Privacy Policy

1. Categories of personal information subject to processing

Wavedash processes the following personal information of our customers.

- Registration information (your name, username, e-mail address, address, country of residence, date of birth, password, telephone number, device language settings, and payment methods)

- Service information (usage histories and payment histories for the Services of customers who have used them, and other personal information collected by Wavedash in connection with the Services (if required by applicable laws and regulations, Wavedash shall obtain such personal information after separately notifying the customers))

- Cookies and other online identifiers of customers who have accessed the Websites (including access tokens and refresh tokens of customers who have used the Services, IP addresses, provider information, terminal information, and web browser information of customers who have accessed the Websites) and attribute information of customers who have accessed the Websites (such as age, gender, interest categories, affinity categories, and in-market segments). For more information about interest categories, affinity categories, and in-market segments, please visit About Demographics and Interests - Analytics Help (google.com)

- Contact information (First and last names, e-mail addresses, inquiry items, and inquiry details of customers who have contacted Wavedash)

- Inferred information (information that infers customer preferences and interests based on the personal information of our customers)

- In addition to the above, we may also collect any other information you voluntarily provide to us while using the Services.

2. Purpose of collection and processing

Wavedash may process the personal information of our customers for the following purposes:

- to register for the Services and conduct identity authentication when using the Services;
- to manage customers of the Services;
- to provide, operate, and maintain the Services;
- to invoice customers when any charges are incurred for the Services;
- to prevent and respond to misconduct regarding the Services;
- to provide and introduce after-sales services for the Services;
- to conduct questionnaires and campaigns regarding the Services;
- to conduct research and analysis of marketing data and to examine and implement marketing measures;
- to provide, solicit, advertise, and otherwise market the products or services of Wavedash or our affiliated companies or partner companies in accordance with customer preferences and interests based on an analysis of the attributes and behavioral history of customers using the Services;
- to analyze the attributes of customers who accessed the Websites and personalize and improve our customers’ experience when they access the Websites;
- to improve the Services and plan and develop new services;
- to maintain the Websites, diagnose server problems, and fix faults;
- to respond to inquiries made by customers and to contact customers, etc.;
- to respond to disputes and litigation and to comply with our legal obligations;
- to develop new services and to use as a reference in order to acquire new content;
- to prepare statistical information and other non-personal information;
- with your consent, or as otherwise disclosed at the time information is collected;
- for our recordkeeping purposes;
- for training employees;
- to maintain the security of the Services and the Websites including for preventing fraud and cyber-attacks;
- to provide such customer personal information to third parties by the methods stated in this Global Privacy Policy;
- other operations required for providing the Services and services incidental thereto; and
- for other purposes permitted under applicable laws and regulations.

3. Legal basis, etc. for processing

Wavedash processes your personal information in accordance with applicable personal information protection regulations. Please refer to the country-specific exhibits regarding the relevant legal basis for our processing.

The provision of your personal information may be mandatory for reasons such as being a statutory or contractual requirement or being a necessary requirement for entering into a contract. Specifically, the provision of personal information may be required as set forth below:

- The provision of registration information is a necessary requirement for entering into a contract with Wavedash and is mandatory as a contractual requirement. If you do not provide us with the personal information we require, Wavedash may not allow you to register as a member or use the Services.

- The provision of service information and strictly necessary online identifiers is mandatory as a contractual requirement. If you do not provide us with such personal information, Wavedash may not provide you the Services.

- The provision of contact information is mandatory as a contractual requirement. If you do not provide us with such personal information, Wavedash may not be able to respond to your inquiries.

- In other such cases where you do not provide us with your personal information despite such being a necessary requirement, Wavedash may not provide the Services (including the use of the Websites) to you.

4. Retention period for personal information

In order to decide the appropriate retention period for personal information, we consider the following: the volume, nature, and confidentiality of the personal information; the potential risk of damage caused by unauthorized use or disclosure of the personal information; the purposes for which we process the personal information and whether we can achieve those purposes by other means; and applicable legal requirements. If your personal information collected by us becomes no longer necessary, we will delete or anonymize your personal information, and if such measures are impracticable (for example, if your personal information has been stored in back-up archives), we will retain your personal information safely until its deletion becomes practicable and ensure that any new processing will not be conducted with respect to your personal information.

