FOR EEA and UK GUESTS Special rules for users within the EEA and UK region

TOP > Privacy policy > Special rules for users within the EEA and UK region

Kyoritsu Maintenance Co., Ltd. (the “Company”) performs the following processing of personal data of guests (the “Guests”) and other relevant people at the hotels (business hotels, resort hotels, Iyashi no yuyado and any other hotels operated by the Company; hereinafter collectively referred to as the “Hotel”) and dormitories (including student dormitories, employee dormitories, and any other dormitories operated by the Company; hereinafter collectively referred to as the “Dormitory”) operated by the Company, to whom the EU General Data Protection Regulation or the United Kingdom General Data Protection Regulation (collectively, the “GDPR”) applies.

  1. 1.Applicable Scope

    The following statements (this “EEA and UK Privacy Policy”) apply to the processing of personal data of Guests who are in the EEA or UK, and to whom the GDPR applies, where in the personal data is processed by the Company as a controller (namely, a person who decides the purpose and manner of the processing of personal data).

  2. 2.Categories of and Legal Basis for Processing the Guests’ Personal Data

    The Company processes the following categories of the Guests’ personal data based on the following legal basis in both the Hotel operating business and the Dormitory operating business. The Company processes the specified categories of personal data as set forth in Article 9.1 of the GDPR among the following categories, so long as the processing is admitted in accordance with the GDPR, and including cases where explicit consent is obtained from the Guests.


    (1)Categories of and Legal Basis for Processing the Guests’ Personal Data in the Hotel Operating Business

    Categories of the Guests’ personal data to be processed by the Company
    Information regarding the name, gender, telephone number, e-mail address, postal code, residential address, age, date of birth, profession, information regarding affiliation (company name, organization name, department name, position, phone number and address of company/organization), nationality, country of residence, passport, car information (car type, number, color), security information (such as the history of entry into and exit from the Hotel, image information photographed by security cameras located within the Hotel), and information in response to any request from the Guests (such as requests about rooms, information on allergies or health conditions or regarding religious beliefs), information on accommodation history, settlement, information about communications between the Company and the Guest, other information the Guest provides to the Company regarding the use of the Hotel, information obtained from the Guest’s devices (OS, IP address, browser information, information obtained by cookies and device information, etc.), and the like.
    1. (a)If the processing becomes necessary in order to perform an agreement entered into with the Guests (or in response to any request by the Guests before entering into an agreement), processing may be performed for the following reasons:
      (i)For the purpose of providing the accommodation services at the Hotel;
      (ii)For the purpose of handling requests or complaints from the Guests;
      (iii)For the purpose of arranging services to be provided by any third parties, including reservations, transportation and related activities, upon request from the Guests; or
      (iv)Other than the foregoing, for the purpose of the Company providing services to the Guest at the Hotel.
    2. (b)If the processing becomes necessary for the legitimate interests of the Company or any third party, processing may be performed for the following reasons:
      (i)For the purpose of improving the services of the Company through the analysis of Guest trends, and research and analysis on the development of new products, etc.;
      (ii)For the purpose of managing the visitors at the Hotel, and for managing other services of the Company; or
      (iii)For the purpose of making legal assertions for the Company during litigation or other disputes.
    3. (c)If the processing becomes necessary in order to ensure compliance with the legal obligations imposed on the Company, processing may be performed for the following reasons:
      (i)For the purpose of taking administrative procedures, including applications, notifications, etc., to any administrative authorities;
      (ii)For the purpose of complying with any requests made by any administrative or judicial authorities in accordance with the laws or regulations applicable to the Company; or
      (iii)Other than the foregoing, for the purpose of conducting any processing required by the Company in accordance with the laws and regulations.
    4. (d)If prior consent is obtained from the Guests, processing may be performed for the following reasons:
      Even if the foregoing legal basis does not apply, the Company may process specific personal data of the Guests in the event that the Company obtains the relevant Guest’s prior consent for the processing thereof. By agreeing to this EEA and UK Privacy Policy, Guests shall be deemed to consent to the processing of their personal data for the purpose of direct marketing. Guests may withdraw their consent at any time by contacting the Company in a manner separately determined by the Company; provided, however, that the lawfulness of any processing based on consent given before such withdrawal will not be affected by the withdrawal thereof.

