Privacy Policy

Kyoritsu Maintenance Co., Ltd. (“Kyoritsu Maintenance”) strongly recognizes the importance and social significance of privacy and personal information protection and has established the following privacy policy to ensure proper management.

Customers in the European Economic Area (EEA) or the United Kingdom should also refer to the "Special Regulations for Users in the EEA and UK region".

Section 1 (Purpose of Use of Personal Information)

Kyoritsu Maintenance will protect the personal information collected and will use personal information lawfully and fairly to provide business services, respond to inquiries, handle incidents and emergencies, analyze surveys, distribute behaviorally targeted advertisements using ad-serving companies such as Google and Yahoo, and provide information on products, services, campaigns, and other promotions, as well as for Kyoritsu Maintenance’s business activities and recruiting activities. If it becomes necessary to use personal information beyond the scope of the above purposes, Kyoritsu Maintenance will publicly disclose the reason for such use on its website or by other means.

Section 2 (Details of Personal Information)

(1) Information received

Information such as name, address, telephone number, e-mail address, SNS user IDs, date of birth, gender, nationality, passport, visa, marketing information, information entered into forms on Kyoritsu Maintenance's website, information entered by Kyoritsu Maintenance staff upon request, information about previous stays, long-term stays, dormitory stays, etc., use of Kyoritsu Maintenance's services and products purchased, information about preferences known to Kyoritsu Maintenance while using Kyoritsu Maintenance's services, information provided to Kyoritsu Maintenance to use Kyoritsu Maintenance's services, information provided to Kyoritsu Maintenance's business partners, travel agencies, etc., information provided to Kyoritsu Maintenance for various applications, etc.

(2) Information collected automatically

Information collected through the use of cookies and other means, such as terminal information, log information, anonymous IDs, location information, IP addresses and personal identification information, security cameras, and other security technologies.
Kyoritsu Maintenance uses analytical tools such as Google Analytics to track visits to its website.

(3) Information obtained from third parties

When Kyoritsu Maintenance collects personal information indirectly from a third party, it will confirm with the provider that the personal information has been properly collected and will obtain personal information only to the extent necessary to achieve the purpose of use after making contractual arrangements with the provider.

Section 3 (Shared Use of Personal Information)

(1) Types of personal information to be shared

Personal information as specified in the preceding section.

(2) Scope of shared use

(i) Kyoritsu Maintenance's corporate group companies

Kyoritsu Estate Co., Ltd.
Kyoritsu Trust Co., Ltd.
Kyoritsu Food Service Co., Ltd.
Kyoritsu Solutions Co., Ltd. (former Japan Placement Center Co., Ltd.)
Kyoritsu Financial Service Co., Ltd.
Builnet Co., Ltd.
Kyoritsu Assist Co., Ltd.
Kyoritsu Foods Management Co., Ltd.
Kyoritsu Oasis Co., Ltd.
Kyoritsu Maintenance Korea Co., Ltd.
Central Builworks Co., Ltd.
Kyoritsu Insurance Service Co., Ltd.
Kyoritsu Refre Forum Co., Ltd.

(ii) Affiliated organizations

The Kyoritsu International Foundation

Section 4 (Disclosure and Provision to Third Parties)

1. Kyoritsu Maintenance may entrust personal information to external contractors, etc., to the extent necessary for the performance of its business.
   In such cases, Kyoritsu Maintenance will strictly manage the information and protect personal information within the scope of the contract.
2. Kyoritsu Maintenance will not provide personal information in its possession to any third party, except in the following cases
   1. When given consent
   2. When requested to disclose personal information in accordance with laws and regulations.
   3. Kyoritsu Maintenance's interests are substantially impaired due to a violation of the Terms of Use.
   4. When it is necessary to protect an individual's life, health, property, or other vital interests.
   5. When necessary to improve public health or promote children's proper growth.
   6. When it is necessary to cooperate with a national agency, a local government or an individual or entity entrusted by either a national agency or local government to execute affairs prescribed by laws and regulations, and obtaining the consent of the individual is likely to impede the execution of such affairs.
   7. When disclosing or providing information to subcontractors to the extent necessary to provide services.
   8. In the event of a merger, corporate separation, or business transfer, where personal information or the right to control such personal information is transferred.

