Dogenzaka Hotel Management Inc.

Privacy Policy

We – Dogenzaka Hotel Management Inc., 2-19-10, Aobadai, Meguro-ku, Tokyo – have adopted the corporate philosophy of "The Customer Matters Most" and our management policy is to provide customers with "convenience", "affordability", and "enjoyment", without being bound by preconceived notions, and by thoroughly reading the folds of our customers' hearts without overlooking their reactions on a daily basis. In order to put these management policies into practice, we believe that the proper handling of personal information relating to customers is our important responsibility. We hereby establish a personal information protection policy (Privacy Policy), and will continue to handle personal information in accordance with this Policy and strive to ensure that this Policy is thoroughly understood by all employees and the entire company.
As the controller of your personal information, we will comply with the applicable personal information protection law and other rules, including the European Union’s General Data Protection Regulation (2016/679), where applicable (hereinafter referred to as the "Applicable Data Protection Law") in the handling of personal information, and respond to customer trust by handling personal information accurately and safely based on the philosophy of "The Customer Matters Most". Certain additional rights may apply where required by the Applicable Data Protection Law. For customers located in the European Economic Area (EEA) and the United Kingdom, see also "Additional Information on Personal Data of Individuals Located in EEA and the United Kingdom".

Dogenzaka Hotel Management Inc.
2-19-10, Aobadai, Meguro-ku, Tokyo
Ryuji Yasumoto, President and CEO

