NTT Digital, Inc.

Privacy

NTT Digital, Inc. Privacy Policy

NTT Digital Inc. (hereinafter referred to as "Digital") may collect and use your Personal Data (not limited to personal information as set forth in the Act on the Protection of Personal Information and including all data concerning an individual) to provide various services that enable you to enjoy a rich and comfortable life.

Therefore Digital believes that the proper handling of Personal Data in business activities is our important duty, and we have established this Privacy Policy as a policy regarding the handling of Personal Data, while making decisions on the Personal Data handing in accordance with the Principles of Conduct of the “NTT DOCOMO Personal Data Charter” of the NTT DOCOMO Group.

1.Proper handling of Personal Data

We will comply with the applicable domestic and foreign laws and regulations, guidelines (collectively "Laws") in processing Personal Data and continuously improve this Privacy Policy. We will collect your Personal Data only by proper means and securely manage your Personal Data under our proper data management structure. In addition, we will implement proper company regulations and carry out necessary educational training of employees. By doing so, Digital will make our best endeavors for our customers so that they can use convenient, safe and secure services.

2.Collecting of Personal Data

Digital will collect Personal Data in the instances such as the following:
Digital will collect Personal Data in the following instances:

When directly provided by the customer to Digital:
For example, Digital will collect your Personal Data when you fill in information about yourself in writing or when you register and/or send it through your smartphone, etc.
When automatically recorded when the customer uses our services:
For example, when you use our services on the internet, information regarding usage history of the services may be automatically recorded in Digital's server or recorded on the blockchain. Similarly, information recorded on your device (such as a smartphone) may be automatically sent to Digital according to the settings of the device. In certain instances, such information includes your Personal Data.
When indirectly obtained from third party when the customer uses the third party services:
We may obtain information such as shopping and service usage history upon your use of third-party services or transactions on the blockchain or may receive such information from such third parties.

3.Purpose of processing of Personal Data

(1) Digital will process your Personal Data for the following purposes:

Purpose of Use 1:For provision of services, products, etc., and for communications/notifications etc. to customer that are necessary for the performance of the agreement with customer.

As examples, the following purposes of use are included:

Providing various services and functions under the terms of an agreement and executing other terms of an agreement
Confirming the identity of a person or family members at the time of application and when using the services, etc.
Confirming whether the application conditions have been satisfied
Determining credit and managing post-credit
Calculating and/or invoicing the billing amount (including for collection agencies) and managing points and other benefits for the customer
Disposing of claims and/or rights acquired against the customer, pledging collateral and for other transactions
For age information notifications when using services of contents providers corresponding to age determining functions
Notifying of required matters concerning an agreement
Arranging, sending and after-servicing ordered products
Communicating with the customer upon the occurrence of fraudulent contracts, unauthorized use and non-payment
Responding to opinions, requests, inquiries, etc. concerning the services

Purpose of Use 2: For proposals services, products, etc., in relation to purchased services, products, etc., and for communications/notifications etc., to customer that are necessary thereto

As examples, the following purposes of use are included:

Providing information on various sales promotion campaigns and events of Digital, our partner businesses, etc.
Drawing winners, sending prizes and gifts and providing notifications for various sales promotion campaigns, etc.
Providing information on products, services, contents, etc. recommended for the customer
Displaying and delivering advertisements of Digital or other companies that are appropriate for the customer

Purpose of Use 3:For preservation and countermeasures against fraud that are necessary for reliable and stable provision of services, products, etc.

As examples, the following purposes of use are included:

Operating and maintaining networks, applications, systems, etc.
Preventing and responding to the occurrence of failures, defects, accidents, etc. of products, services, networks, applications, systems, etc.
Preventing the occurrence of, and countermeasures upon the occurrence of, fraudulent contracts, unauthorized use and non-payment

Purpose of Use 4:For planning, developing and improving services, products, etc. and various investigations and analyses

As examples, the following purposes of use are included:

Planning and development of new products, new services and new technologies
Improving service quality and improving reception services
Investigating and analyzing sales status and usage status
Carrying out investigations concerning awareness and actual conditions concerning products and services, various campaigns and other sale promotion programs, etc. (not limited to those of Digital, partner businesses, etc.)
Investigating, analyzing and measuring effects for carrying out various campaigns and other sales promotion programs, etc.
Carrying out questionnaire investigations

【Customer Analysis by Digital】

By analyzing Personal Data such as service usage history, Personal Data will be analyzed within the scope of the purpose of use set forth in this Privacy Policy, for example, by estimating the interests, preferences, and trends of the customer and using it to propose services and products, distribute advertisements, and develop services and products in response to them. When analyzing the Personal Data, we will be conscious of whether it will be for the customer's benefit and whether it will contribute to society, and not make any use that would harm the customer's credibility, and do not use it in a way that undermines customer trust. Please confirm the following for specific usage examples.

