GREAT FOREST LLC

Privacy Policy

GREAT FOREST LLC (hereinafter referred to as “the Company”) recognizes the importance of protecting personal information, complies with the Act on the Protection of Personal Information (hereinafter referred to as “the Personal Information Protection Act”), and strives to handle and protect personal information appropriately in accordance with the following privacy policy (hereinafter referred to as “this Privacy Policy”). Unless otherwise defined in this Privacy Policy, the definitions of terms used herein shall follow those set forth in the Personal Information Protection Act.

1. Definition of Personal Information

In this Privacy Policy, “personal information” refers to personal information as defined in Article 2, Paragraph 1 of the Personal Information Protection Act.

2. Purpose of Use of Personal Information

The Company will use personal information for the following purposes:

To provide the Company’s services and products (hereinafter referred to as “the Company’s Services, etc.”)

To provide guidance, respond to inquiries, and other communications regarding the Company’s Services, etc.

To provide information about the Company’s Services, etc.

To respond to actions that violate the Company’s terms, policies, etc. (hereinafter referred to as “Terms, etc.”) in connection with the Company’s Services, etc.

To notify changes to Terms, etc. related to the Company’s Services, etc.

To improve the Company’s Services, etc. and to develop new services and products

To collect and analyze browsing history, behavioral history, and purchase history, in order to improve and enhance the Company’s Services and to develop and advertise new products and services tailored to interests and preferences

For employment management and internal procedures (with respect to personal information of officers and employees)

For shareholder management and responses to procedures required under the Companies Act and other laws and regulations (with respect to personal information of shareholders, stock option holders, etc.)

To create statistical data in a form that does not identify individuals, related to the Company’s Services, etc.

For providing information (including advertisements) from the Company

For other purposes incidental to the above purposes

3. Changes to the Purpose of Use of Personal Information

The Company may change the purpose of use of personal information within a reasonably relevant scope, and in such cases will notify or publicly announce such changes to the individual concerned (hereinafter referred to as “the Individual”).

4. Restrictions on Use of Personal Information

Except as permitted by the Personal Information Protection Act or other laws and regulations, the Company will not handle personal information beyond the scope necessary to achieve the stated purposes of use without obtaining the consent of the Individual. However, the following cases are excluded:

When required by law

When necessary to protect a person’s life, body, or property, and obtaining the Individual’s consent is difficult

When especially necessary to improve public health or promote the sound development of children, and obtaining the Individual’s consent is difficult

When cooperation is necessary with a national institution, local government, or person entrusted thereby in performing duties prescribed by laws and regulations, and obtaining the Individual’s consent may hinder the performance of such duties

When personal data is provided to academic research institutions and it is necessary for academic research purposes (including cases where part of the purpose is academic research), except where the rights and interests of individuals may be unjustly infringed

5. Proper Acquisition of Personal Information

5.1 The Company will acquire personal information properly and will not acquire it through deception or other wrongful means.

5.2 The Company will not acquire special care-required personal information (as defined in Article 2, Paragraph 3 of the Personal Information Protection Act) without prior consent of the Individual, except in the following cases:

Cases falling under Items 1 to 4 of Section 4 above

When obtained from academic research institutions and necessary for academic research purposes (including when part of the purpose is academic research), limited to joint research with such institutions, and provided that it does not unjustly infringe on the rights or interests of individuals

When the special care-required personal information has been disclosed by the Individual, national institutions, local governments, or other parties specified in Article 57, Paragraph 1 of the Personal Information Protection Act or by rules of the Personal Information Protection Commission

When acquired by visually recognizing or photographing the Individual, making the special care-required personal information obvious from appearance

When the provision does not constitute third-party provision under Section 7.1 proviso

6. Security Management of Personal Information

The Company will supervise employees as necessary and appropriate to ensure the secure management of personal information against risks such as loss, destruction, falsification, and leakage. When outsourcing all or part of the handling of personal information, the Company will supervise contractors as necessary and appropriate to ensure secure management. An overview of the Company’s security measures is as follows:

The Company complies with the Personal Information Protection Act, related laws, and applicable guidelines, and responds to inquiries, consultations, and complaints regarding the handling of personal data through the contact point specified in Section 15.

The Company establishes methods of handling, responsible persons, persons in charge, and their duties at each stage of acquisition, use, storage, provision, deletion, and disposal.

A person responsible for handling personal data is appointed, who confirms that data is handled in accordance with established methods. A reporting and communication system is in place for employees to report to the responsible person in the event of actual or potential violations of laws or internal rules. The responsible person also conducts regular inspections of handling status.

Employees receive necessary training on handling personal data, and matters related to confidentiality of personal data are stipulated in work regulations.

Measures are taken to prevent unauthorized persons other than employees and the Individual from easily accessing personal data. Media and documents containing personal data are stored in lockable cabinets or storage, and devices running only on standalone systems are secured with security wires. Necessary measures are implemented to prevent theft or loss, including precautions when carrying such devices or media.

The Company clarifies which devices and employees can handle personal data, and implements mechanisms to protect against unauthorized access or malware.

When deleting personal data or disposing of devices or media containing personal data, the responsible person confirms proper handling.

