Date of Enactment June 1, 2020
If you are accessing the website from other than the EU and UK, please check here.
1. Basic Policy
2. Acquisition of Personal Information - Utilization Purposes and Legal Grounds
When performing the contract with the Guest, the Hotel shall handle the Guest's personal information in accordance with Article 6. 1.(b) of GDPR in order to fulfill the utilization purposes stipulated in the following items.
1. Online Reservation/management regarding the hotel's accommodation business and restaurant/bar
2. Reservation/management of the hotel's restaurant/bar, operation of the hotel such as providing food and drinks and sales of related goods
3. Reservation/management of the hotel's restaurant/bar, operation of the restaurant/bar such as providing food and drinks and sales of related goods
4. To respond to inquiries and requests/demands that the Hotel received
5. To exercise rights and perform obligations based on the laws and regulations such as creation and retention of a hotel register
6. Collection/deletion of information registered to the Hotel's service
7. Any business operations related to the preceding items
3. Acquisition/Types of Personal Information
Personal information to be collected and retained by the Hotel includes the following.
1. Basic Information
Name, address, gender, date of birth, country / region of residence, e-mail address, phone number, etc.
2. Payment Information
Credit card number, bank account information, billing address, etc.
3. Information to be Collected Automatically on the Hotel Website
IP address, types of browser, access date, etc.
4. Request related to the Services
Requests about the guest rooms, leisure activities, etc., and other information necessary to respond to special request.
5. Information required by instructions from The government and the laws and regulations/ordinances, etc.
4. Management of Personal Information
The Hotel shall observe “Act on the Protection of Personal Information” and other relevant laws an regulators, and manage the Guest's Personal Information strictly and safely. The Hotel shall take necessary and appropriate measures for prevention of unauthorized access, leakage, loss, falsification, and damage.
The Hotel also has established the Audit Office as the internal audit system.
5. Personal Information Retention Period
The Hotel will retain Guest's Personal Information only for the purposes specified in paragraph 2, and will take measures to delete or anonymize the Guest's personal information in a safe manner within a reasonable period of time after the retention period elapses.
6. The rights of Guests
The Guest shall have the rights under GDPR against the Hotel as follows. The Guest may exercise the rights by using the form on the Hotel website, or by contacting Personal Information Inquiry Contact.
When the Guest exercises such rights, the Hotel shall, unless otherwise it falls under any of the exceptions set forth in GDPR, etc., verify the identification, and, in principle, contact within one (1) month after receiving the request.
1. The right to access to the Personal Information (provision of purpose, type, destination, retention period, acquirer, etc.)
2. The right to request correction of Personal Information
3. The right to request deletion of Personal Information
4. The right to request restriction on processing of Personal information
5. The right to object to processing Personal Information
6. The right to request data portability
7. Appeal to Supervisory Authority
The Guest has the right to make an objection concerning the handling of the Personal Information of the Hotel to the audit institutions such as national government, reginal government, or international organizations in accordance with GDPR, etc. The Hotel would like to have an opportunity to respond to the inquiries before the Guest lodges an appeal. Accordingly, please feel free to contact the Hotel in advance via Inquiry Form here
8. Update of This Policy
This Policy may be revised as necessary to respond to the amendment, revision, etc. of relevant laws and regulations.
In this case, the Hotel will disclose the Policy on this website without delay, and will specify the date of the last revision.
We have appointed DataRep as our data protection representative for the EU and UK. Any queries requiring the input of our representative should be directed to them as follows:
Sending an email to DataRep at firstname.lastname@example.org quoting < Keihan Hotels & Resorts Co., Ltd. > in the subject line;
Using the online webform at https://www.datarep.com/data-request/
Mailing your request to the following address
Data Protection Representative Limited
DataRep, 72 rue de Lessard, Rouen, 76100, France
DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom