JR East Niigata City Create Inc.Privacy policy

This Privacy Policy applies to the processing of personal information of all stakeholders (customers, job applicants, external business partners of The Company, etc.) in connection with the business operations of JR East Niigata City Create Inc. (hereinafter referred to as ""we," "us," and "our")") or the use of The Company's corporate website (hereinafter referred to as "The Website"), in accordance with applicable laws and regulations, as well as any future laws and regulations that may replace them.

Under this privacy policy, we will provide information in accordance with laws and regulations concerning the processing of personal information. This privacy policy sets forth the basis based on which we process the personal information of customers provided to us or the personal information of customers we obtain from another source. Please read this privacy policy in order to gain a sufficient understanding of it.

1. Basic policy

We have established this privacy policy and an organizational system for handling the personal information of all stakeholders (such as customers, job applicants, and external business partners of the Company) who are involved in our business or use The Website, and we strive for the appropriate protection of personal information.

(1)　Acquisition of personal information

We acquire the personal information stated in this privacy policy for the purpose of providing the services of The Company or conducting necessary business operations of The Company . We only acquire personal information within the scope of its intended purposes of use and clearly explain such purposes of use, the scope of use, and how to contact our inquiries office.

(2)　Prohibition on the use of personal information beyond the intended purposes and the provision of personal information to third parties

We use personal information only within the scope of its intended purposes of use, have appointed a Personal Information Protection Manager and established an organizational system for the protection of personal information. We manage personal information appropriately and only provide or disclose personal information to third parties under special circumstances.

(3)　Outsourcing processing of personal information

In the event that we outsource the processing of personal information, we will prohibit outsourced persons from leaking or providing personal information to third parties by entering into an agreement with them and supervising such outsourced persons to ensure that it is managed appropriately.

(4)　Rights of provider of personal information (Persons Concerned)

Providers of personal information ("Person/s Concerned") have the right to withdraw their consent to our use of their personal information at any time even if they previously consented to the intended purposes of use. In addition, Persons Concerned have the right to request that we take procedures to cease the use of, disclose, or take other action with respect to the retained personal information pursuant to the provisions of applicable laws and regulations.

(5)　Procedures for requesting cessation of use, disclosure, or the taking of other action with respect to personal information

In the event that Persons Concerned wish to request that we cease the use of, disclose, or take other action with respect to the retained personal information, they must contact the inquiries office specified by us. We will respond promptly to the extent reasonably possible.

(6)　Observance of laws and regulations

We observe laws, regulations, and standards applicable to the retained personal information, provide in-house education concerning the protection of personal information, inform employees of our policy, and aim to improve employee awareness. We also provide information on matters concerning confidentiality in our work rules.

(7)　Maintenance and improvement of the protection of personal information

We regularly evaluate and review this privacy policy and the systems for the protection of personal information, and conduct audits to maintain and improve the above efforts and actions for the protection of the retained personal information.

(8)　Personal information on link destinations

We shall bear no responsibility for the protection of personal information on websites of other entities or individuals linked to the Website.

(9)　Maintenance of personal information

In the event that a portion of the personal information acquired by us is managed in the database of an overseas third-party service provider with whom we have a contractual relationship, we will implement security control measures based on our knowledge of the system for the protection of personal information in the country concerned.

(10)　Regarding publishing this privacy policy

Posted on The Website ,the privacy policy can be viewed at any time.

• [privacy policy]

2. Acquisition and purposes of use of personal information

We acquire and use the personal information below for the following intended purposes. We do not use personal information beyond the scope of its intended purposes of use without the consent of the Persons Concerned.

(1)　Personal information of customers

①Personal information acquired/method of collection

We may receive information that Persons Concerned provide to us, whether by means of a form on the Website, by email, in a letter, or otherwise, such as name, age, gender, date of birth, occupation, employer information, address, telephone number, email address, nationality, and passport number, within the scope necessary for the following purposes of use.
We may also receive the above personal information from Online Travel Agents (OTA), travel agents, and restaurant booking sites.

②Purposes of use

1. For performing work required to provide services at The Company (travel, advertising, retail, hotels, real estate leasing and all other businesses stipulated in our Articles of Incorporation (Note 1)).
2. For concluding and performing contracts including the provision of products and services, for conducting post-contract management, and for providing after-sales services for the products and services provided.
3. For offering on-line booking and other related businesses
4. For handling inquiries and requests, etc.
5. For providing necessary information on the products, services, events and other related business activities of The Company.
6. For providing information on the products, services and events of The Company to the customers who have consented to sending by direct mail, email and LINE, etc.
7. For offering prizes or campaigns.
8. For grasping and analyzing the state of usage of the products, services and events of The Company to improve their quality, or for business analysis.
9. For billing and storage of fares and charges related to our products and services, and for credit protection (including cases where credit card payment procedures are requested of a credit company).
10. For exercising rights and performing duties based on laws and the provisions of terms and conditions for accommodation.
11. For ensuring the security of customers and employees.
12. For maintaining and managing facilities, equipment and instruments as well as managing their usage status.
13. For studying and developing new products and services as well as software, systems, equipment and instruments that provide these products and services.
14. For other purposes of use indicated at the time of acquisition of personal information.
    (Note 1) Please refer to our Company Profilefor more information.
    

