Policy on the Protection of Personal Information

At ANA FESTA Co., Ltd. (hereinafter referred to as the Company), we recognize the importance of our customers’ personal information received through their inquiries on our business or via our online shops or physical shops, as it is essential in order for us to provide fully satisfactory services to them. Thus, we consider it our social responsibility to protect such information.
The Company sets forth the policy on personal information protection as follows and will follow and maintain it.
Chapter 1 describes the handling of personal information as it applies to all customers. Chapter 2 and Chapter 3 provide region-specific information for customers who are located or reside in the European Economic Area/the United Kingdom, the People’s Republic of China, respectively.

Collection and Use of Personal Information

In collecting personal information, the Company clarifies the purpose and acquires such information to the extent of such purpose. In addition, the Company will use such personal information only for the intended purpose.

Management and Protection of Personal Information

The Company will manage personal information carefully and will not disclose or provide personal customer information to any third parties except for cases where consent is obtained from customers. In addition, the Company will take appropriate preventive and correction measures to prevent unauthorized access to or loss, destruction, alteration, or leakage of personal information.

Governing Laws and Others

The Company will comply with laws and other regulations applicable to personal information.

Continuous Improvement in the System and Functions for Management of the Protection of Personal Information

The Company will strive to continuously improve the system and functions for management concerning the protection of personal information.

Chapter 1. Handling of personal information of all customers

1. Introduction

The Privacy Policy explains the handling of customers’ personal information which the Company receives from customers. Carefully read through the Privacy Policy before providing personal information to the Company or using the Company’s services and products.
Chapter 1 of the Privacy Policy provides an overview of how the Company uses customers’ personal information. Chapters 2 and 3 provide regional information for customers who reside in the European Economic Area or the United Kingdom (Chapter 2), the People’s Republic of China (Chapter 3).
If a product or service of the Company is covered by another policy, refer to the service’s terms for further information.
For customers who reside in Japan, personal information in this chapter refers to information about a living individual that can identify the specific individual by name, date of birth, or other description, or information that contains a personal identification code.

2. Scope of application

The Privacy Policy shall apply when a customer provides the Company with personal information or when the customer uses a service or product of the Company.

3. Purpose of using personal information

The Company utilizes personal information obtained from customers for the following purposes.However, even within the intended scope, the Company will not use customers’ personal information in a way that may encourage or induce illegal or improper conduct:

  1. Sales, reservations, shipment of products, settlement service and documents handled at the Company’s online shops
  2. Sales, reservations, shipment of products, settlement service and documents handled at the Company’s physical shops
  3. Provision of services through the ANA Mileage Club
  4. Guidance, provision, and management concerning other services and products handled by the Company
  5. Survey and analysis of the usage of other services and products handled by the Company
  6. Company operations incidental or related to the above (1) – (5)
  7. Implementation of questionnaires concerning services and products, etc., offered by the Company
  8. Development of the Company’s new products/services
  9. Guidance, operation, management, and notification relating to services, products, events, and campaigns of Group companies and partner companies
  10. Contact concerning provision of the Company’s services and products
  11. Guidance, operation and management relating to services, products, events, and campaigns of Group companies and partner companies that utilize analytical data on the usage of the Company’s services/products and browsing history on the Company’s online store, etc. so as to be in line with the customer’s interests and preferences, as well as provision of various pieces of information through methods including direct e-mail, e-mail newsletters, notices, and advertisements
  12. Recruitment activities on the recruitment page
  13. Response to inquiries or requests
  • Otherwise, the personal information is used for purposes as provided in “8. Data-sharing concerning personal information.”

4. Acquisition of personal information

The Company will obtain customers’ personal information by fair and appropriate means.

  1. Customer information, contact information, payment information, etc.
    The customer’s name, address, telephone number, fax number, email address, business contact information (company, department, section, position, address, telephone number, fax number), mailing address, passport information, payment information including credit/debit card or other details on means of payment, etc.
  2. Information on ANA Mileage Club membership and information related to the usage of applicable services, etc.
    The customer’s ANA Mileage Club membership number, member card type, member service qualification, membership area, mileage status, credit card number, expiration date, credit card usage history and related information and need for wheelchair or other special arrangements, flight reservation and cancelation information, boarding status, etc.
  3. Details of enquiries and complaints to the company
    Voice recordings, etc. that include information such as the customer’s name to identify a specific individual.*The Company monitors, records, and stores communications with customers, including telephone calls and emails, to confirm instructions from the customer, conduct training, prevent crime, and improve the quality of customer services.
  4. Information such as that on how the customer uses the Company’s website and mobile app, including, for example, website activity logs and IT system data cookies.
    The Company shall never obtain or use information of a sensitive nature to the customer (hereinafter, “sensitive information”), such as information on race, creed, social status, history of illness, criminal record, or history of being a victim of crime, unless otherwise required by laws and regulations or by the consent of the customer.

