Privacy Policy (English Translation)

Established: 10 January 2025

IBT Research Institute Inc. (“the Company”) recognizes the importance of handling personal information appropriately as an enterprise operating an online examination platform. The Company therefore establishes this Privacy Policy, ensures that its officers and employees comply with it, and devotes its best efforts to protect personal information and the rights and interests of individuals.

1. When acquiring personal information, the Company shall specify the purpose of use as far as possible and obtain the information only to the extent necessary for that purpose.
2. When obtaining personal information directly from the person in writing, the Company shall notify its name, the personal Information Protection Manager’s name and contact information, the purpose of use, etc., before obtaining only the necessary information.
3. Personal information shall be used solely within the scope of the purpose consented to by the person concerned. Procedures to prevent use beyond the stated purpose shall be established and implemented.
4. Personal information held by the Company shall be managed appropriately and shall not be disclosed or provided to any third party without the person’s consent.
5. Within the necessary scope according to its intended purpose of use, the Company shall keep the personal information it holds accurate and up‑to‑date, implement reasonable security measures to prevent leakage, loss, or damage, and endeavor to prevent and correct such incidents.
6. When outsourcing the processing of personal information, the Company shall oblige the contractor not to leak the information or provide it to third parties and shall appropriately supervise the contractor.
7. Complaints or enquiries regarding personal information will be handled by the contact point below.
8. The Company shall comply with laws, government guidelines, and other norms relating to the handling of personal information.
9. A personal information protection management system shall be established, reviewed regularly, and continuously improved.

Representative Director: Kengo Minami

Contact IBT Research Institute Inc. – Personal Information Enquiries Desk Address: 3F, Spline Aoyama Tokyu Building, 3‑1‑3 Minami‑Aoyama, Minato‑ku, Tokyo, Japan E‑mail: info@ibt-souken.com

Handling of Personal Information (English Translation)

In accordance with this "Privacy Policy" the Company is committed to the appropriate protection of personal information. Regarding the personal information that the Company acquire or hold for business purposes, the Company provide the following notice.

Business Operator: IBT Research Institute Inc.

Personal Information Protection Manager: Kengo Minami Contact: Personal Information Enquiries Desk Address: 3F, Spline Aoyama Tokyu Building, 3‑1‑3 Minami‑Aoyama, Minato‑ku, Tokyo, Japan E‑mail: info@ibt-souken.com

1. Purpose of Use of personal Information The purposes of use of personal information handled by the Company in the course of its business activities are as follows. [General Purposes]

• To respond to enquiries and contact customers.
• To sell or provide software, hardware, and related services.
• To announce and confirm registration for events and seminars.
• To provide e‑mail distribution services.
• For marketing and analytical purposes.
• To handle other various enquiries.

[Purposes related to the Excert, an online examination platform (the “Service”)]

• Authentication necessary to provide the Service (user identification).
• Improvement and creation of questions and lectures managed within the Service.
• Provision of information to organizers and subcontractors for operating examinations and lectures.
• Provision to systems integrated with the Service (video calls, chat, etc.).
• Analysis of application data and examination‑result data for examinations and lectures provided through the Service, and preparation of related statistics.
• Investigation, improvement, and expansion of Service systems and development of new services.
• Settlement of fees related to examinations and lectures.
• Shipment and confirmation of materials or products.
• Notices and information (including advertisements) to users.
• Provision of examination results, learning outcomes, etc.
• Responses to users’ enquiries and consultations.

The Company may use personal information as a means of communicating with you arising from these services, as well as related information and various notices derived from these services. In addition, the Company may correlate and use information related to personal information such as web page browsing and search history, location information, access analysis data, cookies, etc., collected from third party tools (affiliate sites, data analysis tool providers, advertising distribution partners, etc.) to third parties in conjunction with the application information held by the Company. In the event that the customer's consent is required by Act on the Protection of Personal Information to link personally identifiable informationwith the application information held by the Company, such information will be linked only after the customer has consented to this Privacy Policy in accordance with Act on the Protection of Personal Information and related guidelines.

2. Provision of personal Information to Third Parties The personal information you register (such as your name, telephone number, and e-mail address) will be provided—via the Service’s administration interface—to the organizations or companies that administer examinations through the Service, to the educational institutions or companies that provide lectures, and to the companies entrusted with operating any of the foregoing.

The personal information provided to the organizations, companies, or institutions described in the preceding item will be used by each of those entities in accordance with its own purpose of use and privacy policy.

