att.Ryokan & Resorts

Privacy Policy

Finex Co., Ltd. (hereinafter referred to as “Finex” or “we”) stipulate this Privacy Policy (referred to in the following as “this policy”) as follows below as a code of conduct to ensure we appropriately handle personal data provided by customers for use in Finex’s business services (including multi-lingual tool creation, editing, and translation), we will endeavor to comply fully with this policy.

Article 1 (Personal Data)
In this Privacy Policy, “personal data” is as stipulated in the law related to personal data protection (Act No. 57, adopted in 2003; hereinafter referred to as the “Act on the Protection of Personal Information (APPI)”) Personal data concerns living individuals, and indicates information that can identify the specific individual from such as names, birth dates or other descriptions, etc., included in the relevant data, or information including codes that can identify the individual.

Article 2 (Acquisition and Use of Personal Data)
1. Finex acquires, uses, and shares personal data received from users (hereinafter referred to as “users”) of our services (hereinafter referred to as “service”), within the scope required for the following purposes, which are appropriate to the content and scale of the business service. We will not use the personal data except to achieve the specified purposes of use and we will take measures to ensure that.
  1. Providing a service
  2. Communication between Finex and the users
  3. Communication among the service users
  4. Implementing a secure and safe communication environment
  5. Investigating and analyzing the service usage status
  6. Conducting marketing surveys and questionnaires
  7. Improving the service and fixing defects
  8. Shipping products during marketing campaigns, etc.
  9. Rectifying violations of the terms and conditions of use
  10. Responding to customer inquiries

2. Based on the earlier definition, the personal data of users acquired by Finex is deemed to include the following information.
  1. Data provided directly by customers:
    (1) Name (2) Sex (3) Date of birth (4) Zip code (5) Address (6) Password (7) Email address, (8) Telephone number, (9) Data provided for an inquiry
  2. Data acquired automatically when communicating with an external service such as Facebook (hereinafter referred to as “external service”):
    (1) Customer ID for the external service (2) Name used in the external service (3) Email address registered with the external service (4) Other of the customer’s member data for the external service
  3. Data automatically acquired when the customer uses our service
    (1) The service’s usage status (2) IP address (3) Cookie data (4) Device-and browser-specific identifying data

Article 3 (Personal Data Management and Protection)
Finex does not disclose personal data to a third party except with the consent of the user or when we are obligated to do so by laws and regulations. In addition, to comply with laws and regulations, guidelines stipulated by the government or other standards concerning personal data handling, we have formulated a Personal Data Protection Management System that complies with the Japanese Industrial Standard “Personal Data Protection Management System – Requirements” (JIS Q 15001). By operating this appropriately, we prevent leaks, loss, or damage of personal data and take corrective measures. We also make continuous improvements to the Personal Data Protection Management System.

Article 4 (Outsourcing Personal Data Handling)
If Finex outsources some or all of the personal data handling, we will conduct necessary and appropriate supervision of the subcontractor to ensure safe management of the personal data whose handling is outsourced.

Article 5 (Personal Data Disclosure)
When a user requests Finex to disclose their personal data, we will do so without delay. However, if any of the following apply due to the disclosure, we may not disclose some or all of the data. If we decide not to disclose data, we will notify the user without delay.
  1. If there is the risk of harm to the life, person, assets, or other rights and interests of a user or a third party
  2. If there is the risk of significant impediment to the proper execution of the company’s business
  3. If it will result in a violation of other laws or regulations

Article 6 (Correction and Deletion of Personal Data)
1. If personal data possessed by Finex are incorrect, at the user’s request we will correct or delete personal data following the stipulated process.
2. If Finex receives a correction or deletion request from a user and we determine that it is necessary to respond to the request, then we will correct or delete the applicable personal data without delay, and notify the user of this.

Article 7 (Suspending Use of Personal Data)
If the user requests Finex to suspend use of or erase their personal data (hereinafter referred to as “suspension of use, etc.”), we will conduct the necessary investigation without delay. Based on the result of that and in accordance with laws and regulations, we will suspend use or erase the personal data, and notify the user of this. However, if we will incur a large expense or there are other obstacles to suspending use of or erasing the personal data, and if we can take alternative measures to protect the user’s rights and interests, then we will take those alternative measures. For example:
  1. If handling exceeds the scope of the purpose of use
  2. If the personal data was acquired via illegal means
  3. If the data are used via a method that risks promoting or triggering illegal or improper behavior
  4. If it is no longer necessary for Finex to use the user’s personal data
  5. If a personal data leak, loss, or damage (hereinafter referred to as “leak, etc.”) that contains personal data requiring care occurs, or there is a risk of occurrence
  6. If a personal data leak, etc. that risks causing asset damage due to improper use occurs, or there is a risk of occurrence
  7. If there is a personal data leak, etc. that may have been conducted for improper purposes occurs, or there is a risk of occurrence
  8. If there is a leak, etc. in which the number of individuals involved in the personal data exceeds 1,000 occurs, or there is a risk of occurrence
  9. If there is a risk that the user’s rights or legitimate interests will be damaged due to the handling of the applicable personal data