Examples of purposes of use of customer analysis

Analyzing personal data such as service usage history, website browsing history, purchase history, and contract details obtained from each service, and making proposals and distributing advertisements for services and products in response to customers' interests, preferences, and tendencies.
The results of analysis and aggregation using the Personal Data of customers shall be statistically analyzed so as not to identify the individual customer and its aggregation so that the individual customer cannot be identified and providing such information to partner businesses and other third parties.
To develop, provide, and improve services and products by analyzing Personal Data such as service usage history acquired by each service.
Explaining the purposes of use and provisions to partner businesses to the customer by each service and measure, and analyzing the customer's Personal Data to the extent consented to thereby, and using and providing the results of analysis thereof.
Analyzing personal data such as service usage history, customer information and contract details obtained from each service, and taking countermeasures against fraud in order to prevent fraudulent contracts, unauthorized use, etc.

【Use of the customer service contents (audio and video recording)】

Digital will record the audio and video of customer service contents, as necessary, and will use the customer service contents to the extent of the purposes of use set forth in this Privacy Policy, including the purposes set forth below:

To accurately understand the responses to the opinions, requests, and inquiries from customers regarding the services
To improve the quality of customer service
To ensure employee safety based on the “Docomo Group's Basic Policy on Customer Harassment (in Japanese only)”

(2) Digital will not process Personal Data in the following way:

Unfairly discriminate against the customer in determining whether to provide services to the customer

(3) Digital may continue to process Personal Data even after the relevant contract for the services terminates.

(4) If Digital processes Personal Data to perform services entrusted from other parties, Digital will use Personal Data only to the extent necessary to perform such entrusted services.

4.Consent to the processing of Personal Data

If so required under the Laws and otherwise we consider appropriate, Digital will obtain your prior consent for (i) the processing of your Personal Data, (ii) transfer of your Personal Data to third parties (including third parties in foreign countries) and/or (iii) any other purpose.
Notwithstanding, to the extent permitted by the Laws, Digital may, without your prior consent, (i) process your Personal Data for purposes other than the purposes provided in 3. (1) and/or (ii) transfer of your Personal Data to third parties (including third parties in foreign countries). Even in such instance, Digital will give due consideration to your rights and interests.

5.Claim Procedures regarding Retained Personal Data /Records on Third Party Provisions of Personal Data

Please refer to the link below for “Disclosure Request Procedures regarding Retained Personal Data of Customers” and “Disclosure Request Procedures for Records on Third Party Provisions concerning Personal Data of Customers.”
Claim Procedures regarding Retained Personal Data /Records on Third Party Provisions of Personal Data

6.Safety management of Personal Data

Digital has declared the “Information Security Policy” as its policy regarding information security, to enable you to use our Services with ease. Digital will take necessary and proper measures to prevent the divulgence, loss or damage of Personal Data and for other safety management of Personal Data.

7.Sub-processing of Personal Data

Digital may use a sub-contractor for our services, including sales and reception services, credit-related services, website and system operation services, event and campaign implementation services, data processing and analysis services and other services. In some instances, such sub-contractor may process your Personal Data on behalf of Digital, to the extent necessary to perform its duties under the sub-contracting contract. In such instance, Digital will select an eligible sub-contractor who is recognized as being able to properly process Personal Data, and will carry out proper supervision thereof.

8.Notice of Other Matters regarding the Processing of Personal Data

If further notifications are required of Digital’s joint utilization of the Personal Data with other parties, process of anonymized processed information or pseudonymized processed information, or any other matter, Digital will post necessary notifications on "Notice of Other Matters regarding the Processing of Personal Data."

9.Inquiries regarding the Processing of Personal Data

Please contact the below customer support desk for inquiries regarding the processing of Personal Data:

[Mail to:]: Service Desk for Personal Information; NTT Digital, Inc.; Sanno Park Tower 10F; 2-11-1 Nagata-cho, Chiyoda-ku, Tokyo, 100-6150
[Email us at:]: privacy-info@ml.nttdigital.io; Service Desk for Personal Information, NTT Digital, Inc.

