Policy on Protection of Personal Information

Okura Garden Hotel’s Basic Policy Concerning Information Security and the Protection of Personal Information.

Given the importance of information security and the protection of personal information in the advanced information and communications society, the Hotel shall endeavor to appropriately manage and protect information owned by the Company in accordance with the Hotel Okura Group’s Policy Concerning Information Security and the Protection of Personal Information.

1. Compliance with Laws and Regulations, etc.
The Hotel shall comply with policies, guidelines, etc. prescribed in laws and regulations and by administrative organs.

2. Establishment of a Management System
A management system shall be established within the Hotel and the division of responsibilities shall be clarified.

3. Preparation of and Compliance with Internal Policies, Rules, Guidelines, etc.
The Hotel shall formulate and comply with internal policies, rules, guidelines, etc.

4. Implementation of Safety Measures
The Hotel shall implement safety measures, and take preventative measures against unauthorized access to information, and the loss, damage, fabrication, divulgence, etc. of information.

5. Implementation of Training and Educational Activities
The Hotel shall promote training and educational activities and aim to acquire knowledge and improve awareness with regard to information management, and to plan thorough familiarization so that information is managed appropriately.

6. Coordination with Subcontractors
If work relating to information management is subcontracted to other companies, then the Hotel shall select a party with adequate experience and capabilities, shall prescribe matters concerning the duty of confidentiality in agreements and shall ensure that information is managed appropriately.

7. Operational Improvement Initiatives
The Hotel shall regularly check whether information is being appropriately managed, and shall continuously implement initiatives to improve operations.

8. Measures for Accidents Occurrence
If accidents occur, the Hotel shall minimize damage and promptly publish necessary information, and take appropriate measures, including measures to prevent reoccurrence.

9. Clarification of Inquiries Desk
The Hotel shall establish an inquiry desk in order to respond promptly in good faith, to inquiries, complaints and requests from customers.

10. Publication of this Policy
The Hotel shall widely publish policies concerning information security and the protection of personal information, including this Policy by posting it on its website, etc.

Handling Reservation Records

The Hotel shall share reservation records with Hotel Okura Co., Ltd. (hereinafter referred to as “HOC”), Okura Hotels & Resorts associated hotels (hereinafter referred to as “OHR Member Hotels”), Hotel Okura Group companies (hereinafter referred to as “Group Companies”), third party partner hotel groups (hereinafter referred to as “Affiliated Hotels”), JAL Hotels (hereinafter referred to as “JHC”) and JAL Hotels Chain Hotels (hereinafter referred to as “JHC Chain Hotels”) in order to provide services closely related to travel such as hotel, air travel, etc., publicize products and campaigns, and conduct work associated thereto.

1. Management of Personal Information
The Hotel is critical of the importance of customers’ personal information submitted by customers, and shall strictly manage such information using computers, etc., paying close attention to the handling thereof.

2. Shared Information
The Hotel shall share reservation records within the following scope in order to provide services closely related to travel such as hotel, air travel, etc., publicize products and campaigns, and conduct work associated thereto.

Shared data items: customers’ name, telephone number, address, email address, age, gender, employer, etc., membership of an airline company and mileage number, name of hotel at which the customer will stay, dates of stay, package plan, fee, arrival time, requests, credit card number to guarantee reservations.

Scope of Users: the Hotel, HOC, OHR Member Hotels, Group Companies,
Affiliated Hotels, JHC, JHC Chain Hotels
Administrator: the Hotel

3. Provision of Reservation Records to Travel Agents
The Hotel shall provide the above information provided for in 2 to travel agents if an inquiry is made based on a reservation number provided to the travel agent by a customer.

4. Handling of Inquiries, etc.
The Hotel shall accept inquiries, alterations, etc. relating to reservation records from customers as follows and shall promptly respond within a reasonable scope.

5. Provision to Third Parties
In addition to the above outline, the Hotel shall not provide or disclose reservation records and information to third parties unless customers have given their consent or unless required in accordance with laws and regulations, etc.

6. Confirming Reservations
The Hotel shall issue a reservation confirmation letter concerning reservations accepted by the Hotel following the finalization of a reservation by mail, fax or email, etc. to the address, telephone number, fax number or email address specified by customers. Furthermore, please note that when making reservations via our website, an email message confirming the reservation will be sent to the email address provided by the customer.

7. Inquiries, etc. Relating to Other Reservations
Inquiries and alterations concerning reservation records from customers who have not made reservations with the Hotel or via the reservation center should be made directly to the travel agent or facility, etc. that handled the reservation.

Handling of One Harmony Membership Information

The Companies shall handle the personal information of OHM program Members as follows.
1．Management of Personal Information
In operating the OHM system, the Companies recognize the importance of the personal information submitted by Members, and shall treat such personal information with the utmost care, and safeguard such information under a strict computerized security system.

