Privacy Policy

 Ryubo Shoji Co., Ltd. (‘Ryubo’ or ‘we’) strive to protect the privacy of users of our website. Before using our website (, please read this privacy policy carefully.


⒈ General policy

Pursuant to the EU General Data Protection Regulation (‘GDPR’) and the UK General Data Protection Regulation (‘UK-GDPR’), we set a policy for the handling and protection of personal data of customers residing in the European Economic Area (EEA) and the United Kingdom (‘Personal Data’), and thereby establish internal systems and properly protect, manage and use Personal Data.


⒉ Controller’s name, address, etc.

As the controller of Personal Data processing activities, we are responsible for providing you with information regarding the handling of your Personal Data and for responding to your questions, comments and requests.

Address: 2-2-30 Makishi, Naha, Okinawa

Representative: Gouichi Itokazu

Telephone number: +81-098-862-5111




⒊ Lodging complaints with supervisory authorities

You have the right to lodge complaints with supervisory authorities such as national, regional or international organizations concerning our handling of Personal Data in accordance with GDPR, UK-GDPR, etc. We would appreciate an opportunity to address your concerns before you lodge a complaint with a supervisory authority and kindly ask you to contact us or our representative in the EEA or UK prior to lodging a complaint.


⒋ Cookies

Our internet pages use cookies. A cookie is a text file that is stored on your computer system via your internet browser. Many Internet sites and servers use cookies. A cookie consists of a string of characters that can assign an Internet page and server to the particular Internet browser in which it is stored. This allows the Internet sites and servers you visit to distinguish your individual browser from other Internet browsers that contain other cookies. By using cookies, we are able to provide users of this website with user-friendly services that would not be possible without the setting of cookies.

By using cookies, information and advertising on our website can be optimised with the user in mind. The purpose is to make it easier for users to use our website. For example, website users using cookies do not have to enter access data every time they visit the website. This is because cookies are stored on the user's computer system through the website. You can turn off cookies through our website at any time by means of the corresponding settings of the Internet browser used, and you can permanently disable cookies. Furthermore, cookies that have already been set can be erased at any time via your Internet browser or other software programs. This is possible with all common internet browsers.

If you disable cookies in your internet browser, not all functions of our website might be fully available.


We might (automatically) obtain the following information from you through cookies:

  • Information collected automatically by the website, such as IP address, cookie identifier, browser type, date and time of access, and location information
  • Information required by administrative instructions, laws, regulations, ordinances, etc.


The above acquired information is used for the following purposes in addition to the purposes described in 6 below.

  • To provide appropriate information and ensure security on the website
  • To operate and improve the functionality of the website
  • To provide information about our services
  • For statistical analysis of website maintenance and management, and usage


⒌ Acquisition of Personal Data

When you make a room, restaurant or event reservation through our websites, apps, reservation agents or other channels, we might collect your Personal Data from you directly or through a third party such as a reservation agent. The Personal Data we obtain and keep include the following:

①Basic information

Name, nationality, address, gender, date of birth, country/region of residence, e-mail address, telephone number, etc.

②Payment information

Credit card number, bank account information, billing address, etc.

  • Information collected automatically on our website

IP address, browser type, access date and time, etc.

④Service requests

Information to meet your requests such as room and leisure activities and other special requests

⑤Information stipulated by administrative instructions and laws, ordinances, etc.


⒍ Purpose of use, etc.

We use and process Personal Data only for the following purposes:

  • For the management of customers to whom we provide services
  • For the sale of products, rights, digital content, and services (including financial products, etc.) of Ryubo and third parties (including the conclusion of service supply contracts, etc.)
  • To offer members loyalty programs and other benefits, etc.
  • To provide to customers proposals and information from joint users regarding joint users/partner companies, various products and services, mail-order sales, etc.
  • For planning and development of our products and services etc.
  • To analyze member information when proposing various products and services
  • Rectification or erasure of information registered in our services
  • Work incidental to and associated with each of the preceding items


⒎ Provision and sharing of Personal Data

We might need to share Personal Data with the following third parties for the purposes of 6 above. Whenever necessary, we comply with the applicable laws and regulations.

・Ryubo Co., Ltd.

・Ryubo Holdings Co., Ltd.

・Ryubo Industry, Ltd.

・Ryubo Store, Ltd.

・Okinawa Familymart Co., Ltd.

