Contact Us
  • Instagram
  • X
  • Reservation
  • Facebook
  • YouTube
Contact Us

Privacy Policy

Privacy policy

In order to comply with the Act on the Protection of Personal Information (hereinafter referred to as the "Personal Information Protection Act") and other related laws and regulations, our group has established the following privacy policy (hereinafter referred to as the "Privacy Policy") as basic matters regarding personal information, and will strive to protect and use personal information appropriately.

1. Definition of personal information and personal-related information

In this Privacy Policy, the following terms shall have the following meanings:

  1. "Personal information" refers to information relating to an individual customer that falls under any of the following:
    • The content of the information can identify you, or the information cannot identify you by itself but can be easily collated with other information to identify you.
    • Including personal identification code
  2. "Personal Data" refers to personal information stored in a database.
  3. "Personally Related Information" refers to information about an individual customer that does not fall under the category of "Personal Information."
    "Our Group" refers to GENSEN HOLDINGS Co., Ltd. and its affiliated companies, Ooedo-Onsen Monogatari Hotels & Resorts Co., Ltd. and its affiliated companies (collectively referred to as the "Ooedo-Onsen Monogatari Group"), and Yukai Resort Co., Ltd. and its affiliated companies (collectively referred to as the "Yukai Resort Group").
  4. For more information about the Ooedo Onsen Monogatari Group and Yukai Resort Co., Ltd., please see the links below.
    Ooedo Onsen Monogatari Group:https://www.ooedoonsen.jp/corporate/ooedoonsen/about/
    Yukai Resort Group:https://yukai-r.jp/info/

2. Personal information acquired

Specific examples of personal information collected by our group are as follows:

  1. Information about you
    Name, date of birth, gender, age (generation), address, telephone number, email address, (in the case of a corporate contract) company affiliation, etc.
  2. Member Information
    Membership type, membership number, permission and delivery history for direct mail and e-mail magazines, e-mail magazine opening status, coupon usage history, etc.
  3. Hotel reservation information
    Information about the facility you plan to use, reservation date, requests regarding your stay, etc.
  4. Accommodation Information
    The date of your actual stay, your usage history of facilities and products and services provided by our Group, survey responses, etc.
  5. Banquet reservation information
    Information regarding the facility you plan to use, reservation date, requests for the banquet, etc.
  6. Banquet Information
    The date the banquet was actually held, your usage history of the facilities and products and services provided by our group, your survey responses, etc.
  7. Information about hot spring facilities
    Usage history of bathing facilities, usage history of facilities and products and services provided by our group, survey responses, etc.
  8. Information regarding participation in events, etc.
    Application and participation status for events, survey responses, etc.
  9. Information about your interactions
    Content of inquiry and related response, etc.
  10. Information we obtain from third parties
    Our Group may acquire your personal information from a third party if you have given your consent or if permitted by law. For information about how our Group acquires personal information, please see "4. Acquisition of Personal Information."
  11. Information regarding access to the sites provided by the Group
    Browsing history, customer device information, customer attribute information, etc. on sites provided by our group, collected through cookies, etc. (please refer to "1. Use of Cookies, etc." for details) linked to the information in 10 to 9

3. Purpose of using personal information

Our group uses your personal information for the following purposes:

  1. Sales of products, provision of membership services, and other related activities
  2. Sending information, guidance, and e-mails regarding products, services, special offers, events, etc. at our group's facilities according to your hobbies, preferences, location information, etc.
  3. Delivery of push notifications, banner advertisements, internet advertisements, etc. regarding products, services, special offers, events, etc. at each facility of our group according to your hobbies, preferences, location information, etc.
  4. Responding to various inquiries, requests for information, etc.
  5. Collecting customer opinions and requests to improve products and services
  6. Creation of basic data for conducting customer trend analysis, market research, and other analyses necessary for management, and creation of statistical data that does not identify specific individuals (The Group may use statistical data that does not identify specific individuals without any particular restrictions, and may provide it to third parties.)
  7. Fulfillment of the Group's obligations and exercise of its rights, as well as various incidental responses to facility operation and business management
  8. Emergency communication and response in the event of a disaster, etc.
  9. To protect security, prevent unauthorized use, and prevent antisocial behavior
  10. For other purposes that are notified to customers individually at the time of acquiring personal information

In order to achieve the above-mentioned purposes of use, the information described in "2. Personal information to be acquired" may be processed and learned as a learning dataset by AI tools such as generation AI provided by our group or a third party, and the generated results may be output and used by inputting prompts (entering instructions/questions into the AI ​​tool) into the AI ​​tool, etc. (For example, having an AI tool learn your preferences, attributes, behavior, etc., to introduce products/services and deliver content tailored to you).
When using AI tool training and the products created by AI tools, we will endeavor to take necessary measures not to infringe on the rights and interests of our customers.

