Personal Information Protection Policy

Chapter 1Z-aN Privacy Policy

1. Basic Policy

The Company shall comply with and perform the Act on the Protection of Personal Information(hereinafter referred to as the “Personal Information Protection Act”), other related laws and ordinances, as well as this Personal Information Protection Policy, and shall endeavor to protect the personal information that it obtains and holds.

2. Obtaining of Personal Information

The Company shall obtain the following information on the “Z-aN” video distribution service operated by the Company (hereinafter referred to as “the Service”), as well as all or a part of the other information prescribed by the Company as to be obtained on the ServiceThe Company may obtain information directly from the user, and may also obtain information indirectly Typically, information will be obtained directly at the time of the service registration of the user, at the time of the use of the service, or at the time of an inquiry, and indirectly via the communications terminal or internet browser of the user

• ・Name
• ・Nickname
• ・Gender
• ・Age
• ・Email address
• ・Profile photo
• ・Information about participation in the user community
• ・Other information concerning public posts and comments relating to the user’s profile
• ・Information relating to private messages and invitations to other users
• ・Information relation to chats with other users
• ・Information relating to participation in events within the Service
• ・IP address
• ・Advertising identifiers
• ・Information obtained based on cookies
• ・Information on the pages viewed by the user
• ・Information relating to the usage environment of the user
• ・Billing log
• ・Country information
• ・Last login date and time

The Company shall obtain the following personal information for the provision of the Service

• (1) ID used by the user in external services such as social media
• (2) Personal information that the user has allowed to be disclosed to partners in accordance with their privacy settings in external services such as social media

3. Purpose of Use

The personal information obtained through the use of the Service may be used for the following objectives

• (1) For the provision and operation of the Service (includes future and related services)
• (2) For the acceptance, investigation, and response to questions and inquiries from the user in relation to the Service
• (3) For notifications relating to the Service and the transmission of information emails such as on the services of sponsor companies and business partner companies in the advertising business of theCompany
• (4) For the improvement of the Service, the development of new services, and marketing surveys
• (5) For the improvement of the usability of the Service (such as the display of information that has been customized for each user)
• (6) For supporting the viewing, changing, and deletion of registration information of the individual user, and for viewing their usage status
• (7) For the confirmation of the identity of the user, and to authenticate the user
• (8) For surveys, statistics, and analysis conducted on the trends of use of the Service
• (9) For the distribution and measurement of effect of interest based advertising (trackable advertising)by the Company and distribution bodies other than the Company
• (10) For the maintenance and improvement of the system, as well as troubleshooting
• (11) For other purposes that are incidental or related to the purposes of use described above

4. Third Party Provision of Personal Information

As a general rule, the Company shall not disclose or provide personal information to a third party without the consent of the individual However, in the following cases, the Company may disclose or provide personal information to a third party without the consent of the individual

• (1) In the event of all or a part of the handling of personal information being outsourced to a business contractor to be supervised by the Company for the maintenance and operation of the systems, etc., of the Service
• (2) In the event of all or a part of the handling of personal information being outsourced to a business contractor to be supervised by the Company within the range necessary for the achievement of the purposes of use
• (3) In the event of a request for disclosure pursuant to laws and ordinances, or in the event of provision for the protection of the life, body, or property of the individual, and it is difficult to obtain the consent of the individual
• (4) In the event of it being prescribed in the terms of use for the Service provided by the Company,and the user having consented to the terms of use
• (5) In the event of personal information being provided in conjunction with a merger, corporate split,or business transfer, etc. (also includes for the consideration of the implementation of these), in which the Company is one of the parties concerned
• (6) In other cases where provision is permitted based on laws and ordinances

Notwithstanding the above, the Company may provide statistical aggregations and analysis results toa third party upon having processed the personal information so that no individual can be identified.

5. Joint Use

The Company shall jointly use personal information in accordance with the “ About the Joint Use of Personal Data ” prescribed by the Avex Group, to which the Company is affiliated

6. Exemptions

In the following cases, the Company shall be waived from responsibility for issues that occur as a result of the acquisition of personal information of the user by a third party

• (1) In the event of the user themselves having revealed personal information to another user or another third party through the use of functions on the Service or other means
• (2) In the event of the information entered on the Service by another user resulting in the identification of the personal information of the individual
• (3) Other accidents such as leaks that occur due to a reason not attributable to the negligence of theCompany