With respect to outsourcing of personal information, the Company may entrust the processing of personal information to third parties to the extent necessary to achieve the purpose of use set out in this Privacy Policy.

3. Outsourcing of personal Information Handling The Company may outsource part or all of the handling of personal Information it obtains from this form. The Company conducts selection and evaluation of contractors as subcontractors from the perspective of the Protection of Personal Information. Credit-Card Information The purpose for which the Company acquires credit-card information (cardholder name, card number, expiry date, and security code), the name of the acquirer, the recipient, and the retention period are as follows.

Purpose of use To settle, by credit card, the fees for examinations, learning services, and other items for which you have applied.

Information acquirer IBT Research Institute Inc. (Credit-card information is not stored in our systems.)

Information recipient The Company provides the information to the following company and outsources the payment processing:

Contractor: Stripe Japan Inc.

Retention period The Company does not retain credit-card information.

Note If the card issuer you use is located outside Japan, the information described above may be transferred to the country in which that issuer is established. Because the Company cannot determine which issuer you use or the country in which it is located, the Company cannot provide details on: -the name of the destination country -that country’s personal-data-protection regime -the data-protection measures taken by the issuer

For your reference, country-by-country information on personal-data-protection systems is available on the personal information protection commission’s website (https://www.ppc.go.jp/) . If you are a minor, you may use the service only with the consent of a parent or legal guardian.

Convenience-Store Payments When a user selects convenience-store payment, the recipient of the information and the information provided are as follows.

Information recipient The Company provides the information to the following company and outsources the payment processing:

Contractor: DG Financial Technology Inc.

Information provided Name and telephone number.

4. Management of personal Information In order to keep personal Information accurate and up-to-date, and to prevent unauthorized access to, loss, damage, falsification, or leakage of personal Information, the Company implements the following safety control measures and strictly manage personal Information. (Establishment of basic policy) To ensure appropriate handling of personal data, the Company establishes a Basic Policy on Information Security. (Organizational security control measures) a) The Company maintains a handbook, personal information protection regulations, and manuals that stipulate the proper handling of personal information. b) The Company shall establish a reporting and communication system from employees to responsible persons. c) The Company periodically conducts self-inspection and audits by other departments or outside parties with respect to handling of personal data. (Human security management measures) The Company conducts periodical training for employees on matters to be considered in handling personal data. (Physical security management measures) a) The Company will implement measures to ensure that personal data cannot be easily accessed by anyone other than employees who are authorized to handle personal data and the individual concerned. b) The Company will restrict and control access to the office space using security cards and other means. (Technical security management measures) a) The Company implements access control to restrict the scope of person in charge and the scope of personal information database etc. handled thereby b) The Company implements mechanisms for robust communication and encryption to protect against unauthorized access and database encryption to prevent leakage.

5. Voluntary Nature of Provision Providing personal information is voluntary. However, if you do not provide personal information, the Company may not be able to respond accurately to your inquiry.

6. Automatic Acquisition The Company does not obtain personal information through methods (cookies, web beacons, etc.) that cannot be easily recognized by you.

7. Requests for Disclosure, etc. of personal Information With respect to retained personal Information, when the individual requests notification of the purpose of use, disclosure of personal Information or records of provision to third parties, correction, addition, or deletion of content of personal information, or cessation of use, deletion, or cessation of provision to third parties of personal Information (hereinafter referred to as “Disclosure, etc.”), the Company will conduct an internal investigation of the personal Information and respond without delay. However, depending on the content of the request, the Company may not be able to respond to the Disclosure, etc. In such cases, the Company will respond with the reason. For each request for disclosure of personal Information or notification of the purpose of use, an administrative fee of 1,000 yen will be charged, inpostage stamps. Please contact the following reception desk for requests for Disclosure, etc. of retained personal Information. After receiving your contact, the Company will send you a “Request Form for Disclosure, etc. of Retained Personal Data” by mail, fax, or e-mail. Please fill out the form, enclose the necessary documents, and send it by mail or e-mail. (The sender is responsible for the cost of sending the form.) After confirming your identity (or that of your representative), the Company will respond to your request by the disclosure method of your choice.

8. Enquiries Desk IBT Research Institute Inc. – Personal Information Enquiries Desk Address: 3F, Spline Aoyama Tokyu Building, 3‑1‑3 Minami‑Aoyama, Minato‑ku, Tokyo, Japan E‑mail: info@ibt-souken.com

Note: This is an English convenience translation. The Japanese version prevails.