iPark Digital Community Platform Privacy Policy

iPark Institute, Co., Ltd. (the "Company") recognizes the importance of protecting personal information in the operation of the Company's iPark Digital Community Platform (iDCP) (the "Platform"). The Company complies with the Act on the Protection of Personal Information ("APPI") and handles and protects personal information appropriately in accordance with the following privacy policy ("Privacy Policy").

1. Definition of Personal Information

For the purposes of this Privacy Policy, "personal information" means personal information as defined in Article 2, Paragraph 1 of the APPI.

2. Purpose of Use of Personal Information

The Company will use your personal information for:

• (1) Managing your use of the Platform, such as authentication of your identity at and after login, and automatically displaying your information on various pages;

• (2) Providing the services available on the Platform, including creating your profile page on the Platform (including name, company name, and job title; the same applies below), displaying the information described in your profile page to other users in accordance with your visibility settings, and enabling communication such as messages from other users;

• (3) Providing notices regarding maintenance information, important announcements, and other matters necessary for operating the Platform;

• (4) Creating and using statistical information about Platform usage in a manner that does not identify any individual; and

• (5) Providing information as marketing materials to our business partners and other third parties to the extent that individuals cannot be identified.

3. Changes to the Purposes of Use of Personal Information

The Company may change the purposes of use of personal information within the scope reasonably deemed to be relevant, and we will notify you or make a public announcement in the event of a change.

4. Use of Personal Information

The Company will not use personal information beyond the scope necessary to achieve the purpose(s) of use without your consent, except as permitted under the APPI as follows:

• (1) When required by laws and regulations;

• (2) When it is necessary for the protection of a person's life, body, or property, and it is difficult to obtain your consent;

• (3) When it is especially necessary to improve public health or to promote the sound growth of children, and it is difficult to obtain your consent;

• (4) When it is necessary to cooperate with a national government agency, a local government, or an individual or entity entrusted by them in the execution of affairs prescribed by laws and regulations, and obtaining your consent may impede the execution of such affairs; or

• (5) When personal data is provided to an academic research institution, etc. where such institution needs to handle such personal data for academic research purposes (including cases in which part of the purpose of handling such personal data is for academic research purposes, but excluding cases in which the rights and interests of individuals may be unreasonably infringed).

5. Proper Acquisition of Personal Information

The Company will acquire personal information in an appropriate manner and will not acquire it through deception or other wrongful means.

6. Security Management of Personal Information

The Company implements the following security control measures to prevent leakage or loss of, or damage to personal information that you entrust to us. In the unlikely event of an incident involving the leakage of your personal information, we will promptly report the incident to the regulatory authorities in accordance with the APPI and related guidelines, and take necessary measures to prevent similar incidents from occurring or recurring, in accordance with the instructions of the relevant regulatory authorities.

• (1) Formulation of basic policy
  The Company has established our privacy policy (https://www.shonan-ipark.com/en/privacy-policy/) as our basic policy to ensure the proper handling of personal information.

• (2) Establishment of rules for the handling of personal information
  The Company maintains internal rules that specify, for each stage of acquisition, use, storage, provision, deletion, and disposal, the handling methods, responsible persons and personnel in charge, and their duties.

• (3) Organizational safety control measures
  The Company appoints a person responsible for the handling of personal information, clarifies the employees who handle personal information and the scope of personal information handled by such employees, and maintains a reporting and communication framework to the responsible person when facts or signs of violations of laws or internal rules are identified.

• (4) Personnel safety control measures
  The Company informs its employees of matters requiring attention in handling personal information and includes confidentiality obligations in work rules and other internal regulations.

• (5) Physical safety control measures
  The Company controls employee access to areas where personal information is handled, restricts the equipment and other items that employees may bring into such areas, and implements measures to prevent unauthorized access to personal information.

• (6) Technical safety control measures
  The Company limits the personnel in charge and the scope of personal information they handle by restricting access to personal information files. Further, the Company has measures in place to protect information systems that handle personal information from unauthorized external access and unauthorized software.

• (7) Understanding the external environment
  When personal information is handled in a foreign country, security control measures are implemented based on an understanding of the system for the protection of personal information in that country.

7. Reporting in Case of Leakage

If any leakage, loss, damage, or similar incident occurs with respect to personal information handled by us, and reporting to the Personal Information Protection Commission and notification to the individual is required under the APPI, the Company will make such report and provide such notification.

8. Provision to Third Parties

In addition to cases in which disclosure is permitted under the APPI or other laws and regulations, the Company may provide personal information we have acquired to third parties to the extent necessary to achieve the purposes of use described in article 2 above. As the Platform is an information exchange platform intended to promote open innovation and collaboration among users, it is anticipated that information provided by users will be shared among users.