5. Sources of personal information

Wavedash obtains personal information from you when you provide it directly to us and, in some cases by automatic means, such as for cookies and other terminal online identifiers. Wavedash may also collect your personal information indirectly from third parties. For example, we collect analytics and attribution information from Website Traffic Analysis Service Providers, such as Google LLC. Furthermore, if a customer uses PayPal as their payment method when using the Services, Wavedash indirectly obtains the name, address, and e-mail address that such customer has registered on PayPal from PayPal Pte. Ltd. In addition, we may infer your preferences and interests based on your personal information.

6. Sharing and disclosure of personal information

Wavedash shares with and discloses customers’ personal information to the following third parties in order to fulfill the purposes of processing personal information as set out above.

○ Sharing with credit card issuing companies, etc.
- Your personal information may be provided to credit reference agencies, payment companies (such as PayPal Pte. Ltd.), payment agencies, and credit card issuing companies for the purpose of preventing unauthorized payment and implementing smooth transactions.

○ Sharing with partner companies
- Your personal information may be provided to third parties that jointly provide services for ticket sales, etc. with Wavedash for the purpose of confirming, reporting, or consulting, etc. on a transaction, investigating any fraud, etc. pertaining to a transaction, or conducting any marketing, etc. related to a transaction.

○ Sharing with group companies
- Your personal information may be provided to our parent company and other group companies of Wavedash.

○ Sharing with processors (service providers)
Your personal information may be provided to:
- Website Traffic Analysis Service Providers such as Google LLC;
- Cloud Service Providers retained by the Customer Support Outsourcing Company such as Google LLC;
- external investigative organizations, etc. for the purpose of investigating, detecting, preventing, and responding to any unauthorized use or the like of the Services; and
- other contractors and service providers of Wavedash.

○ Legal compliance, etc.
In some instances, Wavedash may be required to disclose your personal information to public and governmental authorities within or outside your country of residence in accordance with the law and/or requests from competent authorities. Wavedash will also disclose your personal information if such disclosure is necessary or appropriate due to law enforcement purposes or handling other issues of public importance. Wavedash will also disclose your personal information if such disclosure is reasonably necessary to protect our rights, to pursue available remedies, to enforce our Terms of Use, to investigate fraud, or to protect our operations or customers.

○ Other
In addition, we may also share personal information of our customers with other parties, including in the following cases:
- as part of an actual or potential corporate sale, merger, acquisition, reorganization, or other transfer of all or part of our assets, including as part of a bankruptcy proceeding;
- cases in which there is a need to protect Wavedash, a human life, body, or assets, and when it is difficult to obtain the principal’s consent;
- with your consent; and
- other cases permitted under applicable laws and regulations.

7. Overseas transfer of personal information

As a result of the above sharing and disclosure, your personal information may be transferred to the following countries:
- United States of America
- Singapore
- Japan

In such cases, Wavedash will take the proper protection measures required by the personal information protection regulations of each country. For the protection measures of each country, please refer to the country-specific exhibits.

○ Provision of information pursuant to the Personal Information Protection Act of Japan
Wavedash may provide the personal information of our customers to third parties in foreign countries for the purposes set out above in “Sharing with credit card issuing companies, etc.” with the consent of customers to this Global Privacy Policy. Information related to the foreign countries in which the third parties to whom we provide customer personal information are located is as follows. In addition, the third parties to whom we provide customer personal information comply and handle customer personal information in accordance with the legal restrictions related to personal information protection in the country in which they are located.
Country name: Singapore
Information related to personal information protection systems in that country: Please click here for details.

8. Safety management measures

For management of customers’ personal information, in order to prevent the unauthorized disclosure, loss, or damage thereof, Wavedash takes the necessary and appropriate management measures. In addition, if Wavedash handles personal information in a foreign country, Wavedash will take necessary and appropriate measures for the safe management of personal data after ascertaining the external environment such as systems regarding the protection of personal information in such foreign country.