7. Disclosure and Revision, Etc, of Personal Information

The Company, in the event of receiving a request from the individual user or a representative there off or the disclosure or notification of purpose of use (hereinafter referred to as “Disclosure, Etc”) of the personal information relating to the user (limited to retained personal data), shall handle and resolve this upon confirming that the request did come from the individual concerned However, this shall not apply if the Company has determined that the Company shall not bear the obligation of disclosure,etc, under the Personal Information Protection Act or other laws and ordinancesIn the event of a request being made by the individual user for the correction, addition, or deletion of content (hereinafter referred to as “Correction, Etc”) based on the provisions of the PersonalInformation Protection Act on the grounds of the personal information held by the Company being incorrect, the Company shall conduct the necessary investigations, and shall Correct, Etc, the content of the personal information upon having confirmed that the request did come from the individual concerned However, this shall not apply if the Company has determined that the Company shall not bear the obligation of Correction, Etc, under the Personal Information Protection Act or other laws and ordinances

8. Suspension of Use, Etc, of Personal Information

The Company, in the event of having received a request from the user for suspension of use or deletion (hereinafter referred to as “Suspension of Use, Etc”) based on the provisions of the PersonalInformation Protection Act on the grounds of the personal information of the individual user (limited to retained personal data) being handled beyond the range of the purpose of use that was published beforehand, or due to it having been obtained through deception or other fraudulent means, and having determined that there are grounds to such a request, upon confirming that the request was made by the individual concerned, shall perform the Suspension of Use, Etc, of personal information without delay, and shall notify the person who made the request of this However, this shall not apply if the Company has determined that the Company shall not bear the obligation of Suspension of Use,Etc, under the Personal Information Protection Act or other laws and ordinances

9. Contact Point for Opinions and Inquiries, Etc, Procedures for Requesting the Disclosure, Etc, of Personal Information

Opinions and inquiries, etc, concerning the handling of personal information by the Company may be made by contacting the personal information handling manager of Avex Music Creative Inc. via the inquiry form on the websitePlease be advised that we are unable to accept inquiries through direct visits to the Company; we ask for your understanding

10. About Anonymized Information

• (1) Creation of Anonymized Information

The Company, in the event of creating the anonymized information prescribed in the PersonalInformation Protection Act, shall take the following action.

• (i) Perform appropriate processing in accordance with the standards prescribed in laws and ordinances, as well as in other rules.
• (ii) Take secure management measures in accordance with the standards prescribed in laws and ordinances, as well as in other rules.
• (iii) Publish the items included in the anonymized information.
• (2) Third Party Provision of Anonymized Information

  The Company, in the event of providing anonymized information to a third party, shall take the following action.

  • (i)(i) Indicate to the recipient that it is anonymized information.
  • (ii) Publish the items included in the anonymized information to be provided as well as the method of provision
• (3) Receipt of Anonymized Information

  The Company, in the event of having received anonymized information from its creator, shall not perform any act to identify the individual through the obtaining of the descriptions, etc., that were deleted by the creator, personal identification codes, or processing method, or collation with other information.

11. Access Analysis

The Company, through the Service, shall obtain information on the access status to the Service by the user as well as their usage method (cookies, history on the Service, IP address, browser used, OSused, language, positional information, etc)The Company shall use Google Analytics in order to ascertain the usage status of the Service GoogleAnalytics collects information of the user through the use of cookies The collected information shall be managed based on Google’s Privacy Policy Please visit the Google website for more detailed information
・Google Analytics Terms of Use
・Google Privacy Policy

12. Changes and Revisions

The content of this Personal Information Protection Policy may be changed and revised without notice in accordance with changes in the content of the Service and technological trends, as well as the amendment, etc, of laws and ordinances In such a case, the Company shall announce that thisPersonal Information Protection Policy has been amended on the website

13. Terminology

The terminology used in this Personal Information Protection Policy, with the exception of where otherwise prescribed, shall be in accordance with the definition of the Personal Information ProtectionAct

14. Other

Please be advised in advance that in the event of the information provided by the user not being up to date or accurate, the Company may be unable to provide the proper services

Chapter 2 Z-aN Privacy Policy (For Persons Subject to the GDPR)

1. Basic Policy

The Company, when obtaining the personal information of users and aspiring users of the Service(hereinafter collectively referred to as “Users”) who are located within the European Economic Area(EEA), shall comply with the EU general data protection regulations (GDPR) and other related laws and ordinances, etc. (hereinafter collectively referred to as “GDPR”), and shall appropriately use such information in accordance with the content of the business of the Company.Chapter 2 shall be applied to users of the services of the Company who are subject to the application of GDPR and other related laws.The Company shall handle the personal information of the User for the objectives of allowing theUser to consent to this Privacy Policy, the performance of agreements, and the obtaining of proper benefit.Please thoroughly read this Chapter and Chapter 1 prior to using the Service. The User, in the event of not intending for the personal information of the User to be handled, treated, or transferred by theCompany by the methods stated in this Chapter and Chapter 1, will not be able to use the Service.

