Privacy Policy
NOT A HOTEL Inc. and NOT A HOTEL MANAGEMENT Inc. (hereinafter referred to as "we" or "us") have established the following privacy policy (hereinafter referred to as "this Policy") regarding the handling of customers' personal information and other personal information in the services we provide to our customers (hereinafter collectively referred to as "the Service").
Article 1 (Personal Information)
"Personal Information" refers to personal information as defined in Article 2, Paragraph 1 of the Act on the Protection of Personal Information (Act No. 57 of 2003, including subsequent amendments, hereinafter referred to as the "Personal Information Protection Act"), which means information about a living individual that can identify the specific individual by name, date of birth, or other description contained in such information (including information that can be easily cross-referenced with other information to identify the specific individual) or includes an individual identification code.
"Personal Related Information" refers to personal-related information as defined in the Personal Information Protection Act, which means information about a living individual that does not fall under personal information, pseudonymized information, or anonymized information. Specifically, it includes cookies, advertising identifiers, user IDs of our services, and other various identifier information, location information, attribute information, browsing history, purchase history, and other behavioral histories.
"Personal Data" is a general term for personal information and personal-related information.
Article 2 (Method of Collecting Personal Information)
We may ask for personal information such as name, date of birth, address, phone number, email address, annual income, bank account number, credit card number, and driver's license number when you register for use or apply for the Service. We may also collect transaction records and payment information, including your personal information, from our affiliates and third parties. Additionally, facial recognition and other biometric data may be obtained through installed cameras when you use the Service.
Article 3 (Purpose of Use of Personal Information)
The purposes for which we use personal information (hereinafter referred to as "Purpose of Use") are as follows:
- To accept and respond to applications for products and services (including NFTs and other electronic records, hereinafter referred to as "Products") sold by us.
- To guide you through the property after applying for the Products.
- To provide information about the sale of the Products.
- To provide and operate the Service.
- To respond to inquiries from customers.
- To send emails or deliver advertisements about new features, updates, campaigns of the Service, and products/services offered by us or third parties affiliated with us.
- To notify or provide information on maintenance or changes to the Service.
- To prevent unauthorized use and ensure safety.
- To allow customers to view, change, or delete their registered information and usage status.
- To confirm purchases, billing, or payment within the Service.
- To improve the Service and develop new services.
- To verify the identity of customers.
- To conduct credit checks and manage credit, as well as other examinations for applications.
- To manage, maintain, and communicate regarding properties subject to ownership rights.
- To rent properties subject to ownership rights.
- To analyze the usage trends of the properties subject to ownership rights and provide services tailored to customer preferences.
- To introduce products/services sold by businesses affiliated with us.
- To introduce financial institutions to customers as requested (we do not mediate loans).
- To manage communications, event invitations, document distribution, identity verification, and recruitment management related to our hiring activities.
- To conduct affiliate services with companies related to travel arrangements, such as travel agencies and employers.
- To provide personal data to third parties within the necessary scope for achieving the above purposes, with customer consent or as required by law.
Article 4 (Change of Purpose of Use)
We may change the Purpose of Use only if customer consent is obtained in advance or if the new Purpose of Use is reasonably related to the original Purpose of Use. In case of any changes, we will notify customers or publicly announce the new Purpose of Use on our website.
Article 5 (Management and Protection of Personal Information)
We will strictly manage personal information and take preventive and corrective measures against risks such as unauthorized access, loss, destruction, alteration, and leakage of personal information.
Article 6 (Provision to Third Parties)
We will provide personal data to third parties in the following cases or when customer consent is obtained separately.
- When providing to third parties for payment, responding to customer inquiries, contacting customers, providing related after-sales services, etc.
- When providing to third parties entrusted with surveys, analyses, etc., to investigate and analyze the usage status of the Service.
- When providing to third parties for the delivery or display of advertisements of us or third parties.
- When introducing products/services that customers wish to purchase to the third parties selling such products/services.
- When conducting affiliate services with companies related to travel arrangements or other external business partners.
- When providing to judicial scriveners or other professionals to preserve customer rights or provide specialized services such as registration on behalf of customers.
Article 7 (Entrustment of Personal Information Handling to Third Parties)
We may entrust the handling of personal information to payment agents or other business contractors to the extent necessary for achieving the Purpose of Use stipulated in Article 3. In such cases, we will sufficiently review whether such contractors meet our selection criteria and ensure that personal information is managed appropriately by such contractors.
Article 8 (Joint Use)
We will jointly use personal information within the necessary scope for achieving the Purpose of Use stipulated in Article 3.
- Information to be jointly used: Personal information obtained by the methods stipulated in Article 2.
- Scope of joint users: NOT A HOTEL Inc., NOT A HOTEL MANAGEMENT Inc., and affiliated companies defined in Article 8 of the "Regulations on Terms, Forms, and Preparation Methods of Financial Statements, etc."
- Purpose of joint use: Same as the Purpose of Use stipulated in Article 3.
- Manager responsible for joint use: NOT A HOTEL Inc., Representative Director: Shinji Hamauzu, 3-11-8 Sendagaya, Shibuya-ku, Tokyo
Article 9 (Disclosure of Personal Information)
- We will disclose personal information to customers without delay when requested. However, we may not disclose all or part of the information if it falls under any of the following cases, and we will notify the customer without delay in such cases. A fee of 1,000 yen will be charged for each disclosure of personal information.
- If there is a risk of harm to the life, body, property, or other rights and interests of the customer or a third party.
