PRIVACY POLICY

Article 1 (Scope of Application)

This Policy stipulates the handling of personal information and information equivalent thereto acquired from the principal (the person himself/herself) in connection with the use of the hotel business (accommodation, food and beverage, banquet, and other related services) operated by the Company (hereinafter referred to as the "Service") and use for business purposes.

Article 2 (Personal Information to be Acquired)

The Company acquires the following personal information of customers by lawful and fair means in providing the Service and for use in business operations.

• Basic information regarding the customer himself/herself
  Name, gender, date of birth, address, telephone number, FAX number, email address, information regarding driver's licenses, residence certificates, passports, and other public certificates, etc.
• Information regarding accommodation (including matters based on Article 6 of the Hotel Business Act (Act No. 138 of 1948))
  In addition to 1. above, occupation, place of employment, address of place of employment, nationality, passport number.
• Information regarding payment
  Credit card information, bank account information, billing address, other information necessary for settlement and confirmation thereof, etc.
• Information related to the provision of the Service
  Requests regarding meals (allergy information, etc.), health condition (use of wheelchair, etc.), other special requests from the customer, service usage history.
• Information regarding contact and inquiries
  Content of inquiries, opinions, requests, and information necessary to respond to them.
• Information regarding the use of the Company's facilities
  Video footage from surveillance cameras installed for the purpose of crime prevention and safety management.
• Information regarding the use of the Company's website, etc.
  Access log information such as Cookie information, IP address, browser type, device information, browsing history, etc.
• Applicant information provided during recruitment, job application, and selection
  Matters described in documents, etc. submitted to the Company by applicants such as resumes and curriculum vitae (name, gender, address, date of birth, telephone number, email address, etc.).
• Personal information of the Company's employees
  Personnel and labor management information (name, date of birth, address, gender, telephone number, mobile phone number, email address, facial photo, educational background, work history, emergency contact, family/relative information, qualifications held, nationality, status of residence, rewards and punishments, employee ID number, date of entry, etc.), information necessary for salary, social insurance, and welfare procedures (basic salary, various allowances, etc., family/relative information, social insurance information, bank account information, credit card number, attendance/leave of absence information, entry/exit records, etc.), information related to education and training (department, position, career, training history, qualifications held, information on evaluation, information on languages handled, etc.), and information regarding health, safety, and hygiene (health condition, medical history, physical or mental disability, health checkup results, stress check results, industrial physician interview records, working hours, etc.).

Article 3 (Purpose of Use of Personal Information)

(1) The Company uses acquired personal information for the following purposes:

• Personal information acquired in providing the Service
  ①To accept, manage, and provide reservations regarding the Service.
  ② To bill and collect fees, issue receipts, and perform related confirmation tasks regarding the Service.
  ③ To create and manage the guest registry based on laws and regulations such as the Hotel Business Act.
  ④ To confirm the identity of the customer (identity verification).
  ⑤ To respond to inquiries, requests, complaints, etc., from customers.
  ⑥ To contact customers (including in emergencies).
  ⑦ To provide information on the Company's services, products, campaigns, events, etc. (including sending emails and direct mail).
  ⑧ To conduct questionnaire surveys and marketing analysis for the maintenance and improvement of the Company's services and the development of new services.
  ⑨ To ensure the safety of the Company's facilities and customers, and for crime prevention and disaster prevention.
  ⑩ To respond to acts that violate the Terms of Use, etc., established by the Company.
  ⑪ For operations incidental to each of the above items.
• Applicant information provided during recruitment, job application, and selection
  ① To provide information and contact applicants for recruitment and job openings.
  ② For selection activities.
• Personal information of the Company's employees
  ① For procedures and notifications required by law.
  ② For operations associated with the payment of salaries, etc.
  ③ For employment and personnel management.

(2) The Company provides acquired personal information to third parties in accordance with the methods described in this Policy.

Article 4 (Handling of Special Care-Required Personal Information)

The Company does not acquire special care-required personal information (sensitive personal information) such as the allergy information or health condition of the principal, except when there is the principal's consent or when based on laws and regulations. If such information is provided voluntarily by the principal, it will be deemed that the principal has consented, and it will be used only within the scope necessary for business operations.

Article 5 (Handling of Specific Personal Information, etc.)

Regarding the handling of Individual Numbers (My Number) and Specific Personal Information, the Company complies with the "Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures (My Number Act)," the "Act on the Protection of Personal Information," and the "Guidelines for the Proper Handling of Specific Personal Information (for Business Operators)."