10.Amendment to the Privacy Policy

Digital may amend this Privacy Policy as necessary according to the Laws and regulations and for business reasons. Amendments, etc. will be published on the website. In addition, Digital shall take measures pursuant to Laws and regulations depending on the amendments.

Established on July 1, 2023
Revised on November 22, 2023
Revised on January 29, 2025

CEO Kenichi Hamana
NTT Digital, Inc.
Sanno Park Tower 10F,
2-11-1 Nagata-cho, Chiyoda-ku, Tokyo, 100-6150

Exhibit A: Additional information for EU and UK Residents

In the following, Digital provides you with the additional information as required in accordance with the General Data Protection Regulation 2016/679 ("GDPR") and the United Kingdom General Data Protection Regulation ("UK-GDPR"). This Exhibit A supplements the information provided in the main body of the "NTT Digital Privacy Policy" to the extent required under GDPR and UK-GDPR. Capitalized terms not defined in this Exhibit have the same meanings ascribed to them in the "NTT Digital Privacy Policy."

(1) Categories of Personal Data

Digital may collect, use, store and transfer different kinds of Personal Data which we have grouped together as follows:

Basic information: Basic information on the customer. Examples include the name, address, age, gender, family structure, phone number, email address, customer identifier, attributes and contact information.

Corporate user information: Information on the customer's place of employment and employee attributes. Examples include the company or organization name, company location, business type, department, job title, position, e-mail address and any other information that may identify a specific individual.

Usage information: Information on the contracts and use of various services, etc. Examples include information on the subscription status and usage history of various services provided by Digital, information on the articles and images and videos posted, information on the behavior at the time of using the Internet and applications, information on the name, purchase location and payment for services and products purchased and information on the responses to questionnaires.

(2) How we collect Personal Data

We may collect your Personal Data in the following ways:

Information that you provide to us: This includes information about you that is provided by you when filling in forms or when you are communicating with us, whether face-to-face, by phone, e-mail or otherwise.

Information we collect or generate about you: This includes data from and about you through automated technologies or interactions. As you interact with our website, we will automatically collect technical data about your equipment as well as your browsing actions and patterns. We collect this Personal Data by using cookies and other similar technologies.

Information we obtain from other sources: This includes data provided to us by our affiliates and subsidiaries, third-party service providers, agencies or other publicly available sources where applicable.

Please note that any Personal Data that is mandatory to provide is indicated in the relevant forms that you complete. In cases where the provision of Personal Data is mandatory, we are not able to provide our products or services to you if the relevant information is not provided.

(3) Purposes and Legal bases of the data processing

We have set out below, in a table format, purposes of processing the Personal Data as well as the legal bases we rely on for the processing. We have also identified what our legitimate interests are where appropriate. In addition, if we process any special categories of Personal Data about you as prescribed in Article 9 of GDPR, we will only do so based on your explicit consent.

Purpose	Type of Personal Data	Lawful basis for processing
For rendering Services and for communications/notifications to customer that are necessary for the performance of the contract with customer.	(i)Basic information (ii)Usage information	Contract performance Necessary to comply with a legal obligation (To inform you of any changes to our terms and conditions under applicable law).
For proposals and offers of Services and for relevant communications/notifications. "proposal" includes carrying out various campaigns.	(i)Basic information (ii)Usage information	Legitimate interest (To conduct marketing activities including various campaigns/promotion (but excluding direct marketing that we conduct based on explicit consent) / To make suggestions and recommendations that may be of interest to you throw which we aim to grow our business) In the case of conducting direct marketing: Consent
For maintenance of Services and countermeasures against improper activities that are necessary for reliable and stable provision of Services.	(i)Basic information (ii)Usage information	Contract performance Necessary to comply with a legal obligation (To implement security measures required under applicable law) Legitimate interest (To keep records updated /To run our business, provision of administration and IT services, network security/ To prevent fraud)
For planning, developing and improving Services and various investigations and analyses relating to them.	(i)Basic information (ii)Usage information	Legitimate interest (To keep records updated/To analyse how customers use services/ To improve quality of services/ To analyse how customers use services)

(4) Disclosures of your Personal Data

We may share your Personal Data with third parties, including our subsidiaries and business partners, with a valid legal basis and/or in the case otherwise permitted by applicable law. We require all third parties to respect the security of your Personal Data and to treat it in accordance with applicable law. Without a valid legal basis, we do not allow our third-party service providers (i.e. subcontractors of our services) to process or otherwise use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