- If there is a risk of significant hindrance to the proper conduct of our business.
- If it violates other laws.
- Notwithstanding the provisions of the preceding paragraph, we will not disclose information other than personal information, such as history and characteristic information (referring to information other than personal information, including the services you used, the products you purchased, the pages or advertisements you viewed, the keywords you searched, the dates and times you used the services, the methods and environments you used them, your postal code, gender, occupation, age, user's IP address, cookie information, location information, and device identification information).
Article 10 (Correction, Deletion, and Suspension of Use of Personal Information)
- If customers believe that their personal information held by us is incorrect, they can request correction, addition, deletion (hereinafter referred to as "Correction, etc."), or suspension of use, or erasure (hereinafter referred to as "Suspension of Use, etc.") by following the procedures we specify, in accordance with the Personal Information Protection Act.
- Upon receiving a request based on the preceding paragraph and determining that it is necessary to comply with the request, we will correct or suspend the use of such personal information without delay.
- We will notify the customer without delay when corrections or suspensions are made based on the provisions of the preceding paragraph or when a decision is made not to make such corrections or suspensions.
Article 11 (Procedures for Changing the Privacy Policy)
We will review and strive to improve the content of this Policy as appropriate. The content of this Policy can be changed except as otherwise provided by law or this Policy. The revised Privacy Policy will take effect from the time it is notified to users by the prescribed method or posted on our website.
Article 12 (Compliance with Laws and Regulations)
We will comply with Japanese laws and regulations applicable to the personal information we hold.
Article 13 (Contact Information)
For inquiries regarding the handling of personal information, please contact the following customer support:
NOT A HOTEL Inc.
Revised as of March 4, 2024
Regarding the Use of Google Analytics
We use Google Analytics on our website to provide better services and improve usability by collecting and analyzing data.
Please refer to the Google Analytics site for the terms of use and the privacy policy of Google.
Google Analytics Terms of Use:
https://marketingplatform.google.com/about/analytics/terms/us/Google Privacy Policy:
https://policies.google.com/privacy?hl=enGoogle Analytics uses cookies, etc., to understand customer usage. If you do not want your data to be used by Google Analytics, please use the Google Analytics Opt-out Add-on provided by Google.
Google Analytics Opt-out Add-on:
https://tools.google.com/dlpage/gaoptout?hl=enPrivacy Policy (for EU and UK residents)
NOT A HOTEL Inc. and its affiliates and subsidiaries (“NOT A HOTEL”, “we”, “us” or “our”) are committed to ensuring compliance with data protection and privacy laws, including the EU and UK General Data Protection Regulation.
This policy sets out how we collect and process your personal data. This policy only applies to our processing of your personal data if you are located in the EU (including the European Economic Area, hereinafter the same shall apply) or the UK. To the extent of any conflict between this policy and any of our other terms or policies, the provisions of this policy shall prevail.
1. Identity of the Data Controllers
NOT A HOTEL will collect and process your personal data as data controllers. The details of NOT A HOTEL are as follows:
Company Name | Address |
---|---|
NOT A HOTEL Inc. | 3-11-8 Sendagaya, Shibuya-ku, Tokyo, Japan |
NOT A HOTEL MANAGEMENT Inc. | 3-11-8 Sendagaya, Shibuya-ku, Tokyo, Japan |
NOT A HOTEL DAO Inc. | 3-11-8 Sendagaya, Shibuya-ku, Tokyo, Japan |
NOT A HOTEL 2nd Inc. | 2-11-7-413 Shinjuku, Shinjuku-ku, Tokyo, Japan |
2. Personal Data Collected by Us
- Information that you provide to us: This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. This information may include:
- Account registration data, including name, email address, telephone number, profile image, occupation, nationality, postal address, postal number, credit card information (for credit card numbers, the last four digits only) and driver’s license information and image;
- Check-in confirmation data, including name, postal address, occupation, nationality, passport number and image;
- Property management data, including name, email address, telephone number, occupation, nationality, postal address, postal number, credit card information (for credit card numbers, the last four digits only) , driver’s name, driver’s licence information, profile URLs, birthday, interests/preferences, tendency to stay, property under consideration, family structure, family names/birthdays, companions, sales representative in charge, incident records, reason for purchase/service use, special considerations and remarks; and
- Owner management data, including details regarding the contracts (contract title, purchaser’s name, agent, contact information), bank account information (name of financial institution, name of branch, account type, account number, account holder’s name), and income and expenditures of owner’s properties.
- Information we collect or generate about you: This includes data from and about you which is collected or generated through automated technologies or interactions, such as cookies and similar technologies. This information includes:
- Technical data, including device information, log-in information, cookies and anonymous IDs, IP addresses, location information (i.e., geographic dimensions inferred from IP addresses), and unique identification information.
- Information we obtain from other sources: We collect your personal data from third-party service providers, agencies or other publicly available sources where applicable. This information includes:
- Reservation data, including name, telephone number, postal address, postal number and nationality.
3. Purposes and Legal Basis for Processing
Our purposes and legal basis for processing your personal data are as follows:
Purposes | Legal Basis |
---|---|
|
|
|
|
|
|
|
|
|
|
4. Sharing of Your Personal Data with Third Parties
Although your personal data is intended for us, it may be shared with third parties in certain circumstances, as set forth below:
- Our group companies: We may share your personal data among our group companies in order to administer the Products and Services, provide you with customer support, process payments, understand your preferences, send you information about Products and Services that may be of interest to you, and conduct the other activities described in this policy.
