WHAT ARE COOKIES?
Cookies are small text files sent to your computer or mobile phone (referred to as a “device”) browser from a website and stored on your device. You will find further general information about cookies at aboutcookies.org. Other technologies work in a similar way to cookies and store information on a mobile device or access it including a mobile device Identifier for Advertising (IFA) or Android ID.
Cookies enable us to identify your device when you access our website. We can use the information they contain to:
-Personalize the website by storing preferences you select for the site;
-Store information as part of necessary functions of the website, e.g. when you make a booking;
-Restrict access to registered user’s data;
-Collect aggregated statistical information about the use of our website.
-Display advertising more relevant to your interests either on the site or on other sites users may visit.
CAN I CONTROL WHICH COOKIES I ACCEPT?
You can set your device’s browser to accept all cookies, to ask you when the websites sends a cookie, or not to receive cookies at any time. If you do not allow cookies certain features of our website will not work and accordingly you might not be able to take full advantage of all of our services. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences.
You can also find up-to-date information clearly explaining how to control or delete cookies on your Windows PC or Apple Mac at aboutcookies.org. To control or delete cookies on your mobile phone, you can set the ‘Limit Ad Tracking’ property located in the settings screen of your Apple iPhone, or by resetting your Android ID through apps that are available in the Play Store as well as referring to the device manufacturers instructions. See also the further information below on how to opt-out of third party cookies, such as those used for analytics and advertising.
1.WE TAKE PRIVACY SERIOUSLY
The protection of your privacy when processing personal data is important to us. In the following, we therefore inform you about the details of the processing of your personal data and your related rights.
By default, when you visit our website, our web servers store the IP address of your internet service provider, the website from which you visit us, the websites you visit, the date and duration of the visit. This information is mandatory for the technical transfer of websites and secure server operation. A personalized evaluation of this data does not take place.
2.DATA CONTROLLER AND DATA PROTECTION OFFICER
For all processing activities of your personal data in connection with the use of this website, we are “data controller” within the meaning of Art. 4 No. 7 GDPR.
You can contact us as follows:
11-9-101 Central Heigh
Tel: +80 30-6416-5784
Email: [email protected]
Legal representative: Devin Reyes
You can contact our Data Protection Officer as follows:
c/o Asistee consulting services KK
1-9-101 Central Heigh
Tel: +80 30-6416-5784
Email: [email protected]
3.YPE AND SCOPE OF DATA PROCESSING
3.1 SERVER LOG FILES
You can browse our website without having to provide any personal data. We only store the following types of access data in so-called server log files, such as:
-your IP address
-the type and version of your Internet browser
-the parts of our website you are browsing
-the referrer website (the website from which you are browsing us)
-the time, date, location, language, screen resolution, flash version, java, and duration of your browsing
The IP address can be regarded as personal data, since, under certain conditions and with additional information provided by the respective Internet service provider, it allows to obtain the identity of the subscriber of the Internet connection.
The data within the server log files is used by us exclusively to ensure the smooth operation of the website for which we have a legitimate interest in the sense of Art. 6 para. 1 lit. f) GDPR. Your IP address will be deleted within 26 months.
3.1 INQUIRIES BY YOU
We offer you the opportunity to contact us by email. In this case, we process the personal data you voluntarily provide to us when contacting us which includes at least your email address. We will only process these data for the correspondence with you and for the purpose for which you have given us the data in the course of this communication, such as to contact you at your request. In this case, processing takes place on the basis of your consent in the sense of Art. 6 para. 1 lit. a) GDPR. Insofar as processing is necessary for the performance of a contract to which you are party or in order to take, at your request, steps prior to entering into a contract, processing is based on Art. 6 para. 1 lit. b) GDPR. After completing your request, your data will be erased in compliance with statutory retention periods, unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.
4.FOR WHAT PURPOSES DO WE USE PERSONAL DATA AND ON WHICH LEGAL BASIS DO WE PROCESS?
