Prince Hotels & Resorts

GDPR Privacy Policy

Last revised: April 1st, 2022

Seibu Prince Hotels Worldwide, Inc. and affiliated entities (please see ‘affiliate entities’ below) respect your privacy and are committed to protect your personal data. This privacy policy describes the ways we collect, store, use and protect your personal data and informs you about your privacy rights.

This privacy policy applies to processing activities in relation to individuals in the European Economic Area (“EEA”) and the United Kingdom (“UK”) which fall under the scope GDPR or UK GDPR.

This privacy policy is provided in a layered format.

1. WHO IS RESPONSIBLE FOR THE DATA PROCESSING?

1.1 Responsible entities

In this paragraph we inform you which entity is responsible for which part of the processing of your personal data. In principle Seibu Prince Hotels Worldwide, Inc. (referred to as “Seibu Prince Hotels”, “we”, “us”, “our” in this privacy policy) is responsible for the processing of your personal data.

1.2 Controllers

Seibu Prince Hotels is the ‘controller’ for the purposes of the GDPR and equivalent UK legislation in relation to the handling of personal data obtained from customers in the EEA or UK.

2. WHICH PERSONAL DATA IS USED AND FOR WHAT PURPOSES?

We can’t help you book a room in one of our hotels or reserve a restaurant or activity via our website or via agents without processing personal information. It depends on the processing activity, which personal data we process about you, for which purposes and based on which legal ground. Please find below some general information about our processing of your personal data. Beneath the general information, you will find an overview of our processing activities in which we provide more detailed information about the processing of your personal data in that context. We may collect and use your personal data for the purposes set out below. If your personal data is to be used for any other purpose, we will clearly inform you of the purpose and scope of use prior to collecting or using the information.

2.1 Refusal to provide personal data

We will not compel you to provide your personal data to us. You always have the right to choose whether or not to provide us with your personal data. However, if you choose not to provide certain information, we may not be able to provide certain services to you, for example, we may not be able to accept your reservation or you may not be able to use some of our services. We will make clear to you at the time of collection which information is necessary to obtain for providing the service.

2.2 Information from minors

We do not intend or wish to obtain personal data directly from minors. If a minor provides us with personal data of a family member or other person without the consent of a parent or guardian, please inform us as soon as possible via the contact information stated below. We will take immediate action, including the erasure of the relevant personal data. However, if a minor wishes to use our services and facilities, please note that we will process their personal data in accordance with this privacy policy.

2.3 Sensitive personal data

We do not obtain sensitive personal data (such as racial or ethnic information, health data, political ideology, religious or philosophical beliefs, information on trade union membership, genetic data, biological data, information on sex life and sexual orientation) and personal data relating to criminal offences except in cases where it meets the requirements of the applicable laws.
If you provide sensitive personal data relating to your health or beliefs as part of your reservation, such as allergy information or information relating to dietary restrictions, we will record such personal data and handle it with your consent and only to provide you with the service.

2.4 Legitimate interest

Sometimes we indicate that we process your personal data based on the legal ground “legitimate interest”. This means that a balance of interests is performed between the interests that are served by the processing on the one hand and your privacy interests on the other hand, and that the interests in favour of the processing prevail. The related legitimate interests are included below per processing activity. If you want more information about this, you can contact us directly via our contact information stated below.

2.5 Processing activities

(a) Reservations

Personal data

If you book a room or make a reservation for a restaurant or an event via various channels including our website, app or a booking agent, we may obtain the following categories of personal data from you directly or via a third party, such as a booking agent:

  • Various types of information that you consciously provide for the purpose of making a reservation, including:
    – Address, name, title, gender, date of birth, name of organisation;
    – Email address, telephone number, fax number, postal address;
    – Information on allergies;
    – Date of check-in and check-out, number or names of accompanying persons;
    – Information about the travel itinerary, purpose of your trip and information to respond to your requests and requirements (regarding guest rooms, leisure activities, and other services, information required to fulfil special requirements);
    – Payment information for as far as needed for online reservations (credit card information); and
    – Membership information of various membership organisations.
  • Information on the use of services related to the (online) reservation (e.g. facility usage, product purchases, etc.).
  • Information as required by administrative instructions, laws, regulations or ordinances.

