EXPO2025 DIGITAL WALLET Privacy Policy

This Privacy Policy (hereinafter, the "Privacy Policy") sets forth the handling by HashPort Inc. (hereinafter, the "Company") of the personal information (meaning the Personal Information as defined in Article 2, paragraph (1) of the Act on the Protection of Personal Information (hereinafter, the "Personal Information Protection Act"); the same shall apply hereinafter) of the users and the use applicants (hereinafter, "Users") of EXPO2025 DIGITAL WALLET (hereinafter, the "Wallet") provided by the Company. In accordance with the Privacy Policy, the Company shall endeavor to properly protect, manage, and use the Personal Information of Users.

Users shall use the Wallet after agreeing to the Privacy Policy and performing use registration of the Wallet.

Article 1. Compliance with related laws, regulations, and guidelines on protection of Personal Information

The Company shall comply with the Personal Information Protection Act and other related laws and regulations, policies, guidelines, and other rules prescribed by the government and related authorities, as well as the Privacy Policy.

Article 2. Collection of personal information

The Company shall collect, retain, and use the following information from among of the Personal Information concerning Users (hereinafter collectively, the "User Information"), and Users shall agree to such collection.

1. The names of Users, their names in kana, user names, user IDs, addresses, whether or not they live in Japan, dates of birth, telephone numbers, e-mail addresses, and other information entered or provided or reported to the Company by Users for use of the Wallet (including information updated by Users).
2. User's status regarding the use of the Wallet, the status of email authentication, and other information on the situation and status of the use of the Wallet by Users.
3. Information on the date and time of registration for use of the Wallet, date and time of use of the Wallet, date and time of email authentication, and other dates and times related to use of the Wallet.
4. Information on the model and identification of Users' terminals, and other information related to Users' terminals.
5. IP address information of Users, browsing history and action history of Users in the Wallet, usage history of the services linked with the Wallet as set forth in each item of Article 7, Paragraph 2 (hereinafter, the "Collaboration Services"), location information of Users, user agent, advertisement ID for mobile terminals.
6. Information on Users obtained by the Company from the Collaboration Services and from Users' use of the Collaboration Services through the Wallet.
7. Other information concerning Users that the Company has known.

Article 3. Proper acquisition of Personal Information

The Company shall, in accordance with the Privacy Policy, acquire Personal Information properly by receiving the same from Users or acquiring the same from the partners of the Wallet who provide the Collaboration Services (hereinafter, the "Collaboration Services Providers"), and will not acquire the User Informationby deceit or other wrongful means.

Article 4. Purpose of use of personal information

The Company shall use the User Information as permitted by laws and regulations and for the following purposes, and Users shall agree to such use. The "Group Companies" refers to the Company and its subsidiaries (hereinafter the same). The Company will not handle the User Information beyond the scope necessary to achieve the purpose of use without obtaining the consent of the Users concerned in advance, except for cases permitted by laws and regulations.

1. Provide and operate the Wallet appropriately and smoothly.
2. Provide announcements and communication regarding the Wallet.
3. Follow procedures for application for use of the Wallet, cancellation of registration, change of registration information, and other verification and administrative procedures for the operation of the Wallet.
4. Detect and record fraudulent transactions using the Wallet and fraudulent use of the Wallet, and take measures against them.
5. Introduce various services provided by the Group Companies.
6. Improve, enhance, and add functions to various services provided by the Group Companies, develop new products and services in our Group Companies, and perform related statistical analysis and analyze customer trends related thereto.
7. Collaborate with other services and applications.
8. Use of the Collaboration Services by Users.
9. To be used by the Collaboration Services Providers in relation to provision of the Collaboration Services to Users in (viii) above.
10. Respond to inquiries and complaints from Users, provide consultations to Users, and resolve disputes.
11. Provide the User Information to third parties in a manner set forth in the Privacy Policy.
12. Analyze the attributes and tastes of Users, and advertise and introduce various services provided by the Group Companies and the Collaboration Services Providers or third parties as their advertisers based on such attributes and tastes.
13. Measure the effects and conduct a market analysis of the Wallet and related advertising and marketing, as well as improve various services provided by the Group Companies and do marketing thereof using the Wallet.
14. Improve, enhance, and add functions to various services by the Group Companies or the Collaboration Services Providers, conduct survey and analysis of the usage of the Wallet and the Collaboration Services in order to develop new products and services, create statistical information using the results, provide such statistical information to the Group Companies or the Collaboration Services Providers.
15. In addition to the above, exercise rights and fulfill obligations under the contracts with Users and laws and regulations, etc.