(5) International data transfer

Digital is established and headquartered in Tokyo, Japan, and most of the business partners and service providers to whom we may transfer the Personal Data, as controllers and/or as processors, are also based in Japan or elsewhere outside the European Economic Area ("EEA") or the United Kingdom ("UK"), such as the United States of America and Australia. The Personal Data will therefore be collected, transferred, stored and processed outside the EEA or the UK. If we transfer Personal Data to Japan, we rely on the adequacy decisions under Article 45 of GDPR and UK-GDPR, as Japan has been recognised by the European Commission and the UK as being a country which offers adequacy protection for the purposes of GDPR and UK-GDPR. If we transfer Personal Data elsewhere outside the EEA and the UK, we take appropriate measures under Article 46 of GDPR and UK-GDPR, such as EU standard contractual clauses and UK Addendum. Please contact us as explained in Section 9 below if you want further information on the specific mechanism used by us when transferring Personal Data internationally.

(6) How we keep the Personal Data secure

We have put in place appropriate robust security measures to prevent the Personal Data from being accidentally lost, used or accessed in an unauthorised way, damaged or destroyed, altered or disclosed. We have adopted these measures to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services which process the Personal Data and to ensure that we can restore availability and access to the Personal Data in a timely manner in the event of a physical or technical incident. These measures are regularly tested, assessed and, where appropriate, updated to ensure they remain effective, and they will typically include:

Technical security measures:
secure system firewalls and authentication controls;
back-ups and data recovery systems;
secure encryption technologies; and
state-of-the-art antivirus and intrusion protection.
Organisational security measures:
data system access controls, password controls and privilege management;
data centre physical access controls;
security and compliance training for personnel:
robust data security breach reporting procedures;
robust DRBC (disaster recovery and business continuity) procedures;
contractual confidentiality obligations for personnel; and
background checks for personnel (where appropriate and permitted / required by law).
We have put in place reporting procedures to deal with any suspected data breach and will notify you and any applicable supervisory authority of a breach when we are legally required to do so.
Whenever we engage third party service providers to store and process the Personal Data, we always ensure that those providers also implement appropriate technical and organisational security measures to keep the Personal Data safe and require those providers to adhere to strict contractual requirements for this purpose, as required by GDPR and UK-GDPR.

(7) How long we retain the Personal Data

We will only retain the Personal Data for as long as is necessary for the specific purposes it was collected for or, where relevant, for related compatible purposes such as complying with applicable legal, accounting, or record-keeping requirements. For example, we often have to retain basic information about our customers for a mandatory period of time after they cease being customers in order to comply with our tax law obligations.

Where there is no specific legal period for retaining the Personal Data then we will determine the appropriate retention period by considering the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from its unauthorised use or disclosure, the purposes for which we process the Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you can ask us to delete the Personal Data: see Section 8 below for further information. We may also anonymise the Personal Data (so that you are no longer identifiable from it) for research or statistical purposes. If so then we may use this information indefinitely without further notice to you.

(8) Your personal data rights

You have certain rights for the Personal Data under GDPR or UK-GDPR, some of which only apply in certain circumstances. These rights are:

Right to access your Personal Data: This gives you the right to receive a copy of the Personal Data we hold about you subject to certain exemptions.

Right to request correction of your Personal Data: This gives you the right to have any incomplete or inaccurate Personal Data we hold about you corrected.

Right to request erasure of your Personal Data: This allows you to request us to delete or remove Personal Data. You also have the right to request us to delete or remove your Personal Data where you have exercised your right to object to processing (see below). In certain circumstances this right may not apply, such as where we have a good, lawful reason to continue using the information in question, and if so we shall inform you of such reasons at the relevant time.

Right to object to processing of your Personal Data: You can object to us processing your Personal Data for legitimate interests purposes or for direct marketing. We must then stop processing your Personal Data unless we have a strong reason to continue which overrides your objection. If your objection is to direct marketing, we must always stop.

Right to restrict how your Personal Data is used: You can limit how we use your Personal Data in certain circumstances. Where this applies, any processing of your Personal Data (other than storing it) will only be lawful with your consent or where required for legal claims, protecting certain rights or important public interest reasons.