4.1 MANDATORY DATA
If you want to make a booking through our site or if you want to apply with us, you have to provide certain data within the scope of the contract to be concluded. In any other context, the provision of personal data is neither required by law nor by contract, nor are you required to provide personal information. However, the provision of personal data for the use of our services may also be partially required within the services we provide. In other words, if you do not provide us with the information, we specify to be necessary, we may not be able to provide you with the full scope of services. When you visit our website, we store certain information for administrative and technical reasons.
On our website, you can subscribe to our email newsletter. In this case, we process the following data from:
-your email address
-the time and date of granting your consent
-your IP address
The e-mail address is required to send you our newsletter, the legal basis for the processing therefore stems from your consent, Art. 6 para. 1 lit. a) GDPR. Regarding the other types of data, we have a legitimate interest to document your granting of consent to receive the newsletter in order to be able to prove this in case of doubt, Art. 6 para 1 lit. f) GDPR. In order to obtain your consent, we use the so-called double opt-in procedure, which means that we will only send you a newsletter by email if you have previously explicitly confirmed to us that we should activate your account. After entering your email address into the input mask, we will send you a notification email asking you to confirm that you wish to receive our newsletter by clicking on a link in this email.
Alternatively, we may send you our newsletter, if
-we have obtained your email address in connection with the sale of goods or services,
-use your address for direct advertising of our own similar goods or services,
-you have not objected to this use, and
-you have been clearly and unequivocally advised when the address is collected and each time it is used that you can object to such use at any time without costs arising by virtue thereof, other than transmission costs pursuant to the basic rates.
We will send you newsletters for an indefinite period of time until you unsubscribe, or we decide to stop sending newsletters to you. If you no longer wish to receive newsletters from us, you can object to them at any time without costs arising by virtue thereof, other than transmission costs pursuant to the basic rates.
4.3 MyTokyoStays™ COMMUNITY MEMBERSHIP
You can register an account for the MyTokyoStays™ Community which will provide you various benefits. When you register for such an account, we will initially ask for your email address, to which a welcome email is sent to verify said email address and activate the account. The legal basis is Art. 6 para. 1 lit. b) GDPR.
After activation you are able to log in and provide further personal data voluntarily under “profile settings”. If you provide additional voluntary personal data, it will be used to prefill the personal details form upon making a booking, and/or be used to provide you with more refined topics in our communications, should you have opted in to any of our newsletters. The legal basis in these cases is Art. 6 para. 1 lit. a) GDPR.
We will store your data as long as you have an active MyTokyoStays™ Community Membership. When you cancel your membership, we will store your data in accordance with statutory retention periods and erase it afterwards unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.
4.4 DMyTokyoStays™ PRO
You can additionally register an account for the MyTokyoStays™ Pro – The Portal for Travel Professionals. When you register for such an account, we will ask for the following data:
-first and last name
-travel industry ID type
-travel industry ID number
-country/region and city
-key markets and target group
The legal basis is Art. 6 para. 1 lit. b) GDPR.
We will store your data as long as you have an active MyTokyoStays™ Pro Membership. When you cancel your membership, we will store your data in accordance with statutory retention periods and erase it afterwards unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.
4.5 HOTEL BOOKINGS AND CANCELLATIONS
You can book a hotel stay in our member hotels via our website. In this case, we process the following data:
-first and last name
-credit card information
These data are transferred via our reservation system to the respective member hotel for the arrangement of the contractual relationship.
In case you cancel your booking, we will process above data.
Should you wish so, with each booking on our website, the indicated email address and the associated booking information will be automatically registered with an account that stores the booking, such as the given email address, full name, and address provided during the booking. In order to access the account, it must be activated by following the instructions of the welcome email (see paragraph above, “MyTokyoStays™ Community Membership”). In any case, the legal basis is Art. 6 para 1 lit. b) GDPR.
Your bookings will be recorded for the purpose of making the specific information accessible to you and the statistic information available to us. This is necessary due to our legitimate interests of providing relevant offers to our customers and improving the user experience of our website, Art. 6 para. 1 lit. f) GDPR.
We will store such data in accordance with statutory retention periods.