- Service providers / Professional advisors: We engage other companies, agents and contractors to perform services on our behalf or to assist us with providing our Services and Products to you. We may share your personal data with the following categories of service providers and professional advisors:
- infrastructure and IT service providers;
- marketing, advertising and communications agencies;
- credit reference agencies and payment service providers; and
- accounting auditors and various advisers.
- Third parties permitted by law: In certain circumstances, we may be required to disclose or share your personal data in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal data to the police, regulators, government agencies or to judicial or administrative authorities).
We may also disclose your personal data to third parties in cases where disclosure is both legally permissible and necessary to protect or defend our rights, for matters of national security, for law enforcement, to enforce our contracts or to protect your rights or those of the public.
- Third parties connected with business transfers: We may transfer your personal data to third parties in connection with a reorganization, restructuring, merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal data in a manner consistent with this policy.
Transfer of Personal Data Outside Your Country
Your personal data may be transferred to and processed outside of the country in which you are located, including, without limitation, to the US , Germany, Australia and Japan.
Most countries to which we transfer personal data are deemed to have the equivalent level of data protection as the EU and/or UK. However, some countries may have different data protection standards from those which apply in the EU and/or UK. In that case, we will take all steps that are reasonably necessary to ensure that your personal data is treated securely and in accordance with this policy, as well as applicable data protection laws, by entering into standard contractual clauses (or equivalent measures) with the relevant party outside the EU and/or UK.
Please contact us via our inquiry form or by post to our address described above if you want further information on the specific mechanism we use when transferring your personal data out of the EU and/or the UK.
6. Protection of Your Personal data
We act in strict compliance with the rules for the handling of personal data, according to its sensitivity, as well as to implement technical and organizational security measures to protect the personal data in our possession from unauthorized access, disclosure, alteration or destruction. Such measures include administrative, technical and physical safeguards, such as limiting access to personal data only to employees and authorized service providers who need to know such information for the purposes described in this policy.
7. Your Rights
You have the following rights in accordance with applicable laws and regulations:
- Access. You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. You have the right to obtain a copy of the personal data undergoing processing.
- Rectification. You have the right to have any incomplete or inaccurate personal data that we process about you rectified.
- Erasure. You have the right to request that we delete personal data that we process about you; provided that we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- Restriction. You have the right to restrict our processing of your personal data in cases where you believe that such data is inaccurate, that our processing is unlawful, or that we no longer need to process such data for a particular purpose, unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
- Portability. You have the right to obtain the personal data which we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (i) personal data which you have provided to us, and (ii) if we are processing that personal data on the basis of your consent or to perform a contract with you.
- Objection. Where the legal justification for our processing of your personal data is our legitimate interests, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
- Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes where you wish to opt out from receiving marketing messages.
You also have the right to lodge a complaint with the local personal data protection regulatory authority in accordance with applicable laws if you believe that we have not complied with applicable personal data protection laws.
Where you wish to exercise any of these rights, please send us a request via our inquiry form or by post to our address described above. For your own privacy and security, we may require evidence of your identity or to be provided with additional information before we are able to act on your request when the information we have is insufficient to accommodate your request. We will use our best efforts to provide any requested information or make requested changes in accordance with applicable laws.
8. Your Personal Data Retention Period
We generally retain your personal data for as long as reasonably needed for the specific business purpose or purposes for which it was collected. Your personal data is also archived for the duration necessary to handle any disputes involving you. In some cases, we may be required to retain information for a longer period of time based on laws or regulations that apply to our business. Where possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the original retention period. Once your personal data is no longer necessary, we delete or anonymize it as soon as possible.
9. Contact Information
Should you have questions or concerns about this policy or our privacy practices, please contact us via our inquiry form or by post to our address described above.
10 .Updates
We may update this policy from time to time. We reserve the right to modify, add or remove portions of this policy. If we decide to change this policy, we will post an alert on our website.
This policy was last updated on 07/23, 2024.
Privacy Policy (for China residents)
NOT A HOTEL Inc. and its affiliates and subsidiaries (“NOT A HOTEL”, “we”, “us” or “our”) are committed to ensuring compliance with data protection and privacy laws, including the Personal Information Protection Law of People’s Republic of China (“PRC”).
This policy sets out how we collect and process your personal data. This policy only applies to our processing of your personal data if you are located in the PRC(excluding Hong Kong, Macao and Taiwan). To the extent of any conflict between this policy and any of our other terms or policies, the provisions of this policy shall prevail.
1. Identity of the Personal Information Handlers
NOT A HOTEL will collect and process your personal data as personal information handlers. The details of NOT A HOTEL are as follows:
Company Name | Address |
---|---|
NOT A HOTEL Inc. | 3-11-8 Sendagaya, Shibuya-ku, Tokyo, Japan |
NOT A HOTEL MANAGEMENT Inc. | 3-11-8 Sendagaya, Shibuya-ku, Tokyo, Japan |
NOT A HOTEL DAO Inc. | 3-11-8 Sendagaya, Shibuya-ku, Tokyo, Japan |
NOT A HOTEL 2nd Inc. | 2-11-7-413 Shinjuku, Shinjuku-ku, Tokyo, Japan |
2. Personal Data Collected by Us
- Information that you provide to us: This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. This information may include:
- Account registration data, including name, email address, telephone number, profile image, occupation, nationality, postal address, postal number, credit card information (for credit card numbers, the last four digits only) and driver’s license information and image;
- Check-in confirmation data, including name, postal address, occupation, nationality, passport number and image;
- Property management data, including name, email address, telephone number, occupation, nationality, postal address, postal number, credit card information (for credit card numbers, the last four digits only), driver’s name, driver’s licence information, profile URLs, birthday, interests/preferences, tendency to stay, property under consideration, family structure, family names/birthdays, companions, sales representative in charge, incident records, reason for purchase/service use, special considerations and remarks, personal information of a minor below the age of 14 (including name, postal address, birthday, interests/preferences, food preferences); and
- Owner management data, including details regarding the contracts (contract title, purchaser’s name, agent, contact information, bank account information (name of financial institution, name of branch, account type, account number, account holder’s name), and passport information) and income and expenditures of owner’s properties.
