Binding Corporate Rules

Rakuten’s global privacy framework is based in a set of internal rules referred to as Binding Corporate Rules (BCRs). This all-encompassing framework of internal rules is comprised of both the EU BCR and the UK BCR, which have been approved by the European Union and the United Kingdom’s respective data protection authorities. The BCRs ensure the protection of individual’s privacy and personal data throughout the Rakuten Group.

Why are the BCRs important?

The fast-moving and globalized nature of the digital sector requires a global approach to business operations, where services are available to individuals located all over the world. The Rakuten Group, as a global company, is established in several countries and its operations are the subject of a vast number of laws in multiple jurisdictions.

Some of these countries have limited or fragmented privacy rules or may lack a general privacy framework. Therefore, Rakuten relies on its BCRs as the fundamental guarantee and operational baseline for its approach to privacy and data protection.

These corporate rules assure that the level of protection offered in any country where Rakuten companies are based matches the level required by the European Union and the United Kingdom. This means that data can be transferred safely and lawfully between Rakuten Group entities.

What is the content of the BCRs?

These rules comprise the main privacy principles such as lawful processing, purpose limitation and data quality, as well as recognize the right to information, rectification, objection, and other rights as granted under the applicable privacy laws. Depending on the region where Rakuten users are based and the applicable privacy regulations, users may also enjoy additional rights.

Rakuten has appointed a Global Privacy Manager that leads Rakuten’s privacy strategy. The Global Privacy Manager works hand in hand with Rakuten’s strong privacy network to ensure compliance with the BCRs across Rakuten Group entities, and they are responsible for mediating claims and assuring internal compliance. Most importantly, the BCRs bind all Rakuten’s worldwide entities so that each company adheres to the same rules across all their operations.

The rules also make it clear that even if personal data is transferred to a country that operates on a less stringent data protection regime, Rakuten will still apply its high global standards.

Privacy is the core value of trust for our users and stakeholders. Rakuten is very serious about maintaining global compliance to the highest standards.

List of Rakuten Group Entities That are Part of Our BCR Intra-group Agreements

EEA Entities
Jurisdiction Entity
Estonia OU Massi Miliano
France Aquafadas S.A.S.U.
France Rakuten France S.A.S.
France Rakuten Advertising France S.A.S.
France Rakuten Symphony France S.A.S.
Germany Rakuten Marketing Germany GmbH
Germany Rakuten Symphony Deutschland GmbH
Ireland Kobo Software Ireland Ltd
Luxembourg Rakuten Europe S.a.r.l.
Luxembourg Rakuten Europe Bank S.A.
Luxembourg Viber Media LLC
Luxembourg Viber Media S.a.r.l.
Spain Rakuten TV Europe, S.L.U.
United Kingdom Entities
Jurisdiction Entity
The United Kingdom Rakuten Insight UK Limited
The United Kingdom Rakuten Marketing Europe Limited
Other countries Entities
Jurisdiction Entity
Australia Rakuten Marketing Australia Pty. Ltd.
Brazil Rakuten Marketing Brazil Ltda.
Canada Rakuten Kobo Inc.
China Rakuten China Development Center Co., Ltd.
China Rakuten Insight China Co., Ltd.
China Shanghai Soukai E-commerce Limited
Hong Kong Rakuten Securities Hong Kong Limited
Hong Kong Rakuten Securities Bullion Hong Kong Limited
Hong Kong Rakuten Global Trading Hong Kong Limited
India Rakuten Symphony India Private Limited
India Rakuten India Enterprise Private Limited
India Rakuten Insight India Private Limited
India Robin Software Development Center India Pvt. Ltd.
Japan Clips, Inc.
Japan Executive Golf, Inc.
Japan Keiba Mall, Inc.
Japan Rakuten Bic, Inc.
Japan Rakuten Books Network Co., Ltd.
Japan Rakuten Car, Inc.
Japan Rakuten Card Co., Ltd.
Japan Rakuten Communications Corp.
Japan Rakuten Data Solutions, Inc.
Japan Rakuten Energy, Inc.
Japan Rakuten Group, Inc.
Japan Rakuten Insight Global, Inc.
Japan Rakuten Insight, Inc.
Japan Rakuten Mobile Infra Solution, Inc.
Japan Rakuten Mobile, Inc.
Japan Rakuten STAY, Inc.
Japan Rakuten Securities Holdings, Inc.
Japan Rakuten Seiyu Netsuper, Inc.
Japan Rakuten Socio Business, Inc.
Japan Rakuten SQREEM, Inc.
Japan Rakuten Total Solutions, Inc.
Japan Rakuten Travel Services, Inc.
Japan Rakuten Wallet, Inc.
Japan SKY ESTATE, Inc.
Korea Rakuten Insight Korea Co., Ltd.
Korea Rakuten Symphony Korea, Inc.
Korea Viki Korea Co., Ltd.
Malaysia Rakuten Insight Malaysia SDN BHD
Singapore Rakuten Asia Pte.Ltd.
Singapore Rakuten Insight Singapore Pte.Ltd.
Singapore Rakuten Symphony Singapore Pte. Ltd.
Singapore Rakuten Travel Singapore Pte. Ltd.
Singapore Rakuten Travel Xchange, Pte. Ltd.
Singapore Viki Private, Ltd.
Taiwan Taiwan Rakuten Ichiba, Inc.
Ukraine Eastern Enterprises, LLC
United Arab Emirates Symphony MEA FZ-LLC
U.S.A. Ebates Inc. dba Rakuten
U.S.A. Innoeye LLC
U.S.A. KonMari Media, Inc.
U.S.A. Rakuten ABC Golf, LLC
U.S.A. Rakuten Bank America
U.S.A. Rakuten Card USA, Inc.
U.S.A. Rakuten Insight USA Co., Ltd.
U.S.A. Rakuten Marketing International, LLC
U.S.A. Rakuten Marketing LLC
U.S.A. Rakuten USA, Inc.
U.S.A. Robin Systems, Inc.
U.S.A. Viki, Inc.

UK BCR Policy

Contact Us

If you have any questions about Rakuten’s Privacy Policy or Privacy Center, please contact us here.

List of FAQ and inquiries (Japanese)

Page Top