Date Last Updated: April 3, 2023

DENSO CORPORATION (the “Company”) shall comply with Japanese Act on the

Protection of Personal Information, the law of the EU concerning the protection of Personal

Data including the GDPR and other related laws, ordinances and guidelines and

appropriately handle the Personal Data obtained from the user as follows for the protection

of the Personal Data.

If you are a California “consumer” within the meaning of the California Consumer Privacy

Act of 2018, as amended by the California Privacy Rights Act of 2020, please read

Addendum for California Consumer Privacy Act for additional information.

1. Personal Data to Be Processed

The Company shall process (meaning any operation or set of operations which is

performed upon personal data or sets of personal data, whether or not by automated

means, and such operation means acquisition, recording, organization, structuring, storage,

rectification, alteration, recovery, retrieval, consultation, use, disclosure by transmission,

dissemination or otherwise making available, alignment, combination, restriction, erasure or

destruction; hereinafter the same) the Personal Data of the user that you give us through

the service, including but not limited to the following information.

User ID, Nickname, Location information of user (including during background operation),

Use log of NaviCon and NaviBridge application (including location and time of use), and

History of access to Company’s server (including time, IP address and Cookie)

Since it is necessary for the Company to receive such information from the user to provide

the user with the service, the user who cannot provide such information may not use the

service.

2. Legal Basis for and Purpose of Processing Personal Data

We will process your personal data on the following legal bases unless such data

processing would conflict with applicable laws and regulations:

- Contract. When we need to process your personal data to perform a contract we

enter into with you.

- Legal Obligation. When we need to comply with a legal obligation.

- Legitimate Interests. When the processing of your personal data is necessary

for the fulfilment of legitimate interests pursued by us or a third party and your

interests and fundamental rights do not override those interests.

- Consent. When you have given consent for us to process your personal data.

However, even if we obtain consent from you, we may process your personal data

based on other legal grounds. The withdrawal of your consent shall not affect the

lawfulness of processing performed based on the consent before your withdrawal.

We use the personal data that we hold about you for the following purposes. We will

only use your personal data to the extent that it is necessary to do so to fulfil the

purposes described below.

- To provide merchandise or services that you request (based on contract or

legitimate interests)

- To improve our merchandise or services we provide to you (based on contract or

legitimate interests)

- To provide information and communications; to conduct questionnaires relating to

products, services, various events, campaigns, and similar matters (based on

legitimate interests)

- To conduct sales analysis, investigations, and research; to develop new services

and products (based on legitimate interests)

- To conduct web analytics (see our Cookie Policy)

- To ensure compliance with legal obligations (such as record keeping obligations),

export control and customs, compliance screening obligations (to prevent white-

collar or money laundering crimes), and our policies or industry standards (based

on legal obligation or legitimate interests)

- To solve disputes, enforce our contractual agreements and to establish, exercise

or defend legal claims (based on legal obligation or legitimate interests).

You may experience disadvantages if you refuse to provide your personal data, such

as being unable to make use of some of our services.

The Company shall keep the Personal Data of the user as long as it is necessary to provide

the user with the service but promptly erase it if it is no longer necessary.

3. Provision to Third Party

The Company shall provide the companies which the Company entrusts to develop and

operate the service to and ties up with to provide the service or new related service with the

Personal Data of the user for the purpose of accomplishing the purposes of use specified

above.

4. Ensuring of Accuracy

The Company shall endeavor to keep the Personal Data up to date and if it is inaccurate or

insufficient, rectify it.

5. Security

To prevent unauthorized access to Personal Data or divulgence of Personal Data, the

Company evaluates and determines the risk of breach of the Personal Data privacy in a

comprehensive manner after taking into account the category of Personal Data, degree of

sensitivity, influence including economic and mental damage to the user when the Personal

Data privacy is breached, and takes personnel, organizational and technical safety

management measures that are necessary and appropriate according to the risk of breach

of Personal Data privacy, set the process to inspect and correct such safety management

measures as necessary and makes ceaseless efforts to improve security.