2．Usage of Personal Information
The Companies may use the personal information submitted by members for the purpose of recording stay history, inclusion in membership cards, issuance of membership cards, provision of hotel stay services, food and beverage services and wedding services, provision of other services closely related to hotel usage, giving of notices about promotional materials and questionnaires, including those of the partner companies, and product development, OHM program management, and related activities.
- Information used in common by the Companies and their affiliates: Membership number, name, date of birth, gender, address, telephone number, fax number, e-mail address, place of employment (company name, department, title, address, telephone number, fax number, e-mail address), types of membership cards, types of FFP, FFP membership number, FFP tier, stay history, reservation history, communication history etc.
- Companies and Affiliates who use information: The Companies, OHM Facilities, Hotel Okura Group companies (*1), JAL Group airline companies (*2), and JAL Card Inc.

*1 Hotel Okura Group companies are Hotel Okura Enterprise Co., Ltd., Hotel Okura Space Solutions Co., Ltd., Continental Foods Co., Ltd. and Orange Marketing Services, Japan Co., Ltd..
*2 JAL Group Airlines are Japan Airlines Co., Ltd., Japan Transocean Air Co., Ltd., JAL Express Co., Ltd., J-AIR Co., Ltd., Japan Air Commuter Co., Ltd. and Ryukyu Air Commuter Co., Ltd.

- Administrator : The Companies

3.Provision of personal information to third parties
The Companies shall not provide Member's personal information to any third party except when there is the prior consent of a Member or a prescription in these Terms and Conditions and related rules and regulations, or it is required pursuant to applicable laws.

4.Inquiries
Members' requests for changes to or deletions of their own registered personal information or other inquiries shall be dealt with in a reasonably prompt manner upon personal enquiry by a Member.

Handling Online Members Information

The Hotel shall together with Hotel Okura Co., Ltd. (hereinafter referred to as “HOC”), Okura Hotels & Resorts associated hotels (hereinafter referred to as “OHR Member Hotels”), Hotel Okura Group companies (hereinafter referred to as “Group Companies”), JAL Hotels (hereinafter referred to as “JHC”) and JAL Hotels Chain Hotels (hereinafter referred to as “JHC Chain Hotels”), handle personal information on online members in the following manners.
* Online members refer to members who have registered with Okura Hotels & Resorts and/or JAL Hotels and are issued online reservation IDs.

1. Management of Personal Information
The Hotel is critical of the importance of members’ personal information submitted by members, and shall strictly manage such information using computers, paying close attention to the handling thereof.

2. Shared Information
The Hotel shall, together with HOC, OHR Member Hotels, Group Companies, JHC and JHC Chain Hotels share personal information provided by members in order to provide hotel services and services closely related to hotels, provide advertising and promotional materials and questionnaires, including that relating to affiliated companies, conduct product development and work associated thereto.

(1) Shared data items: name, date of birth, gender, address, telephone number, email address, profession, employer (company, affiliated division, address, telephone number), mileage program, mileage number, membership requirement, membership number, reservation history, accommodation history, etc.
(2) Scope of Users: the Hotel, HOC, OHR Member Hotels, Group Companies, JHC and JHC Chain Hotels
(3) Administrator: The Hotel

3. Inquiries, etc. Relating to Personal Information
The Hotel shall promptly respond within a reasonable scope if a member contacts the Hotel’s inquiry desk with an inquiry or request to alter or suspend the use of their personal information. In addition, the Hotel’s inquiry desk shall accept feedback relating to the handling of personal information.

4. Provision of Personal Information to Third Parties
The Hotel shall not provide or disclose personal information to third parties unless members have given their consent in advance, or disclosure is prescribed in these rules, or required in accordance with laws and regulations, etc.

Handling of Other Personal Information on Reservation Records, Okura Club International Members and Online Members

In addition to personal information in reservation records, personal information on Okura Club International members and personal information on online members, the Hotel handles personal information received directly from customers and personal information from travel agents and companies which have entered into agreements with the Hotel in the following manners.

1. Protection and Management of Personal Information
The Hotel places importance on the protection of customers’ personal information provided by customers and pays close attention to the handling of such information.

2．Purpose of Use of Personal Information
Personal information provided shall be used within the scope necessary to achieve the following purposes.

