Privacy Policy Privacy Policy

MORI HOSPITALITY CORPORATION
PRIVACY POLICY

1 Protection of Personal Information
MORI HOSPITALITY CORPORATION obtains and utilizes personal information such as our customer's name, address, telephone number, e-mail address and individual identification code to facilitate the execution of our businesses. We recognize that proper protection of the personal information of our customers to be a serious obligation, and, to fulfill this obligation, we handle personal information pursuant to the policy below.
(1) MORI HOSPITALITY CORPORATION will comply with Act on the Protection of Personal Information, other related laws and regulations, and relating guidelines on the protection of personal information, and adhere to and abide by the generally accepted practices on the handling of personal information, and handle personal information properly. We will also strive to improve on the handling of personal information.
(2) MORI HOSPITALITY CORPORATION will make the rules and regulations on handling of personal information clear, and disseminate and fully inform our employees of them. We will also request our business counterparts to handle personal information properly.
(3) With respect to acquisition of personal information, the purpose of usage will be specified and notified or disclosed, and any personal information will be handled within the scope of said purpose.
(4) When personal information of our customers is provided to relevant consignees as a result of consignment of all or part of the handled personal information to third parties, within necessary limits, to achieve the purpose of usage, upon confirmation that the personal information at the relevant consignee is protected adequately, an agreement on protection of personal information shall be concluded, and appropriate steps taken. When personal information of our customers is provided to relevant consignees in a foreign country, such consignees in a foreign country shall be required by contract, etc., to conduct personal information management which conforms to standards prescribed by rules of the Personal Information Protection Commission, and an appropriate supervision shall be conducted.
(5) Necessary steps shall be taken in order to perform proper management to prevent leakage, loss, and falsification of personal information.
(6) With respect to the personal data stored at MORI HOSPITALITY CORPORATION, when our customers personally make requests for disclosure, correction, deletion, or suspension of usage, we will respond in good faith.
2 Purpose of Usage
MORI HOSPITALITY CORPORATION will acquire personal information necessary for conducting business, and will use personal information only within the scope of the following purposes:
a) For guests using Roppongi Hills Club, ARK Hills Club and Hills Spa:
(1) To provide food and beverages, banquet, wedding, spa and fitness and other services, and to confirm customer information and members information in receiving dining reservation and party reservation;
(2) To confirm use history of members and customers;
(3) Confirmation and identification of members and customers when they arrive;
(4) To send e-mail newsletters, seasonal publications, direct mails and invoices, etc., relating to businesses of MORI HOSPITALITY CORPORATION, MORI BUILDING Co., Ltd., and its affiliated companies;
(5) Marketing research for the businesses of MORI HOSPITALITY CORPORATION and MORI BUILDING Co., Ltd.;
(6) To invite members and customers for events and functions that MORI HOSPITALITY CORPORATION, and MORI BUILDING Co., Ltd, its affiliated company or a member hosts, co-sponsors, sponsors, supports, or collaborates on (hereinafter, “Event, etc.”), to inform members and customers of the Event, etc., and to send season's greetings to our members and customers; and
(7) To perform other operations relating to the businesses of MORI HOSPITALITY CORPORATION and MORI BUILDING Co., Ltd.
b) For guests using Grand Hyatt Tokyo and Andaz Tokyo:
(1) To provide and charge for the accommodations, food and beverages, banquet, wedding, spa and fitness and other services, to confirm customer information and members information in receiving dining reservation and party reservation, to confirm use history of members and customers, and confirmation and identification of members and customers when they arrive;
(2) Marketing activities in order to provide you with information regarding the services and goods, etc., and to provide you with the latest information;
(3) To conduct a survey about the services and goods;
(4) Used as statistical analysis for the purpose of marketing in a form which precludes personal identification; and
(5) Used in the course of carrying out business.
c) For guests visit our website:
(1) Cookies: to provide proper information and to ensure security.
(2) Access log: for statistical analysis for website maintenance and usage.
3 Control and Security
With respect to the handling of personal information provided by our customers, as set forth below, MORI HOSPITALITY CORPORATION will work on maintaining the accuracy of personal information through proper and stringent controls via the appointment of a security administrator of personal information. Furthermore, with respect to the risks of improper access from outside and prevention of any leakage of information, based on the rules and regulations on personal information protection and the detailed rules on handling and management of personal information, we will implement safety measures at the necessary and appropriate levels, and work on safety management of the personal information of our customers.
MORI HOSPITALITY CORPORATION will promptly dispose of our customers’ personal information if the retention period prescribed by laws and regulations has passed, or when the handling of our customers’ personal information is no longer necessary.
(1) Enactment of basic policy
This Privacy Policy is enacted as an organizational effort to secure the proper handling of personal data and to give notification to our customers of the inquiry desk for questions and complaint processing.
(2) Preparation of rules regarding the handling of personal data
We will prepare rules for personal data protection with respect to the handling method, responsible persons, and their duties, etc. regarding each stage of acquisition, usage, storage, provision, deletion, and disposition, etc. of personal data as rules regarding the specific handling of personal data for the purpose of the prevention of leakage, etc. of personal data that is handled and other safety management of personal data.
(3) Organizational security management measures
As well as appointing a security administrator of personal information, we will clarify the employees handling personal data and the scope of the personal data that such employees will handle, and establish the reporting and communication system to the responsible person in the event a fact of a breach of a law or rules and regulations on personal information or an indication thereof becomes known. We will also prepare a means to confirm the status of the handling of personal data.
(4) Personal security management measures
We will fully inform employees of the appropriate handling of personal data, and will also conduct appropriate education for employees.
(5) Physical security management measures
We will appropriately manage the areas where important information systems such as servers or main computers that handle personal information databases, etc. are managed and areas where administrative work that handles other personal data is conducted. In addition, we will conduct appropriate management in order to prevent the theft or loss, etc. of equipment, electronic media, and documents, etc. that handle personal data, and we will also take safety measures so that personal data is not easily revealed if electronic media or documents, etc. on which personal data is recorded will be transported.
(6) Technical security management measures
We will execute appropriate access controls in order to limit the scope of persons in charge and the personal information databases, etc. that are handled, and we will introduce and appropriately operate structures to protect the information system handling personal data from outside unauthorized access or unauthorized software.
(7) Understanding the external environment
If we handle personal data in a country other than Japan, we will take necessary and appropriate measures for the purpose of security management of personal data upon understanding the system, etc. for the protection of personal information in such country.
4 Supervision to Outsourcing Agents and Subcontractor
If MORI HOSPITALITY CORPORATION outsources all or part of the handling of personal data to a third party, we supervise such outsourcing agents and subcontractors so that they execute proper administration to protect personal information and take other proper measures by executing an agreement with them regarding the protection of personal information.
In case of outsourcing all or part of the handling of personal data to a third party in a foreign country, we will make an agreement which requires the third party to implement personal information management conforming to standards prescribed by rules of the Personal Information Protection Commission, and will conduct appropriate supervision over the third party.
5 Providing of Personal Information to Third Parties
Without the consent of the individual, MORI HOSPITALITY CORPORATION will not provide personal information to any third party, except for cases permitted under the related laws or regulations, or except in the cases prescribed in the following article.
6 Joint Use
All personal information provided by our guests using Grand Hyatt Tokyo and Andaz Tokyo will be safeguarded under this Privacy Policy and the "Personal Information Management Policy (JAPAN)" of Hyatt Hotels Corporation(the "Hyatt Privacy Policy") (Hyatt Privacy Policy: Please visit the website prescribed in 12.)
There may be cases where all items of personal data such as names, addresses, phone numbers, e-mail address, etc. that are provided by our guests is jointly used among the Hyatt Group (meaning all corporations stipulated as jointly using personal data under the Hyatt Privacy Policy; please see the Hyatt Privacy Policy for details) for marketing activities and provision of information regarding the Hyatt Group.
The person responsible for the management of personal data falling under joint use is as follows.