Purposes

We use the personal data for the following purposes:

  • To enable you to make reservations via various channels including our website, app or booking agents;
  • To respond to your enquiries and complaints;
  • To provide you with the services that you have requested;
  • To provide you with information on products or services of us or trusted third parties; and
  • If you provide us with your membership details, we also use this information to provide you with services as a member.

Legal grounds

Our legal grounds for the processing activity with regards to customer reservations are your consent, the necessity to process personal data for the performance of our contract with you, to comply with a legal obligation under EU and UK law or our legitimate interest to comply with applicable non-EEA/UK laws.

(b) Enquiries and complaints.

Personal data

If you make an enquiry or complaint to us, we may obtain the following information from you:

  • Various types of information that you consciously provide as listed under (a) above.
  • Date and time you contacted and the contents of contact, such as email, input form of the website, facsimile, note made during a telephone call, letter, answer for surveys, etc.
  • Information on the use of services related to the (online) reservation (e.g. facility usage, product purchases, etc.).
  • Information as required by administrative instructions, laws, regulations or ordinances.

Purposes

We use the personal data for the following purposes and activities:

  • to provide customer service;
  • to respond to your enquiries; and
  • handle your complaints, and for legal procedures.

Legal grounds

Our legal grounds for the processing activity with regards to enquiries is your consent, to comply with a legal obligation under EU and UK law or our legitimate interest to comply with applicable non-EEA/UK laws and respond to your enquiries and complaints.

(c) Surveys and reviews

Personal data

If you complete a survey via our website or review our services, we may collect the following information from you:

  • Various types of information that you consciously provide, including:
    – Name, e-mail address, telephone number, age group, gender;
    – Reservation information;
    – Contents of contact, responses and reviews; and
    – Information (automatically) obtained via the website (please see category (e) below).
  • Date and time of the contact.
  • Information on the use of services related to the (online) reservation (e.g. facility usage, product purchases, etc.).

Purposes

We use the personal data for the following purposes and activities:

  • To conduct surveys to improve our services;
  • To operate and improve the functionalities of our websites; and
  • To provide you with information about our or trusted third parties’ products or services.

Legal basis

Our legal basis for the processing activity with regards to surveys and reviews are your consent or our legitimate interest to improve our products and services and to comply with applicable non-EEA/UK laws.

(d) Use of websites or apps

Personal data

When you use our website or app, we may (automatically) obtain the following information from you via cookies. Cookies are small bits of data that can be placed on your computer, tablet, smartphone or other electronic “device” with which you can use the internet via a web browser. When a website is visited, the website can place these cookies on your device via your web browser. A cookie can be used to identify your device and remember certain settings, such as your language settings.

  • Information that the website automatically obtains, including IP address, cookie identifiers, browser type, access date and time, location information; and
  • Information as required by administrative instructions, laws, regulations or ordinances.

Purposes

We use cookies to collect information on the pages viewed by our website visitors, which is combined with information such as IP address, browser type, access date and time, etc. This information is used for the purposes described in (a) above, as well as:

  • To provide appropriate information and ensure security on the website;
  • To operate and improve functionality of websites;
  • To provide information on our services; and
  • For the purpose of website maintenance and statistical analysis of usage.

This information can be considered personal data under the applicable laws. Depending on your browser, you may be able to change the settings and disable the cookies altogether. Please note that this may result in you not being able to use all or part of the services on our website(s).

Legal grounds

Our legal grounds for the processing activity with regards to the use of the website(s) or apps is your consent, to comply with a legal obligation under EEA and UK law or our legitimate interest in offering our website and apps to you.

