Privacy Policy
■ Basic Policy on Information Security and Personal Information Protection of Hotel Okura Fukuoka (Hotel Okura Fukuoka Co., Ltd.)
■ Handling of Reservation Records
■ Handling of Personal Information Other Than Reservation Records
■ Handling of One Harmony Member Information
■ About SSL
■ Download Request Form for Disclosure of Retained Personal Data (PDF)
■ Revision of the Privacy Policy
Basic Policy on Information Security and Personal Information Protection
Hotel Okura Fukuoka (Hotel Okura Fukuoka Co., Ltd.; hereinafter “the Hotel”) recognizes the importance of information security and the protection of personal information in today’s advanced information and communications society, and strives to appropriately manage and protect the information held by the company in accordance with the following policies.
■ 01.Compliance with Laws and Regulations
We will comply with laws, as well as policies and guidelines established by government agencies.
■ 02.Establishment of a Management System
We will establish an internal management system and clearly define roles and responsibilities.
■ 03.Compliance with Internal Policies, Rules, and Guidelines
We will establish internal documents, including internal policies, internal rules, guidelines, and other regulations, and ensure compliance with them.
■ 04.Implementation of Security Measures
We will implement security measures and take preventive actions against unauthorized access, loss, destruction, alteration, leakage, and other forms of data breaches.
■ 05.Implementation of Education and Awareness Activities
We will promote education and awareness activities for employees to ensure proper information management, aiming to enhance their knowledge and awareness regarding information handling.
■ 06.Collaboration with Outsourced Service Providers
When outsourcing operations related to information management, we will select service providers with sufficient experience and capability, and stipulate confidentiality obligations and other relevant matters in the contract to ensure proper management of information.
■ 07.Initiatives for Operational Improvement
We will regularly check whether information is being managed appropriately and continuously work on improving our operations.
■ 08.Measures in the Event of an Incident
In the event an incident occurs, we will minimize the damage, promptly disclose necessary information, and implement appropriate measures, including steps to prevent recurrence.
■ 09.Clarification of Consultation Contact Points
We will establish consultation contact points to handle inquiries, complaints, and requests from customers, and respond promptly and sincerely.
■ 10.Publication of the Policy
We will make this policy, along with other policies related to information security and personal information protection, publicly available by posting them on our website and other platforms.
Revised on June 29, 2019
Handling of Reservation Records
Hotel Okura Fukuoka (hereinafter “the Hotel”) handles customers’ reservation records as follows.
■ 01.Management of Personal Information
The Hotel recognizes personal information as highly important and handles it with the utmost care, managing it strictly through computer-based systems.
■ 02.Joint Use
The Hotel jointly uses customers’ reservation records for the provision of services closely related to travel, including hotels and air transportation, for providing information on products and campaigns, and for operations associated with these purposes.
(1) Items of data jointly used:Customer name, telephone number, address, email address, age, gender, place of employment, mileage program, mileage membership number, mileage membership status, name of hotel stayed, stay dates, plan, room rate, mileage amount, arrival time, customer requests, and credit card number for reservation guarantee.
(2) Scope of joint users:The Hotel; Okura Nikko Hotel Management Co., Ltd. (“ONHM”); member hotels of hotel chains operated by ONHM—Okura Hotels & Resorts, Nikko Hotels International, and Hotel JAL City; partner hotel groups affiliated with ONHM; Hotel Okura Co., Ltd.; Hotel Okura Group companies (Note 1); JAL Group airlines
(Note 2); and JALCARD Inc.(Note 1) Hotel Okura Group companies refer to Hotel Okura Enterprise Co., Ltd., Hotel Okura Space Solutions Co., Ltd., and Continental Foods Co., Ltd.
(Note 2) JAL Group airlines refer to Japan Airlines Co., Ltd., Japan Transocean Air Co., Ltd., J-Air Co., Ltd., Japan Air Commuter Co., Ltd., Ryukyu Air Commuter Co., Ltd., and Hokkaido Air System Co., Ltd.
(3) Administrator: The Hotel
■ 03.Provision of Reservation Records to Travel Agencies
If there is a discrepancy between the reservation number provided by the customer to the travel agency and the reservation information held by the Hotel, the Hotel will provide the information described in Section 2 to the travel agency.