③Legal basis

If the personal information of Persons Concerned must be processed based on a legal basis pursuant to data protection laws and regulations that apply to the relationship between Persons Concerned and us, we will process the same based on one or more of the following legal bases:

(a)Agreement. This is where we need to process the personal information of the Persons Concerned to perform the agreement we enter into with the Persons Concerned.

(b)Legitimate interests. This is where the processing of personal information of the Persons Concerned is necessary for legitimate interests pursued by us or a third party and interests and fundamental rights of the Persons Concerned do not override those interests.

(c)Consent. This is where the Persons Concerned have given consent to us to process personal information. The withdrawal of the consent of the Persons Concerned shall not affect the lawfulness of processing performed based on the consent before the withdrawal.

(d)Legal obligation. This is where the processing of personal information of the Persons Concerned is required by the laws and regulations of the resident country of the Persons Concerned.

(2)　Personal information of job applicants

①Personal information acquired/method of collection

We may receive information that Persons Concerned provide to us, whether by means of a form on the Website, by email, in a letter, or otherwise, such as name, age, gender, date of birth, address, phone number, and email address, within the scope necessary for the following purposes of use.

②Purposes of use

1. For performing works required for recruitment activities and the procedures and contracts of employment.
2. For handling inquiries and requests, etc.
3. For other purposes of use indicated at the time of acquisition of personal information.

③Legal basis

If the personal information of Persons Concerned must be processed based on a legal basis pursuant to data protection laws and regulations that apply to the relationship between Persons Concerned and us, we will process the same based on one or more of the following legal bases:

(a)Agreement. This is where we need to process the personal information of the Persons Concerned to perform the agreement we enter into with the Persons Concerned.

(b)Legitimate interests. This is where the processing of personal information of the Persons Concerned is necessary for legitimate interests pursued by us or a third party and interests and fundamental rights of the Persons Concerned do not override those interests.

(c)Consent. This is where the Persons Concerned have given consent to us to process personal information. The withdrawal of the consent of the Persons Concerned shall not affect the lawfulness of processing performed based on the consent before the withdrawal.

(d)Legal obligation. This is where the processing of personal information of the Persons Concerned is required by the laws and regulations of the resident country of the Persons Concerned.

(3)　Personal information of external business partners of The Company

①Personal information acquired/method of collection

We may receive information that Persons Concerned provide to us, whether by means of a form on the Website, by email, in a letter, or otherwise, such as business card information and other information on external business partners of The Company, within the scope necessary for the following purposes of use.

②Purposes of use

1. For concluding and performing contracts with external business partners of The Company and other works required.
2. For handling inquiries and requests, etc.
3. For other purposes of use indicated at the time of acquisition of personal information.

③Legal basis

If the personal information of Persons Concerned must be processed based on a legal basis pursuant to data protection laws and regulations that apply to the relationship between Persons Concerned and us, we will process the same based on one or more of the following legal bases:

(a)Agreement. This is where we need to process the personal information of the Persons Concerned to perform the agreement we enter into with the Persons Concerned.

(b)Legitimate interests. This is where the processing of personal information of the Persons Concerned is necessary for legitimate interests pursued by us or a third party and interests and fundamental rights of the Persons Concerned do not override those interests.

(c)Consent. This is where the Persons Concerned have given consent to us to process personal information. The withdrawal of the consent of the Persons Concerned shall not affect the lawfulness of processing performed based on the consent before the withdrawal.

(d)Legal obligation. This is where the processing of personal information of the Persons Concerned is required by the laws and regulations of the resident country of the Persons Concerned.

3. Processing of personal information

(1)　Appropriate management of personal information

We appropriately manage personal information, take appropriate safety measures, including reasonable technological measures, to prevent unauthorized access, damage, falsification, and leakage of personal information, and continuously strive to maintain and enhance the management system of personal information. We strive to keep the retained personal information accurate and up to date within the scope necessary for the purposes of use, limit employees who can access or handle it, and exercise appropriate supervision over them. We store the acquired personal information on the database of The Company or third-party service providers with whom we have entered into agreements. We set expiration dates for the storage of personal information within the necessary period for the purposes of use and delete such personal information without delay after the expiration dates, unless otherwise specified by laws or regulations.

The Company stores the personal information on the database of The Company or third-party service providers that The Company has concluded contracts with.
The Company sets expiration dates for the storage of personal information within necessary period for purposes of use and deletes the personal information without delay after expiration dates unless otherwise specified in laws and regulations.

