1. Basic policy

JR East Niigata City Create Inc. (hereinafter referred to as "The Company") has established this privacy policy and the organizational system on the handling of the personal information of all stakeholders (customers, job applicants, external business partners of The Company, etc.) who use the corporate website of The Company (hereinafter referred to as "The Website") and strives for the appropriate protection of personal information.

(1)　Acquisition of personal information

The Company acquires the following personal information for the purpose of providing services or business operations of The Company. The Company acquires personal information within the scope of its intended purposes of use and clearly explains purposes of use, the scope of utilization, and the inquiries office of The Company, etc.

(2) Prohibition on the use of personal information beyond the intended purposes and the provision of personal information to third parties

The Company uses personal information within the scope of its intended purposes of use, appoints a Personal Information Protection Manager and has established the organizational system for the protection of personal information. The Company deals with personal information adequately and does not provide or disclose personal information to third parties without the consent of Persons Concerned or request by laws and regulations.

(3)　Assigning of personal information

In case that The Company entrusts all or part of personal information, The Company prohibits entrusted persons from leaking or providing personal information to third parties by contract and supervises entrusted persons appropriately.

(4)　The rights of Persons Concerned

The specific individuals identified by personal information (hereinafter referred to as "Person/s Concerned") have the right to withdraw their consent to the use of personal information at any time even if they had consented to the intended purposes before. In addition, Persons Concerned have the right to request The Company for a utilization cease, disclosure etc. of the retained personal information pursuant to the provisions of applicable laws.

(5)　Procedures of a utilization cease, disclosure etc. of personal information/h3>

In case that Persons Concerned request The Company a utilization cease, disclosure etc. of the retained personal information, they shall contact the inquiries office specified by The Company. The Company shall respond as soon as reasonably possible.

(6)　Observance of laws and regulations

The Company observes applicable laws, regulations and standards, provides in-house education, informs employees of this privacy policy and strives for the improvement of understandings of employees on the handling of the retained personal information.

(7)　The review and improvement of the system for the protection of personal information

The Company will continuously evaluate and review this privacy policy and the systems for the protection of personal information. The Company will maintain and improve the actions for the protection of the retained personal information.

(8)　Handling personal information by link destinations

The Company shall bear no responsibility with regard to the handling of personal information by other entities or individuals linked to The Website.

(9)　About privacy policy posting

Posted on The Website (URL http://www.cocolo-station.jp/pc/company),he privacy policy can be viewed at any time.

2. Definition of personal information

The term "personal information" in this privacy policy means information related to a living individual that can identify a specific individual by name, date of birth or other description contained in. (This includes the "personal information" defined by Article 2(1) of the Act on the Protection of Personal Information.)

3.　Acquisition and purposes of use of personal information

The Company acquires and uses the following personal information for the following intended purposes. The Company does not use personal information beyond the scope of intended purposes of use without the consent of the Persons Concerned.

(1)　Personal information of customers

1　Personal information acquired

Name, age, gender, date of birth, occupation, address, telephone number, email address, nationality, passport number and other information necessary for the following purposes of use.

2 Purposes of use

• <1> For performing work required to provide services at The Company (travel, advertising, retail, hotels, real estate leasing and all other businesses stipulated in our Articles of Incorporation (Note 1)).
• <2> For concluding and performing contracts including the provision of products and services, for conducting post-contract management, and for providing after-sales services for the products and services provided.
• <3> For offering on-line booking and other related businesses
• <<4> For handling inquiries and requests, etc.
• <5> For providing necessary information on the products, services, events and other related business activities of The Company.
• <6> For providing information on the products, services and events of The Company to the customers who have consented to sending by direct mail, email and LINE, etc.
• <7> For offering prizes or campaigns
• <8> For grasping and analyzing the state of usage of the products, services and events of The Company to improve their quality, or for business analysis.
• <9> For billing and storage of fares and charges related to our products and services, and for credit protection (including cases where credit card payment procedures are requested of a credit company).
• <10> For exercising rights and performing duties based on laws and the provisions of terms and conditions for accommodation.
• <11> For ensuring the security of customers and employees.
• <12> For maintaining and managing facilities, equipment and instruments as well as managing their usage status.
• <13> For studying and developing new products and services as well as software, systems, equipment and instruments that provide these products and services.
• <14> For other purposes of use indicated at the time of acquisition of personal information.

(Note 1) Please refer to ourCompany Profilefor more information.

(2)　Personal information of job applicants

1　Personal information acquired

Name, age, gender, date of birth, address, telephone number, email address, and other information necessary for the following purposes of use.

