California Privacy Notice

R-bies Co., Ltd. (“R-bies”, “us,” “we,” or “our”) are committed to privacy and transparency. This California Privacy Notice (“Notice”) applies to California residents (“Consumers” or “California Consumers”) and provides information about R-bies’ privacy practices and the privacy rights of California Consumers pursuant to California privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively the “CCPA”). In the event of a conflict between this Notice and any other R-bies privacy policy, notice or statement, this Notice will prevail with respect to the Personal Information (also referred to herein as “PI”) of California Consumers that is subject to this Notice. The term “Personal Information” and other capitalized terms that are used in this Notice shall, unless separately defined herein, have the same meaning as given to the term in the CCPA.

Scope of Notice. This Notice describes R-bies’s collection, use, disclosure, and other processing of Consumer PI, and the rights and choices Consumers have regarding their PI under the CCPA and other California laws.

This Notice does not address or apply to our collection and processing of PI that is exempt under the CCPA. Further, this Notice does not apply to job applicants and candidates, current and former employees, personnel and independent contractors, whose PI is subject to separate privacy notices. In certain contexts, R-bies may act as a Service Provider to other businesses. For example, when R-bies operates as a Service Provider to our selected wholesalers and retailers. In that capacity, R-bies may receive some limited PI from these third parties to facilitate fulfillment, return or other services for them, such as to ship R-bies products directly to customers. Please note that to the extent R-bies is a Service Provider, the processing of the limited PI R-bies receives is subject to the respective third parties’ privacy policy, not this Notice.

1) OUR PI PRACTICES

a) Collection and Sharing of PI

While our collection, use and disclosure of PI varies based upon our relationship and interactions with you, the below table describes, generally, the categories of PI that we have collected about California residents, as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose:

Categories of PI Collected	Description of PI Collected	Third Party Disclosures for Business or Commercial Purpose
Identifiers	Name, username, postal address, email address, phone number, and other contact details; Internet Protocol (IP) address, cookie ID, device ID, and other unique identifiers; social media handle if you connect or interact with us via third-party platforms.	(1) Service Providers (e.g., payment processors, shipping and fulfillment partners, IT and technical support, research, digital marketing, and data storage providers) (2) Race and Event Organizers (for events operated via RUNNET, Run Japan, TATTA, Ouen-Navi or e-moshicom) (3) Advertising and marketing partners, including social media platforms (e.g., Facebook, X, Instagram, Google, Snapchat and Pinterest) (4) Advisors and agents (5) Subsidiaries and Affiliates (i.e, ASICS Corporation to provide a service that allows only users linked with OneASICS to enter certain events/categories or access point-awarding features, and to transmit the related application data to ASICS.) (6) Government bodies and law enforcement (7) Third parties as compelled or required by law (8) Municipalities and Event Partners, including those involved in SPORTS TOWN WALKER (“STW”) or other regional partnership programs (R-bies does not access resident registries).
Categories of Personal Information Described in Cal. Civ. Code § 1798.80	Name, date of birth, age, gender, nationality, contact details, payment information, billing and delivery address, purchase and order details, race registration and result data (including bib number, finish times), emergency contact details, blood type, employer information, and other account or registration information provided through RUNNET, Run Japan, TATTA, Ouen-Navi, e-moshicom, or related services.	(1) Service Providers (including payment, logistics, and IT vendors) (2) Race and Event Organizers (for event administration and results publication) (3) Advisors and agents (4) Subsidiaries and Affiliates (i.e, ASICS Corporation to provide a service that allows only users linked with OneASICS to enter certain events/categories or access point-awarding features, and to transmit the related application data to ASICS.) (5) Government bodies and law enforcement (6) Third parties as compelled or required by law (7) Municipalities and Event Partners, including those involved in STW or other regional partnership programs (R-bies does not access resident registries)
Commercial information	Records of products or services purchased or obtained (e.g., race entries, merchandise, or digital subscriptions), transaction amounts, payment status, and history of Services used.	(1) Service Providers (including payment, logistics, and IT vendors) (2) Race and Event Organizers (for event administration and results publication) (3) Advisors and agents (4) Subsidiaries and Affiliates (i.e., ASICS Corporation to provide a service that allows only users linked with OneASICS to enter certain events/categories or access point-awarding features, and to transmit the related application data to ASICS.) (5) Government bodies and law enforcement (6) Third parties as compelled or required by law
Characteristics of Protected Classifications Under California and Federal Law	Gender, age, nationality, and health-related information voluntarily provided (e.g., blood type, injuries, or medical assistance data during events).	(1) Service Providers (including medical support vendors or event service providers) (2) Race and Event Organizers (for safety and medical response) (3) Advisors and agents (4) Government bodies and law enforcement (5) Third parties as compelled or required by law
Internet or Electronic Network Activity Information	Browsing history, clickstream data, pages visited, time spent on sites, search history, access logs, interactions with our websites and apps, and online behavioral data collected automatically via cookies, pixel tags, and similar technologies.	(1) Service Providers (e.g., analytics, web hosting, and IT vendors) (2) Advertising and marketing partners (3) Social media platforms (4) Advisors and agents (5) Government bodies and law enforcement (6) Third parties as compelled or required by law
Geolocation Data	Approximate location inferred from IP address, or precise geolocation collected via mobile devices or applications (e.g., TATTA, Ouen-Navi app) with consent.	(1) Service Providers (e.g., analytics and app providers) (2) Advisors and agents (3) Subsidiaries and Affiliates (i.e., ASICS Corporation to provide a service that allows only users linked with OneASICS to enter certain events/categories or access point-awarding features, and to transmit the related application data to ASICS.) (4) Government bodies and law enforcement (5) Third parties as compelled or required by law
Audio, Video and Other Electronic Data	Audio recordings (e.g., customer service calls), chat transcripts, photographs and videos from events, and security camera footage at offices or venues.	(1) Service Providers (e.g., call centers, security providers, or event photography vendors) (2) Race and Event Organizers (3) Advisors and agents (4) Government bodies and law enforcement (5) Third parties as compelled or required by law
Profiles and Inferences	Preferences, interests, feedback, product or event reviews, and inferred profiles regarding behavior, performance, and engagement with Services.	(1) Service Providers (e.g., analytics and marketing vendors) (2) Advertising and marketing partners (3) Advisors and agents (4) Government bodies and law enforcement (5) Third parties as compelled or required by law
Sensitive Personal Information	Health data (e.g., medical assistance received, blood type, injuries, height, weight, BMI, or heart rate data), precise geolocation (e.g., running route from GPS), biometric identifiers for authentication (if applicable), and account login credentials with security codes or passwords.	(1) Service Providers (e.g., medical or app service providers) (2) Race and Event Organizers (for safety management) (3) Advisors and agents (4) Government bodies and law enforcement (5) Third parties as compelled or required by law

