1.Compliance with laws and regulations

When handling personal data, our company shall comply with the provisions related to the protection of personal information as stipulated in the "Act on the Protection of Personal Information" and its various guidelines, as well as the "Telecommunications Business Act" and "Guidelines for Personal Information in the Telecommunications Business." We will adhere to all relevant laws, regulations, and guidelines related to personal information protection.

2.Definition of personal data

The term "personal data" refers to all information handled by the Company that can directly or indirectly identify customers as individuals, including users of the Company's services. This may include "personal information" and "special care-required personal information."

"Personal information" means information about a living individual that falls under any of the following items:

(i) Name, date of birth, and other descriptions, etc., (documents, drawings, or electromagnetic records, including records made in electromagnetic methods that cannot be recognized by human perception), or all matters (excluding individual identification codes) that are described or recorded, or expressed using voice, motion or other methods (including information that can be easily compared with other information, thereby enabling the identification of a specific individual).

(ii) Those containing an individual identification code.

"Individual identification code" means a character number, symbol or other code that falls under any of the following items and is specified by the Enforcement Order of the Act on the Protection of Personal Information:

(i) Letters, numbers, symbols, and other codes obtained by converting the characteristics of a part of the body of a specific individual for computer use, and which can identify the specific individual.

(ii) A specific user or purchaser who is assigned to the use of services provided to an individual or purchases products sold to an individual, or is described or recorded on a card or other document issued to an individual, or anything that can identify the recipient of the issuance.

"Special care-required personal information" refers to personal information that includes descriptions specified by government ordinance as items that require special consideration in handling, such as the customer's race, creed, social status, medical history, criminal record, and fact that he/she has been harmed by a crime.

The types of personal data we collect include your name, address, telephone number, e-mail address, facsimile number, date of birth, identification number, video, image, and biometric information.

3.Purpose of use of personal information

In order to provide our services (including the sale, provision, and rental of products and services offered by Oura, collectively referred to as "services"), we will use, jointly use, and provide personal information to third parties within the necessary scope to achieve the following purposes of use. We will not acquire personal data through deception or other unlawful means.

Customers include those who are using, considering, or have canceled or terminated services, as well as those who have applied for unofficial information.

The services include campaigns, events, seminars, and questionnaires.

1.Procedures and Customer Support

We will use your personal data for procedures and customer support, including:

1. Procedures for applying for and responding to services
2. Confirmation of eligibility for services or reasons for rejection
3. Various procedures related to services, such as changes or termination/cancellation
4. Providing guidance on using services
5. Responding to customer opinions, requests, and inquiries

2.Service Provision

We will use your personal data to provide services, including:

1. Providing services based on applications and accompanying services
2. Managing communication between you and other users
3. Performing operations necessary for providing services
4. Managing transaction status based on applications
5. Construction and maintenance of services
6. Preventing failures, accidents, and malfunctions of services and facilities, and responding when they occur
7. Calculating and billing usage fees and necessary fees for providing services (including collection agency and receivable transfer fees)
8. Conducting lottery drawings for campaigns and shipping prizes
9. Conducting remittance business for point redemption
10. Confirming subscription status of services
11. Verifying identity and preventing fraudulent transactions

3.Service Quality Improvement and New Service Development

We will use your personal data to improve the quality of services and develop new services, including:

1. Work, research, and analysis for improving the convenience and quality of services
2. Operations, research, and analysis for planning and developing new services suitable for customers
3. Surveys and marketing analysis to determine customer satisfaction with services
4. Analyzing information related to customer usage and customizing service content

4.Notice

We will use your personal data to distribute service announcements and recommended content, including:

1. Notifications regarding services from our company, partnerships, and other companies (e-mail, direct mail, telephone, internet, advertisement distribution/display, etc.)
2. Providing information recommended to customers (e-mail, direct mail, telephone, internet, advertisement distribution/display, etc.)
3. Analyzing customer usage information and providing recommended information

For the above purposes of use, we may provide your personal data to a third-party company with whom we outsource services.

4.Shared Use

For the purpose of providing services, etc., the Company may jointly use personal data for the following purposes:

(1) Parties who will jointly use personal data with us:

• Oura Health Oy
  Address: Elektronikatie 10, 90590 Oulu Finland
• Ouraring Inc.
  Address: 415 Mission Street, 37th Floor San Francisco, CA 94105 United States

(2) Personal data subject to shared use:

• Name, telephone number, address, email address, user number, billing address, age, gender, selected fee type and discount, payment status, and all personal data necessary for the work described in "Purpose of use of personal information."

(3) Purpose of shared use:

Customer support, including the provision of joint users' products or services, responding to customer inquiries, guidance on procedures, and providing information regarding the use of joint users' products or services

1. Billing calculation for product or service provision
2. Product and service development
3. Marketing research and analysis
4. Information on joint users' products, services, etc., and campaigns of other companies
5. Notifications for informing the provision of information that contributes to the development of the service industry and improvement of customer service
6. Registration, management, provision, construction, maintenance, fault correction of equipment, and troubleshooting, including software updates
7. Judging whether or not to provide products and services related to our company and joint users
8. Compliance with laws and regulations

(4) Manager responsible for shared personal data:

• Broadband Japan Co., Ltd.
  President Hironori Mizuno
  Address: Tomitaka Building 5F, 2-8-1 Uchikanda, Chiyoda-ku, Tokyo 101-0047, Japan

5.Personal Data Collection Methods and Procedures

The collection of personal data from customers shall be done lawfully and through means such as application documents, direct communication with customers (telephone, etc.), email, receiving information through websites and other services, and receiving information from third parties with customer consent when necessary. We shall assess the extent to which personal data is necessary for the transaction with the customer, the consistency of the personal data use with the purpose stated in the privacy policy, and the purpose of providing personal data to us. We shall use personal data in a fair and lawful manner.

