The purpose of this Policy is to securely protect the Personal Information, provide uninterrupted safety for the Customers of their Personal Information and provide information about various rights of the Customers and handling of the Personal Information by the Company.
(1) Personal Information provided by the Customers:
Personal Information to be collected by the Company includes names, addresses, telephone numbers, e-mail addresses, birth dates, gender, nationality, passport, visa information, marketing preferences, other information that Customers input on the entry form provided by the Company, or Company’s staff members input at the instruction of the Customers, information about the Customers’ previous transaction with us including our hotels where the Customers have stayed, dates of arrival and departure, goods and services purchased or utilized at our hotels, personal preferences information which the Company learns about during the Customer’s stay, information that the Customers provide the Company for using the Company’s service, information that the Customers provide travel agents upon reservations, information of credit card number or other payment methods and information that is indispensable for the provision of services or transactions.
(2) Information collected by the Company from the Customers’ visit to the Company’s website:
The Company may collect information on the occasion of a visit to its website including:
Cookies and anonymous ID;
Location information; and
IP address and device identification information.
The Company collects the Personal Information since the Personal Information is required for the Company’s legitimate interests (as detailed below), for the performance of legal obligations that the Company is subject to or for fulfilling contractual obligations to the Customers, anyone involved in making the Customer’s travel arrangements (e.g., travel agents, or the Customer’s employer) and vendors (e.g., credit card companies, and airline operators).
The Company’s legitimate interests include:
(1) To contact the Customers for the confirmation of a reservation or similar purposes;
(2) To provide the Customers with a service, product or information;
(3) To conduct marketing activities that fall under the following;
(a) Provision of advertising and information on products, services, campaigns, etc., through information letters, emails, etc. (* 1, * 2)
(b) Distribution of behavioral targeting ads through ad distributors such as Google and Yahoo (* 1, * 2)
(c) Analysis of attribute information and activity history acquired by us in order to understand the hobbies and tastes of the Customers. (* 3 and * 4)
(d) Other matters which shall be treated pursuant to items (a) through (c)
(* 1) The Company provides services and distributes advertisements by analyzing information such as browsing history and purchasing history of websites obtained from the Customers.
(* 2) Information such as taste preferences and browsing history of the Customers obtained from third parties may be used by linking it with personal information of the Customers that the Company already has. In this case, we will obtain prior consent from the Customers, and use within the scope of the purpose of use stated above.
(* 4) Our website uses Google Analytics, a service provided by, Google-owned to track the Customers’ visits to the website.
Using Google Analytics on our website, we collect, record, and analyze the history of the Customers’ visits to the Company sites based on cookies issued by the Company.
＜ Google Analytics opt-out add-on ＞
(4) To make an analysis for improvement of a service or product;
(5) To send a questionnaire for further improvement of the Company’s service;
(6) To request compliance with the usage policy or terms of service on those provided through the Company’s website or mobile site;
(7) To protect services provided through the Company’s website or mobile site or the Customers;
(8) To verify the Customer’s identity if the Customer make requests regarding the Personal Information pursuant to this Policy:
(9) To meet legal obligations the Company is subject to, which includes Japanese law and laws of the area that the Company’s hotels are located:
(10) To manage events of prize, drawing or other promotion:
(11) To fulfil contractual obligations to anyone involved in making the Customer’s travel arrangements (e.g., travel agents, group travel organizers, or the Customer’s employer) or to vendors (e.g., credit card companies, airline operators):
(12) For purposes separately notified or announced to the Customer: and
(13)To administer record keeping
The Company collects the Personal Information as defined in Article 2 in the following methods:
(1)Directly from the Customers: Regarding the information described in article 2 paragragh1, the Company may collect the Personal Information when the Customers book a reservation, use the Company’s hotels, create an account, answer a questionnaire, apply for a prize or a prize draw, contact customer service, or apply for the Company’s service.
