Personal Information Protection Policy

The Company appropriately and safely manages your personal information and takes protective measures to prevent leakage, loss, or damage.

The Company will use personal information within the scope of the following purposes. We will not use personal information for any other purpose without the consent of the individual.

【Purposes of use when personal information is obtained directly in writing, etc.】
(Retained Personal Data)

1. Personal information of users of services operated/provided by the Company
   1. To provide services
   2. For identity verification when using services
   3. To provide service information and conduct surveys/campaigns
   4. To send products, rewards for surveys, prizes for campaigns, etc.
   5. To respond to inquiries
   • When responding to customers over the phone, calls may be recorded to improve future service quality.
2. Personal information of business partners: For business negotiations, communications, ordering, and billing/payment operations.
3. Personal information of applicants for employment: For communication with applicants and management of recruitment operations.
4. Personal information of employees: For personnel/labor management, business management, health management, and security management.
5. Personal information of shareholders: For shareholder-related operations such as the management of general meetings of shareholders and the sending of printed materials.

【Purposes of use when personal information is obtained by methods other than directly in writing】
(Personal data not subject to disclosure)

1. To provide transit search services for corporations.

To provide better services for business operations, the Company entrusts part of the operations handling personal information to external parties within the necessary scope. In such cases, we select contractors recognized as handling personal information appropriately and conclude contracts specifying matters such as proper management and confidentiality.

The Company will not provide or disclose your personal information to third parties without your prior consent, except in the following cases:

1. When the consent of the individual has been obtained.
2. When performing credit card payments.
3. When disclosing statistical data processed into a format that cannot identify or specify individuals for the purpose of providing statistical information.
4. When disclosure is lawfully required by laws, courts, or other government agencies.
5. When necessary for the protection of a person's life, body, or property, and it is difficult to obtain the individual's consent.

The purpose of obtaining credit card information (card number, expiration date, security code), the name of the obtainer, the recipient, and the storage period are as follows:

1. Purpose of Use: To settle payments for purchased products and services.
2. Name of Obtainer: Ekitan & Co., Ltd.
3. Name of Recipient: Provided to each credit card company through the payment service provider, SB Payment Service Corp.
4. Storage Period: Until the Company deletes the information upon request from the customer, or until the customer deletes their account for using the Company's services.

The Company takes necessary and appropriate measures to manage access to personal information, limit the means of taking out personal information, prevent unauthorized access from the outside, and prevent leakage, loss, or damage (hereinafter referred to as "Security Control Measures").

Utilizing relevant laws, guidelines, and the ISMS (Information Security Management System) framework, we appropriately implement Security Control Measures as follows:

1. Formulation of Basic Policy: We have formulated a basic policy to ensure the proper handling of personal information as an organization.
2. Establishment of Rules for Handling Personal Information: We have formulated handling regulations regarding methods, persons in charge, and their duties.
3. Technical and Physical Security Control Measures:

   We manage access to personal information (limiting authorized users, monitoring access logs, etc.), and implement measures to prevent unauthorized external access.

   We restrict means of taking out personal information (e.g., prohibiting recording on external media without permission).

   We implement measures to prevent unauthorized access from outside the Company.

4. Organizational Security Control Measures:

   We appoint a "Personal Information Protection Manager" and clarify responsibilities regarding security management.

   We supervise employees (including dispatch employees) and establish a reporting system for violations or signs of violations.

   We respond strictly to any violations of handling regulations based on internal rules, including disciplinary action.

   We establish internal regulations and manuals and conduct appropriate audits of compliance.

5. Human Security Control Measures: We conduct regular education and training for employees on the security management of personal information.

Providing personal information to the Company is voluntary. However, if you do not provide it, you may not be able to use the services we provide or we may not be able to respond to your inquiries.

Our products and services may obtain location information with your consent for browsing and service provision. Location information refers to latitude and longitude information obtained through functions such as GPS, beacons, and Wi-Fi.

Our products and services may obtain boarding/alighting information, commuter pass section information, etc.

You may request disclosure or correction of your personal information, or request to stop the Company from using, providing, or entrusting your personal information by contacting our inquiry desk. We will respond within a reasonable period after verifying your identity.

For procedures to request notification of purpose of use, disclosure, correction, addition, deletion, suspension of use, erasure, suspension of provision to third parties, or disclosure of records of third-party provision in writing, please refer to the following page.

• Procedures for Requesting Disclosure of Personal Information or Records of Provision to Third Parties

The Company pays the utmost attention to the protection of information of customers under the age of 16. Please ensure that personal information of customers under 16 is provided only with the consent of a parent or guardian.

To improve customer convenience and services, the Company may automatically receive and record information from your browser using "cookies" or "web beacons." A "cookie" is a small piece of information sent from the server to your browser, and a "web beacon" is a technology used with cookies to know how many times a specific page has been accessed. This information is used only for statistical analysis of website usage. You can refuse to accept cookies through your browser settings, but in this case, some functions of the service may become unavailable.