Section 5 (Handling of Information)

1. Kyoritsu Maintenance will implement reasonable security measures to prevent unauthorized access, loss, destruction, alteration, leakage, or other problems with personal information in possession. In addition, when collecting personal information through telecommunications, Kyoritsu Maintenance will strive to ensure security by using SSL (Secure Socket Layer) encryption and other security technologies to protect against interception by third parties during communications.
2. Personal information received will be managed under applicable laws.

Section 6 (Retention Period)

Kyoritsu Maintenance will retain personal information only when necessary to achieve the purposes outlined in Section 1 and promptly delete such information without delay when such necessity no longer exists. Kyoritsu Maintenance may retain and use personal information for a certain period, even after the individual ceases to use Kyoritsu Maintenance's services, to comply with legal obligations and respond to communications necessary for Kyoritsu Maintenance's business operations.

Section 7 (Compliance with Laws, Regulations and Other Norms)

Concerning the handling of personal information, Kyoritsu Maintenance will observe Japanese laws and regulations related to the protection of personal information, as well as other norms.

Section 8 (The Individual's Choice)

Provision of personal information to Kyoritsu Maintenance is, in principle, done voluntarily by the individual concerned. In some cases, failure to provide such information may result in the inability to use some of Kyoritsu Maintenance's services, resulting in an inconvenience to the individual concerned. The individual may, at any time, request Kyoritsu Maintenance to disclose, correct, or delete his/her personal information by following the procedures specified by Kyoritsu Maintenance.

Section 9 (Inquiries Concerning Personal Information)

If you have any questions regarding Kyoritsu Maintenance's handling of personal information, please contact the Personal Information Inquiry Office below. We will respond within a reasonable period and to a reasonable extent after confirming the individual's identity.

General Affairs Department, Personal Information Inquiry Office, Kyoritsu Maintenance Co., Ltd.
Mail: km-privacy@dormy.co.jp

Please note that we cannot accept requests made in person at our office.

Established February 1st, 2005
Revised September 9th, 2005
Revised April 1st, 2011
Revised July 1st, 2015
Revised June 21st, 2022
Revised February 1st, 2024

Kyoritsu Maintenance Co., Ltd.

Special rules for users within the EEA and UK region

Kyoritsu Maintenance Co., Ltd. (the “Company”) performs the following processing of personal data of guests (the “Guests”) and other relevant people at the hotels (business hotels, resort hotels, Iyashi-no-Yuyado (healing hot spring inns), and any other hotels operated by the Company; hereinafter collectively referred to as the “Hotel”) and dormitories (including student dormitories, employee dormitories, and any other dormitories operated by the Company; hereinafter collectively referred to as the “Dormitory”) operated by the Company, to whom the EU General Data Protection Regulation or the United Kingdom General Data Protection Regulation (collectively, the “GDPR”) applies.

1. Applicable Scope

The following statements (this “EEA and UK Privacy Policy”) apply to the processing of personal data of Guests who are in the EEA or UK, and to whom the GDPR applies, where in the personal data is processed by the Company as a controller (namely, a person who decides the purpose and manner of the processing of personal data).

2. Categories of and Legal Basis for Processing the Guests’ Personal Data

The Company processes the following categories of the Guests’ personal data based on the following legal basis in both the Hotel operating business and the Dormitory operating business. The Company processes the specified categories of personal data as set forth in Article 9.1 of the GDPR among the following categories, so long as the processing is admitted in accordance with the GDPR, and including cases where explicit consent is obtained from the Guests.

