do we keep Personal Data for?
-
Generally, we will retain your Personal Data for as long as we need it for the purposes for which it was collected. The duration for which we retain your Personal Data will differ depending on the type of information and the reason why we collected it from you. However, in some cases Personal Data may be retained on a long-term basis: for example, Personal Data that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements.
In addition, we may be allowed to retain Personal Data whenever you have given consent to such processing (e.g. subscription to our newsletter), as long as such consent is not withdrawn. -
9. Data security
- We take the security of your information very seriously and only handle Personal Data as permitted by data protection regulations. We use a variety of technical and organizational measures to help protect your Personal Data from unauthorized access, disclosure, modification, loss or destruction in accordance with applicable data protection laws. When handling Personal Data, our employees are obliged to comply with the regulations of the EU GDPR.
-
10. Your rights in relation to your Personal Data
-
-
If you are located in the EU or UK you have the following rights in relation to your Personal Data:
Once our specified retention period has expired, we shall delete the relevant Personal Data. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of such retention period. -
-
11. Processing data in relation to children
-
Kintetsu Miyako Hotels does not knowingly collect Personal Data from persons who are not legally permitted to use our services without obtaining parental consent. If it comes to our attention that we have collected or processed Personal Data from such a person, we may delete this information without notice. If you have reason to believe that this has occurred, please contact us using the following address: soumu@miyakohotels.ne.jp
-
12. Changes to our data protection provisions
-
We may need to make changes to this Privacy Policy to ensure that it complies with current legal requirements or to implement changes to the services detailed in the Privacy Policy, e.g., when introducing new services and products. In this case, your future visits to our Website will be subject to the updated Privacy Policy.
-
13. California Residents
-
At Kintetsu Miyako Hotels, we are committed to protecting your privacy and ensuring transparency in how we handle your personal information. This section outlines your rights under the California Consumer Privacy Act (“CCPA/”CPRA”), the types of personal information we collect, how we use it, and your options for managing your personal information.
What personal information we collect and disclose
This section provides details about the categories of personal information we have collected from consumers over the past 12 months. It also outlines the sources of this information, the business or commercial purposes for its collection, and whether we have disclosed any categories of personal information to third parties during the same period. -
Categories of personal information Source from which we collected information Purpose for collecting the information Categories of third parties to whom the information was disclosed Identifiers, such as name, billing address, email address, IP address - Directly from you
- Accommodation booking and travel agencies
- To manage your bookings and provide our services and products to you
- To invoice you and receive payments from you
- Marketing products which may be of potential interest to you and offering promotions
- Provide you with our newsletter
- To deal with inquiries, and other communications from you
- To optimize our ad delivery on our website
- Accommodation booking and travel agencies
- Group companies
- Marketing and service technology providers
- Event and hospitality services
- Consultants and accountants
Personal information such as telephone number, payment data, booking details - Directly from you
- Accommodation booking and travel agencies
- To manage your bookings and provide our services and products to you
- To invoice you and receive payments from you
- To deal with inquiries, and other communications from you
- Accommodation booking and travel agencies
- Group companies
- Financial institutions
- Event and hospitality services
- Consultants and accountants
Characteristics of protected classifications, such as date of birth, and gender - Directly from you
- Accommodation booking and travel agencies
- To manage your bookings and provide our services and products to you
- To invoice you and receive payments from you
- Marketing products which may be of potential interest to you and offering promotions
- To deal with inquiries, and other communications from you
- Accommodation booking and travel agencies
- Event and hospitality services
Commercial information, such as the services and/or products booked with us - Directly from you
- Accommodation booking and travel agencies
- To manage your bookings and provide our services and products to you
Accommodation booking and travel agencies Internet or other electronic network activity information, such as your IP address, browser type and information, device ID and type, cookie information, plug-ins, URL of the page viewed, referrer, browsing history, website activity, date and time of access, marketing preferences, email activity Directly from you - To analyse our website usage in order to improve and enhance our services
- To optimize our ad delivery on our website
Marketing and service technology providers Geolocation data, such as the country of your access Directly from you - To optimize our ad delivery on our website
- To analyse our website usage in order to improve and enhance our services
Marketing and service technology providers Professional or employment-related information such as, information on your workplace, job title, content of your CV and application information - Directly from you
- From third parties such as recruiting platforms
n/a n/a Sensitive information, such as credit card/bank account information, - Directly from you
- Accommodation booking and travel agencies
- To manage your bookings and provide our services and products to you
- To invoice you and receive payments from you
-
No sale or sharing of personal information
We did not sell or share any personal information in the preceding 12 months.