(e) Legal objectives

Personal data and purposes

We may also be required to comply with legal obligations to which we are subject under the applicable laws. We only provide personal data obtained from you to third parties, such as competent authorities, if required by law.

Legal grounds

Our legal grounds for the processing activity with regards to legal objectives is to comply with a legal obligation under EEA and UK law and our legitimate interest to comply with applicable non-EEA/UK laws.

3. HOW DO WE OBTAIN YOUR PERSONAL DATA?

There are different ways in which we receive your personal data. Sometimes we receive your personal data, because you provide it to us and sometime we receive it from one of our partners. In this paragraph we inform you on the different methods to collect data from and about you including through:

  • Direct interactions. You may give us your identity, contact and financial data by filling in (reservation) forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
    – purchase our products or services; and
    – give us feedback or contact us.
  • Automated technologies or interactions. As you interact with our website or app, we will automatically collect certain technical data about your equipment and online behaviour. We collect such data by using cookies, server logs, and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.
  • Third parties. We will receive personal data about you from persons duly authorized by you e.g. such authorized persons may include those authorized to make a reservation on behalf of a customer or to introduce a customer, such as travel agencies, in-house agents.

4. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

Sometimes it is necessary to share your personal data with another party, for example because this is necessary for providing our services to you. In this paragraph we inform you under what conditions we will share personal data and with whom.

4.1 Conditions for data sharing

Third parties are not allowed to use personal data concerning you for their own (direct marketing) purposes. Moreover, we only share your personal data with third parties if:

  • This is necessary for the provision of a service or the involvement of the third party. Third parties will, for example, in principle only get access to the personal data that they require for their part of the service provision.
  • The persons within the third party that have access to the personal data are under an obligation to treat the personal data confidentially. Where necessary this is also contractually agreed on.
  • The third party is obliged to comply with the applicable data protection laws. This includes the obligation to ensure appropriate technical and organisational security measures.

We will ensure that these third parties only use your personal data for the purposes described in chapter 2above or for the purposes for which you have given your individual consent. We will ensure that these parties apply the same strict standards as we do.

4.2 Parties with whom we share your personal data

We may share all or part of the above-mentioned information referred to in chapter 2 above with other affiliated entities and with the following third parties (persons who are engaged in the activities of those parties and authorized to be involved in the processing activities concerned):

  • Business partners and subcontractors engaged in businesses that provide you with various products or services (e.g. accommodation, food and beverage, bridal, leisure activities, massage, transportation services), IT service providers and credit card companies;
  • Tenants of facilities of Seibu Prince Hotels or its affiliates, and hotel management companies;
  • Travel agents, tourism operators, event planning companies, in-house agents, transport operators, and other related business partners;
  • Businesses and professionals (including lawyers, tax accountants, and accountants) who provide professional advice on business and operational management; and
  • Authorised government institutions, such as, courts, police, law enforcement agencies, tax-, customs- and excise duty offices, and audit regulators.

5. HOW DO WE SECURE YOUR PERSONAL DATA?

It is important to us to protect your privacy. We have implemented various measures to protect and secure your personal data, in order to prevent violations of the confidentiality, integrity and availability of your personal data. All our employees and other persons engaged by us are obliged to respect the confidentiality of personal data. Please note that we take the following precautions:

(a) Technical and organisational security measures

We strictly manage your personal data and take appropriate precautions, such as technical and organisational safety measures against unauthorized access, loss, destruction, falsification and leakage of personal data.

(b) Organisational structure

We established an organisational structure to ensure compliance with the protection of personal data within Seibu Prince Hotels, including the appointment of a person responsible for managing the protection of personal data of our group entities as a whole and a person responsible for managing the protection of personal data in each department. In addition, a department responsible for audit has been established as an internal audit structure.

(c) Internal policies concerning the handling and management of personal data

We have established standards for the appropriate acquisition, retention, use and disposal of personal data and regulations for the handling of personal data to ensure that this is strictly enforced, as well as a code of conduct and specific rules to prevent unauthorised access, loss, destruction, alteration and leakage of personal data.

