Global Privacy Policy

This Global Privacy Policy provides for the methods of processing personal information of customers (“customers” or “you”) in connection with the “APARTMENT HOTEL MIMARU,” “APARTMENT HOTEL MIMARU SUITES,” and other facilities (the “Facilities”) operated by COSMOS HOTEL MANAGEMENT Co., Ltd. (the “Company” or “we”) located at 5-34-6 Shiba, Minato-ku, Tokyo, as well as the methods of processing personal information of customers of “MIMARU FAN,” the membership program provided by the Company (collectively with the Facilities, the “Services”; including the website related to the Services (the “Website”) and any responses to inquiries regarding the Services; the same applies below). The Company will comply with the applicable personal information protection regulations of each country and process your personal information as follows.

1. Categories of personal information we collect subject to processing

The Company collects and processes the following personal information about its customers.

  • Registration information (customers’ names, user names, e-mail addresses, passwords, dates of birth, ages, genders, nationalities, countries of residence, addresses, telephone numbers, occupations, passport numbers, dates of entry into Japan)

  • Information regarding accommodation and purchases (information regarding customers’ reservations and use of the Facilities, information regarding purchases and use of the products and services provided in the Facilities, payment information, usage history of points for [MIMARU FAN], security camera images on which any customers are recorded, recorded telephone calls from customers, and other personal information collected by the Company in connection with the Services (if required by applicable laws and regulations, the Company shall obtain such personal information after separately notifying the customers))

  • Answers to customer questionnaires (customer’s preferences and interests, number of visits to Japan, purpose of travels, and other personal information obtained in connection with the questionnaires the Company conducts with customers)

  • Cookies and other online identifiers (access tokens and refresh tokens of customers who use the Services, IP addresses, provider information, terminal information, and web browser information of customers who access the Website, user activities (the time of visit, browsing time, frequency, transitions, and referrers of websites, and clicks or page scrolls within websites), and attribute information of customers who have accessed the Website (such as, age, gender, interest categories, affinity categories, and in-market segments). For more information about interest categories, affinity categories, and in-market segments, visit About Demographics and Interests - Analytics Help (google.com))

  • Contact information (First and last names, email addresses, inquiry items, and inquiry details of customers who have contacted the Company)

  • Inferred information (information about customer preferences and interests inferred based on customer’s personal information)

  • Information obtained through cooperation with external services (information which customers have approved to share with the Company from among the information customers have provided through their registered social media accounts or other services provided by third parties)

  • We may also collect any other information you voluntarily provide to us while using the Services.

2. Purpose of collection/processing

The Company may process personal information of customers for the following purposes:

  • to provide, operate, manage, and improve accommodation and travelling services in the Facilities, services incidental thereto, and other services;

  • to contact customers in connection with the provision of products or services, including reservation confirmation for the Facilities;

  • to provide customers with, and invoice customers for any charges for, the products or services of the Company and the Company’s group (including provision of the accommodation services in the Facilities);

  • to provide information regarding the products, business operations, reworkings of equipment, or services of the Company and the Company’s group to customers;

  • to register accounts for MIMARU FAN, operate and manage the point program, loyalty program, and MIMARU FAN accounts, and conduct relationship management;

  • to conduct promotional activities and PR activities such as sending e-newsletters, emails or postal mail to customers, and to distribute advertisements of the Company or any other companies (including analyzing customers’ usage history of the Services or user activities on the Website, etc. and sending e-newsletters and emails according to the customers’ preferences and interests, postal mail, and marketing communications on social media, and distributing advertisements, etc.);

  • to analyse data for promotional activities, market research, market understanding, and market forecasts;

  • to send prizes and samples, etc. to participants of prize contests, questionnaires, or the like;

  • to protect and improve the services, etc. provided through the Website or mobile websites of the Company;

  • for the Company’s group carrying out sale and purchase, leasing, planning, development, management, proposal, report, and appraisal, etc. of real estate for accommodation facilities;

  • to detect and prevent misconduct, to respond to emergencies and incidents, and otherwise to ensure the safety and security of staff, customers, visitors, and other persons;

  • to respond to various inquiries, opinions, and requests and to communicate with customers;

  • to conduct questionnaire surveys;

  • to provide the personal information to third parties by the method stated in this Global Privacy Policy;

  • for purpose of use separately notified or announced to you in accordance with the Act on the Protection of Personal Information; and

  • for other purposes permitted under applicable laws and regulations.