(2) From the Customers’ devices and the Company’s networks: Regarding the information described in article 2 paragraph 2, the Company may collect the Personal Information automatically through cookies and related technologies from the Customers’ devices when the Customers use the Company’s websites or other online contents.
(3)From other businesses: To offer more comfortable services, the Company may collect the Personal Information by using other company’s internet services. The Company may also receive the Personal Information from (i) the Customer’s travel agents, (ii) the Customer’s travel provider, such as an airline, or (iii) Credit card companies used by the Customers.
(4)From social media: If the Customers voluntarily apply for or participate in activities or services which the Company host on a social media, the Company may receive contact and identification information, stay and purchase information, internet and network activity, and any other personal information contained in the Customer’s social media posts or profiles.
The Company will manage the Personal Information provided by the Customers appropriately and cautiously. The Company will implement safety control measures necessary and appropriate in order to prevent the risk of its leakage, loss, misuse, alteration or illegal access. The Company will also use SSL (Secure Socket Layer) encrypted communication and other security technologies as necessary against a third party’s interception during communication, so that safety will be ensured when the Personal Information is provided by means of communication.
2．The Company will manage the Personal Information appropriately in accordance with applicable laws.
The Company may entrust to an outside contractor part of the handling of the Personal Information provided in order to improve the quality of the Company’s services and for the convenience of the Customers. In this case, the Company will instruct and supervise the outside contractor to ensure appropriate management of Personal Information.
2．The Company will not disclose or provide the Personal Information to any third party (which does not include Shared Users described in 8 clause) except for the following cases:
(1) If the Customer consents to the disclosure or provision;
(2) If the disclosure or provision is required under the laws and regulations;
(3) If the disclosure or provision is necessary to protect human life, body or property, and it is difficult to obtain the Customer’s consent;
(4) If the disclosure or provision is specifically necessary for the improvement of public health or the promotion of the sound development of children, and it is difficult to obtain the Customer’s consent
(5) If the Company is required to cooperate with a national government organization, local government or a person commissioned by it to perform business prescribed in legislation, and the performance of such business is likely to be hindered by obtaining the consent of the person concerned;
(6) If Personal Information is disclosed or provided to an outside contractor to the extent necessary for providing services to the Customers; or
(7) If the Company transfers the right of management of the Personal Information as a part of the transferred assets under the transfer of its business to a third party.
2. If the Customer visits the Company’s website and makes an airline reservation or rent a car, the Customer may be redirected to websites maintained by third parties. In this case, the Company’s responsibility is limited to its own websites except some particular website. The Company will not be responsible for personal information collection practices or privacy policies of other websites maintained by third parties where the Customers submit its personal information directly to such websites. The Company recommends that the Customers read the privacy and security policies of any external websites before providing any personal information while accessing those websites.
The Personal Information may be jointly used as follows:
(1) Items of the Personal Information jointly used: the items in “2. Information We Collect”
(2) Scope of users of such shared use: the corporations running facilities listed on the official website of Hoshino Resorts (https://www.hoshinoresorts.com/en/), Hoshino Resorts Holdings Inc. and its subsidiaries and affiliated companies, including corporations listed in this list.
(3) Purposes of use of such joint users: the purposes in “3. Purposes of Use of Information”
(4) Name of the person responsible for the management of user information: Hoshino Resorts Holdings Inc.
The Company will comply with laws, regulations and applicable guidelines on personal information to realize secure protection of the Personal Information.
The Company’s hotels are mainly located in Japan, so if the Customers are visiting the Company’s website from outside Japan, please be aware that Personal Information may be transferred to, stored, and processed in Japan and other countries where the Company’s servers are located and its central database is operated. The Company will endeavor to take reasonable steps to ensure that the Customer’s privacy is protected, but the data protection and other laws of Japan and other countries might not be as comprehensive as those in the Customer’s country.
