Privacy Policy

Data Controller

The data controller is Vincent Chiarenza, Sole Proprietor (EI), Grimbergen, Belgium, for the website ryokantravel.com. Personal data requests can be sent through the Contact and Suggestions page or to contact(a)ryokantravel.com.

No Data Protection Officer has been appointed at this stage unless later stated on this page.

Data Collected

• Contact data: name, email, request type, message content, and information voluntarily submitted by the user.
• Account data where enabled: identifier, email, preferences, limited login history, saved itineraries, and related settings.
• Itinerary data: selected ryokans, cities, dates or durations, route order, notes, favorites, comparison criteria, and public sharing settings where applicable.
• Technical data: IP address, session identifiers, security logs, browser, device, pages viewed, cookie consent choices, and anti-spam signals.
• Audience and navigation data where consent is required and granted.
• Partner data: property name, professional contact details, role, and information submitted to update a ryokan page.
• Contribution data: corrections, suggestions, votes, ratings, reports, public itinerary content, moderation status, and related metadata.
• Commercial interaction data: clicks on booking, price, affiliate, or partner links, where such tracking is enabled and lawful.
• Rights claim data: claimant identity, contact details, disputed URLs, rights ownership information, evidence supplied, correspondence, and action taken in response to copyright, image rights, trademark, privacy, or other legal notices.

RyokanTravel does not intentionally request special category data such as health data, biometric data, religious beliefs, or precise identity documents through standard forms. Users should not submit sensitive data unless it is strictly necessary and explicitly requested for a specific service.

Purposes

• Answering messages, assistance requests, partnerships, corrections, and suggestions.
• Providing search, filtering, comparison, maps, ryokan pages, favorites, and itinerary planning features.
• Saving favorites and itineraries, synchronizing preferences, and displaying shared routes where the user chooses that option.
• Improving data quality, detecting errors, fighting spam, securing the website, and preventing abuse.
• Measuring audience, understanding use of V2 features, and prioritizing product improvements.
• Complying with legal, accounting, evidence, or authority cooperation obligations.

Legal Bases

Depending on the situation, processing is based on pre-contractual or contractual necessity, RyokanTravel's legitimate interest in operating and securing the service, consent for certain cookies or communications, and compliance with legal obligations.

• Contract or pre-contractual steps: responding to travel enquiries, preparing a requested service, managing account features, or handling a user request.
• Legitimate interest: securing the website, preventing abuse, improving content quality, maintaining business records, analyzing non-intrusive usage, and protecting legal rights.
• Consent: non-essential cookies, certain analytics or marketing tools, optional public sharing, and any communication that legally requires opt-in consent.
• Legal obligation: accounting, tax, regulatory, evidence preservation, or cooperation with competent authorities where required.

Cookies and Local Storage

RyokanTravel may use cookies, local storage, pixels, scripts, and similar technologies for security, session management, form protection, preferences, consent storage, analytics, partner measurement, and itinerary functionality.

The itinerary system may store selected ryokans, favorites, steps, filters, map choices, or interface preferences locally in the user's browser. These items remain on the user's device until deleted by the user or browser, unless account-based saving is explicitly enabled.

Non-essential cookies that require consent can be accepted, refused, or changed through the consent module displayed on the website. Blocking cookies in the browser may erase local favorites, unsynchronized itineraries, preferences, sessions, and saved consent choices.

Strictly necessary cookies and similar storage may be used without consent when they are required for security, consent management, form protection, session continuity, or a feature expressly requested by the user. Analytics, advertising, affiliate, or third-party tracking tools are used only where a valid legal basis is available.

Third-Party Tools and Links

RyokanTravel may rely on third-party services for hosting, email delivery, anti-spam, maps, fonts, analytics, consent management, booking links, affiliate tracking, embedded content, and performance monitoring. These providers may process technical data under their own terms or as processors of RyokanTravel.

When users leave RyokanTravel through an external booking, price, map, social, or partner link, the destination website becomes responsible for its own processing. Users should review the privacy policy and terms of that third party before submitting personal or payment data.

Retention Periods

• Contact messages: up to 3 years after the last useful exchange, unless a legal obligation or dispute requires longer retention.
• Account data: while the account remains active, then deleted or anonymized within a reasonable period after request or prolonged inactivity.
• Local itineraries: stored in the user's browser until deleted by the user or browser.
• Saved or shared itineraries: kept while the feature is used or until deletion by the user or moderation by RyokanTravel.
• Security logs: limited to what is proportionate for security needs, generally a few months.
• Cookies: session cookies expire at browser closure; persistent cookies may last from a few days to several months depending on their purpose.
• Business, accounting, and legal records: retained for the legally required period or for the period necessary to establish, exercise, or defend legal claims.
• Moderation, abuse, and fraud records: retained as long as necessary to prevent repeated abuse and protect the service.
• Rights notices and takedown records: retained for as long as reasonably necessary to document the request, prevent repeat issues, resolve disputes, and establish, exercise, or defend legal claims.

Recipients and Processors

Data may be processed by the hosting provider, WordPress technical tools, security services, email providers, analytics tools, booking partners when users click through to them, and service providers required for website operation.

RyokanTravel does not sell users' personal data. Data is shared only when necessary for the service, required by law, authorized by the user, or needed to protect the rights and security of the website.

International Transfers

Some technical providers or partners may be located outside the European Economic Area. Where required, RyokanTravel relies on appropriate safeguards such as adequacy decisions, standard contractual clauses, or supplementary measures.

Automated Processing

RyokanTravel may use automated rules, scoring formulas, filters, caches, and ranking logic to display ryokans, organize search results, summarize criteria, detect spam, and improve itineraries. These tools support browsing and planning; they do not produce a legally binding decision about the user.

Where a result looks wrong, incomplete, or unfair, users and partners may request a review through the Contact and Suggestions page.

User Rights

Subject to the conditions set by the GDPR and applicable laws, users may request access, rectification, erasure, restriction, objection, portability, or withdrawal of consent.

To exercise these rights, use the Contact and Suggestions page and describe the request precisely. Proof of identity may be requested in case of reasonable doubt.

Users may also file a complaint with the competent supervisory authority, including the Belgian Data Protection Authority or the authority of their country of residence.

Withdrawing consent does not affect processing already carried out lawfully before withdrawal. Some data may still be retained where required by law, security, accounting, dispute handling, or legitimate rights protection.

Security

RyokanTravel applies reasonable security measures, including access limitation, anti-spam protections, updates, logging, form controls, and data separation where appropriate. No online service can guarantee zero risk, so users should avoid sending unnecessary sensitive data.

Children

The website is mainly intended for people planning travel. Minors should not submit personal data without permission from a parent or legal guardian.