DigitalBlast, Inc. (hereinafter referred to as "the Company") hereby establishes the following Privacy Policy (hereinafter referred to as "this Privacy Policy") regarding the handling of personal information obtained by the Company (as defined in Article 2, Paragraph 1 of the Act on the Protection of Personal Information (hereinafter referred to as the "Personal Information Protection Act"), hereinafter simply referred to as "personal information").

The definitions of terms in this Privacy Policy shall follow the Personal Information Protection Act, other related laws and regulations, and the guidelines established by the Personal Information Protection Commission (hereinafter collectively referred to as the "Personal Information Protection Act, etc.").

1. Scope of Application

This Privacy Policy stipulates the handling of personal information obtained from you by the Company.

2. Company Name, Address, and Representative

DigitalBlast, Inc.
105 Kanda Jimbocho 1-Chome, Chiyoda-ku, Tokyo 101-0051
Representative Director: Shingo HORIGUCHI

3. Compliance with Personal Information Protection Laws

The Company will comply with the Personal Information Protection Act, etc., and this Privacy Policy and will handle personal information legally and appropriately.

4. Acquisition and Use of Personal Information

When acquiring personal information, the Company will announce or notify the purpose of use (including announcements through this Privacy Policy) and, when obtaining personal information directly from the individual in writing (including electromagnetic records), will clarify the purpose of use in advance and acquire it by legal and fair means.
The Company will use personal information appropriately within the scope necessary to achieve the purpose of use.

5. Purpose of Use of Personal Information

The Company will use the obtained personal information for the following purposes. If the Company changes the purpose of use, it will announce the changes on its website or obtain the individual's consent, ensuring that the changes are reasonably related to the original purpose of use, following the Personal Information Protection Act, etc.

• To provide and carry out consulting services and all other services offered by the Company (hereinafter collectively referred to as "the Services") to the client from whom personal information was obtained.
• To provide information related to the Services (including notifications).
• To respond to requests for disclosure and other inquiries from the individual subject of the personal information.
• To send invitations, newsletters, and conduct identity verification and operations for various seminars, exhibitions, forums, events, etc., hosted or involved by the Company or its partners related to the Services.
• To request customer satisfaction surveys and questionnaires related to the Company's services.
• To use as reference materials for the Company's recruitment activities.
• To use for personnel and employment management and other necessary daily business operations at the Company.
• To develop, enhance, improve, and market the Services.
• To respond to inquiries, opinions, and consultations (including inquiries related to personal data under 12).

6. Scope of Use of Personal Information

(1) Provision to Contractors
The Company may provide the minimum necessary personal information to contractors within the scope necessary to achieve the purpose of use. In such cases, the Company will manage the contractors in accordance with this Privacy Policy.

(2) Provision to Third Parties
The Company will not provide personal data to third parties without obtaining the individual's prior consent, except in the following cases:

• When required by law.
• When necessary to protect a person's life, body, or property and it is difficult to obtain the individual's consent.
• When particularly necessary for public health improvement or the sound growth of children and it is difficult to obtain the individual's consent.
• When it is necessary to cooperate with a national or local government agency or its entrusted entity to perform the legally required tasks, and obtaining the individual's consent may interfere with the performance of those tasks.

7. Acquisition and Management of Personal Information

(1) The Company acquires personal information through appropriate and lawful means. When acquiring sensitive personal information, the Company will, in principle, obtain the prior consent of the individual.

(2) The Company implements appropriate safety management measures to prevent unauthorized access to, leakage, alteration, or loss of personal information.

(3) The Company appoints personal information management officers and conducts education and awareness activities for all officers, employees, and related parties to ensure the proper handling of personal information. Furthermore, when the Company determines that it no longer needs to retain personal information, it will appropriately delete such information.

8. Safety Management Measures

The Company takes necessary and appropriate safety management measures to prevent the leakage, loss, or damage of personal data. Additionally, the Company exercises necessary and appropriate supervision over employees and contractors (including subcontractors) handling personal data. Specific safety management measures for personal data are defined in the Company's "Personal Information Handling Regulations" and "Specific Personal Information Handling Regulations," with the main contents as follows:

• Formulation of Personal Information Protection Guidelines
  • To ensure the proper handling of personal data, the Company has formulated this Privacy Policy (Personal Information Protection Guidelines) covering compliance with relevant laws and guidelines, as well as handling questions and complaints.
• Establishment of Rules for Handling Personal Data
  • The Company has established rules for handling personal information at each stage, including acquisition, use, storage, provision, deletion, and disposal, specifying methods, responsible persons, and their duties.
• Organizational Safety Management Measures
  • 1. The Company appoints an officer responsible for the handling of personal data, clarifies the scope of personal data handled by employees, and establishes a reporting system to the responsible officer for any facts or signs of violation of the Personal Information Protection Act or handling regulations.
  • 2. The Company conducts regular self-inspections of the handling status of personal data and audits by other departments and external parties.
• Human Safety Management Measures
  • 1. The Company conducts regular training for employees on points to note regarding the handling of personal data.
  • 2. The Company includes confidentiality provisions regarding personal data in its employment regulations.
• Physical Safety Management Measures
  • 1. The Company controls entry and exit of employees and restricts the equipment brought into areas where personal data is handled, and implements measures to prevent unauthorized persons from viewing personal data.
  • 2. The Company takes measures to prevent theft or loss of devices, electronic media, and documents handling personal data and ensures that personal data is not easily identifiable when transported, including within business premises.
• Technical Safety Management Measures
  • 1. The Company implements access control to limit the scope of persons responsible for handling personal data databases and the personal data handled.
  • 2. The Company protects information systems handling personal data from unauthorized access and malicious software from external sources.

9. Provision of Personal Data to Third Parties Abroad

When providing personal data to foreign residents, foreign companies, or other third parties abroad, the Company will provide necessary information in advance and obtain consent from the individual following the standards set by law.

10. Use of Cookies and Other Technologies

The Company may send and store text files called cookies on the individual's computer storage and use them for purposes that contribute to improving the Company's services. The Company may also use similar technologies such as Google Analytics and Google AdSense. Individuals can disable cookies by changing their web browser settings, but disabling cookies may prevent them from using some or all features of the Company's services.

11. Disclosure, Correction, Deletion, Suspension of Use, etc., of Retained Personal Data

For requests regarding disclosure, correction, deletion, suspension of use, etc., of retained personal data, please contact the inquiry office described in section 12. After verifying the identity of the individual based on the Company's prescribed procedures, the Company will respond in accordance with the Personal Information Protection Act, etc.

12. Contact Information

For questions or complaints regarding the handling of personal information by the Company, please contact the following office:

Address:
105 Kanda Jimbocho 1-Chome, Chiyoda-ku, Tokyo 101-0051
DigitalBlast, Inc., Management Promotion Department, Personal Information Protection Consultation Office

Contact:
Please inquire through the "Contact" section of the Company's website.

Office Hours:
Monday to Friday (excluding holidays and New Year holidays), 10:00 AM to 12:00 PM, and 1:00 PM to 6:00 PM

13. Revision of this Privacy Policy

The Company may review and revise the contents of this Privacy Policy as necessary to ensure the proper handling of personal information. In such cases, the revised Privacy Policy will apply from the date it is published on the Company's website.

February 1, 2022
Shingo HORIGUCHI, President and CEO