SQUEEZE Inc. (hereinafter referred to as “the Company”) hereby establishes this Privacy Policy (hereinafter referred to as “the Policy”) with respect to the handling of personal information of customers (including members, users, and guest users of the accommodation services provided by the Company under the names “Minn,” “Theatel,” the reservation-related services “suitebook” and “suitebook checksmart” (collectively, the “Services,” including similar services to be provided by the Company in the future), as well as persons involved in business dealings with the Company, job applicants, and shareholders; collectively referred to as “Data Subjects”) in connection with the Company’s operations and services (collectively, the “Services, etc.”). The Company shall not acquire or use personal information of Data Subjects except in accordance with the Policy or individual privacy policies separately established under the Policy. The Company shall also take necessary and appropriate security measures to prevent leakage, loss, or damage of personal information, and shall supervise its employees accordingly.

1 Definition of personal information, etc.

(1)In the Policy, “personal information” and “personally identifiable information” mean “personal information” and “personally identifiable information” as defined in the Act on the Protection of Personal Information (hereinafter referred to as “Personal Information Protection Act”, including its amendments), respectively.
(2) In the Policy, “Data Subject” means a specific individual identified by Personal Information.

2 Individual Privacy Policies

In the event of any inconsistency between the Policy and an individual privacy policy separately established, the provisions of the individual privacy policy shall prevail.

3 Consent of the Data Subject

By providing personal information to the Company in connection with use of the Services, the Data Subject shall be deemed to have validly consented to the contents of the Policy.

4 Personal information to be collected

(1) The Company may ask members, users, and guest users of the Service (hereinafter collectively referred to as “Users, etc.”) to provide the following information: name, age, gender, date of birth, occupation, address, telephone number and e-mail address, names of hotels where the User has stayed through the Service, and nationality and passport number (if the User reports that he/she is a foreigner).
(2) Where the User wishes to link the Services to SNS platforms specified in Article 5, paragraph (1)(g), the Company may collect user data registered with the SNS provider (excluding passwords), and internet usage data such as website browsing history, search keywords, ad viewing and click history, browsing time, browser type, cookie data, and IP address, etc. – either via cookies or through third-party service providers.
(3)The Company may collect the following information from individuals who are representatives of our business partners and from job applicants (hereinafter collectively referred to as “Representatives, etc.”): full name, age, gender, date of birth, address, telephone number, and email address. In the case of job applicants, the Company may also collect educational background, employment history, facial photographs, and other information typically included in a resume. Please note that the Company does not routinely delete the personal information of applicants who are ultimately not hired.
(4)The Company uses security cameras as a security system in the operation of this service, and the Company may collect information (appearance, behavior history, etc.) captured by the security cameras.

5 Purposes of the Use of Personal Information

(1) The purposes for which the Company uses the personal information of users, etc., are as follows:
(a) Provision, management, and operation of the Services and related support
(b) Provision, management, and operation of the Company’s official websites for the Services (currently including: https://staytuned.asia/, https://app.suitebook.io/, https://app.suitebook.cloud/) and related support. These websites may change over time, and such changes shall be notified through updates to the Policy.
(c) To contact the Users, etc. as necessary for them to use the Service or the Site.
(d) Responses to inquiries, requests for materials, etc. from the Users requests.
(e) In the event that the User becomes a party to a contract with the Company, preparation for and performance of said contract, and any other actions necessary for said contract.
(f) To conduct sweepstakes and campaigns.
(g) In the event that a User wishes to link with the following SNS services (*) operated by a third party other than the Company, and the Service or the Site is capable of doing so, display of the registration information on such SNS services on the Service or the Site * Display of the registration information on the SNS services operated by Meta Platforms, Inc. (former name: Facebook, Inc.), “Instagram” operated by Meta Platforms, Inc. In such cases, users will be notified by means of a change in this policy. In addition, this policy shall not be affected by any change, merger, or split-up of the operating companies of any of the above services.
(h) Improvement of the Service and development of new services, such as customer analysis, marketing, and development of products and services.
(i) Ensuring the security of the Services.
(j) Other purposes incidental to the purposes of use described in the preceding items.
(k) In the event that MHI acquires personal information as a result of the succession of business from another business operator handling personal information due to a merger or otherwise, to the extent necessary to achieve the purposes of use before the succession (limited to personal information acquired as a result of the succession of business).
(2)The purposes for which we use the personal information of the Representatives, etc.:
(a) Contact necessary for transactions with us
(b) In the event that the supplier becomes a party to a contract with us, to prepare for and execute the contract, and for any other actions necessary for the contract.
(3) The purposes for which we use the personal information of job applicants are as follows:
(a) To provide various types of information related to recruitment activities (seminars, events, company information sessions, website announcements, etc.) and to accept applications
(b) Recruitment selection
(c) Administrative processing, such as communications related to employment selection
(d) Information on medical examinations at the time of hiring and procedures for entering the company, etc.
(e) Post-employment management.
(4) For Shareholders:
(a) Exercise of rights and fulfillment of obligations under the Companies Act
(b) Maintenance of shareholder records and related obligations under applicable laws and regulations
(5) For Inquiries (including document requests):
(a) Improving the Company’s customer service
(b) Accurately understanding and responding to inquiries
(c) Providing information on data management services
(d) Inviting participation in seminars and events
(e) Conducting surveys
(f) Distributing newsletters
(g) Marketing analysis in connection with the sale of data management services
(6) For Seminar/Event Participants:
(a) Accurately understanding and responding to inquiries
(b) Providing information on data management services
(c) Inviting participation in seminars and events
(d) Conducting surveys
(e) Distributing newsletters
(f) Marketing analysis related to data management services
(g) Use of event records (photos, videos, audio) for publicity, marketing, or promotional purposes
(7) Sensitive Information
Notwithstanding the preceding paragraphs, the Company will not acquire or use personal information regarding sensitive information such as medical history, income, family relationships, political views, religious beliefs (religion, ideology, and creed; the same below), labor union membership, race and ethnicity, family origin and domicile, health care and sex life, and criminal records, except as required by law or as necessary to achieve the purpose of appropriate operations.
(8) Use within Group Companies
The Company may share and use personal information collected under items (1) through (6) with its group companies (including its parent company and its subsidiaries or affiliates, as listed [here]) for related business operations.