1. Collection of Personal Information
   In order to achieve the purposes set forth in "2. Purpose of Use of Personal Information" below, we collect the following information directly from customers or through third-party booking sites for our services. Please note that while not all the following information is necessarily required, certain services may however not be available in case such information is not provided.
   • Name, address, telephone number, sex, nationality, age, date of birth, e-mail address, and other customer information voluntarily provided by the customer
   • Identification (such as driver's license, passport) required to be provided to us by law and information contained in these documents
   • Information on customer's accommodation reservations
   • Information on payment
   • Security camera information
2. Purpose of Use of Personal Information
   We use the acquired information of customers within the scope of the following purposes of use:
   • To confirm the identity as required by laws and regulations
   • To provide services and manage reservation/usage status
   • To respond to customer inquiries
   • To conduct advertising and other promotional activities (including via email for those who have consented to receive such communications), and analyze and verify their effectiveness
   • To continuously improve services and analyze accommodation histories to improve customer satisfaction
   • To provide information on products and services of PPIH group companies to which we belong and other partner companies
   • To contact customers as necessary for business purposes, such as important service notices
   • To contact and confirm necessary information regarding various campaigns
   • To prepare and keep a guest register
   • To respond to official requests from authorities
   • To comply with applicable laws and regulations (such as in the fields of accounting and tax)
3. Provision to a Third Party and Entrustment
   We do not and will not provide your personal information to any third party unless it falls under any of the following, as permitted by the Applicable Data Protection Law:
   • We obtain the consent of the customer
   • It is required by the provisions of laws and regulations
   • When there is a risk of infringement of specific rights and interests, such as the life, body, or property of the customer, and the provision of personal data is necessary to protect such rights and interests, and it is difficult to obtain the consent of the customer
   • Doing so is necessary to protect the vital interests of the public
   • Providing and making available your personal information through an opt-out procedure in accordance with laws and regulations
   We may, as necessary, entrust the processing of personal information to a third party within the scope of the purpose for which it was collected. In such case, we will take measures to ensure the protection of your personal information, such as entering into a written data processing agreement with such third party. Who we disclose your information to: We may disclose your personal information as follows:
   • Service Providers: We will share your information with service providers to provide services in relation to our business as well as to help us improve or to provide information on our products and services.
   • Partners: Where permitted by applicable law, we may also disclose your information to other parties, including InterContinental Hotels Group of Companies and our other partners, to extend special offers about their own products and services to you.
   We also share your personal information with other entities, which may include law enforcement, professional advisors, and other persons, in circumstances such as:
   • when we believe in good faith that the disclosure is required by law or to protect the safety of hotel guests, employees, the public or our property;
   • when disclosure is required to comply with a judicial proceeding, court order, subpoena, warrant or legal process; or
   • in the event of a merger, asset sale, or other related transaction.
4. Legal Basis
   We collect, use and share your information where we have an appropriate legal basis to do this under the Applicable Data Protection Law.
   This may be because:
   • you have provided your consent to us using the personal information;
   • our use of your information is necessary to perform our contract with you, for example, making and managing your booking and operating and providing our services;
   • our use of your information is necessary to meet our legal obligations, including complying with requests, orders and other legal notices of regulators, tax officials and law enforcement bodies;
   • our use of your information is in our legitimate interest as a commercial organisation, for example to operate and improve our services and to keep people informed about our products and services (including for carrying out direct marketing) - in these cases we will ensure that the processing of your personal information is carried out at all times in a way that is proportionate and respects your privacy rights, and depending on the applicable law, you have a right to object to such processing as explained in this Policy.
5. Security Control Measures
   We will strive to prevent unauthorized access to, alteration, loss, leakage, or damage, etc. of your personal information by taking technical, organizational, physical, and personnel measures.
   • We have established a basic policy regarding the processing of personal information for the safe management of personal data in our possession.
   • We have established a personal information protection management procedure for the safe management of personal data, including personal information protection rules and related detailed regulations.
   • As organizational security control measures, we have appointed a person responsible for the handling of personal data and clarified the employees who handle personal data and the scope of personal data handled by such employees. In addition, the status of personal data handling is periodically self-inspected and audited by other departments and outside parties.
   • As personnel safety control measures, we impose confidentiality obligations on all employees and conduct periodic training sessions to ensure that all employees are familiar with safety control measures.
   • As a physical security control measure, we maintain a control environment to protect against theft, loss, and destruction.
   • As a technical safety control measure, we implement access control to limit the scope of personnel in charge and the personal information database, etc. handled. In addition, we have introduced mechanisms to protect information systems that handle personal data from unauthorized external access or unauthorized software.
6. Retention Period of Personal Information
   We only keep your information for as long as is necessary to achieve the purposes explained in this Policy. In some cases we keep transactional records (which may include your personal information) for longer periods than necessary to provide our services, if such retention is necessary to meet our legal, regulatory, tax or accounting obligations. We will also retain information if we reasonably believe there is a prospect of litigation. In particular, when determining how long we keep your information, we take into account how long we need it to:
   • Maintain business records for analysis and/or audit purposes;
   • Comply with record retention requirements under the applicable laws and regulations;
   • Defend or bring any existing or potential legal claims; and
   • Deal with any complaints regarding our services.
7. International Transfer of Personal Information
   We are located in Japan, so if you are outside of Japan, your personal information will be transferred to Japan. To ensure your personal information is properly protected, we put in place appropriate safeguards (including contractual commitments)
   On 23 January 2019, the European Commission adopted its adequacy decision for Japan, recognising Japan as offering an adequate level of protection for personal data. The personal information of our customers located in the EEA and the UK is exchanged with and processed in Japan on this basis.
8. Amendment to this Policy
   We may review and improve this Policy as appropriate in order to reflect any update to our personal data processing activities or to comply with laws, regulations and other rules, in which case we will notify you thereof via an appropriate communication channel to the extent required by the Applicable Data Protection Law.
9. Disclosure, Correction, Deletion of Personal Information
   If you wish to request disclosure, correction, addition, deletion, suspension of use, elimination, or suspension of provision to a third party of personal information provided by you, please fill out the "Request Form for Disclosure, etc. of Retained Personal Data" attached below, carefully read the precautions, and send it by mail to the address written on the form. No handling fee will be charged, but you will be responsible for all costs associated with the request, such as postage, telephone charges, etc. We will respond to your request within a reasonable period of time after confirming the facts, provided that we can confirm the identity of the person making the request.
   "Request Form for Disclosure of Retained Personal Data"(Japanese Only)
   Established August 7th, 2023
   ■Additional Information on Personal Data of Individuals Located in EEA and the United Kingdom
   Legal rights for customers located in the EEA and UK under the EEA and UK data protection laws are as described below. To exercise any of your rights please contact us by emailing [inquiry@dogenzaka-hm.co.jp].
   • Right to access personal information
     You can ask us to confirm whether or not we have and are using your personal information and to provide you with a copy of your information.
   • Right to correct / erase personal information
     You can ask us to correct any information about you which is incorrect. We will be happy to rectify such information but may ask to verify the accuracy of the information first.
     You can ask us to erase your information if you think we no longer need to use it for the purpose we collected it from you. You can also ask us to erase your information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information.
     We may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligation or where we need to use your information to establish, exercise or defend legal claims.
   • Right to restrict how we use personal information
     You can ask us to restrict our use of your information in certain circumstances, for example:
     • where you think the information is inaccurate and we need to verify it;
     • where our use of your information is not lawful but you do not want us to erase it;
     • where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or
     • where you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it.
     We can continue to use your information following a request for restriction where we have your consent to use it; or we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.
   • Right to object to the use of your information
     You can object to any use of your information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use your information if we can demonstrate that we have compelling legitimate interests to use the information.
     You can always require us to stop using your data for direct marketing purposes.
   • Right to ask us to transfer your information to another organization
     You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company).
     You may only exercise this right where we use your information in order to perform a contract with you, or where we asked for your consent to use your information. This right does not apply to any information which we hold or process that is not held in digital form.
   • Right to withdraw your consent
     Where the processing of your personal information is based on your consent, you may withdraw such consent at any time, free of charge, without affecting the lawfulness of the processing we carried out based on consent before its withdrawal.
10. You also have the right to lodge a complaint with the relevant data protection supervisory authority.
    We may ask you for proof of identity when making a request to exercise any of these rights. We do this to make sure that we only disclose information where we know we are dealing with the right individual. We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before proceeding with your request.
    We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We will let you know if we think a response will take longer than one month. To help us respond more quickly, we may ask you to provide more detail about what you want to receive or are concerned about.
    We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way, in which case we will inform you thereof.