PRIVACY POLICY

As a business entity engaged in the operation of "GPU-specific data centers and the provision of GPU cloud services," our company considers the secure management of information assets, including personal information, to be a critical priority.
To embody the policies outlined below, we have established a Personal Information Protection Management System and commit the entire company to its continuous improvement. This commitment is made with a constant awareness of advancements in IT technology, changes in societal demands, fluctuations in the business environment, and other relevant factors.

a) Personal information shall be acquired, used, and provided only within the scope necessary for the legitimate conduct of our business operations and the employment and personnel management of our employees. The handling of personal information beyond the scope necessary to achieve the specified purposes of use (use outside the intended purpose) shall not be conducted. Furthermore, measures will be implemented to prevent such use.

b) We will comply with laws, government guidelines, and other norms related to the protection of personal information.

c) To address risks such as leakage, loss, or damage of personal information, we will implement reasonable safety measures. By allocating management resources tailored to the realities of our business operations, we will continuously enhance our personal information security framework. Additionally, if an issue is identified concerning personal information protection, prompt corrective measures will be taken.

d) Complaints and inquiries regarding the handling of personal information will be handled promptly, sincerely, and appropriately.

e) The Personal Information Protection Management System will be reviewed and improved continuously, taking into account changes in the environment surrounding our company.

1. Our company handles personal information for the following purposes:

1. Our company will acquire personal information in a lawful and appropriate manner and will not acquire such information through deceitful or other improper means.
2. Except as provided by laws and regulations, our company will not acquire sensitive personal information without obtaining the prior consent of the individual.
3. In addition to acquiring personal information directly from individuals or at their will, our company may acquire log information, user actions, device information, advertising identifiers, cookies, IP addresses, location information, and other similar data when users use our services or visit our website. Furthermore, when necessary for the execution of contracted tasks, our company may acquire personal information required for such tasks from the contracting parties.

1. Our company will take reasonable safety management measures to prevent risks such as leakage, loss, or damage of personal information by implementing appropriate supervision of employees. Additionally, when outsourcing the handling of personal information, our company will supervise contractors to ensure the safety management of personal information.
2. The safety management measures implemented by our company are as follows:
• Formulation of Basic Policy: To ensure the proper handling of personal information and to provide a contact point for inquiries, we have established this privacy policy.
• Development of Internal Rules and Operational Manuals: We have developed rules and operational manuals that define the handling methods, responsible persons, persons in charge and accountability for each stage of the personal information lifecycle, including acquisition, use, storage, provision and deletion or disposal.
• Organizational Safety Management Measures: We have appointed a person responsible for the handling of personal information and clarified the scope of employees handling personal information. We have established a reporting and communication system to notify the responsible person of any violations or potential violations of relevant laws or internal regulations. Regular self-checks, internal audits, and third-party reviews of personal information handling are conducted.
• Human Safety Management Measures: Confidentiality regarding the handling of personal information is stipulated in work rules, and employees sign confidentiality agreements. Contractors are managed as described above. Regular training is provided to employees and contractors on information security, including personal information handling.
• Physical Safety Management Measures: Physical handling areas are designated based on the importance of information. Measures are taken to prevent theft or loss of devices, electronic media, and documents to handle personal information.
• Technical Safety Management Measures: Access rights are restricted to ensure only those who need to access it for work can access personal information. PCs to handle personal information are restricted from exporting data externally without permission, and operation logs are obtained. Systems handling personal information are equipped with mechanisms to detect and prevent unauthorized access from outside and protect against malicious software. SSL encryption is used for necessary web pages to ensure security during internet data transmission.

Our company is not a member of any certified personal information protection organizations.

1. Our company will, without delay, respond to requests from individuals to disclose, correct, add, delete, suspend use, erase, stop provision to third parties, or disclose records of third-party provision concerning retained personal information, after confirming that the request is made by the individuals themselves, in accordance with the Personal Information Protection Law. However, this does not apply where laws or regulations exempt our company from such obligations. Requests must include proof of identity as per our company's requirements.
• When requested by the individual: A copy of documents such as a driver’s license, passport, or health insurance card showing the individual’s name and current address.
• When requested by a proxy: Documents proving proxy authority and identity of the proxy.
2. A fee of 1,000 yen per request will be charged for notifications or disclosure of the purpose of use of personal information. Additionally, if postage or other actual costs are incurred, the requester must bear these expenses. Such fees and costs should be transferred to the account designated by our company, with the requester bearing any transfer fees.
3. Requests must be submitted using forms designated by our company.

• Name, Address, and Representative of the Business handling personal information:
Highreso Co., Ltd.
Representative Director: Yoshiyuki Shikura
Address: 3-24-1 Ichigaya Tamachi, Shinjuku-ku, Tokyo 162-0843
• Contact Information:
Personal Information Consultation Desk
Personal Information Protection Manager: Division Head of GPU Division, Osamu Fukushima
Inquiries are to be sent to :
Highreso Co., Ltd. Personal Information Consultation Desk
Address: 3-24-1 Ichigaya Tamachi, Shinjuku-ku, Tokyo 162-0843
Email: privacy@highreso.co.jp