    (2)Categories of and Legal Basis for Processing the Guests’ Personal Data of the Guests and the other relevant people in the Dormitory Operating Business

    The Company directly collects the following categories of personal information about the Guests:

    Categories of the Guests’ personal data to be processed by the Company:
    Information regarding the name, gender, telephone number, e-mail address, postal code, residential address, date of birth, nationality, passport, facial photo, blood type, emergency contact, information regarding affiliation (school name, company name, preparatory school name), information on health conditions (information on allergies, clinical history or health checkup results, etc.), settlement, [security information (such as the history of entry into and exit from the Dormitory, image information photographed by security cameras located within the Dormitory)], information about communications between the Company and the Guest, other information the Guest provides to the Company regarding the use of the Dormitory, information obtained from the Guest’s devices (OS, IP address, browser information, information obtained by cookies and device information, etc.), and the like.

    The Company collects the following categories of personal information about other relevant people from the Guests:

    Categories of personal data of the other relevant people to be processed by the Company:
    Information regarding name, telephone number, postal code, residential address, profession, and company name
    1. (a)If the processing becomes necessary in order to perform an agreement entered into with the Guests (or in response to any request by the Guests before entering into an agreement), processing may be performed for the following reasons:
      (i)For the purpose of providing the accommodation services at the Dormitory;
      (ii)For the purpose of handling requests or complaints from the Guests;
      (iii)Other than the foregoing, for the purpose of the Company providing services to the Guest at the Dormitory.
    2. (b)If the processing becomes necessary for the legitimate interests of the Company or any third party, processing may be performed for the following reasons:
      (i)For the purpose of improving the services of the Company through the analysis of Guest trends, and research and analysis on the development of new products, etc.;
      (ii)For the purpose of managing the visitors at the Dormitory, and for managing other services of the Company;
      (iii)For the purpose of making legal assertions for the Company during litigation or other disputes; or
      (iv)For the purpose of making contact with the family of the Guest and the university or company which the Guest belongs to.
    3. (c)If the processing becomes necessary in order to ensure compliance with the legal obligations imposed on the Company, processing may be performed for the following reasons:
      (i)For the purpose of taking administrative procedures, including applications, notifications, etc., to any administrative authorities;
      (ii)For the purpose of complying with any requests made by administrative or judicial authorities in accordance with the laws or regulations applicable to the Company; or
      (iii)Other than the foregoing, for the purpose of conducting any processing required by the Company in accordance with the laws and regulations.
    4. (d)If prior consent is obtained from the Guests, processing may be performed for the following reasons:
      Even if the foregoing legal basis does not apply, the Company may process specific personal data of the Guests in the event that the Company obtains the relevant Guest’s prior consent for the processing thereof. By agreeing to this EEA and UK Privacy Policy, Guests shall be deemed to consent to the processing of their personal data for the purpose of direct marketing.
      Guests may withdraw their consent at any time by contacting the Company in a manner separately determined by the Company; provided, however, that the lawfulness of any processing based on consent given before such withdrawal will not be affected by the withdrawal thereof.

      The Guests are not obligated to provide their personal data to the Company; however, the Company may not be able to provide its services to the Guests if the Guests fail to provide all or part of the foregoing categories of personal data, or fail to enter into an agreement with the Company.
  3. 3.Sources for Acquiring Personal Data

    The Company may receive the Guests’ personal data directly from the Guests as well as from the following third parties:

    (1)Websites operated by the Company’s affiliates;

    (2)Travel agencies used by the Guests;

    (3)Online travel reservation agents used by the Guests; and

    (4)Universities or companies the Guest belongs to.

  4. 4.Personal Data Retention Period

    The Company retains the Guests’ personal data for the period necessary for the Company to provide services to the Guests. The specific retention period is determined by taking into consideration the need in relation to the purposes for processing the personal data, the characteristics of the personal data, and other circumstances. Such retention period may be extended or shortened if required under the laws or regulations applicable to the Company.

  5. 5.Disclosure and Provision of Personal Data to Third Parties

    The Company may disclose and provide the personal data of the Guests mainly to the following third parties, for the purposes set forth in Section 2 above:

    (1)Each of the following group companies and affiliated organizations of the Kyoritsu Maintenance Group:

    1. ① Our Group Companies
      ・Kyoritsu Estate Co., Ltd.
      ・Kyoritsu Trust Co., Ltd.
      ・Kyoritsu Foods Service Co., Ltd.
      ・Kyoritsu Solutions Co., Ltd. (formerly Japan Placement Center Co., Ltd.)
      ・Kyoritsu Financial Service Co., Ltd.
      ・Builnet Co., Ltd.
      ・Kyoritsu Assist Co., Ltd.
      ・Kyoritsu Foods Management Co., Ltd.
      ・Kyoritsu Oasis Co., Ltd.
      ・Kyoritsu Maintenance Korea Co., Ltd.
      ・Central Builworks Co., Ltd.
      ・Kyoritsu Insurance Service Co., Ltd.
      ・Kyoritsu Refre Forum Co.,Ltd.
    2. ②Our Affiliated Organizations
      ・Kyoritsu International Foundation