Furthermore, in order to continually achieve the above-mentioned purposes of use, the Group will share and use within the Group personal data that has been previously acquired and handled by individual companies within the Group. Such use will be carried out only after presenting this Privacy Policy to the customer and obtaining their consent in advance. For details about the Group's shared use, please refer to "7. Shared Use."

4. Acquisition of Personal Information

Our Group may obtain personal information about customers who have agreed to this Privacy Policy from third parties, link it with personal data already held by our Group, and use it for the purposes described in "3. Purpose of Use of Personal Information" as follows.

Sources of personal information

  1. Our Group
  2. Advertisement distribution companies, media operating companies, affiliate businesses, DMP businesses, and other service providers and third parties that are business partners used by our group

Items of personal information to be acquired

  1. Site browsing history, search history, product purchase history, service usage history, responses to advertisements, and other behavioral history
  2. Analysis of customer attributes, purchasing trends, interests, etc. based on 1 above
  3. Cookie IDs, advertising identifiers (IDFA, AAID, etc.), and other online identifiers
  4. location information

5. Provision of personal data to third parties

Our Group will not provide personal data to third parties without the prior consent of the customer, except in the following cases:

    1. According to laws and regulations
    2. When it is necessary for the protection of a person's life, body, or property, and it is difficult to obtain the applicable person's consent
    3. When it is particularly necessary to improve public health or promote the sound development of children, and it is difficult to obtain the consent of the person
    4. When providing personal data in connection with entrusting the handling of personal data to the extent necessary to achieve the purpose of use
    5. When providing personal data in connection with a merger or other business succession
    6. When the personal information is used in a shared manner as stipulated in the Personal Information Protection Law
    7. Other cases permitted by law.
  2. Notwithstanding the preceding paragraph, the Group may analyze the service usage history of customers who have agreed to this Privacy Policy and provide the results to third parties in order to investigate, identify, and prevent fraud, cyber attacks, and other potentially illegal or improper activities and to protect the rights and interests of customers, the Group, or third parties.
    Notwithstanding paragraph 1, our group will provide personal data of customers who have agreed to this privacy policy to third parties as follows.
    Recipients of personal data Purpose of provision Items of personal data to be provided
    Advertisement distribution companies, SNS and other platform operators, affiliate companies, media companies, etc.
    • To analyze customer interests, etc. and deliver our group's advertisements based on the results.
    • To measure advertising effectiveness
    • To calculate and pay performance-based advertising fees
    • To improve the quality and quality of services provided by our group and our recipients

    The personal data provided by our group includes the following information. Please note that the information provided by our group does not include information that can identify a customer by itself, such as name or address.

    • Online identifiers such as cookie IDs and advertising identifiers
    • Member ID or other unique identifier
    • Site browsing history, search history, service usage history, responses to advertisements, and other behavioral history
    Customer support tools/service providers, etc.
    • To record and analyze the contents of telephone conversations with customers (including automatic transcription of telephone conversations and conversation analysis using AI, etc.)
    • To improve the quality and quality of services provided by our group and our recipients
    • To protect security, prevent unauthorized use, and prevent antisocial behavior within our group and the recipients of the information
    		 The personal data we provide includes the following information:
    Information regarding items 2 to 1 in "9. Personal information to be acquired"
    Reservation status analysis support tools/service providers, etc. To secure the necessary number of rooms and set appropriate terms of use in response to customer reservations, etc. The personal data we provide includes the following information:
    Information regarding items 2 to 3 in "8. Personal information to be acquired"
    [Provision to third parties in foreign countries]

    Our Group will provide the personal data of customers who have agreed to this Privacy Policy to the following third parties in foreign countries.