6 Restrictions on use

(1) The Company will not handle personal information beyond the scope necessary to achieve the purposes of use without obtaining the prior consent of the Data Subject. However, the foregoing shall not apply in any of the following cases:
(a) When required by laws or regulations;
(b) When it is necessary for the protection of the life, body, or property of an individual (not limited to the Data Subject), and it is difficult to obtain the consent of the Data Subject;
(c) When it is particularly necessary for the improvement of public health or the sound upbringing of children, and it is difficult to obtain the consent of the Data Subject;
(d) When it is necessary to cooperate with a national or local government authority or a person entrusted thereby in the execution of legally prescribed duties, and obtaining the consent of the Data Subject is likely to hinder the execution of such duties.
(2) The Company will not use personal information in any manner that may promote or induce illegal or fraudulent activities.

7 Proper acquisition

The Company will acquire personal information in an appropriate manner and will not acquire it through deception or other wrongful means. We will also take care not to collect personal information from minors without the consent of their parents or guardians

8 Notification of Purposes of Use of Personal Information at the Time of Acquisition

(1) When acquiring personal information, the Company will either publicly announce the purpose of use in advance or notify the person of the purpose of use promptly after acquiring the personal information. However, this does not apply in the following cases:
(a) Cases in which notifying the person of the purpose of use or publicly announcing it may harm the life, body, property, or other rights or interests of the Data Subject or a third party ;
(b) Where notifying or publicly announcing the purpose may harm the rights or legitimate interests of the Company;
(c)Where it is necessary to cooperate with a national or local government authority in the performance of legally prescribed duties, and notifying or publicly announcing the purpose is likely to hinder such performance;
(d)Where the purpose of use is clearly understood from the circumstances of acquisition.
(2) Notwithstanding the foregoing, when the Company acquires personal information from Users in connection with their application to use the Services (including cases where such information is obtained indirectly through service providers), the Company shall, either directly or via the relevant service provider, clearly inform the User of the purposes of use set forth in the Policy in advance. This shall not apply in cases of urgent necessity for the protection of life, body, or property.

9 Changes to the Purposes of Use

If the Company changes the purpose of use of personal information, it will not do so beyond the scope that is reasonably considered to have a reasonable relationship with the purpose of use before the change and will notify the Data Subject or publicly announce the changed purpose of use. (This does not apply to cases (1)(a) through (d) of the preceding paragraph.

10 Safe Management of Personal information and Supervision of Employees

To prevent leakage, loss, or damage of personal information and otherwise ensure the safe management of personal information, we have established personal information protection regulations and provide necessary and appropriate supervision of our employees.

11 Supervision of Contractors

When the Company outsource all or part of the handling of personal information, the Company outsource will provide necessary and appropriate supervision to ensure that the outsourced company manages personal information safely, such as by including appropriate provisions for safety management in the contract with the outsourced company.