- Information we collect or generate about you: This includes data from and about you which is collected or generated through automated technologies or interactions, such as cookies and similar technologies. This information includes:
- Technical data, including device information, log-in information, cookies and anonymous IDs, location information, IP addresses and unique identification information.
- Information we obtain from other sources: We collect your personal data from third-party service providers, agencies or other publicly available sources where applicable. This information includes:
- Reservation data, including name, telephone number, postal address, postal number and nationality.
- Sensitive personal information: Among the information described in (a)~(c) above, the information that is deemed as the sensitive personal information under the applicable data protection and privacy laws is as follows:
- credit card information, driver’s license information and image, passport information (including passport number and image), bank account information (name of financial institution, name of branch, account type, account number, account holder’s name) and personal information of a minor below the age of 14 (including name, postal address, birthday, interests/preferences, food preferences).
3. Purposes and Legal Basis for Processing
Our purposes and legal basis for processing your personal data are as follows:
Purposes | Legal Basis |
---|---|
|
|
|
|
|
|
|
|
|
|
In view of the fact that once the sensitive personal information listed in 2. (d) “Sensitive personal information” above is leaked or illegally used, it may easily lead to the infringement of the personal dignity or the harm of personal or property safety of you, in order to reduce the negative impact on the legitimate rights and interests of your sensitive personal information, we will collect, store, use, process, transmit, provide, disclose, and delete the following sensitive personal information within the scope of the following necessity in accordance with the applicable data protection and privacy laws.
Sensitive Personal Information | Necessity of processing sensitive personal information |
---|---|
|
|
|
|
|
|
4. Sharing of Your Personal Data with Third Parties
Although your personal data is intended for us, it may be shared with third parties in certain circumstances, as set forth below:
- Our group companies: We may share your personal data listed in “2. Personal Data Collected by Us” among our group companies listed in “1. Identity of the Personal Information Handlers” in order to administer the Products and Services, provide you with customer support, process payments, understand your preferences, send you information about Products and Services that may be of interest to you, and conduct the other activities described in this policy.
- Service providers / Professional advisors: We engage other companies, agents and contractors to perform services on our behalf or to assist us with providing our Services and Products to you. We may share your personal data with the following categories of service providers and professional advisors:
- infrastructure and IT service providers;
- marketing, advertising and communications agencies;
- credit reference agencies and payment service providers; and
- accounting auditors and various advisers.
- Third parties permitted by law: In certain circumstances, we may be required to disclose or share your personal data in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal data to the police, regulators, government agencies or to judicial or administrative authorities).
We may also disclose your personal data to third parties in cases where disclosure is both legally permissible and necessary to protect or defend our rights, for matters of national security, for law enforcement, to enforce our contracts or to protect your rights or those of the public.
- Third parties connected with business transfers: We may transfer your personal data to third parties in connection with a reorganization, restructuring, merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal data in a manner consistent with this policy.
5. Transfer of Personal Data Outside Your Country
Subject to your separate consent, your personal data may be transferred to and processed outside of the country in which you are located, including, without limitation, to the US , Germany, Australia and Japan, so long as such transfer is conducted within the purposes set forth in “3. Purposes and Legal Basis for Processing” above.
However, some countries may have different data protection standards from those which apply in the PRC. In that case, we will take all steps that are reasonably necessary to ensure that your personal data is treated securely and in accordance with this policy, as well as applicable data protection laws, by entering into standard contractual clauses (or equivalent measures) with the relevant party outside the PRC.
Please contact us via our inquiry form or by post to our address described above if you want further information on the specific mechanism we use when transferring your personal data out of the PRC.
6. Protection of Your Personal data
We act in strict compliance with the rules for the handling of personal data, according to its sensitivity, as well as to implement technical and organizational security measures to protect the personal data in our possession from unauthorized access, disclosure, alteration or destruction. Such measures include administrative, technical and physical safeguards, such as limiting access to personal data only to employees and authorized service providers who need to know such information for the purposes described in this policy.
7. Your Rights
You have the following rights in accordance with applicable laws and regulations:
- Access. You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. You have the right to obtain a copy of the personal data undergoing processing.
- Rectification. You have the right to have any incomplete or inaccurate personal data that we process about you rectified.
- Erasure. You have the right to request that we delete personal data that we process about you; provided that we are not obliged to do so if we need to retain such data in order to comply with a legal obligation under the applicable data protection and privacy laws or to establish, exercise or defend legal claims.
- Restriction. You have the right to restrict our processing of your personal data in cases where you believe that such data is inaccurate, that our processing is unlawful, or that we no longer need to process such data for a particular purpose, unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
- Portability. You have the right to obtain the personal data which we hold about you, in a structured, electronic format, and to transmit such data to another personal information handler, where this is (i) personal data which you have provided to us, and (ii) if we are processing that personal data on the basis of your consent or to perform a contract with you.