Kintetsu Miyako Hotels does not sell or share any personal information. -
No sale or sharing of minors' personal Information
We do not have actual knowledge that we sell or share personal information about minors under the age of 16.
-
Sensitive personal Information
We do not use or disclose sensitive personal information for purposes other than those specified in Section 7027(m) of the CCPA regulations. -
Consumer rights under the CCPA/CPRA
If you are resident in California, you have the following rights in respect of your Personal Information: -
-
Right to Know - you have the right to request that we disclose what personal information we collect, use, disclose, sell or share. Specifically, you may request that we disclose to you the following:
You may also request that we inform you about:
-
- Right to deletion - you have the right to request that we delete any personal information about you which we have collected from you. If it is necessary for us to maintain your personal information for certain purposes, we are not required to comply with your deletion request. If we determine that we will not delete your personal information when you request us to do so, we will inform you and tell you why we are not deleting it.
- Right to Correct Inaccurate Personal Information - you have the right to request that we correct inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.
- Right to opt-out of third-party sales and sharing - we do not sell your personal information; you have the right to opt-out of third-party sharing of your Personal Information for cross-context behavioural advertising purposes and selling this data. This means that whenever you request us to stop selling and/or sharing your data, we will abide by your request. Such requests can be made freely, at any time, without submitting any verifiable request, sending an email to soumu@miyakohotels.ne.jp.
- Right to Limit Use and Disclosure of Sensitive Personal Information (SPI) - you have the right to limit the use and disclosure of your SPI to that which is necessary for us to perform the services or provide the goods we provide.
- Right to Opt-Out of ADM technology - you have the right to opt-out of being subject to automated decision-making processes, including profiling.
-
No Discrimination - you have the right not to be discriminated against because you exercised any of your rights under the CCPA/CPRA set out in this section above.
The exercise of your rights is free of charge. The response to requests based on the provisions of the CCPA/CPRA should be provided within a maximum of 45 days. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. However, for requests to opt out or limit the use of sensitive personal information (SPI), we will respond within 15 days. -
How you can exercise your rights under CCPA/CPRA
-
To exercise any of the rights described above, please send us a verified request using the methods listed below. Your request must:
-
Contact us using one of the following methods:
-
-
Financial Incentive Notice
Kintetsu Miyako Hotels does not offer a financial incentive for the collection, sale, or deletion of personal information. Kintetsu Miyako Hotels primarily collects personal data from guests in order to fulfil guest reservations. Kintetsu Miyako Hotels also collects personal data for marketing and purposes as permitted by applicable law. -
14. Contact Information
-
-
If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data, or your choices and rights regarding such use please do not hesitate to contact us by:
-
- [Data Subject Requests from EU Data Subjects according to the GDPR
-
Representative
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
United Kingdom (UK)
European Union (EU)
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://app.prighter.com/portal/12664327136
This Policy was last updated: [march 2025]ADM means Automated decision-making; CCPA means the California Consumer Privacy Act (CCPA) signed into law on June 28, 2018, to amend Part 4 of Division 3 of the California Civil Code. http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180AB375 CPRA means the California Privacy Right Act of 2020 Consent of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her; Contract Performance means concluding, maintaining, and completing of a contract concluded between the Controller and a Data Subject, including Processing activities which take place at the request of the Data Subject before entering into a contractual relation; Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data; where the purposes and means of such Processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law; Data Subject is any natural person whose Personal Data is being collected, held or processed. Examples of a Data Subject can be an individual, a customer, a prospect, an employee, a contact person, etc; Direct Marketing means personal data processed to communicate a marketing or advertising message. This definition includes messages from commercial organisations, as well as from charities and political organisations; General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA); Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) https://eur-lex.europa.eu/eli/reg/2016/679/oj ; Legitimate Interest means the Controller’s interest to process Personal Data in order to carry out tasks related to the Controller‘s business activities. The processing of Personal Data in that context may not necessarily be justified by a legal obligation or carried out to execute the terms of a contract with a Data Subject; Personal Data means any information relating to an identified or identifiable natural person ('Data Subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, but is not limited to the term ‘Personal Information’ according to Section 1798.140. (v) (1-3) of the CPRA.; Personal Information means information of the types set out in Section 1798.140. (v) (1-3) of the CPRA where it identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; Processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller; Recipient means a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as Recipients; the Processing of those Personal Data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the Processing; Sell, Selling, Sale or Sold means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration, according to Section 1798.140. (ad) (1-2) of the CPRA. Share, Shared or Sharing means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged. Sensitive Personal Information means personal information that reveals: the social security, driver’s license, state identification card, or passport number. An account log-in, financial account, debit card, or credit card number, or credentials allowing access to an account, the precise geolocation, racial or ethnic origin, religious or philosophical beliefs, or union membership, content of a consumer’s mail, email and text messages unless the business is the intended recipient of the communication, and genetic data, the processing of biometric data for the purpose of uniquely identifying a consumer, personal information collected and analyzed about a consumer’s health, sex life or sexual orientation according to Section 1798.140. (ae) (1-3) of the CPRA.