4.6 WEBSITE AND NEWSLETTER PERSONALISATION
We aim for the best user experience on designhotels.com. Therefore, when you register to our newsletter, MyTokyoStays™ Community, Further, or MyTokyoStays™ Pro – The Portal for Travel Professionals, we will personalize content based on what pages you visit to show you the information that interests you the most. We will not create a personalised user profile. The underlying data is anonymised.
4.7 APPLICATION AS MEMBER HOTEL
You can submit an application to become a member hotel via our website. In this case, we ask for the following data:
-hotel opening date
-street and number
-city and postal code
-number of rooms and number of suits
-first and last name of contact
The legal basis is Art. 6 para. 1 lit. a) GDPR.
The data will only be used to decide whether to accept you
By using our online shop, we process the following data:
-city/state/providence and ZIP code
-credit card information
We disclose these data to third parties only in the context of extradition, payment, or in the context of legal permissions and obligations.
Possible categories of recipients are
-partners for handling payment transactions
-law firms or tax consultants
-law enforcement agencies
The data will only be processed to countries outside the EU/EEA, if necessary, for the performance of the contract. Where data are processed to a third country, we make sure that there exists an adequacy decision by the Commission or appropriate or suitable safeguards in the sense of Art. 46, 47 GDPR or derogations in the sense of Art. 49 GDPR or inform you otherwise in this Policy.
Processing is for the purpose of providing our contractual services, billing, delivery and customer care. The legal basis derives from Art. 6 para. 1 lit. b) GDPR as far as execution of order transaction is concerned and from Art. 6 para. 1 lit. c) as far as retention periods are concerned.
All data will be erased in accordance with statutory retention periods erased, unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.
Under https://further.designhotels.com, MyTokyoStays™ offers a traveling laboratory for experimental hospitality and collaborative culture. While browsing “Further”, Server Logfile data will be processed in a way as described in section 3.1.
4.10 APPLICANTS DATA
In the event that you apply for a job via our website, you first need to register with an account. We collect the following data:
-first and last name
-information on how your heard about us
You may additionally add you LinkedIn or Xing profile and other documents.
Your data will only be used for the decision on whether to establish an employment relationship with you. It will be forwarded internally to the responsible contact persons only who will decide on the staffing of the position you are interest in. In case you do not apply for a specific vacancy, we will use your data with regard to all positions vacant at the moment of your application that meet your requirements.
The legal basis for the processing is Art. 88 JDPR in conjunction with section 26 para. 1 Japan Federal Data Protection Act.
We will erase your data after completion of the application process upon expiry of a six months retention period.
4.11 WEBSITE TECHNOLOGY AND TRACKING
4.12.1 AUTO LOG IN
If you choose to stay logged in on our website, we will store your login information in a cookie on your computer so that you do not have to authenticate upon return to our website but will be automatically logged in (“auto log in”). The cookie and thereby the auto log in expire automatically after 60 days.
On our website we use different services provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereafter “Google”.
Google is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016D1250&from=EN). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
184.108.40.206 GOOGLE TAG MANAGER
220.127.116.11 GOOGLE ANALYTICS WITH ANONYMIZATION FUNCTION
Your IP address will not be merged with other data provided by Google. You can prevent the storage of cookies in your browser settings. You can also prevent the storage of cookies by installing a browser plug-in which can be downloaded here: https://tools.google.com/dlpage/gaoptout?hl=en.
Your personal data will be erased after 26 months. If you do not agree, you can opt-out of this through the “My Account” section of your Google Account.
18.104.22.168 GOOGLE REMARKETING
This website uses the Google Remarketing feature. The feature is designed to present interest-based ads to web page visitors within the Google Network. The technology allows us to post automatically generated, targeted ads after you visit our website. The advertisements are based on the products and services you clicked on the last visit to our website. For this purpose, a cookie is stored in the browser of the website visitor, which makes it possible to recognize the visitor when he calls web pages belonging to the advertising network of Google. Google usually stores information such as your web request, IP address, browser type, browser language, and the date and time of your request. This information is used to associate the web browser with a particular computer. On the pages of the Google Network, advertisers can then be presented with ads related to content that the visitor previously viewed on web pages that use Google’s remarketing feature.