2. Personal Information Manager

The manager of the personal information of the User shall be the CompanyThe Company, based on GDPR, shall protect the personal information collected or used by the manager (the party determining the handling method and objectives of the personal information of the customer) and processor (the party acting based on the written instructions of the manager)

3. Purpose of Use

The Company shall obtain and handle the personal information of the User in order to pursue the valid interests stated in Chapter 1 3. Purpose of Use

4. Legal Basis for the Processing of Personal Information

The Company shall process the personal information of the User based on any of the legal basis prescribed in the GDPR (Article 6 and Article 7) The main legal basis for processing are as set forth below

• (i)In the event of the User having granted consent to the processing of their personal information for one or a plurality of specified purposes In such a case, the User may withdraw their consent at anytime However, the legality of processing based on consent prior to withdrawal shall not be effected by the withdrawal of consent In the event of withdrawing consent, please contact us at the address shown below
• (ii)In the event of processing being necessary for the performance of an agreement in which the User is an agreement party, and in the event of processing being necessary for the performance of procedures in accordance with the requests of the User from prior to the execution of an agreement
• (iii)In the event of processing being necessary in order to comply with legal obligations that should be performed by the Manager
• (iv) In the event of processing being necessary in order to protect the important interests of a User or other living person
• (v) In the event of processing being necessary for the public interest or in the performance of business conducted in order to exercise official authority granted to the manager
• (vi) In the event of processing being necessary for the reasonable interest pursued by the manager or a third party However, excludes cases where the basic rights and freedoms requiring the protection of personal information, such as where a child is a User in particular, have priority over such interest
• *The following cases are stated as cases where the legitimate interest of (vi) serves as legal basis for processing
  • ・Marketing to the customer (direct marketing)
  • ・・Customer service for the customer

5. Sharing of Personal Information

The Company may share the personal information of the User with the following types of third parties, in accordance with the GDPR

• ・The Company’s group companies
• ・Third parties that the User has consented to
• ・Companies providing services to the Company’s group companies and business contractors of theCompany’s group companies
• ・Public bodies

6. Cross-border Data Transfer

The Company may have personal information transferred to a country outside of the EuropeanEconomic Area The Company shall ensure that such transfers are performed under the proper and appropriate protection measures required by the GDPR

7. Management and Retention Period of Personal Information

The Company shall take the necessary measures in order to ensure that the personal information of theUser is accurate and up to dateThe Company shall retain the personal information of the User for the period required in order to comply with its legal obligations, to reliably provide appropriate services, and to maintain the business activities of the Company In the event of the User having exercised the right to have personal information deleted in accordance with the GDPR, the Company shall delete this without any unnecessary delays

8. Security

The Company shall take the appropriate technical and organizational measures, in accordance with theGDPR, in order to protect the personal information of the User

9. Rights of the User

The User shall have the following rights regarding the personal information obtained and processed by the Company, in accordance with the GDPR In the event of exercising rights, please contact us at the address shown below Please bear in mind that the following rights are not absolute, and may not necessarily be applied in all situations In addition, depending on the situation, there may be cases where exceptional provisions under laws and ordinances are applicable, and in such a case, theCompany may refuse a request It should be noted that records of requests to the Company shall be retained in order to confirm that the Company has adhered to its legal obligations

• ・Information Rights
  If personal information is collected from the User, the right to receive certain information before the personal information is obtained
• ・Access Rights
  The right to confirm whether or not the personal information concerning the User is being processed, and in the case of it being processed, the right to access the personal information and certain related information
• ・Correction Rights
  The right to request the correction of inaccurate personal information concerning the User
• ・Deletion Rights
  The right to have the personal information concerning the User deleted
• ・Processing Restriction
  RightsThe right to place restrictions on the processing of personal information concerning the User
• ・Objection Rights
  The right to raise objections to the processing of personal information concerning the User
• ・Data Portability Rights
  In regard to personal information concerning the User, the right to receive in a structured,commonly used, and machine readable format, and to transfer personal information to another data manager without interference by the Company
• ・The right not to undergo automated processing, including profiling
  The right for decisions not to be made based only on automated processing, such as profiling, that may cause a legal impact on the User or which may cause a similar significant impact on the UserIt should be noted that the Company shall not perform automated processing, including profiling,on the personal information of the User

10. Filing Complaints

The User, in the event of determining that the handling of personal information concerning the user isin violation of the GDPR, may file a complaint with a monitoring body

11. Inquiries

Please contact us via the inquiry form below if you have any opinions or inquiries, etc, relating to privacy
https://www.zan-live.com/contact
Data Manager: Avex Music Creative Inc.
Contact Information for the Data Protection Officer: The inquiry form above

Established on July 26, 2020
Revised on September 10, 2020
Revision date August 22, 2021
Revision date August 1, 2023