The New Otani Group has established the following Privacy Policy, and we will handle personal information appropriately and implement security measures.

1. Personal Information Protection Policy
   New Otani Co., Ltd. and the New Otani Group* (hereinafter referred to as "the Group") have established the following Privacy Policy to ensure the lawful and appropriate use and management of personal information obtained from the individuals to whom such information pertains (hereinafter referred to as "the individuals"). 
   The data subjects of personal information are as follows:

   • Hotel guests (hereinafter referred to as "Guests")
   • Business partners (hereinafter referred to as "Business Partners")
   • Officers and employees of our Group (hereinafter referred to as "Employees, etc.")
   • Others

   *The term "our group" refers to the following: the New Otani Group, group hotels, associate hotels, and affiliated companies.
   (1) New Otani Group
   New Otani Co., Ltd. (Headquarters; Hotel New Otani Tokyo, Hotel New Otani Makuhari, Hotel New Otani Osaka)
   HRT New Otani Co., Ltd. (Headquarters; New Otani Inn Sapporo, NASPA New Otani, New Otani Inn Tokyo, New Otani Inn Yokohama Premium; restaurants, trading, insurance, and other businesses)
   New Otani Kyushu Co., Ltd. (Headquarters; Hotel New Otani Hakata, Hotel New Otani Saga)
   HSK New Otani (Staffing)
   NRE Happiness Co., Ltd. (Facility Management)
   (2) Group Hotels
   Hotel New Otani Nagaoka
   Hotel New Otani Takaoka
   Hotel New Otani Tottori
   Hotel New Otani Chang Fu Gong (Beijing, CHINA)
   (3) Partner Hotels
   Hotel Italia-Ken (Niigata)
   Kanazawa New Grand Hotel
   (4) Affiliated Companies (including partner companies)
   Otani Corporation Co., Ltd. (Costumes, Makeup, Photography)
   Rainbow Co., Ltd. (Floral Arrangements, Construction, Setup)
   T.O. Linen Supply Co., Ltd. (Laundry, Linen)
   Others