6.Provision to Third Parties

The Company may disclose personal data to partners (agents, distributors, resellers), business partners, and subcontractors (including third parties located in foreign countries) that we deem necessary for the following purposes. We may disclose personal data through written documents or electronic or magnetic means. However, such disclosure must be within the scope of the provisions of our Privacy Policy, and we may not disclose or share personal data with third parties without explicit consent from the customer, except when necessary to provide the services or products requested by the customer or as required by law.

1. For the management of campaigns sponsored by our sales agents and sales affiliates (hereinafter referred to as "campaign organizers"), granting benefits, and operating campaigns such as sending them, personal data of our customers who are eligible for the campaign (Information that can identify the person to whom the campaign is applied, such as name, address, phone number, etc.) may be provided to the campaign organizer.
   
   
2. For the purpose of providing, providing, analyzing, improving, or supporting products, services, and campaigns to applicants or contractors, the Company may use personal data (name, address, telephone number, etc.) of applicants or contractors. Information may be provided to businesses that guide, provide, analyze, improve, or provide support for such products, services, and campaigns.
   
   
3. Moreover, the handling of personal data stipulated by the Company shall not apply to personal data independently collected by businesses that guide, provide, analyze, improve, or support such products, services, and campaigns. The Company may collect personal data necessary for registration and provision of affiliated services (name, address, telephone number, email address, date of birth, gender, other customer identification and affiliated service business necessary information, etc.) for the purpose of providing affiliated services with other companies.
   
   

The Company shall not acquire special care-required personal information without the prior consent of the customer, except in the following cases:

• When required by law
• When it is necessary to protect human life, body or property and it is difficult to obtain the customer's consent.
• When it is particularly necessary to improve public health or promote the sound development of children, and it is difficult to obtain the customer's consent.
• When it is necessary to cooperate with a national institution, a local government, or a person entrusted by them in carrying out the affairs stipulated by laws and regulations, and obtaining the customer's consent will hinder the execution of the affairs when there is a risk of
• When the special care-required personal information is disclosed by the customer, a national agency, a local government, a person listed in each item of Article 76, Paragraph 1 of the Act on the Protection of Personal Information, or a person specified by the rules of the Personal Information Protection Commission
• Other cases specified by Cabinet Order as equivalent to the cases listed in the preceding items.

7.Use of "cookies"

Our website may use "cookies". The term "cookie" refers to information that a website stores on the hard drive of a visitor's computer. This information can be used to collect data about the visitor, including personal data, ID information, usage environment, access history, and action history, which can be recorded, analyzed, and used for various purposes. The Company may view this information for a specified period and share it with contractors if necessary. If you do not wish to receive cookies from our website, you can adjust your settings to receive a warning before receiving cookies and refuse to receive them. However, clearing cookies from your browser may also affect your history on our website.

8.Security Management Measures

We will take necessary and appropriate security management measures to prevent leakage, loss, or damage of personal data and ensure its proper management. We will also supervise employees and contractors (including subcontractors) who handle personal data as necessary and appropriate.

(1) Establishment of basic policies

• We have established basic policies to ensure proper handling of personal data.

(2) Development of rules related to handling personal data

• We have established handling methods, responsible persons, and their duties for each stage of acquisition, utilization, storage, provision, deletion/disposal, etc.

(3) Organizational security management measures

• We have appointed a person responsible for handling personal data and clarified the scope of personal data handled by employees who handle personal data. We have also established a reporting system to the person responsible for handling personal data in case of any violation or signs of violation of the Personal Information Protection Act or the personal information handling regulations. We conduct regular self-checks on the handling status of personal data and conduct audits by other departments or external parties.

(4) Human security management measures

• We conduct regular training for employees on precautions related to the handling of personal data and include matters related to confidentiality of personal data in the employment rules.

(5) Physical security management measures

• We restrict access to areas where personal data is handled by managing the entry and exit of employees and limiting the equipment they bring with them. We also implement measures to prevent unauthorized viewing of personal data by those who do not have authority to do so. We take measures to prevent theft or loss of equipment, electronic media, documents, etc., which handle personal data, and when transporting such equipment or media within the business premises, we take measures to prevent easy identification of personal data.

(6) Technical security management measures

• We implement access controls to limit the range of persons responsible for and handling personal information databases, etc. We also introduce mechanisms to protect information systems that handle personal data from unauthorized access from external sources or malicious software.

(7) Awareness of external environment

• We implement security management measures by understanding the systems related to the protection of personal information in the foreign countries where personal data is stored.
  Finland / California.

9.Personal inquiry

If you wish to inquire, modify, or delete your personal data, we will respond after confirming your identity.

10.Inquiry

Please contact the following for inquiries regarding our handling of personal data:
Broadband Japan Co., Ltd.,
Telephone: 03-3251-3941.