Article 8 (Privacy Policy Changes)
Finex will review the contents of this policy as appropriate, and work toward its improvement. We reserve the right to change any policy contents other than those stipulated separately such as in laws and regulations. After any change in the policy, we will notify users of the updated personal data protection guidelines via the method prescribed by us. Otherwise, the guidelines are deemed to have come into effect when posted on our company website.

Article 9 (Compliance with Laws, Regulations, and Standards)
Finex complies with Japan’s laws and regulations and other standards that apply to the personal data in its possession.

Article 10 (Response to Complaints and Inquiries)
Finex endeavors to respond appropriately and promptly to complaints and consultations related to the handling of personal data.

Article 11 (Inquiry Desk)
1. Please contact the following “Personal Data Complaints and Inquiries Desk” concerning the complaints and inquiries procedure, and requests for disclosure, etc. (notification of purposes of use, disclosure, correction, addition or deletion, suspension of use or sharing) of personal data that Finex possesses and that is subject to disclosure.


Finex Co., Ltd.
4-40 Yotsuya Honshio-cho, Shinjuku, Tokyo 160-0003
Complaints and Inquiries Representative, General Affairs and Human Resources Department
TEL: 03-6384-1471
FAX: 03-6384-1472
(Reception hours: 10:30 a.m. to 4:00 p.m., Monday to Friday excluding holidays)

2. Regarding requests for disclosure, etc. of personal data subject to disclosure based on the preceding paragraph, please send the following documents to the Personal Data Complaints and Inquiries Desk by mail or delivery service. However, document (3) is only required in the case of “notification of purpose of use” or “disclosure.” Note that we do not accept requests for disclosure, etc. by means other than mail or delivery service (for example, coming directly to the office, email, or FAX). Also, as a rule, we do not return documents sent to us.
  1. “Application Form for Requests for Disclosure, etc.” stipulated by the company
    Please contact Finex and we will send the application form. Then please complete the form.
  2. Identification documents (copy of a public certificate)
    These will be either of the following (i) or (ii).  (i) Any of the following documents (one)Driver’s license, driving history certificate, passport, individual number card (only the side with the name and photo displayed), residence card, special permanent resident certificate(ii) Any of the following documents (two or more)Public health insurance card, copy of certificate of residence, certificate of items stated on certificate of residence, pension book, insurance card for medical care for the elderly, government official mutual aid association or regional official mutual aid association member’s card, private school teacher mutual aid membership card, child rearing allowance certificate, special child rearing allowance certificate
  3. A 1,000-yen postal order for each application for a request for “notification of purpose of use” or “disclosure” 
3.Among the requests based on paragraph 1, for “notification of purpose of use” or “disclosure,” as stated in paragraph 2, please send a 1,000-yen postal order for each application as commission. If the commission is not enclosed, we will inform you, but if the payment is not then made within a predetermined interval, we will consider the request for disclosure, etc. not to have been made.

 4.Please note the following concerning making requests based on paragraph 1 and the provision of the identification document in paragraph 2. Only persons that consent should send requests for disclosure, etc. based on this article.
  1. We will use the identification document sent to respond to the request for disclosure, etc. by the person concerned.
  2. For personal data requiring care for which identification is not required, blacken it out in ink so that it is unreadable.
  3. Excluding cases based on laws and regulations, we will not provide the personal data to a third party without the consent of the person concerned. Also, we do not intend to outsource the handling of the personal data.
  4. If the person cannot be identified from the identification documents, we may not be able to respond to the request for disclosure, etc.
  5. We will bear no responsibility for loss during mailing or delivery, or non-delivery due to an accident.
  6. Please complete all the required items when conducting the request based on paragraph 1. If there are any deficiencies with the documents, we may return them.
  7. In cases where exceptions in the personal data protection law apply, for example, we may not be able to reply to the request for disclosure, etc.
  8. We may take some time to respond depending on the contents of the request based on paragraph 1.
  9. We will only handle the personal data collected with the request for disclosure, etc. as far as required for the request for the disclosure, etc. We will appropriately dispose of documents provided to us.
  10. As a result of “correction, etc.” or “suspension of use, etc.”, you may no longer be able to use the applicable service. Thank you for your understanding.

Established on September 1, 2021
Nobuhiko Kuwahara, Representative Director
Finex Co., Ltd.