(2)　Safety measures on the internet

We implement the following safety technological measures for the use of the on-line booking system; however, these do not guarantee a completely secure environment:

①SSL

We use SSL (Secure Sockets Layer) encryption technology on the Website on which personal information can be entered by Persons Concerned securely. With SSL, data entered is transmitted to a registered computer through a network after encryption. (SSL is a technology that prevents theft or alteration of data by a third party by encryption and authentication in communications between a browser and a WWW server.)

②Unauthorized access via hacking

We take every precaution to protect information, such as by installing a firewall to prevent unauthorized access from outside.

4.Disclosure/sharing of personal information

We may share personal information of the Persons Concerned with the following categories of recipients:

(1)　 Affiliates

We may share personal information of the Persons Concerned to the member companies of our group and organizations related to our group.
(Sharing of information)
Under Japanese law, we may share personal information of Persons Concerned within the scope of its intended purposes of use in the framework of joint use under the Personal Data Protection Act as follows. In cases where the joint user companies have separately established policies for processing the personal information of Persons Concerned, their policies shall apply to their use.

(a)Sharing of personal information on the business of The Company(accommodation, restaurants, shops, banquets, wedding receptions, catering.)

①Scope of joint users

Member companies of JR Hotel Members (*1), the JR Hotel Group (*2), and JR-East Hotels (*3).

1. Those stated in Article 1 of the JR Hotel Members Terms of Use
2. In addition to (*1) above, JR Hokkaido Hotels Co., Ltd.
3. Those included in (*1) above

②Purposes of shared use

Providing services by The Company (accommodation, restaurants, shops, banquets, wedding receptions, and catering) and offering on-line booking reservations and other related business.

③Categories of shared information

Member number, password, name, age, gender, date of birth, address, telephone number, email address, employer information, and history for provision and use of points and other information necessary for and within the scope of the above purposes of shared use.

④Personal Information Protection Manager

• Nippon Hotel Co., Ltd.

(b) Sharing of personal information for the provision of services at all tenant shops in hotels at which The Company operate

①Scope of joint users

All tenant shops in the hotels that The Company operate

②Purposes of joint use

For providing services by The Company (accommodation, restaurants, shops, banquets, wedding receptions, and catering) and other related businesses.

③Categories of shared information

Name, age, gender, date of birth, address, telephone number, email address, and other information necessary for and within the scope of the above purposes of shared use.

④Personal Information Protection Manager

JR East Niigata City Create Inc.

(2) Employees

We may disclose personal information of the Persons Concerned to our employees who have the authority and need to access it.

(3)Co-use of JRE POINT member information

With respect to the JRE POINT services operated by East Japan Railway Company (hereinafter referred to as “JR East”), the Company provides JRE POINT member information for co-use as follows in accordance with the JRE POINT Terms of Membership. In providing member information for co-use, the Company shall make every effort to manage and administer the member information in accordance with provisions of the Act on the Protection of Personal Information and its guideline.

①Scope of co-users

JR East and its group companies listed in JR East’s financial statements. * Companies that are actually co-using information are listed in the following PDF file.

• Scope of co-users (PDF file)

②Purposes of co-use

•For the purpose of providing the JRE POINT services and providing loyalty rewards to members based on collected points.
•For the purpose of conducting market surveys and product development based on the usage status of the JRE POINT services.
•For the purpose of contacting members as necessary regarding business transactions and checking details of business transactions.
•For the purpose registering and maintaining/managing member organizations of personal information co-users according to the JRE POINT Terms of Membership.
•For the purpose of providing member information to third parties with the purpose of providing the JRE POINT services in accordance with procedures that conform to laws and regulations.
•For other purposes equivalent or relating to any of the foregoing purposes.

③Categories of co-use of information

•Information provided by each member upon applying for membership and after becoming a member such as name, address, telephone number, gender, email address, etc.
•Information on the agreement between each member and JR East relating to JRE POINT such as the date of registration and the membership number.
•Information on how members use JRE POINT services and which is obtainable upon inquiry by phone, etc. (including conversation during phone calls).

④Personal Information Protection Manager

East Japan Railway Company

(4)Co-use of JRE MALL member information

With respect to the JRE MALL services operated by East Japan Railway Company (hereinafter referred to as “JR East”), the Company provides JRE MALL member information for co-use as follows in accordance with the JRE MALL Terms of Use. In providing member information for co-use, the Company shall make every effort to manage and administer the member information in accordance with provisions of the Act on the Protection of Personal Information and its guideline.

①Scope of co-users

JR East and its group companies listed in JR East’s financial statements. * Companies that are actually co-using information are listed in the following PDF file.