■ 04.Provision to Third Parties
Except for the cases described above, the Hotel will not provide information to third parties unless the customer has given consent or disclosure is required by law or legal procedures.
■ 05.Reservation Confirmation
For reservations accepted by the Hotel, reservation confirmations will be sent to the address, telephone number, fax number, or email address specified by the customer, or by mail, fax, or email as needed. For reservations made through our website, the confirmation email will be sent to the email address provided by the customer. Please make your reservation with this understanding.
■ 06.Inquiries Regarding Reservation Records
The Hotel will receive and respond promptly and reasonably to customers’ inquiries or requests for changes regarding their reservation records at the following contact points.
[Hotel Okura Fukuoka – Room Reservations Department]
Toll-free (within Japan only)
0120-096-290 (10:00–18:00)
■ 07.Other Inquiries Regarding Reservations
For inquiries related to reservation records made through channels other than the Okura Nikko Hotels Reservation Center, please contact the facilities or travel agencies where the reservation was made.
Revised on June 29, 2019
Handling of Personal Information Other Than Reservation Records
In addition to reservation records, the Hotel handles personal information directly provided by customers, as well as personal information provided by companies such as travel agencies that contract with the Hotel, as follows.
■ 01.Management of Personal Information
The Hotel recognizes personal information as highly important and handles it with the utmost care, managing it strictly through computer-based systems.
■ 02.Purpose of Use of Personal Information
The personal information you provide will be used within the scope necessary to achieve the following purposes:
(1) To provide appropriate services tailored to your needs at the Hotel, Okura Nikko Hotel Management Co., Ltd. (“ONHM”), and member hotels of the hotel chains operated by ONHM—Okura Hotels & Resorts, Nikko Hotels International, and Hotel JAL City (collectively, “ONHM Member Hotels”)—based on your past usage information.
(2) To provide you with information about the Hotel.
(3) To provide information related to the Hotel’s services, including accommodations, weddings, banquets, food and beverage, health club, hotel products, and cultural programs.
(4) To analyze responses to surveys conducted for the purpose of service improvement or marketing at the Hotel, ONHM Member Hotels, and ONHM-affiliated hotels.
(5) To conduct marketing activities of the Hotel and ONHM.
(6) For other purposes with your consent, or when the Hotel determines it is necessary to contact you.
■ 03.Provision to Third Parties
Personal information will not be provided or disclosed to third parties unless it falls under one of the following:
(1) When used jointly with ONHM Member Hotels, ONHM-affiliated hotels, Hotel Okura Co., Ltd., or Hotel Okura Group companies (Note 1).
(2) When outsourced to a service provider under a contract that prohibits the use of personal information for purposes other than the entrusted operations.
(3) When the customer has given prior consent.
(4) When disclosure is required by law.
(Note 1) Hotel Okura Group companies refer to Hotel Okura Enterprise Co., Ltd., Hotel Okura Space Solutions Co., Ltd., and Continental Foods Co., Ltd.
■ 04.Inquiries Regarding Personal Information
For inquiries regarding your own personal information held by the Hotel, please contact the inquiry desk. We will respond promptly and within a reasonable scope.
Revised on June 29, 2019
Handling of One Harmony Member Information
For details regarding the handling of One Harmony member information, please refer to the following:
▶︎ “Privacy Policy of Okura Nikko Hotel Management Co., Ltd.”
About SSL
SSL (Secure Sockets Layer) is a protocol used to encrypt and transmit information over the Internet.
Its purpose is to protect important information exchanged over the Internet—such as personal information—from theft, tampering, impersonation, and other risks by third parties.
The reservation pages on the website operated by Okura Nikko Hotel Management Co., Ltd. (“ONHM”) use SSL-secured pages for the entry of personal information.
(Some pages may allow the option of non‑SSL communication.)
■ 01.The Necessity of SSL
The protocols currently used on the Internet are not fully encrypted, which means third parties can intercept information sent and received online—for example, by tapping into communication lines or infiltrating routers or computers.
The Internet is a network built on the interconnection of websites, and numerous intermediary sites exist between the sender and recipient, making it difficult to determine whether each site is secure.