(1) Categories of and Legal Basis for Processing the Guests’ Personal Data in the Hotel Operating Business

Categories of the Guests’ personal data to be processed by the Company

Information regarding the name, gender, telephone number, e-mail address, postal code, residential address, age, date of birth, profession, information regarding affiliation (company name, organization name, department name, position, phone number and address of company/organization), nationality, country of residence, passport, car information (car type, number, color), security information (such as the history of entry into and exit from the Hotel, image information photographed by security cameras located within the Hotel), and information in response to any request from the Guests (such as requests about rooms, information on allergies or health conditions or regarding religious beliefs), information on accommodation history, settlement, information about communications between the Company and the Guest, other information the Guest provides to the Company regarding the use of the Hotel, information obtained from the Guest’s devices (OS, IP address, browser information, information obtained by cookies and device information, etc.),

1. If the processing becomes necessary in order to perform an agreement entered into with the Guests (or in response to any request by the Guests before entering into an agreement), processing may be performed for the following reasons:
   1. For the purpose of providing the accommodation services at the Hotel;
   2. For the purpose of handling requests or complaints from the Guests;
   3. For the purpose of arranging services to be provided by any third parties, including reservations, transportation and related activities, upon request from the Guests; or
   4. Other than the foregoing, for the purpose of the Company providing services to the Guest at the Hotel.
2. If the processing becomes necessary for the legitimate interests of the Company or any third party, processing may be performed for the following reasons:
   1. For the purpose of improving the services of the Company through the analysis of Guest trends, and research and analysis on the development of new products, etc.;
   2. For the purpose of managing the visitors at the Hotel, and for managing other services of the Company; or
   3. For the purpose of making legal assertions for the Company during litigation or other disputes.
3. If the processing becomes necessary in order to ensure compliance with the legal obligations imposed on the Company, processing may be performed for the following reasons:
   1. For the purpose of taking administrative procedures, including applications, notifications, etc., to any administrative authorities;
   2. For the purpose of complying with any requests made by any administrative or judicial authorities in accordance with the laws or regulations applicable to the Company; or
   3. Other than the foregoing, for the purpose of conducting any processing required by the Company in accordance with the laws and regulations.
4. If prior consent is obtained from the Guests, processing may be performed for the following reasons:

   Even if the foregoing legal basis does not apply, the Company may process specific personal data of the Guests in the event that the Company obtains the relevant Guest’s prior consent for the processing thereof. By agreeing to this EEA and UK Privacy Policy, Guests shall be deemed to consent to the processing of their personal data for the purpose of direct marketing. Guests may withdraw their consent at any time by contacting the Company in a manner separately determined by the Company; provided, however, that the lawfulness of any processing based on consent given before such withdrawal will not be affected by the withdrawal thereof.

(2) Categories of and Legal Basis for Processing the Guests’ Personal Data of the Guests and the other relevant people in the Dormitory Operating Business

The Company directly collects the following categories of personal information about the Guests:

Categories of the Guests’ personal data to be processed by the Company:

Information regarding the name, gender, telephone number, e-mail address, postal code, residential address, date of birth, nationality, passport, facial photo, blood type, emergency contact, information regarding affiliation (school name, company name, preparatory school name), information on health conditions (information on allergies, clinical history or health checkup results, etc.), settlement, [security information (such as the history of entry into and exit from the Dormitory, image information photographed by security cameras located within the Dormitory)], information about communications between the Company and the Guest, other information the Guest provides to the Company regarding the use of the Dormitory, information obtained from the Guest’s devices (OS, IP address, browser information, information obtained by cookies and device information, etc.), and the like.