• Scope of co-users (PDF file)

②Purposes of co-use

・For the purpose of operating JRE MALL and to provide point benefits, etc.
・For the purpose of conducting market surveys and product development based on the usage status of JRE MALL, etc.　
・For the purpose of contacting members as necessary regarding business transactions and checking details of business transactions.　
・For the purpose of registering and maintaining/managing member organizations of personal information co-users according to the JRE MALL Terms of Use.　
・For the purpose of providing member information to third parties with the purpose of operating JRE MALL in accordance with procedures that conform to laws and regulations.
・For other purposes equivalent or relating to any of the foregoing purposes.

③Categories of co-use of information

・Information provided by each member upon applying for membership and after becoming a member such as name, address, telephone number, gender, email address, etc.
・Information on the agreement between you and JR East such as the date of registration and the membership number.
・Information on how members use the JRE MALL website and which is obtainable upon inquiry by phone, etc. (including conversation during phone calls).

④Personal Information Protection Manager

East Japan Railway Company

(5)Service providers

We may disclose the personal information of Persons Concerned to third party service providers that provide specific services, such as IT service providers (including data server and cloud service providers) and legal advisors.
Other than the above, please refer to the information below with respect to the provision of personal information to third parties under Japanese law.

(Provision of personal information to third parties under Japanese law)

We do not provide personal information to third parties without obtaining the consent of Persons Concerned in advance, except in the cases set forth in the following categories:

(Ⅰ)　Where the information is provided to a third party

I. Where disclosure or provision is required under laws and regulations
II. Where there is a need to protect a human life, body, or property, and when it is difficult to obtain the consent of Persons Concerned
III. Where there is a special need to enhance public health or to promote the raising of healthy children, and when it is difficult to obtain the consent of Persons Concerned
IV. Where there is a need to cooperate with a state or local government, or a person entrusted by them to perform public affairs, and there is a possibility that obtaining the consent of the Persons Concerned would interfere with the performance of the said public affairs
V. Where the disclosure or provision of information to a third party has been requested clearly by Persons Concerned

(Ⅱ)　Disclaimer regarding provision to third party

We shall bear no responsibility whatsoever with regard to the acquisition of personal information by third parties in the following cases:

I. Where personal information is disclosed to an accommodation facility by Persons Concerned of their own volition (if Persons Concerned disclose the personal information of their companions at the time of the reservation, the consent of those companions shall be deemed to have been obtained at the responsibility of the Persons Concerned)
II. Where personal information is disclosed to third parties by Persons Concerned
III. Where personal information is provided to or used on external websites linked to the Website by Persons Concerned
IV. Where third parties obtain information that could identify an individual (password, etc.) for reasons not attributable to The Company

(Ⅲ)　Appropriate management and supervision of outsourced persons

In the event that we outsource the processing of personal information to third parties within the scope of the intended purposes of use, we will appropriately consider the selection of outsourced persons, enter into a non-disclosure agreement with them, provide guidance on the proper management of personal information, and exercise appropriate supervision over them.

5.Transfers of personal information outside the resident country of the Persons Concerned

Personal information of the Persons Concerned may be transferred to, and stored by, a third party outside the resident country of the Persons Concerned. Where we transfer personal information to a third party outside the resident country of the Persons Concerned, we will ensure that:

(a)the recipient destination guarantees ensuring an adequate level of protection for the rights and freedoms that the data subject possesses in respect of its personal data in the resident country of the Persons Concerned;
(b)the recipient enters into data transfer agreements as required by data protection laws or regulations of the resident country of the Persons Concerned with us; or
(c)we take other measures as required by data protection laws or regulations of the resident country of the Persons Concerned.

More details of the protection given to personal information when it is transferred outside the resident country of the Persons Concerned can be obtained by contacting our information inquiries office indicated in Section 12 below.

6.Retention period of personal data

We will retain personal information that we collect for the period necessary to process such personal information. However, this does not apply if we are required by laws or regulations to retain personal information for a longer period of time, in which case, we will retain it for the period required by laws or regulations.

7.Transfer of personal information outside of the European Economic Area (EEA)

(1)　The Company may transfer the personal information of Persons Concerned who reside in the European Economic Area (EEA) to the terrain outside of the EEA and use within the scope of intended purposes of use. In these cases, The Company shall appropriately and strictly handle the personal information under applicable laws.

8.Exercise of rights by the information provider (Persons Concerned)

Persons Concerned have a number of legal rights in relation to the personal information that we hold. These rights may vary depending on where the Persons Concerned are located and which data protection laws and regulations apply to the relationship between the Persons Concerned and us, but typically will include the following:

(a) Right to obtain information regarding the processing of the relevant personal information and to access the relevant personal information that we hold;
(b) Right to request correction of the relevant personal information if it is inaccurate or incomplete;
(c) Right to request deletion of the relevant personal information under certain circumstances;
(d) Right to request that we restrict our processing of the relevant personal information under certain circumstances;
(e) Right to make an objection to us regarding the processing of the relevant personal information;
(f) Right to receive the relevant personal information in a structured, commonly used, and machine-readable format and/or to request that we directly transmit such personal information to a recipient where this is technically feasible ("data portability right"); and
(g) Right to withdraw consent to the processing of the relevant personal information at any time.

