Blue Lab

Privacy Policy Regarding Customer Information

Established on December 1, 2025

Blue Lab CO., LTD. (hereinafter referred to as “the Company”) hereby establishes this “Privacy Policy Regarding Customer Information” (hereinafter referred to as “this Policy”), which sets forth the Company’s policies for protecting personal information and the Company’s approach in handling personal information (including customers’ Individual Numbers and personal information containing their Individual Numbers [hereinafter collectively referred to as “Specific Personal Information, etc.”]).

Policy of Management
The Company recognizes appropriate protection and use of personal information to be an important social responsibility and makes every effort to appropriately protect and use customers’ personal information by complying with applicable laws and regulations, including Japan’s Act on the Protection of Personal Information and Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures, as well as the internal rules of the Company, including this Policy when the Company conducts business.

Proper Acquisition
The Company will acquire customers’ personal information as necessary to conduct its business by proper and lawful means.

Purpose of Use
The Company will specify the purpose of use of customers’ personal information and will handle the personal information within the scope necessary to achieve that purpose and will not use it beyond that scope. In cases where special restrictions exist on the use of particular personal information under laws and/or regulations, such as the use of the Individual Number under Japan's Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures, the Company will not handle such particular personal information for purposes other than those permitted under the applicable restrictions.

Prohibition of Improper Use of Personal Information
The Company will not use personal information via methods that may promote or induce illegal or unjust actions.

Providing Personal Information to Third Parties
The Company will not provide a customer’s personal information to any third party, in principle, unless the customer has consented thereto or unless such provision is permitted under laws and/or regulations. However, the Company may provide a customer’s personal information to third parties without the customer’s consent in cases where the Company entrusts management of personal information that is necessary to achieve the purpose of use to a third party, where the Company is one of the parties in a consolidation transaction, or where the Company uses personal information jointly with entities that are separately designated. With respect to Specific Personal Information etc., the Company will not provide such to third parties unless limitedly specified in Japan's Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures.

Handling of Sensitive Information
The Company will not acquire, use, or provide to any third party customers’ sensitive information (as defined in Japan's Guidelines for the Protection of Personal Information in the Financial Sector; including “Personal Information Requiring Attention”) except in cases as specified in said guidelines, such as where authorized under laws and/or regulations or where such handling is necessary to conduct business and where the Company has obtained consent from the customer.

Note: Sensitive information refers to the following information.
・Race, beliefs, social status
・Medical history and information concerning healthcare and sex life
・Criminal records and facts suffering damage from a crime
・Participation in a labor union
・Family origin and a legal address on family registry
・Other personal information requiring special attention in handling in order not to cause unjust discrimination, prejudice, or other disadvantages to the subject of the information

Security Measures/Safeguards
The Company will maintain and manage customers’ personal information accurately by keeping it up to date and will prevent the leakage of such information by implementing necessary and appropriate security measures. Moreover, it will conduct necessary and appropriate supervision over its employees and service providers (including subcontractors, etc.) that handle customers’ personal information.

Continuous Improvement
The Company will review this Policy as necessary in response to the development of information technologies and changes in societal demands and will continuously improve its handling of customers’ personal information.

Customer Requests Concerning Retained Personal Data
The Company will endeavor to properly and promptly respond to any requests from customers regarding the personal data held by the Company, including requests for notifications of purpose of use, disclosure of data content, correction, addition, deletion of inaccurate data, and suspension of use, deletion, or suspension of provision to third parties.
End

Supplementary Provisions Concerning Authority to Amend or Abolish this Policy
This Policy shall, in principle, be reviewed annually or, as necessary, on an ad-hoc basis, and any amendment or abolishment thereof will be subject to approval by the board of directors. However, in light of the intent, purpose, etc., of this Policy, amendments that do not result in a substantial change to this Policy may be made at the discretion of the Planning Division Manager. Whether an amendment made at the discretion of the Planning Division Manager constitutes a “substantial change” shall be determined by the Planning Division Manager based on the opinion of the Representative Director and President.
End