3. Legal basis, etc. for processing

The Company processes your personal information in accordance with applicable privacy laws and regulations.

The provision of your personal information may be mandatory for reasons such as being a statutory or contractual requirement, or being a necessary requirement for entering into a contract.

4. Retention period for personal information

In order to decide the appropriate retention period for personal information, the Company considers the following: the volume, nature, and confidentiality of the personal information; the potential risk of damage caused by unauthorized use or disclosure of the personal information; the purposes for which the Company processes the personal information, and whether the Company can achieve those purposes by other means; and applicable legal requirements. If any personal information collected by the Company becomes no longer necessary, the Company will delete or anonymize the personal information, or if such measures are impracticable (for example, if the personal information has been stored in back-up archives), the Company will retain the personal information safely until its deletion becomes practicable and ensure that any new processing will not be conducted with respect to your personal information.

5. Sources of personal information

The Company obtains your personal information from the following sources.

  • The Company receives personal information directly from you or automatically obtains terminal online identifiers such as cookies.

  • The Company may obtain the personal information from business operators duly authorized by customers, such as agents, agencies, or affiliated companies.

  • The Company may obtain your personal information from business operators who provide external services, by linking IDs for such external services such as social media accounts used by customers.

  • The Company indirectly collects analytics and attribution information of customers who have accessed to the Website from our website traffic analysis service providers, such as Google LLC.

  • The Company may infer your preferences and interests based on your personal information.

6. Sharing and disclosure of personal information

The Company shares with or discloses customer’s personal information to the following third parties in order to fulfil the purpose of processing personal information as set out above if (a) any of the following cases applies, (b) the Company obtains the consent to do so from customers, or (c) it is permitted by applicable personal information protection regulations of each country.

○Sharing with processors (service providers)

  • Outsourcing companies related to the provision of the accommodation services of the Facilities, such as Sankei Building Management Co., Ltd.

  • Website traffic analysis service providers such as Google LLC

  • Cloud service providers such as Google LLC and Salesforce, Inc.

  • Other contractors of the Company

○Legal compliance, etc.

In some instances, the Company may be required to disclose your personal information to public and governmental authorities within or outside your country of residence in accordance with laws and/or requests from such authorities. The Company will also disclose your personal information if the disclosure is necessary or appropriate due to the purposes of law enforcement or handling other issues of public importance. The Company will also disclose your personal information if the disclosure is reasonably necessary to protect the Company’s rights, to pursue available remedies, to enforce the Company’s terms of use, to investigate fraud, or to protect the Company’s operations or customers.

○Other

In addition, we may also share personal information of customers with other parties, including the following cases:

  • as part of a corporate sale, merger, acquisition, reorganization, or other transfer of all or part of our assets, including as part of a bankruptcy proceeding;

  • cases in which there is a need to protect a human life, body, or assets, and when it is difficult to obtain the your consent;

  • with your consent; and

  • other cases permitted under applicable laws and regulations.

7. Overseas transfer of personal information

As a result of the above sharing and disclosure, your personal information may be transferred to the following countries:

United States of America, Canada, Argentina, Antigua and Barbuda, Uruguay, Ecuador, El Salvador, Guyana, Cuba, Guatemala, Grenada, Costa Rica, Colombia, Jamaica, Suriname, Saint Vincent and the Grenadines, Saint Christopher and Nevis, Saint Lucia, Chile, Commonwealth of Dominica, Dominican Republic, Trinidad and Tobago, Nicaragua, Haiti, Panama, Bahamas, Paraguay, Barbados, Brazil, Venezuela, Belize, Peru, Bolivia, Honduras, Mexico

In such cases, the Company will take proper protection measures required by the personal information protection regulations of each country.

8. Safety management measures

For management of customers’ personal information in order to prevent the unauthorized disclosure, loss, or damage thereof, the Company takes the necessary and appropriate management measures. In addition, if the Company handles personal information in a foreign country, the Company will take necessary and appropriate measures for the safe management of personal data after ascertaining the external environment such as systems regarding the protection of personal information in such foreign country.