The Persons Concerned may exercise any of their rights by contacting our information inquiries office indicated in Section 12 below. The Persons Concerned also may lodge a complaint with the competent data protection authority if they believe that any of their rights have been infringed by us.
Please also refer to the method for exercising rights provided under Japanese law below. Please contact our information inquiries office indicated in Section 12 below for the method for exercising such rights provided under the laws or regulations of countries other than Japan.

(Method for exercising rights provided under Japanese law)

In the event that Persons Concerned make a request, such as a request that we cease use of, disclose, or take other action with respect to the personal information we retain, we shall respect the will of the Persons Concerned, confirm the identity of the Persons Concerned, and respond within a reasonable period and within the scope of the provisions of applicable laws or regulations.

However, we may refuse said request where:

• there is a possibility of violating the laws or regulations;
• there is a possibility of harming a third party's life, body, property or other rights and interests;
• there is a possibility of interfering with The Company performing its business,
• the relevant personal information does not exist;
• we cannot confirm the identity of the Persons Concerned; and
• Persons Concerned have not paid the prescribed fee.

When Persons Concerned wish to make a request that we cease use of, disclose, or take other action with respect to the personal information we retain, they must fill out the required matters of the prescribed application form and send the application form by registered mail, together with documents confirming the identity of the Persons Concerned or their agent ("Identification Documents") and the administrative fee, to the personal information inquiries office below. Please note that we will not respond to any requests made otherwise (including direct visits).

(1)　Disclosure contents

1. Notification usage purpose (fee charged)
2. Disclosure (fee charged)
3. Correction, addition or deletion of content
4. Utilization cease or deletion
5. ceasing of provision to third parties

(2)　Procedures for disclosure request

When requesting disclosure, fill in the required items on the disclosure request form specified by The Company, enclose an identity verification document and the fee, and apply by mail to our Personal Information Inquiries Office. (Note 2)

○ Disclosure request form

• Click here to download the disclosure request form
• When asking for a disclosure request form by mail or fax, inform the Personal

Information Inquiries Office of your name and address as well as your fax number if you would like it faxed to you.

○ Identity verification document (Note 3)
Enclose a copy of one of the following: individual number card (front only), driver's license, health insurance card or passport (must have your date of birth)

○ Handling fee (Note 4)
As for notification of usage purpose and disclosure request, the result will be sent by mail (restricted to the addressee). Please enclose postage stamps for 612 yen per request.

○ Address for requesting disclosure (Note 5)
Personal Information Inquiries Office
JR East Niigata City Create Inc.
D-Glanz Niigata Ekinan 2F
1-9-1 Sasaguchi, Chuo Ward, Niigata City, Niigata Prefecture 950-0911

(Note 2) We do not accept requests by any other method.

(Note 3) If the claimant is not the person themself, the following documents are also required:
・ In the case of a proxy who was delegated to request disclosure: Document such as a letter of attorney proving that the person has the authority to act as a proxy
・ In the case of a legal representative (limited to when the person is a minor or an adult ward): Document that proves that the person has the representative authority, such as a copy of a family register or a certificate of adult guardianship registration.

(Note 4) Even if the postage fee is greater than 612 yen, the difference will not be refunded. If the fee is insufficient or not enclosed, we will inform you to that effect. If the fee is not completely paid after 2 weeks, disclosure will not be performed, and any fee already paid will not be refunded.

(3) Notification of disclosure request results

The result will be notified in writing by mail (restricted to the addressee) to the person stated in the disclosure request form. When the disclosure request is denied, the reason will be sent by mail (restricted to the addressee).Please note that it may take a few days for notification.

(4) Disclosure refusal

Disclosure is refused without refunding the fee if any of the following applies:

① Notification of usage purpose
a. When the usage purpose is clear
b. When there is a risk of harming the life, body, property or other rights and interests of the person or any third party　　
c. When there is a risk of harming the rights or legitimate interests of The Company
d. When it is necessary to cooperate with a national institution or a local public body in implementing the affairs stipulated by laws and regulations, and notification risks hindering the performance of the relevant affairs
e. When the retained personal data related to the request does not exist
f. When the claimant does not pay the prescribed fee

② Disclosure
a. When there is a risk of harming the life, body, property or other rights and interests of the person or any third party
b. When there is a risk of significantly interfering with The Company’s properly implementing its business　　
c. When violating other laws and regulations
d. When special procedures are stipulated by the provisions of other laws and regulations
e. When the retained personal data related to the request does not exist
f. When the claimant does not pay the prescribed fee

③ Correction, addition or deletion
a. When the content of the retained personal data is true
b. When special procedures are stipulated by the provisions of other laws and regulations　　
c. When correction is unnecessary from the viewpoint of the usage purpose

④ Utilization cease or deletion
a. When handling within the range necessary to achieve the specified utilization purpose in advance (including cases where the limit required to correct the violation is exceeded)
b. If personal information from a stakeholder is acquired appropriately (including cases where the limit required to correct the violation is exceeded)　　
c. When it is difficult to cease or delete the utilization or cease the provision due to high costs, in which case alternative measures necessary to protect the rights and interests of the person are taken.

