Z Holdings Corporation Announces its Basic Policy on Data Protection

- Demonstrating "User Privacy First" by publicizing the Group's measures regarding privacy in the handling of data by the ZHD Group

Z Holdings Corporation (hereinafter the "Company") hereby announces the publicizing of the Z Holdings Group's "Basic Policy on Data Protection" (hereinafter the "Basic Policy") which provides the direction of data protection for the Company and the Group companies. The Basic Policy aims to protect the rights and interests of users, including their privacy in the handling of data by the entire Z Holdings Group. By establishing and adhering to the five principles under the Basic Policy, the Group strives to demonstrate its policy of "User Privacy First" and to achieve the Company's mission: "UPDATE THE WORLD - Unleashing the infinite potential of all people, with the power of information technology."

Basic Policy on Data Protection:
https://www.z-holdings.co.jp/en/company/dataprotection/

The advancement of information technology has brought greater convenience and affluence to people's lives. The spread of information technology into every corner of everyday life has enabled people to overcome various "barriers" such as physical distance, time, and national borders. Furthermore, recent developments in AI technology have enabled the handling of vast amounts of data, bringing new possibilities to users.

Meanwhile, the penetration of information technology and the development of AI technology also entail the risk of possible infringement of privacy and other rights and interests. In addition, since data can easily cross national borders, threats to rights and interests need to be addressed from a global perspective.

The Company recognizes that its mission can only be achieved when it is accepted by users and society. In the event of a conflict between the ethics of society and the interests of the Company, the ethics of society will prevail. The Company will operate its business by prioritizing the privacy and other rights and interests of users, including human rights. In addition, the Company will give full consideration to the impact of data use on the users and the society, and take appropriate measures. The Company operates its business based on these basic concepts, and declares and announces "User Privacy First" as its basic policy.

■Structure of the Basic Policy on Data Protection

■Five principles underlying the "User Privacy First" policy

1. Priority to user benefits

The primary purpose is to provide benefit to our users
We believe that the primary purpose of the use of data entrusted to us by our users should be to provide benefits to our users. We will use data within an appropriate scope, based on the premise that the benefit to users includes the convenience, ease of understanding, and safety of our services.

2. Ensuring transparency

We handle data with an emphasis on transparency
In handling data, we believe it is important for users to feel secure in providing us with their data. Therefore, we are committed to providing honest and clear explanations of the purposes and methods of obtaining, using, and providing the data to third parties, including subcontractors.

3. Protection of rights and interests

We endeavor not to infringe on the rights and interests of our users
The rights and interests of users must by no means be infringed in data usage. We are responsible for the use of data and will do our utmost to ensure that the results of our analysis of the data entrusted to us do not lead to or encourage unfair discrimination or facts.

4. Respect for users' right to control their data

Data provided to us belongs to our users
The data provided by users using our services and functions belongs to the users. When we receive requests from users to browse, correct, terminate the use or provision of, or delete their data, we will respect their wishes to the greatest extent possible, based on their requests.

5. Security

We protect and manage data under appropriate security management system
We are deeply aware that we are entrusted with data that is extremely important and valuable to our users. We are committed to properly protecting and managing such data in accordance with the Z Holdings Group's Cybersecurity Policy* and security control measures.

■Establishment and strengthening of horizontal and vertical governance systems

The Company regards the Basic Policy as a declaration that delineates the direction of data protection for the Company as well as for the Group companies, and positions it as a top-level concept overarching the rules and regulations on countermeasures established by the Group companies. The Company establishes horizontal and vertical governance structures and oversees their implementation from the users' perspective to enforce the "User Privacy First" policy within the Group.

■Specific measures

・Introduction of NIST privacy framework

A management system for data protection will be established and measures such as the introduction of a privacy framework defined by the U.S. National Institute of Standards and Technology (NIST) will be promoted.

・Assignment of Data Protection Officers (DPO)

DPOs will be assigned in major subsidiaries and affiliated companies that handle data entrusted from the users. The DPOs will monitor the use of data by each company from an independent third-party standpoint, provide advice from the users' perspective, and work to ensure that the use of data by each company does not violate the principles mentioned above.

^* Z Holdings Group's Cybersecurity Policy
https://www.z-holdings.co.jp/en/company/cybersecurity/