Article 1 Scope of this Policy

1. This Policy applies to the Company's services.

2. The Company will handle personal information on the Company's services to the extent necessary to achieve the purpose for which the information is used. The Company will not use personal information for purposes other than those specified in the Personal Information Protection Law, except in cases where such usage falls within the exceptions specified in the law.

Article 2 Definition of Personal Information

1. "Personal information" means the following information about a living individual:

   1. Information that can identify a specific individual by name, date of birth, or other description contained in such information

   2. Information such as e-mail addresses that cannot identify an individual by itself, but can be easily matched with other information to identify a specific individual

   3. That which contains a personal identification code as defined in Article 2, Paragraph 2 of the Personal Information Protection Law

2. "Personal Data" means personal information that constitutes Personal Information Databases, etc. as defined in Article 16, Paragraph 3 of the Personal Information Protection Law.

3. "Personally Identifiable Information" is defined in Article 26.2 of the Personal Information Protection Law as information about living individuals that does not fall under either personal information, pseudonymized information, or anonymized information, such as browsing history, location information, cookies, etc., which do not identify specific individuals.

Article 3 Personal Information to be Obtained

1. In the course of providing its services, the Company shall acquire Personal Information in an appropriate and lawful manner in accordance with laws, regulations, guidelines, internal rules, and other rules.

2. The types of information about individuals (not limited to personal information) that we acquire are as follows:

   1. Information provided in connection with the Company’s services This information includes the following information

      1. Name, date of birth, gender, address, age, telephone number (which also serves as the destination number for short message service), place of employment, occupation, e-mail address

      2. MaUers related to the use of the Company’s services

      3. Information related to usage history, purchases and payments for the Company’s services

      4. Customer behavior data acquired by cameras and other equipment capable of capturing and recording images installed in stores managed by the Company

      5. Remote communications using means such as the internet, etc., and information voluntarily provided by the customer via such remote communications

   2. Information obtained automatically through the use of the Company's services. This information includes cookies, IP addresses, and information about the terminal from which you use the Company’s services.

   3. Information provided by third parties

3. The Company may conduct information processing, statistical analysis, and other analyses of the collected information as prescribed by the Company.

Article 4 Purpose of Use and Use of Personal Information

1. In accordance with laws, regulations, guidelines, internal rules, and other rules, the Company will use Personal Information obtained within the scope of the following purposes of use.

   1. To provide the Company’s services, to manage transaction status, and to ensure appropriate and smooth performance of transactions

   2. To improve the functions of the Company’s services, to eliminate problems, to analyze the effectiveness of the Company’s services, and to enhance the ease of use and convenience of the Company’s services

   3. To survey and analyze the usage of the Company’s services

   4. To conduct research and development, including improvement and development of products, services, and applications

   5. To improve and enhance the experience of using the Company’s services

   6. To respond to inquiries

   7. To make inquiries, contact in case of emergency, and other necessary communication with the person in question

   8. To perform maintenance and support of the Company’s services

   9. To confirm your identity

   10. To exercise rights and fulfill obligations based on contracts and laws

   11. To understand and manage various risks

   12. For other purposes incidental to the above

2. In principle, when acquiring Personal Information, the Company will notify or publicly announce the purpose of use in advance. However, this does not apply in the following cases:

   1. When there is a risk of harm to the life, body, property, or other rights or interests of the person concerned or a third party

   2. When there is a risk of harm to the Company's legitimate rights or interests

   3. When it is necessary to cooperate with a national agency or local public body in the performance of its duties as prescribed by law, and notifying the person in question of the purpose of use or publicly announcing it may impede the performance of those duties

   4. Cases in which the purpose of use is deemed clear from the circumstances of the acquisition

3. The Company shall not change the purpose of use of Personal Information it has acquired beyond the scope reasonably deemed relevant to the purpose of use before the change, and if the purpose of use is changed, the Company shall notify or publicly announce the purpose of use a1er the change.

Article 5 Security Control Measures

1. In order to prevent leakage, falsification, loss, or damage of Personal Data entrusted to the Company, the Company will take necessary and appropriate security control measures, such as operating and maintaining storage procedures, improving the security of storage systems, and instructing, managing, and supervising its officers and employees.

2. The Company may outsource all or part of the handling of Personal Data to an outside business entity. In such cases, the Company will implement necessary and appropriate management and supervision of the outsourced entity to ensure the safe management of Personal Information.