(d) In-house training

We strive to protect personal data by providing our staff with education and training on the protection of personal data and ensuring that they are familiar with the content of our internal policies.

(e) Ongoing review of internal policies on the handling and management of personal data

We will continuously review and improve our rules for the handling of personal data and the organisational structure for implementing them to ensure that they are effective and appropriate on an ongoing basis.

6. TO WHICH COUNTRIES WILL WE TRANSFER YOUR PERSONAL DATA?

In addition to transferring your personal data to Japan, we may also transfer it to other countries or territories outside the EEA and UK in connection with the sharing of personal data with third parties as described above. In this paragraph we provide more information on data transfers and the legitimisation thereof.

6.1 Transfers outside the EEA

Part of the third parties which we entrust with your personal data are based outside the EEA and/or the UK (‘GDPR Third Countries’). Any data transfers from the EEA/UK to GDPR Third Countries shall always take place in compliance with Chapter V of the GDPR and UK GDPR and additional recommendation or decision issued in this regard by the European Data Protection Board (‘EDPB’), European Commission or other competent authority. In case the data is transferred outside the EEA or the UK, the transfer is legitimized in the manner described below. Please note that if we collect personal data directly from you, this does not qualify as a transfer. See this link for an overview of the EEA countries.

6.2 Legitimisation of transfers outside the EEA and UK.

Whenever we transfer your personal data to GDPR Third Countries, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Transfers of your personal data to GDPR Third Countries may be legitimized on the basis of a so-called EU adequacy decision. This is a decision in which the European Commission states that e.g. a certain country offers a level of data protection similar to the GDPR. See this link for the current list of adequacy decisions. This is for example the case for transfers of your personal data to Japan.
  • If and insofar as we transfer personal data to GDPR Third Countries to which no adequacy decision applies, we will conclude the applicable version of the model clauses to safeguard data protection as published by the European Commission, so called standard contractual clauses (‘Transfer SCCs’) or UK transfer agreement approved by the ICO. If deemed required under the applicable privacy legislation, additional measures will be taken. This may concern technical, organisational and/or contractual measures.

Further information on our legitimization of data transfers to Third Countries will be provided upon your request. Please use our contact information to make such a request, as stated below.

7. HOW DO WE DETERMINE HOW LONG WE RETAIN YOUR PERSONAL DATA?

7.1 Main rule

We will retain personal data only for the period necessary to achieve the purpose for which it is used, and will take steps to erase or anonymize personal data after the retention period has elapsed in a secure manner within a reasonable period of time. There could however be exceptions applicable to the general retention terms.

7.2 Exceptions

If you exercise certain privacy rights, it is possible we will remove your data earlier than the general applicable retention period or – oppositely – retain it for a longer period of time. For more information about this, please refer to the header “What are your privacy rights?”

7.3 Exception: longer retention period

In certain situations, we may process your personal data for a longer period of time than what is necessary for the purpose of the processing. We may retain your personal data for a longer period, for example if:

  • A longer minimum statutory retention period applies to us or we owe other specific statutory obligation;
  • You give us consent;
  • A legal procedure is pending, in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you;
  • It is necessary for exercising the right to freedom of expression and to information;
  • It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; or
  • There are public health reasons.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

8. WHAT ARE YOUR PRIVACY RIGHTS?

With regard to personal data collected by us from customers in the EEA or the UK, you have the following rights under the GDPR and equivalent UK legislation. You may exercise these rights by contacting us via the contact information below. If we receive a request to exercise one of these rights, we will respond to the request as soon as possible and after verifying the identity of the person concerned. However, please note that there are exceptions to these rights under the GDPR and we may not always be able to comply with your request.