For this reason, websites operated by ONHM use SSL-secured communication, especially when transmitting important information such as personal data over the Internet, in order to prevent unauthorized access or data theft by third parties.
■ 02.How SSL Works
Before customers send their personal information, SSL first performs electronic authentication between the website operated by the Hotel and the customer (digital certificates and digital signatures) to verify legitimacy.
Only after this mutual authentication is established are data transmitted.
During transmission, data exchanged between the Hotel’s website and the customer are scrambled, preventing third parties from intercepting or stealing the information through unauthorized access.
Furthermore, information transmitted via SSL is encrypted using a combination of two encryption methods: public-key cryptography (RSA) and symmetric-key cryptography (secret-key cryptography).
To decrypt this information, an electronic “key” is required. Even if the data were stolen by a third party, decrypting the encrypted information would be impossible without the correct key.
Although there are many possible keys, finding the correct one through trial-and-error using a computer would require an extremely long time, making decryption by third parties virtually impossible.
■ 03.About SSL-Compatible Browsers
No special settings are required to use SSL.
If you are using a browser that supports SSL, such as Internet Explorer or Firefox, SSL will automatically function as needed with the default settings.
If you use a browser that does not support SSL, you may be unable to access SSL-secured pages or may not be able to enter information properly.
■ 04.Protection of Data
On the website operated by the Hotel, SSL (Secure Sockets Layer) encryption technology is used on pages where customers enter personal information, as a security measure during the collection of such information.
This allows data transmitted over the Internet to be encrypted and helps prevent information leakage.
Revised on June 29, 2019
Procedures for Requesting Disclosure of Retained Personal Data
▶︎ Click here to download the Request Form for Disclosure of Retained Personal Data (134.05 kB)
■ 01.Persons Eligible to Request Disclosure of Retained Personal Dataa
(1) The individual本人
(2) A representative authorized by the individual
(3) A legal representative such as a guardian of a minor or an adult ward
■ 02.Identification of Retained Personal Data Subject to Disclosure
When making a request for disclosure, please identify the retained personal data that is the subject of your request.
Please note that personal information falling under the categories below is not subject to disclosure.
(1) Information not classified as retained personal data
- Data entrusted to the Hotel in the course of its business for which the Hotel has no authority to disclose
- Data scheduled to be deleted within six months
(2) Information not subject to disclosure under Article 25 of the Act on the Protection of Personal Information
- Cases where disclosure may harm the life, body, property, or other rights and interests of the individual or a third party
- Cases where disclosure may significantly impede the proper execution of the Hotel’s operations
- Cases where disclosure would violate other laws and regulations
(3) Other cases specified by laws and regulations
■ 03. Scope of Disclosure
The scope of disclosure includes the customer’s address, name, purpose of use at the Hotel, and other retained personal data collected and currently held by the Hotel.
■ 04. Required Documents and Fees
(1) Application Form for Disclosure of Retained Personal Data
(2) Documents Required for Identity Verification
A. When the request is made by the individual本人
・Please submit one of the following identification documents (copy):
Documents must include a photograph and indicate your name, date of birth, and current address.
If your address has changed, please also attach a copy of the reverse side showing the updated address.
(ⅰ) Driver’s license (ⅱ) Passport (ⅲ) Physical disability certificate
(ⅳ) Residence card for foreign nationals (the address field must show the current address)
・If you do not have any of the above documents, please submit two of the following:
(ⅰ) Copy of health insurance certificate (ⅱ) Copy of pension book (ⅲ) Full or extract copy of family register (ⅳ) Certificate of residence
Items(ⅲ) and (ⅳ) must have been issued within the past 3 months.
B. When the request is made by a representative
If the request is submitted by a representative, the following documents are required:
・Identity verification documents of the individual
(same types and number as required when the individual本人 submits the request)
・Identity verification documents of the representative
(same types and number as the individual’s identity verification documents)
・Letter of authorization, etc.
(ⅰ) If the representative is the individual’s legal guardian (parent):
A copy of the representative’s family register (issued within the past 3 months)
(ⅱ) If the representative is the individual’s adult guardian:
Certificate of registered matters for guardianship
(ⅲ) If the representative is voluntarily appointed:
A letter of authorization (with the individual’s registered seal)
and the seal registration certificate matching the seal used (issued within the past 3 months)
Please note that documents submitted with a disclosure request cannot be returned.
