This notice describes how we collect, use and protect your personal data.
Controller: TOMOTOMO LLC
Representative: Tomoko Yanada
Address: 575-4 Amamizushima, Matsunoyama, Tokamachi, Niigata 942-1434, Japan
Email: info@amamizushima.com
Lodging business: Private Lodging Business Act, Notification No. M150062846 (Governor of Niigata).
[Reservation & stay]
Name, address, nationality, phone, email, reservation details, dates, party size, payment information, enquiry content, guest information provided by OTAs such as Booking.com and Airbnb, ID documents (at check-in).
[Site usage]
IP address, User-Agent, referrer, cookie / localStorage identifiers, access logs, language preference, screen size, time zone, time on site.
• Processing and managing reservations
• Identity verification
• Provision of lodging services
• Check-in and check-out
• Responding to enquiries
• Emergency contact
• Statutory creation and retention of the guest register
• Fraud prevention
• Security
• Site improvement (only where consent is given)
• Reservation management: performance of a contract (GDPR Art. 6(1)(b))
• Enquiry handling: pre-contractual steps / legitimate interests (Art. 6(1)(b) / (f))
• Guest register: legal obligation (Art. 6(1)(c)) — Japan Private Lodging Business Act
• Security logs: legitimate interests (Art. 6(1)(f))
• Analytics: consent (Art. 6(1)(a))
• Language preference storage: legitimate interests (Art. 6(1)(f))
This site uses:
• amami_lang: language preference (set on user action, 6 months)
• amami_consent: consent state (12 months)
• amami_sid: analytics session ID (only after consent, browser session)
Users in the EU / UK are shown a consent banner on first visit. Consent can be withdrawn at any time via the “Cookie settings” link.
• Cloudflare Inc. (United States): hosting, analytics storage (data processing agreement in place)
• Booking.com B.V. (Netherlands): reservation management
• Airbnb Ireland UC (Ireland): reservation management
• Stripe Payments Europe, Limited (Ireland) / Stripe Japan K.K. (Japan): payment processing
Other than the above, we do not share your data with third parties without your consent, except where required by law or to protect a person’s life or safety.
The processors listed above may process data outside Japan (in the United States, Netherlands, Ireland, Singapore, etc.). Transfers from the EU / UK are covered by GDPR Article 46 Standard Contractual Clauses (SCCs) or equivalent safeguards.
• Guest register: 3 years (statutory under the Private Lodging Business Act)
• Reservation, billing and incident records: 7 years
• Enquiry content: 3 years
• Analytics data: 13 months
• Security logs (IP, etc.): 90 days
• Consent logs: 24 months
Data is deleted promptly once the retention period has elapsed.
For data subjects under GDPR / UK GDPR:
• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure / “right to be forgotten” (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to withdraw consent (Art. 7(3))
• Right to lodge a complaint with a supervisory authority (Art. 77)
For users in Japan (Act on the Protection of Personal Information):
• Right of disclosure
• Right of correction, addition, or deletion
• Right to demand suspension of use
• Complaints: Personal Information Protection Commission (https://www.ppc.go.jp/)
For users in Hong Kong (PDPO):
• Data access request
• Data correction request
To exercise these rights, please email info@amamizushima.com.
We use HTTPS encryption in transit, minimised storage, restricted administrator access, log management, and regular security reviews.
Enquiries, rights requests and complaints:
TOMOTOMO LLC
575-4 Amamizushima, Matsunoyama, Tokamachi, Niigata 942-1434, Japan
Email: info@amamizushima.com
Phone: +81-90-3231-8088
We may update this policy without prior notice. Material changes will be announced on this page.