As permitted by CCPA, we may also collect, use, and disclose, aggregate or other non-identifiable data related to our business and the services for quality control, development or research, marketing, analytics, and other purposes, provided such information does not identify a particular Consumer. Where we use, disclose, or process de-identified data (data that is no longer reasonably linked or linkable to an identified or identifiable Consumer, household, or device), we will maintain and use the information in de-identified form and not attempt to re-identify it, except in order to determine whether our de-identification processes are reasonable and adequate pursuant to applicable privacy laws.

Sales and Sharing of PI

Under the CCPA, “sale” is defined broadly and includes disclosing or making available to a third party, PI in exchange for monetary consideration or some sort of benefit, and "sharing" broadly includes disclosures to third parties for purposes of cross-context behavioral advertising.

We do not sell PI for monetary consideration. However, we may share Identifiers, Internet or Electronic Activity Information, Commercial Information, and Inferences with advertising networks, social media platforms, and analytics providers (e.g., via cookies, pixels, and similar technologies) for targeted and personalized advertising and performance measurement.

We do not sell or share Sensitive PI nor do we sell or share PI of Consumers who we know are younger than sixteen (16) years old. Consumers may opt out of “sales” and “sharing” of their PI as explained below.

i) Sources of PI

In general, we may collect your Personal Information directly from you, including from your devices and online interactions, from our Service Providers, and from the following categories of third-party sources:

Race and Event Organizers

Affiliates and Subsidiaries (including ASICS Corporation for OneASICS-linked services)

Advertising and social media networks

Government or municipal partners

Advisors, agents, and business partners

ii)Purposes of Collection, Use and Disclosure of PI

The purposes for which we may process PI will vary depending upon the circumstances. Generally, we collect, use, and disclose or otherwise process the PI described in the chart above for one or more of the following business or commercial purposes and as otherwise directed or authorized by you:

Contract performance / service delivery: account creation and management; race/event registration and administration; publication of race results; delivery of participant kits; customer support; identity verification of event organizers; escrow/fee remittance and settlement; merchandise orders and shipping.

Event operations and safety: on-site operations, inquiries, medical assistance (including capturing circumstances and health/incident details via rescue/support systems where used).

Mandatory notices and transactional communications: participation guidance, lottery results, reception/packet pickup and similar operational notices.

