GDPR Policy

0. Introduction

fav hospitality group Co., Ltd. (the "Company", "we", "us" or "our") recognises the importance of the protection of personal data and is committed to processing personal data lawfully, fairly and transparently.

This GDPR Privacy Policy (this "Policy") describes how we may collect and process personal data when you: (i) access or use our website (the "Website"); (ii) contact us regarding services (the "Services") provided by hotels operated under our hotel brand, FHG HOTELS (collectively, "FHG HOTELS"); and/or (iii) use the Services, including by making a reservation for accommodation at FHG HOTELS. This Policy also explains how we comply with applicable EU and UK data protection laws, including the EU General Data Protection Regulation (the "GDPR") and the UK GDPR, and the rights available to you under such legal frameworks.

For the purposes of the GDPR and the UK GDPR, the Company is the "controller" in respect of the processing described in this Policy. Our registered head office is located at Kasumigaseki Common Gate West Tower 22F, 3-2-1 Kasumigaseki, Chiyoda-ku, Tokyo 100-0013, Japan.

1. Personal Data We Collect

In this Policy, "personal data" means any information relating to an identified or identifiable individual, where such individual can be identified, directly or indirectly, by reference to that information alone or in combination with other information.

Where you access or use the Website (including where you make a reservation for the Services) and/or otherwise communicate with us in connection with the Services, you may provide personal data to us and we may otherwise obtain personal data about you.

We may process the following categories of personal data:

  1. Contact and identification information: name, address, date of birth, gender, telephone number, email address and similar identifiers.
  2. Service and reservation information: customer number; information regarding the Services used; information necessary to accommodate your requests relating to rooms or leisure activities; special requests including any assistance required due to health conditions or other reasons; and information regarding preferences, likes/dislikes and other lifestyle-related information.
  3. Transaction and payment information: credit card number, CVC, bank account information and billing address.
  4. Records of communications: enquiries, questions and any other communications exchanged between you and us.
  5. Online and technical information: Website usage and browsing paths; dates and times of visits to or use of the Website; IP address; device and operating system information (including type and identifiers); browser type and identifiers; plug-ins; cookie data; country of access; browsing history; and consent-related information.

2. Sources of Personal Data

We collect personal data from multiple sources, including:

  1. Directly from you: where you use the Website, make a reservation for the Services, contact us by email, or otherwise communicate with us directly.
  2. From the Website (Cookies): the Website provides us with information regarding how you use the Website and the device used to access the Website. As is common practice, we use cookies. Cookies are small text files stored on your device (such as a laptop, tablet or smartphone) when you access the Website. Where you have provided consent to the use of cookies, you may withdraw such consent at any time. For further details regarding the cookies we use, please refer to our Cookie Policy.

3. Purposes of Processing and Legal Bases

We process personal data collected pursuant to this Policy for the purposes and on the legal bases set out below.

3.1 Performance of a contract

We may process your personal data where necessary to perform a contract to which you are a party, or to take steps at your request prior to entering into such contract.

Where you make a reservation for the Services via the Website, we process your personal data as necessary to perform the contract for the provision of the Services.

3.2 Communications

We may process your personal data in order to communicate with you regarding the Services, provide information that is important for your use of the Website, and respond to complaints.

The legal basis for such processing is the performance of a contract and/or our legitimate interests, namely what is necessary for the conduct of our ordinary business operations.

3.3 Marketing and customer surveys

We may contact you for marketing purposes and/or to measure customer satisfaction and improve the customer experience. You have the right to opt out of receiving marketing emails from us at any time.

The legal basis for such processing is our legitimate interests, namely what is necessary to communicate with you and to provide services similar to those you have used.

3.4 Compliance with legal obligations

We may process personal data to comply with legal obligations under applicable laws. We will provide personal data to third parties such as competent authorities only where required by law.

The legal basis for such processing is our legitimate interests in complying with legal obligations under applicable laws.