9. Outsourcing the Handling of Personal Information

The Company may outsource all or part of the handling of personal information to third parties within the scope necessary to achieve the purpose(s) of use. In such cases, the Company will thoroughly review the suitability of such outsourcing partner, stipulate matters concerning confidentiality obligations in the relevant contracts with the partner, and exercise necessary and appropriate supervision over the partner.

10. Cross-border Transfers

In addition to cases where disclosure is permitted under the APPI or other laws and regulations, the Company may provide personal information obtained by the Company to third parties outside of Japan to the extent necessary to achieve the purposes of use described in article 2 above. Since the Platform is a global information exchange platform intended to promote open innovation and collaboration among users, we are unable to provide an exhaustive list of destination countries in advance; however, the following countries and regions are anticipated to be the primary potential destinations for transfer, in addition to EEA countries and the UK.

• United States of America
  https://www.ppc.go.jp/files/pdf/USA_report.pdf(Commonwealth) https://www.ppc.go.jp/files/pdf/california_report.pdf(California)

• Republic of Korea
  https://www.ppc.go.jp/files/pdf/korea_report.pdf

• Taiwan
  https://www.ppc.go.jp/files/pdf/taiwan_report.pdf

• People's Republic of China
  https://www.ppc.go.jp/files/pdf/china_report.pdf

11. Correction, Suspension of Use, Disclosure, etc. of Personal Information

Please refer to item 5 of our privacy policy (https://www.shonan-ipark.com/en/privacy-policy/), which is the Company's basic policy governing this article. If there is any inconsistency or conflict between that privacy policy and this Privacy Policy, this Privacy Policy shall prevail.

12. Procedures for Changing the Privacy Policy

The Company will review this Privacy Policy from time to time and strive to improve it. The Company may change the content of this Privacy Policy, except as otherwise provided by law or otherwise in this Privacy Policy. The revised Privacy Policy shall become effective when the Company notifies you or a notice is posted on the Company's website or the Platform in a manner prescribed by the Company.

13. Handling Complaints and Inquiries

The Company shall accept complaints and inquiries from users regarding the handling of personal information, and respond to such complaints and consultations appropriately and promptly. The Company will also respond promptly and appropriately to requests from users for disclosure, correction, addition, deletion, or refusal of use or provision of said personal information.

14. Our Address and Representative

For our address and representative, please see the Company's overview page (https://www.shonan-ipark.com/company/).

15. Use of Cookies and Other Technologies

Our services may use cookies and similar technologies. While these technologies are used to help us understand how our services are used, to improve our services, to display information that we believe is beneficial to users, and for marketing purposes such as behavioral targeting in advertising using cookies, users who wish to disable cookies may do so by changing the settings on their web browsers. However, if you disable cookies, you may not be able to use certain features of our services.

16. External Transmission Policy

<Purpose of External Transmission>

• The main purposes of external transmission are as follows:
  • (1) To analyze user browsing trends and history, and to monitor for fraud and anomalies;
  • (2) To provide the website and services properly and safely, and to improve convenience; and
  • (3) To display advertisements with content appropriate to each user.

<Information Transmitted Externally>

• The main types of information transmitted externally are as follows:
  • (1) Data related to pages viewed;
  • (2) Browsing history
  • (3) History of actions taken; and
  • (4) User identifiers (cookies, device identifiers, etc.).

<List of external destinations> The following external services transmit information about users of this service.

• Company name: Google LLC

  • Purpose of use:

    • (1) To analyze browsing trends and history, and to monitor for fraud and anomalies; and
    • (2) To provide the website and services properly and securely, and to improve the convenience of the website and services.

  • Transmission information:

    • (1) Data related to pages viewed;
    • (2) Browsing history;
    • (3) History of actions taken; and
    • (4) User identifiers (cookies, device identifiers, etc.).

• Company name: Salesforce Japan, Inc.; Meta Platforms, Inc.; LinkedIn Japan, Inc.

  • Purpose of use:

    • (1) To display advertisements with content tailored to each user.

  • Transmission information:

    • (1) Data related to pages viewed;
    • (2) Browsing history;
    • (3) History of actions taken; and
    • (4) User identifiers (cookies, device identifiers, etc.).

17. Inquiries

For requests for disclosure and other matters, opinions, questions, complaints, and other inquiries regarding the handling of personal information, please contact us via our inquiry form (https://www.shonan-ipark.com/contact/).

Established and enforced on January 1, 2026