Handling of Personal Information

Personal Information Protection Policy

Personal Information Handling Entities

SPACE HOSTEL Co., Ltd. (fantasista Co., Ltd. (TSE STD1783) 100% subsidiary)

The entities mentioned above (referred to as "our company" below) hold the following principles regarding the handling of personal information:

As part of our efforts to enhance the level of personal information protection, we handle personal information based on the following policy and continually work towards improvement:

1. Collection of Personal Information

We collect personal information within the scope necessary for our business operations and do so appropriately.

2. Use of Personal Information

We identify the purposes of using personal information to the greatest extent possible and use it within the necessary scope to achieve those purposes.

3. Provision to Third Parties

Except as required by laws and our privacy policy, we will not provide personal information to third parties without obtaining the consent of the individuals in advance.

4. Outsourcing

When outsourcing all or part of the handling of personal information to external parties, we select outsourcing partners who meet the personal information protection standards defined by laws and our company. We also provide necessary and appropriate supervision to ensure the proper protection of personal information. The same standards apply to re-outsourcing to subcontractors.

5. Safety Management Measures

To prevent incidents such as leakage, loss, or damage of personal information, we implement necessary and appropriate safety management measures and continually improve them.

6. Compliance with Laws and Other Standards

We comply with laws related to the protection of personal information, guidelines set by the government, personal information protection ordinances established by local governments, and other relevant standards.

7. Response to Inquiries

We respond to requests for the disclosure, correction, deletion, and cessation of use of personal data held by us and inquiries related to the handling of personal information sincerely and appropriately.

We collect the following customer information to achieve the purposes described in "2. Purpose of Use" below. However, unless required by law or essential for the provision of our services, we will not collect sensitive information about customers, such as race, creed, social status, medical history, criminal history, or facts related to crimes (referred to as "sensitive personal information"). If customers provide sensitive personal information of their own volition, we will treat it as "1-2. Information related to the use of our services" with your consent, as specified in this policy.

• 1-1. Information Provided Directly by Customers

  (1) Name, address, phone number, gender, age, date of birth, and other information about the customer

  (2) Identity verification documents (driver's license, passport, etc.) and information contained in such documents, as required by law or other regulations

  (3) Email address

  (4) Login ID and password (including authentication information for external login functions)

  (5) Other information provided with the customer's consent

• 1-2. Information Related to the Use of Our Services

  (1) Information about the customer's hotel reservations

  (2) Information about the use of our services

  (3) Payment information

• 1-3. Information Automatically Collected

  (1) Information about communication devices (location information, device-specific identification information, browser type, software information, etc.)

  (2) IP address

  (3) Information collected using cookies and similar technologies (details are provided in the "Cookie Policy" below)

  (4) Information collected through security technologies such as surveillance cameras

• 1-4. Information Obtained from Third Parties

  We obtain necessary information from third parties, such as business partners, public information, or other sources, to achieve the purposes described in "2. Purpose of Use" below, within the scope permitted by law. This information may include credit information and information necessary for responding to fraudulent activities. In cases where customer consent is obtained (especially when logging in using external login functions, but not limited to such cases), we may also obtain customer personal information from third parties.

• 2-1. We will use the customer information collected for the following purposes:

  (1) Identity verification

  (2) Provision of our services

  (3) Management of the use of our services and usage conditions

  (4) Advertising, sales promotion activities, and verification of their effectiveness

  (5) Surveys and analysis related to the use of our services

  (6) Continuous improvement of our services and enhancement of customer satisfaction

  (7) New service development, research and development, and marketing

  (8) Response to customer inquiries, among other things

  (9) Communication with customers as necessary for our business, such as important notices related to our services

  (10) Detection and response to fraudulent activities (including violations of our various terms, conditions, rules, unauthorized access, cyberattacks, fraud, and acts that pose a risk of such activities), as well as prevention measures against fraudulent activities

  (11) Compliance with laws and regulations

  (12) Delivery of advertisements related to products and services based on customer interests and preferences, after analyzing information such as browsing history and purchase history in comparison with personal data held by advertising distribution providers.

• 2-2. If we use customer information for purposes other than those listed above, we will take the necessary steps in advance.

(1) Customers must agree in advance that we, hotels that can be booked on our official website, and our group companies will jointly use customer information while implementing personal information protection measures as described below.

(2) For a list of hotels and our group companies, as well as inquiries about disclosure, correction, deletion, and suspension of use of personal data held by these entities, please refer to their respective privacy policies on the official website.