    (2)Subcontractors, including service vendors, to whom the Company outsources the processing of personal data;

    (3)Travel agencies used by the Guests;

    (4)Online travel reservation agents used by the Guests;

    (5)Credit card companies used by the Guests;

    (6)Service providers that provide services such as reservation, transportation and activities to the Guests, upon request from the Guests;

    (7)Schools, companies or preparatory schools the Guests belong to; and

    (8)Subcontractors to whom the Company outsources direct marketing activities.

  6. 6.Extraterritorial Transfer of Personal Data

    In connection with the Company’s processing of personal data, for the purpose of Section 2 above, the Guests’ personal data may be transferred to countries and/or territories outside of the EEA or UK. In the event that the Company transfers the Guests’ personal data to any countries and/or territories where an adequate level of protection is not ensured, the Company takes appropriate protection measures by way of entering into standard contract terms approved by the European Commission with the transferee of the personal data, or through other methods. If a Guest wishes to request a copy of the standard contract terms or another document related to the appropriate protection measures, he/she should make such request using the contact information stated in Section 9 below.

  7. 7.Guests’ Rights

    Each Guest has the following rights in relation to his/her personal data obtained and processed by the Company.


    1. (1)Right of Access to Personal Data
      The Guest shall have the right to obtain confirmation from the Company as to whether or not personal data concerning the Guest is being processed. In the event that personal data is being processed, the Guest shall have the right to access such personal data and certain information set forth in the GDPR.
    2. (2)Right to Rectification
      The Guest shall have the right to obtain, without undue delay, the rectification of any inaccurate personal data concerning the Guest from the Company, and shall have the right to have any incomplete personal data of the Guest completed.
    3. (3)Right to Erasure (‘Right to be Forgotten’)
      The Guest shall have the right to obtain the erasure of personal data concerning the Guest from the Company without undue delay if certain statutory requirements are satisfied.
    4. (4)Right to Restriction of Processing
      The Guest shall have the right to obtain restriction of the processing of personal data concerning the Guest from the Company if certain statutory requirements are satisfied.
    5. (5)Right to Data Portability
      The Guest shall have the right to receive the personal data concerning the Guest in a structured, commonly-used and machine-readable format if certain statutory requirements are satisfied. In addition, the Guest shall have the right to transmit such data to another controller without hindrance from the Company.
    6. (6)Right to Object
      The Guest shall have the right to object to certain processing of personal data which is included in the Company’s processing of the Guest’s personal data. In the event that the Guest objects to such processing, the Company will cease the processing of the relevant personal data of the Guest if certain requirements set forth in the GDPR are satisfied.
    7. (7)Right to Not be Subject to “Automated Individual Decision-Making”
      The Guest shall have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the Guest or similarly significantly affects the Guest.
      If the Guest wishes to exercise any of the foregoing rights against the Company, such Guest is requested to make contact using the details stated in Section 9 below.
      In the event that the Company is contacted by the Guest regarding the exercise of such rights, the Company will conduct necessary investigations without undue delay and will respond to such contact.
      The Guest may lodge a complaint with the competent supervisory authority regarding the processing of personal data in relation to the Company’s processing of the Guest’s personal information.
  8. 8.Amendment to Processing of Personal Data

    In the event of any amendment being made to the purposes set forth in Section 2 above or any matters relating to the processing of the Guest’s personal data, the Company will inform the Guest of the post-amendment purposes and other necessary matters in advance by way of publishing the post-amendment EEA and UK Privacy Policy through individual contact or via other manners.

  9. 9.Contact Details

    Please contact the Company using the following contact details for any inquiries you wish to make to the Company in relation to the processing of the Guest’s personal data, the exercise of rights, or other communications.


    1. (1)Data Controller: Kyoritsu Maintenance Co., Ltd.
      Contact: Personal Information Inquiry Office
      Email:km-privacy@dormy.co.jp
    2. (2)EU Representative
      TMI Avocats & Associés
      40 avenue Niel 75017 Paris, France
      Email:Kyoritsu_EUrep@tmi.gr.jp
    3. (3)UK Representative
      TMI Associates London LLP
      CityPoint, One Ropemaker Street, London EC2Y 9SS, United Kingdom
      Email:Kyoritsu_UKrep@tmi.gr.jp
  10. Established on January 1st,2024