5. Choice by the customer

As a rule, the Company obtains personal information with the consent of the customer. Customers may experience disadvantages if they refuse to provide their personal information, such as being unable to make use of the various services provided by Company, or being unable to receive campaign notices or other Company information because some Company system functions become inoperable and thereby unavailable. Please note that customers may change their contact information as well as email newsletter settings at any time they wish, in a manner designated separately by the Company.

6. Disclosure and provision of information to a third party

Circumstances under which the Company discloses or provides customers’ personal information to a third party

The Company shall not disclose or provide personal customer information to any third parties except under the following circumstances. Also, personal information of customers that includes sensitive information shall not be disclosed or provided to third parties under any circumstances, unless allowed by laws and regulations or with the consent of the customer. Note that provision of information to data-sharing partners and contractors is not deemed to constitute disclosure or provision to third parties.

  1. 1) Customer consent has been obtained in advance.
  2. 2) Disclosure or provision is required by laws or regulations.
  3. 3) Disclosure is required to protect human life, body, or property in cases where obtaining customer consent is difficult.
  4. 4) Disclosure is required to cooperate with the public affairs of national or local governments, and when obtaining customer consent is likely to hinder the administration of public affairs.
  5. 5) Statistical data (i.e. anonymized information on the customer) is disclosed or provided.
  6. 6) Information is provided in a business succession via a merger, company split, transfer of business, or other means.
  7. 7) Provision through procedures in accordance with laws and regulations, on the condition that the customer can easily confirm the following items on the Company’s website or elsewhere, and that the customer has not expressed intent to refuse provision:
    • purpose of use includes provision to third parties;
    • personal data provided to third parties;
    • means or method of provision to third parties;
    • suspension of provision to a third party upon the customer’s request; and
    • method for receiving customer requests.

Third parties to which the Company may disclose or provide customers’ personal information

  1. 1) Affiliated companies and organizations
    The Company may disclose personal information to companies that are part of the ANA Group or organizations related to the ANA Group.
  2. 2) Employees
    The Company may disclose personal information to its employees with the authority and need to access such information.
  3. 3) Service providers
    The Company may disclose personal information to service providers, including IT service providers (such as data servers and cloud service providers), information analysis providers, advertisement distributors, legal advisors, and others.

7. Entrusted handling of personal information

In providing products and services to customers, the Company may entrust a part of its business operations, and may provide personal information to contractors within the extent required to achieve the purpose of use. In these cases, the Company shall implement all appropriate measures in managing and supervising such third parties to safeguard the handling of customers’ personal information, including establishing agreements with these third parties on the handling of such personal information.

8. Data-sharing concerning personal information

The Company share customer information as follows.

Scope of Data Sharing
ANA Group Companies
Purpose of use by the user
  1. For the provision of air transport services, travel services such as tours and hotels, and other goods and services handled by the Company or its affiliate companies
  2. In order for the Company or its affiliate companies to send direct mail, provide information on products and services, and conduct surveys, etc.
  3. In order for the Company or its affiliate companies to analyze sales, conduct other surveys and research, and develop new products and services, etc.
  4. In order to inform and hand over to the company in charge of products and services provided by the Company or its affiliate companies in the event of an inquiry, application or other request from a customer
  5. In order for the Company or its affiliate companies to properly and smoothly execute other transactions with customers
  6. For ANA Group management and internal management
Personal information items to be shared
The customer’s ANA Mileage Club membership number, name, address, telephone number, fax number, email address, business contact information (company, department, section, position, address, telephone number, fax number), mailing address, member card type, member service qualification, membership area, mileage status, credit card number, expiration date, credit card usage history and related information, need for a wheelchair or other special arrangements, flight reservation and cancellation information, and boarding status and service use; information in communications with customers; contents of inquiries, requests, and opinions; information on how the customer uses the Company’s website and mobile app, including cookies and website activity logs; etc.
Name, address, and representative of the party responsible for management of personal information
ANA HOLDINGS INC.
Shiodome City Center, 1-5-2, Higashi-Shimbashi, Minato-ku, Tokyo, Japan 105-7140
Koji Shibata, President & Chief Executive Officer

9. Transfer to outside of Japan

If the Company provides customers’ personal information to third party business operators outside of Japan, including contractors and data-sharing partners, it will take necessary and appropriate measures in keeping with laws and regulations.