12 Restrictions on Provision to Third Parties

(1) The Company will not provide personal information to a third party without obtaining the prior consent of the individual, except in the following cases.
(a)When required by laws or regulations;
(b) When it is necessary for the protection of the life, body, or property of a person (not limited to the Data Subject), and it is difficult to obtain the consent of the Data Subject;
(c) Cases in which the provision of personal information is particularly necessary for improving public health or promoting the sound growth of children and in which it is difficult to obtain the consent of the Data Subject;
(d) When it is necessary to cooperate with a national or local government authority or a person entrusted thereby in the execution of legally prescribed duties, and obtaining the consent of the Data Subject is likely to hinder the execution of such duties;
(e) Any other case permitted by applicable laws and regulations.
(2) Except in the following cases, the Company will not provide personal information to third parties in a foreign country without obtaining the prior consent of the Data Subject:
(a) When the third party is located in a country specified in the Notification No. 1(*) of the Personal Information Protection Commission of Japan, 1991 ※ https://www.ppc.go.jp/files/pdf/190123_h31iinkaikokuji01.pdf
(b) When any of the preceding clauses (a) through (d) applies. The “laws and regulations” referred to in the preceding paragraph (a) shall mean the laws and regulations of Japan.
(3)When providing personal information to a third party, the Company shall keep a record (the “Third Party Provision Record”) of the following information:
(a) Name, address, and representative (in the case of a legal entity) of the third party;
(b) Name and other identifying information of the Data Subject;
(c) Details of the personal information provided. However, this shall not apply where the User voluntarily provides personal information to another hotel through actions taken by the User via the Services.
(4) When the Company receive personal information from a third party (including a third party in a foreign country), the Company will confirm the name, address, location, and representative (if the third party is a corporation) , and the circumstances of acquisition of the personal information by the third party, in accordance with the rules of the Personal Information Protection Commission.
(5) Notwithstanding paragraphs (1) and (2) above, the recipient of personal information shall not be deemed a “third party” in the following cases, and the Company may provide personal information accordingly:
(a) When the Company outsource all or part of the handling of personal information within the scope necessary to achieve the purpose of use;
(b) When personal information is provided as a result of the succession of business due to merger or other reasons;
(c) When jointly using personal information with specific persons, and the Data Subject has been notified or placed in a position to easily know the scope of such joint use, including the purpose, items of data, scope of joint users, and the party responsible for management.
(6) The Company willl not provide sensitive personal information—such as medical history, income, family relationships, political opinions, religion, union membership, race, ethnicity, lineage, registered domicile, health or sex life, or criminal records—to third parties, except were permitted by law or essential for legitimate business purposes.
(7) Notwithstanding paragraphs (1) and (2), with the Data Subject’s consent, the Company may provide hashed personal data (email addresses and phone numbers that are irreversibly hashed by the Company) to the following entities (including those located outside Japan) for the purpose of delivering personalized advertising, measuring its effectiveness, and conducting related analysis
Recipients: • Meta Platforms, Inc. (California, USA) • Google LLC (California, USA) • LINE Yahoo Corporation (Japan) • Microsoft Corporation (Washington, USA) • TikTok Inc. (California, USA) • TikTok Pte. Ltd. (Singapore) • X Corp. (Texas, USA) • Amazon.com, Inc. (California, USA) • Snap Inc. (California, USA) • Reddit, Inc. (California, USA)
The personal data provided will consist solely of hashed email addresses and phone numbers, which are irreversibly processed by the Company and cannot be converted back to their original form.

13 Joint Use of Personal Information

The Company may jointly use personal information as follows:
(1)Items of Personal Information Subject to Joint Us
Information specified in Article 4 “Personal Information Collected”
(2)Purposes of Joint Us
Purposes specified in Article 5 “Purposes of Use of Personal Information”
(3)Scope of Joint Users
The Company’s group companies (details available [here] )
(4)Entity Responsible for Management
The Company

14 Creation, etc. of anonymized processed information

(1) In accordance with the standards set forth in the Personal Information Protection Law, we process users’ information to create anonymized processed information (as defined in the Personal Information Protection Law). Examples of such processing are as follows
(a) Deletion of descriptions that can identify specific individuals
(b) Deletion of personal identification codes
(c) Deletion of codes that interconnect information
(d) Deletion of specific descriptions
(e) Other measures based on the nature of the personal information database, etc. (as defined in the Personal Information Protection Law).
(2) The items included in the anonymized processed information processed by the Company are as follows
(a) Personal attribute information (age, gender, occupation, address, and nationality)
(3) When we provide anonymized processed information created by us to a third party, we will provide the following items in the following manner for the following purposes.
(a) Purpose
(i) To create statistical information for our affiliated companies.
(ii) To develop or improve new products and services or new features of existing products and services.
(b) Item (2) above
Items described in (2) above
(c) Method of provision: We will provide the information in an encrypted and secure manner by electromagnetic means.
(4) The Company shall supervise employees who handle anonymized processed information to ensure that security control measures are implemented in accordance with the Company’s internal rules.