The Customers may always choose what Personal Information the Customers wish to provide to the Company and how to receive (or deny) communications from the Company. However, if the Customers chooses not to provide certain Personal Information, some services of the Company may not be available.
The Company may contact the Customers for introducing services and events which the Company thinks the Customers are interested in. The Customers may always choose not to receive any or all of these communications or wish to update the Customer’s communication preferences by contacting the Company as described below in Article 16, “Contact US” (hereinafter referred to “Contact Information”).
The Company will retain the Personal Information for the period necessary to fulfill the purposes listed in this Policy according to the criteria described below.
(1) If the Company has an ongoing relationship with the Customers and provide the services to the Customers (for example, as long as the Customers have accounts with the Company or keep using the Company’s services)
(2) If there is a legal obligation to which the Company is subject
(3) If the Company determines that retention is advisable considering the Company’s legal position (such as, for statutes of limitations, litigation or regulatory investigations)
The Company does not sell products or services to children under the age of 18 and the Company does not knowingly collect the Personal Information from the children.
The Company will respect the rights of the Customers, and if disclosure, correction, restriction, deletion of the Personal Information, the right to data portability or object to processing is exercised, the Company will verify the identity of the applicant and accommodate such request to the extent reasonable and necessary. If the Customers have agreed to provide the Personal Information to the Company, the Customers also have the right to withdraw its consent at any time by contacting “Contact Information”
Pursuant to the California Consumer Privacy Act (CCPA), California Residents have the rights to request for disclosure to the Company the following information that the Company has collected or disclosed within the preceding 12 months in accordance with applicable law. The Company will not discriminate against the Customers based on the Customers’ exercise of any of these rights.
(1) Access: The Customers may request the Company to disclose the following information by contacting “Contact Information”
・The categories of the Personal Information that the Company collected and the categories of sources from which the Company collected such Personal Information
・The specific pieces of the Personal Information that the Company collected about the Customers
・The business or commercial purpose for collecting or selling (if applicable) the Personal Information about the Customers
・The categories of the Personal Information about the Customers that the Company sold and the categories of third parties to whom we sold such Personal Information (if applicable); and
・The categories of the Personal Information about the Customers that the Company shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such Personal Information (if applicable).
(2) Deletion: The Customers may request the Company to delete the Personal Information by contacting “Contact Information” (with certain exceptions)
(3) Sale of Personal Information: The Company will not sell the Personal Information to any other businesses or other third parties. For purposes of this Policy, “sell” means the sale, rental, release, disclosure, dissemination, provision, transfer, or other oral, written, or electronic communication of the Personal Information to an outside party for monetary or other valuable consideration.
2．The Company will take reasonable steps to verify the Customer’s identity prior to responding to the Customer’s requests. If the Customer has an account with the Company, the Company will verify the Customer’s name, account number, email address attached to the Customer’s account, and phone number. If the Customer does not have an account with the Company, the Company will verify the Customer’s name, reservation number, email address attached to the reservation and phone number.
California residents may designate an authorized agent to make a request on their behalf. When submitting the request, please ensure the authorized agent is identified as an authorized agent and ensure the agent has the necessary information to complete the verification process.
Please contact the following office for your opinions, questions or inquiries or complaints about this Policy and the handling of the Personal Information:
Hoshino Resorts Holdings Inc.
Personal Information Management Officer
The Company may review and, if necessary, modify this Policy from time to time. If the Company modifies this policy, it shall take appropriate measures, such as posting the modified policy on the Hoshino Resorts official website.
The Personal Information collected through the selling system for Custom-Ordered Tour “Hoshino Resorts HotelPay”, which Time Design Co., Ltd. manages, also applies this Policy.
The Company has entrusted the handling of the Payment Information that the Company receive from the Customers who book Hoshinoya Guguan to GMO Payment Gateway Inc.
Last Updated: April 1, 2022
In the event of any inconsistency between the Japanese language version of this Policy and any other language version, the Japanese language version shall prevail.