10. Management of personal information

In receiving customers’ personal information, the Company will manage such information according to the strictest standards and take necessary safety management measures to prevent leaks, loss, or alterations. The Company ensures that the board members and employees are properly trained regarding appropriate handling to safeguard the security of information identifying individual customers. An appropriate retention period for personal information will be established in accordance with the purpose for which such information is used. After the purpose of the information has been achieved, the Company will dispose of the information in question by appropriate methods. If you wish to know the details of the safety management measures, please make a request in accordance with “11. Requests concerning the handling of personal information”.

11. Requests concerning the handling of personal information

If the Company receives a request from a customer, submitted in the manner specified, for the disclosure, correction, deletion, addition, discontinuance of use, or erasure, or information provision concerning the personal information protection measures referred to in “9. Transfer to outside of Japan” and “10. Management of personal information” (“disclosure, etc.”) with regard to the customer’s personal information stored in a database held by the Company, the request shall be handled according to the laws and regulations as follows, within a reasonable timeframe and scope, after confirming that the request was personally submitted by the customer.

  1. Request for disclosure
    The purpose of use, or personal information requested by the customer, or records on the provision of personal data to third parties, shall be disclosed.
  2. Request for correction, deletion, or addition
    Personal information shall be corrected, deleted, or added in accordance with the customer’s request, wherever possible and appropriate, after a due review of the request.
  3. Request for discontinuance or erasure
    Use of the personal information specified by the customer shall be discontinued in accordance with the customer’s request, and shall be erased if desired, wherever possible and appropriate. Please note that discontinuance and/or erasure may prevent the customer from receiving previously available services or may impede the provision of services the customer wishes to receive.
  4. Request for information provision concerning personal information protection measures
    The following information will be provided in accordance with the customer’s request.
    1. 1) Details of the safety management measures taken by the Company in receiving customers’ personal information
    2. 2) Details of the measures taken by the Company when providing customers’ personal information to third parties outside of Japan (in the case of “9. Transfer to outside of Japan”)

The Company may not be able to fulfill the customers’ requests if compliance with such requests would seriously impact the Company’s business operations, or result in a violation of laws and regulations.

12. How and where to submit a request for disclosure, etc.

The following provides information on how to request disclosure concerning personal information received by the Company from the customer, how to request notification on the purpose of use, as well as where to submit inquiries.

Requests for disclosure, etc.

  • Contact information
    The customer may inquire about your personal information in the following.
    Check “Submitting a request” below with regard to personal information of a customer stored in a database held by the Company.
  • Submitting a request(Japanese only)
    Fill out an inquiry form at the Company’s website (https://www11.webcas.net/form/pub/anafesta/okyakusama1 ) to contact the controller of the personal data.

Controller of personal data: ANA FESTA CO., LTD.
ANA Blue Base, 10-8 Haneda-Asahicyo, Oota-ku, Tokyo, Japan
The Company’s personal information handing desk: ml_notice_privacy @ anafesta.com (Please delete the spaces before and after the @ symbol.)
Please note that this e-mail address is exclusively for inquiries about the handling of personal information; we will not be able to respond to any other inquiries sent to this address.

13. Modification of the Privacy Policy

The Company may make modifications to this Privacy Policy at any time. If modifications are made, details will be posted on the Company’s website, so please be sure to read carefully the contents of any changes that have been made.

ANA FESTA CO., LTD.
Tadaaki Nakagoshi, CEO and President
ANA Blue Base, 10-8 Haneda-Asahicyo, Oota-ku, Tokyo, Japan

Chapter 2. Handling of personal information of EEA and U.K. residents

1. Introduction

Chapter 2 explains the handling of personal information belonging to customers who reside in the European Economic Area (EEA) and United Kingdom in accordance with the following data protection laws (hereinafter “data protection laws”): the General Data Protection Regulation 2016/679 (GDPR), the Data Protection Act 2018 (DPA 2018) in the U.K., and U.K. laws and regulations concerning domestic and international data protection and privacy.
Note that the U.K. act is similar to the EEA regulation and that the customer retains very similar rights in both places. Accordingly, the reader should consider the parts of this chapter that mention the GDPR as applying likewise to the U.K.
A guardian’s consent or permission must be obtained in the event that a customer under the age of 16 uses the Company’s service and others and consents to this Privacy Policy. The data subject’s consent to this Privacy Policy must be obtained in the event that a person such as family member applies for the Company’s service on behalf of the data subject.
In the event that any provisions of this chapter contradict those of Chapter 1, the provisions of Chapter 2 shall prevail.

