Privacy Policy

March 19, 2021 2024-05-31 20:32

東京こそTokyokoso Privacy Policy

1. Scope of This Privacy Policy

1.1 This privacy policy sets out how 東京こそTokyokoso (“we”, “us”, “our”) uses personal data in relation to the operation of our hotel and villa rental services in Tokyo, Kuramae.

2. Whose Personal Data Do We Use?

2.1 We typically process the following types of personal data about you:

(a) Reservations and Guest Registration:

  • Address, name, title, gender, date of birth, name of organization;
  • Email address, telephone number, postal address;
  • Demographic data;
  • Information on allergies;
  • Date of check-in and check-out, number or names of accompanying persons;
  • Information about the travel itinerary, purpose of your trip, and information to respond to your requests and requirements (regarding guest rooms, leisure activities, and other services, information required to fulfill special requirements);
  • Payment information for online reservations (credit card information);
  • Membership information of various membership organizations;
  • Photo identification (including passport or driver’s license) and credit card pre-authorization; and
  • Date and time of visit.

(b) Information on the Use of Services:

  • Facility usage, product purchases, pages visited, documents downloaded, the site you visited prior to visiting our website, the browser and device that you are using to access our website, if you have visited our website before, tracking user preferences, etc.

(c) Enquiries and Complaints:

  • Various types of information that you consciously provide as listed under (a) above;
  • Date and time you contacted and the contents of contact, such as email, input form of the website, facsimile, note made during a telephone call, letter, answer for surveys, etc.;
  • Information on the use of services related to the (online) reservation (e.g., facility usage, product purchases, etc.);
  • Information as required by administrative instructions, laws, regulations or ordinances.

(d) Surveys and Reviews:

  • Various types of information that you consciously provide, including:
    • Name, email address, telephone number, age group, gender;
    • Reservation information; and
    • Contents of contact, responses and reviews.
  • Date and time of the contact.
  • Information on the use of services related to the (online) reservation (e.g., facility usage, product purchases, etc.).

2.2 If you choose not to provide certain information, we may not be able to provide certain services to you. For example, we may not be able to accept your reservation or you may not be able to use some of our services. We will make clear to you at the time of collection which information is necessary to obtain for providing the service.

2.3 We do not generally collect any of your special category data; this is any information relating to your health or medical records, genetic or biometric data, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. However, if you provide such information to us, we will only collect that information with your express consent and only where such information is required to satisfy your requirements (such as special access or assistance requirement due to health condition). We shall not disclose your special category data to any other party without your consent.

3. How Do We Obtain Your Personal Data?

We obtain your personal data in a number of different ways:

(a) Through our booking agents, travel agencies, in-house agents; (b) Trusted suppliers (e.g., payment providers like Stripe, booking systems like Vikbooking, marketing agencies); (c) IT systems, including via our platform, hotel Wi-Fi, email, phone; (d) Cookies on our website; (e) Government agencies; (f) Insurance companies; (g) Professional advisors, including external legal advisors; (h) Our regulators; or (i) Surveys and email marketing.

4. For What Purpose Do We Use Your Personal Data and With Whom Is It Shared?

We process your personal data for a number of different purposes and under data protection laws, we must have a “lawful basis” to do so. We rely on the following ‘lawful bases’ when processing your personal data:

(a) To comply with our legal and regulatory obligations; (b) It is necessary for the performance of our contract with you or to take steps at your request before entering into a contract; (c) As necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; (d) Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests; or (e) We have your consent.

Please see below for further details of the different ways we use your personal data, the lawful bases we rely on when doing so, and details of whom we may share your personal data with:

Purpose for Processing Your Personal Data | Legal Basis for Processing Your Personal Data | With Whom Do We Share Your Personal Data | What Personal Data Will Be Shared Reservations and guest registration | We have a contractual obligation; We have a legal obligation or legitimate interest | Service providers (including accommodation, food and beverage, leisure activities, transportation services); Administrative services providers; IT service providers like Vikbooking; Payment providers like Stripe; Authorized government institutions; Professional advisers; Our insurer or insurance broker | N/A Enquiries and complaints | Your consent; We have a legal obligation; We have a legitimate interest to respond to your enquiries and complaints | Service providers; Administrative services providers; IT service providers like Vikbooking; Payment providers like Stripe; Authorized government institutions; Professional advisers; Our insurer or insurance broker | N/A Surveys and reviews | Your consent; We have a legal obligation or legitimate interest; We have a legitimate interest to improve our products and services | Service providers; Administrative services providers; IT service providers; Professional advisers | N/A Promotional, marketing, and business development | Your consent | Administrative services providers; IT service providers | N/A

