Waqoo, Inc. Waqoo, Inc. provides services, planning and management, product development, wholesale and retail, sales advertising strategies, and distribution, and delivers numerous products to end users in Japan and abroad. We co-create with our customers and pursue customer experience value in order to create not a transient boom, but a brand that will be loved for a long time and continue to be close to users. We develop products that do not compromise on quality or price, while at the same time enhancing the intrinsic value of the brand.

In developing this business, we believe it is necessary for all employees to recognize the importance of the information assets entrusted to us mainly by our customers. We believe that the protection of information assets entrusted to us by our customers, as well as the personal information of our employees, is essential to avoid various risks that may arise, and that the daily work of each and every employee, always keeping in mind the maintenance and improvement of information security, will strengthen the credibility of our company. We are also committed to preventing accidents, incidents, and inconveniences related to the protection of information.

１．We will establish an information security management system, and with the ISMS manager in charge, accurately grasp the actual operation of our information system, take necessary measures to improve information security from both technical and operational perspectives, maintain and continuously improve the ISMS (Information Security Management System), and ensure that our information security management system is up-to-date. We will maintain and continuously improve the ISMS (Information Security Management System).

２．We will establish risk assessment criteria and a risk assessment mechanism, and define a systematic approach to risk assessment based on these criteria. We will conduct risk assessments that identify threats and vulnerabilities to information assets and clarify security requirements, with particular emphasis on confidentiality for customer information assets and employee personal information within the company, integrity for know-how accumulated within the company, and availability for our information systems.

３．Internal auditors periodically audit the status of compliance with the information security policy, ISMS manuals and procedures, implementation of risk response plans, and legal compliance in each division of the Company every year.

４．We will provide the necessary training and education to all employees to ensure that they are fully aware of information security.

５．We will comply with and conform to laws, standards, and other norms related to information security, including the Personal Information Protection Law, the Unauthorized Computer Access Prohibition Law, and copyright laws.

６．The framework of our information security objectives is set forth in the "Security Objectives Management Sheet.

Date of enactment February 8, 2024

Waqoo, Inc.

President and Representative Director Bumpei Samata