- Objection. Where the legal justification for our processing of your personal data is our legitimate interests, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
- Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes where you wish to opt out from receiving marketing messages.
You also have the right to lodge a complaint with the local personal data protection regulatory authority in accordance with applicable laws if you believe that we have not complied with applicable personal data protection laws.
Where you wish to exercise any of these rights, please send us a request via our inquiry form or by post to our address described above. For your own privacy and security, we may require evidence of your identity or to be provided with additional information before we are able to act on your request when the information we have is insufficient to accommodate your request. We will use our best efforts to provide any requested information or make requested changes in accordance with applicable laws.
8. Your Personal Data Retention Period
We generally retain your personal data for as long as reasonably needed for the purposes set forth in “3. Purposes and Legal Basis for Processing” above. Your personal data is also archived for the duration necessary to handle any disputes involving you. In some cases, we may be required to retain information for a longer period of time based on laws or regulations that apply to our business. Where possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the original retention period. Once your personal data is no longer necessary, we delete or anonymize it as soon as possible.
9. Contact Information
Should you have questions or concerns about this policy or our privacy practices, please contact us via our inquiry form or by post to our address described above.
10 .Updates
We may update this policy from time to time. We reserve the right to modify, add or remove portions of this policy. If we decide to change this policy, we will post an alert on our website.
This policy was last updated on 0723, 2024.
Privacy Policy (for Singapore residents)
NOT A HOTEL Inc. and its affiliates and subsidiaries (“NOT A HOTEL”, “we”, “us” or “our”) are committed to ensuring compliance with data protection and privacy laws, including the Personal Data Protection Act 2012 (the “PDPA”).
This policy sets out how we collect and process your personal data. This policy only applies to our collecting and processing of your personal data if you are located in Singapore. To the extent of any conflict between this policy and any of our other terms or policies, the provisions of this policy shall prevail.
1. Identity and Outline of Data Collection by NOT A HOTEL
NOT A HOTEL generally will not collect and process your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the personal data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
The details of NOT A HOTEL are as follows:
Company Name | Address |
---|---|
NOT A HOTEL Inc. | 3-11-8 Sendagaya, Shibuya-ku, Tokyo, Japan |
NOT A HOTEL MANAGEMENT Inc. | 3-11-8 Sendagaya, Shibuya-ku, Tokyo, Japan |
NOT A HOTEL DAO Inc. | 3-11-8 Sendagaya, Shibuya-ku, Tokyo, Japan |
NOT A HOTEL 2nd Inc. | 2-11-7-413 Shinjuku, Shinjuku-ku, Tokyo, Japan |
2. Personal Data Collected by Us
- Information that you provide to us: This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. This information may include:
- Account registration data, including name, email address, telephone number, profile image, occupation, nationality, postal address, postal number, credit card information (for credit card numbers, the last four digits only) and driver’s license information and image;
- Check-in confirmation data, including name, postal address, occupation, nationality, NRIC/FIN or passport number and image;
- Property management data, including name, email address, telephone number, occupation, nationality, postal address, postal number, credit card information (for credit card numbers, the last four digits only) , driver’s name, driver’s licence information, profile URLs, birthday, interests/preferences, tendency to stay, property under consideration, family structure, family names/birthdays, companions, sales representative in charge, incident records, reason for purchase/service use, special considerations and remarks; and
- Owner management data, including details regarding the contracts (contract title, purchaser’s name, agent, contact information), bank account information (name of financial institution, name of branch, account type, account number, account holder’s name), and income and expenditures of owner’s properties.
- Information we collect or generate about you: This includes data from and about you which is collected or generated through automated technologies or interactions, such as cookies and similar technologies. This information includes:
- Technical data, including device information, log-in information, cookies and anonymous IDs, IP addresses, location information, (i.e., geographic dimensions inferred from IP addresses) and unique identification information.
For more details concerning cookies, please refer to ourCookie Policy. You can also refuse to provide your personal data to us. However, if you do not provide your data, we may not be able to provide you with our products and services. This refusal can also have an effect on your use of our websites.
- Information we obtain from other sources: We collect your personal data from third-party service providers, agencies or other publicly available sources where applicable. This information includes:
- Reservation data, including name, telephone number, postal address, postal number and nationality.
3. Purposes and Legal Basis for Collecting and Processing
Our purposes and legal basis for collecting and processing your personal data are as follows:
Purposes |
---|
|
|
|
|
|
The purposes listed above may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
4. Sharing of Your Personal Data with Third Parties
Although your personal data is intended for us, it may be shared with third parties in certain circumstances, as set forth below:
- Our group companies: We may share your personal data among our group companies in order to administer the Products and Services, provide you with customer support, process payments, understand your preferences, send you information about Products and Services that may be of interest to you, and conduct the other activities described in this policy.
- Service providers / Professional advisors: We engage other companies, agents and contractors to perform services on our behalf or to assist us with providing our Services and Products to you. We may share your personal data with the following categories of service providers and professional advisors:
- infrastructure and IT service providers;
- marketing, advertising and communications agencies;
- credit reference agencies and payment service providers; and
- accounting auditors and various advisers.
- Third parties permitted by law: In certain circumstances, we may be required to disclose or share your personal data in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal data to the police, regulators, government agencies or to judicial or administrative authorities).