Please note that we will keep your personal data confidential and will only share it (in the ways described above) where necessary. When we appoint third-party service providers who act as processors on our behalf, we require them to comply with strict contractual obligations (which restrict their uses) and data protection laws.

We may also aggregate and pseudonymize personal data and use and share such aggregated and pseudonymized personal data with our group companies for statistical purposes and for the purpose of data analytics, service development, and/or improvement.

5. The Online and Mobile Data We Collect

We may also collect “Other Data” that generally do not reveal your specific identity or do not directly relate to an individual. To the extent Other Data reveal your specific identity or relate to an individual, we will treat Other Data as Personal Data. Other Data includes:

(a) Your Browser or Device: We collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version, and the name and version of the online services you are using. We use this data to ensure that the online services function properly.

(b) Your Use of Apps: We collect certain data when you download and use an App, such as App usage data, the date and time the App on your device accesses our servers, and what data and files have been downloaded to the App based on your device number. We use this data to ensure that the online services function properly. Our Apps may contain software development kits (SDKs) from third parties which may collect and transmit Other Data to enable various features in the App.

(c) Cookies: We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect browser type, time spent on the online services, pages visited, referring URL, language preferences, and other aggregated traffic data. We use functional cookies to obtain the data for security purposes, to facilitate navigation, to display content more effectively, to collect statistical data, to personalize your experience while using the online services, and to recognize your computer to assist your use of the online services. We also gather statistical cookie data about use of the online services to continually improve design and functionality, understand how they are used, and assist us with resolving questions. Advertising cookies further allow us to select which advertisements or offers are most likely to appeal to you and display them while you are using the online services. We also use them to send marketing emails and to track responses to online advertisements and marketing emails.

(d) Opt-Out of Cookies: You can choose whether to accept cookies by changing the settings on your browser or by managing your tracking preferences by clicking on “Tracking Preferences” located at the bottom of our website. If, however, you do not accept cookies, you may experience some inconvenience in your use of the online services. For example, you will not receive advertising or other offers from us that are relevant to your interests and needs.

(e) Third-Party Advertising: We may use third-party advertising companies to serve advertisements regarding goods and services that may interest you when you access and use the online services. To serve such advertisements, these companies place or recognize a unique cookie on your browser (including through the use of pixel tags).

(f) Pixel Tags and Other Similar Technologies: We collect data from pixel tags (also known as web beacons and clear GIFs), which are used with some online services to, among other things, track the actions of users of the online services (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of the online services.

(g) Analytics: We collect data through Google Analytics, which uses cookies and technologies to collect and analyze data about the use of the Services. These services collect data regarding the use of other websites, apps, and online resources. You can learn about Google’s practices by visiting their site http://www.google.com/policies/privacy/partners/ and you can opt out by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

(h) Your IP Address: We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address is identified and logged automatically in our server log files when a user accesses the online services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems, and administer the online services. We also may derive your approximate location from your IP address.

(i) Aggregated And Segmented Data: We may aggregate data that we collected and this aggregated data will not personally identify you or any other user. We may also use both Personal Data and Other Data to divide customers into segments, or groups, in order to provide more relevant advertising and evaluate our performance and improve the provision of our services.

(j) Location-Based Services: We may collect the precise physical location of your device by using satellite, cell phone tower, Wi-Fi signals, or other technologies. We will collect this data if you opt-in through the App or other program (either during your initial login or later) to improve special offers and to enable location-driven capabilities on your mobile device. If you have opted-in to share your location, the App or other program will continue to collect location data based on how you chose to share the data.

