PRIVACY POLICY

1. Compliance with Laws, Regulations, and Guidelines

The Company handles personal information in a lawful and appropriate manner, in compliance with the Act on the Protection of Personal Information, other relevant laws and regulations, the guidelines established by the Personal Information Protection Commission, and this Privacy Policy.

2. Scope of Personal Information

“Personal information” refers to information relating to a living individual that can identify a specific individual by name, date of birth, or other descriptions contained therein (including information that can be readily cross-referenced with other information to identify a specific individual), as well as information that contains personal identification codes such as facial recognition data, or audio recordings or video information by which a specific individual can be identified.

3. Acquisition of Personal Information

The Company acquires personal information of customers and others by lawful and appropriate means as described below.
Whether or not to provide personal information to the Company is at the discretion of the customer. If required information is not provided, the Company may be unable to properly provide its services (hereinafter referred to as the “Services”).

• (1) Acquisition directly from the individual through in-person interactions, telephone calls, postal mail, or email, by oral statements, written documents, or electronic records; or through registration on websites, online forms, applications, etc.
• (2) Acquisition from individuals through affiliated companies, subcontractors, business partners, directly operated stores, travel arrangement businesses, recruitment agencies, service providers, etc., who have received proper authorization from the individual, by in-person interactions, telephone calls, postal mail, or email, by oral statements, written documents, or electronic records; or through registration on websites, online forms, applications, etc.
• (3) Acquisition in connection with the succession of business due to mergers or other reasons.
• (4) Acquisition from information media that are publicly available, such as official gazettes and telephone directories.
• (5) Acquisition through oral statements, written documents, electronic records, or recorded calls and video recordings for the purposes set forth in Section 4 below.

4. Purpose of Use of Personal Information

The Company uses customers’ personal information within the scope of the purposes listed below, or within purposes that are clearly apparent from the circumstances under which such information was obtained.

• (1) Shipment of products and related operations in the ryokan management business, real estate business, and food and beverage business
• (2) After-sales service and support in the ryokan management business, real estate business, and food and beverage business
• (3) Providing information on new products, campaigns, events, etc. in the ryokan management business, real estate business, and food and beverage business
• (4) Responding to inquiries and consultations from customers
  
• (5) Billing, refunds, payments, and related administrative processing
  
• (6) Preparation of statistical data for the purpose of product development and service improvement
  
• (7) Conducting surveys for the purpose of improving the quality of services provided to customers
  
• (8) Various communications related to recruitment activities, sending of materials, and other related procedures
• (9) Personnel and labor management, employee benefits, legally required procedures, administrative communications, and emergency contact
  
• (10) Disclosure of information to courts, police authorities, or other public institutions when required by laws and regulations
• (11) Analysis and implementation of information security measures deemed necessary by the Company in order to identify potential information security threats and protect customers and the Company from such threats
• (12) Other information management required under various laws and regulations

5. Provision of Personal Information to Third Parties

The Company may provide customers’ personal data to third parties within the scope described below in order to smoothly carry out its operations and provide better services to customers.
In such cases, the personal data provided shall be limited to the minimum necessary information required to perform the relevant operations.

• (1) When the Company entrusts all or part of the handling of personal information to a third party within the scope necessary to achieve the purposes of use
• (2) When it is necessary to provide personal information to partners or contractors in accordance with the provisions of Section 4
• (3) When personal information is provided in connection with the succession of business due to mergers or other reasons
• (4) When it is necessary to cooperate with a national government organization, a local government, or a party entrusted by them in carrying out duties prescribed by laws and regulations, and obtaining the consent of the customer may interfere with the execution of such duties
• (5) Other cases permitted under the Act on the Protection of Personal Information or other applicable laws and regulations

6. Management of Personal Data

• (1) Ensuring Accuracy of Data
  The Company strives to keep customers’ personal data accurate and up to date within the scope necessary to achieve the purposes of use, and to delete such personal data when it is no longer necessary for use.
• (2) Security Control Measures
  The Company implements necessary and appropriate measures to prevent leakage, loss, or damage of customers’ personal data and to ensure proper security management.
  • (a) Access rights management
    
  • (b) Password management
  • (c) Backup data management
• (3) Supervision of Employees
  When allowing employees to handle customers’ personal data, the Company thoroughly informs them of the proper handling of personal information, provides appropriate training, and conducts necessary and appropriate supervision.
• (4) Supervision of Contractors
  When outsourcing the handling of customers’ personal data, the Company selects contractors that implement appropriate security control measures and provides necessary and appropriate supervision of such contractors.

7. Use of Cookies

The Company uses cookies on its website to record information about visitors who access the site.
Such records may include the visitor’s domain name, IP address, and the date and time of access; however, they do not contain information that can identify individual customers.
This information is used only for the purposes set forth in Section 4 above, as well as for improving website services, understanding access numbers and usage status, compiling operational statistics, and investigating the causes of unauthorized access.

8. Requests Concerning Retained Personal Data

• (1) When a customer or their authorized representative requests notification of the purpose of use of retained personal data, the Company will provide such notification without delay, except in the following cases:
  • (a) When the purpose of use of the retained personal data that identifies the individual is already clear
    
  • (b) When there is a risk of harming the life, body, property, or other rights or interests of the individual or a third party
  • (c) When there is a risk of harming the Company’s rights or legitimate interests
  • (d) When cooperation is required with a national government organization or a local government in carrying out duties prescribed by laws and regulations, and providing such notification may interfere with the execution of those duties
• (2) When a customer or their authorized representative requests disclosure of retained personal data, the Company will disclose such data without delay, except in the following cases:
  • (a) When there is a risk of harming the life, body, property, or other rights or interests of the individual or a third party
  • (b) When there is a significant risk of hindering the proper execution of the Company’s business
    
  • (c) When disclosure would violate laws or regulations
• (3) When a customer or their authorized representative requests correction, addition, or deletion of retained personal data, the Company will conduct an investigation without delay and take appropriate action based on the results.
• (4) When a customer or their authorized representative requests suspension of use or deletion of retained personal data, and it is determined that there are valid grounds for such a request, the Company will take appropriate measures.

9. Contact Information and Complaint Handling

Eikos Co., Ltd. – Personal Information Consultation Desk
2-1-1 Kokubunji, Kita-ku, Osaka-shi
Osaka 531-0064
E-mail: info-k@avance-ent.co.jp