Established on December 11, 2012
Revised on March 8, 2013
Revised on June 22, 2015
Revised on December 7, 2015
Revised on May 30, 2017
Revised on September 25, 2017
Revised on February 1, 2018
Revised on April 1, 2022
Revised on July 1, 2022
Revised on December 12, 2022

2. Acquisition of Personal Information

1. The Company shall acquire personal information by legitimate and appropriate methods to the extent necessary to achieve the purpose of use stated in Article 3 below. The Company will not acquire personal information through deception or wrongful means.
2. The Company shall, upon acquiring personal information, publicly announce the purpose of use in advance, or notify the person of the purpose of use or publicly announce the purpose of use promptly after acquiring such information. Furthermore, when the Company acquires personal information directly stated in a document from a person, the Company will expressly notify the person of the purpose of its use in advance. However, the notification, publication and express notification of the purpose of use may be omitted in the event that the purpose of use is apparent considering the circumstances of the acquisition of the information or if it is otherwise permitted to do so under the laws and regulations.
3. Notwithstanding the above, the Company shall acquire no "special care-required personal information" as defined under the Personal Information Protection Act, without the prior consent of the person related to such information unless such acquisition is treated as an exception by laws and regulations. The Company shall acquire no “sensitive information” as defined in the Guideline on Protection of Personal Information in the Financial Industry unless such acquisition is treated as an exception under the Guideline.

3. Purpose of Use of Personal Information

1. The Company shall, in order to conduct the asset management business (the management of the assets is entrusted to the Company) for GLP J-REIT (the “Investment Corporation”), excluding those cases where prior consent has been obtained from the relevant person or where it is treated as an exception by the laws and regulations, etc., use personal information to the extent necessary to achieve the purpose of use provided below. The Company will not use personal information in a manner that may encourage or induce illegal or unjust acts:
   • Exercise of rights of unitholders and performance of obligations of the Investment Corporation under the Act on Investment Trusts and Investment Corporations (the “Investment Trust Act”) and other related rules and regulations.
   • Management of unitholders’ information such as preparation of data for the register of unitholders of the Investment Corporation that is prepared pursuant to the Investment Trust Act and Investment Corporations and other laws and regulations.
   • Borrowing of funds by the Investment Corporation, the issuance of investment corporation bonds and additional issuance of investment units, etc. of the Investment Corporation.
   • Response to inquiries or requests for information materials, etc.
   • Research analyses and studies, etc., for the management of the assets of the Investment Corporation.
   • The acquisition and disposition of the assets by the Investment Corporation and the performance of the operations in relation to the lease and management of real estate.
   • Performance of IR activities of the Investment Corporation and performance of operations relating to general business matters etc.
   • Appropriate and seamless execution of the asset management business of the Investment Corporation.
   • Implementation of businesses incidental or relating to each of the preceding items above.
2. Notwithstanding the above, the Company shall use any “Specific Personal Information, including the Individual Number of said Person” as defined in the My Number Act only to the extent necessary to achieve the purpose of use provided below:
   • For creating legal statements and other documents on which the individual number of a person is required to be indicated by laws and regulations; or
   • For administering withholding taxes, making reports, requests and any other documents in relation to social insurance programs, labor insurance programs, company pension plans or any other similar program.

4. Restriction on Provision of Acquired Personal Information to Third Parties

1. The Company will not provide personal data to any third parties without obtaining the prior consent of the relevant person, except in the following cases:
   • Cases where disclosure is conducted in accordance with applicable laws and regulations
   • Cases where the provision of personal data is necessary for the protection of the life, body, or property of an individual and it is difficult to obtain the consent of the relevant person
   • Cases where the provision of personal data is necessary for the improvement of public health or the promotion of sound development of children and it is difficult to obtain the consent of the relevant person
   • Cases where the provision of personal data is necessary for cooperating with a governmental organization, a local government, or someone acting at their request in conducting matters prescribed by laws and regulations, and there is a risk that obtaining the consent of the relevant person may become an obstacle to conducting such matters
   • Cases where personal data is provided to shared-users in accordance with Article 5 below.
   • Cases where the Company outsources the handling of personal data to a third party in accordance with Article 7 below.
   • Cases where provision or disclosure of personal data is permitted by the Personal Information Protection Act
2. Notwithstanding the provisions above, if the Company provides personal data to any third party outside Japan, the Company shall obtain prior consent from the person related to such personal data unless such provision is permitted by law. The Company will never provide the Personal Number and Specific Personal Information to a third party, whether the relevant person provides his/her consent or not, with the exception of instances stipulated in laws and regulations.

