GDPR PRIVACY POLICY

This GDPR PRIVACY POLICY (this “Privacy Policy”) states the policy for processing of personal data obtained from persons (the “User” or “Users”) residing in EU that use the service “Boost Note” (the “Service”) of BoostIO, inc (the “Company”). Upon the User’s agreement to this Privacy Policy, the User shall be deemed to have given a voluntary and express consent to the subject matters of the User’s consent stipulated in this Privacy Policy (including, without limitation, the purposes of processing of personal data and transfer of personal data to third countries).

1. Definitions

The following terms as used herein shall have the meanings as set forth below. Definitions of the terms that are not defined herein shall be subject to the applicable definitions provided in GDPR.

(1) “EU” means European Union that includes the member states of European Union, as well as Iceland, Lichtenstein and Norway under Agreement on the European Economic Area (EEA).

(2) “GDPR” means REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC(General Data Protection Regulation).

(3) “Applicable Privacy Laws” means applicable privacy laws including GDPR and domestic laws related thereto of relevant countries.

(4) “personal data” means “personal data” as defined in GDPR.

(5) “processing” means “processing” as defined in GDPR.

(6) “Controller” means “controller” as defined in GDPR.

(7) “Representative” means “representative” as defined in GDPR.

2. Scope of this Privacy Policy

This Privacy Policy shall apply to the processing of the personal data of the Users in relation to the Service that shall be governed by the Applicable Privacy laws.

3. Controller

The Controller for the processing of the personal data shall be the Company, whose contact details are as follows.

BoostIO, inc

Good Morning Building 201, 2-6-6 Shibuya, Shibuya-ku, Tokyo, Japan

kazz@boostio.co

4. Personal Data to be Collected

4.1 The Company may obtain the following personal data from the Users.

(1) Name and address

(2) Email address

(3) User name and password

(4) IP address, information of browser and OS, cookie information, history information of website access

4.2 The Company may collect the personal data in the following cases.

(1) When the User subscribes for the Service

(2) When the User otherwise uses the Service

(3) When the Company receives from affiliated parties information regarding transaction record or payment between the User and the Company or the affiliated parties.

5. Purpose and legal basis of Data Processing

5.1 The Company shall process the personal data only for the purposes as set forth below.

(1) Performance of contract, or response to requests of Users prior to executing contract

The Company may process the personal data of the User entering into a contract with the Company regarding the Service, for the purpose of performing the contract. The Company may also process the personal data of the User prior to entering into such contract, for the purpose of taking steps in response to the Users requests.

(2) Communication and others

The Company may use the personal data of the User for the purpose of (i) communication regarding the Service, (ii) notification of information important for the User’s account and/or use of the Service, (iii) responding to complaints, and (iv) providing any other customer services. In addition, the Company saves and uses relevant personal data for the purpose to release the User from entering the account information each time when it uses the Service, and to otherwise facilitate the use of the Service. Such processing of the personal data is necessary for performance of contracts or legitimate interests pursued by the Company, namely, for performing the Company’s normal operation.

(3) Marketing

If the Company contacts the User by email for the purpose of marketing, the Company shall obtain the User’s prior consent. Such processing of the personal data is (i) necessary for legitimate interests pursued by the Company, namely, to communicate with the User and provide similar products or services, or (ii) based on the User’s prior consent.

5.2 In cases where the Company intends to further process the personal data for a purpose other than that for which the personal data were collected, the Company shall provide the User prior to that further processing with information on that other purpose.

6. Provision of Information to Third Party

The Company may provide the personal data of the Users to the following parties, to the extent necessary for pursuing the purpose of processing. As set forth in Section 7.2, such third parties may include parties residing or located in countries outside EU.