2. Controller of personal information

The Company is the controller of the customer’s personal information.
In accordance with data protection laws, the Company safeguards the personal information that is collected and used via controllers (i.e. those who decide the method and purpose for handling the customer’s personal information) and handlers (those who act according to the written directions of controllers).

3. Legal basis for handling personal information

In accordance with data protection laws, the Company safeguards the customer’s personal information by handling it only within the scope required for a specific purpose of use (as provided in Chapter 1, “3. Purpose of using personal information”).
The Company handles the customer’s personal information according to the following legal bases.

  1. If the customer consents to the handling (GDPR, Article 6 (1) (a))
    Consent normally only applies to handling related to promotions and marketing, as well as, depending on the situation, handling related to sensitive information.
  2. When necessary to take measures for the purpose of performing or concluding a contract (GDPR, Article 6 (1) (b))
    This normally serves as a basis for handling customer information (such as the customer’s identity, contact information, payment information, or itinerary) that is absolutely essential for the Company to provide a service.
  3. If the Company must handle the information to comply with a legal obligation (GDRP, Article 6 (1) (c))
    This includes the sharing of personal information with bodies such as customs authorities, immigration agencies, and law enforcement agencies, legal obligations to customers or employees of the Company, etc.
  4. If there is a medical emergency or other need to safeguard the life of the customer or a third party (GDPR, Article 6 (1) (d)).
  5. If the Company or a third party must handle personal data for the purpose of legitimate interests, and the rights of the customer under data protection laws do not supersede these interests.
    (GDPR, Article 6 (1) (f))

This includes the use of personal information necessary for operating the Company’s business, as well as the use of personal information necessary to maintain, develop, and improve the Company’s products and services and to provide the customer with the best experience.

4. Requests concerning the handling of personal information

Data protection laws recognize the following legal rights for the customer.

  1. Requests for disclosure
    The customer may request a copy of the customer’s personal information in the possession of the Company and details on its handling.
  2. Requests for corrections and updates
    After reviewing the request, corrections and updates shall be performed, if possible.
  3. Requests for deletion
    The customer may request the full or partial deletion of the customer’s personal information in the possession of the Company. Upon reviewing the request, the Company shall delete the information if the information is unnecessary or the law precludes the continued storage of the information.
  4. Forwarding personal information
    The customer may request a copy of personal information that is structured and in a generally machine-readable format. The forwarding of personal information may be performed with personal information obtained from the customer by the Company and with the customer’s consent, and only with regard to individuals who are handled by automated means for the purpose of performing a contract.
  5. Formal objections to handling
    The customer may voice an objection to handling that is for the legitimate interests of the Company or a third party, or handling that is for the purpose of direct marketing. The Company shall discontinue the handling of the customer’s information, provided that the handling for the legitimate interests of the Company or a third party does not have a provable legitimate basis that prioritizes the interests of the customer. If the customer’s objection is against direct marketing, the Company shall discontinue handling.
  6. Limitations on methods of using personal information
    The customer may limit the use of the customer’s personal information by the Company under specific circumstances. If a limitation is applied, the handling of the customer’s personal information (excluding storage) shall be performed legitimately, provided that the customer’s consent is obtained or that doing so is necessary for a legal claim, protecting specified rights, or for the sake of an important public good.
  7. Right to withdraw consent
    If the customer’s personal information is handled with consent, the customer possesses the right to withdraw consent at any time.
    Note that the aforementioned right is not absolute and that it does not necessarily apply to all situations. In addition, depending on the circumstances, if a legal exception applies, then a request may be refused. If a request is refused, the reason therefore shall be provided with the response.
    Records of requests to the Company shall be kept so as to enable confirmation of the Company’s compliance with legal obligations.
    • (1) Submitting a request(Japanese only)
      The customer may exercise rights at no cost (unless a fee is charged or a request is refused in the event of an unreasonable, excessive, or repeated request). Below is the method for submitting a request.
    • (Online)
      Fill out an inquiry form at the Company’s website (https://www11.webcas.net/form/pub/anafesta/okyakusama1 ) to contact the controller of the personal data (see Chapter 1, “12. How and where to submit a request for disclosure, etc.,” “(2) Submitting a request”).
    • (2) Responses to a request
      After receiving a request from the customer, the Company shall normally respond within one month. In addition, the Company may, as necessary, request identity verification or proof of authority to submit a request as a representative (in the event that the customer makes the request through a third-party representative). If the request is especially complex or there are multiple requests, a detailed response may take time. In addition, please note that there are exceptions to the aforementioned rights and there may be cases in which rights cannot be exercised.
      If the customer is not satisfied with the Company’s response to a request, or if it is believed that personal information has been handled inappropriately, the customer possesses the right to file a complaint with the competent authorities. For further details, see Chapter 2, “9. Lodging a complaint with an authority.”