Article 5. Distribution of advertising emails

The Company, the Group Companies, or the Collaboration Services Providers through whom Users request the Company to provide the User Information pursuant to Article 7, Paragraph 2, may deliver e-mail newsletters, advertisements, etc., related to the services provided by the Company, the Group Companies or the Collaboration Services Providers.

Article 6. Security control measures for personal information

The Company shall endeavor to keep the User Information accurate and up-to-date, and in order to prevent leakage, loss, or damage and otherwise manage the security of the Personal Data, it shall implement the following security control measures regarding the handling of the User Information and take corrective measures as necessary.

1. The Company shall establish Personal Information Handling Rules and confirm the status of their implementation. The Company shall also appoint a person responsible for handling clerical affairs, as well as improving organizational structure for taking other security control measures, and shall endeavor to understand the status of handling the User Information and review security control measures.
2. The Company shall ensure that employees are fully aware of the proper handling of the User Information, provide appropriate education, and conduct necessary and appropriate supervision.
3. The Company shall take measures such as controlling access to its facilities and preventing theft of electronic media.
4. The Company shall implement access control for information systems that handle the User Information, take measures to prevent unauthorized access, and carry out other security measures.
5. When handling User Information in a foreign country, the Company shall take necessary and appropriate measures for the security management of the personal data after understanding the system for the protection of the Personal Information in the relevant foreign country.

Article 7. Restrictions on provision of personal information to third parties

(1) The Company shall not disclose or provide User Information to third parties without obtaining prior consent of the Users concerned, except in the following cases:

(i)        In cases where the Company provides the User Information in accordance with laws and regulations.

(ii)        When it is necessary for the protection of the life, body, or property of Users and it is difficult to obtain the consent of the User concerned.

(iii)        When it is particularly necessary for the improvement of public health or the promotion of sound upbringing of children and it is difficult to obtain the consent of Users concerned.

(iv)        When it is necessary for national organs, local public entities, or a person entrusted by them to cooperate in the execution of affairs prescribed by laws and regulations, and obtaining the consent of the User concerned is likely to hinder the execution of said affairs.

(v)        In cases where a third party to whom the Personal Data is disclosed or provided is an academic research institution or other research agency and needs to handle the Personal Data for academic research purposes (including cases where the academic research is a part of the purposes of handling the Personal Data, but excluding cases where handling of the Personal Data is likely to unduly infringe the rights and interests of individuals).

(vi)        In cases where the Company cooperates with other services that are not operated by the Company, or provides User Information to the external service operating company for certification using external services.

(vii) In cases where a part of the services is entrusted to the extent necessary for achieving the purpose of use.

(viii) In cases where the personal information is provided as a result of business succession due to a merger or for other reasons.

(ix) In a case where the User Information is shared with the Group Companies (refer to Article 9 "Sharing with Group Companies").

(x) In addition to the above, in cases where permitted by laws and regulations.

(2) When Users use the Collaboration Services of the Wallet, they shall confirm the description shown at the time of commencement of use of the Collaboration Services, and request the Company to provide the User Information to the Collaboration Services Providers on behalf of Users and agree that the Company should provide the User Information to the Collaboration Services Providers upon such request.

(3) In using the Wallet, Users shall request the Company to provide the User Information to the Japan Association for the 2025 World Exposition (the Osaka Kansai Expo) on behalf of Users to the extent necessary for the holding and operation of the Expo 2025 Osaka, Kansai, Japan, and agree that the Company should provide the User Information to the association upon such request.

Article 8. Entrustment of handling of the User Information

The Company may entrust all or part of the handling of the User Information to a third party within the scope necessary to achieve the purpose of use. In such cases, the Company shall appoint an entrustee who is deemed to handle the User Information appropriately; properly prescribe in an entrustment agreement the terms and conditions for safety management, confidentiality, re-entrustment and other matters concerning the handling of the User Information; and supervise the entrustee to the extent necessary and appropriate.

Article 9. Request for disclosure, etc.

In cases where the Company is requested by Users to notify the purpose of use of, disclose, correct the description of, suspend the use and provision to third parties of, and disclose records of provision to third parties of, the personal data of the relevant Users retained by the Company (hereinafter, the "Disclosures"), the Company shall respond to the request in accordance with laws and regulations after confirming that the request is made by the User themself. If a request for Disclosures is made on behalf of the User, the User shall submit to the Company any materials demonstrating the authority of representation. Refer to the following Link for procedures for requests for disclosure, etc.