(1) Group companies of the Company

(2) Accountants, lawyers and other professional advisers

(3) Providers of the services related to the Service, including, without limitation, data storage, maintenance and payment service

7. Transfer of Personal Data to Third Countries

7.1 When the Company receives personal data from the User, the personal data are transferred from EU region to Japan.

7.2 In addition to the foregoing, the Company may, to the extent necessary for pursuing the aforementioned purposes of processing, transfer personal data of the Users to countries outside EU, including, without limitation, Japan, and further process the same. The User may not have the right as a data subject same as that under GDPR in countries outside EU, and the Company shall take steps regarding the User’s personal data in accordance with the Applicable Privacy Laws, by means such as execution of standard contractual clauses under GDPR.

7.3 Upon the Users agreement to this Privacy Policy, the User shall be deemed to have given a voluntary and express consent to the transfer of personal data to third countries set forth in this Section 7.

7.4 Japan, to which the transfer stipulated in this Section 7 is made, has obtained an adequacy decision by European Commission.

8. Storage Period

The Company shall store the personal data of the Users to the extent necessary for the purpose of processing thereof, and delete the personal data when the storage becomes unnecessary for such purpose.

9. Cookies

Cookies or similar technologies may be used in the Company’s service. Such technologies help the Company to recognize the status of use of the Company’s service, etc. and contribute to improvement of the service. When a User intends to disable cookies, the User may disable cookies by changing the web browser’s settings. Please note that when cookies are disabled, a part of the service may be unavailable.

10. Disclosure, Modification, Deletion, etc. of Personal Data

10.1 If a User that is the subject of the personal data requires any of the following, please notify the contact address of the Company of that effect. The Company will properly respond to that request pursuant to the User’s right under the Applicable Privacy Laws.

(1) Access to personal data

(2) Modification of personal data

(3) Deletion of personal data

(4) Restriction on processing of personal data

(5) Objection to processing

(6) Exercise of right to data portability

10.2 For the request under Section 10.1, please submit the following documents by mail or email.

(1) Request form specified by the Company

(2) Document for identification of the User as specified by the Company

(3) Document for identification of the representative of the User as specified by the Company

10.3 To avoid undue modification, divulge, etc. of the personal data of the User by a third party, the Company will response to the request by mail or email, only if the identity confirmation is made by the submitted documents. Although the Company will make effort to promptly respond, please note that it may takes time until response, for the confirmation of the applicable registered personal data and for assuring accuracy.

10.4 The Company will not return the request form or identification documents received from the User or its representative. Please understand that the Company will keep the request form properly, and delete the identification documents in an appropriate manner when the purpose of use thereof is achieved.

11. Withdrawal of Consent

For the processing of the personal data based on the User’s consent, the User shall have the right to withdraw the consent for the personal data at any time.

12. Lodgment of Complaint with Supervisory Authority

In addition to the aforementioned rights, the User may lodge a complaint with a supervisory authority at any time. However, the Company appreciates a notification to the Company prior to contacting the supervisory authority, so that the Company may have the opportunity to respond to the complaint of the User.

13. Necessity of Provision of Personal Data

Since the personal data to be provided by the User are necessary for the Company to provide the Service, the Service may be unavailable to the User that does not provide the data.

14. Inquiries

For questions or complaints, or for the exercise of the rights under Sections 10 and 11, please contact the following contact addresses.

Good Morning Building 201, 2-6-6 Shibuya, Shibuya-ku, Tokyo, Japan

BoostIO, inc

kazz@boostio.co

The hours for inquiries are from 10 am to 5 pm on weekdays (excluding Saturday, Sunday and holidays) Japan time and calendar

15. General Provisions

15.1 The Company shall retain the right to regularly amend this Privacy Policy. The User shall regularly check and confirm the applicable provisions at its responsibilities.

15.2 In the event of conflict between the Applicable Privacy Laws and any provision of this Privacy Policy, the provision shall be deemed replaced by a provision of the same meaning that reflects the original intention, to the maximum extent permitted by laws. In that case the remaining provision hereof shall continue to be applied without change.