If you visited https://www.google.com/settings/u/0/ads/authenticated you agree to linking your browsing history of Google with your Google Account, and information from your Google Account is used for ad personalization, as well as the remarketing feature across devices. Google collects your Google ID and uses it for cross-device discovery.
If you do not wish to use Google Remarketing, you can disable it by following Google ads settings here: https://adssettings.google.com/authenticated.
22.214.171.124 GOOGLE SITESEARCH (GOOGLE AJAX SEARCH API)
126.96.36.199 GOOGLE GOOGLEADSERVICES / GOOGLE ADWORDS CONVERSION
4.12.4 MICROSOFT BING ADS
On our website, we use the conversion and tracking tool “Bing Ads” of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft is certified under the Privacy Shield Agreement, which is why it guarantees to comply with European data protection law. Microsoft Bing Ads places a cookie on your device if you have accessed our website via a Microsoft Bing ad. Microsoft Bing as well as we can thus recognize that someone clicked on an ad, was redirected to our website and reached a previously determined landing page (conversion page). We only get to know the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user will be shared. If you do not want information about your behaviour to be used by Microsoft as explained above, you can refuse the cookies in your browser settings. In addition, you may prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by Microsoft by using the following link: http://choice.microsoft.com/en-EN/opt-out and objecting to the use of these cookies. For more information about privacy and cookies used by Microsoft and Bing Ads, visit the Microsoft Web site at https://privacy.microsoft.com/en-us/privacystatement.
188.8.131.52 FACEBOOK IMPRESSIONS
In this context we use the function Facebook Impressions. Through this feature information about the frequency with which a post of our site is displayed is gathered. Here the frequency of the page views is recorded by the visitors of our website. The information generated by these cookies, such as time, location and frequency of your website visit, including your IP address, will be transferred to the Facebook servers in the United States.
184.108.40.206 FACEBOOK CUSTOM AUDIENCES PIXELS
To promote interest-based advertisements to visitors to our website while visiting Facebook, we use Custom Audiences Pixel from Facebook. It connects to the Facebook servers when visiting our website. The information that you have visited our website is transmitted to the Facebook server and Facebook assigns this information to your personal Facebook user account.
This website uses Mouseflow, a web analytics tool of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to collect randomly selected individual visits (using an anonymous IP address only). The mouse movements, mouse clicks and keyboard interactions are logged at random, along with the intention of individual visits to this site as so-called session replays to reproduce and evaluate the so-called heat maps and determine potential improvements for this site. The data collected by Mouseflow are non-personal and will not be disclosed to third parties. The storage and processing of the collected data takes place within the EU. If you do not want to be tracked by Mouseflow on any websites using this cookie, you may object to this at the following link: https://mouseflow.com/opt-out/
4.13 FACEBOOK LEAD ADS
We use Facebook Lead Ads and collect your email address to send you newsletters. The rules set out in Section 4.2 apply to registration, unsubscription, and dispatch details.
In connection with the processing of your personal data, you have the following rights. These can be basically exercised free of charge. However, where your requests for the rights set out in numbers 2 to 5 are manifestly unfounded or excessive, in particular because of their repetitive character, we may either
-charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or
-refuse to act on the request.
5.1 WITHDRAWAL OF CONSENT
You have the right to withdraw any consent you have given us for processing your data. However, this will only effect future processing. The lawfulness of processing carried out on the basis on your original consent will not be affected.
5.2 CONFIRMATION AND ACCESS
You have the right to request confirmation as to whether your person data is being processed. If this is the case, you are entitled to have access to the personal data in the sense of Art. 15 JDPR.
5.3 RECTIFICATION AND ERASURE
You have the right to demand rectification of incorrect personal data and the completion of incomplete data (Art. 16 JDPR) as well as, under the conditions of Art. 17 JDPR, erasure of your data.
5.4 RESTRICTION OF PROCESSING
You have the right to restrict the processing of your personal data under the conditions of Art. 18 JDPR.
5.5 RIGHT TO DATA PORTABILITY
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without our hindrance. However, this right exists only insofar as the processin