9. Cookies and similar technologies

When a customer accesses the Websites and such customer enables cookies, etc. (including tracking technologies such as flash cookies and web beacons, and other technologies; “Cookies, Etc.”), Wavedash may automatically collect information about the PC, mobile phone, tablet, or other information regarding the communication devices used by the customer, etc. If Wavedash collects such information, Wavedash will handle the information as personal information. If you do not wish to use cookies or other tracking technologies, you may disable them by changing your web browser settings. Please refer to Exhibit: EEA (European Economic Area) and UK for the legal basis for processing cookies with respect to customers located or residing in the EEA (European Economic Area) and the United Kingdom.

○ Analytics cookies
We may work with third parties that collect data about your use of the Websites over time. For example, the system may use Google Analytics for analytics and marketing purposes. In Google Analytics, user information will be collected by using Cookies, Etc. For more information about how Google Analytics collects and uses data when you use the Website, visit https://policies.google.com/technologies/partner-sites?hl=en, and to opt out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout?hl=en.

10. Links, etc. to third-party websites

The Services may provide links to third-party websites or applications. We do not control the privacy practices of those websites or applications, and they are not covered by this Global Privacy Policy. You should review the privacy policies of other websites or applications that you use to learn about their data practices.

11. Rights of customers

Wavedash will respect the legal rights you hold regarding personal information protection regulations applicable to you. Customers subject to Japanese law may require disclosure of personal information, correction, addition, and elimination of content, suspension and erasure of usage, suspension of provision to third parties, and disclosure of records of provision to third parties in accordance with Japanese laws regarding protection of personal information. In addition, legal rights related to personal information laws will be applied to customers as applicable in their jurisdiction. For rights granted in each country, please refer to the country-specific exhibits. If you wish to exercise your rights, please make an inquiry using the contact in Article 13 (Contact Details) of this Global Privacy Policy.

12. Children’s personal information

We will not knowingly handle the personal information of children under the age of 18.

13. Contact Details

For questions, complaints, and other inquiries regarding the processing of personal information by Wavedash and this Global Privacy Policy, please contact the support desk stated below:

- E-mail address for inquiries: support@ticketsinjapan.com
Please refer to our corporate profile for our address and representative’s name.

14. Changes to this Global Privacy Policy

Wavedash may, in making changes to this Global Privacy Policy (including country-specific exhibits), change or add to all or part of this Global Privacy Policy by publishing such change or addition on the Websites, sending an e-mail thereof to customers, or giving notice by any other method that Wavedash deems appropriate (subject to applicable laws and regulations, if any). If there are any necessary procedures pursuant to personal information protection regulations that will apply after such change or addition, such procedures will be taken.

We encourage you to visit this page periodically to learn of any updates. You can see when this Global Privacy Policy (including country-specific exhibits) was last updated by checking the “last updated” date.

California

This California annex supplements the information contained in the Global Privacy Policy. This annex applies only to individuals residing in California.

Sources of Personal Information Collection

• Directly from you, such as when you complete our online forms, order a product or service, or otherwise engage with us;
• Through use of cookies and automated technologies that we have installed on the Websites and our other digital content that links to our Global Privacy Policy. For more information on our use of cookies and similar technologies, please review the “Cookies and similar technologies” section of our Global Privacy Policy; and
• From third parties. We may obtain your information from third-party sources, such as service providers and marketing partners.

Types of Personal Information Collected

The types of personal information we collected in the past 12 months may include:

• Identifiers, such as your name, date of birth, postal address, telephone number, email address, IP address, and other contact information.
• Information subject to protection under California law, such as the Identifiers above and our service providers may collect your credit card or debit card number.
• Commercial information, such as your purchase history, payment information including credit card numbers, and product reviews.
• Internet activity information, such as your IP address, device ID, device, or browser type, and browsing behavior.
• Geolocation data, such as your location inferred from your IP address, and other technologies to determine the approximate location of the devices from which you interact with us.
• Inferences, based on the information above to create profiles based on your purchasing habits.