We may also disclose your personal data to third parties in cases where disclosure is both legally permissible and necessary to protect or defend our rights, for matters of national security, for law enforcement, to enforce our contracts or to protect your rights or those of the public.
- Third parties connected with business transfers: We may transfer your personal data to third parties in connection with a reorganization, restructuring, merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal data in a manner consistent with this policy.
5. Transfer of Personal Data Outside Your Country
Your personal data may be transferred to and processed outside of the country in which you are located, including, without limitation, to the US, Germany, Australia and Japan.
Some countries may have different data protection standards from those which apply in Singapore. In that case, we will take all steps that are reasonably necessary to ensure that your personal data is treated securely and in accordance with this policy, as well as applicable data protection laws, by entering into a data transfer agreement (or equivalent measures) with the relevant party outside Singapore.
Please contact us via our inquiry form or by post to our address described above if you want further information on the specific mechanism we use when transferring your personal data out of Singapore.
6. Protection of Your Personal data
We act in strict compliance with the rules for the handling of personal data, according to its sensitivity, as well as to implement technical and organizational security measures to protect the personal data in our possession from unauthorized access, disclosure, alteration or destruction. Such measures include administrative, technical and physical safeguards, such as limiting access to personal data only to employees and authorized service providers who need to know such information for the purposes described in this policy.
7. Your Rights
You have the following rights in accordance with applicable laws and regulations:
- Access. You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. You have the right to obtain a copy of the personal data undergoing processing.
- Rectification. You have the right to have any incomplete or inaccurate personal data that we process about you rectified.
We will respond to your request as soon as reasonably possible. In particular should we not be able to respond to your access and rectification request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a rectification requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
- Erasure. You have the right to request that we delete personal data that we process about you; provided that we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- Restriction. You have the right to restrict our processing of your personal data in cases where you believe that such data is inaccurate, that our processing is unlawful, or that we no longer need to process such data for a particular purpose, unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
- Portability. You have the right to obtain the personal data which we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (i) personal data which you have provided to us, and (ii) if we are processing that personal data on the basis of your consent or to perform a contract with you.
- Objection. Where the legal justification for our processing of your personal data is our legitimate interests, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
- Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes where you wish to opt out from receiving marketing messages.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
You also have the right to lodge a complaint with the local personal data protection regulatory authority in accordance with applicable laws if you believe that we have not complied with applicable personal data protection laws.
Where you wish to exercise any of these rights, please send us a request to our Data Protection Officer via our inquiry form or by post to our address described above. For your own privacy and security, we may require evidence of your identity or to be provided with additional information before we are able to act on your request when the information we have is insufficient to accommodate your request. We will use our best efforts to provide any requested information or make requested changes in accordance with applicable laws.
8. Your Personal Data Retention Period
We generally retain your personal data for as long as reasonably needed for the specific business purpose or purposes for which it was collected. Your personal data is also archived for the duration necessary to handle any disputes involving you. In some cases, we may be required to retain information for a longer period of time based on laws or regulations that apply to our business. Where possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the original retention period. Once your personal data is no longer necessary, we delete or anonymize it as soon as possible.
9. Reporting a Personal Data Breach
If we encounter suspected Personal Data Breach, we will conduct an assessment of whether the Personal Data Breach is a notifiable Personal Data Breach (hereinafter defined). “Personal Data Breach” shall mean (a) the unauthorised access, collection, use, disclosure, copying, modification or disposal of personal data; or (b) the loss of any storage medium or device on which personal data is stored in circumstances where the unauthorised access, collection, use, disclosure, copying, modification or disposal of the personal data is likely to occur.
We will notify the Personal Data Protection Commission, as soon as practicable, but in any case, no later than three (3) calendar days after the day we make that assessment, if the Personal Data Breach:
- results in, or is likely to result in, significant harm to an affected individual; or
- is, or is likely to be, of a significant scale (“notifiable Personal Data Breach”).
We will also notify you if you are affected by a notifiable Personal Data Breach mentioned above in any manner that is reasonable in the circumstances.
10. Data Protection Officer
If you have any enquiries or wish to make any request relating to your personal data, you may contact our Data Protection Officer at:
Email: [email protected]
Weekdays: Monday-Friday 10AM-5PM
11.Contact Information
Should you have questions or concerns about this policy or our privacy practices, please contact our Data Protection Officer via our inquiry form or by post to our address described above.
12. Updates
We may update this policy from time to time. We reserve the right to modify, add or remove portions of this policy. If we decide to change this policy, we will post an alert on our website.
This policy was last updated on 07/23, 2024.
Privacy Policy (for California residents)
NOT A HOTEL Inc. and its affiliates and subsidiaries (“NOT A HOTEL”, “we”, “us” or “our”) are committed to ensuring compliance with data protection and privacy laws, including California Consumer Privacy Act of 2018 (“CCPA”) .
This policy sets out how we collect and process your personal data. This policy only applies to our processing of your personal data if you are located in California, United States of America. To the extent of any conflict between this policy and any of our other terms or policies, the provisions of this policy shall prevail.