MORI HOSPITALITY CORPORATION
6-10-3 Roppongi, Minato-ku, Tokyo
Hiroo Mori, President and CEO
7 Disclosure
With respect to personal data stored at MORI HOSPITALITY CORPORATION, when our customer personally requests disclosure of stored personal data that can identify him/her or the purpose of use thereof, we provide disclosure in accordance with the provisions of laws and regulations and within the scope prescribed in laws and regulations, upon verification that the requestor is the actual customer.
8 Corrections, Additions and Deletions
With respect to personal data stored at MORI HOSPITALITY CORPORATION, when our customer personally requests corrections, additions, or deletions of stored personal data that can identify him/her, and details of such stored personal data differ from fact, we make corrections, additions, or deletions in accordance with the provisions of laws and regulations and within the scope prescribed in laws and regulations, upon verification that the requestor is the actual customer.
9 Suspension of Usage, Removal, and Suspension of Third Party Provision
With respect to personal data stored at MORI HOSPITALITY CORPORATION, when our customer personally requests suspension of the usage or removal of stored personal data that can identify him/her, or the providing of stored personal data that can identify him/her to third parties, we will suspend providing information to third parties, or remove or suspend the usage of such stored personal data without delay, upon verification that the requestor is the actual customer and it is verified that the request of our customer is legitimate, in accordance with the provisions of laws and regulations and within the scope prescribed in laws and regulations.
10 Inquiry Desk for Disclosure, etc.
[Request Procedure]
Contact for requests prescribed in 7, 8, and 9 above relating to personal data stored at MORI HOSPITALITY CORPORATION, and inquiries and claims relating to our handling of personal information are shown below.
Procedure for the disclosure, correction, addition, deletion, suspension of the usage, removal or suspension of third party provision of retained personal information described above may be made through the inquiry form by post to ensure a strict identity verification procedure. Please enclose the identity verification documents such as a copy of a document with your photo, name, birthdate, address.
Please be reminded that any request for disclosure or other handling in any other manner may not be accepted.