2. Compliance with Laws and Regulations
   Our Group complies with all laws, guidelines, and other standards pertaining to personal information.
3. Collection of Personal Information
   (1) Our Group will collect personal information through lawful and fair means and will endeavor to ensure that it remains accurate and up-to-date.
   (2) Our Group will collect personal information by lawful and fair means, after clearly stating the purpose of use and obtaining the consent of the individual concerned, and only to the extent necessary to achieve the stated purpose.
   Regarding the obtaining of consent and notification for individuals under the age of 16, we will contact the individual’s legal representative. 
   *For foreign nationals, we will comply with the age-related rules of each country or region.
   (3) The Group collects personal information through the following lawful and fair means in connection with transactions related to the Group's facilities and products (including accommodation, food and beverage services, banquets, merchandise sales, and the provision of other ancillary products and services), as well as transactions with businesses affiliated with the Group.
   ① Direct collection from the individual
   ・By telephone, in writing (including electronic records), via business cards, verbally, or via the Internet, etc.
   ② Collection from a person duly authorized by the individual
   ・Application applicants, referrers, travel agencies, partners, and operators handling packaged tours, etc.
   ③ Collection from publicly available sources
   ・The Internet, newspapers, telephone directories, books, and other publications, etc.
4. Personal Information Held
   The personal information held by our Group includes the following:
   ① Name, gender, date of birth, address, telephone number, email address, and employment information (company name, address, telephone number, department, job title, etc.)
   ② Information regarding purchased products and services, details of special requests, and preferences regarding services
   ③ Hotel membership information and online user account information
   ④ Information obtained through participation in surveys, promotional benefits, and similar activities
   ⑤ Information obtained through inquiries (regardless of the means of communication) (limited to information that can identify an individual)
   ⑥ Information collected through the use of security cameras, key cards, security systems, etc.
   ⑦ Contact information and other related information regarding employees of business partners and external vendors managed by each business entity within our Group, as well as other individuals (such as travel agencies, Online Travel Agents, and conference and event planners)
   ⑧ Information regarding employees and others at each business location managed by each business entity within our Group
   ⑨ Information regarding payments and payment methods, etc.
5. Purposes of Use of Personal Information
   Our Group will use personal information within the scope of the following purposes. Please note that if we use personal information beyond the scope of these purposes, we will do so only after obtaining the consent of the individual concerned, except where required by law.
   (1) Customer Personal Information
   ① Use for registering contact information as required by law, confirming reservation details, notifying customers regarding lost items, and other communications necessary for business operations
   ② Use for sending business information, such as newsletters from hotel membership organizations, various special offers, product plans, and event information*
   ③ Use for managing member information within each membership organization and providing services to members
   ④ Use to respond to comments collected through surveys, etc., via mail, telephone, email, or other means
   ⑤ Use for communications regarding guidance and confirmation related to transactions, product shipping, payment and settlement of charges, and other related matters
   ⑥ Use for inquiries, confirmations, requests, etc., regarding our services that the customer has purchased or reserved
   ⑦ Use for service improvement, operational efficiency, and risk management within our group
   ⑧ Other uses related to the overall provision of our services
   * When sending newsletters or other publications to hotel guest organizations, we may include information about products and services offered by other companies within our group; however, we do not provide your personal information to those companies.
   In addition, our group may analyze information such as your website browsing history and purchase history to use it for advertising our group’s new products and services tailored to your interests and preferences, as well as for usage trend surveys, new product development, and customer satisfaction surveys.
   (2) Personal Information of Business Partners, etc.
   ① Conducting business negotiations and meetings with business partners
   ② Providing information to and communicating with business partners
   ③ Performing tasks entrusted to us by business partners
   ④ Other tasks related to the above items
   *Business card information from business partners and others will be used for the purpose of communication and information exchange in sales activities. However, if such information is entered into a database for management, each business entity will handle it appropriately as personal data (including collection, use, storage, disclosure, and disposal).
   (3) Personal Information of Employees and Others
   ① Calculation and payment of salaries
   ② Social insurance procedures
   ③ Safety management for employees and others
   ④ Human resources management regarding employees and others
   ⑤ Health management regarding employees and others
   ⑥ Improving internal communication among employees and others
   ⑦ Operations related to other administrative matters
   (4) Personal Information of Job Applicants
   ① Recruitment screening
   ② Onboarding procedures
   ③ Post-employment personnel management
   ④ Operations related to the above items
   Other: Surveys regarding recruitment, provision of information regarding recruitment, etc.
6. Disclosure to Third Parties
   Our Group will not disclose or provide personal information to third parties without the individual’s consent, except in the following cases:
   (1) When disclosing or providing information to a subcontractor within the scope necessary for business operations
   (2) When business operations are transferred due to a merger, corporate split, transfer of business, or other reasons
   (3) When disclosure is permitted without the individual’s consent as an exception to the general rule on disclosure to third parties under the law
   ① When required by laws and regulations
   ② When necessary to protect human life, physical safety, or property
   ③ When necessary to improve public health or ensure the sound development of children