Some of the information above may be considered Sensitive Personal Information, which we will use for legitimate business purposes, including to (i) perform services or provide goods reasonably expected by an average person; (ii) detect security incidents; (iii) resist malicious, deceptive or illegal actions; (iv) ensure the physical safety of individuals; (v) for short-term, transient use; (vi) perform or provide internal business services; or (vii) verify or maintain the quality or safety of a service or device. We do not sell or share (as defined under California law) any Sensitive Personal Information.

We may use and disclose personal information for the business and commercial purposes detailed in the “Purpose of collection and processing” and “Sharing and disclosure of personal information” sections of the Global Privacy Policy.

We retain your information as described in the “Retention period for personal information” section of the Global Privacy Policy.

We have not sold consumer information for any monetary value. However, our use of cookies, and tracking technologies may constitute “selling” or “sharing” under certain U.S. state consumer privacy laws. We have sold or shared the following categories of Personal Information with our advertising service providers and partners: Identifiers, Geolocation Data, and Internet Activity Information. We do not knowingly sell the Personal Information of minors under 18. To opt-out of targeted advertising, please use the “Do Not Sell or Share” link at the bottom of our home page, contact us at support@ticketsinjapan.com. For more information on opting-out, see the “Your California Rights” section below.

Shine the Light

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third-parties for direct marketing purposes and the names and addresses of all third-parties to which we disclosed personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

Your California Rights

If you are a California resident, you may have the following rights with respect to the personal information we process about you:

• Right to Know and to Access. You may have the right to request information about the categories of personal information we have collected about you, the categories of sources from which we collected the personal information, the purposes for collecting, selling, or sharing the personal information, and the categories of third-parties to whom we have disclosed your personal information, and the specific pieces of personal information we have collected about you.
• Right to Delete. You may have the right to request that we delete personal information that we have collected from you.
• Right to Correct. You may have the right to request that we correct inaccurate personal information that we maintain about you.
• Right to Opt-out of Sales or Sharing. You may have the right to opt-out of the “sale” or “sharing” of your personal information as such terms are defined by the California Consumer Privacy Act.
• Right to Non-Discrimination. Should you choose to exercise any of these rights, we will not discriminate against you in any way. If you exercise certain rights, understand certain features of the Services may be unavailable to you.

Exercising Your California Rights

To exercise a California data privacy right, please use the “Do Not Sell or Share” link at the bottom of our home page, contact us at support@ticketsinjapan.com.

You can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable law.

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g. phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

We will only use personal information ion provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity, and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

Contact Us

If you have questions about this notice or how we process your personal information, please contact us using the Contact Details section of the Global Privacy Policy.

Last updated: March 4, 2025

Additional U.S. States

These this annex supplements the information contained in the Global Privacy Policy. This annex applies only to residents of Nebraska and Texas.

Consumer Privacy Rights

You may have the following rights, subject to any applicable exemptions or limitations:

• Right to Access. You have the right to confirm whether we are processing your personal information and to access such personal information.
• Right to Correct. You have the right to request that we correct inaccurate personal information that we maintain about you.
• Right to Delete. You have the right to request that we delete your personal information under specific circumstances.
• Right to Opt-out. You have the right to object or opt-out of certain types of processing, including: (1) processing for the purpose of targeted advertising, (2) processing for the purpose of the sale of personal information, and (3) processing for the purpose of certain types of profiling and automated decision-making.
• Right to Data Portability. You have the right to request a copy of your personal information in an accessible format.
• Right to Equal Service. If you choose to exercise any of these rights, we will not discriminate against you in any way. If you exercise certain rights, understand that you may be unable to use or access certain features of our websites, services, or properties.
• Right to Appeal. If we do not grant your consumer request, you may have the right to appeal that denial.

You can exercise your privacy rights as described in “Submitting a Privacy Rights Request,” below.

Submitting a Privacy Rights Request

To exercise a data privacy right, please use the “Do Not Sell or Share” link at the bottom of our home page, contact us at support@ticketsinjapan.com.

Making a consumer request does not require you to create an account with us. Applicable law may limit the number of times that you can submit a particular request within a 12-month period. You can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable law.

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g. phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity, and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

Contact Us

If you have questions about this notice or how we process your personal information, please contact us using the Contact Details section of the Global Privacy Policy.

Last updated: March 4, 2025