6. Access to Personal Data, Rectification, Erasure, Restriction on Processing, Right

of Data Portability

The user may request the Company make the Personal Data concerning the user retained

by the Company available to the user, rectify or restrict the processing of such information

or take procedures for data portability within the scope which is recognized by the laws and

regulations of each county and region. Further, the user shall have the right to raise an

objection to the Company or data protection authority governing the location where the user

resides with respect to the processing of the Personal Data related to the user within the

scope which is recognized by the laws and regulations of each county and region. If the

user requires the procedures for exercising various types of rights granted to the user with

respect to the Personal Data, please contact us at the following e-mail address.

navicon@jp.denso.com

7. Amendment to Privacy Policy

The Company may amend the privacy policy at any time. If the Company amends this

8. Company’s Policy for Children

The Company makes sure to obtain the consent of a guardian when obtaining Personal

Data from the user under 16 years of age. The Company shall request the user under 16

years of age ask his/her guardian to give consent after his/her guardian has confirmed the

details of the privacy policy without fail, but shall not request the user himself/herself give

consent, before using the service. Further, if a guardian or other person finds the user

under the age of 16 who consents to the privacy policy and uses the service without

obtaining the confirmation and consent of his/her guardian, please notify the Company at

the following contact point.

9. Inquiries

If the user has any matter for consultation or question with respect to the privacy policy or

the processing of the Personal Data by the Company, or request with respect to the access

to, rectification or erasure of the Personal Data, restriction on processing or right of data

portability, please contact the Company at the following website.

navicon@jp.denso.com

10. Administrator and Representative

The Company determines the purposes of use and method of processing of the Personal

Data of the user. The contact information of the Company is as follows.

DENSO CORPORATION

1-1, Showa-cho, Kariya, Aichi, Japan

navicon@jp.denso.com

Addendum for California Consumer Privacy Act

Last Updated: April 3, 2023

If you are a California “consumer” within the meaning of the California

Consumer Privacy Act of 2018 (“CCPA”), as amended by the California

Privacy Rights Act (“CPRA”), this Addendum for California Consumer Privacy

Act (“CCPA Addendum”) applies to you. The CCPA Addendum

supplements our privacy policy (the “Policy”) and prevails over any

conflicting provisions in the Policy. We are both a “business” and a “service

provider” under the CCPA. This CCPA Addendum applies to information we

collect in our role as a business. If you would like more information about

how your personal information is processed by such other companies,

including companies that engage us as a service provider, please contact

those companies directly.

This CCPA Addendum uses certain capitalized terms that shall have the

meanings given to them in the CCPA.

1. Our Collection, Use, and Disclosure of

Personal Information

A. Categories, Sources, and Purposes of Your Personal

Information Collected or to Be Collected

The table below describes the categories of Personal Information (as listed in

the CCPA) that we may collect, and have collected during the 12-month period

prior to the effective date of this CCPA Addendum.

Category of Personal

Information Collected

Example

A. Identifiers

User ID, IP address, Nickname

F. Internet or network

activity information

use log of NaviCon and NaviBridge application (including

location and time of use, userID,), and history of access to

Company’s server (including time, IP address, HTTP

version, URLs, and cookies)

G. Geolocation data

Location information of user(including during background

operation)

Purposes of Collection. The business or commercial purposes for which

the categories of Personal Information will be collected or used, or was

collected or used during the 12-month period prior to the effective date of this

CCPA Addendum, is as described in “2. Legal Basis for and Purpose

of Processing Personal Data” in the Policy.

Categories of Sources. The categories of sources from which Personal

Information was collected during the 12-month period prior to the effective

date of this CCPA Addendum are as described in “1. Personal Data to Be

Processed” in the Policy.

B. Sharing of Your Personal Information

(A) Sale of Your Personal Information

There is no Personal Information that we may have sold during the 12-month

period prior to the effective date of this CCPA Addendum.

Children’s Personal Information and Opt-In Right. We do not sell, and

have not sold, the Personal Information of minors under 16 years of age.

(B) Disclosure of Personal Information for a Business Purpose

The table below describes: (i) the categories of Personal Information (as listed

in the CCPA) that we may have disclosed for our operational business

purposes during the 12-month period prior to the effective date of this CCPA

Addendum; and (ii) the categories of third parties to whom we have disclosed

such Personal Information for our operational business purposes during the

12-month period prior to the effective date of this CCPA Addendum.