Inquiry Desk
6-10-3 Roppongi Minato-ku, Tokyo 106-0032, Japan
MORI HOSPITALITY CORPORATION
Personal Information Protection Secretariat

The cost of the procedure described in 7 above shall be 2,000 Japanese Yen for one inquiry and equivalent amount of the postal money order with fixed amount issued by Japan Post Bank (Teigaku-Kogawase) shall be enclosed when you make an inquiry.
When you purchase the postal money order, the fee prescribed by Japan Post Bank will apply. The fee will be borne by you.
11 Change to this Privacy Policy
We will inform you through our website when this Privacy Policy will be changed.
12 Links
Japan Personal Management Policy
< https://www.hyatt.com/en-US/info/privacy-policy-japan >

Appendix A
If you are a resident of the European Economic Area (EEA), please see Appendix A for additional information regarding our use of your personal information.

Effective Date: April 1, 2005
Amendment Date: January 1, 2010
Amendment Date: April 1, 2013
Amendment Date: April 1, 2017
Amendment Date: June 1, 2018
Amendment Date: April 1, 2019

Added Appendix A: “Additional Provisions Applicable to Processing of Personal Information of EEA Residents.” Appendix A includes detailed information provided pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal information and on the free movement of such data, commonly referred to as the “General Data Protection Regulation” (GDPR).
Amendment Date: April 1, 2022

April 1, 2022
MORI HOSPITALITY CORPORATION
6-10-3 Roppongi, Minato-ku, Tokyo
Hiroo Mori, President and CEO

Appendix A: Additional Provisions Applicable to Processing of Personal Information of EEA Residents

For individuals residing in the EEA, this Appendix outlines certain additional information that MORI HOSPITALITY CORPORATION is obligated to provide to you, as well as certain rights you have with respect to the processing of your personal information, based on the General Data Protection Regulation (GDPR). This Appendix A shall prevail to the extent it conflicts with any provision in the main body of this Privacy Policy.

1 Processing of Personal Information

The purposes of personal information
The purposes of personal information that we handle are set out in Article 2 of this Privacy Policy.

The categories of personal information:
Personal information that we collect and retain includes the following:
① Basic Information (name, address, phone number, e-mail address, individual identification code, sex, date of birth, nationality, fax number, address for service, etc.);
② Additional information (occupation, office information (company name, address, telephone number, department name, managerial position), the day of a wedding, family information (name, relationship, birthday), etc. )
③ Payment information (a credit card number, the bank account information, the billing address, etc.)
④ Service Utilizing Information (facility use state, a merchandise purchase state, etc.);
⑤ Informative matters/Messages (e-mail, website form input, fax, a phone note, letter, the answers to the questionnaires, etc. )
⑥ Information collected by using security systems (security camera, card key, etc.)
⑦ Information automatically collected on our website (cookies, IP address, etc.)
⑧ Hotel register items (address, name, occupation, nationality, passport number, age, previous place of stay (coming from ~), next place of stay (going to ~), arrival date and time, departure date and time, guest room name, etc.)