   ④ When cooperation with national agencies, local governments, or similar entities is necessary
7. Outsourcing
   Our Group may outsource all or part of its operations to third parties to the extent necessary to achieve the purposes of use, including the mailing of product and service information, the provision of products and services, and the analysis of information such as purchase history. In such cases, our Group will ensure the appropriate management and supervision of the contractors, including the execution of confidentiality agreements that cover the protection of personal information.
8. Joint Use
   (1) Our Group may jointly use your personal information to the extent necessary for providing hotel services, informing you about products and campaigns, and performing related operations.
   ① Data Items Subject to Joint Use
   ・Your name, phone number, address, email address, age, gender, employer, customer membership number, membership type, hotel name, check-in date, plan, rate, number of points, arrival time, information necessary for hospitality, and credit card number for reservation guarantee
   ② Scope of Parties Sharing the Information
   ・Within our Group as defined in the Privacy Policy, limited to the scope necessary for business operations.
   ③ Purpose of Use by Parties Sharing the Information
   ・Provision of goods and services such as lodging, food and beverage, banquets, decorations, floral arrangements, costumes, beauty services, emcee services, event production, calligraphy, photography, and wedding favors; provision of special promotional products, etc.
   ・Provision of billing and services for on-site facilities, pools, massage services, tenant shops, etc.
   ・Use related to the provision of services such as customer organization management, membership-related data, registration management, and point services ・Use within the New Otani Group
   ・Other uses related to the provision of services not listed above, in response to customer requests
   (2) Our Group may share personal information, such as business card information of our business partners, within each business entity to the extent necessary for sales activities and related operations.
   (3) Our Group may share personal information, such as photographs and profiles of employees and other personnel, with their consent, to the extent necessary for sales activities, promotional activities, customer service for key clients, and related operations. 
   *In addition to obtaining consent from employees and others via a separate, prescribed “Pledge and Consent Form,” we will confirm consent as necessary. 
   (4) Party Responsible for the Management of Jointly Used Personal Data
   New Otani Co., Ltd.
   4-1 Kioicho, Chiyoda-ku, Tokyo
   Hajime Shimizu, President and CEO
9. Security Measures
   To ensure the accuracy and security of personal information, our Group implements security measures and strives to prevent unauthorized access to personal information, as well as the loss, destruction, alteration, or leakage of such information.
   (1) Formulation of Basic Policy
   ・We have formulated this policy to ensure the lawful and appropriate use and management of personal information, and to provide information regarding contact points for inquiries regarding personal information.
   (2) Establishment of Rules Governing the Handling of Personal Information
   ・We manage procedures for acquisition, use, storage, provision, deletion, and disposal, as well as the responsible parties and their duties, through an information management ledger.
   ・We have established Personal Information Protection Regulations.
   (3) Security Measures
   To prevent the leakage of information assets and to ensure the protection of confidentiality, integrity, and availability, our Group implements the following security measures:
   ① Organizational Security Measures (Establishment of a responsibility framework, development of regulations, appropriate operational management, etc.)
   ② Personnel Security Measures (Confidentiality agreements, education and training, appropriate supervision, etc.)
   ③ Physical Security Measures (Access control, physical protection against theft, damage, water leaks, etc.)
   ④ Technical Security Measures (Access control, security systems for detection and monitoring, etc.)
   (4) Incident Response
   In the event of an incident (such as an incident related to the management of information, including personal information), each business entity within our Group will take the following measures:
   ・Specialized personnel from departments responsible for system management and information security, such as the incident response team “CSIRT (Computer Security Incident Response Team),” will strive to minimize damage and ensure a safe recovery using the most appropriate methods
   ・If the in-house department is unable to handle the situation, a contracted service provider will handle the matter from the investigation of the cause through to recovery.
   ・If an incident* subject to reporting obligations under laws and regulations occurs, we will respond appropriately (we will strive to provide a preliminary report within 3 to 5 days and a final report within 30 days).
   *This refers to situations that pose a significant risk of harming an individual’s rights and interests, such as the leakage, loss, or damage of personal information (hereinafter referred to as “leakage, etc.”); cases where the leaked personal information includes sensitive personal information; cases where there is a risk of financial loss; cases where there is a suspicion of malicious intent (such as unauthorized access); and cases where personal data of more than 1,000 individuals has been leaked.
10. Employee Training
    Our Group provides training on personal information protection to employees and other relevant personnel as follows:
    (1) We provide training to ensure that employees and other personnel who handle personal information have sufficient knowledge to perform their duties in compliance with personal information protection regulations.
    (2) We strive to ensure thorough training on personal information protection through the implementation of training programs, the distribution of portable guidebooks, and awareness campaigns via internal communications.
11. Conducting Inspections and Audits
    Our Group will conduct regular inspections and audits to verify that personal information is being protected appropriately, and will strive to review and improve our management systems and initiatives.
12. Pseudonymized Information
    Our Group handles pseudonymized personal information as follows.
    (1) We create pseudonymized information that has been processed so that the individual cannot be identified unless cross-referenced with other information, and we analyze and use such information within the scope of the “Purposes of Use of Personal Information” set forth in this Policy. Furthermore, if we change the purposes of use specified in this Policy, we will announce the revised purposes on our Group’s official website and other channels.
