This Global Privacy Policy (this “Privacy Policy”) prescribes the methods of processing personal information related to the NFT project “IROIRO” provided by CyberZ, Inc., located at 23F Shibuya Scramble Square, 2-24-12 Shibuya Shibuya-ku, Tokyo, Japan (the “Company”) (the “Services”; including the website related to the Services (the “Website”) and handling of inquiries regarding the Services; the same shall apply hereinafter).  The Company processes personal information of customers (“customers” or “you”) by the methods set out below.

In addition to this Privacy Policy, which applies to all of our customers who use the Services, the Company has prepared exhibits that may also apply to you depending on the country or the area in which you reside or are located.  In such case, please refer to the applicable jurisdiction-specific exhibits. If this Privacy Policy conflicts with the jurisdiction-specific exhibits, such exhibits will prevail.

1. Categories of Personal Information Subject to Processing

The Company processes the following personal information of customers.

• Registration Information: Wallet addresses
• Service information: Wallet addresses, transaction logs including purchase histories for NFTs and other personal information that the Company acquires in connection with the Services.  (If required by any applicable law, the Company acquires such information after notifying the customers separately.)
• Online identifiers and devices information: Cookies, IP addresses, and other online identifiers of customers who access the Website and browser type, OS type, device type, and other information acquired from customer’s devices
• Information related to inquiries: Name, wallet address, e-mail address, inquiry items, and details of the inquiry of each customer who makes an inquiry

• Other: In addition to the above information, when customers use the Services, the Company may acquire information provided by customers to the Company at their discretion.

2. Purposes of Collection or Other Processing

The Company processes personal information of customers for the following purposes:

• to provide, operate, and improve the Services;

• to analyse attributes of customers who access the Website and personalize and improve the Website;

• to conduct maintenance of the Website, to investigate server problems, and to perform failure recovery;

• to respond to inquiries from customers;

• if required, to respond to disputes and lawsuits, etc. and to comply with legal obligations of the Company;

• to conduct other business operations necessary to provide the Services and services incidental thereto;

• to refer to the information for development of new services;

• to prepare statistical information or other non-personal information;

• to ensure the security of the Services and the Website, including prevention of cyber attacks;

• for purposes agreed on by customers and purposes separately disclosed to customers when the information is collected; and

• for other purposes permitted under applicable laws and regulations.

3. Legal Basis, etc. for Processing

The Company processes your personal information in accordance with applicable personal information protection regulations.  Please refer to the jurisdiction-specific exhibits regarding the legal basis for processing in each jurisdiction.

The provision of your personal information may be mandatory on the grounds that such provision is a statutory or contractual requirement or a requirement necessary to enter into a contract.  Specifically,

• The provision of registration information that is required to be entered for registration is a requirement necessary for you to enter into a contract with the Company.  If you do not provide the registration information, the Company may not be able to register your account.
• The provision of service information that is required to be provided and the provision of online identifiers and devices information that are strictly necessary are required as contractual requirements.  If you do not provide the service information, the Company may not be able to provide all or part of the Services to you.
• The provision of information related to inquiries that is required to be provided is required as a contractual requirement.  If you do not provide the information related to inquiries, the Company may not be able to respond to inquiries from you.

4. Retention Period for Personal Information

The Company retains your personal information for as long as necessary in order to fulfil the purposes of processing personal information as set out above.

In order to determine the appropriate retention period for personal information, the Company considers (i) the volume, attributes, and confidentiality of the personal information, (ii) risks of potential damage from abuse or disclosure of personal information, (iii) the purposes for which the Company processes the personal information and whether those purposes may be achieved by other means, and (iv) applicable legal requirements.

5. Sources of Personal Information

The Company acquires your personal information by directly receiving such information from you or by automatically acquiring online identifiers such as cookies.  The Company also indirectly acquires analyses and attribute information of customers who access the Website through the Website’s traffic analysis service providers such as Google LLC.

6. Sharing and Disclosure of Personal Information

The Company shares with and discloses customers’ personal information to the following third parties in order to fulfil the purpose of processing personal information as set out above.

• Sharing with Processors (Service Providers)

・Cloud service providers such as Amazon Web Services, Inc. and Zendesk, Inc.;

・The Website’s traffic analysis service providers such as Google LLC;

・Development outsourcing contractors such as PlatiumEgg, Inc.; and

・Other contractors of the Company

• Legal Compliance, etc.