(3) Fees
A. In the case of a disclosure request
Fee: 500 yen per retained personal data item (tax included)
Payment method: Please enclose a postal money order for the fee together with the application documents.
B. In the case of a correction request or a request for suspension of use
If the retained personal data are identified and you request correction or suspension of use, no fee will be charged.
■ 05.Method of Responding to Disclosure Requests
A written response will be sent by simplified registered mail to the address stated on the applicant’s identity verification documents.If the request is made by a representative, the response will also be sent to the representative.After the Hotel receives the application documents, the response will generally be issued within approximately two weeks.However, depending on the content of the request, additional time may be required for investigation and processing.Thank you for your understanding.Disclosure may not be possible in the following cases:
・When the address stated on the application differs from the address on the identity verification documents, making it impossible to confirm that the request is made by the individual本人
・When the representative’s authority cannot be verified at the time of application
・When submitted documents are incomplete
・When the requested personal information does not fall under “retained personal data”
・When disclosure may harm the life, body, property, or other rights and interests of the individual本人 or a third party
・When disclosure may significantly hinder the proper execution of the Hotel’s business operations
・When disclosure violates laws or regulations
■ 06.Purpose of Use of Personal Information Obtained Through Disclosure Requests
The personal information obtained by the Hotel in connection with a disclosure request will be used for investigations necessary to process the request, verification of the identity of the individual or representative, collection of fees, and providing responses to the disclosure request.
Any identity verification documents submitted will be destroyed promptly and appropriately after the Hotel has completed its response to the request.
Revision of the Privacy Policy
If there are any significant changes to the Privacy Policy, they will be announced on this website.
For all other updates, please check this website regularly for the most current information.
Please note that the Hotel cannot be held responsible for any issues arising from failure to review such updates.
■ Regarding the EU General Data Protection Regulation (GDPR)
Based on the EU General Data Protection Regulation(REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter “GDPR”),please review the following information regarding the handling of personal data for customers located within the European Union (EU) and the European Economic Area (EEA), which includes Iceland, Liechtenstein, and Norway.
■ Handling of Personal Data of Customers Located in the European Economic Area (EEA)
This provision applies to the processing of personal data of customers who reside in and/or are located within the European Economic Area (EEA), in accordance with the EU General Data Protection Regulation (GDPR).
The personal data collected and processed by Hotel Okura Fukuoka (hereinafter “the Hotel”) are those already listed in this policy.
Customer personal data are collected in the following ways:
- Through the Hotel’s website
- Through orders placed
- Or when customers voluntarily provide such information to the Hotel, particularly for the Hotel’s membership program, One Harmony
Customer personal data are used for the following purposes:
– Management of customer accounts and provision of services to customers.
For example, the Hotel needs to use personal data to complete reservation orders placed by customers, and also needs to use detailed contact and payment information to provide reserved accommodation and/or restaurant services requested and paid for by customers.
– Responding to customer inquiries.
– Providing promotional information and surveys, including those from partner companies.
– Improvement of services and development of new products.
The Hotel carries out such processing and use of personal data in accordance with the following legal obligations, including but not limited to:
– Protection against, detection of, and resolution of fraudulent, illegal, or unauthorized activities
– Compliance with legal requirements, assistance with law enforcement, or the exercise or enforcement of the Hotel’s rights, such as those set forth in its contractual terms
Alternatively, the Hotel may collect and use your personal data when you have given specific consent for such collection and use.
If the legal basis for the Hotel’s processing of your information is your consent, you may withdraw that consent at any time, including by modifying your online profile or by sending an email to privacy@hotelokura.co.jp.
However, if you withdraw your consent, the Hotel will, as appropriate, cease processing your personal data, without altering any processing that took place prior to the withdrawal of consent.
01. Legal Basis for Processing
This hotel processes and uses personal information and other information to manage the contractual relationship between this hotel and its guests.
This hotel has legitimate interests in performing such processing and use, including but not limited to the following:
02. Transfer of Customers’ Personal Data
Customers’ personal data may be transferred to and stored by ONHM, as well as service providers located outside the customer’s country and outside the European Economic Area (EEA).