2 Purposes of use

• <1>　For performing works required for recruitment activities and the procedures and contracts of employment.
• <2>　For handling inquiries and requests, etc.
　For other purposes of use indicated at the time of acquisition of personal information.

(3) Personal information of external business partners of The Company

1 Personal information acquired

Business card information and other information on external business partners of The Company necessary for the following purposes of use.

2 Purposes of use

• <1>　For concluding and performing contracts with external business partners of The Company and other works required.
• <2>　For handling inquiries and requests, etc.
• <3>　For other purposes of use indicated at the time of acquisition of personal information.

(4) Personal information of members of the "JR Hotel Members" organization.

1 Personal information acquired

Member number, password, name, age, gender, date of birth, address, telephone number, email address, employer information and history of providing and use of points, and other information necessary for the following purposes of use.

2 Purposes of use

• <1>　For performing works required within the scope of the purposes of use set forth in 3(1)2 of this privacy policy.
• <2>　For performing works required for the operation of the "JR Hotel Members" organization (hereinafter referred to as "The Members' Organization") by The Company.
• <3>　For providing important information such as changes to the membership agreement, terms of service or benefits of The Members' Organization.
• <4>　For other purposes of use indicated at the time of acquisition of personal information.

3 Other agreements of The Members' Organization

Membership agreement of the "JR Hotel Members" organization
Terms of service of the "JR Hotel Members" organization

4. Handling of personal information

(1)　Appropriate management of personal information

The Company appropriately implements management of personal information, takes appropriate safety measures including reasonable technological measures to prevent unauthorized access, damage, falsification and leakage of personal information. The Company continuously strives to maintain and enhance the management system of personal information. The Company strives to keep the personal information accurate and up to date within the scope of purposes of use, limits the employees who can access or handle it and exercises appropriate supervision over them.
The Company stores the personal information on the database of The Company or third-party service providers that The Company has concluded contracts with.

The Company sets expiration dates for the storage of personal information within necessary period for purposes of use and deletes the personal information without delay after expiration dates unless otherwise specified in laws and regulations.

(2)　Safety measures on the internet

The Company implements the following safety technologies in the use of its on-line booking system though these do not guarantee a complete security environment.

1 SSL

The Company uses SSL (Secure Sockets Layer) encryption technology on The Website where personal information is inputted.
With SSL, data is transmitted to the registered computer through a network after being encrypted. (SSL is a technology that prevents theft or alteration of data by encryption and authentication in communication between the browser and the WWW server.)

2 Cracking by unauthorized access

The Company installs a firewall to prevent unauthorized access from outside.

5. Sharing of personal information

The Company shares personal information within the scope of its intended purposes of use as follows.
When the sharing users have established policies for personal information, their policies shall be applied for their use.

(1)　Sharing of personal information on the business of The Company(accommodation, restaurants, shops, banquets, wedding receptions, catering.)

1 Scope of the sharing users

Member companies of The Members' Organization, the JR Hotel Group and JR-East Hotels.

2 Purposes of sharing use

For providing services at The Company (accommodation, restaurants, shops, banquets, wedding receptions, catering) and offering on-line booking reservations, and other related businesses.

3 Categories of sharing Information

Member number, password, name, age, gender, date of birth, address, telephone number, email address, employer information and history of providing and use of points and other information necessary for the above purposes of sharing use.

4 Person responsible for personal information

Nippon Hotel Co.,Ltd.

(2)　Sharing of JRE POINT member information

Regarding JRE POINT operated by East Japan Railway Company (hereinafter referred to as "JR East"), The Company will share the JRE POINT member information as follows based on the JRE POINT membership agreement. When sharing, we will manage and supervise information in accordance with the Personal Information Protection Law and its guidelines.

1 Scope of the sharing users

JR East group companies listed in JR East and JR East asset securities reports. * Businesses that are actually sharing are posted on the following page.
Scope of the sharing users (PDF)

2 Purposes of sharing use

• ・　For providing JRE POINT services and point benefits.
• ・　For conducting market research and product development based on the usage status of JRE POINT services.
• ・　 For contacting members as required for transactions and confirming transaction details.
• ・　 For registering and maintaining the membership organization of those who share personal information based on the JRE POINT membership agreement.
• ・　For providing JRE POINT services to third parties in accordance with legal procedures.
• ・　For other purposes that meet or relate to each of the above purposes.

3 Categories of sharing Information

• •　Items that members report before and after applying for membership: name, address, telephone number, date of birth, gender and email address
• •　Items related to the contract between each member and JR East regarding JRE POINT: the date of enrollment and membership card number
• •　Information obtained through each member's JRE POINT service usage and telephone inquiries (including call contents)

4 Person responsible for personal information

East Japan Railway Company.