-
1. (Proper Acquisition of Personal Information)
-
-
(1) The Company will not acquire personal information by deception or other wrongful means.
-
(2) The Company will obtain prior consent from customers when acquiring sensitive personal information.
-
-
2. (Specification of Utilization Purpose, Restriction According to Utilization Purpose, and Prohibition of Improper Use)
-
-
(1) The Company will use customers’ personal information for the following purposes, except when a separate utilization purpose is specified or when required by law. The Company will not use personal information for any purpose other than those listed below without the customer’s consent. Furthermore, the Company will not use personal information in a manner that may promote or induce illegal or improper activities.
- (i) To provide the Company’s services to customers
- (ii) To carry out payment and billing operations associated with business activities and to fulfill the Company’s obligations
- (iii) To respond to customer inquiries and requests for materials, as well as to contact customers when necessary, such as for reservation confirmations
- (iv) To notify individuals who have subscribed to the Company’s email newsletter about services and events
- (v) To request customers to provide opinions or feedback regarding the Company’s services
- (vi) To analyze the usage of the Company’s services, facilities, products, and website in order to improve them
-
(2) The Company will not use personal information in a manner that may promote or induce illegal or improper activities.
-
-
3. (Securing the Accuracy of Data)
- The Company will take appropriate measures to keep personal information accurate and up to date. Additionally, when the personal information is no longer needed for use, the Company will take appropriate measures to delete it.
-
4. (Safety Control Measures)
-
The Company will take due care in the handling of personal information to prevent falsification, destruction, loss, leakage, and other risks and will implement the following measures.
For further details, please contact us as indicated in the section “Contact regarding the treatment of personal information as above:” below. -
(i) Formulation of Basic Policy
In order to ensure that our Company handles personal data appropriately, the Company has an established basic policy regarding compliance with relevant laws and guidelines, as well as contact points for handling questions and complaints. -
(ii) Development of Rules for Handling Personal Data
In order to prevent the leakage of personal data and ensure the safe management of personal data, the Company has established rules for handling personal information and operates in accordance with these rules. -
(iii) Organizational Security Management Measures
The Company has appointed a person responsible for handling personal information and ensures that personal data is managed in accordance with established rules. Additionally, the Company has implemented measures such as establishing a reporting and communication system with the responsible person. -
(iv) Personnel Security Management Measures
The Company provides regular training and educational programs to employees to ensure the proper handling of personal data. -
(v) Physical Security Management Measures
The Company implements physical security measures such as locking areas where personal data is handled and enforcing strict management to prevent the theft or loss of electronic media and documents. -
(vi) Technical Security Management Measures
The Company sets access permissions for each department, minimizes the number of personnel who can access data, and implements security measures to prevent cybersecurity incidents. -
(vii) Understanding of External Environments
When handling personal data in foreign countries, the Company assesses the personal data protection systems and handling practices of the respective countries and takes appropriate measures to ensure the secure management of personal data. -
5. (Internal System, Education of Employees)
- The Company will appoint a personal information manager in each department, establish and maintain an internal management system, educate employees, and regularly review the system.
-
6. (Supervision of Contractors)
- As part of its business operations, the Company will require contractors to manage personal information strictly and supervise its handling.
-
7. (Restriction on Third Party Provision)
-
The Company will not provide personal information to third parties without the prior consent of the individual, except as required by law.
However, in compliance with applicable laws and regulations, the Company may engage in outsourcing, succession, and shared use as exceptions to the provision of personal information to third parties, as outlined below. -
-
(1) Outsourcing
The Company may outsource all or part of its business related to the handling of personal information after conducting necessary and appropriate supervision to ensure that the contractor implements proper safety control measures.
-
(2) Succession
Personal data may be provided in the event of a business succession due to a merger or other reasons.
-
(3) Shared Use
The Miyako Hotels & Resorts member companies will share certain personal data. If a separate policy regarding the handling of personal information is established, that policy shall take precedence.
Entity responsible for managing the personal data mentioned in (i) and (ii):
6-1-55 Uehonmachi, Tennoji-ku, Osaka, Osaka Prefecture
Kintetsu Miyako Hotels International, Inc.
