Personal Information Protection Policy

We will use customers' personal information for the following purposes

1. (1)Target Businesses
   Office building business, residential business, commercial business, consulting, planning, design, maintenance, and upkeep of buildings and electric power facilities, and other related businesses
2. (2)Purpose of use
   Related to the businesses listed in Item 1
   To conduct sales activities such as sending DMs, pamphlets, etc., and solicitation through visits, telephone calls, and e-mails
   To execute contracts and provide information and services
   To provide information on services and products related to after-sales service
   To provide information on surveys of customer satisfaction, etc.
   To analyze customer trends as statistical information and to conduct surveys and analysis for product development, etc.
   To respond to accidents and disasters (including emergency contact) and for safety management

We will jointly use personal information to improve the convenience of our customer service.

1. (1)Items of personal information to be shared
   Name, contact information (telephone number, e-mail address, etc.), name of organization (company name, organization name, etc.), title, and other information that can identify a specific individual
2. (2)Scope of joint users
   NTT Urban Solutions Group companies
3. (3)Purposes of use by joint users
   Purposes of use as stated in 1. above
4. (4)Name and address of the person responsible for the management of the personal information to be jointly used
   NTT Urban Development Corporation
   Hiroshi Tsujigami, President and Representative Director
   Akihabara UDX, 4-14-1 Sotokanda, Chiyoda-ku, Tokyo

Please refer to the website of Nippon Telegraph and Telephone Corporation for information on the joint use of information related to our procurement with our business partners.
In addition to the above, NTT Urban Development may share personal information with third parties. In such cases, the following items will be notified in advance or announced on our website, etc.

1. (1)The fact that personal information will be jointly used
2. (2)Items of customer personal information to be jointly used
3. (3)Scope of joint use
4. (4)Purpose of use by the joint users
5. (5)Name and address of the person responsible for the management of the relevant customer personal information, and in the case of a corporation, the name of its representative.

To submit inquiries and opinions about client`s personal information, please contact the following representative

We will respond to requests for notification of the purpose of use of retained personal data concerning a customer, requests for disclosure, correction, addition, deletion, suspension of use, or deletion of personal data, requests for disclosure of records of provision of customer personal information to third parties, and requests for suspension of provision of customer personal information to third parties in accordance with the provisions of the Personal Information Protection Law. Requests for disclosure, etc., will be handled by sending the prescribed form by mail, fax, or e-mail. In either case, please contact the above contact point.

For inquiries from customers regarding their own retained personal data, we will ask them to follow our prescribed procedures for "identification" and then to make the request as prescribed by us. In addition, we ask for your understanding and cooperation in paying a handling fee (1,000 yen [consumption tax included] per case).

In handling customer personal information, we will take appropriate organizational, personnel, physical, and technical safety control measures.

1. (1)Organizational safety control measures
   We have established an organizational management system that includes the establishment of a management system with committees and managers in charge of each organization, the development of internal rules, the preparation of statements such as control ledgers and process control charts, and further continuous improvement.
2. (2)Personnel safety control measures
   All employees who handle personal customer information, including directors, employees, and temporary staff, are informed and educated about the importance of protecting personal customer information, and are required to sign confidentiality agreements and undergo necessary audits and supervision to ensure the effectiveness of such measures.
3. (3)Physical safety control measures
   Measures are taken to control access to buildings and floors where personal customer information is handled, to prevent theft, to prevent damage to personal customer information due to fire, lightning, etc., and to lock systems and documents when they are taken out, transported, or stored.
4. (4) Technical security control measures
   The Company shall take technical control measures such as access control including authentication, authorization management, control, and recording when accessing personal data, measures against unauthorized software and viruses on systems, measures during transfer, transmission, and reception by means of encryption and clarification of responsibilities, and monitoring of information systems.
5. (5)Understanding the external environment
   When handling customers' personal information in a foreign country, we will take appropriate measures based on our understanding of the systems for the protection of personal information in that foreign country.