5. Data sharing necessary to provide products and services

The Company’s products and services may be provided with the cooperation of other companies or organizations, and may involve the sharing of personal information with third parties in order to carry out operations. These third parties include the following:

  1. ANA Group companies
  2. Bodies with which the sharing of personal information is obligatory under laws and regulations
    Governmental organizations, law enforcement agencies, courts, customs authorities, immigration agencies, third-party bodies, etc.
  3. Service providers
    Companies contracted for handling for ANA flights, partner airports and airlines, service providers, marketing partner companies, etc.
    If the Company entrusts a service provider with handling data, personal information shall be handled in accordance with an agreement that fulfills the requirements of applicable data protection laws.

6. Marketing communication

The Company sends marketing information as needed in order to inform customers who wish to receive news and details about products and services. Information is only sent to customers who consent to receiving marketing information, as well as customers who have purchased a product or service of the Company and have not selected to opt out of marketing despite having the opportunity to do so.

7. Retention and transfer of personal information

The Company is located in Japan. Many of the service providers and other organizations with whom the personal information of customers is shared are located within jurisdictions outside of the EEA and U.K. The European Commission has recognized that Japan has an adequate level of protection for personal information.
When the Company provides personal information to a third party, it occurs in compliance with the requirements of data protection laws, including the EU-Japan adequacy decision and the laws and regulations of Japan. However, note that in countries outside the EEA and U.K., the personal information of customers may not be protected under domestic law. If a customer wants further information on where their personal information is retained or to whom it is transferred, the customer should use the contact information provided in Chapter 1, “12. How and where to submit a request for disclosure, etc.”

8. Retention of personal information

The Company retains customer’s personal information until the Company achieves the purpose for which it is used, and has established the following retention periods for personal information. With regard to other personal information, the retention period is determined according to the information’s properties and the purpose of retention, with consideration given to such matters as legal and accounting requirements and the operational needs of the Company.

  1. Personal information on ANA Mileage Club members
    Until the member leaves the ANA Mileage Club
  2. Other personal information
    The period necessary for the agreed purpose of use

9. Lodging a complaint with an authority

Customers have the right to lodge a complaint on the processing of their personal data with the data protection authority having jurisdiction over their residence.
EEA residents: Contact the supervisory authority in your country of residence.
Details are on the European Data Protection Board’s website (https://edpb.europa.eu/about-edpb/board/members_en )
U.K. residents should contact the Information Commissioner (www.ico.org.uk)

10. The contact information of Controller of personal data and data protection officer

Controller of personal data:
ANA FESTA CO., LTD.
Address:
ANA Blue Base, 10-8 Haneda-Asahicyo, Oota-ku, Tokyo, Japan

The Company’s data protection officer: ml_notice_privacy @ anafesta.com (Please delete the spaces before and after the @ symbol.)
Please note that this e-mail address is exclusively for inquiries about the handling of personal information; we will not be able to answer any other inquiries sent to this address.

Chapter 3. Handling of personal information of residents of China at ANA

Besides Chapter 1, Chapter 3 also shall be applied to the handling of personal information of persons residing in People’s Republic of China (hereinafter, “China”) based on the Personal Information Protection Law of the People’s Republic of China (中华人民共和国个人信息保护法) and related regulations (hereinafter, “PIPL, etc.”) In the event that any provisions of this chapter contradict those of chapter 1, the provisions of this chapter shall prevail.