-
-
8. Acquisition of Information Related to Individuals
- The Company may receive information from advertising platform operators such as Google LLC and Meta Platforms Inc., including data indicating that a person who applied for the Company’s services did so via an advertisement, referral information to the Company’s website, and attribute information estimated by these operators. The Company may link such information to personal data and use it accordingly. In such cases, the Company will handle the linked information in accordance with the purposes specified in “2. (Specification of Utilization Purpose, Restriction According to Utilization Purpose, and Prohibition of Improper Use).”
-
9. Google Analytics
-
This website uses Google Analytics, a service provided by Google, to understand visitors’ interactions with the site.
When Google Analytics is used on this website, Google collects, records, and analyzes visitors’ browsing history on this site based on cookies issued by the website.
The Company receives the analysis results from Google and uses them to understand visitors’ interactions with this website.
The information collected, recorded, and analyzed by Google Analytics does not contain any data that can identify specific individuals. Additionally, Google manages this information in accordance with its privacy policy.
You can disable Google Analytics in your browser’s add-on settings to prevent the collection of your information through this website’s use of Google Analytics. To disable Google Analytics, download and install the Google Analytics Opt-out add-on from Google’s opt-out add-on download page and change your browser’s add-on settings accordingly. If you disable Google Analytics, it will also be turned off on websites other than the one that you visit. However, you can re-enable Google Analytics by resetting your browser’s add-on settings. For details on the terms of use for Google Analytics, please refer to the Google Analytics website. For information on Google’s privacy policy, please visit Google’s website.
For details on the terms of use for Google Analytics, please refer to the Google Analytics website. For information on Google’s privacy policy, please visit Google’s website.
Terms of Service for Google Analytics: http://www.google.com/analytics/terms/jp.html
Google LLC’s Privacy Policy: http://www.google.com/intl/ja/policies/privacy/
Google Analytics Opt-out Add-on: https://tools.google.com/dlpage/gaoptout?hl=ja -
10. (Disclosure, Correction, Inquiry, etc.)
-
The Company will promptly respond to requests for notification of the purpose of use, disclosure, correction, addition, deletion, suspension of use, erasure, suspension of provision to third parties, or disclosure of provision records from the individual concerned or their agent regarding personal data held by the Company. The department responsible for handling such requests is as follows:
Personal Information Protection Promotion Secretariat, General Affairs Department, Kintetsu Miyako Hotels International, Inc. Tel.: 06-6774-7658 -
Procedures for Responding to Requests for Disclosure, etc.
The Company has the following established procedures to respond to requests from the individual concerned or their agent regarding the notification of purpose of use, disclosure, correction, addition, or deletion, suspension of use or deletion, suspension of provision to third parties, and disclosure of third-party provision records (hereinafter collectively referred to as “Disclosure, etc.”) concerning personal data held by the Company.-
1. Retained personal data subject to requests for Disclosure, etc.
In requests for Disclosure, etc., please specify the relevant retained personal data as clearly as possible.
-
2. Address for sending requests for Disclosure, etc.
When requesting Disclosure, etc., please send the request form provided by the Company [see 3. (1) below] to the following address together with proof of identity and the full handling fee, where applicable. Requests for Disclosure, etc., will be accepted by postal mail only.
General Affairs Department, Kintetsu Miyako Hotels International, Inc., 1-55 Uehommachi 6-chome, Tennoji-ku, Osaka 543-0001
*Please mark the envelope in red with: “Personal Information Disclosure Request Form.”
*To ensure delivery of the documents, it is recommended that trackable mail be used regardless of whether the request requires a handling fee. -
3. Procedures regarding requests for Disclosure, etc.
(1) Documents regarding requests for Disclosure, etc.
[1] If the individual concerned requests Disclosure, etc.
Download and print the request form a. below, fill it out and sign it, and send it to the Company together with the identification documents b. (see 2. above for the address).
b. Identification document
(a) Copy of an official certificate, such as a driver’s license, health insurance card, pension booklet, certificate of residence, passport (page with photo and address), or residence card
*It should be currently valid and include the address, name, and date of birth.
(b) If the address stated on the above certificate differs from the address for the reply, a copy of any of the following in addition to the above:
i. Receipt of utility bill
ii. Receipt of payment of national or local tax
iii. Receipt of social insurance premium.
*Must be within 6 months of the issuance date and contain the current address and name.
In the case of a request for Disclosure, etc., by mail, all replies will be sent to the address stated on the identification documents [or (b), if (b) was submitted].[2] If an agent requests Disclosure, etc.