    Recipients of information related to advertisement delivery
    Recipient (name of business, country of company location, and information on the systems of the country (other than Japan) in which the data is handled)
    *You can refer to the report on the country provided by the Personal Information Protection Commission from the link.     		Google LLC
    Company location: United States (California)
    Countries where data is processed (other than Japan): Not specified (The company's servers are located around the world, and data may be processed on servers located outside the country of your residence. For more information,click herePlease refer to. )
    Information regarding measures taken by the business operator to protect personal information The company has obtained SOC1-Type1 audit and ISO/IEC27001:2013 for Google Ads. Please also see below.
    Purpose of provision
    • To deliver advertisements on the services provided by our group based on your interests and the usage of our group's sites and services.
    • To measure advertising effectiveness
    • To calculate and pay performance-based advertising fees
    Items of personal data to be provided

    Name, telephone number, email address, browsing history on sites provided by our group collected using cookies, etc.

    Recipients of information related to outsourcing, etc.
    Recipient (name of business, country of company location, and information on the systems of the country (other than Japan) in which the data is handled)
    *You can refer to the report on the country provided by the Personal Information Protection Commission from the link.     		Braze Inc.
    Company location: The United States of America
    Countries where data is processed (other than Japan): The United States of America
    Information regarding measures taken by the business operator to protect personal information The company has obtained SOC2-Type2 audit and ISO/IEC27001:2013 certification.
    Purpose of provision

    To analyze browsing history and customer attribute information on sites provided by our group, as well as to carry out outsourced work (development, operation, and maintenance) related to the provision of systems for implementing advertising measures such as direct mail and e-mail newsletters

    All information listed in "2. Personal information to be acquired" in the personal data provided
    Recipient (name of business, country of company location, and information on the systems of the country (other than Japan) in which the data is handled)
    *You can refer to the report on the country provided by the Personal Information Protection Commission from the link.     		Oracle Corporation
    Company location: The United States of America
    Countries where data is processed (other than Japan): Singapore
    Information regarding measures taken by the business operator to protect personal information The company has obtained SOC1, SOC2, SOC3 audits, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27701, etc.
  3. Purpose of provision

    For outsourced work (development, operation, and maintenance) related to the provision of a system for managing customer membership information, reservation information, etc.

    All information listed in "2. Personal information to be acquired" in the personal data provided
    Recipient (name of business, country of company location, and information on the systems of the country (other than Japan) in which the data is handled)
    *You can refer to the report on the country provided by the Personal Information Protection Commission from the link.     		SAS Institute Inc.
    Company location: The United States of America
    Countries where data is processed (other than Japan): Singapore
    Information regarding measures taken by the business operator to protect personal information The company has obtained SOC2-Type2 audits and ISO 27001 certifications.
    Purpose of provision

    To carry out outsourced work (development, operation, and maintenance) related to the provision of a system for analyzing sales, reservation status, etc.

    Information regarding items 2 to 3 in "8. Personal information to be acquired" of the personal data to be provided
    Recipient (name of business, country of company location, and information on the systems of the country (other than Japan) in which the data is handled)
    *You can refer to the report on the country provided by the Personal Information Protection Commission from the link.     		Treasure Data, Inc.
    Company location: The United States of America
    Countries where data is processed (other than Japan): The United States of America
    Information regarding measures taken by the business operator to protect personal information We have undergone SOC2-Type2 audits and are certified with ISO27001, Privacy Mark, etc.
    Purpose of provision

    To manage and analyze customer membership information, reservation information, inquiries, etc., analyze browsing history and customer attribute information on sites provided by our group, and for outsourced work (development, operation, maintenance) related to the provision of systems for implementing advertising measures such as direct mail and email newsletters

    All information listed in "2. Personal information to be acquired" in the personal data provided
    Recipient (name of business, country of company location, and information on the systems of the country (other than Japan) in which the data is handled)
    *You can refer to the report on the country provided by the Personal Information Protection Commission from the link.     		salesforce.com, inc.
    Company location: The United States of America
    Countries where data will be handled (other than Japan): Unspecified (Data may be handled in the United States and other countries for the provision and development of services and provision to affiliated companies, etc. For details,click herePlease refer to. )
    Information regarding measures taken by the business operator to protect personal information We have obtained CBPR and PRP certification. For details,click here for more information.
    Purpose of provision

    To manage and analyze customer membership information, reservation information, inquiries, etc., analyze browsing history and customer attribute information on sites provided by our group, and for outsourced work (development, operation, maintenance) related to the provision of systems for implementing advertising measures such as direct mail and email newsletters