    (2) When creating pseudonymized information, we will process personal information in accordance with the standards set forth in laws and regulations.
    (3) When we create pseudonymized information, or when we acquire pseudonymized information and related deletion information, etc., we will take measures to ensure the security of such deletion information, etc., in accordance with the standards set forth in laws and regulations, to prevent the leakage of such information.
13. Anonymized Processed Information
    Our Group will handle anonymized processed information as follows.
    (1) When creating anonymized processed information, we will process personal information in accordance with the standards set forth in laws and regulations.
    (2) When creating anonymized processed information, we will implement security management measures to prevent the leakage of descriptions and personal identification codes deleted from the personal information used to create the anonymized processed information, as well as information regarding the processing methods performed in accordance with the provisions of the preceding paragraph (limited to information that can be used to restore the relevant personal information).
    (3) When creating anonymized processed information, we will disclose the items of information regarding the individuals contained in such anonymized processed information on our Group’s official website and other channels.
14. Sensitive Personal Information
    Our Group handles sensitive personal information appropriately in accordance with legal standards and other relevant regulations.
    ・Sensitive personal information refers to personal information that requires special care in its handling to prevent unfair discrimination or prejudice, such as information regarding race, religious beliefs, social status, medical history, criminal history, and information regarding criminal victimization.
    ・As a general rule, we do not collect sensitive personal information without the individual’s consent.
    ・As a general rule, we will not provide sensitive personal information to third parties without the individual’s consent.
    ・We will not provide sensitive personal information to third parties using an opt-out system (a system where consent is presumed unless the individual objects).
    ・We will implement appropriate security measures to prevent the leakage, loss, or damage of sensitive personal information.
    ・We will designate specific departments and personnel responsible for handling sensitive personal information and manage it under a special management system.
15. Revisions to the Privacy Policy
    Our Group may revise this policy in the event of changes to laws and regulations, or if we modify the purposes or scope of use of personal information. In such cases, we will post a notice on our Group’s official website. Please note that changes may be made without prior notice, so please check our Group’s official website for the latest information. Our Group shall not be held liable for any issues arising from your failure to review this information.
16. Disclosure, Correction, and Suspension of Use of Personal Information
    Our Group will promptly respond to requests from the individual concerned or their representative regarding the existence or content of personal information managed by our Group, including requests for disclosure, correction, or suspension of use.
    (1) Requests for Disclosure
    If the Group receives a request for disclosure of personal information from the individual concerned or their representative, the Group will disclose the personal information it holds within a reasonable period (generally approximately two weeks; however, if the response requires more time due to a large number of requests or complex requests, the necessary period will be determined through consultation) and to the extent necessary, except in cases where the request includes any of the information listed below. Furthermore, if the Group does not disclose the information or if the relevant personal data does not exist, the Group will respond to that effect.
    ① When there is a risk of harm to the life, body, property, or other rights and interests of the individual or a third party
    ② When there is a risk of causing significant hindrance to the proper conduct of our Group’s business operations
    ③ When disclosure would violate laws or regulations
    ④ When we cannot confirm that the request for disclosure is from the individual concerned or an agent with legitimate authority
    ・For details regarding procedures for requests for disclosure, etc. (required documents, submission methods, identity verification methods, fees, and other matters), please refer to the “Personal Information Protection Inquiry Desk” described in the following section of this policy or the official websites of each business entity within our Group.
    (2) Correction
    You or your representative may request the correction of any personal information disclosed if it is inaccurate.
    (3) Suspension of Use
    You or your representative may request the suspension of the use of personal information if it was not lawfully obtained, is being retained beyond the scope necessary to achieve the purpose of use, or is being used or disclosed for purposes other than the intended purpose.
    ・To unsubscribe from informational emails, direct mail, and other communications, you can follow the procedures on the unsubscribe page or contact the relevant service provider.
17. Personal Information Protection Inquiry Desk
    If you submit a request for disclosure, correction, suspension of use, or other matters (various requests regarding personal information), our group will handle such requests at the designated contact points at each hotel or business location.
    Guests: Inquiries regarding reservations or confirmation of usage history for accommodations, dining, banquets, etc., at each hotel will be handled by the designated contact point at the respective hotel or business location.
    New Otani Club Members: Please send your inquiry via email to noc-office@newotani.co.jp.
    Business Partners: Please contact the relevant department at the respective company within our Group.
    Employees and Others: Please contact the Human Resources, General Affairs, or other administrative departments at the respective business entity within our Group.
    *For procedures regarding requests for disclosure of personal information (required documents, submission methods, identity verification methods, fees, and other details), please click here.
    [Inquiry Desk]
    4-1 Kioicho, Chiyoda-ku, Tokyo 102-8578
    New Otani Co., Ltd. Personal Information Protection Consultation Desk
    E-Mail: privacy-protection@newotani.co.jp

