Handling of personal information
Nansei Rakuen Resorts Co., Ltd. (hereinafter, Company) views the appropriate handling and protection of personal information received from customers as a fundamental part of our business activities and part of our corporate social responsibility. To ensure the appropriate handling of customer personal information, in addition to creating the following “Personal Information Protection Policy” (hereinafter, Policy), we comply with the Act on the Protection of Personal Information (hereinafter, Personal Information Protection Act) and other relevant laws, and abide by the General Data Protection Regulation, European Commission regulations on the protection of people involved in the handling of personal data and the free transfer of said data, (hereinafter, GDPR), as well as other relevant guidelines.
Personal Information Protection Policy
- 1. Legal compliance
- We adhere to the Personal Information Protection Act and other relevant laws, GDPR, and other guidelines (hereinafter, collectively referred to as Law, etc.).
- 2. Appropriate gathering of personal information
- We gather customer personal information (name, address, date of birth, telephone number, email address, etc.) in accordance with the Personal Information Protection Act as well as other relevant laws and guidelines without the use of fraud or any other unjust means.
All information is customer personal information that is required to provide services to customers. In some cases, we may ask other questions for the purpose of providing desired services to customers. This information, including the minimum required information, is provided by customers at their own discretion.
- 3. Personal information purpose of use
We use personal information for the following types of purposes.
- To contact customers via postal mail, courier mail, telephone, email, FAX, or other methods regarding the use hotels, golf clubs, marinas, restaurants, or other facilities owned and operated by Company.
- To develop better products and services related to our hotel, resort, and restaurant operations and membership sales services, etc., and to use direct mail and email to provide customers with information and conduct sales related to said products and services.
- To respond to inquiries related to the abovementioned facilities and operations.
Furthermore, customer personal information is vital to the provision of Company services. If a customer declines to provide personal information, we may not be able to provide services.
- 4. Special types of personal information
- The Company may receive consent from the customer to gather and use special types of personal information (health status, physical characteristics, etc.) to the extent required to fulfill the purpose of service provision, and may transfer said information to facilities operated by the Company. Said personal information shall not be used for any purpose other than the purposes outlined above. The customer may revoke this consent at any time. However, even if consent is revoked, in cases where the handling of personal information is required to protect customer life, health, or other important interests, the Company may continue to process relevant customer personal information to the extent recognized by Law, etc.
- 5. Shared use of personal information
- To provide efficient and proper services, and to increase customer product and service options, we may receive customer consent to use customer information in collaboration with partner Group companies and the various facilities we operate. The customer may revoke this consent at any time. However, if this consent is revoked, the customer may no longer be able to use the services that require the information gathered or used in accordance with customer consent.
- 6. Restriction on third-party use
If prior consent has been received from the customer, excluding cases of the following, personal information retained by the Company shall not be disclosed or provided to any third party.
- If the handling of personal information is required to execute a contract involving a customer, or if the handling of personal information is required to conduct procedures related to a customer request prior to the execution of a contract.
- If required to comply with legal obligations applicable to the company (request by government agency, legal requirement, etc.)
- Cases where the handling of personal information is required to protect customer life, health, or other important interests, and it is difficult to gain consent from the individual.
- If a request for disclosure is received from a party with just authority as mandated by law or a government agency (an accident during Company service provision results in a situation that poses a serious risks to the life of a customer or companion and there is a need to provide the personal information of the customer or companion to the police, a hospital, or related agency).
- If particularly necessary to promote improvements to public health or promote the healthy development of children, and it is difficult to gain consent from the individual.
- If the investigation, prevention, or response to illegal activities or potential activities is deemed appropriate.
- 7. Rights retained by the customer
Customers shall retain the following rights related to their own personal information. However, even a customer exercises any of these rights, the Company may continue to handle customer personal information to the extent required by Law.
- The right to request explanations concerning personal information and related data retained by the Company, and explanations related to how personal information is used.
- The right to request the reasonably immediate correction of incorrect personal information related to the customer.
- The right to request the reasonably immediate deletion of personal information related to the customer.
- The right to restrict the handling of personal information related to the customer.
- The right to receive personal information provided by the customer in the general format that can be read by a computer and the right to transfer the management of said personal information to another organization without interference.
- The right to subject an objection to the handling of customer personal information for public interest, Company profits, or third-party profits, and handling for use in direct marketing.
- The Company recognizes the right of the customer to not be subjected to evaluations or decisions that have a major impact on the individual, including legal outcomes, based on profiling and other automated processing. However, the Company does not conduct profiling.
- 8. Storage period for personal information
- Customer personal information shall be deleted or disposed of appropriately after storage of 7 years.
- 9.Personal information disclosure, correction, addition, and deletion
- Customers may request the disclosure of personal information retained by the Company. To request disclosure, we require the submission of personal identification documents to prevent customer personal information leaks to parties other than the individual in question. Upon internal confirmation of the individual, we will respond immediately. When customer personal information is used in collaboration with other group companies, the first company that acquired said information shall be responsible for personal information management and personal information used in collaboration with other companies shall be limited to the scope required based on the purpose.
- 11. Security management measures
- The Company works to prevent unauthorized access to personal information, personal information loss, modification, or leaks, etc. by implementing appropriate and comprehensive technical, physical, organizational, and human security management measures for retained personal information.
- 12. Continuous reevaluation of internal structure
- To ensure the strict protection of customer personal information, the Company has established internal regulations and conducts regular audits to continuously review and improve our personal information protection structure.
- 13. Internal education
- The Company notifies employees of this Policy and reinforces compliance. We also conduct regular education regarding personal information protection to promote awareness.
- 14. Personal Information Help Desk
Contact our data protection officer for inquiries related to this matter.
Nansei Rakuen Resorts Co., Ltd. (Personal Information Help Desk)
775-1 Ueno Miyaguni, Miyakojima, Okinawa 906-0203
TEL: 0980-76-3450 (Mon. to Fri. (excluding holidays) / 10:00pm to 5:30pm)
Enacted on April 1, 2019
Revised on June 1, 2019