⑤ Cease of provision to third parties
a. When providing with the consent of the person in advance
b. When based on laws and regulations
c. When it is necessary to protect the life, body or property of a person and it is difficult to obtain the consent of the person.　　
d. When it is particularly necessary to improve public health or promote the sound development of children, and it is difficult to obtain the consent of the person.
e. When it is necessary to cooperate with a national institution, local public body or person entrusted in implementing the affairs stipulated by laws and regulations, which risks hindering the performance of the relevant affairs with the consent of the person
f. When it is difficult to cease or delete the utilization or cease the provision due to high costs, in which case alternative measures necessary to protect the rights and interests of the person are taken.
Personal information obtained through disclosure requests will be used only to the extent necessary for disclosure procedures. The documents submitted will be properly disposed of.

9.Protection of personal information of minors

We process the personal information of minors appropriately in accordance with this privacy policy. When Persons Concerned are minors, we may require the consent of persons in parental authority for acquisition of such personal information. If the Persons Concerned are under 13 years of age, we will give special consideration to the processing of their personal information, such as by clarifying that the consent of persons in parental authority is required when providing such personal information.

10.Use of cookies

The Website may use cookies to improve the information and services provided and to offer comfortable use of the Website. For details, please refer to the "Cookie policy" of the Website.

• Cookie policy

11.Acquisition of access logs

The Website may acquire access logs to improve the use of the Website and to prepare statistical data. we do not disclose access logs to third parties unless otherwise provided by laws and regulations. If you refuse to send access logs, you may not have full use of the Website.

12.Revision of this privacy policy

We will correct and revise this privacy policy to respond to changes in matters such as related laws, regulations or the social environment by posting the corrected or revised privacy policy on the Website.

13.Revision of this privacy policy

[For Personal Information Inquiries]

○ By phone:
025-247-6302
Business hours: 10:00-17:00
(excluding Saturdays, public holidays and over the New Year)
・ Please check the phone number carefully before calling.
・Calls received from customers may be recorded to improve our service quality and to review the content of the calls.

○ By mail:
Personal Information Inquiries Office
JR East Niigata City Create Inc.
D-Glanz Niigata Ekinan 2F
1-9-1 Sasaguchi, Chuo Ward, Niigata City, Niigata Prefecture 950-0911

Last updated: [2/1/2025]
JR East Niigata City Create Inc.

Addendum

For customers in the European Economic Area (EEA) and the UK

This section applies to customers in the EEA and the UK.

1. Legal basis

(a) Agreement. This is where we need to process the personal data of the Persons Concerned to perform the agreement we enter into with the Persons Concerned.

(b) Legitimate interests. This is where the processing of personal data of the Persons Concerned is necessary for legitimate interests pursued by us or a third party and interests and fundamental rights of the Persons Concerned do not override those interests. More details of the legitimate interests can be obtained by contacting our information inquiries office indicated in Section 12 of this privacy policy.

(c) Consent. This is where the Persons Concerned have given consent to us to process personal data. The withdrawal of the consent of the Persons Concerned shall not affect the lawfulness of processing performed based on the consent before the withdrawal.

(d) Legal obligation. This is where the processing of personal data of the Persons Concerned is required by the laws and regulations of the EU or the domestic laws of the member states of the EEA.

2. Transfers of personal data outside the EEA or the UK

Personal data of the Persons Concerned may be transferred to, and stored by, a third party outside the EEA or the UK. Notwithstanding Section 5 of this privacy policy, where we transfer personal data to a third party outside the EEA or the UK, we will ensure that:

(a) the recipient destination has been subject to a finding from the European Commission or has been designated by the government of the UK as ensuring an adequate level of protection for the rights and freedoms that the Persons Concerned possess in respect of their personal data; or

(b) the recipient enters into standard data protection clauses (in relation to UK-derived personal data, this refers to data modified based on the Addendum formulated by the Information Commissioner's Office in the UK) that have been approved by the European Commission, or other agreements for the transfer of personal data as required by data protection laws or regulations with us.
More details of the protection given to personal information when it is transferred outside the EEA or the UK can be obtained by contacting our information inquiries office indicated in Section 12 of this privacy policy.

