Dentsu Digital Inc.

The Company hereby sets forth, as follows, the handling policy for information relating to identified or identifiable individuals residing within the borders of the European Union, including the member countries of the European Union, as well as Iceland, Liechtenstein, and Norway, based on the European Economic Area Agreement (hereinafter referred to as the "EU") (hereinafter referred to as "EU Resident Data," and any natural person who is the subject of EU Resident Data shall be referred to as the "EU Resident Data Subject").

Regarding the handling of EU Resident Data, the provisions of Article 1 "Compliance with Laws and Regulations and Continuous Improvement," Article 2 "Proper Management of Personal Information," Article 3 "Handling of Personal Information," Article 4 "Respect for Individual Rights," and Article 5 "Handling of Complaints and Consultations" of the Personal Information Protection Policy shall apply.

1. Where the Company is a Data Controller

(1) Obtaining Consent

When handling EU Resident Data as a Data Controller under the General Data Protection Regulation (hereinafter referred to as the "GDPR"), the Company shall, except in cases where there exists a legal basis for such handling apart from the consent of the EU Resident Data Subject, clearly state to the EU Resident Data Subject the purpose of handling the EU Resident Data and other matters that must be notified under the GDPR, and obtain clear consent from the EU Resident Data Subject regarding such handling.

When the Company provides an explanation regarding the handling of EU Resident Data upon obtaining consent, it shall use clear and plain language and clearly specify the details of the handling of such data in an understandable and easily accessible form and in a way that is clearly distinguishable from other matters.

(2) Maintaining Records of Consent

The Company shall maintain records of consent regarding the handling of EU Resident Data obtained from EU Resident Data Subjects in order to be able to present the same when the Company is required to present proof of such consent.

(3) Requests from EU Resident Data Subjects

In the event that an EU Resident Data Subject exercises rights granted under the GDPR or otherwise makes a request under the GDPR in connection with EU Resident Data handled by the Company, the Company shall respond thereto in accordance with the provisions of the GDPR.

2. Where the Company is a Data Processor

In the event that the Company handles EU Resident Data as a Data Processor under the GDPR, the Company shall handle such EU Resident Data appropriately, in accordance with the instructions of the Data Controller of such EU Resident Data.

3. Contact Information

For requests and inquiries concerning the exercise of rights granted to data subjects under the GDPR in connection with EU Resident Data handled by the Company as a Data Controller, please contact the following. In responding to such requests and inquiries, the Company will verify that the requester is the data subject or such person's representative.

Established on July 1, 2019
Revised on June 1, 2026