• 3-1. Types of Information Jointly Used

  (1) Information related to customer hotel reservations

  (2) Member information

  (3) Information about the use of member benefits and the like

• 3-2. Purpose of Joint Use

  As described in "2. Purpose of Use" above.

• 3-3. Person Responsible for Joint Use

  Same as "Personal Information Handling Business Operators" above.

• 4-1. Unless one of the following conditions applies, we will not disclose or provide your personal information to any third party:

  (1) With your prior consent.

  (2) When outsourcing part of the handling of personal information to a third party (hereinafter referred to as "outsourced service providers") for the purpose of achieving the objectives stated in "2. Purpose of Information Use."

  (3) When providing it to joint users.

  (4) When required by laws and regulations.

  (5) When it is difficult to obtain your consent, but necessary for the protection of human life, body, or property.

  (6) When it is particularly necessary for the improvement of public health or the promotion of the healthy upbringing of children, and obtaining your consent is difficult.

  (7) When cooperation is necessary due to special circumstances with administrative or judicial authorities.

  (8) When, based on objective and reasonable grounds, we determine that it is necessary to disclose your information in order to protect our rights, property, services, or those of third parties, and you have violated our various terms, conditions, or rules.

  (9) When disclosing information in a form that cannot identify individual customers.

  (10) In cases where a business transfer is made due to mergers, company splits, business transfers, or other reasons.

  (11) When providing hashed email addresses, hashed phone numbers, Cookie IDs that can be matched with other personal data within the company, advertising identifiers (ADID/IDFA), and postal codes to advertising distribution service providers (including overseas providers) as follows:

• [Overseas Providers List]

  Google LLC

  Location: California, United States

  Information protection system of the host country: Please refer to the Personal Information Protection Commission's page here※1.

  Measures taken by the provider for the protection of personal data: Similar measures to those required of Japanese personal information handlers are taken (details are available on this page here※2).

  1※https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/#gaikoku

  2※https://policies.google.com/privacy/additional?gl=jp

• 4-2. If administrative or judicial authorities request the disclosure or provision of your personal information to us based on legal provisions (especially in cases such as criminal investigations or other legal proceedings), we will respond to such requests in accordance with internal regulations and legal requirements.
• 4-3. When you make payments for the use of our services through credit card payments or other third-party intermediaries, we may disclose your personal information to credit card companies or other third parties involved in preventing fraudulent use. If you choose to use these payment methods, you are required to provide consent for such disclosure.
• 4-4. In cases where we disclose your information to third parties for purposes other than those mentioned above, we will take necessary procedures in advance.
• 4-5. We will not sell, lend, or provide your personal information to third parties for any purpose without obtaining your consent.

• 5-1. External Integration Features

  If you use external integration features to log in to your personal page on the official website, the following provisions will apply:

  (1) When logging in, you may be asked for permission for us to access your personal information. In this case, you can only use the integration feature if you review and, at your own discretion, grant permission for such access.

  (2) The registration and use of login IDs and passwords for external integration features are subject to the terms and conditions specified by the provider of these integration features.

  (3) When using external integration features, you are responsible for using them at your own risk, and we shall not be held responsible for any issues, including but not limited to the loss, unauthorized use, malfunctions, errors, or disputes with the provider of these integration features.

• 5-2. Payment Features

  If you use the official website's payment feature to pay for the service fees, the following provisions will apply: We have entrusted the handling of your credit card number and payment-related information to a third-party service provider for the purpose of payment processing. However, we do not retain the information used for payment processing. Instead, this information is stored by the third-party provider for a reasonable and necessary duration to perform the delegated tasks.

• 5-3. Third-Party Websites

  Regarding the provision and collection of personal information on third-party websites linked from this service or linking to this service, we cannot assume responsibility. Please review the privacy policies of these companies on their respective websites and use them at your own discretion.

• 6-1. My Page Features

  If you wish to verify your personal information using the My Page feature on the official website, the following provisions will apply:

  (1) You can easily verify and make changes to your personal information through the methods specified by us.

  (2) If you wish to verify your personal information through means other than the My Page feature, please contact us following the instructions in "12. Contact Us." We will provide details on the necessary procedures. In this case, we may charge a predetermined fee. Please note that, due to the nature of personal information storage or other factors, we may not be able to accommodate all requests.

  (3) You are responsible for strictly managing your personal information to prevent third parties from accessing it.

  (4) You are responsible for ensuring that your membership information is accurate and up to date. If changes occur to your membership information, please promptly update it on the official website through the prescribed procedures or at the front desk of the accommodation facility. We shall not be held liable for any damages, disadvantages, missed opportunities, or other issues arising from your failure to complete the change procedures.

