⒈ General policy
Pursuant to the EU General Data Protection Regulation (‘GDPR’) and the UK General Data Protection Regulation (‘UK-GDPR’), we set a policy for the handling and protection of personal data of customers residing in the European Economic Area (EEA) and the United Kingdom (‘Personal Data’), and thereby establish internal systems and properly protect, manage and use Personal Data.
⒉ Controller’s name, address, etc.
As the controller of Personal Data processing activities, we are responsible for providing you with information regarding the handling of your Personal Data and for responding to your questions, comments and requests.
Address: 2-2-30 Makishi, Naha, Okinawa
Representative: Gouichi Itokazu
Telephone number: ＋81-098-862-5111
⒊ Lodging complaints with supervisory authorities
You have the right to lodge complaints with supervisory authorities such as national, regional or international organizations concerning our handling of Personal Data in accordance with GDPR, UK-GDPR, etc. We would appreciate an opportunity to address your concerns before you lodge a complaint with a supervisory authority and kindly ask you to contact us or our representative in the EEA or UK prior to lodging a complaint.
If you disable cookies in your internet browser, not all functions of our website might be fully available.
We might (automatically) obtain the following information from you through cookies:
- Information collected automatically by the website, such as IP address, cookie identifier, browser type, date and time of access, and location information
- Information required by administrative instructions, laws, regulations, ordinances, etc.
The above acquired information is used for the following purposes in addition to the purposes described in 6 below.
- To provide appropriate information and ensure security on the website
- To operate and improve the functionality of the website
- To provide information about our services
- For statistical analysis of website maintenance and management, and usage
⒌ Acquisition of Personal Data
When you make a room, restaurant or event reservation through our websites, apps, reservation agents or other channels, we might collect your Personal Data from you directly or through a third party such as a reservation agent. The Personal Data we obtain and keep include the following:
Name, nationality, address, gender, date of birth, country/region of residence, e-mail address, telephone number, etc.
Credit card number, bank account information, billing address, etc.
- Information collected automatically on our website
IP address, browser type, access date and time, etc.
Information to meet your requests such as room and leisure activities and other special requests
⑤Information stipulated by administrative instructions and laws, ordinances, etc.
⒍ Purpose of use, etc.
We use and process Personal Data only for the following purposes:
- For the management of customers to whom we provide services
- For the sale of products, rights, digital content, and services (including financial products, etc.) of Ryubo and third parties (including the conclusion of service supply contracts, etc.)
- To offer members loyalty programs and other benefits, etc.
- To provide to customers proposals and information from joint users regarding joint users/partner companies, various products and services, mail-order sales, etc.
- For planning and development of our products and services etc.
- To analyze member information when proposing various products and services
- Rectification or erasure of information registered in our services
- Work incidental to and associated with each of the preceding items
⒎ Provision and sharing of Personal Data
We might need to share Personal Data with the following third parties for the purposes of 6 above. Whenever necessary, we comply with the applicable laws and regulations.
・Ryubo Co., Ltd.
・Ryubo Holdings Co., Ltd.
・Ryubo Industry, Ltd.
・Ryubo Store, Ltd.
・Okinawa Familymart Co., Ltd.
・Ryubo Travel Service Co., Ltd.
・Ryubo Tomo-no-kai Co., Ltd.
・Ryutsu Assist Co., Ltd.
・Partners and subcontractors for businesses that provide various services (retail, wholesale, etc.)
・Tenants of facilities of Ryubo or our affiliated companies
・Professionals such as lawyers, tax accountants, and certified public accountants
・Authorised public agencies (police, courts, law enforcement agencies, audit and supervisory agencies, tax offices, etc., both in Japan and overseas)
・IT service providers, credit card companies
・Current and future officers and employees
・Other related business partners
⒏ Legal basis for processing Personal Data
The legal basis for processing Personal Data is as follows:
- Where you have given your consent to the processing of your Personal Data for one or more specific purposes.
In this case, you have the right to withdraw this consent.
- Where the processing is necessary for the performance of a contract to which you are a party, or where the processing is necessary for the performance of procedures you requested prior to entering into a contract.
- Where the processing is necessary to comply with a legal obligation under EEA and UK laws to which the controller is subject.
- Where the processing is necessary to protect your vital interests or those of another natural person.
- Where the processing is necessary in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Where the processing is necessary for legitimate interests pursued by the controller or a third party (e.g. marketing targeting you (direct marketing), customer service provided to you) unless those interests are overridden by your fundamental rights and freedoms guaranteeing the protection of your Personal Data, especially in the case where you are a child.
⒐ Legitimate interests
We might process your personal information for legitimate interests that have a legal basis. This means that the benefits resulting from the processing is balanced with those concerning your privacy and that the benefits resulting from the processing prevail. For more information, please contact the aforementioned controller.
Under applicable privacy laws including GDPR and UK-GDPR, you have the following rights. To assert these rights, you can contact us, our EEA or UK representatives at any time.
⑴ Right to information
When collecting Personal Data from you, the controller must provide you with certain information at the time the Personal Data is obtained.
⑵ Right of access
If you request access to Personal Data being processed, the controller must provide a copy of such Personal Data.
⑶ Right to rectification
You can ask the controller to rectify inaccurate Personal Data.
⑷ Right to erasure (‘right to be forgotten’)
In certain cases, you have the right to request from the controller the erasure of Personal Data concerning you without delay.
⑸ Right to restriction of processing
In certain cases, you have the right to have the controller restrict processing.
⑹ Right to notification regarding rectification or erasure of Personal Data or restriction of processing
In the cases of (3) to (5) above, the controller contacts the recipient of Personal Data about this processing and, if requested by you, advises you who the recipient is.
⑺ Right to data portability
You have the right to receive Personal Data concerning you in a structured, commonly used and machine-readable format. You also have the right to transmit such Personal Data to another controller without hindrance from the controller to which the Personal Data have been provided.
⑻ Right to object
You have the right to object to the processing of your Personal Data that is necessary for the purpose of legitimate interests pursued by the controller or third parties.
⑼ Right not to be subject to automated processing, including profiling
You have the right not to be subject to decisions based solely on automated processing, such as profiling, which have legal consequences for you or have a similarly significant impact on you. Please note that we do not perform any automated processing, including profiling, of your Personal Data.
As a controller, we have taken adequate technical and organizational security measures regarding the protection of Personal Data. If you have any concerns about a specific data transfer method, etc., we take adequate alternative measures.
We might transfer your Personal Data to Japan. The transfer of Personal Data to Japan is based on the adequacy decision obtained by Japan regarding such cross-border data transfer. The transfer of Personal Data to third countries other than Japan, EU and UK (excluding countries/territories that have obtained adequacy decisions) is carried out by means of concluding Standard Contractual Clauses.
13．Personal data storage period
The storage period for Personal Data conforms to the respective statutory storage period in each EU member state, the UK and Japan, and Personal Data are promptly and safely erased following the end of such statutory storage period unless otherwise necessary for contractual or any other processing purposes.
- Contact details of our representative in the UK
① Representative in the UK: DataRep
Address: 107-111 Fleet Street, London, EC4A 2AB, United Kingdom
Email address: email@example.com