In some instances, the Company may be required to disclose your personal information to public and governmental authorities within or outside your country of residence in accordance with law and/or requests from such authorities.  The Company will also disclose your personal information if the disclosure is necessary or appropriate, due to the purposes of law enforcement or handling other issues of public importance.  The Company will also disclose your personal information if the disclosure is reasonably necessary to protect the Company’s rights, to pursue available remedies, to enforce the Company’s terms of use, to investigate fraud, or to protect the Company’s operations or customers.

• Other

In addition, we may also share personal information of customers with third parties, including the following.

• Cases where personal information is shared as part of an actual or potential corporate sale, merger, acquisition, or reorganization, or other transfer of all or part of our assets, including as part of a bankruptcy proceeding;
• Cases where there is a need to protect a human life, body or property, and when it is difficult to obtain the customer’s consent;
• Cases where the Company shares the personal information with the customer’s consent
• Other cases allowed under applicable laws and regulations.

7. Overseas Transfer of Personal Information

As a result of the above sharing and disclosure, your personal information may be transferred to the following countries or areas.

• Japan
• United States of America
• European Union

In such cases, the Company will take proper protection measures required by the personal information protection regulation of each jurisdiction.  For the protection measures of each jurisdiction, please refer to the jurisdiction-specific exhibits.

8. Safety Management Measures

The Company takes necessary and appropriate measures for management of the personal information of customers, including prevention of leakage, loss, or damage of the personal information of customers.  When the Company handles personal information in each jurisdiction, the Company takes necessary and appropriate measures for safety management of personal data after ascertaining the external environment in the applicable jurisdiction such as systems regarding protection of personal information.

If you do not wish to use cookies or other tracking technologies, you may disable them by changing your web browser settings.  For the legal basis for processing of cookies related to customers who reside or are located in EEA (European Economic Area) and the United Kingdom, please refer to the exhibit for EEA (European Economic Area) and the United Kingdom.

• Google Analytics

The Company may use Google Analytics for analytics and marketing purposes.

In Google Analytics, customers’ information will be collected by using cookies, etc.  For more information about how Google Analytics collects and uses data when you use the Website, visit here (www.google.com/policies/privacy/partners).

In order to opt out of Google Analytics, visit here (tools.google.com/dlpage/gaoptout) and disable the data use by Google Analytics.

9. Links, etc. to Third-Party Websites

The Service may provide customers links to third-party websites or apps.  The Company does not control the privacy practices of those websites or apps, and they are not covered by this Privacy Policy.  You should review the privacy policies of those websites or apps that you use to learn about their data practices.

10. Rights of Customers

The Company will respect the rights you hold regarding personal information protection regulations applicable to you.  In accordance with the Act on the Protection of Personal Information of Japan (“Personal Information Protection Act”), customers may require disclosure of retained personal data (whose meaning is defined in the Personal Information Protection Act), correction, addition, and deletion of content, cease and erasure of usage, cease of provision to third parties, and disclosure of records of the provision to third parties.  In addition, in personal information protection regulations of each applicable jurisdiction, rights may be granted to customers. For rights granted in each jurisdiction, please refer to the jurisdiction-specific exhibits. If you wish to exercise your rights, please make an inquiry using the contact details in Section 12 (Contact details) of this Privacy Policy.

11. Contact Details

For questions, complaints, or other inquiries regarding processing of personal information of the Company and this Privacy Policy (including each jurisdiction-specific exhibit), please contact the consultation center stated below:

• Inquiry form: https://cyber-z.co.jp/en/contact

12. Changes to this Privacy Policy

The Company may, in making changes to this Privacy Policy (including jurisdiction-specific exhibits), change or add to all or part of this Privacy Policy by publishing on the Website, sending e-mail to customers, or giving notice by any other method that the Company deems appropriate (subject to applicable laws and regulations, if any).  If there are any necessary procedures in applicable personal information protection regulations, such procedures will be taken.  The Company advises you to periodically visit this page and confirm the updates.  Customers can confirm the “last updated” date to know when this Privacy Policy (including each jurisdiction-specific exhibit) has last been updated.