The provision of personal information to us is generally based on your consent. However, failure to provide such information may result in the partial or complete inability to use certain functions of this service. Additionally, you may experience disadvantages such as not receiving member benefits. You may also modify your email magazine settings with us at any time following our prescribed procedures.

We will retain your personal information for as long as necessary to achieve the objectives stated in "2. Purpose of Information Use." Once the necessity no longer exists, we will promptly delete it. Furthermore, we may retain and use the personal information of customers who have discontinued using this service for a certain period to comply with legal obligations and for business-related communications, among other purposes.

To achieve the objectives stated in "2. Purpose of Information Use," we may transfer your personal information to countries outside the EU, including Japan. In such non-EU countries, rights similar to those of data subjects under GDPR may not be recognized. In such cases, we will take necessary and appropriate measures to protect your personal information in accordance with applicable laws and regulations.

We may change this policy without prior notice to comply with legal requirements or due to business necessities. Please check our official website for the latest information.

The personal information held by us is managed under the responsibility of:

fantasista Co., Ltd.

(1) For inquiries related to the disclosure, correction, deletion, and suspension of use of retained personal data, the exercise of data portability rights, or any other inquiries regarding the handling of personal information, please contact us through the contact page on our website. We will provide detailed instructions on the procedures.

(2) Depending on the nature of your inquiry, we may require you to submit a proof of identity document (including a copy of a government-issued identification) and complete necessary information on our designated form. We will promptly respond to your request after confirming that it is from the data subject in accordance with legal requirements and internal regulations.

(3) We will disclose your retained personal data after confirming that the request is from the data subject. However, there are exceptions, including the following cases:

a. When there is a risk of harming the life, body, property, or other rights and interests of the data subject or a third party.

b. When there is a significant impediment to the proper implementation of our business.

c. When it violates other laws and regulations.

(4) We will suspend the use of your retained personal data upon confirmation that the request is from the data subject. However, by taking such suspension measures, you may not be able to use part or all of our services.

(5) Depending on the nature of your inquiry, we may charge a designated fee.

(6) Please note that in some cases, we may be unable to respond due to legal requirements or the nature of personal information storage.

(7) If your request is clearly unfounded, excessive, or repetitive, we may not be able to respond, so please understand in advance.

• Contact for Personal Information

Cookies, etc., refer to information stored on your communication device (including text files and similar technologies such as Cookies, web beacons, etc.) when you access our site or third-party sites.

• 2-1. Essential Cookies, etc., for the Operation of Our Site

  These Cookies, etc., are essential for using our site's functions, such as navigating between pages and accessing secure pages. If you reject these Cookies, etc., our site may not function correctly, and your desired actions may not be executed as requested.

• 2-2. Cookies, etc., for Measurement Purposes

  These Cookies, etc., are used to collect and analyze information about your use of our site, such as the number of page views and the pages you frequently visit. This allows us to continuously improve our site by displaying content that aligns with your interests as much as possible.

• 2-3. Cookies, etc., for Advertising Delivery

  In addition to those in 2-1. and 2-2. above, we and third parties use Cookies, etc., managed by us in accordance with this policy and our privacy policy for online advertising delivery, creating analytical reports, and improving our services. If you do not wish to allow Cookies, etc., for advertising delivery, you can disable them as described in 3-2. or 4-2. below.

• 3-1. Through Cookies, etc., we collect the following information when you access our site or third-party sites:

  a. Information about your communication device (location information, device-specific identification information, browser type, and information about software, etc.).

  b. IP address.

  c. Referrer.

  d. Timestamp information about the URLs you visited and the date and time of your visit.

• 3-2. If you wish to stop advertising delivery based on the above, please access your browser or app's help page, etc., and follow the instructions to complete the procedure. Even if you stop advertising delivery through this procedure, normal banner ads, etc., will continue to be displayed without using Cookies, etc. Additionally, changing your browser or app, deleting Cookies, etc., and switching to a new communication device may require you to opt out again.

• 4-1. On our site, we may use Cookies, etc., managed by third parties for the purpose of delivering partner advertisements on our site or delivering advertisements related to our services on third-party sites through intermediaries. The detailed information on these third-party Cookies, etc., and the information collected will be handled in accordance with the privacy policies and other provisions of the respective third parties.
• 4-2. If you wish to stop advertising delivery based on the above, please access the third party's opt-out page and follow the instructions to complete the procedure.

Many browsers or apps automatically enable Cookies, etc. However, in the future, you will be able to refuse Cookies, etc., or delete Cookies stored on your communication device according to your own preferences. Please note that deleting Cookies, etc., may cause our site to function improperly.