Article 10. Handling of personal related information

(1) When the Company acquires from a third party information related to personal information as defined in the Personal Information Protection Act in connection with the Wallet and uses it as personal data, the Company shall obtain consent from the User concerned in advance to acquisition of the information related to personal information as personal data and take other measures and use the relevant personal data within the scope of the purpose of use prescribed in Article 4.

(2) When the Company provides the information related to personal information to a third party, and the third party is supposed to use the information related to personal information as personal data, the Company shall confirm that the third party has obtained the consent of the User concerned in advance to acquire the information related to personal information as personal data.

Article 11. Use of cookies and other technologies

The Wallet may use cookies and similar technologies. These technologies help the Company to understand the usage of the services and contribute to improving the services. Users may delete stored cookies; however, it may result in the loss of some features of the Wallet.

Article 12. Name of the Company, etc.

HashPort Inc.

Hamamatsucho Building 12F, 1-1-1 Shibaura, Minato-ku, Tokyo

Seihaku Yoshida, CEO

Article 13. Personal Information Protection Administrator

Title of Administrator: General Affairs Manager

Department: General Affairs Department, HashPort Inc.

Contact: privacy@hashport.io

Article 14. Contact information

The Company will respond promptly and appropriately to complaints and consultation requests from Users regarding the handling of personal information. For inquiries, consultations, requests for disclosure, etc., regarding the handling of the personal information by the Company, contact the following.

*Please note that we will not be able to respond to inquiries and requests made by visiting the Company.

Contact:

Contact for Personal Information, HashPort Inc.

Hamamatsucho Building 12F, 1-1-1 Shibaura, Minato-ku, Tokyo

Email: privacy@hashport.io

Business Hours: 10:00 a.m. to 5:00 p.m. on weekdays (Inquiries made during year-end and New Year holidays, Golden Week holidays, and summer vacation periods will be handled on or after the following business day.)

Article 15. In cases where Users do not agree to the Privacy Policy

If Users do not enter the necessary information for the use of the Wallet, do not provide, transmit, or report to the Company matters prescribed by the Company including user information, or do not consent to all or part of the Privacy Policy, the Company may not approve Users' use of the Wallet.

Article 16. Revision

The Company may revise the Privacy Policy in whole or in part, and Users shall agree thereto in advance. When the Company changes the Privacy Policy, the Company shall notify or announce such changes to Users in the manner prescribed by the Company.

Special Provisions on the EU General Data Protection Regulation

In cases where the Company processes User Information which is subject to the applicable privacy laws and regulations, including the General Data Protection Regulation (Regulation (EU) 2016/679 of 27 April 2016) (hereinafter, "GDPR") and relevant national enforcement laws, the relevant User Information shall be subject to the following special provisions (hereinafter, the "Special Provisions" and together with the Privacy Policy, the "Privacy Policy, Etc."). The terms defined in GDPR shall have the meanings ascribed thereto in GDPR.

1. Types of information to be collected

The types of personal data collected by the Company shall be as set forth in Article 2 of the Privacy Policy.

2. Purpose of use and legal basis

The Company shall use the personal data for the following purposes. The legal basis for each use is as described in each Section as follows:

(1) Provide and operate the Wallet appropriately and smoothly.

Legal basis: It is necessary to perform a contract between the Company and Users or to prepare to enter into a contract at the request of Users. It is also necessary for the legitimate interest of the Company to provide the Wallet properly or efficiently, and for Users to agree to the purpose of use.

(2) Provide announcements and communication regarding the Wallet.

Legal basis: It is necessary to perform a contract between the Company and Users or to prepare to enter into a contract at the request of Users. It is also necessary for the legitimate interest of the Company to provide the Wallet properly or efficiently, and for Users to agree with the purpose of use.

(3) Follow procedures for application for use of the Wallet, cancellation of registration, change of registration information, and other verification and administrative procedures for operation of the Wallet.

Legal basis: It is necessary to perform a contract between the Company and Users or to prepare to enter into a contract at the request of Users. It is also necessary for the legitimate interest of the Company to provide the Wallet properly or efficiently, and for Users to agree with the purpose of use.

(4) Detect and record the fraudulent transactions using the Wallet and fraudulent use of the Wallet, and take measures against them.

Legal basis: It is necessary to comply with the legal obligations owed by the Company. It is also necessary for the legitimate interest of the Company to provide the Wallet properly or efficiently, and for Users to agree with the purpose of use.

(5) Introduce various services provided by the Group Companies.

Legal basis: It is necessary for the legitimate interest of the Company to promote and develop the businesses of the Group Companies and to provide the services of the Group Companies properly or efficiently, and for Users to agree with the purpose of use.

