Our aim is to establish a relationship with our customers firmly built on trust by providing high-quality service that meets a myriad of requests. By fully utilizing the ORIX Group's comprehensive power as a member, we deem our customers' privacy as a critically important information asset, and will accumulate it through fair and legal practices, ensuring that it is appropriately used, controlled and protected in accordance with the following policies. The purpose of this document is to publicize our uses and explain our handling measures, pursuant to the provisions of the Act on Identity theft prevention measures.
Purpose behind personal information use
We will only use customer personal information for the following purposes. We will not use any personal information of customers beyond the scope of necessity for achievement of the following purposes without consent of the customer:
1. To respond in a suitable fashion to customers’ reservations and inquiries and provide various services in our business, which includes accommodation, dining, weddings and product sales (for details, please refer to our website at https://www.crosshotel.com).
2. For the purposes of introducing company information, various products and services of our company and ORIX Group companies, and other companies through direct mailing, e-mail, by phone, and so forth;
3. For the purposes of utilization in marketing analysis in order to provide customers with better products, services and satisfaction;
4. For the purposes of conducting various administrational and managerial tasks necessary for company management.
5. For the purposes of sharing with ORIX Group companies.
If we intend to use any personal information for any purposes other than those listed above, we will specify the purpose of such usage and obtain prior consent from the relevant customer.
Sharing of Personal Data
The ORIX Group responds and meets the various needs of its customers by fully utilizing its comprehensive power under its consolidated management; therefore, we may share personal information of customers held by us with ORIX Group companies. Please refer to the following:
1. Parties that share personal information
Companies of the ORIX Group in Japan
(ORIX Corporation and all companies that based in law have consolidated accounts with ORIX Corporation or are accounted for by the equity-method)
Among these companies, there are some that have “ORIX” in their name and some that do not. For details on the latter kind, please check the "List of Co-Users". (http://www.orix-realestate.com/en/group.html).
* Companies that share and use personal information are subject to change.
2. Purposes for sharing personal information
Co-users use customers’ personal data for the following purposes.
(1) In order for the company and the companies of the ORIX group to perform various management tasks as required as part of management, including understanding of the state of claims and assets and risks.
(2) In order to perform marketing analysis and product & services development in order to provide our customers with better products and services, and greater satisfaction as a result.
(3) In order to introduce and propose the products and services offered by the companies of the ORIX Group (for full details of the work that we do, please see "Introduction to Business and Services"(http://www.orix.co.jp/grp/en/business/)).
3. Shareable personal data items
Items required within the scope of the above 2 “Purpose of Use by Co-Users”, including name, address, date of birth, telephone number, e-mail address, credit-related information (including the customer’s assets, liabilities and other accounts related information, details of collateral, details of payments made in the past, and other items which may be used to determine the customer’s ability to pay), and transaction details (including type of transaction, target property for the transaction, cost, remaining amount to pay and state of payment).
4. Party responsible for controlling personal data
[The name of the company] CROSS HOTELS CORPORATION
[Address] Nippon Life Hamamatsucho Crea Tower.14th Floor, 2-3-1, Hamamatsu-cho, Minato-ku, Tokyo
Compliance with laws
We recognize that for the purposes of identity theft protection, it is necessary that all directors and employees adequately understand laws and regulations and other norms on the handling of personal information and comply with them, and will ensure that said understanding and compliance is thoroughly realized.
Continuous improvement of the compliance program
The company will create a compliance program that includes items on the handling of personal information; and periodically review, maintain and improve it.
Protection and control of personal data
Based on established company rules etc., the personal data of customers is appropriately controlled under the custody of a compliance officer, who is appointed to each department, taking the utmost care to prevent such information from being leaked to the outside. Furthermore, we have taken security measures in an adequate and reasonable level against risks such as unauthorized access from outside, loss, destruction, and falsification.
Commission of handling of personal data
In order to provide better services for customers, we may commission outside persons to perform our business. In this case, we may also commission these persons to perform all or part of our handling of personal data. In selecting such persons to be commissioned, we carefully make evaluations based on our standards for appropriate handling, which have been established in terms of the control of personal data, confidentiality, and restriction on re-commission, prevention of identity theft, etc. Upon contracting these services, we supervise and control such commissioned persons.
Examples of commissioned persons:
Information processing companies, direct mail posting companies, shuttle service companies and other companies which are necessary for our business operation.
Provision of personal data to a third party
We will not disclose or provide any personal data of customers held by us to or for any third party without consent of the customer; except, however, in the following events:
(1) It is necessary based on any provision of laws or regulations;
(2) It is necessary for the protection of a person's life, physical safety or property (including a corporation's property) and it is difficult or impractical to obtain the consent of the customer;
(3) It is especially necessary for the improvement of public health or promotion of sound development of children and it is difficult or impractical to obtain the consent of the customer; or
(4) It is required in order to cooperate with a national or local authority or a person appointed by such an authority in its execution of affairs required by law or regulation, within which seeking the consent of the relevant customer may hinder the execution of said affairs.
Notification of purpose of use, disclosure, correction etc. and termination of use etc. of held personal data
1. Notification of purpose of use of held personal data
A customer may request that the company provide notification of the purpose of use of any personal data relating to them that is held by the company (hereafter “held personal data”). If a customer requests notification of the purpose of use of any held personal data relating to them then the company shall respond promptly and in accordance with all applicable laws.
2. Disclosure of personal data held by us
Any customer is entitled to request us to disclose his/her personal data (held by us) to him/her. If a customer requests us to disclose his/her personal data to him/her, we will appropriately respond without delay according to laws and regulations.
3. Amendment, etc. of personal data held by us
If as a result of the disclosure under the above article it is determined that there is an error in the held personal data in question, then the customer may request of the company that the held personal data in question may be corrected, added to or deleted (hereafter “correction etc.”). If a customer requests correction etc. of any held personal data relating to them then the company shall respond promptly and in accordance with all applicable laws.
4. Suspension of use of personal data held by us
If a customer requests that the company stop making use of or delete held personal data related to them for the reasons (1) or (2) below, or requests that provision to a third party be stopped for the reason (3) below (hereafter “termination of use etc.”), in the case that it is determined that the reasons behind the request are valid the company shall respond promptly and in accordance with all applicable laws.
(1) If the company uses personal data on a customer for a purpose other than that stated.
(2) If personal data on a customer is obtained in a manner that is not fair and appropriate.
(3) If the personal data on a customer is presented in violation of the abovementioned “provision of personal data to a third party”
In the case that a customer requests notification of purpose of use, disclosure, correction etc. and termination of use etc. of held personal data, it will be necessary to perform identity verification procedures as stipulated by the company and then perform application procedures as stipulated by the company. Furthermore, a processing fee may also be charged. For details of the procedures and fees required, please contact the “Personal Information Inquiry Service” as shown below. Moreover, customers’ personal data listed on accommodation logs will be deleted upon request only after passage of the retention period stipulated under the Inns and Hotels Act.
Personal Information Inquiry Service
[The name of the company] CROSS HOTELS CORPORATION
[Address] ORIX Siba2-chome Bld. 8th Floor, 2-14-5, Shiba, Minato-ku, Tokyo,
[Phone number] +81-3-6414-7259
To provide customers with useful information, our website may include links to other companies’ websites, but we cannot be held responsible for the protection of privacy on those websites.
(Date of latest update: May 30, 2017)