1. BASIC POLICY

Personal information has generally come to be stored in and processed by computers in recent years due to the rapid advance of information technologies. Because such information can be easily reproduced and transmitted using the Internet, it has sometimes been misued. Informatization has thus not only made life more convenient but has also raised concerns about infringements of personal rights and interests.
In the light of the need to protect privacy, La Posada Co., Ltd. takes utmost care in handling personal information, taking appropriate measures in the gathering, use, and storage of such information in accordance with the Law Concerning the Protection of Personal Information by Incorporated Administrative Agencies (IAI Privacy Protection Law).

the Law Concerning the Protection of Personal Information by Incorporated Administrative Agencies (IAI Privacy Protection Law)

Outline of the Privacy Protection Law

Definition

"Personal information" is defined as information, such as name and birthdate, about living persons that can be used to identify a particular individual.
Information covered by the law

1. (1)Of such information the law applies to that meeting the following two criteria: Information prepared or acquired by employees of an incorporated administrative agency as necessary to conduct their activities; and
2. (2)Personal information in the possession of an incorporated administrative agency for internal use by employees.

Collection of personal information

In collecting personal information, the incorporated administrative agency is required to

1. (1)Not acquire information through deceit or other improper methods;
2. (2)Limit such activities to only such cases where necessary to carry out its legally established activities; and
3. (3)Elucidate, in principle, the purpose for which such information is to be used when it is acquired directly and in writing from an individual.

Use and management of personal information

Regarding the personal information in its possession, the incorporated administrative agency is required to:

1. (1)Undertake proper management so as to prevent its leakage, loss, or damage; and
2. (2)Secure its accuracy within the scope necessary for the purpose of use.

The provision and use of this information should be within the scope of the intended purpose of use.

Request for disclosure and correct usage

Regarding the personal information in its possession, the incorporated administrative agency is required to:
Of personal information possessed by an incorporated administrative agency, individuals may request the disclosure of that pertaining to him- or herself. If, after such a disclosure, errors are found, the law stipulates that the individual may seek a correction of that information or the termination of its use.

2 PROTECTION OF PERSONAL INFORMATION

La Posada Co., Ltd. has established a set of rules and regulations on the proper internal management of personal information collected in accordance with legal stipulations.

3 REQUEST FOR DISCLOSURE

As stipulated in the IAI Privacy Protection Law's Article 14 concerning the legal obligation of independent administration institutions to disclose personal information in their possession, La Posada Co., Ltd. will, in principle, disclose such information about a person when requested to do so by that person him- or herself (excluding information that may infringe upon the rights or interests of third parties or which the person already has access to through legal means or by common practice). In case the person concerned is a minor or is under guardianship, that person's legal representative may request the disclosure on the person's behalf.

Please note that requests for disclosure can be made only about oneself or about a person for whom one is a legal representative.

Information that May Be Requested
A disclosure request may be made of information in the possession of La Posada Co., Ltd. (document, drawing, or electronically stored data prepared or acquired by a La Posada employee for internal use) that pertains to the person making the request.

the Law Concerning the Protection of Personal Information by Incorporated Administrative Agencies (IAI Privacy Protection Law)

Making a Request

Disclosure requests may be made in person at La Posada Co., Ltd. by appointment only.

La Posada Co., Ltd.
46 Toi, Izu-shi, Shizuoka-ken, 410-3302 JAPAN
Tel: +81-(0)558-98-2227 / Fax: +81-(0)558-98-2727
E-mail: info@laposada.co.jp

Note: Overseas residents seeking disclosure are asked to contact La Posada Co., Ltd.

Application Procedures

Disclosures will be made only of the personal information about the individual submitting the request. For this reason, applicants must present or mail “the disclosure request form” with a copy of personal identification, such as a driver's license, health insurance certificate, basic resident register card, residence card, special permanent resident certificate or other documents issued under prescribed law. Please refer to the disclosure request form for more information.

Notification of (Non)Disclosure

Decisions regarding the (non)disclosure of information will be made in accordance with the Screening Standards for Action Based on the IAI Privacy Protection Law and processed within, in principle, 30 days of the request. The decision will be notified in writing. Should the decision require more than 30 days due to processing difficulties, notification of the extension, along with the period of the extension, will be made.

Making the Disclosure

Those receiving a disclosure notification should select a specific disclosure method and mail it back within 30 days.
Those wishing to receive a copy of the information by postal mail should either send postage stamps along with the original request or the disclosure method application.

4 REQUESTING CORRECTIONS OR TERMINATIONS OF USE

The person making a disclosure request on information about him- or herself in the possession of the La Posada Co., Ltd. may request a correction of that information if he or she deems it to be contrary to fact. When such information is believed to have been collected in an illegal way or when it is being used or provided in violation of the provisions of the IAI Privacy Protection Law, the person may request that the use of such personal information be terminated or request its deletion.

Procedures for Correcting or Terminating the Use of Information

Submit a request in writing. Such requests are accepted for a period of up to 90 days following the disclosure of personal information.

Notification of Correction/Termination Decision

Decisions on whether to correct or terminate the use of personal information upon the receipt of a request will be made in accordance with the Screening Standards for Action Based on the IAI Privacy Protection Law. In principle, the decision will be made within 30 days, and the applicant will be notified in writing. Should the decision require more time due to processing difficulties, applicants will be notified of the extension of the notification period.

