OBI HOLDINGS PTE LTD (hereinafter "the Company") sets forth the following Privacy Policy (hereinafter "this Policy") regarding the handling of users' personal information in the EC service "CLOUD HEART" (hereinafter "the Service") provided by the Company in connection with sporting goods and related products.

This document is an English translation of the Japanese Privacy Policy, provided for convenience purposes only. The Japanese original shall constitute the governing and legally binding version. In the event of any conflict, ambiguity, or inconsistency between this translation and the Japanese original, the Japanese original shall prevail in all respects.

1. Article 1 — Definition of Personal Information

   In this Policy, "personal information" refers to information relating to a living individual as defined under Japan's Act on the Protection of Personal Information (Act No. 57 of 2003; hereinafter "APPI") and Singapore's Personal Data Protection Act 2012 (hereinafter "PDPA"), including information that can identify a specific individual through name, date of birth, address, telephone number, email address, or other descriptions.

2. Article 2 — Methods of Collecting Personal Information

   In connection with users' use of the Service, the Company may collect the following information:

   • Registration information such as name, address, telephone number, and email address

   • Transaction-related information such as payment information and delivery address

   • Service usage history, access logs, browsing history, and similar information

   • Information obtained through cookies, device identifiers, and similar technologies

3. Article 3 — Purpose of Use

   The Company uses collected personal information for the following purposes:

   • To provide, operate, maintain, and improve the Company's EC site (the Service)

   • To process product orders, pack and ship products, process payments, and communicate delivery status

   • To respond to inquiries and verify identity

   • To deliver information via email regarding new products, sales, campaigns, and other updates related to sporting goods handled by the Company

   • To analyze users' purchase history, browsing history, and similar information to provide product recommendations and deliver targeted advertising based on individual preferences

   • To detect, prevent, and respond to fraudulent orders, unauthorized access, and other improper activities in the Service

   • For other purposes incidental to the above

4. Article 4 — Changes to Purpose of Use

   The Company may change the purpose of use of personal information to the extent that a reasonable connection to the original purpose is recognized.

   Any such changes will be published on the Service.

5. Article 5 — Management of Personal Information

   The Company will implement necessary and appropriate measures to maintain the accuracy of personal information and manage it securely.

   The Company handles personal data on servers located in the Republic of Singapore and implements necessary and appropriate security management measures with a proper understanding of Singapore's personal information protection framework (APPI and PDPA). Measures to prevent unauthorized access, leakage, falsification, and loss include:

   • Encryption of personal data (during transmission, reception, and storage)

   • Access controls (only authorized personnel may access personal data)

   • Implementation of unauthorized access detection systems and regular security audits

6. Article 6 — Provision to Third Parties

   The Company will not provide personal information to third parties without the user's consent, except in the following cases:

   • When required by law

   • When necessary to protect a person's life, body, or property

   • When required to comply with a request from a public authority

   • When provided to a business contractor within the necessary scope

7. Article 6-2 — Joint Use with Group Companies

   Pursuant to Article 27, Paragraph 5, Item 3 of the APPI, the Company may jointly use personal data with its group companies (including OBI Holdings Japan Co., Ltd. and OBI MEDIA PTE LTD) as follows:

   • Items of personal data subject to joint use: Name, address, telephone number, email address, purchase history, and delivery address

   • Scope of joint users: The Company and its subsidiaries and affiliated companies (a list is published on the Company's website at https://obi.sg)

   • Purpose of use by joint users: Same as the purposes set forth in Article 3

   • Party responsible for the management of personal data: OBI HOLDINGS PTE LTD / Address: 83 Clemenceau Avenue, #18-01 UE Square, Singapore 239920 / Representative: NAGAYAMA KANAME

8. Article 6-3 — Transfer of Personal Data to Foreign Countries

   The Company may store and process users' personal data on servers located in the Republic of Singapore. An overview of Singapore's personal information protection framework is as follows:

   • Singapore has a comprehensive personal data protection law, the Personal Data Protection Act 2012 (PDPA), which applies to the private sector.

   • Singapore participates in the APEC Cross-Border Privacy Rules (CBPR) system, which provides a framework for cross-border data transfers.

   • However, Singapore has not received an adequacy decision from the EU under Article 45 of the GDPR, and is not designated as a country with a personal information protection framework equivalent to Japan's under Article 28 of the APPI.

   In connection with the above data transfers, the Company will obtain the user's consent to the provision of personal data to a third party located in a foreign country, pursuant to Article 28, Paragraph 1 of the APPI.

   The Company continuously implements in Singapore measures equivalent to those required of personal information handling businesses under Chapter 4, Section 2 of the APPI, and has implemented measures corresponding to the eight principles of the OECD Privacy Guidelines.

   In the event that additional countries or regions in which personal data is stored or processed are added in the future, this Policy will be updated and published on the Service.

9. Article 7 — Outsourcing

   The Company may outsource the handling of personal information to third parties to the extent necessary for the operation of the Service.

   In such cases, the Company will exercise appropriate supervision over the contractor.

10. Article 8 — Use of Cookies

    The Company may use cookies and similar technologies to improve the convenience of the Service and to analyze usage through Google Analytics.

    Users may restrict the use of cookies through their browser settings; however, doing so may limit the availability of certain features.

11. Article 9 — Access Analysis Tools

    The Company may use access analysis tools such as Google Analytics to improve the Service.

    Information obtained through such tools does not identify individuals.

12. Article 10 — Disclosure of Personal Information

    Users may request disclosure of their own personal information held by the Company.

    The Company will respond appropriately in accordance with applicable laws and regulations.

13. Article 11 — Correction, Deletion, and Suspension of Use

    Users may request the correction, addition, deletion, or suspension of use of their own personal information.

    The Company will respond promptly within a reasonable scope.

14. Article 12 — Use by Minors

    When minors use the Service, parental or guardian consent shall be obtained as necessary.

15. Article 13 — External Links

    The Company assumes no responsibility for the handling of personal information on external websites linked from the Service.

16. Article 14 — Changes to This Policy

    The Company may revise this Policy in response to changes in laws and regulations or the content of the Service.

    Revised content will take effect upon publication on the Service.

17. Article 15 — Contact

    For inquiries regarding this Policy, or to request disclosure, correction, deletion, or suspension of use of personal information, please contact us at:

    Email: support@cloudheart.com

    Department: New Business Division — CLOUD HEART