15 Public Disclosure of Personal Information-Related Matters

The Company will make the following matters concerning personal information available to Data Subject and respond to Data Subject without delay upon their request. However, this does not apply to matters that are publicly disclosed in accordance with the express provisions of the Policy:
(a) Name, address, and representative name of the business handling personal information: SQUEEZE Inc., 1-52, Sakae-machi, Kitahiroshima-shi, Hokkaido, Japan Representative Director: Shinichi Tatebayashi
(b) Purpose of use of personal information As described in Article 5.
(c) Contact point for inquiries regarding personal information As described in Article 23.
(d) Procedures for responding to requests for notification or disclosure of purposes of use of retained personal data, and applicable fees: As stated in Articles 16~19: Fee: 1,000 Yen
(e) Measures taken for the secure management of retained personal information (excluding those that may impede the secure management of said personal information by making them accessible to the person) As per Articles 10 and 11.

16 Disclosure of Personal Information

When the Company receives a request from a Data Subject for disclosure of his/her personal information or records provided to a third party, the Company will disclose such information to the Data Subject without delay. However, the Company may decide not to disclose all or part of the information if any of the following applies.
(a) If there is a risk of harm to the life, body, property, or other rights or interests of the person concerned or a third party.
(b) If there is a risk of significant hindrance to the proper conduct of our business.
(c) If it would violate other laws or regulations.

17 Correction, etc. of Personal Information

When the Company receives a request from the Data Subject to correct, add, or delete (hereinafter referred to as “correct, etc.”) his/her personal information on the grounds that it is untrue, the Company will, except in cases where special procedures are required by other laws and regulations, conduct the necessary investigation without delay to the extent necessary to achieve the purpose of use, and based on the results, correct, etc. the content of the personal information and then notify the Data Subject to that effect.

18 Suspension of Use of Personal Information, etc.

If the Company receives a request from the Data Subject to cease use of or delete his/her personal information (hereinafter referred to as “cease of use, etc.”) on the grounds that such personal information has been handled beyond the scope of the purpose of use publicly announced in advance, or that such information has been obtained through deception or other wrongful means, the Company will conduct the necessary investigation without delay, and based on the results of the investigation, the Company will cease use of the personal information and notify the Deta Subject to that effect, If the Company requests the suspension of use or deletion of personal information (hereinafter referred to as “Suspension of Use, etc.”), the Company will conduct the necessary investigation without delay, and based on the results, will suspend the use of the personal information and notify the person to that effect. However, if it is difficult to suspend the use of personal information due to the large cost involved or other reasons, and alternative measures necessary to protect the rights and interests of the individual can be taken, such alternative measures will be taken.

19 Explanation of Reasons

If, despite your request, we decide to do any of the following and notify you to that effect, we will endeavor to explain the reasons for such decision:
(a) Not to notify you of the purpose of use,
(b) Not to disclose all or part of your personal information,
(c)Not to correct, etc., stop using, etc., or stop providing to a third party your personal information
(d) To take other measures that differ from your request.

20 Security Control Measures

The Company shall implement organizational, physical, human, and technical security measures to prevent unauthorized access, loss, destruction, alteration, or leakage of personal information. Such measures include restricting access to personal information files, logging access, and implementing security controls against external threats. In the event of an incident involving leakage or similar issues, the Company shall promptly report to the relevant authorities in accordance with the APPI and applicable guidelines and take necessary measures, including recurrence prevention. For details of these security measures, please contact the point of contact listed in Article 23.

21 Privacy policy changes

The Company will amend this Policy as necessary. Unless otherwise specified by the Company, the revised Policy shall take effect from the time it is posted on the Website.

22 Handling of cookies, IP addresses and tracking

The Company handles cookies and IP addresses appropriately as Personally Related Information. The Company uses cookies to manage and maintain the provision of content on the Site, to consider new services, to manage login information, and to deliver advertisements. Data Subjects may disable cookies by changing the settings on their web browsers. However, if you choose to disable cookies, you may not be able to use certain portions of the Site. The Company may continue to track your activities on the Site for purposes of our customer support, analytics, research, product development, fraud prevention, risk assessment, legal compliance, and investigation, to the extent that such information constitutes Personally Related Information.

23 Contact for Inquiries

1-52, Sakae-machi, Kitahiroshima-shi, Hokkaido 061-1133 Japan
SQUEEZE Inc. Privacy Policy Management
Contact via e-mail: hcm@squeeze-inc.co.jp

Revised on July 24, 2025