Download and print the request form a. below, fill it in and sign it, and send it to the Company together with the identification documents b. and proof of agent qualification c. (see 2. above for the address). Please make sure to state the address and name of the individual concerned, as well as the agent’s signature.
b. Identification documents for both the individual concerned and the agent (both are required).
(a) Copy of an official certificate, such as a driver’s license, health insurance card, pension booklet, certificate of residence, passport (page with photo and address), or residence card
*Must be currently valid and contain the address, name, and date of birth.
(b) If the address stated on the above certificate differs from the address for the reply, a copy of any of the following in addition to the above:
i. Receipt of utility bill
ii. Receipt of payment of national or local tax
iii. Receipt of social insurance premium.
*Must be within 6 months of the issuance date and contain the current address and name.
In the case of a request for Disclosure, etc., by mail, all replies will be sent to the address stated on the identification documents [or (b), if (b) was submitted].
c. Identification documents for agent qualification
(a) If requested by a statutory agent
Certificate of Items Stated in Resident Register and/or another certificate for the statutory agent’s qualification
(b) If requested by any other agent
A letter of proxy is prepared and signed by the individual concerned to designate the relevant agent (the letter of proxy must bear the registered seal of the individual concerned and be accompanied by a seal registration certificate of the individual concerned).
If requested by an agent, the Company will send the reply to the agent’s address stated in the identification documents under (b) [or (b), if (b) was submitted] and deem the procedures of Disclosure, etc., to have been completed. The Company will not be liable in any manner for the delivery of the reply between the individual concerned and their agent.(2) Handling fee for request for Disclosure, etc.
[1] For request for disclosure or notice of purpose of utilization
a. Handling fee
500 yen (including consumption tax, etc.) per request
b. Payment method
Send the request form along with 500 yen in cash by registered mail.[2] For requests for correction, addition, or deletion, use suspension or deletion, or suspension of third-party provision
For requests for correction, addition, or deletion, use suspension or deletion, or suspension of third-party provision, with the retained personal data specified, no handling fee is required.
(3) Notes regarding requests for Disclosure, etc.
[1] When requesting Disclosure, etc., make sure to use the above request form prepared by the Company [see 3. (1)]. Requests in any other format cannot be accepted.
[2] Any costs required in submitting a request for Disclosure, etc., such as costs for obtaining identification documents, will be borne by the individual concerned.
[3] The official certificates and other identification documents submitted in requests for Disclosure, etc., will be returned after the completion of the procedure
[4] In the case that any identification document to be submitted as part of a request for Disclosure, etc., contains a statement not necessary for the request for Disclosure, etc. such as the registered domicile or basic pension number, such parts may be blacked out or otherwise made unreadable.
[5] Unless caused by a reason attributable to the Company, the Company will not be liable in any manner for accidents to a request for Disclosure, etc., such as accidents occurring during mail delivery. -
4. The Company’s response to request for Disclosure, etc.
The Company will start processing the form, etc., regarding a request for Disclosure etc. once it has received all necessary documents without deficiencies. Please note that it may take several days in some cases as it takes time to identify the retained personal data or for other work.
-
5. Cases where the request for Disclosure, etc., may not be accepted
[1] The Company may not accept a request for Disclosure, etc., in the following cases:
[2] When identification documents are not enclosed, or the identification of the individual concerned, or the agent cannot otherwise be confirmed
[3] When the handling fee is not enclosed, or the amount is insufficient
[4] If the request falls under any of the cases specified in the proviso to Paragraph 2, Article 32, the proviso to Paragraph 2, Article 33, Paragraph 1, Article 34, and the provisos to Paragraph 2, Paragraph 4, and Paragraph 6, Article 35 of the Act, or if there are deficiencies in the submitted documents, the Company will notify you at the address stated on the request form.
If you fail to make the necessary correction or resubmission within a given period after such notice, the request for Disclosure, etc., will be deemed not to have been made. If the request for Disclosure, etc., cannot be accepted, the Company will send a reply to that effect. Please note that for requests for disclosure and notice of purpose of utilization, a handling fee prescribed by the Company [see 3. (2) above] will still be charged even if the request is not accepted. -
6. Purpose of Utilization of Personal Information Obtained in Relation to Request for Disclosure, etc.
The personal information obtained through a request form or identification document, etc. submitted in association with a request for Disclosure, etc. will be used exclusively to the extent required for the response to the relevant request, such as communications or replies to the individual concerned or the agent, identification, or collection of handling fees.
The submitted identification documents will be returned after dealing with the request for Disclosure, etc.
Contact regarding the treatment of personal information as above:
Personal Information Protection Promotion Secretariat, General Affairs Department, Kintetsu Miyako Hotels International, Inc. Tel. 06-6774-7658
-