8.1 Your privacy rights

As data subject you have the right to:

a. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you. Although this does not necessarily give you the right to receive a copy of the documents containing your personal data, you do have the right to receive a copy of your personnel file. Per your request, we will then also provide you with further specifics of our processing of your personal data.

b. Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. Please note that this does not provide you with the right to “correct” documents with which you do not agree, such as a complaints report. In such case, a written document detailing your own view on the matter, may be added to the file.

c. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where: (i) the personal data is no longer necessary, (ii) you have withdrawn your consent, (iii) you have objected to the processing activities, (iv) the personal data is unlawfully processed, (v) the personal data needs to be erased on the basis of a legal requirement, or (vi) where the personal data has been collected in relation to the offer of information society services. Note, however, that we do not have to honour your request to the extent that the processing is necessary: (i) for exercising the right of freedom of expression and information, (ii) for compliance with a legal obligation which requires processing, (iii) for reasons of public interest in the area of public health, (iv) for archiving purposes, or (v) for the establishment, exercise or defence of legal claims.

d. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

e. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

  • Contesting the accuracy of data. If you want us to establish the data’s accuracy.
  • Unlawful processing. Where our use of the data is unlawful but you do not want us to erase it.
  • Data no longer required. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
  • Pending an appeal. You have objected to our use of your data (right to object) but we need to verify whether we have overriding legitimate grounds to use it.

f. Request the transfer (right to data portability) of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies if it concerns processing that is carried out by us by automated means, and only if our processing ground for such processing is your consent or the performance of a contract to which you are a party.

g. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

h. Not to be subject to automated decision-making. This means that you have the right not to be subject to a decision based solely on automated processing, which significantly impacts you (“which produces legal effects concerning you or similarly significantly affects you”). In this respect, please be informed that we do not make use of automated decision-making.

i. Lodge a complaint with a EEA or UK supervisory authority, in particular in the state of your habitual residence, place of work or where an alleged infringement took place. Please refer to this webpage for an overview of the supervisory authorities in the EEA and their contact details. We would appreciate the chance to deal with your concerns before you approach the regulator, so please contact us beforehand.

If you wish to exercise any of the rights set out above, please contact us directly via the contact information provided below.

8.2 No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

8.3 What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

8.4 Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

9. CHANGES

This privacy policy may be revised from time to time to reflect changes in the services provided by us, amendments or changes to relevant laws and regulations, and to meet the needs of society with regard to personal data. In such cases, we will publish this privacy policy on our website without delay and will clearly indicate the date of the last revision of this privacy policy.

10. CONTACT DETAILS

We have established a point of contact within Seibu Prince Hotels to deal with any enquiries or comments from you in relation to the personal data we collect and hold in our possession, and will respond to such enquiries and comments in good faith to the extent reasonable and necessary, after the necessary identification of the customer or his/her representative. Please note that it may take a few days to reply, depending on the case.

10.1 Contact information

For further information on how we process your personal data, please contact us:

Our contact details:

ControllerSeibu Prince Hotels Worldwide, Inc. , “Privacy Policy Contact”
address (e.g. of house)1-16-15 Minami Ikebukuro, Toshima-ku, Tokyo 171-0022, Japan Diamond Gate Ikebukuro
email addressprivacy@princehotels.co.jp

Contact details for our representative in the EEA:

Representation in the EUFirst European Data Rep B.V.
address (e.g. of house)WTC Amsterdam Airport
Schiphol Boulevard 195
1118 BG Schiphol
The Netherlands
email addressPH@eudatarep.com

Masahiko Koyama, President, Seibu Prince Hotels Worldwide, Inc.
Last revised: April 1st, 2022

10.2 Affiliate entities

Seibu Prince Hotels Worldwide, Inc. group companies (“affiliate entities”) are as follows:
Kawana Hotel, Inc
SHIMODA PRINCE HOTEL, INC
TOKYO BAY SHIOMI HOTELMANAGEMENT, INC.
UD Hospitality Management Corporation
SEIBU SINGAPORE PTE LTD
PRINCE HOTELS (THAILAND) CO., LTD.
PRINCE HOTELS USA, INC.


[instashow columns="5" popup_easing="ease-in-out"]