Category of Personal

Information Disclosed

Example

Third Parties to whom Personal

Information Was Disclosed in

the Last 12 Months

A. Identifiers

User ID, IP address,

Nickname

Our employees

Service providers including

application development,

infrastructure construction,

operation monitoring, and

anomaly investigation

F. Internet or network

activity information

use log of NaviCon and

NaviBridge application

(including location and time

of use, userID, user agent),

and history of access to

Company’s server

Our employees

Service providers including

application development,

infrastructure construction,

operation monitoring, and

anomaly investigation

Category of Personal

Information Disclosed

Example

Third Parties to whom Personal

Information Was Disclosed in

the Last 12 Months

(including time, IP address,

HTTP version, URLs, and

cookies)

G. Geolocation data

Location information of

user(including during

background operation)

Our employees

Service providers including

application development,

infrastructure construction,

operation monitoring, and

anomaly investigation

2. Your Rights and Requests

If you are a California consumer, you have certain choices regarding your

Personal Information, as described below:

- Access: You have the right to request, twice in a 12-month period, that

we disclose to you the categories and specific pieces of information we

have collected, used, disclosed, and sold about you during the 12

months preceding your request:

- Deletion: You have the right to request that we delete certain Personal

Information we collected from you, subject to certain limitations under

applicable law.

- Sale: You have the right to disclosure of any Personal Information we

have shared for valuable consideration.

- Non-Discrimination: You have the right not to be discriminated against

for exercising certain rights under California law.

How to Submit a Request. To exercise the above rights , please submit

requests to:

Contact form: Please click here

E-mail: navicon@jp.denso.com OR you may also call

Toll-free telephone number: 0120-087-413

Please be as specific as possible in relation to the Personal

Information you wish to access.

Verifying Requests. We will take steps to verify your identity before

granting you access to your Personal Information or complying with your

deletion request.

Upon receiving an access or deletion request from you, we will first verify your

identity by requiring you to submit your name and e-mail address, and by

matching the information you provide with what we already have on file.

If you use an authorized agent to make an access or deletion request on your

behalf, we may require you to (1) provide the authorized agent signed

permission to do so, (2) verify your own identity directly with us (as described

above), and (3) directly confirm with us that you provided the authorized agent

permission to submit the request.

3. Changes to this CCPA Addendum

We may change this CCPA Addendum from time to time. The “Date last

updated” at the top of this page states when this CCPA Addendum was last

updated; any changes will become effective upon us posting the revised

California Addendum.

We will post a prominent notice on the site to notify you of any significant

changes to this CCPA Addendum and indicate the date it was most recently

updated.

4. Contact Us

If you have any questions or concerns regarding this CCPA Addendum or our

privacy practices, please contact us at our office address described in “10.

Administrator and Representative” in the Policy.

California Consumer Privacy Act Notice at Collection

In this notice, DENSO CORPORATION (“DENSO”) is addressing specific disclosure requirements

under the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California

Privacy Rights Act of 2020 (“CPRA”), vis-a-vis California residents who are not acting as an

employee, owner, director, officer, or contractor of a company, partnership, sole proprietorship,

non-profit, or government agency (a “Business Representative”) where DENSO holds personal

information reflecting a written or verbal communication or a transaction between DENSO and

the Business Representative and the communications or transaction with DENSO occur solely

within the context of DENSO conducting due diligence regarding, or providing or receiving a

product or service to or from such company, partnership, sole proprietorship, non-profit, or

government agency.

1. Categories of Personal Information. DENSO collects personal information through its

mobile application. The personal information DENSO collects depends on the particular request

and the way you interact with the mobile application. The categories of personal information

include unique user IDs, Nickname, your location information (including in the background), log

data including IP address, use log of NaviCon and NaviBridge application (including location and

time of use, user agent), and history of access to DENSO’s server (including time, HTTP version,

URLs, and cookies).

2. Purposes. DENSO uses personal information to provide merchandise or services that you

request to:

* improve our merchandise or services we provide to you;

* provide information and communications;

* conduct questionnaires relating to products, services, various events, campaigns, and similar

matters;

* conduct sales analysis, investigations, and research;

* develop new services and products;

* conduct web analytics;

* ensure compliance with legal obligations (such as record keeping obligations), export control

and customs, compliance screening obligations (to prevent white-collar or money laundering

crimes), and our * policies or industry standards (based on legal obligation or legitimate

interests); and

* solve disputes, enforce our contractual agreements and to establish, exercise or defend legal

claims.

3. Recipients of Information. DENSO shares your personal information with our employees

and unaffiliated service providers for application development, infrastructure construction,

operation monitoring, and anomaly investigation.

If you have a visual disability, you may be able to use a screen reader or other text-to-speech or

text-to-Braille tool to review the contents of this notice.

DENSO’s Privacy Policy, is available here [https://navicon.com/navibridge/ja/support#6].