6. Provision of personal information to third parties

The Company does not provide personal information to third parties without obtaining the consent of Persons Concerned in advance except in cases set forth in the following categories.

(1)　Cases where The Company provides personal information to third parties

• 1　Cases based on laws and regulations
• 2　Cases where there is a need to protect a human life, body or fortune, and when it is difficult to obtain the consent of Persons Concerned
• 3　Cases where there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain the consent of Persons Concerned
• 4　Cases where there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing public affairs, and when there is a possibility that obtaining the consent of the Persons Concerned would interfere with the performance of the said public affairs
• 5　Cases where disclosure or provision to a third party has been requested clearly by Persons Concerned

(2)　Disclaimer regarding provision to a third party

In the following cases, The Company will bear no responsibility whatsoever with regard to the acquisition of personal information by third parties.

• 1　Cases where personal information is disclosed to an accommodation facility by Persons Concerned (if Persons Concerned discloses personal information of companions at the time of reservation, it is assumed that the consent of those companions is obtained at the responsibility of the Person Concerned)
• 2　Cases where personal information is disclosed to third parties by Persons Concerned
• 3　Cases where personal information is provided to or used on external websites linked to The Website by Persons Concerned
• 4　Cases where third parties obtain information that could identify an individual (password, etc.) for reasons not attributable to The Company

(3)　Appropriate management and supervision over entrusted persons

In case of The Company entrusts the handling of personal information to third parties within the scope of intended purposes of use, The Company shall take appropriate consideration for the selection of entrusted persons, conclude a non-disclosure contract with them, guide them for the proper management of personal information and exercise appropriate supervision over them.

7. Transfer of personal information outside of the European Economic Area (EEA)

The Company may transfer the personal information of Persons Concerned who reside in the European Economic Area (EEA) to the terrain outside of the EEA and use within the scope of intended purposes of use. In these cases, The Company shall appropriately and strictly handle the personal information under applicable laws.

8. Rights of Persons Concerned

Persons Concerned have the right to demand actions such as the notification of the purposes of use, disclosure, correction, deletion, utilization cease, or ceasing of provision to third parties (hereinafter referred to as "Utilization cease, Disclosure, etc.") of the retained personal information pursuant to the provisions of applicable laws. Persons Concerned have the right to withdraw their consent to the use of personal information at any time even if they had consented to the intended purposes before.
Persons Concerned have the right to object to their local supervisory authorities with jurisdiction over the protection of personal information if they are dissatisfied with the handling of personal information by The Company.

9. Procedures of Utilization cease, Disclosure, etc.

In case a Person Concerned requests disclosure of personal information held by The Company, The Company will respond within a reasonable period pursuant to the provisions of applicable laws after performing the necessary identity verification procedures. However, there are cases where we cannot provide services due to utilization having ceased or having been deleted. Also, we may not be able to respond to requests for utilization to be ceased or personal information held by The Company to be deleted pursuant to the applicable laws and regulations.

(1)　Disclosure contents

• ①　Notification usage purpose (fee charged)
• ②　Disclosure (fee charged)
• ③　Correction, addition or deletion of content
• ④　Utilization cease or deletion
• ⑤　Utilization cease or deletion

(2)　Procedures for disclosure request

When requesting disclosure, fill in the required items on the disclosure request form specified by The Company, enclose an identity verification document and the fee, and apply by mail to our Personal Information Inquiries Office. (Note 2)

○　Disclosure request form
・　 Click here to download the disclosure request form
・　When asking for a disclosure request form by mail or fax, inform the Personal

Information Inquiries Office of your name and address as well as your fax number if you would like it faxed to you. l

○　Identity verification document (Note 3)
Enclose a copy of one of the following: individual number card (front only), driver's license, health insurance card or passport (must have your date of birth)

○　Handling fee (Note 4)
As for notification of usage purpose and disclosure request, the result will be sent by mail (restricted to the addressee). Please enclose postage stamps for 612 yen per request.

○　Address for requesting disclosure (Note 5)
Personal Information Inquiries Office
JR East Niigata City Create Inc.
D-Glanz Niigata Ekinan 2F
1-9-1 Sasaguchi, Chuo Ward, Niigata City, Niigata Prefecture 950-0911

(Note 2) We do not accept requests by any other method.
(Note 3) If the claimant is not the person themself, the following documents are also required:
・ In the case of a proxy who was delegated to request disclosure: Document such as a letter of attorney proving that the person has the authority to act as a proxy
・ In the case of a legal representative (limited to when the person is a minor or an adult ward): Document that proves that the person has the representative authority, such as a copy of a family register or a certificate of adult guardianship registration.
(Note 4) Even if the postage fee is greater than 612 yen, the difference will not be refunded. If the fee is insufficient or not enclosed, we will inform you to that effect. If the fee is not completely paid after 2 weeks, disclosure will not be performed, and any fee already paid will not be refunded.
(Note 4) Even if the postage fee is greater than 612 yen, the difference will not be refunded. If the fee is insufficient or not enclosed, we will inform you to that effect. If the fee is not completely paid after 2 weeks, disclosure will not be performed, and any fee already paid will not be refunded.