5 FILING AN OBJECTION

If there are objections to the decisions made regarding information disclosure or action on correction or termination of use, individuals may petition the Japan La Posada Co., Ltd. to seek redress in compliance with the Administrative Appeal Law (Law. No.160 of 1962) within 60 days from the following day when interested parties acknowledge the existence of the decisions. In case that individuals file a lawsuit to request withdrawal of the decisions, such party may file a case against the Japan La Posada Co., Ltd. for withdrawal of the decisions in compliance with Administrative Case Litigation Law (Law No.139 of 1962) within 6 months from the day when the interested party acknowledges the existence of the decisions.

Special Notes for the users in the EEA（European Economic Area） member countries

Privacy Policy
La Posada Co., Ltd. (the “Company”) shall comply with the EU General Data Protection Regulation (the “GDPR”) and other applicable national laws (“applicable laws”) in connection with the provision of any of the services that The Company provides (the “Services”) to users (the “Users”) in the European Economic Area (the “EEA”, and the countries that are members of the EEA are individually or collectively referred to as “EEA member countries”), and therefore hereby establishes this Privacy Policy (this “Privacy Policy”) in order to appropriately process the personal data and other data of Users in the EEA.

1. 1. Processing Personal data, etc.
   1. (1) Definitions
      “Personal data” means any data relating to an identified or identifiable natural person, including, without limitation, names, addresses, dates of birth, telephone numbers, e-mail addresses, and any other information collected in connection with providing the Services.
      “Processing” means any operation or set of operations which is performed on personal data, etc. or on sets of personal data, etc., whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
   2. (2)Purpose of use of personal data, etc.
      The Company will process the Users’ personal data to provide, improve and develop the Services.
      In the case of processing the Users’ personal data for purposes other than the above, The Company will notify Users in advance of such new purposes of use and other matters as required by applicable laws.
      By manifesting their intention to consent to this Privacy Policy, Users will be deemed to have consented to the processing of their personal data by The Company within the scope of the above purpose of use, and The Company will process the Users’ personal data based on such Users’ consent; provided, however, that Users may withdraw such consent at any time. Even in that case, this will not affect the lawfulness of processing performed pursuant to consent before the Users’ withdrawal thereof.
      The personal data that Users are to provide is necessary in order for The Company to provide the Service to the Users, and there may be cases in which Users who have not provided such data will be unable to use the Service.
   3. (3)Retention Period
      The Company will retain the Users’ personal data as long as The Company requires such data for achieving the purpose of use specified above.
   4. (4) Transfer
      The Company may share the Users’ personal data obtained by its overseas offices including those in London, Paris, Madrid, Rome, Cologne and Budapest with other offices including the headquarter in Japan, and may provide such data to third parties such as cloud vendors and outside contractors of The Company, etc., to implement the purpose of use specified above. Countries located outside the EEA (including, without limitation, Japan, the same shall apply hereafter) are among the third parties to whom The Company will disclose the Users’ personal data, and the Users shall be deemed to have consented to the following matters by consenting to this Privacy Policy:
      1. (a)In the case that the country in which the third party is located is outside the EEA, such country does not have the same data protection laws as EEA member countries, i.e., many of the rights provided to data subjects in the EEA may not be given;
      2. (b) The Users’ personal data will be provided and processed for the purpose specified above; and
      3. (c)The Users’ personal data will be provided to third parties located outside the EEA.
      In addition to the above, in the case that The Company provides the Users’ personal data to a third party located in a country outside the EEA, The Company will ensure that adequate measures such as standard contract clauses based on the GDPR are taken concerning the protection of the Users’ personal data.
   5. (5)Rights of Users
      The Users may request from The Company access to, rectification or erasure of, and restriction of processing of their personal data, may object to the processing of the Users’ personal data, and may request data portability. The Company accepts such Users’ requests at the contact point set forth in “3. Contact” below.
      The Company may refuse the Users’ requests if The Company deems that there is no basis for such Users’ requests or if they are deemed excessive.
      The Users may raise objections with the data protection authorities having jurisdiction over the location of the Users’ domicile with regard to the processing of their personal data.
2. 2. Safety Management Measures
   In order to protect from unauthorized access to personal data, loss, etc. of personal data, taking into account the type of personal data, the degree of sensitivity and the degree of economic influence and mental harm caused to Users in the case of a personal data breach, The Company comprehensively evaluates and judges the risks of personal data breaches, implements appropriate personal, organizational and technical safety management measures based on the risk of a personal data breach, if necessary, checks such safety management measures, sets up a process for correction, and constantly strives to improve security.
   The Company shall strive to appropriately manage personal data by restricting the entry of outsiders into the offices which are processing personal data, conducting educational awareness activities for all officers and employees involved in the protection of personal data, and placing a manager in charge for each division processing personal data.
3. 3. Contact
   In the event of Users having any questions or concerns regarding this Privacy Policy or the processing of personal data by The Company or having any requests concerning the access to, rectification of, erasure of, or restriction of processing of personal data, or regarding data portability, please contact The Company.
   The contact information for The Company is as follows:

La Posada Co., Ltd.
46 Toi, Izu-shi, Shizuoka-ken, 410-3302 JAPAN
Tel: +81-(0)558-98-2227 / Fax: +81-(0)558-98-2727
E-mail: info@laposada.co.jp

As of:  June 1st 2011