・Ryubo Travel Service Co., Ltd.

・Ryubo Tomo-no-kai Co., Ltd.

・Ryutsu Assist Co., Ltd.

・Partners and subcontractors for businesses that provide various services (retail, wholesale, etc.)

・Tenants of facilities of Ryubo or our affiliated companies

・Professionals such as lawyers, tax accountants, and certified public accountants

・Authorised public agencies (police, courts, law enforcement agencies, audit and supervisory agencies, tax offices, etc., both in Japan and overseas)

・Financial institutions

・IT service providers, credit card companies

・Current and future officers and employees

・Other related business partners


⒏ Legal basis for processing Personal Data

The legal basis for processing Personal Data is as follows:

  • Where you have given your consent to the processing of your Personal Data for one or more specific purposes.

In this case, you have the right to withdraw this consent.

  • Where the processing is necessary for the performance of a contract to which you are a party, or where the processing is necessary for the performance of procedures you requested prior to entering into a contract.
  • Where the processing is necessary to comply with a legal obligation under EEA and UK laws to which the controller is subject.
  • Where the processing is necessary to protect your vital interests or those of another natural person.
  • Where the processing is necessary in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Where the processing is necessary for legitimate interests pursued by the controller or a third party (e.g. marketing targeting you (direct marketing), customer service provided to you) unless those interests are overridden by your fundamental rights and freedoms guaranteeing the protection of your Personal Data, especially in the case where you are a child.


⒐ Legitimate interests

  We might process your personal information for legitimate interests that have a legal basis. This means that the benefits resulting from the processing is balanced with those concerning your privacy and that the benefits resulting from the processing prevail. For more information, please contact the aforementioned controller.


10.Your rights

Under applicable privacy laws including GDPR and UK-GDPR, you have the following rights. To assert these rights, you can contact us, our EEA or UK representatives at any time.

⑴ Right to information

When collecting Personal Data from you, the controller must provide you with certain information at the time the Personal Data is obtained.

⑵ Right of access

If you request access to Personal Data being processed, the controller must provide a copy of such Personal Data.

⑶ Right to rectification

You can ask the controller to rectify inaccurate Personal Data.

⑷ Right to erasure (‘right to be forgotten’)

In certain cases, you have the right to request from the controller the erasure of Personal Data concerning you without delay.

⑸ Right to restriction of processing

In certain cases, you have the right to have the controller restrict processing.

⑹ Right to notification regarding rectification or erasure of Personal Data or restriction of processing

In the cases of (3) to (5) above, the controller contacts the recipient of Personal Data about this processing and, if requested by you, advises you who the recipient is.

⑺ Right to data portability

You have the right to receive Personal Data concerning you in a structured, commonly used and machine-readable format. You also have the right to transmit such Personal Data to another controller without hindrance from the controller to which the Personal Data have been provided.

⑻ Right to object

You have the right to object to the processing of your Personal Data that is necessary for the purpose of legitimate interests pursued by the controller or third parties.

⑼ Right not to be subject to automated processing, including profiling

You have the right not to be subject to decisions based solely on automated processing, such as profiling, which have legal consequences for you or have a similarly significant impact on you. Please note that we do not perform any automated processing, including profiling, of your Personal Data.


11.Security measures

As a controller, we have taken adequate technical and organizational security measures regarding the protection of Personal Data. If you have any concerns about a specific data transfer method, etc., we take adequate alternative measures.


12.Cross-border transfers

We might transfer your Personal Data to Japan. The transfer of Personal Data to Japan is based on the adequacy decision obtained by Japan regarding such cross-border data transfer. The transfer of Personal Data to third countries other than Japan, EU and UK (excluding countries/territories that have obtained adequacy decisions) is carried out by means of concluding Standard Contractual Clauses.


13.Personal data storage period

The storage period for Personal Data conforms to the respective statutory storage period in each EU member state, the UK and Japan, and Personal Data are promptly and safely erased following the end of such statutory storage period unless otherwise necessary for contractual or any other processing purposes.  


  1. Contact details of our representative in the UK

  ①     Representative in the UK: DataRep

Address: 107-111 Fleet Street, London, EC4A 2AB, United Kingdom

Email address:


15.General provisions

This privacy policy was last revised on April 13, 2023. We might change this privacy policy based on the laws and regulations or our own policy. However, we do not use your Personal Data in new ways without your consent.