We may create anonymized processed information based on customers' personal information and provide it to third parties. In such cases, the following items shall be publicized on the Company's website, etc.

1. (1)Items of information on individuals included in the anonymized processed information created by the Company
2. (2)Items of information on individuals included in the anonymized processed information provided to the third party
3. (3)Method of providing anonymized processed information to third parties
4. (4)Details of security control measures taken
   In handling anonymized processed information, etc., we will take the security control measures described in Section 5 above. In addition, we will exercise necessary and appropriate supervision over our employees and contractors (including subcontractors, etc.) who handle anonymized processed information, etc. We will also exercise necessary and appropriate supervision over employees and contractors (including subcontractors, etc.) who handle anonymized processed information．

We may create pseudonymized information based on your personal information. However, we will not provide such information to any third party, except as required by law. In handling Processed Pseudonym Information, etc., we will take the security control measures described in Section 5 above. In addition, we will exercise necessary and appropriate supervision over our employees and contractors (including subcontractors, etc.) who handle Processed Pseudonym Information, etc. We will also exercise necessary and appropriate supervision over employees and contractors (including subcontractors, etc.) who handle pseudonymized information.

We handle personally identifiable information (i.e., information about living individuals that does not fall under the categories of personal information, pseudonymized information, or anonymized processed information, and specifically refers to website browsing history, location information, etc.) as follows. (specifically, website browsing history, location information, etc.) will be handled as follows.

1. (1)When we provide personally identifiable information
   When a third party to which we provide personal information is expected to acquire such information as personal data, except in the cases specified in each item of Article 27, Paragraph 1 of the Personal Information Protection Law, we shall obtain the prior consent of the customer (if the third party is located in a foreign country, in obtaining consent, we shall disclose the name of that foreign country, the system for protecting personal information, the measures taken by that third party, and the name of that third party). (If the third party is located in a foreign country, in obtaining the consent, the consent shall include the fact that the name of the foreign country, the system for the protection of personal information, the measures taken by the third party to protect personal information, and other information that should be of reference to the customer shall be provided to the customer). (2) We will not provide personally identifiable information to a third party without first confirming the name of the third party, its system for protecting personal information, the measures taken by the third party to protect personal information, and any other information that should be of reference to the individual concerned.
2. (2)Cases in which we obtain personally identifiable information as personal data
   When acquiring personally identifiable information as personal data, we shall obtain prior consent from the customer. However, if the person to whom the personal data is to be provided has obtained consent from the customer, this may be substituted for obtaining the customer's prior consent.

We will not provide your Personal Information or Personal-Related Information to a third party in a foreign country (excluding countries that have a system for the protection of Personal Information that is recognized as equivalent to that of Japan in terms of protecting the rights and interests of individuals). (1) In the event that we provide your personal information or personally identifiable information to a third party located in a foreign country, we will take the following measures.

1. (1)Provision of customer personal information to a third party in a foreign country
   (i) Method of obtaining consent
   We may provide your personal information to a third party in a foreign country after informing you in advance of the following matters and obtaining your consent.
   Name of the foreign country to which the information will be provided
   The system regarding personal information in the foreign country
   Measures taken by the third party to protect personal information
   (ii) Method through the establishment of a system by a third party located in a foreign country
   In addition to (1) above, we may provide customer personal information to a third party located in a foreign country after taking necessary measures to ensure the continuous implementation of the corresponding measures by the third party located in the foreign country.
2. (2)Provision of personally identifiable information to third parties located in foreign countries
   (i)Method by obtaining consent
   We may provide personal information to a third party in a foreign country in accordance with the provisions of Section 8(1) above.
   (ii) Method by establishing a system for the third party in a foreign country
   We may provide personally identifiable information to a third party in a foreign country after taking necessary measures to ensure the continuous implementation of appropriate measures by the third party in the foreign country.