Article 6 (Third-Party Provision of Personal Information)

The Company will not provide personal information to a third party without obtaining the prior consent of the principal, except in the following cases:

• Cases based on laws and regulations.
• Cases where there is a need to protect the life, body, or property of an individual and it is difficult to obtain the consent of the customer himself/herself.
• Cases where there is a special need to improve public health or promote the healthy development of children and it is difficult to obtain the consent of the customer himself/herself.
• Cases where it is necessary to cooperate with a national government organ, a local government, or a person entrusted by them in performing affairs prescribed by laws and regulations, and obtaining the consent of the customer himself/herself is likely to impede the performance of said affairs.
• Other cases permitted by laws and regulations.
• Cases where provision is made in conjunction with the outsourcing of business as stipulated in Article 7

Article 7 (Outsourcing of Business)

The Company may entrust all or part of the handling of personal information to an external third party within the scope necessary to achieve the purpose of use (e.g., reservation system management companies, cleaning outsourcing companies, payment processing companies, etc.). In this case, the Company exercises necessary and appropriate supervision over the trustee, such as concluding contracts and conducting periodic audits, to ensure that the trustee handles personal information appropriately.

Article 8 (Joint Use of Personal Information)

The Company may jointly use the personal information it holds within the scope necessary to achieve the purpose of use. The Company's Personal Information Protection Manager is responsible for managing the personal information to be jointly used. Inquiries regarding details will be handled at the contact point in Article 13.

• Items of personal information to be jointly used
  Information stipulated in Article 2, Paragraph 1 through Paragraph 9, etc.
• Scope of joint users
  MIRARTH HOLDINGS, Inc., and consolidated subsidiaries and affiliates described in the securities reports, etc. of MIRARTH HOLDINGS, Inc. (hereinafter referred to as "the Company's Group Companies").
• Purpose of use by joint users
  Purposes of use listed in Article 3.
• Person responsible for the management of said personal information
  LEBEN HOTELS Co., Ltd.
  2-2-15 Minamisemba, Chuo-ku, Osaka-shi
  Representative Director: Taishi Iwamoto

Article 9 (Safety Management Measures)

The Company takes necessary and appropriate measures from organizational, human, physical, and technical perspectives to prevent the leakage, loss, or damage of handled personal information and for other safety management of personal information.

• Formulation of Basic Policy
  To ensure the proper handling of personal information, the Company has formulated a Personal Information Protection Policy (Privacy Policy) regarding compliance with related laws, regulations, and guidelines, and the contact point for handling questions and complaints.
• Establishment of Discipline regarding Handling of Personal Information
  The Company has formulated Personal Information Protection Regulations regarding the handling methods, responsible persons/persons in charge, and their duties, etc., for each stage of acquisition, use, storage, provision, deletion/disposal, etc.
• Organizational Safety Management Measures
  The Company has built a management system regarding personal information protection, established internal regulations, and appointed responsible persons.
• Human Safety Management Measures
  The Company conducts periodic education and training for employees regarding points of attention concerning the handling of personal information. The Company also requires employees to submit a written pledge regarding the confidentiality of personal information.
• Physical Safety Management Measures
  In areas where equipment handling personal information is installed, the Company implements management such as locking and restricting the entry of non-authorized personnel.
• Technical Safety Management Measures
  The Company implements protection against unauthorized access (access control, installation of firewalls, etc.) and setting of passwords for information systems, etc.
• Understanding of External Environment
  The Company implements safety management measures after understanding the laws and regulations concerning the protection of personal information in the countries where personal information is stored.

Article 10 (Disclosure, Correction, Suspension of Use, etc. of Personal Information)

When the Company receives a request from the principal or his/her agent for disclosure, correction, addition, deletion, suspension of use, erasure, or suspension of provision to a third party (hereinafter referred to as "Disclosure, etc.") regarding the personal information of said principal, the Company will respond without delay in accordance with the provisions of laws and regulations after confirming the identity of the principal. However, this does not apply if the Company is not obligated to perform Disclosure, etc. under laws and regulations. For details on the procedures for requesting Disclosure, etc., please contact the inquiry window in Article 13.

Article 11 (Use of Cookies, etc.)

The Company's website may use Cookies and similar technologies to improve customer convenience, understand usage status, and deliver advertisements. Cookies identify the customer's computer and do not contain information that identifies the customer personally (name, address, telephone number, etc.). Customers can refuse to receive Cookies by changing their browser settings, but in that case, some services of the Company's website may become unavailable.

Article 12 (Changes to Privacy Policy)

The Company may revise the contents of this Policy as necessary due to amendments to laws and regulations, changes in business content, etc. In the event of a revision, the Company will make it known to customers by posting it on the Company's website or by other appropriate methods. The revised Privacy Policy shall take effect from the time it is posted on the Company's website.

Article 13 (Inquiry Window)

For questions, complaints, requests for Disclosure, etc., and other inquiries regarding the Company's handling of personal information, please contact the window below.

Contact Window for Personal Information

LEBEN HOTELS Co., Ltd.

• Note: Please contact each window for details on the procedures for requests for disclosure (necessary documents, method of reception, method of identity verification, etc.). A fee (500 yen per case (tax included)) will be charged for requests for disclosure.

(Supplementary Provisions)
Date of Enactment: March 24, 2022
(Date of Revision: January 27, 2026)

For residents of the European Economic Area (EEA), please click the link below.
Appendix: To Persons Residing in the European Economic Area