3.5 Provision of personal data

In certain circumstances, you may be required to provide personal data due to legal, contractual or other obligations. If you do not provide such data, we may be unable to perform our contract with you and/or comply with relevant legal obligations.

For other personal data, you are not legally required to provide it; however, if you do not provide it, we may not be able to provide the Services appropriately. In some cases, you may not be able to complete a reservation if personal data is not provided.

4. Disclosure and Sharing of Personal Data

We may share your personal data with third parties where necessary to operate the Website and provide the Services you have reserved. This includes sharing personal data with service providers to whom we outsource operations for the purpose of managing our relationship with you and delivering the Services.

We may share your personal data with:

  1. FHG HOTELS entities: special purpose companies that operate the relevant FHG HOTELS facilities for which you have made a reservation.
  2. Service providers (processors and contractors): including hotel operation companies; analytics and feedback providers; advertising and marketing platform operators; reservation and travel-related service providers; payment and transaction processing providers; and business administration and SaaS service providers.
  3. Government authorities and law enforcement agencies: where disclosure is required by law or necessary to cooperate with investigations or initiatives.

Except as stated above, we do not disclose personal data to third parties without your consent unless disclosure is required under applicable laws. All recipients shall handle personal data in accordance with this Policy and applicable laws.

5. Retention

As a general rule, we retain personal data only for as long as is necessary to fulfil the purposes for which it was collected. Retention periods vary depending on the type of personal data and the reasons for collection.

In certain circumstances, we may retain personal data for a longer period, including where retention is required for legal purposes. In such cases, personal data will generally be retained in accordance with common practices in the hospitality industry and applicable legal requirements.

Where processing is based on your consent (for example, for certain analytical purposes), we may retain personal data for as long as such consent has not been withdrawn, where permitted by applicable laws.

6. Security

We regard the security of your information as a matter of paramount importance and process personal data only to the extent permitted by applicable laws. We implement appropriate technical and organisational measures, in accordance with applicable laws, to protect personal data against unauthorised access, disclosure, alteration, loss or damage.

Our employees are required to comply with applicable laws and internal requirements when handling personal data.

7. International Transfers

In the course of our business operations, it may be necessary to transfer your personal data to organisations located outside the European Union ("EU") or the European Economic Area ("EEA"). Such recipients may include our partners or service providers located in jurisdictions whose data protection laws may differ from those in your country of residence.

Where we transfer personal data internationally, we implement appropriate safeguards to protect the security and confidentiality of such data. Where we cannot rely on an adequacy decision, such safeguards may include, for example, the Standard Contractual Clauses ("SCCs") approved by the European Commission.

For the avoidance of doubt, where we collect personal data directly from you, such collection may not constitute a "transfer" for the purposes of this section.

8. Your Rights

Subject to applicable laws, you have the following rights in relation to personal data processed by us. To exercise any of these rights, please refer to the "Contact" section below. We may request information necessary to verify your identity when responding to your request.

You may have the right to:

  1. Request access to your personal data (including information regarding purposes, categories, recipients, retention periods and sources);
  2. Request rectification of inaccurate or incomplete personal data;
  3. Request erasure of personal data;
  4. Request restriction of processing;
  5. Not be subject to a decision based solely on automated processing (where applicable);
  6. Object to processing;
  7. Request data portability (including transfer or provision of a copy for use with another service); and
  8. Withdraw consent at any time where processing is based on consent.

Unless your request is particularly complex, we will respond within 30 days.

Following the expiration of the applicable retention period determined by us, relevant personal data will be deleted. Accordingly, you may not be able to exercise certain rights after the expiry of such retention period.

If you have concerns regarding our processing of your personal data, you have the right to lodge a complaint with the competent data protection supervisory authority at any time. However, we would appreciate the opportunity to address your concerns before you contact the authority, so please contact us first.

9. Contact

If you have any questions or complaints regarding this Policy, or if you wish to exercise your rights described above, please contact us at:
information@fhg.co.jp

10. Amendments to This Policy

We reserve the right to amend this Policy from time to time. You are responsible for reviewing the applicable terms periodically.