(6) Improve, enhance, and add functions to various services provided by the Group Companies, develop new products and services by the Group Companies, and perform related statistical analysis and analyze customer trends related thereto.

Legal basis: It is necessary for the legitimate interest of the Company to promote and develop the businesses of the Group Companies and to provide the services of the Group Companies properly or efficiently, and for Users to agree with the purpose of use.

(7) Collaborate with other services and applications.

Legal basis: It is necessary for the legitimate interest of the Company to promote and develop the businesses of the Group Companies and to provide the services of the Group Companies properly or efficiently, and for Users to agree with the purpose of use.

(8) Use of the Collaboration Services by Users.

Legal basis: It is necessary for the legitimate interest of the Company to promote and develop the businesses of the Group Companies, and for Users to agree with the purpose of use.

(9) To be used by the Collaboration Services Providers in relation to provision of the Collaboration Services to Users in (8) above.

Legal basis: It is necessary for the legitimate interest of the Company to promote and develop the businesses of the Group Companies, and for Users to agree with the purpose of use.

(10) Respond to inquiries, consultation requests, and complaints from Users, and resolve disputes.

Legal basis: It is necessary to perform the contract between the Company and Users or to prepare to enter into a contract at the request of Users. It is also necessary for the legitimate interest of the Company to respond to inquiries and complaints from Users, and for Users to agree with the purpose of use.

(11) Provide the User Information to third parties in a manner set forth in the Privacy Policy.

Legal basis: It is necessary for the legitimate interest of the Company to promote and develop the businesses of the Group Companies, and for Users to agree with the purpose of use.

(12) Analyze the attributes and tastes of Users and advertise and introduce various services provided by the Group Companies and the Collaboration Services Providers or third parties as their advertisers based on such attributes and tastes.

Legal basis: It is necessary for the legitimate interest of the Company to promote and develop the businesses of the Group Companies, and for Users to agree with the purpose of use.

(13) Measure the effects and conduct a market analysis of the Wallet and related advertising and marketing, as well as improve various services provided by the Group Companies and do marketing thereof using the Wallet.

Legal basis: It is necessary for the legitimate interest of the Company to promote and develop the businesses of the Group Companies, and for Users to agree with the purpose of use.

(14) Improve, enhance, and add functions to various services by the Group Companies or the Collaboration Services Providers, conduct survey and analysis of the usage of the Wallet and the Collaboration Services in order to develop new products and services, create statistical information using the results, provide such statistical information to the Group Companies or the Collaboration Services Providers.

Legal basis: It is necessary for the legitimate interest of the Company to promote and develop the businesses of the Group Companies, and for Users to agree with the purpose of use.

(15) In addition to the above, exercise rights and fulfill obligations under the contracts with Users and laws and regulations, etc.

Legal basis: It is necessary to perform a contract between the Company and Users or to prepare to enter into a contract at the request of Users. It is also necessary to comply with the legal obligations owed by the Company, and for Users to agree with the purpose of use.

3. Sharing personal data

(1) Japan Association for the World Exposition

The Company shall provide the personal data of Users to the Japan Association for the 2025 World Exposition to the extent necessary for the holding and operation of the Expo 2025 Osaka, Kansai (Osaka Kansai Expo).

(2) Collaboration Services Providers

Subject to prior consent of Users, the Company shall provide the personal data of Users to the Collaboration Services Providers who provide the Collaboration Services to be used by Users.

For the type of personal data provided to the Collaboration Services Providers and the purpose of use by the Collaboration Services Providers, the Users shall confirm the description shown at the time of commencement of use of the relevant Collaboration Services.

(3) Suppliers, etc.

The Company may share the personal information of Users with its contractors and suppliers who provide services for the Company for the purpose of providing hosting, maintenance, support, e-mail, monitoring, and marketing services, responding to use of the Wallet by Users, providing customer services, and conducting customer surveys and satisfaction surveys.

(4) Reorganization, etc.

In the event of merger, company split, share exchange, share transfer, share delivery, business transfer, transfer of assets, corporate reorganization or civil rehabilitation (including those relating to bankruptcy or similar proceedings) with respect to all or part of the businesses of the Company, the Company may provide the personal data of Users to a related third party.

(5) Compliance with laws and regulations

The Company may be required to disclose the personal data of Users at the request of laws, cabinet and ministerial ordinances, rules (including rules of the Financial Instruments Exchanges or the Japan Securities Dealers Association), regulations, treaties, guidelines, notices, circular notices, announcements, guidelines for administrative processes, self-regulations by self-regulation organizations and others equivalent thereto (including those equivalent thereto in foreign countries), or the public agencies and government authorities in and outside the country in which Users reside.