The Hotel operates in multiple jurisdictions, including Japan, China, and the United States, some of which are located outside the EEA.
Although non‑EEA countries may not necessarily have strong personal data protection laws, the Hotel requires all service providers to process information securely and in compliance with Japanese and EU data protection laws.
The Hotel transfers personal data to countries that do not have an adequate level of protection as recognized by the European Union, the EEA, Switzerland, and the United Kingdom through the use of Standard Contractual Clauses (SCCs).
03. Retention of Customers’ Personal Data
The Hotel retains customer information only for as long as necessary to fulfill the purposes for which it was collected.
For example, if a customer books a stay at the Hotel, the Hotel retains information related to the reservation for the time necessary to carry out the specific travel arrangements requested.
Thereafter, the Hotel retains the information for a period sufficient to respond to any complaints, inquiries, or outstanding matters related to the reservation.
Information may also be retained to:
- Improve the quality of service provided to the customer
- Ensure the customer continues to receive applicable membership benefits
The Hotel will regularly review any information it holds and, when no longer required for legal, business, or customer-related purposes, will securely delete or anonymize such information.
04. Rights Regarding Your Personal Data
Under certain circumstances and as provided by law, you have the following rights:
- Right to be informed:
This Policy informs you of the purposes, legal basis, interests, recipients, and categories of recipients with whom your personal data may be shared.
You may also directly manage deletion and portability of your personal data through modules available in your personal account. - Right to request information:
You have the right to request whether the Hotel holds personal data about you, and if so, to request information about its contents and the reasons for which the Hotel holds/uses it.
If the Hotel refuses to respond to a data subject request, the Hotel will notify the data subject of the reason for refusal, as well as the right to lodge a complaint with a supervisory authority and seek legal remedies, without delay and no later than one month after receiving the request. - Right of access:
You have the right to request access to your personal data (commonly known as a “subject access request”).
This allows you to receive a copy of the personal data the Hotel holds about you and confirm that the Hotel is processing it lawfully. - Right to rectification:
You have the right to request the correction of inaccurate or incomplete personal data held by the Hotel. - Right to erasure (“right to be forgotten”):
You have the right to request the deletion or removal of your personal data where there is no valid reason for the Hotel to continue processing it.
You also have the right to request deletion if you have exercised your right to object to processing.
However, this right cannot be exercised where the retention of your personal data is required by law—for example, to establish, exercise, or defend legal claims. - Right to restrict processing:
You have the right to object to the processing of your personal data when such processing is based on the Hotel’s legitimate interests. - Right to object to processing:
You may object to the processing of your personal data where the Hotel relies on legitimate interests (or those of a third party), and you have grounds relating to your particular situation.
You also have the right to object where the Hotel processes your personal data for direct marketing purposes. - Right to object to automated decision-making and profiling:
This is the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or significant effects on you. - Right to data portability:
You have the right to request that your personal data be transferred in an electronic and structured format to you or another party (the “right to data portability”).
This enables you to obtain your data from the Hotel in a machine‑readable format and to transfer it electronically to another party.
This right applies only to:
○ Personal data excluding anonymized or irrelevant data
○ Personal data you have provided to the Hotel
○ Personal data that does not infringe upon the rights and freedoms of others (e.g., trade secrets)
It also applies only when processing is based on consent or contract and to personal data you created yourself. - Right to withdraw consent:
Where your personal data is processed based on your specific consent, you have the right to withdraw that consent at any time.
Upon receiving notice of your withdrawal, the Hotel will immediately stop processing your data for the purpose(s) for which you originally gave consent. - Right to lodge a complaint:
You have the right to lodge a complaint with the supervisory authority of the EU member state where the data controller has its main establishment.
How to Exercise Your Rights
You may exercise any of the above rights by sending identity verification documents to the following email address addressed to the Data Protection Officer:
privacy@fuk.hotelokura.co.jp
05. Processors
When another person or company conducts processing on behalf of the Hotel, the Hotel will appoint only processors that provide sufficient guarantees that they will implement appropriate technical and organizational measures to ensure compliance with GDPR requirements.
Processors may not engage another processor without prior written authorization from the Hotel.
All processing will be governed by a contract that binds the processor to the Hotel.
Revised on June 29, 2019