Acquisition of Personal Information
We collect personal information from the following sources in conducting business related to our facilities, services and products.
① Direct acquisition from an individual:
by telephone, letter (including electro-magnetic records), business cards, verbally, through the internet, etc.
② Acquisition from persons with proper authorization to provide information for an individual:
an individual applying on behalf of another, a party introduced by as second party, travel agents, business partners and agents selling retail packaged plans.
③ Acquisition from published material or public sources:
internet, newspapers, telephone directories, books and other publications, etc.

Provision to a third party
We provide personal information to a person who falls under any of the following items:
① a business operator whom we entrust with the handling of personal information;
② a Joint User among which we jointly use personal Information; and
③ information providing destination specified by laws and regulations, etc., in case of provision of personal information under laws and regulations, etc.

2 Legal Basis
We process customer’s personal information based on the customer’s consent in principle. The processing of personal information in the absence of the customer’s consent shall be based on the necessity for the performance of the contract with the customer, the necessity to take steps at the request of the customer prior to entering into a contract, the necessity for the purposes of the legitimate interests pursued by us or a third party, or the necessity for compliance with a legal obligation to which we are subject. The legitimate interests pursued by us or a third party include an increase in operating income from marketing and improvement of services, and improvement of the convenience, security, etc., of our website.
3 Transfer of Personal Information to a Third Country
For the purposes of fulfilling the contract with the customer, or for taking procedures according to the customer’s request prior to entering into a contract, personal information acquired outside Japan will be transferred to Japan.
Japan has received an adequacy decision on protection of personal information from the European Commission.
We handle the customer’s personal information with appropriate security and confidentiality measures.
4 Retention Period
We retain personal information for the period necessary to accomplish its purpose of processing. Following the retention period, we eliminate or anonymize such personal information in a secure way within a reasonable period of time.
5 Customer’s Rights
You have the following rights with respect to us based on laws and regulations.
A customer may exercise these rights by contacting the Inquiry Desk stated in Article 10 of this Privacy Policy.
In the event that you exercise these rights, we will respond in good faith, barring statutory exceptions, after confirming that the requesting person is the person in question.
① The right of access
The right to obtain confirmation as to whether or not personal information concerning you is being processed, and where that is the case, (the right to) access to the personal information and the accompanying information.
② The right to rectification
The right to obtain the rectification of inaccurate personal information concerning you.
③ The right to erasure
The right to obtain the erasure of personal information concerning you in certain cases.
④ The right to restriction of processing
The right to obtain restriction of processing in certain cases.
⑤ The right to object to processing
The right to object the processing of personal information based on the purposes of the legitimate interests pursued by us or third parties.
⑥ The right to data portability
The right to receive the personal information concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us.
6 Withdrawal of Consent
You can withdraw consent on the processing of your personal information at any time. Withdrawing consent does not affect the lawfulness of the processing based on consent before the withdrawal. You can withdraw consent by contacting the Inquiry Desk stated in Article 10 of this Privacy Policy.
7 Lodging a Complaint with an Authority
Customers have the right to lodge a complaint on the processing of their personal information with the protection authority having jurisdiction over their residence.
8 Personal Information Necessary for Accommodations
We require the following information to provide accommodation services to our customers. In particular, the laws of Japan require that we keep the information on the hotel register for three years. Should you be unable to provide the required information, we may not be able to provide you with accommodation services.
① Basic information (name, telephone number, etc.)
② Hotel register items (name, address, occupation, nationality, passport number, sex, age, etc.)
9 Personal Information from Children
A guardians consent or permission must be obtained in the event that a customer under the age of 16 uses our service and consents to the Policy.
10 Automated Individual Decision-Making, including profiling
We do not make decisions based solely on automated processing, including profiling.
11  Free of Charge
Notwithstanding the second part of Article 10 of this Privacy Policy, no postal money order with fixed amount issued by Japan Post Bank (Teigaku-Kogawase) shall be enclosed when you make an inquiry.

Brochure requests and inquiries

TEL.03-6406-6808

(Weekdays 9:30-18:00)