Right to have a portable copy or to transfer your Personal Data: You can request us to provide you, or (where technically feasible) a third party, with a copy of your Personal Data in a structured, commonly used, machine-readable format. Note this only applies to Personal Data which we obtain from you and, using automated means, process on the basis of your consent or in order to perform a contract.

Right to withdraw consent: If we are relying on consent to process your Personal Data then you have the right to withdraw that consent at any time.

If you want to exercise any of the rights described above then please contact us as explained in Section 9 below. We try to respond to the requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. Please also bear in mind that there are exceptions to the rights above and some situations where they do not apply.

We may need to request additional information from you to help us confirm your identity. This is a security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you to clarify your request.

You will not normally have to pay a fee to access your Personal Data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Right to complain to a supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular, in the member state of the EU or the UK where you have a habitual residence or place of work or where the alleged infringement of the GDPR took place.

(9) Child data

We do not knowingly collect Personal Data relating to children under the age of 13. We only collect and process Personal Data relating to children under the age of 16 if and to the extent that consent is given or authorized by the holder of parental responsibility over the child.

(10) Contact

Digital is the controller and is responsible for your Personal Data.
We have appointed a Data Protection Representative in the European Union ("EU") and the UK to support you with any data protection or privacy related queries which you may have. If you have any questions about this Exhibit, or if you wish to exercise your legal rights (as explained in Section 8 above) please contact us or our EU Data Protection Representative or UK Data Protection Representative using the following details:

Company name: NTT Digital, INC.
[Mail to:]
Service Desk for Personal Information　NTT Digital, Inc.
Sanno Park Tower 10F　2-11-1 Nagata-cho, Chiyoda-ku, Tokyo, 100-6150

[Email:]
privacy-info@ml.nttdigital.io
Service Desk for Personal Information, NTT Digital, Inc.

EU Data Protection Representative:
TMI Avocats & Associés,
Email address: NTT_Digital_EUrep@tmi.gr.jp
Postal address: 40 avenue Niel 75017 Paris, France

UK Data Protection Representative:
TMI Associates London LLP,
Email address: NTT_Digital_UKrep@tmi.gr.jp
Postal address: City Point, One Ropemaker Street, London EC2Y 9SS, United Kingdom

Exhibit B: Additional information for California Residents

In the following, Digital provides you with the additional information as required in accordance with the California Consumer Privacy Act of 2018 as amended under the California Privacy Rights Act of 2020 ("CCPA"). This Exhibit B supplements the information provided in the main body of the "NTT Digital Privacy Policy" to the extent required under CCPA. Capitalized terms not defined in this Exhibit have the same meanings ascribed to them in the "NTT Digital Privacy Policy."

In this Exhibit B, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Depending on the context, Personal Information refers to either personal data that has been processed within the past 12 months or personal data that is intended to be processed in the future. Otherwise, this Exhibit B shall be subject to the definitions of terms set forth in the CCPA.

(1) Categories of Personal Information we collect

We collect the following categories of Personal Information shown in the chart below.

Categories	Examples
Identifiers	Name, address, age, gender, family structure, phone number, email address, customer identifier, attributes and contact information.
Commercial information	Subscription status and usage history of various services provided by Digital.
Internet or other electronic network activity information	Information on the behavior at the time of using the Internet and applications, information on the name, purchase location and payment for services and products purchased and information on the responses to questionnaires.
Audio, electronic, visual, or similar information	Articles, images and videos posted.
Professional or employment-related information	Company or organization name, company location, business type, department, job title, position.
Sensitive personal information	Social security, driver’s license, state identification card, or passport number, account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, and racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership.

(2) Sources of Personal Information

We may collect your Personal Information in the following ways:

Information we collect or generate about you: This includes data from and about you through automated technologies or interactions. As you interact with our website, we will automatically collect technical data about your equipment as well as your browsing actions and patterns. We collect this Personal Information by using cookies and other similar technologies.

(3) Business or commercial purposes for collecting Personal Information

We collect Personal Information for the following purposes.

For rendering services and for communications/notifications to customer that are necessary for the performance of the contract with customer.
For proposals and offers of services and for relevant communications/notifications. "Proposal" includes carrying out various campaigns.
For maintenance of services and countermeasures against improper activities that are necessary for reliable and stable provision of services.
For planning, developing and improving services and various investigations and analyses relating to them.

(4) Disclosure of Personal Information

We disclose the following categories of Personal Information to the categories of third parties and for the purposes shown in the chart below.