Organizer informational mailings (past entries): notices from race organizers relating to races you previously entered (sent by R-bies on their behalf; in certain cases lists are not shared with organizers).

R-bies newsletters: newsletters about races/events and entry openings for subscribers.

Advertising mailings: promotional emails from R-bies services for subscribers.

Analytics and Business Intelligence (BI): analysis of website and application usage (e.g., via Google Analytics); cross-user analysis and audience segmentation using BI tools (e.g., QlikSense, a data analytics and visualization platform used to identify trends and insights); and preparation of mailing lists or targeted communications based on user attributes (such as date of birth, gender, or prefecture).

Targeting and personalization: audience segmentation for emails/push notifications across services (RUNNET, Run Japan, e-moshicom, STW, etc.).

Insurance: cancellation insurance: sharing entry information with the insurer where the participant consents and the specific race offers such coverage; accident insurance: generally, participants apply directly to the insurer; R-bies may provide proof of entry/payment if needed.

ONE ASICS linkage: enabling entry restrictions/benefits for linked users and transmitting relevant application data or identifiers to ASICS with consent.

Sports Town Walker (STW) service features: computing BMI and activity statistics using height/weight/steps; municipal programs including municipal resident verification conducted by the municipality—R-bies does not access resident registry data.

Security and fraud prevention, legal compliance, business operations (including corporate transactions).

Notwithstanding the above, we only use and disclose sensitive PI as authorized pursuant to the CCPA (section 7027 of the CCPA regulations (Cal. Code. Regs., tit. 11, § 7027 (2022)).
Accordingly, we will only use and disclose sensitive personal information as reasonably necessary (i) to perform our services requested by you, (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents, (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct, (iv) to verify or maintain the quality and safety of our services, (v) for compliance with our legal obligations, (vi) to our service providers who perform services on our behalf, and (vii) for purposes other than inferring characteristics about you.

iii)Disclosure

We may disclose the PI we collect for the purposes described above. Such disclosures generally include the following categories of third parties and circumstances:

Service Providers and Contractors, including payment processors, shipping and fulfillment partners, IT and technical support, analytics vendors, call centers, data storage and hosting providers (e.g., AWS), printing and packaging vendors, and email or marketing platforms (e.g., WEBCAS); Medical Providers, where required for emergency or on-site medical support during events; Insurers, where applicable and consented, for race cancellation insurance or related coverage.

Race and Event Organizers, both domestic and overseas, where necessary for event registration, administration, safety management, results publication, or as otherwise consented by the participant.

Advertising and Marketing Partners, including social media platforms (e.g., Facebook, X, Instagram, Google, Snapchat, and Pinterest), for limited use of identifiers and analytics to support ad targeting and performance measurement.

Affiliates and Subsidiaries, i.e., ASICS Corporation, only when a Consumer connects their R-bies account with a OneASICS account, to enable related services such as event entry eligibility or point-awarding functionality, and to transmit the relevant application data to ASICS Corporation.

Advisors and Agents, such as legal, tax, or compliance professionals supporting R-bies’ business operations.

Government Bodies and Law Enforcement, to comply with legal obligations, judicial proceedings, or lawful requests.

Municipalities and Event Partners, including those involved in STW or other regional partnership programs (R-bies does not access resident registries).

Other Third Parties, where disclosure is compelled or required by law, or where you have provided your consent or direction.

For more information about the categories of third parties to whom we may disclose or share PI, see the table above.

2) Retention. We retain the PI we collect for as long as required to satisfy the purpose described above (for example, for the time necessary for us to send you the newsletters you subscribed to, to provide you with customer service, answer queries or resolve technical problems, etc.), or otherwise disclosed to you at the time of collection, unless a longer period is necessary for our legal obligations or to defend a legal claim.

3) CALIFORNIA PRIVACY RIGHTS

Under the CCPA, you generally have the following privacy rights in respect of your PI (subject to certain limitations and exceptions):

a) Right to know (access)

To require that we disclose the following to you (up to twice per year), with respect to the PI we have collected about you, including the:

Categories of PI collected;

Categories of sources of PI;

Categories of PI about you we have disclosed for a business purpose or sold;

Categories of Third Parties to whom we have sold or disclosed for a business purpose your PI;

The business or commercial purposes for collecting or selling or sharing your PI; and

A copy of the specific pieces of PI we have collected about you.

b) Right to delete

To request deletion of your PI that we have collected about you.

c) Opt-out of sales and sharing

To opt-out of our sale or sharing of your PI, as further explained below. We do not sell or share PI about California Consumers who we know are younger than 16 years old.

d) Right to correct

To correct inaccurate PI that we maintain about you. If you have a Run Japan or other account, you may review and update your account information directly within your Run Japan or other account.

e) Right to limit uses and disclosure of sensitive PI

To limit our use or disclosure of sensitive PI to those authorized by the CCPA. However, as explained above, we do not use and disclose sensitive PI beyond what is authorized pursuant to the CCPA section 7027 of the CCPA regulations (Cal. Code. Regs., tit. 11, § 7027 (2022)).

f) Right to non-discrimination

To exercise your CCPA rights, without being subject to discriminatory treatment.