The Company collects the following categories of personal information about other relevant people from the Guests:

Categories of personal data of the other relevant people to be processed by the Company:

Information regarding name, telephone number, postal code, residential address, profession, and company name

1. If the processing becomes necessary in order to perform an agreement entered into with the Guests (or in response to any request by the Guests before entering into an agreement), processing may be performed for the following reasons:
   1. For the purpose of providing the accommodation services at the Dormitory;
   2. For the purpose of handling requests or complaints from the Guests;
   3. Other than the foregoing, for the purpose of the Company providing services to the Guest at the Dormitory.
2. If the processing becomes necessary for the legitimate interests of the Company or any third party, processing may be performed for the following reasons:
   1. For the purpose of improving the services of the Company through the analysis of Guest trends, and research and analysis on the development of new products, etc.;
   2. For the purpose of managing the visitors at the Dormitory, and for managing other services of the Company;
   3. For the purpose of making legal assertions for the Company during litigation or other disputes; or
   4. For the purpose of making contact with the family of the Guest and the university or company which the Guest belongs to.
3. If the processing becomes necessary in order to ensure compliance with the legal obligations imposed on the Company, processing may be performed for the following reasons:
   1. For the purpose of taking administrative procedures, including applications, notifications, etc., to any administrative authorities;
   2. For the purpose of complying with any requests made by administrative or judicial authorities in accordance with the laws or regulations applicable to the Company; or
   3. Other than the foregoing, for the purpose of conducting any processing required by the Company in accordance with the laws and regulations.
4. If prior consent is obtained from the Guests, processing may be performed for the following reasons:

   Even if the foregoing legal basis does not apply, the Company may process specific personal data of the Guests in the event that the Company obtains the relevant Guest’s prior consent for the processing thereof. By agreeing to this EEA and UK Privacy Policy, Guests shall be deemed to consent to the processing of their personal data for the purpose of direct marketing.
   Guests may withdraw their consent at any time by contacting the Company in a manner separately determined by the Company; provided, however, that the lawfulness of any processing based on consent given before such withdrawal will not be affected by the withdrawal thereof.

   The Guests are not obligated to provide their personal data to the Company;
   however, the Company may not be able to provide its services to the Guests if the Guests fail to provide all or part of the foregoing categories of personal data, or fail to enter into an agreement with the Company.

3. Sources for Acquiring Personal Data

The Company may receive the Guests’ personal data directly from the Guests as well as from the following third parties:

1. Websites operated by the Company’s affiliates;
2. Travel agencies used by the Guests;
3. Online travel reservation agents used by the Guests; and
4. Universities or companies the Guest belongs to.

4. Personal Data Retention Period

The Company retains the Guests’ personal data for the period necessary for the Company to provide services to the Guests. The specific retention period is determined by taking into consideration the need in relation to the purposes for processing the personal data, the characteristics of the personal data, and other circumstances.

Such retention period may be extended or shortened if required under the laws or regulations applicable to the Company.

5. Disclosure and Provision of Personal Data to Third Parties

The Company may disclose and provide the personal data of the Guests mainly to the following third parties, for the purposes set forth in Section 2 above:

1. Each of the following group companies and affiliated organizations of the Kyoritsu Maintenance Group:
   1. Our Group Companies
      • Kyoritsu Estate Co., Ltd.
      • Kyoritsu Trust Co., Ltd.
      • Kyoritsu Foods Service Co., Ltd.
      • Kyoritsu Solutions Co., Ltd. (formerly Japan Placement Center Co., Ltd.)
      • Kyoritsu Financial Service Co., Ltd.
      • Builnet Co., Ltd.
      • Kyoritsu Assist Co., Ltd.
      • Kyoritsu Foods Management Co., Ltd.
      • Kyoritsu Oasis Co., Ltd.
      • Kyoritsu Maintenance Korea Co., Ltd.
      • Central Builworks Co., Ltd.
      • Kyoritsu Insurance Service Co., Ltd.
      • Kyoritsu Refre Forum Co.,Ltd.
   2. Our Affiliated Organizations
      • Kyoritsu International Foundation
2. Subcontractors, including service vendors, to whom the Company outsources the processing of personal data;
3. Travel agencies used by the Guests;
4. Online travel reservation agents used by the Guests;
5. Credit card companies used by the Guests;
6. Service providers that provide services such as reservation, transportation and activities to the Guests, upon request from the Guests;
7. Schools, companies or preparatory schools the Guests belong to; and
8. Subcontractors to whom the Company outsources direct marketing activities.