3. Rights of Persons Concerned

Notwithstanding Section 7 of this privacy policy, Persons Concerned have a number of legal rights in relation to their personal data that we hold. An overview of the rights Persons Concerned may exercise is as follows:

(a) Right to obtain information regarding the processing of the relevant personal data and to access the relevant personal data that we hold;

(b) Right to request correction of the relevant personal data if it is inaccurate or incomplete;

(c) Right to request deletion of the relevant personal data under certain circumstances. Certain circumstances include, but are not limited to, the following:

(i) where we no longer need to retain the personal data of the Persons Concerned in light of the purposes for which the personal data was collected;

(ii) where we can only process personal data on the basis of the consent of the Persons Concerned, and the Persons Concerned have withdrawn their consent; or

(iii) where the Persons Concerned object to our processing of their personal data on the basis of legitimate interests,and our legitimate interests do not override the interests, rights, or freedoms of the Persons Concerned.

(d) Right to request that we restrict our processing of the relevant personal data under certain circumstances. Certain circumstances include, but are not limited to, the following:

(i) where the Persons Concerned object to the accuracy of their personal data (only for as long as is necessary for us to verify its accuracy);
(ii) where we no longer need to use the personal data except to raise or exercise legal claims or defend against them; or
(iii) where the Persons Concerned object to our processing of their personal data on the basis of legitimate interests (for as long as is necessary for us to determine whether our legitimate interests override the interests, rights, or freedoms of the Persons Concerned).

(e) Right to make an objection to us regarding the processing of the relevant personal data;

(f) Right to receive the relevant personal information in a structured, commonly used, and machine-readable format and/or to request that we directly transmit such personal information to a recipient where this is technically feasible ("data portability right") where personal data is processed on the basis of the consent of the Persons Concerned or on the basis of an agreement with the Persons Concerned, and there is no other basis, and the processing is conducted by an automated method. Please note that this right is granted only with respect to personal data provided to us by the Persons Concerned.

(g) Right to withdraw consent to the processing of the relevant personal data at any time. Please note, however, that we may continue to process the personal data of the Persons Concerned if we are able to rely on another legal basis.
The Persons Concerned may exercise any of their rights by contacting our information inquiries office indicated in Section 12 of this privacy policy. The Persons Concerned also may lodge a complaint with the competent data protection authority if they believe that any of their rights have been infringed by us.

4. EU/UK representative

EU representative
Address: DP-Dock GmbH, Attn:JR East Niigata City Create Inc. , Ballindamm 39, 20095 Hamburg, Germany
E-mail address: jreast-niigata-city-create@gdpr-rep.com
UK representative
Address: DP Data Protection Services UK Ltd., Attn: JR East Niigata City Create Inc. , 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom
www.dp-dock.com
E-mail address: jreast-niigata-city-create@gdpr-rep.com

For Customers in the State of California

This addendum applies to customers who are "consumers" under the California Consumer Privacy Act (the "CCPA").

1. Collection, use, and disclosure of personal information by us

A. Categories, source, and purpose of personal information to be collected

Categories of personal information of customers we have acquired during the 12-month period prior to the date of the last update of this addendum shall be as follows:

We will retain collected personal information for the period necessary to fulfill the purposes for which it has been collected. This includes the purposes of fulfilling our agreements with customers, satisfying any legal, regulatory, accounting, reporting obligations we are subject to, and the establishment and defense of legal claims.

Business or commercial purposes: We have collected the personal information of customers during the 12-month period prior to the date of the last update of this addendum for the business or commercial purposes set forth in Section 2 of this privacy policy. We do not use or disclose customers' sensitive personal information for purposes other than those specified in the CCPA.
We do not collect or process customers' sensitive personal information for the purpose of inferring characteristics about customers.

Categories of sources: The following is a list of the categories of sources from which the personal information of customers was collected during the 12-month period prior to the date of the last update of this addendum:

• Provision from customers themselves
• Collection from Online Travel Agents (OTA), travel agents, or restaurant booking websites

B. Sale of personal information

We have not and will not sell customers' personal information to any third party.

C. Sharing of personal information

We have not and will not share customers' personal information to any third party.

D. Disclosure of personal information

During the 12-month period prior to the date of the last update of this addendum, we disclosed the personal information of the customers stated in A. above to third parties for business purposes. Third parties to whom such information was disclosed are service providers such as IT service providers (including data servers and cloud service providers) and legal advisors.

Business or commercial purposes: The business or commercial purposes of the disclosure above is as stated in Section 2 of this privacy policy.

2. Rights of customers
A. Rights of customers

(1) Notwithstanding Section 8 of this privacy policy, customers' rights under the CCPA include the right to know about personal information of customers that we collect, use, and/or disclose, the right to delete personal information, and the right to correct personal information.

(2) We will not unreasonably engage in discriminatory treatment of customers for the purpose of exercising rights such as the right to know about personal information under the CCPA by using methods including, but not limited to, the following:

I. Refusing the provision of goods or services to customers;
II. Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
III. Providing a different level or quality of goods or services to customers;
IV. Suggesting that customers will receive a different price or rate for goods or services or a different level or quality of goods or services.