1. Identity of the Data Controllers
NOT A HOTEL will collect and process your personal data as data controllers. The details of NOT A HOTEL are as follows:
Company Name | Address |
---|---|
NOT A HOTEL Inc. | 3-11-8 Sendagaya, Shibuya-ku, Tokyo, Japan |
NOT A HOTEL MANAGEMENT Inc. | 3-11-8 Sendagaya, Shibuya-ku, Tokyo, Japan |
NOT A HOTEL DAO Inc. | 3-11-8 Sendagaya, Shibuya-ku, Tokyo, Japan |
NOT A HOTEL 2nd Inc. | 2-11-7-413 Shinjuku, Shinjuku-ku, Tokyo, Japan |
2. Personal Data Collected by Us
The categories and sources of personal data we have been collecting and using within the past twelve (12) months shall be as follows:
- Information that you provide to us: This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. This information may include:
- Account registration data, including name, email address, telephone number, profile image, occupation, nationality, postal address, postal number, credit card information (for credit card numbers, the last four digits only) and driver’s license information and image;
- Check-in confirmation data, including name, postal address, occupation, nationality, passport number and image;
- Property management data, including name, email address, telephone number, occupation, nationality, postal address, postal number, credit card information (for credit card numbers, the last four digits only) , driver’s name, driver’s licence information, profile URLs, birthday, interests/preferences, tendency to stay, property under consideration, family structure, family names/birthdays, companions, sales representative in charge, incident records, reason for purchase/service use, special considerations and remarks; and
- Owner management data, including details regarding the contracts (contract title, purchaser’s name, agent, contact information), bank account information (name of financial institution, name of branch, account type, account number, account holder’s name), and income and expenditures of owner’s properties.
- Information we collect or generate about you: This includes data from and about you which is collected or generated through automated technologies or interactions, such as cookies and similar technologies. This information includes:
- Technical data, including device information, log-in information, cookies and anonymous IDs, IP addresses, location information (i.e., geographic dimensions inferred from IP addresses)and unique identification information.
For more details concerning cookies, please refer to our Cookie Policy. You can also refuse to provide your personal data to us. However, if you do not provide your data, we may not be able to provide you with our products and services. This refusal can also have an effect on your use of our websites.
- Information we obtain from other sources: We collect your personal data from third-party service providers, agencies or other publicly available sources where applicable. This information includes:
- Reservation data, including name, telephone number, postal address, postal number and nationality.
3. Purposes and Legal Basis for Processing
Our purposes for processing your personal data are as follows:
Purposes |
---|
|
|
|
|
|
4. Sharing of Your Personal Data with Third Parties
We have not disclosed personal information for business purposes within the past twelve (12) months to the following parties:
In addition, we also have not shared or sold personal data to third parties in the past twelve (12) months.
5. Selling or Sharing Personal Data of Persons Under 16 Years of Age
Our website, Products or Services are not intended for use by children under the age of 13. If the personal data we collect is found to contain the information of children under the age of 13, we will immediately delete the personal data. We do not have actual knowledge that we sell, share, have sold or have shared the personal data of any persons between 13 and 16 years of age; however, if we plan to do so in the future, the selling or sharing of personal data will not be done unless the consumers between 13 and 16 years of age have affirmatively authorized it.
6. Our Use and Disclosure of Sensitive Personal Data
Without your consent, we do not use or disclose your sensitive personal information for purposes other than those specified in Section 7027, subsection (m) of the CCPA Regulation.
7. Protection of Your Personal data
We act in strict compliance with the rules for the handling of personal data, according to its sensitivity, as well as to implement technical and organizational security measures to protect the personal data in our possession from unauthorized access, disclosure, alteration or destruction. Such measures include administrative, technical and physical safeguards, such as limiting access to personal data only to employees and authorized service providers who need to know such information for the purposes described in this policy.
8. Your Rights
You have the following rights in accordance with applicable laws and regulations:
- The right to know about personal data collected, disclosed, or sold
You have the right to request that we disclose the following data to you regarding our collection and use of your personal data over the past 12 months:
- Categories of personal data we collect about you;
- Categories of sources of collection;
- Business or commercial purposes for collecting or selling personal data;
- Categories of third parties to which we share personal data;
- Specific personal data we collect about you; and
- Categories of personal data sold or disclosed by us and the category of recipients.
- The right to request deletion of personal data:
You have the right to request that we delete any of your personal data that we have collected from you. Please note that such right is subject to certain exceptions under the CCPA. When we determine to maintain your personal data after your request, we will inform you of the exception applied to your case.
- The right to correct inaccurate personal data:
You have the right to request that we correct inaccurate personal data that we maintain about you.
- The right to opt-out of the sale of personal data:
We have not sold your personal data in the previous twelve (12) months, but, if we decide to do so in the future, we will inform you that your personal data will be sold and that you have the right to opt out of that sale.
- The right to opt-out of the sale of personal data:
We do not use or disclose sensitive personal data for reasons other than those set forth in section 7027, subsection (m) of the CCPA Regulation, but, if we decide to do so in the future, you have the right to limit the use or disclosure of sensitive personal data by us.
- The right to non-discrimination for exercising your rights:
We do not discriminate against you due to the exercise of any of your rights under the CCPA.
You also have the right to lodge a complaint with the local personal data protection regulatory authority in accordance with applicable laws if you believe that we have not complied with applicable personal data protection laws.
9. Procedures for Request to Exercise Your Rights
Where you wish to exercise any of these rights, please send us a request via our inquiry form or by post to our address described above. For your own privacy and security, we may require evidence from you to confirm you are a California resident and to verify your identity before we are able to act on your request when the information we have is insufficient to accommodate your request. We will use our best efforts to provide any requested information or make requested changes in accordance with applicable laws.
If you decide to submit a request through an authorized agent, you are required to provide us with a power of attorney directly or via the agent.