Enacted Date: April 1, 2005
Revised Date: April 1, 2026
New Otani Co., Ltd.

New Otani Co., Ltd. and the New Otani Group (hereinafter referred to as “the Group”) hereby disclose the following regarding the Group’s handling of pseudonymized and anonymized information, in accordance with the Group’s “Personal Information Protection Policy.”

April 1, 2026
New Otani Co., Ltd.

「Pseudonymized Information」

1. Definition of Pseudonymized Information
   Pseudonymized information refers to information about an individual that has been processed in accordance with standards established by law—such as by deleting descriptions contained in personal information or removing all personal identification codes—so that it cannot be used to identify a specific individual unless cross-referenced with other information.
2. Creation and Handling of Pseudonymized Information
   Our Group creates and handles pseudonymized information in accordance with laws and regulations as follows:
   (1) We perform appropriate processing in accordance with standards established by laws and regulations.
   (2) To prevent the leakage of information regarding the data deleted during the creation of pseudonymized information or the methods used for processing, we implement security measures and conduct ongoing reviews.
   (3) We do not cross-reference the pseudonymized information with other data to identify the individual whose personal information was used as the source.
   (4) We will not use pseudonymized information to contact customers or for similar purposes.
   (5) We will endeavor to promptly delete pseudonymized information that is no longer needed, as well as information deleted from personal information during the creation of pseudonymized information. However, this does not apply to pseudonymized information that is not personal information.
   (6) We will comply with all other matters required by law.
3. Purposes of Use of Pseudonymized Information
   We will use pseudonymized information for the following purposes within our Group.
   (1) Development and improvement of products and services
   ・Analysis of customer usage trends regarding various products and services at the business locations of each Group company
   ・Analysis of the content of consultations and inquiries received from customers at the business locations of each Group company
   (2) Various analyses
   ・Analysis regarding the utilization of big data to resolve risk or compliance issues and to improve customer satisfaction
   ・Analysis for the purpose of improving business operations at each company within our Group
   Furthermore, if we use pseudonymized information for purposes other than those listed above that go beyond the scope reasonably deemed to be related to the original purpose of use, we will clarify and disclose the specific purpose of use on a case-by-case basis.

「Anonymized Processed Information」

1. Definition of Anonymized Processed Information
   Anonymized processed information refers to information regarding an individual that has been processed by taking measures prescribed according to the category of personal information to prevent the identification of a specific individual, and which has been rendered such that the original personal information cannot be restored to re-identify a specific individual.
2. Creation and Handling of Anonymized Processed Information
   Our Group creates and handles anonymized processed information in accordance with laws and regulations as follows:
   (1) Perform appropriate processing in accordance with standards established by laws and regulations.
   (2) Implement security management measures in accordance with standards established by laws and regulations to prevent the leakage of deleted information or information regarding processing methods, and continuously review these measures.
   (3) Disclose the items of information contained in the created anonymized processed information.
   (4) Refrain from cross-referencing with other information to identify the individuals whose personal information was used as the source
   (5) Comply with other matters required by laws and regulations
3. Items of Information Contained in Anonymized Processed Information and Methods of Provision
   The items of information contained in the anonymized processed information created by our Group and the methods of provision to third parties are as follows.
   (1) Items of information contained in the anonymized processed information created by our Group and items provided to third parties
   Gender, region (city/ward/town/village), year of birth (or age/age group), usage history, purchase history, inquiry history, etc., with direct identifiers such as name, address, and date of birth deleted or replaced
   (2) Methods of Provision
   Transmission of encrypted electronic data via email, uploading to a dedicated server, etc.
   (3) Disclosure of the Provision Period, etc., in Cases of Repeated and Continuous Provision to Third Parties
   When providing anonymized processed information to third parties repeatedly and continuously using the same method, and where the items of personal information and the processing methods are the same, the provision period or the fact that continuous provision is planned shall be clearly stated at the time of disclosing the items of personal information when the anonymized processed information is first provided to a third party.
4. Measures Regarding Anonymized Processed Information
   (1) Security Measures for Information on Processing Methods, etc.
   Our Group implements appropriate security measures commensurate with the risks associated with each stage of handling anonymized processed information, including access control based on identification and authentication, prevention of unauthorized external access, and encryption during transfer and transmission.
   (2) Measures to Ensure the Proper Handling of Anonymized Processed Information
   Our Group will establish an internal system, including consultation services provided by dedicated personnel responsible for the handling of anonymized processed information, define management procedures for such information (including the management of contractors), and ensure that all handlers are made aware of usage regulations—such as the prohibition of identification—to ensure the proper handling of anonymized processed information.
   (3) Details of Measures Regarding Anonymized Processed Information
   Our Group implements appropriate security management measures, including the establishment of internal systems and handling regulations, measures to prevent leaks and unauthorized access during storage and transfer, and access controls.
5. Contact Point for Inquiries Regarding the Handling of Anonymized Processed Information
   For inquiries regarding the handling of anonymized processed information, please contact the consultation desk at each business location.