5. Shared Use within the Group

The Company may occasionally share personal data possessed by the Company with the following shared-users only when necessary and to the following extent:

• Shared user
  GLP Group including GLP Capital Partners Japan Inc.
• Purpose of Use by Shared-user
  For research and analysis, data collection, notification, provision of information necessary for operations performed by the GLP Group and provision of information on products, services and other information of the GLP Group
• Personal data used by shared users
  Includes name, address, e-mail address, date of birth and telephone number, details and background of transactions, and other personal data to the extent necessary to fulfill the above-mentioned purpose of use
• Entity responsible for the management of personal data
  The Company

6. Safety Control Measures

The Company will manage personal data by taking necessary and appropriate safety control measures (systemic security control measures, human security control measures, physical security control measures, technical security control measures, and understanding the external environment) pursuant to laws and regulations as well as guidelines for the prevention of leakage, loss or damage of personal data that the Company handles and for other safe management of personal data. For specific inquiries on the security control measures, please see Article 10. Contact Information for Inquiries.

7. Outsourcing the Handling of Personal Data

The Company may outsource the handling of personal data to third parties within the necessary scope to achieve the purposes of use. In that case, the Company will select a party that is considered to appropriately handle personal data as an outsourcing contractor, and will properly stipulate in the outsourcing agreement the security control measures, confidentiality, conditions for subcontracting, return of personal data at the end of the outsourcing agreement, and other matters related to the handling of personal data, and shall take the measures necessary to exercise appropriate management and supervision over such third parties.

8. Reporting of Leakage, etc.

In the event of a leakage, loss, damage, or other incident related to ensuring the security of personal data handled by the Company which is prescribed by the Enforcement Regulation of the Act on the Protection of Personal Information (the "Personal Information Protection Act Enforcement Regulation") to be highly likely to harm the rights and interests of an individual, the Company shall, as required by the Personal Information Protection Act Enforcement Regulation, report to the Personal Information Commission to the effect that such event has occurred; provided, however, that this shall not apply if the Company has been outsourced all or part of the handling of the said personal data by another personal information handling business operator and has notified the said personal information handling business operator of the occurrence of the event, as prescribed by the Personal Information Protection Act Enforcement Regulation.
In the cases stipulated above (excluding when the notice as stipulated in the proviso above is given), the Company will notify the person to the effect that such event has occurred, as prescribed by the Personal Information Protection Act Enforcement Regulation; provided, however, that this shall not apply if it is difficult to notify the person and alternative measures necessary to protect the person's rights and interests are to be taken.

9. Procedures for Disclosure, etc. of Retained Personal Data

With respect to the personal data retained by the Company, regarding requests for notice of the purpose of use of the retained personal data, disclosure of the retained personal data, correction, addition, or deletion of the contents of the retained personal data, discontinuance of use of the retained personal data or deletion thereof, or discontinuance of provision of the retained personal data to a third party or disclosure of a record of provision to a third party (collectively, “disclosure, etc.”), the Company shall endeavor to respond appropriately and promptly in accordance with the laws and regulations, upon confirming that the request is made by the relevant person. Please direct any inquiries regarding this matter to the inquiry desk provided in Article 10 below. Please note that a request for disclosure of personal information may require payment of an actual fee.

10. Contact Information for Inquiries or Complaints regarding the Handling of Personal Information

Inquiries regarding the handling of personal information, inquiries regarding the details of measures taken by the Company for the secure control of the retained personal data, requests for disclosure, etc., of the retained personal data and complaints can be made as follows:

Procedure

Please contact the inquiry desk below. You will be provided with information on necessary procedures.

Inquiry Desk

Contact	GLP Japan Advisors Inc.
Address	2-2-1, Yaesu, Chuo-ku, Tokyo 104-0028, Japan
TEL	+81-3-6897-8810
Business hours	9:00 a.m. – 6:00 p.m. (except for Saturdays, Sundays, public holidays, and year-end and New Year's holidays)

11. Name, Address, and Name of the Representative Person of the Personal Information Handling Business Operator

Name	GLP Japan Advisors Inc.
Address	2-2-1, Yaesu, Chuo-ku, Tokyo 104-0028, Japan
Representative	Yuma Kawatsuji, President

12. Authorized Personal Information Protection Organization

The following Authorized Personal Information Protection Organization also accepts the complaints and requests for consultation regarding the protection of personal information.

Authorized Personal Information Protection Organization

Name	The Investment Trusts Association　Investor Advisory Office
TEL	＋81-3-5614-8440

The Company shall revise this Policy to continuously improve its content. This policy may also be revised due to amendments to the laws and ordinances or other reasons.