This Privacy Policy describes how xFOREST Therapeutics Co., Ltd. will manage your personal information that the Companies are entrusted with by you.

1. Basic policy concerning protection of personal information

The Companies’ executive officers and all employees understand the importance of personal information obtained through their business activities and will seek to properly handle and safely manage the personal information while taking utmost preventative measures to protect it against or from unauthorized access, loss, or leakage.

2. Acquisition of personal information

The Companies will obtain your personal information by legitimate and fair means. Further, the Companies will not receive data that includes your personal information from a third party without confirming the legality of the data acquisition by the third party.

3. Use of personal information

The Companies will use your personal information for the purpose notified at the time of its acquisition and within the following purposes, only to the extent necessary to perform business activities. The Companies will not use your personal information for other purposes without obtaining your permission in advance.

1. The personal information you provide when applying through the hiring section of the Company websites will be used only for hiring purposes.

2. The personal information you provide when contacting the Companies will be used only to reply to your inquiry.

3. The Companies may publish videos, images, or other data recorded at a presentation, lecture, and such events on our representation materials and publication materials and on the websites managed by the Companies (hereinafter referred to as the “Company websites”) , social media, or other media for purposes such as introducing the Company businesses. The Companies may also use such recorded data for their research and development activities.

4. The Companies may use the personal information collected from publicly disclosed information for their research and development activities.

4. Provision of personal data to third parties

The Companies will not provide your personal data possessed by the Companies to a third party without your consent except in those cases set forth in the following:

1. cases based on laws and regulations

2. cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain your consent

3. cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain your consent

4. cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining your consent would interfere with the performance of the said affairs

5. Shared use of personal data

The Companies will share and use personal data they possess reciprocally.

1. The type of personal data that will jointly be used: The personal information you provide when submitting an application form via the hiring page.

2. Parties who will jointly use your personal data: The Company and its subsidiaries

3. Purpose of use: For hiring activities of the Companies

4. Parties who hold responsibility to manage your shared personal data: The Company

6. Management of personal information

The Companies will safely keep your personal information collected by the Companies or received from an entrusting party under strict control. The Companies will designate a handler for each data that contains personal information and properly manage it under the chief privacy officer of the Company.

7. Implementation of safety measures

With regard to measures to protect your personal information, the Companies will provide training regarding privacy protection to all their employees, require security software to be installed on all PCs used for their businesses, draw up PC security guidelines and regularly check the state of compliance with the guidelines for safe management of your personal information.

8. Outsourcing of personal information

Should processing of personal information be outsourced to a contractor, the Companies will provide the information under a proper agreement of privacy protection and ensure that the work is performed under strict control and surveillance by the Company.

9. Privacy protection laws and regulations

The Companies will comply with applicable laws, regulations, and other codes relevant to privacy protection.

10. Handling of personal information on the Company websites

1. Use of Cookie※1, Web beacon※2, and IP address※3

2. The Companies may use Cookies, Web Beacons, and IP addresses on the Company websites for the following purposes:

   • To identify the cause of an incident or problem that occurs on a server and solve it.

   • To improve contents of websites, emails, and others

   • To customize contents of websites, emails, and others for individual users

   • To use the information for statistics in a way that cannot identify an individual

3. You can reject the use of Cookies and Web Beacons by the Companies by blocking Cookies in your Internet browser settings. This may, however, cause some restrictions (e.g. some functions such as customization may become unavailable)

4. Use of Google Analytics

5. The Company websites use Google Analytics to learn about how the websites are used. Google Analytics use first-party Cookies for collecting access information. Regarding the information collected by Google Analytics, please refer to the privacy policy of Google Analytics.

6. 3.Use of external services

7. If the Companies use an external service to communicate with you, the service’s terms of use and privacy policy will apply.

11. Review and Improvement

The Companies will continuously review and improve the management of the personal information as set forth in the foregoing clauses.

12. Contact

Please contact us by this contact form for a request of the disclosure or deletion of your personal data possessed by the Companies or any other inquiries on such data.

※1: Cookies are identification information sent from a server and stored in your browser for efficient website operation.

※2: Web Beacons are used in combination with Cookies to obtain statistics about access to certain Web pages.

※3: An IP address is an identifying number for a computer connected to a server (The user of the computer cannot be identified)