B. Exercise of rights (right to know, right to delete, and right to correct) by customers

If customers wish to exercise the right to know, right to delete, or right to correct under the rights of A(1) above, they may contact us ”4. Contact information” below. In such cases, they should provide to us anything that may prove their identity, such as their name and email address for personal identification.

In response to inquiries from customers, we will confirm receipt by methods similar to the methods used by customers to contact us within 10 business days from the receipt of such inquiries, and inform customers of the response policy and the deadline for a response. If customers exercise their right to know, delete, or correct, as a rule, we will respond within 45 days, and respond within 90 days from the receipt of such inquiries at the latest, after notifying customers in cases exceeding 45 days. However, if the details of the claim, including those for customer identity verification, cannot be confirmed within 45 days, we may not be able to respond to inquiries related to customers' exercise of such rights.

We will record details of customers' inquiries and retain them for 24-months. If customers exercise their rights through an agent, they must provide us with documents showing that the agent has been entrusted with the exercise of their rights, and such agent's identification documents.

3. Changes to this addendum

We may change this addendum from time to time. The "Last updated" mentioned at the top of this page states the date this addendum was last updated, and any changes will become effective upon our posting of the revised addendum to the extent permitted by applicable laws. Where required by the CCPA or other applicable laws, we will request the consent of customers to any such changes. We will provide the revised addendum by email, or by posting a notice of the changes on our website or through any relevant services.

4. Contact information

Customers may contact us with any questions or concerns about this addendum and customers' choices and rights under the CCPA at:

○ By phone:
025-247-6302
Business hours: 10:00-17:00
(excluding Saturdays, public holidays and over the New Year)
・ Please check the phone number carefully before calling.
・Calls received from customers may be recorded to improve our service quality and to review the content of the calls.

○ By mail:
Personal Information Inquiries Office
JR East Niigata City Create Inc.
D-Glanz Niigata Ekinan 2F
1-9-1 Sasaguchi, Chuo Ward, Niigata City, Niigata Prefecture 950-0911

For Customers in Taiwan

This addendum applies to customers in Taiwan.

1. Obligation to notify of statutory matters

After providing notification of the statutory matters set forth in Article 8 of the Personal Data Protection Act of Taiwan (the "Taiwan Act"), we will acquire personal information within the scope of the purpose of use.

(a) Purpose of acquisition: See "2. Purposes of use" in Section 2 of this privacy policy and "2. Purpose of use of personal information" of this addendum.

(b) Type of personal information: See "1. Personal information acquired/method of collection" in Section 2 of this privacy policy.

(c) Period, regions, subjects, and method for using personal information

(i) Period: Only for the period reasonably necessary to attain "2. Purposes of use" set forth in Section 2 of this privacy policy, and "2. Purposes of use of personal information" of this addendum
(ii) Regions: Japan and Taiwan, including countries of recipients set forth in Section 4 of this privacy policy, depending on business needs.
(iii) Targets: Company and the recipients set forth in Section 4 of this privacy policy.
(iv) Method: Using personal information with automated equipment or by other non-automated means, including, without limitation, in writing, by phone, short message service, facsimile, e-mail, Internet, in printed form, or other methods deemed appropriate in light of the purposes for which the personal information was collected, depending on the level of science and technology at that time.

(d) Rights that persons concerned are able to exercise pursuant to Article 3 of the Taiwan Act and how those rights are exercised: See "Exercise of rights by the information provider (Persons Concerned)" in Section 7 of this privacy policy.

(e) Persons Concerned may choose whether to provide personal information to us. However, if they choose not to provide such information, there may be cases where we will restrict the provision of services of this website or be unable to provide them.

2. Purposes of use of personal information

We may process (collect, use, store, disclose by transmission, etc.) personal information pursuant to the specific purposes below in "specific purposes and categories of personal information under the Personal Data Protection Act" published by the Ministry of Justice in Taiwan, and in order to achieve the purposes listed in "2. Purposes of use" of Section 2 of this privacy policy.

(a) Marketing (including joint marketing by financial holding companies) (Specific Purpose No. 40)

(b) Administration of contracts and other legal documents similar to contracts (Specific Purpose No. 69)

(c) Business regarding reservations, accommodation registration, and ticket purchases (Specific Purpose No. 77)

(d) Management of and provision of services to consumers and customers (Specific Purpose No. 90)

(e) Investigation, statistics, and research analysis (Specific Purpose No.157)

3. Transfer of personal information outside Taiwan

Personal information may be transferred to third parties outside Taiwan and kept by such third parties. In the event that the Company transfers personal information to third parties outside Taiwan, we will ensure that if the transfer of personal information from Taiwan outside of Taiwan constitutes a transfer restriction event as provided in the laws or regulations related to personal information in Taiwan, and the competent organization prohibits or restricts it, we will not transfer it outside of Taiwan, with or without the consent of the Persons Concerned.