New Otani Co., Ltd. and the New Otani Group (hereinafter referred to as “our group”) have established the following basic policy on the handling of specified personal information, etc. in order to use and manage the personal numbers and specified personal information (hereinafter referred to as “specified personal information, etc.”) of individuals in a lawful and appropriate manner in accordance with the “Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure”. Please note that the basic handling of personal information not specified in this policy shall be in accordance with the provisions of the “Personal Information Protection Policy” of the Company and the Company Group.

1. Specified Personal Information, etc.
   Specified Personal Information, etc. refers to personal information that includes a 12-digit Social Security and Tax Number.
2. Compliance with relevant laws, regulations, and guidelines
   Our group will handle specific personal information appropriately in compliance with relevant laws, regulations, and guidelines.
3. Acquisition of Specified Personal Information, etc.
   Our group will acquire specified personal information, etc. in a lawful and appropriate manner.
4. Purpose of Use of Specified Personal Information, etc.
   Our group will use specified personal information, etc. only to the extent necessary to perform personal number-related tasks.
5. Principles and exceptions regarding the provision of specified personal information to third parties
   The provision of specified personal information to third parties is not permitted, so even with the consent of the individual, we will not provide such information to third parties except in the following cases specified by law.
   ① When required by law
   ② When necessary to protect human life, physical safety, or property
6. Handling of Specified Personal Information, etc.
   Our group will comply with and appropriately handle matters stipulated in the Number Act regarding the handling of specified personal information, etc., such as the acquisition and collection, use and provision, storage, and disposal Social Security and Tax Number.
   (1) Safety Management Measures
   The Group shall take necessary and appropriate safety management measures to prevent unauthorized access, leakage, loss, or damage of specified personal information, etc.
   (2) Formulation of Handling Regulations
   The Group shall formulate handling regulations regarding specified personal information, etc.
7. Supervision of contractors
   When entrusting the handling of specified personal information, etc. to a contractor, our group will require the contractor to implement necessary and appropriate management measures similar to those implemented by our group through contracts, etc., and will conduct necessary and appropriate supervision.
8. Disclosure and Correction of Information
   When requested by an individual to disclose their specific personal information, our group will disclose the information after confirming the identity of the individual in accordance with the prescribed procedures, and will make any necessary corrections if the registered information is not accurate.
9. Continuous improvement
   Our group will strive for continuous improvement in the protection and handling of specified personal information in line with revisions to laws and regulations.
10. Contact Information
    For inquiries regarding the handling of specific personal information within our group, please contact the following office.
    
    4-1 Kioicho, Chiyoda-ku, Tokyo 102-8578
    New Otani Co., Ltd. Personal Information Protection Consultation Desk
    E-Mail: privacy-protection@newotani.co.jp

Enacted Date: January 1, 2016
New Otani Co., Ltd.

Our group has established a privacy policy (hereinafter referred to as “this policy”) regarding the protection of personal data of individuals residing in EEA member states (hereinafter referred to as “information providers”) in accordance with the General Data Protection Regulation (hereinafter referred to as ‘GDPR’). Please note that the basic handling of personal information not specified in this policy shall be in accordance with the provisions of our company's and our group's “Personal Information Protection Policy”.