6. Extraterritorial Transfer of Personal Data

In connection with the Company’s processing of personal data, for the purpose of Section 2 above, the Guests’ personal data may be transferred to countries and/or territories outside of the EEA or UK. In the event that the Company transfers the Guests’ personal data to any countries and/or territories where an adequate level of protection is not ensured, the Company takes appropriate protection measures by way of entering into standard contract terms approved by the European Commission with the transferee of the personal data, or through other methods. If a Guest wishes to request a copy of the standard contract terms or another document related to the appropriate protection measures, he/she should make such request using the contact information stated in Section 9 below.

7. Guests’ Rights

Each Guest has the following rights in relation to his/her personal data obtained and processed by the Company.

(1) Right of Access to Personal Data

The Guest shall have the right to obtain confirmation from the Company as to whether or not personal data concerning the Guest is being processed. In the event that personal data is being processed, the Guest shall have the right to access such personal data and certain information set forth in the GDPR.

(2) Right to Rectification

The Guest shall have the right to obtain, without undue delay, the rectification of any inaccurate personal data concerning the Guest from the Company, and shall have the right to have any incomplete personal data of the Guest completed.

(3) Right to Erasure (‘Right to be Forgotten’)

The Guest shall have the right to obtain the erasure of personal data concerning the Guest from the Company without undue delay if certain statutory requirements are satisfied.

(4) Right to Restriction of Processing

The Guest shall have the right to obtain restriction of the processing of personal data concerning the Guest from the Company if certain statutory requirements are satisfied.

(5) Right to Data Portability

The Guest shall have the right to receive the personal data concerning the Guest in a structured, commonly-used and machine-readable format if certain statutory requirements are satisfied. In addition, the Guest shall have the right to transmit such data to another controller without hindrance from the Company.

(6) Right to Object

The Guest shall have the right to object to certain processing of personal data which is included in the Company’s processing of the Guest’s personal data. In the event that the Guest objects to such processing, the Company will cease the processing of the relevant personal data of the Guest if certain requirements set forth in the GDPR are satisfied.

(7) Right to Not be Subject to “Automated Individual Decision-Making”

The Guest shall have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the Guest or similarly significantly affects the Guest.

If the Guest wishes to exercise any of the foregoing rights against the Company, such Guest is requested to make contact using the details stated in Section 9 below.

In the event that the Company is contacted by the Guest regarding the exercise of such rights, the Company will conduct necessary investigations without undue delay and will respond to such contact.

The Guest may lodge a complaint with the competent supervisory authority regarding the processing of personal data in relation to the Company’s processing of the Guest’s personal information.

8. Amendment to Processing of Personal Data

In the event of any amendment being made to the purposes set forth in Section 2 above or any matters relating to the processing of the Guest’s personal data, the Company will inform the Guest of the post-amendment purposes and other necessary matters in advance by way of publishing the post-amendment EEA and UK Privacy Policy through individual contact or via other manners.

9. Contact Details

Please contact the Company using the following contact details for any inquiries you wish to make to the Company in relation to the processing of the Guest’s personal data, the exercise of rights, or other communications.

(1) Data Controller: Kyoritsu Maintenance Co., Ltd.

Contact: Personal Information Inquiry Office

Email：km-privacy@dormy.co.jp

(2) EU Representative

TMI Avocats & Associés

40 avenue Niel 75017 Paris, France

Email：Kyoritsu_EUrep@tmi.gr.jp

(3) UK Representative

TMI Associates London LLP

CityPoint, One Ropemaker Street, London EC2Y 9SS, United Kingdom

Email：Kyoritsu_UKrep@tmi.gr.jp