4) HOW TO EXERCISE YOUR RIGHTS

a) Requests to know (Access), correct and delete

To submit a Request to Know (access), Requests to Correct, or Requests to Delete, California Consumers may either follow the instructions at our Consumer Rights Request page here.

Verifying Your Request. As required by the CCPA, any Request to know (access), Request to Correct, or Request to Delete that you submit to us is subject to an identification process. When you submit such a request, we will take steps to verify your request by matching the information provided by you with the information we have in our records. You must complete all required fields on our webform (or otherwise provide us with this information via the above email address) and verify your email address. In some cases, we may request additional information in order to verify your request or where necessary to process your request. If we are unable to adequately verify a request, we will notify the requestor.

You may also use an authorized agent to initiate a request on behalf of yourself as set forth in Section 4.c below. Authorized agents will be required to provide proof of their authorization, and we may also require that the relevant Consumer directly verify their identity and the authority of the authorized agent. We will not fulfill your CCPA request unless you or your authorized agent provide sufficient information for us to reasonably verify you as the Consumer about whom the relevant PI relates.

You may also obtain information on how to submit a request by asking a manager at any of our owned and operated retail locations.

b) Opt out of Sales and Sharing

Cookie Preferences. You may opt out of most cookies on our websites (other than Functional and Necessary cookies) by adjusting your browser’s cookie preferences for our websites in our Privacy Preference Center. You can access the Privacy Preference Center, and review and update your cookie preferences for one our websites, by using the "Manage Cookie Preferences" link, or the "Do Not Sell or Share My Personal Information" link for California users, in the footer of that website.

Universal Browser Privacy Signals. If one of our websites recognizes that your browser is transmitting a Global Privacy Control signal (“GPC”) when you come to that website, we will opt your browser out of Targeting, Marketing and Social Media cookies on that website. More Information about GPC signals is available here.

Please note that your preferences are applied on a browser and device basis. This means that you will need to enable GPC (or set your cookie preferences) for each browser and device you use to access our websites. Further, if you subsequently delete cookies, your preferences may be lost and need to be reset.

You may also submit a request to opt out of sales and sharing (other than via cookies and pixels) on our Consumer Rights Request page here. We will process your request with respect to the personal information in our records that is linked or reasonably linkable to the personal information provided in your request.

Mobile Device Settings. If you access our websites or services from an Android or iOS mobile device, you can also set certain device privacy and advertising preferences, through the settings menu for your device. For example, iOS users can turn off cross-site tracking for the Safari browser and choose whether or not to allow mobile applications to request to track you. You can find more information on the privacy settings for your device at:

Apple iOS: The Apple Support pages provide information on available iOS privacy settings, including Safari (browser) settings, App tracking settings, and other built-in device privacy settings ; you can also search for information on settings for your device and iOS version in the online user guide.

Android: Users can find information on managing permissions and privacy settings here.

Browser Settings. In addition to our Privacy Preference Center, most internet browsers allow you to change your cookie settings. However, if you use your browser settings to block all cookies (including ‘Necessary’ cookies), you may not be able to access all or parts of our websites and services. Use the help function on your browser or see the links below for more information on how to manage cookie settings for certain bowsers:

Chrome

Firefox

Microsoft Edge

Safari

For more information on cookies and other tracking technologies that may be associated with our web sites and mobile applications, and more information on ways you may exercise preferences regarding them, see also our Cookie Policy.

c) Authorized Agents

You may designate an agent to exercise your CCPA rights on your behalf. To exercise your rights via an agent, your agent must (1) if an entity, show proof of registration to do business in California; and (2) submit a written authorization of his or her authority to act on your behalf or a valid power of attorney authorizing the agent to make the request on your behalf. Once such authorization is submitted, you will receive an email at your email address asking you to verify the agent’s authority to submit a Consumer Rights Request on your behalf and to verify your identity, or in the case that a power of attorney was provided we will need to verify its authenticity. Once your agent’s authority is confirmed (s)he may exercise rights on your behalf subject to the agency requirements of the CCPA. Requests by authorized agents may be submitted here.

d) Other retailers and distributors of R-bies products and services

R-bies may receive some limited PI to perform services for other Businesses, such as to ship products directly to Consumers for retailers or distributors that have the direct relationship with the Consumer and to which we act as a Service Provider, but that PI is not subject to our rights request obligations to Consumers since we retain it only as a Service Provider. You will need to make your requests directly to those Businesses with which you have the Consumer relationship.