1. Introduction

A guardian’s consent or permission must be obtained in the event that a customer under the age of 18 uses the Company’s service and consents to this Privacy Policy. The data subject’s consent (or the consent of their guardian, in the case the data subject is a minor under the age of 14) to this Privacy Policy must be obtained in the event that a person such as family member apply for the Company’s service on behalf of the data subject.

2. Acquisition of sensitive personal information

The Company may handle personal information that could be classified as sensitive personal information in PIPL, etc., such as passport information, health information, payment information, accommodation information, etc. for the purpose of use. The Company recognizes that the leakage or illegal use of customers’ sensitive personal information may adversely affect their interests (e.g., It could easily bring about damage to personal dignity, or harm the safety of body or property), and will therefore strictly manage and legally handle such information in order to prevent its leakage or illegal use.

3. Retention period for personal information

The Company retains customer’s personal information until the Company achieve the purpose for which it is used, and has established the following retention periods for personal information.

  1. Personal information on ANA Mileage Club members
    Until the member leaves the ANA Mileage Club
  2. Other personal information
    The minimum period necessary for the agreed purpose of use

4. Technology and measure to protect customers’ personal information

  1. The Company takes security measures to protect customers’ personal information from leakage, loss or damage.Specifically, the Company takes the following measures to protect customers’ personal information.
    • The Company has established and is implementing an internal control system and operation rules regarding the protection of personal information.
    • The Company manages the classification of personal information.
    • The Company develops website with https and sets SSL encryption to secure important customers’ data (credit card information, etc.) communication between the customers’ web browser and the server.
    • The Company uses encryption technology for protecting personal information.
    • The Company sets reasonable access rights and controls access so that unauthorized persons cannot access personal information.
    • In order to raise employee awareness of the importance of protecting personal information, the Company provides education and training on security and privacy protection.
    • The Company has established and is making arrangements for the operation of an emergency response plan to respond to incidents involving personal information.
  2. The Company will take all reasonable and practicable steps to ensure that no irrelevant personal information is collected. The Company will only retain customers’ personal information for the minimum period of time required to achieve the purposes stated in this Privacy Policy, unless an extension of the retention period is required or permitted by law.
  3. In the event of personal information being at risk, the Company will promptly inform customers of the relevant circumstances of the incident in accordance with the requirements of the PIPL, etc. and report to the regulatory authorities.

5. Requests concerning the handling of personal information

In the event that the Company receives a request for personal information held by the Company on a customer who is a resident of China, the request shall be handled as follows according to the PIPL, etc. within a reasonable timeframe and manners, in addition to the provisions of Chapter 1, “11. Requests concerning the handling of personal information”. And when handling such a request, the Company may first confirm that the request was personally submitted by the customer.

  1. Request for withdrawal
    If the Company is relying on consent to process your personal information, you have the right to withdraw that consent.
    The Company will erase the items of personal information specified by the customer in accordance with the customer’s request, wherever possible and appropriate.
    However, please note that such erasure may prevent customers from being provided with services that they had utilized, or may impede the provision of services in accordance with their wishes.
  2. Request for interpretation and explanation of our Privacy Policy
    You have the right to request interpretation and explanation of this Privacy Policy.
  3. Methods for submission of requests
    Customers may submit requests with the following method and contact information.
    1. 1) Submission of requests(Japanese only)
      (Online)
      Fill out an inquiry form at the Company’s website (https://www11.webcas.net/form/pub/anafesta/okyakusama1 ) to contact the controller of the personal data (see Chapter 1, “12. How and where to submit a request for disclosure, etc.,” “(2) Submitting a request”).
    2. 2) Contact Us
      Email: ml_notice_privacy @ anafesta.com (Please delete the spaces before and after the @ symbol.)
      Please note that this inquiry desk’s e-mail address is exclusively for inquiries about the handling of personal information; we will not be able to respond to any other inquiries sent to this address.

6. Provision to third parties and transfer to outside of China

The Company will provide customers’ personal information to third parties (including provision to data sharing partners and to entrusted companies involving transfer outside of China) in accordance with the PIPL, etc.

7. Change of purposes of use of personal data

In the case of a change to the purposes of use of personal information, the Company will announce the revised Privacy Policy in advance on the Company website (https://www.anafesta.com/privacy_policy/) and the Company will use personal information in accordance with the new purposes of personal information after obtaining consent from customers.

8. Basic information on the controller of personal information

ANA FESTA CO., LTD.
Address: ANA Blue Base, 10-8 Haneda-Asahicyo, Oota-ku, Tokyo, Japan

June 30, 2026