(k) Location Opt-Out: The user can specify via the device’s operating system to always share location, only when the App is in use, or never. If you choose only when the App is in use, we will have access to the data until you log off or close the application.

6. Links to Third-Party Websites

Our websites contain various links to third-party websites. These links are maintained to improve the service we offer and expand the information readily available to you. Third-party websites are NOT subject to our Privacy Policies and, therefore, you should familiarize yourself with the privacy and security policies operating for such sites. Third-party website operators are responsible for their own privacy practices.

Please remember that when you use a link to go from our websites to another website, our Privacy Policies are no longer in effect. Your browsing and interaction on these third-party websites are subject to the terms & conditions and privacy rules and policies applicable to those sites.

7. How Do We Protect Your Personal Data When Sending It Abroad?

7.1 There will be some circumstances in which we will need to internationally transfer your personal data. Where your personal data is transferred to any jurisdictions, we take steps to ensure that your personal data is adequately protected and in compliance with data protection laws.

7.2 A summary of our regular international data transfers is set out below:

Country/jurisdiction to where we transfer personal data : Japan

Purpose for the transfer : To share among 東京こそTokyokoso branded hotels and facilities and their sales offices for the purposes set out in the table in section 4.

Safeguard used to protect your personal data : Approved mechanisms for cross-border transfer including standard contractual clauses

For further information on our transfers of personal data, please contact us at the contact details provided in the “Contacting Us” section below.

8. What Marketing Activities Do We Carry Out?

8.1 We may from time to time provide you with information about our services or products which we think will be of interest to you or which you have asked us to provide you with. This may be sent by email or via the 東京こそTokyokoso Global Rewards apps.

8.2 We ensure that our marketing activities comply with all applicable laws. In some cases, this may mean that we ask for your consent in advance of sending you marketing materials by email.

8.3 Please note that you can opt out of receiving any marketing communications at any time. An “unsubscribe” link appears in all our marketing emails. To unsubscribe from emails sent by us, simply click on the link at any time. Alternatively, you can contact us to update your preferences using the contact details in the “Contacting Us” section below. In such circumstances, we will continue where necessary to send you service-related communications as these will not constitute marketing communications.

9. Automated Decision Making

Automated decision making refers to a situation where a decision is taken using personal data that is processed solely by automatic means (i.e., using an algorithm or other computer software) rather than a decision that is made with some form of human involvement. We use personal data to divide large groups of customers into sub-groups based on some type of shared characteristics such as geography, behavior, or demographics. We make automated decisions, using segmentation and/or your specific personal data to offer you certain benefits, recommendations, discounts, and special offers based on your characteristics.

10. Your Rights

10.1 You have the right to make certain requests of us in relation to the personal data that we hold about you. If you wish to exercise these rights at any time please contact us using the details set out in the “Contacting us” section.

10.2 Please note that not all of your data subject rights will be absolute; this means that there may be some circumstances where we may not be able to comply with your request (such as where this would conflict with our obligation to comply with other regulatory and/or legal requirements). However, if we cannot comply with your request, we will tell you the reason, and we will always respond to any request you make.

10.3 There may also be circumstances where exercising some of these rights (such as the right to erasure, the right to restrict processing, and the right to withdraw consent) will mean we can no longer provide you with our services and it may therefore result in the cancellation of our agreement with you. We will inform you of these consequences when you exercise your right.

10.4 For UK/EEA residents, your rights under data protection laws in the UK and EU are:

(a) The right to access your personal data:

  • You are entitled to a copy of the personal data we hold about you and certain details of how we use it; and
  • We will usually provide you with your personal data in writing, unless you request otherwise, or where you have made the request using electronic means, in which case the information will, where possible, be provided to you by electronic means;

(b) The right to rectification: We take reasonable steps to ensure that your personal data that we hold is accurate and complete, however, you can ask us to amend or update the personal data if you do not believe that this is so or if your details change;

(c) The right to erasure: You have the right to ask us to erase your personal data in certain circumstances, for example where you withdraw your consent or where the personal data we obtained is no longer necessary for the original purpose; this right will, however, need to be balanced against other factors, for example, we may have legal obligations which mean we cannot comply with your request;