(3)　Notification of disclosure request results

The result will be notified in writing by mail (restricted to the addressee) to the person stated in the disclosure request form. When the disclosure request is denied, the reason will be sent by mail (restricted to the addressee).Please note that it may take a few days for notification.

(4)　Disclosure refusal

Disclosure is refused without refunding the fee if any of the following applies:

　

① Notification of usage purpose

• a.　When the usage purpose is clear
• b.　When there is a risk of harming the life, body, property or other rights and interests of the person or any third party
　　
• c.　When there is a risk of harming the rights or legitimate interests of The Company
• d.　When it is necessary to cooperate with a national institution or a local public body in implementing the affairs stipulated by laws and regulations, and notification risks hindering the performance of the relevant affairs
• e.　When the retained personal data related to the request does not exist
• f.　When the claimant does not pay the prescribed fee

　

②　Disclosure

• a.　When there is a risk of harming the life, body, property or other rights and interests of the person or any third party
• b.　When there is a risk of significantly interfering with The Company’s properly implementing its business
　　
• c.　When violating other laws and regulations
• d.　When special procedures are stipulated by the provisions of other laws and regulations
• e.　When the retained personal data related to the request does not exist
• f.　When the claimant does not pay the prescribed fee

　

③　Correction, addition or deletion

• a.　When the content of the retained personal data is true
• b.　When special procedures are stipulated by the provisions of other laws and regulations
　　
• c.　When correction is unnecessary from the viewpoint of the usage purpose

④　Utilization cease or deletion

• a.　When handling within the range necessary to achieve the specified utilization purpose in advance (including cases where the limit required to correct the violation is exceeded)
• b.　If personal information from a stakeholder is acquired appropriately (including cases where the limit required to correct the violation is exceeded)
　　
• c.　When it is difficult to cease or delete the utilization or cease the provision due to high costs, in which case alternative measures necessary to protect the rights and interests of the person are taken.

⑤ Cease of provision to third parties

• a.　When providing with the consent of the person in advance
• b.　When based on laws and regulations
　　
• c.　When it is necessary to protect the life, body or property of a person and it is difficult to obtain the consent of the person.
　　
• d. 　When it is particularly necessary to improve public health or promote the sound development of children, and it is difficult to obtain the consent of the person.
　　
• e.　When it is necessary to cooperate with a national institution, local public body or person entrusted in implementing the affairs stipulated by laws and regulations, which risks hindering the performance of the relevant affairs with the consent of the person
　　
• f.　When it is difficult to cease or delete the utilization or cease the provision due to high costs, in which case alternative measures necessary to protect the rights and interests of the person are taken.

Personal information obtained through disclosure requests will be used only to the extent necessary for disclosure procedures. The documents submitted will be properly disposed of.

10. Protection of the personal information of minors

The Company handles the personal information of minors appropriately in accordance with this privacy policy. When Persons Concerned is minor, The Company may require the consent of persons in parental authority for acquiring the personal information. If Persons Concerned is less than 13 years of age, The Company shall require the consent of persons in parental authority and give special consideration to the handling of their personal information.

11.Use of cookies

The Website may use cookies to improve the information and services provided and to offer comfortable use of The Website.
For details, please refer to the 「Cookie policy」of The Website.

12.　Handling of access logs

The Website may acquire access logs to improve the use of The Website and to analyze statistical data. The Company does not disclose access logs to third parties unless otherwise provided by laws and regulations. If you refuse to send access logs, you may not use The Website properly.

13. Revision of this privacy policy

The Company will revise this privacy policy to respond to changes in related laws, regulations or the social environment, etc. The Company will post the revised privacy policy on The Website.

14. Personal information inquiries office

[For Personal Information Inquiries]

○　By phone:
025-247-6302
Business hours: 10:00-17:00
(excluding Saturdays, public holidays and over the New Year)
・ Please check the phone number carefully before calling.
・Calls received from customers may be recorded to improve our service quality and to review the content of the calls.

○　By mail:
Personal Information Inquiries Office
JR East Niigata City Create Inc.
D-Glanz Niigata Ekinan 2F
1-9-1 Sasaguchi, Chuo Ward, Niigata City, Niigata Prefecture 950-0911