Categories	Third Party Categories	Purposes
All categories described in Section 1	NTT DOCOMO group of affiliated companies	For all purposes described in Section 3
	Service providers	To perform functions on our behalf and under our instructions in order to carry out the purposes identified above, such as marketing or web hosting.
	Auditors and advisors	For the performance of audit functions, and for the provision of legal and other advice.

(5) Sale or Sharing of Personal Information

We do not sell or share any Personal Information.

(6) Child Data

We do not have actual knowledge that we have sold or have shared the Personal Information of any persons aged 16 years and younger; however, if we plan to do so in the future, the selling or sharing of Personal Information will not be done unless such persons or their guardians have affirmatively authorized it.

(7) Use or disclosure of sensitive Personal Information

We may collect sensitive Personal Information in order to process transactions, comply with laws, manage our business, or provide you with services. Please note that we do not use such information for any purposes that are not identified within the CCPA.

(8) How long we retain the Personal Information

Digital will only retain the Personal Information for as long as is necessary for the specific purposes it was collected for or, where relevant, for related compatible purposes such as complying with applicable legal, accounting, or record-keeping requirements. For example, we often have to retain Personal Information about our customers for a mandatory period of time after they cease being customers in order to comply with our tax law obligations.

Where there is no specific legal period for retaining the Personal Information then we will determine the appropriate retention period by considering the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from its unauthorized use or disclosure, the purposes for which we process the Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you can ask us to delete the Personal Information: see Section 9 below for further information. We may also anonymize the Personal Information (so that you are no longer identifiable from it) for research or statistical purposes. If so then we may use this information indefinitely without further notice to you.

(9) Your rights

Under the CCPA, you have the following rights.

The right to know specific information
You have the right to request that we disclose the following information to you about our collection and use of your Personal Information over the past twelve (12) months preceding the date of your request.
- Categories of your Personal Information we have collected;
- Categories of sources from which we have collected your Personal Information;
- Business or commercial purposes for collecting, selling, or sharing your Personal Information; and
- Categories of third parties to which we disclose, sell, or share your Personal Information; and-Specific pieces of Personal Information we have collected about you.
The right to request deletion of Personal Information
You have the right to request that we delete any of your Personal Information that we have collected from you. Please note that such right is subject to certain exceptions under the CCPA. When we determine to maintain your Personal Information after your request, we will inform you of the exception applied to your case.
The right to request correction of inaccurate Personal Information
You have the right to request that we correct any of your inaccurate Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will correct your inaccurate Personal Information and will notify any service providers and contractors, as well as third parties to which we have sold or with which we have shared your inaccurate Personal Information if any, that they must correct such inaccurate Personal Information. We may deny your correction request if we determine that the contested Personal Information is more likely than not accurate based on the totality of the circumstances.
The right to opt-out of sale of sharing of Personal Information
We have not shared or sold your Personal Information in the previous twelve (12）months, but, if we decide to do so in the future, we will inform you that your Personal Information will be sold or shared and that you have the right to opt-out of that sale or sharing.
The right to request restriction of use
We do not use your sensitive Personal Information for any purposes that are not identified within the CCPA.
The right to non-discrimination for the exercise of your right
We do not discriminate against you due to the exercise of any of your rights under the CCPA.

(10) Exercising your rights to know, delete, and correct

To exercise your rights to know, delete, and correct your Personal Information, please submit a verifiable consumer request to us by contacting us via the information in “(11) Contact Information for Inquiries and Complaints.”
Only you, or a natural person or a person registered with the relevant authority that you authorize to act on your behalf, or a person who has power of attorney or is acting as a conservator for you, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

A “verifiable consumer request” must:

(i) Provide sufficient information that allows us to reasonably verify that you are the person whose Personal Information we have collected or an authorized representative thereof; and

(ii) Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond thereto.

(11) Contact information for inquiries and complaints

Please contact us at the following address for inquiries or complaints about the processing of your Personal Information:

[Mail to:]
Service Desk for Personal Information
NTT Digital, Inc.
Sanno Park Tower 10F 2-11-1 Nagata-cho, Chiyoda-ku, Tokyo, 100-6150

[Email:]
privacy-info@ml.nttdigital.io
Service Desk for Personal Information, NTT Digital, Inc.

(12) Amendment to this Exhibit B

We may amend this Exhibit B as necessary according to the laws and regulations and for business reasons. Amendments, etc. will be published on the website. In addition, we shall take measures pursuant to laws and regulations depending on the amendments.

Effective Date on January 29, 2025