7. Provision to Third Parties

7.1 Except in cases listed in Section 4, the Company will not provide personal information to third parties without prior consent of the Individual. However, the following cases do not constitute provision to third parties:

When entrusting all or part of the handling of personal information within the scope necessary to achieve the purpose of use

When personal information is provided due to business succession by merger or other reasons

When jointly used in accordance with the Personal Information Protection Act

7.2 Notwithstanding Section 7.1, if providing personal information to a third party located in a foreign country (excluding countries designated by the Personal Information Protection Commission as having systems equivalent to Japan, or parties that have established equivalent systems), the Company will obtain the Individual’s prior consent or take measures required by the Personal Information Protection Act.

7.3 When providing personal information to a third party, the Company will prepare and retain records in accordance with Article 29 of the Personal Information Protection Act.

7.4 When receiving personal information from a third party, the Company will conduct necessary confirmations and prepare and retain records in accordance with Article 30 of the Personal Information Protection Act.

7.5 Notwithstanding Section 7.1, the Company may provide user information to partner companies in accordance with the Company’s terms of use or other special agreements.

8. Personally Related Information

When acquiring personally related information from third parties and using it as personal data, the Company will obtain the Individual’s prior consent and use it within the scope of the purposes stated in Section 2.

When providing personally related information to third parties where such third parties are expected to use it as personal data, the Company will confirm that such third parties have obtained prior consent from the Individual.

9. Disclosure of Personal Information

Upon request from the Individual in accordance with the Personal Information Protection Act, the Company will, after confirming that the request is made by the Individual, promptly disclose retained personal data or third-party provision records (and notify the Individual if such data or records do not exist). However, this does not apply when the Company is not obligated to disclose under the Personal Information Protection Act or other laws.

10. Correction of Personal Information

If the Individual requests correction, addition, or deletion (hereinafter “Correction”) of personal information on the grounds that it is inaccurate, the Company will, after confirming the request is from the Individual, conduct necessary investigation and promptly make Corrections based on the results, and notify the Individual. If the Company decides not to make Corrections, it will notify the Individual accordingly. However, this does not apply when the Company is not obligated to make Corrections under the Personal Information Protection Act or other laws.

11. Suspension of Use, etc. of Personal Information

If the Individual requests suspension of use or deletion of personal information (hereinafter “Suspension of Use”) on the grounds that it is being handled beyond the disclosed purposes of use or acquired through fraudulent means, or requests suspension of provision to third parties (hereinafter “Suspension of Provision”) on the grounds that it has been provided without consent, the Company will, upon confirming the request is from the Individual and if the request is justified, promptly implement Suspension of Use or Suspension of Provision and notify the Individual.

If the Individual requests Suspension of Use or Suspension of Provision on grounds such as no longer needing the information, data breach, loss, damage, or other incidents as stipulated by the Personal Information Protection Commission that may seriously harm the rights and interests of individuals, the Company will likewise promptly implement Suspension of Use or Suspension of Provision upon confirming the request is justified, unless exempted by the Personal Information Protection Act or other laws.

12. Handling of Anonymously Processed Information

12.1 When creating anonymously processed information (as defined in Article 2, Paragraph 6 of the Personal Information Protection Act), the Company will process it in accordance with standards specified by the Personal Information Protection Commission.

12.2 The Company will take necessary security measures when creating anonymously processed information.

12.3 When creating anonymously processed information, the Company will disclose the items of personal information included, in accordance with the rules of the Personal Information Protection Commission.

12.4 When providing anonymously processed information to third parties, the Company will disclose the items of information and methods of provision, and clearly indicate that the information is anonymously processed information.

12.5 The Company will not attempt to re-identify Individuals by (1) collating anonymously processed information with other information, or (2) obtaining information deleted or processing methods used (in case of information provided by third parties).

12.6 The Company will take necessary and appropriate measures for secure management of anonymously processed information, handle complaints, and strive to ensure proper handling, including publishing the details of such measures.

13. Use of Cookies and Other Technologies

The Company’s services may use cookies and similar technologies. These help understand usage of the Company’s services and contribute to improvements. Users may disable cookies by changing browser settings. However, disabling cookies may prevent some functions of the services from working properly.

14. Use of External Services

The Company’s services use the following services for the stated purposes. Please refer to each provider’s website for privacy policies.

(1) Understanding user visits

The Company may use Google Analytics and Google Analytics Advertising Features.

Functions used may include:

Google Analytics Remarketing

Google Display Network Impression Reporting

Google Analytics Demographics and Interests Reporting

Cookie disabling and opting out

Users can disable all cookies through browser settings, though some web service functions may not operate properly. Cookies can also be blocked by specifying domains. Opt-out procedures are available via each provider’s privacy policy.

Google Inc. (External site)

Privacy Policy: https://policies.google.com/privacy

Google Analytics Opt-out Add-on: https://tools.google.com/dlpage/gaoptout

15. Name, Address, and Representative of the Personal Information Handling Business Operator

GREAT FOREST LLC

1-5-6 Takidai, Funabashi-shi, Chiba 274-0074, Japan

Representative Director: Mitsuo Omori

16. Contact Information

For requests for disclosure, opinions, questions, complaints, or inquiries regarding the handling of personal information, please contact the following office by phone or email:

GREAT FOREST LLC

1-5-6 Takidai, Funabashi-shi, Chiba 274-0074, Japan

[Personal Information Inquiry Desk]

Phone: +81-80-1333-7840

Email: [〇〇]

17. Continuous Improvement

The Company will review its operational status regarding the handling of personal information as appropriate, strive for continuous improvement, and may revise this Privacy Policy as necessary.

Enacted: January 9, 2025