5) FINANCIAL INCENTIVE PROGRAMS

We may make available certain programs or offerings that may be considered “financial incentives” under the CCPA. For example:

You can sign-up for a STW account, which gives you access to certain membership benefits, which may include, from time-to-time, free shipping rates, free trials, rewards and other benefits. As part of the STW account, we collect member PI in order to set up, operate, and administer your STW account, and for purposes of providing members with various membership benefits. Signing up for a STW account is optional. To participate you must opt-in to STW, register a free account. You can terminate your STW account at any time. You can also keep your STW account and still opt-out of our promotional emails (however we will still send you transactional and informational emails related to your STW account).

As part of these programs, we collect your PI in order to set up, operate, and administer the rewards programs, and for purposes of providing you with various rewards or benefits. You can find a more detailed description of these programs and our applicable notice as required by the CCPA in the terms of the respective financial incentive program, that are presented to you at the time you sign up for the relevant rewards program. Signing up for our rewards programs is optional. We will not include you in a financial incentive program without your authorization and you may opt out at any time by contacting us as set forth in Section 7 “Contact Us”.

The financial incentives R-bies offers to participating Consumers are reasonably related to the value of the Consumers’ data. As a basis for offering these incentive or rewards programs, R-bies has valued the PI it obtains, based on a reasonable and good faith calculation, by considering the expenses related to such programs. In doing so, we value the PI collected through the program as the equivalent of our total program expenses incurred to provide the program, including IT, administration, direct costs, third party costs, and service development costs.

We operate the rewards programs and make the program benefits available to foster a positive relationship with members, which we consider to be invaluable.
Consumers should review the applicable benefits description and program terms for the relevant incentive program, so that they can make an informed decision on whether to participate.

6) ADDITIONAL CALIFORNIA NOTICES

In addition to CCPA rights, certain Californians may have additional rights under California privacy laws as described below

a) California “Shine the Light Law” (third party marketing)

Separate from your CCPA rights, California’s “Shine the Light” law (California Civil Code § 1798.83) (“STL”) permits California residents to request certain information regarding our disclosure of PI to third parties for their own direct marketing purposes.

We do not share personal information of our customers, as those terms are defined by STL with third parties for their direct marketing purposes without either obtaining your consent or giving you the ability to opt-out. To opt-out of sharing within our family of companies (affiliates) for their direct marketing purposes, notify us at the postal address(es) noted below (you must make separate requests to AAC and ARA).

Our sharing with non-affiliates will be on an opt-in basis for California customers so there is no need to opt-out of that sharing. If you are a California customer, you may also request information under the Shine the Light law by sending a letter, to the following address, as applicable. Compliance is met by providing the California customers the opt-in and opt-out choices described in this paragraph above. You must identify the R-bies entity to which your request relates in your letter.

For R-bies:
R-bies Co., Ltd.
DT Gaien, 2-4-12 Jingu-mae
Shibuya-ku, Tokyo 150-0001
JAPAN

Any such request must include “California STL Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please indicate if you are opting out of affiliate sharing, seeking information on our compliance, or both. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through these mail addresses.

As these rights and your CCPA rights are not the same and exist under different laws, you must exercise your rights under each law separately.

b) Online privacy

Without limitation, Consumers that visit our online services and seek or acquire goods or services for personal, family or household purposes are entitled to the following notices of their rights:

i) “Do Not Track” signals. While our Sites do respond to GPC signals as explained above, please note that our Sites do not respond to browser do-not-track requests. You may, however, disable or opt out of certain cookies or set your browser to transmit GPC signals, as discussed above and in our Cookie Policy, in order to manage how our Sites track you via cookies and pixels

ii) California minors. Consumers under the age of 18 who are registered users of our online services have the right to request that we remove any content or information they have posted to our services. Such Consumers or their respective parents/legal guardians may request removal of by contacting us here, detailing where the content or information is posted and attesting that you posted it. Subject to our reasonable verification of the requestor’s and minor’s identity, we will make reasonable, good faith efforts to remove the content and information from prospective public view or anonymize it, so the minor cannot be individually identified, in accordance with applicable law.

This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines and others that we do not control.

For more information on our online practices and your rights specific to our online services see R-bies Privacy Policy.

7) CONTACT US

If you have any questions regarding this Notice or our privacy practices or to submit a privacy request please contact us here.