    All information listed in "2. Personal information to be acquired" in the personal data provided
    Recipient (name of business, country of company location, and information on the systems of the country (other than Japan) in which the data is handled)
    *You can refer to the report on the country provided by the Personal Information Protection Commission from the link.     		Twilio Inc.
    Company location: The United States of America
    Countries where data will be handled (other than Japan): Unspecified (Data may be handled in the United States and other countries for the provision and development of services and provision to affiliated companies, etc. For details,click herePlease refer to. )
    Information regarding measures taken by the business operator to protect personal information We have received SOC2-Type2 audit, CBPR certification and PRP certification.
    Purpose of provision

    For outsourced operations (development, operation, and maintenance) related to system provision for implementing advertising measures such as e-mail newsletters

    Information 2 and 1 in "2. Personal information to be acquired" under the personal data provided
    Recipient (name of business, country of company location, and information on the systems of the country (other than Japan) in which the data is handled) *You can refer to the report on the country provided by the Personal Information Protection Commission from the link. Okta, Inc.
    Company location: United States (California)
    Countries where data is handled (other than Japan): Unspecified (It may be handled in the United States and other countries for the provision and development of services and provision to affiliated companies, etc. The cloud services provided by the company areAustraliaIt is built in the region.
    Information regarding measures taken by the business operator to protect personal information We have received SOC2-Type2 audit, ISO 27001:2013, ISO 27018:2019, ISO 27017, etc. certifications.
    Purpose of provision

    For outsourced work (development, operation, and maintenance) related to the provision of authentication systems on sites provided by our group

    Items of personal data to be provided

    Email address, password, authentication logs, etc.

6. Commissioning

The Group may outsource the handling of personal data to a third party to the extent necessary to achieve the purposes of use described in "3. Purpose of Use of Personal Information." In such cases, the Group will evaluate and select the outsourcing party based on the standards separately determined by the Group, and will provide appropriate supervision to the outsourcing party.

7. Joint use

Our Group will jointly use your personal data as follows:

  1. Items of personal data to be jointly used
    All information described in "2. Personal information to be acquired" (including information previously acquired by our group)
  2. Purpose of use of jointly used personal data
    All purposes of use described in "3. Purpose of Use of Personal Information"
  3. Scope of joint users
    Our Group
  4. Shared use manager
    Ooedo Onsen Monogatari Hotels & Resorts Co., Ltd.
    For company profile and representative, please see the link below.
    https://www.ooedoonsen.jp/corporate/ooedoonsen/about/

8. Personal data management

The Group will appropriately and strictly manage the personal data it collects (including personal information that the Group has acquired or is planning to acquire and that the Group plans to handle as personal data), take appropriate measures to prevent the leakage, loss, damage, etc. of personal data, provide necessary and appropriate supervision to the Group's employees, and when the Group outsources the handling of personal data, provide necessary and appropriate supervision to ensure the safe management of personal data at the outsourced party, thereby striving to protect the personal data of customers. For details of the measures the Group takes to protect personal data, please contact the office listed in "12. Contact for inquiries regarding personal information."

9. Use of Cookies

The sites provided by our Group use cookies for the purposes of personalizing content, analyzing site usage, delivering behaviorally targeted advertising, measuring advertising effectiveness, etc. Cookies are a technology that stores information in the browser used by the customer when the customer browses a website. Our Group and third parties authorized by our Group can identify the customer's browser by using the ID stored in the cookie (cookie ID).

When you visit a site provided by our Group, the browsing history and search history of the site provided by our Group, referrer information, information about your device and browser, etc. will be linked to a cookie ID or advertising identifier and sent to our Group or to third-party services authorized by our Group.

If you wish to restrict the use of cookies themselves, you can do so through your browser settings; however, please note that this may prevent you from using some of the functions on the sites provided by our group.

10. Requests regarding your personal data

Identification of retained personal data subject to requests for disclosure, etc.
When requesting disclosure, etc., please specify the relevant personal data held.
Please note that the following personal information is not subject to disclosure:

    1. Items not included in the retained personal data
      The Group is merely outsourced to providing such data, and the Group has no authority to disclose such data.
    2. Information not subject to disclosure, etc., pursuant to Article 33 of the Law
      • Information whose disclosure, etc. may be harmful to the life, body, property, or other rights and interests of the person or a third party
      • Information whose disclosure, etc. may seriously impede the proper performance of the Group's business
      • Any information whose disclosure may violate other laws and regulations
    3. Other matters stipulated by laws and regulations
  2. Scope of disclosure, etc.
    The scope of disclosure, etc. will be limited to the individual's address, name, the Group's purpose of use, and other information contained in the retained personal data that has been acquired and is currently held by the Group.
    Procedures for disclosure, etc.
    1. Contact for disclosure requests
      If you wish to make a request for disclosure, etc., please call the office listed below, and the office will send you the necessary documents by mail.
    2. Documents (formats) to be submitted when requesting disclosure, etc.
      When making a request for disclosure, etc., please fill out all the required information on the application form sent by the relevant office, enclose documents for identity verification, and return it to us. The documents to be returned are (a) and (b) below.
      • One copy of our group's designated application form
      • Identification documents
        • If you have a driver's license, health insurance card, or other document that shows your current address, please attach a copy of either to your application form.
        • If your current address is not listed on your passport or other document, please attach a copy of it as well as a copy of your residence certificate to the application form.
  3. Request for disclosure, etc. by an agent
    If the person making a request for disclosure, etc. is the legal representative of a minor or an adult ward, or an agent delegated by that person to make a request for disclosure, etc., please enclose the following documents ((a) or (b)) in addition to the application form in the preceding paragraph (a).
    • In the case of a legal representative
      • Documents to confirm legal representation: Family register, copy of health insurance card with dependents listed if the person has parental authority
      • Documents verifying the identity of the legal representative, or a copy of a document such as a driver's license that lists the representative's current address
      • If your current address is not listed on your passport or other document, please provide a copy of it as well as a copy of your residence certificate.
    • In the case of a delegated representative
      • One copy of the group's designated power of attorney
      • One copy of the person's seal certificate
      • Documents verifying the identity of the representative, or a copy of a document such as a driver's license that shows the representative's current address
        (Note) The "copy of resident's card" and "seal certificate" must have been issued within three months of the application date.
  4. Procedural fees and collection methods
    Our group will charge the following fees when requesting disclosure, etc.
    (No fee will be charged for requests for corrections, additions or deletions.)
    Please pay 1 yen (including consumption tax) for each request to the financial institution designated by our group. Please note that the financial institution's fees should be borne by the person making the disclosure request or their agent.
  5. Procedural fees and collection methods
    We will respond in writing to the address stated on the applicant's application form.
  6. Purpose of use of personal information acquired in relation to requests for disclosure, etc.
    Personal information obtained in response to a request for disclosure, etc. will be handled only to the extent necessary to respond to the request for disclosure, etc. Documents submitted will not be returned. The documents will be destroyed without delay after the response to the request for disclosure, etc. has been completed.
  7. Points to note
    We will contact you in the following cases. Please note that if you do not respond within the specified period after contacting us, we will not accept your request for proper disclosure, etc. In this case, we will refund any fees already paid.
    • If there is a deficiency in the application documents
    • When the identity of the person cannot be confirmed, such as when the address stated in the application form, the address stated in the identity verification document, and the registered address of the Group do not match
    • When an application is made by a proxy, the authority of the proxy cannot be confirmed
    • If the fee is insufficient or not paid

    The following cases will be considered reasons for non-disclosure. If a decision is made not to disclose, we will notify you to that effect and explain the reason. In addition, in the case of non-disclosure, we will refund the designated fee.

    • If the subject of a request for disclosure, etc. does not fall under "personal information subject to disclosure"
    • When there is a risk of harming the life, body, property or other rights and interests of the person or a third party
    • When there is a risk of causing significant disruption to the proper execution of the Group's business
    • When it violates other laws and regulations

11. Changes to and Notification of Privacy Policy

Our Group may change the contents of this Privacy Policy in response to changes in laws, regulations, operating policies, etc. If the changes are significant, our Group will notify customers of the changes in advance. This will be done by a method that our Group deems appropriate, such as posting on the sites our Group provides or notifying customers by email. Changes to this Privacy Policy will take effect for all customers on a date determined by our Group. However, if customer consent is required for the changes, the changes will only take effect with respect to customers who have given their consent.

12. Contact information for inquiries regarding personal information

For questions or inquiries regarding the handling of personal information by our group, please contact us at the following details.

[Contact]
〒104-0061 16-21-XNUMX Ginza, Chuo-ku, Tokyo
Ooedo Onsen Monogatari Hotels & Resorts Co., Ltd.
"Personal Information Inquiry Desk" within the Call Center
TEL 050-3385-8642(Weekdays 9:00-18:00)

Established on March 2024, 3, last revised on April 1, 2024