In addition, if any part of the handling of personal information is delegated to a contractor, the Company will select a contractor who is acknowledged to have handled personal information appropriately and will make arrangements in service agreements, etc. with the contractor regarding the necessary matters to prevent the divulgence of your personal information, such as on the management of personal information, confidentiality, and the prohibition of reprovision. The Company will cause such contractor to manage the personal information appropriately and will conduct appropriate supervision of the contractor.

9. Cookies and similar technologies

When a customer accesses the Website and such customer enables cookies, etc. (including tracking technologies such as flash cookies and web beacons, and other technologies; “Cookies, etc.”), the Company may automatically acquire information about the PC, mobile phone, tablet, or other information regarding the communication devices used by the customer etc. If the Company acquires such information, the Company will handle the information as personal information. If you do not wish to use Cookies, etc., you may disable them by changing your web browser settings. Please refer here for details.

◯Analytics cookies

We may work with third parties that collect data about your use of the Website over time. For example, the system may use Google Analytics for analytics and marketing purposes.

In Google Analytics, user information will be collected by using Cookies, etc. For more information about how Google Analytics collects and uses data when you use the Website, visit www.google.com/policies/privacy/partners, and to opt out of Google Analytics,

10. Links, etc. to third-party websites or the like

The Services may provide links to third-party websites or apps. We do not control the privacy practices of those websites or apps, and they are not covered by this Global Privacy Policy. You should review the privacy policies of other websites or apps that you use to learn about their data practices.

11. Rights of customers

The Company will respect the legal rights you hold regarding personal information protection regulations applicable to you. Customers may require disclosure of personal information, correction, addition, and elimination of content, suspension and erasure of usage, suspension of provision to third parties, and disclosure of records of provision to third parties in accordance with the procedures prescribed by the Company, pursuant to Japanese laws regarding protection of personal information. In addition, legal rights related to personal information laws will be applied to customers by the applicable personal information protection regulations of each country. If you wish to exercise your rights, please make an inquiry by sending an email stating the following inquiry matters (1) through (5) to the contact email address stated in Article 13 (Contact details) of this Global Privacy Policy.

[Inquiry matters]

(1)E-mail address,(2)Name,(3)Address,(4)Telephone number,(5)Details of inquiry (*Please state any applicable items)

  • Request for cancelling a subscription of e-newsletters, email and postal mail

  • Request for a correction of customer information held by the Company (including a change or addition thereto)

  • Request for a notification of purpose of use of customer information held by the Company

  • Request for the elimination of customer information held by the Company

  • Other details

12. Children’s personal information

The Company will take the necessary measures for children’s personal information in accordance with applicable laws and regulations.

13. Contact details

For questions, complaints, and other inquiries regarding the processing of personal information by the Company and this Global Privacy Policy, please contact the inquiry desk stated below:

COSMOS HOTEL MANAGEMENT Co., Ltd.
Inquiry desk for personal information disclosure, complaints, and consultations
E-mail: info@chm.cigr.co.jp

Please refer to the corporate overview for the address and the name of the representative of the Company. Please also note in advance that depending on the details of your inquiry, the Company may ask you to comply with the identification procedure separately designated by the Company.

14. SSL communication

The Company adopts SSL (Secure Sockets Layer) encrypted communication for personal information exchanges with customers carried out through the Internet on the Website. If you use a browser that does not support SSL, you may not be able to access to an SSL secure page or enter your information.

15. Changes to the Global Privacy Policy

The Company may, in making changes to the Global Privacy Policy (including country-specific exhibits), change or add all or part of the Global Privacy Policy by publishing such change or addition on the Website, sending an e-mail thereof to customers, or giving notice by any other method that the Company deems appropriate (subject to applicable laws and regulations, if any). If there are any necessary procedures in personal information protection regulations that will be applied, such procedures will be taken.

We encourage you to visit this page periodically to learn of any updates. You can see when the Global Privacy Policy (including country-specific exhibits) was last updated by checking the “last updated” date.

Cookies help us deliver services. By clicking "Accept," you consent to the use of cookies. Click here to learn more.