The Company may also disclose the personal data of Users when it determines that disclosure is reasonably necessary to protect its rights, seek remedies available to it, exercise its rights, investigate fraud, or protect its business or customers.

4. Handling the personal data in Japan

The Company shall handle the personal data of Users in Japan.

Japan has received a decision from the European Commission to demonstrate that it provides the same level of data protection as GDPR (adequacy decision).

5. Retention period of personal data

The Company shall retain the personal data of Users only for the period necessary for the purposes of collection and processing of the data. The specific retention period shall be determined in consideration of the purpose of collection and processing of the personal data, the nature of the personal data, and the legal or business need for retention of the personal data.

However, the Company may retain and process the personal data of Users for a period longer than the period necessary for the purpose of data collection and processing in cases where the purpose of data collection and processing is to exercise the rights or perform the obligations of the Company, or to perform operations that contribute to the public interest, where Users consent to the purpose of data collection and processing, or under other specific circumstances.

6. Rights of data subjects

As data subjects of the personal data, Users have the following rights:

• Access rights

Users can request disclosure of their personal data retained by the Company. The Company will also provide additional information on the processing of the personal data of Users upon their request.

• Right to request corrections

Users may request the Company to correct any incomplete or inaccurate data on Users retained by the Company. In such cases, the Company may require Users to follow procedures to confirm the accuracy of data newly provided by Users to the Company.

• Right to request deletion

In the event that the Company has no justifiable reason to continue the processing of the personal data, that the personal data is no longer necessary, or that Users withdraw the consent which is the only legal basis for the processing, Users may request the Company to delete the personal data.

• Right to request limitation of processing

In the event that Users wish to secure the accuracy of the personal data, that the processing of the personal data by the Company is illegal, that the Company no longer needs processing of the personal data, or that the procedures for objection are pending, Users may request that the processing of the personal data of Users be suspended.

• Data portability rights

Users may request that the personal data of the User concerned be provided to the Users or a third party appointed by the Users in a structured, commonly used, and machine-readable form. However, such right is solely applicable to the cases where the Company processes the personal data of Users by automated means and where the consent of Users or performance of a contract to which the Users are the parties is the legal basis for processing.

• Right to make an objection

In cases where the Company processes the personal data for the legitimate interest of the Company as legal grounds, or where the processing of the personal data is deemed to affect the fundamental human rights of Users, Users may make an objection to the processing by the Company of their personal data. Users also have the right to make an objection if the Company processes the personal data of Users for direct marketing purposes.

• Right to withdraw consent

If the Company processes the personal data with consent of Users, Users may withdraw their consent at any time. However, it does not affect the legality of any processing conducted prior to the withdrawal of consent.

• Right to file a complaint

Users may file a complaint with the competent data protection supervising authorities. The Company urges Users to consult the Company before they consult with the relevant protection supervising authorities, as the Company desires an opportunity to respond to Users' concerns.

• Automated decision making

Users shall have the right not to be subject to decisions that have legal consequences for the User concerned or that are based solely on automated processing that has an equivalent significant impact thereto. However, the Company does not make decisions based solely on automated processing.

7. Absence of legal obligations

Users shall not assume legal or contractual obligations to provide their personal data to the Company until they accept the terms of use prescribed by the Company and the Privacy Policy and other regulations, and otherwise complete the procedures prescribed by the Company for the use of the Wallet. After Users accept the terms of use prescribed by the Company and the Privacy Policy and other regulations, and otherwise complete the procedures prescribed by the Company for the use of the Wallet, if Users refuse the Company's use of the personal data, Users' use of the Wallet may be restricted in whole or in part.

8. Use by a minor

The Company will not knowingly and willfully collect and process information concerning persons under 16 years of age without the permission and consent of a person with parental authority. If the Company discovers that it has directly collected and processed personal information of a person who is under 16 years of age, or who has not reached the minimum age prescribed under the laws of each EU member state having the same intent as that of GDPR without the permission and consent of the person with parental authority, the Company shall take measures to delete the relevant information as soon as possible.

9. Revision

These Special Provisions shall be revised as prescribed in the provisions of Article 17 of the Privacy Policy.

10． Administrator and contact information

The administrator and contact information for the processing of the personal data of Users are as follows:

Personal Information Office, HashPort Inc.

Hamamatsucho Building 12F, 1-1-1 Shibaura, Minato-ku, Tokyo

Email address: privacy@hashport.io