1. Definitions
   The following terms shall have the meanings set forth below in this policy. However, for terms not defined in this policy, the definitions in Article 4 of the GDPR shall apply.
   (1) “Personal data” means any information relating to an identified or identifiable data subject (hereinafter referred to as “the data subject”).
   (2) “Processing” means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means.
   (3) “Controller” means the natural person, legal entity, public authority, administrative agency, or other organization that, alone or jointly with others, determines the purposes and means of processing personal data.
2. Purpose of Use
   (1) Personal data obtained by our group will be used for the purposes stated in our group's “Personal Information Protection Policy” and will be handled in a lawful, fair, and transparent manner, and will be handled to the extent that is sufficient, relevant, and necessary for the purpose.
   (2) If our group handles personal data for purposes other than those stated above, we will notify the individual in advance of the new purpose of use and other matters required by law, and obtain their consent.
3. Withdrawal of consent
   (1) The individual may withdraw their consent to the provision of personal data at any time.
   (2) The withdrawal of consent by the individual shall not affect the legality of data processing or data transfer prior to the withdrawal.
4. Protection of Personal Data
   Our group will take necessary and appropriate human, organizational, and technical security measures to prevent the leakage, theft, destruction, unauthorized access, or unauthorized alteration of personal data, taking into consideration the type and sensitivity of the personal data and the risk of infringement. We will also regularly review our security measures and strive to protect personal data.
5. Appropriate management of information
   Our group strives to keep personal data up to date and to correct any inaccurate personal data without delay.
6. Retention period
   Our group does not retain personal data in a form that allows identification of the information provider beyond the period necessary for the purpose of processing.
7. Transfer of personal data outside the EEA
   The GDPR generally prohibits the transfer of personal data obtained within the EEA outside the EEA, but Japan received an adequacy decision from the European Commission in 2019, and personal data transferred to Japan can generally be transferred without the consent of the individual.
8. Access Rights and Rights to Correction, Deletion, and Restriction of Use
   (1) You may request access to your personal data, correction or deletion of your personal data, or restriction of processing of your personal data while its accuracy is being verified.
   (2) The contact information for inquiries regarding the handling of personal data is listed in our group's “Personal Information Protection Policy”.
   (3) If you have any doubts about the handling of your personal data, you may file a complaint with the supervisory authority of an EEA member state, which is obligated to respond to your request within one month, although this period may be extended to a maximum of two months.
9. Data Portability
   Our group guarantees the following portability rights to individuals.
   (1) The right to receive personal data provided by the individual in a format that is easy to reuse.
   (2) The right to transfer personal data directly to another business operator, etc., when technically feasible.

Enacted Date: February 1, 2019
New Otani Co., Ltd.

In order to analyze how customers use our website, we occasionally collect and classify our users' access by contents, access time or IP addresses. The sole purpose of this research is to further improve the contents of our website to meet user needs. It will not be related to personally identifiable information.
 Like many other websites offering a variety of services, we may occasionally use the Cookies technology in some group hotels to receive certain online information. Cookies do not track your web usage on a regular basis. You may set your browser to block these Cookies. Individual records of web usage are not tracked unless we find certain actions to be harmful to our website, property or other users of our website.
 The Hotel New Otani Group website offers e-mail services (currently available in Japanese only), questionnaires and prize-winning contests, which may at times require you to provide personal information voluntarily. We prohibit the disclosure or transfer of any kind of personal information to third parties without your consent. Personal information is also protected when statistics of questionnaires are revealed to third parties for marketing purposes.
 The Hotel New Otani Group is only responsible for the privacy statement and the content of this website. We are not responsible for the privacy practices that you may have accessed this website from and to the outside websites that you may access from this website. For further details, please contact the site you have accessed.

The Hotel New Otani Group conducts e-mail newsletter services (currently available in Japanese only) to registered users. Those who wish to receive the e-mail newsletters are kindly requested to register his or her name, age, gender, address, e-mail address and other personal information.
The purpose is to send the latest hotel information to our customers, or as reference for the betterment of our service. Therefore your personal information shall not be disclosed to third parties.

We take utmost care in the safety and security of your personal information collected through our website. We strive to ensure your personal information is protected from unauthorized access, alteration and leakage.

The Hotel New Otani Group website may improve its systems and introduce new services and operations in the future. We have the right to change this privacy policy whenever necessary. However, as for any personal information received before the changes, such changes will not apply without your approval.