(d) The right to restrict processing: In certain circumstances, you are entitled to ask us to stop using your personal data, for example where you think that we no longer need to use your personal data or where you think that the personal data we hold about you may be inaccurate;

(e) The right to data portability: You have the right, under certain circumstances, to ask that we transfer personal data that you have provided to us to another third party of your choice;

(f) The right to object to marketing: You can ask us to stop sending you marketing messages at any time. You can exercise this right by either clicking on the “unsubscribe” link which is contained in any email that we send to you or you can use the details set out in the “Contacting us” section to contact us. Please note that exercise of this right does not extend to service-related communications which, where necessary, we will continue to send;

(g) The right to object to processing: Where we process your personal data based on our legitimate business interests (indicated in this privacy policy), you can object to our processing. We will consider your objection and determine whether or not our legitimate business interests prejudice your privacy rights;

(h) The right to withdraw consent: We may ask for your consent for certain uses of your personal data – we have indicated in this privacy policy where we do need your consent. You have the right to withdraw your consent at any time; and

(i) The right to lodge a complaint with the applicable data protection supervisory authority: We encourage you to contact us (using the details in the “Contacting Us” section) if you have any concerns with how we use your personal data and we will do our best to resolve your concerns. However, please note that you have a right to complain to the applicable data protection supervisory authority (depending on your territory) if you believe that any use of your personal data by us is in breach of applicable data protection laws.

Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

11. How We Store Your Personal Data

We may store your personal data in different ways, including in paper form, electronic form, telephone recordings, and utilizing secure document retention services (including those located off-site).

We take appropriate security measures to ensure that your personal data is stored safely to protect it from misuse, loss, unauthorized access, modification, or disclosure as set out below.

12. How We Protect Your Personal Data

12.1 We have put in place:

(a) Appropriate security measures and policies and procedures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed; and

(b) Procedures to address any suspected personal data breaches and we will notify you and any applicable regulator of a breach where we are legally required to do so.

12.2 Where we have given you (or you have chosen) a password, you are responsible for keeping this password confidential. Please do not share your password with anyone.

12.3 We review our security measures periodically. We also ensure that our employees receive appropriate data security training.

13. How Long Do We Keep Your Personal Data?

13.1 We will only keep your personal data for as long as is necessary to fulfill the relevant purposes as set out in this privacy policy and more widely to comply with our legal obligations, for example, for tax purposes and for local regulatory compliance requirements.

13.2 The exact time period will depend on the type of personal data we hold; for example, we will maintain your membership registration details for as long as you have an account with 東京こそTokyokoso.

14. Responsible Party for Joint Use of Personal Data and Pseudonymized Data Within the Meaning of Japanese Data Protection Law

東京こそTokyokoso
Allez Hop CO.,LTD.
Address : Room 202, 3-38-14 Minamiotsuka, Toshima-ku, Tokyo,〒170-0005
Legal Representative : YANG YUTING
Telephone Number : 08054865688
Email Address : contact@tokyokoso.com

15. Contacting Us

If you have any queries about how we handle your personal data, the contents of this privacy policy, your data protection rights under applicable data protection laws, how to update your records, or how to obtain a copy of the personal data that we hold about you, please email us at contact@tokyokoso.com.

16. Complaints

If you believe that we have not complied with our legal obligations in relation to your personal data or have not complied with the terms of our privacy policy, or you would like to appeal a decision made by us relating to your personal data, you can make a complaint in writing to us using the details set out above. We will respond to you within a reasonable period of time to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.

If you are still unhappy with our response, you may direct your complaint to the relevant regulatory authority with responsibility for privacy complaints in the applicable jurisdiction. We will provide you with details of the relevant regulatory authority if you request them from us. Please contact us using the details above if you require such information.

17. Updates to This Privacy Policy

From time to time we may need to make changes to this privacy policy, for example, as the result of changes to applicable law, technologies, our services, or other developments. We will provide you with the most up-to-date privacy policy, and you can check our website periodically to view it.

The text of this policy is given in English. In the event the policy is translated into languages other than English, only the English text shall be valid and text that has been translated into any other language will have no effect whatsoever.

This privacy policy was last updated on 2024/06/01.