10. Your Personal Data Retention Period
We generally retain your personal data for as long as reasonably needed for the specific business purpose or purposes for which it was collected. Your personal data is also archived for the duration necessary to handle any disputes involving you. In some cases, we may be required to retain information for a longer period of time based on laws or regulations that apply to our business. Where possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the original retention period. Once your personal data is no longer necessary, we delete or anonymize it as soon as possible.
11. Contact Information
Should you have questions or concerns about this policy or our privacy practices, please contact us via our inquiry form or by post to our address described above.
12. Updates
We may update this policy from time to time. We reserve the right to modify, add or remove portions of this policy. If we decide to change this policy, we will post an alert on our website.
This policy was last updated on 7/23, 2024.
Cookie Policy
Cookie Policy
This Cookie Policy explains how NOT A HOTEL Inc. and its affiliates and subsidiaries (“NOT A HOTEL”, “we”, “us” or “our”) use cookies and similar technologies to recognize you when you visit our website (“Website”). It explains what these technologies are and why we use them, as well as your rights to control our use of them.
To the extent that we collect personal data with the help of cookies, we will process it in accordance withthe Privacy Policy (for EU and UK residents).
What are cookies?
Cookies are small text files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.
Types of cookies we use
We use four categories of cookies on our Website:
- Strictly necessary cookies. These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.
- Performance cookies. These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
- Functionality cookies. These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
- Targeting or advertising cookies. These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaigns. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
Depending on how long the cookies remain in your browser, they may also be divided into two different groups:
- Session cookies. These are temporary cookies that remain in the cookie file of your browser until you leave this Website.
- Persistent cookies. These remain in the cookie file of your browser even after you close the browser. They have expiration dates and can be used to store information that can be accessed across multiple browsing sessions.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
Cookies | Domain | Purpose / Description | Duration | Type |
---|---|---|---|---|
_gcl_au | .notahotel.com | Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services. | 3 months | Performance |
muc_ads | .t.co | Twitter sets this cookie to collect user behaviour and interaction data to optimize the website. | 1 year 1 month 4 days | Targeting or advertising |
guest_id_marketing | .twitter.com | Twitter sets this cookie to identify and track the website visitor. | 1 year 1 month 4 days | Targeting or advertising |
guest_id_ads | .twitter.com | Twitter sets this cookie to identify and track the website visitor. | 1 year 1 month 4 days | Targeting or advertising |
personalization_id | .twitter.com | Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting. | 1 year 1 month 4 days | Targeting or advertising |
guest_id | .twitter.com | Twitter sets this cookie to identify and track the website visitor. It registers if a user is signed in to the Twitter platform and collects information about ad preferences. | 1 year 1 month 4 days | Targeting or advertising |
__lt__cid | .notahotel.com | This cookie is used to collect data about users’ visits to the site, such as the number of return visits and which pages are viewed. | 1 year 1 month 4 days | Performance |
__lt__sid | .notahotel.com | This cookie is used to collect data about users’ visits to the site, such as the number of return visits and which pages are viewed. . | 1 hour | Performance |
_yjsu_yjad | .notahotel.com | Yahoo sets this cookie for advertising targeting. | 1 year | Advertising |
ar_debug | .pinterest.com | Google sets this cookie for advertising targeting. | 1 year | Advertising |
_ldbrbid | .line.me | Line sets this cookie for the delivery of ads. | 1 year 1 month 4 days | Targeting |
_pin_unauth | .notahotel.com | Pinterest set this cookie to group actions for users who cannot be identified. | 1 year | Targeting |
AP | .userlocal.jp | User Local sets this cookie to identify and track the website visitor. | 1 year 1 month 4 days | Necessary |
__cf_bm | .vimeo.com | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. | 1 hour | Necessary |
_cfuvid | .vimeo.com | This cookie, set by Vimeo, is used to distinguish individual users who share the same IP address. | Session | Necessary |
__cf_bm | .hubspot.com | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. | 1 hour | Necessary |
_cfuvid | .hubspot.com | This cookie, set by Cloudflare, is used to allow the Cloudflare WAF to distinguish individual users who share the same IP address. | Session | Necessary |
JSESSIONID | .nr-data.net | New Relic uses this cookie to store a session identifier so that New Relic can monitor session counts for an application. | Session | Necessary |
vuid | .vimeo.com | Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website. | 1 year 1 month 4 days | Performance |
_ga_* | .notahotel.com | Google Analytics sets this cookie to store and count page views. | 1 year 1 month 4 days | Performance |
_ga | .notahotel.com | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. | 1 year 1 month 4 days | Performance |
ab_experiment_sampled | .news.notahotel.com | Substack sets this cookie, which is used to consistently serve visitors they’ve seen before. | 1 year | Functional |
ab_testing_id | .news.notahotel.com | Appboy sets this cookie, which is used to consistently serve visitors the same version of an A/B test page they’ve seen before. | 1 year | Functional |
__cf_bm | .news.notahotel.com | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. | 1 hour | Necessary |
is_eu | notahotel.com | This cookie determines whether the user is from the EU, i.e., whether the user is subject to EU data protection regulations. | Session | Necessary |
How to control cookies?
You can control and/or delete cookies through your as you wish. You can also block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies), you may not be able to access all or parts of our Website.
Changes to this Cookie Policy
We may update our Cookie Policy from time to time. We will notify you of any changes by posting the new Cookie Policy on this page. You are advised to review this Cookie Policy periodically for any changes.
Contact Us
If you have any questions about our Cookie Policy, please contact us via our inquiry form