- To provide appropriate services according to requests from customers based on past usage information at the Hotel and Okura Hotels & Resorts associated hotels (hereinafter referred to as “OHR Member Hotels”)
- To provide details regarding the Hotel
- To provide details and information on the Hotel’s accommodation, weddings, banquets, restaurants, health clubs, hotel products and new product package plans/events/various privileges in cultural programs, etc.
- To operate membership activities such as enrollment in JAL Hotels Chain Hotels’ (hereinafter referred to as “JHC Chain Hotels”) and third party partner hotel groups’ (hereinafter referred to as “Affiliated Hotels”) membership organizations or grant points to members, redeem prizes, etc.
- To analyze responses to questionnaires to improve services and for marketing purposes at the Hotel, OHR Member Hotels, JHC Chain Hotels and Affiliated Hotels
- To conduct marketing activities for Hotel Okura Co., Ltd. (hereinafter referred to as “HOC”)
- If customers have agreed in cases other than the above, and when the Hotel, HOC, OHR Member Hotels, JHC Chain Hotels and Affiliated Hotels deem it necessary to contact customers

3. Personal Information Inquiries, Alterations and Suspension of Use
The Hotel shall promptly respond within a reasonable scope if a customer contacts the following section directly regarding the disclosure, amendment and suspension of use of personal information managed by the Hotel from part of personal information wholly owned by the Hotel.

4. Provision and Disclosure of Personal Information
Personal information shall not be provided or disclosed to third parties except when falling under any of the following circumstances.

- When shared between OHR Member Hotels, JHC Chain Hotels, Affiliated Hotels and HOC Group Companies
- When outsourcing having first entered into agreements so that contractors do not use personal information other than for work outsourced by the Hotel
- When customers have given consent in advance
- When required in accordance with laws and regulations

5. Personal Information in Links to External Websites
The Hotel shall assume no management responsibility whatsoever for the gathering of personal information conducted by other companies’ websites introduced on the Hotel’s website.

6. Data Protection
The website uses SSL (Secure Sockets Layer) encryption technology on all pages in which personal information is inserted as a safety measure when gathering customers’ personal information. As a result, it encrypts the data traveling across the Internet and prevents data leaks.

7. Privacy Policy Revisions
Significant modifications to this Policy shall be announced on this website. Please check the website on a constant basis for up-to-date information on other changes. Please note that the Hotel shall assume no responsibility whatsoever for trouble resulting from failure to make such checks.

SSL

SSL (Secure Sockets Layer) refers to the protocol for encrypting and transmitting information over the internet. SSL is a security function that aims to protect important information such as personal information transferred over the Internet from theft, fabrication and phishing by third parties. On the Hotel’s website the accommodation reservation page for inserting personal information is an SSL secure page. (Certain pages allow users to select non-SSL communication.)

1. Importance of SSL
The encryption of protocols currently used on the internet is not regulated and thus third parties are able to insert line monitors, PCs, etc. into lines to view information that crisscrosses the Internet. The internet is a network made up of interconnecting websites and a number of relay sites exist between access points and users, making it difficult to grasp whether a site is safe. For this reason, the Hotel’s website prevents eavesdropping, etc. by third parties by utilizing secure communication using SSL when transmitting important information, especially personal information, etc. over the Internet.

2. SSL Structure
SSL first conducts electronic authentication between the Hotel and customers prior to customers sending personal information (digital certificates and digital signatures), and transmits data after conducting cross certification. In doing so, exchanges between Okura Garden Hotel and customers are disturbed by random digits, and false transmissions to third parties posing as customers who attempt to steal data are prevented. Furthermore, information transmitted using SSL is encrypted using a method which combines two types of encryption methods; public key encryption (RSA) and symmetric key encryption (private key cryptography). An electronic “key” is required to decipher this information. Even if information is intercepted by third parties, it is impossible to decrypt encrypted information without the correct key. While there are a finite number of keys, it is extremely difficult for third parties to decrypt information as it requires an unrealistically long time, even if work is conducted computationally using a computer, etc., to find the right key by testing all keys in turn.

3. SSL Enabled Browsers
A special configuration is not necessary in order to use SSL. SSL functions automatically when using SSL enabled browsers such as Internet Explorer, Netscape Communicator, etc. in their default configuration. It may not be possible to access SSL secure pages or enter information when using browsers that do not support SSL.

* It may not be possible to transmit information using SSL due to FireWall configurations if the customer is connected to the internet via a FireWall on an internal LAN such as a LAN within a company.

4. Data Protection
The website operated by the Hotel uses SSL (Secure Sockets Layer) encryption technology on the online members’ page, the credit card payment page and other pages in which personal information is inserted as a safety measure when gathering customers’ personal information. As a result, it encrypts data traveling across the information and prevents data leaks.

This document is posted for the provision of information to customers. It does not recommend, request, or demand the use or otherwise of specific software products.

Use of Cookies

The Hotel may send information called cookies to customers’ computers in order to improve user-friendliness for customers.

Customers may change their browser’s settings and reject cookies, and warning messages can be displayed when accepting cookies. Virtually all the Hotel’s website services can be used without browsers accepting cookies, however, please note that certain services cannot be used without cookies when making accommodation reservations.