3. The Company will endeavor to ensure that the Personal Data entrusted to the Company is accurate and up to date.

Article 6 Provision to Third Parties

1. In principle, the Company will not provide Personal Data to a third party without the consent of the individual concerned. However, in the following cases, Personal Data may be provided to a third party without the consent of the individual to the extent that it does not conflict with relevant laws and regulations:

   1. When required by law

   2. When there is a risk of harm to the life, body, property, or other rights or interests of the person concerned or a third party, and it is difficult to obtain the consent of the person concerned

   3. Cases in which the provision of Personal Information is particularly necessary for improving public health or promoting the sound growth of children and in which it is difficult to obtain the consent of the person

   4. Cases in which the handling of Personal Information is necessary for cooperating with a national agency, local government, or an individual or entity entrusted by either of the former two in executing affairs prescribed by laws and in which obtaining your consent is likely to impede the execution of the relevant affairs

   5. Cases in which the following maUers are notified or announced to the person in advance and such maUers are notified to the Personal Information Protection Commission

      1. The purpose of use includes provision to a third party

      2. Items of Personal Data to be provided to the third party

      3. The means or method of provision to the third party

      4. Cessation of provision of Personal Data to a third party at the request of the person

      5. Method of accepting the person's request as described in (d).

   6. However, the following cases do not fall under the definition of "third party" as set forth above:

      1. Cases in which the Company outsources all or part of the handling of Personal Data within the scope necessary to achieve the purposes of use

      2. Cases in which Personal Data is provided as a result of the succession of business due to merger or other reasons

      3. Cases in which Personal Data is used jointly with a specific person, and in which the Company notifies the person in advance or makes readily accessible to the person the items of Personal Data to be jointly used, the scope of joint use, the purpose of use by the person using the Personal Data, and the name of the person responsible for the management of the Personal Data.

2. When providing Personal Data to a third party located in a country or region outside of Japan, the Company shall obtain the prior consent of the individual in accordance with Article 24 of the Personal Information Protection Law

Article 7 Request for Correction, Suspension of Use, Suspension of Provision, and Disclosure

1. With regard to the Personal Information provided to the Company by an individual, (1) if the individual requests correction of the content of the Personal Information based on the provisions of the Personal Information Protection Law because the information is untrue, or (2) if the information is used for purposes other than those previously announced, or if the information is collected through deception or other wrongful means, the Company will conduct the necessary investigation without delay a1er confirming that the request was made by the customer him/herself, and based on the results, the Company will correct the content or suspend use of the Personal Information and notify the customer to that effect. If the Company decides not to correct or suspend the use of the Personal Information, the Company will notify the customer to that effect.

2. If a customer requests deletion of his/her Personal Information, and the Company deems it necessary to comply with the request, the Company will delete the Personal Information a1er confirming that the request was made by the customer him/herself, and notify the customer to that effect.

3. The provisions of the preceding two paragraphs do not apply in cases where the Company is not obligated to correct or suspend the use of Personal Information under the Personal Information Protection Law or other laws and regulations.

4. Upon receiving a request for disclosure of Personal Information provided to the Company by the customer, the Company will confirm that the request was made by the customer himself/herself and disclose the Personal Information to the customer without delay (if the Personal Information in question does not exist, the Company will notify the customer to that effect). However, this does not apply to cases in which the Company is not obligated to disclose the information under the Personal Information Protection Law or other laws and regulations. Please be advised that a fee of 1,000 yen per case will be charged for the disclosure of Personal Information.

5. Please contact the Company via the "Contact Information" listed at the end of this Policy for inquiries regarding requests for correction, discontinuation of use, discontinuation of provision, or disclosure of Personal Data.

Article 8 Cookies, etc.

The Company may use cookies and other identifiers on the Company’s site to provide and improve the Company’s services. These technologies are used to identify users, to improve user experience such as by saving their sedngs, to improve the services, to prevent fraud, to improve security, to measure the effectiveness of advertisements and to provide information of greater interest to the users, to measure and analyze the effectiveness of the Company’s services, and to provide other beUer services.

Article 9 Use of Statistically Processed Data

The Company may create statistical data based on the Personal Information that it obtained, which is processed in such a way that individuals cannot be identified. The Company may use the non-personally identifiable statistical data without any restrictions.

Article 10 Indemnification

In the following cases, the Company assumes no responsibility for the handling of Personal Information:

1. When a user reveals his/her Personal Information to a third party at his/her own will or through his/her own negligence

2. When a user provides Personal Information on an external website linked to the Company’s service that is not managed by us, or when Personal Information is unintentionally extracted by such a website

3. When Personal Information is leaked, damaged, or lost due to malware, natural disasters, or other reasons beyond the Company’s control that cannot be prevented by taking normal measures

Article 11 Continuous Improvement

In order to ensure the appropriate handling of Personal Information, the Company will promote continuous improvement by providing training to internal employees and reviewing its personal information protection management system from time to time, including revisions to this Policy.

Article 12 Changes to this Policy

In addition to complying with Japanese laws, regulations, and other norms applicable to Personal Information held by the Company, the Company shall review from time to time its operational status regarding the handling of Personal Information and strive for continuous improvement, and it may change this Policy as necessary. Any changes will be notified to users by posting on the Company's website, and they will become effective when posted on this website. However, in the case of changes that require the consent of users under laws and regulations, the Company shall obtain the consent of users in the manner prescribed by the Company.