Yopaz Corporation (hereinafter referred to as "the Company") develops a wide range of total solution businesses, encompassing business consultation, development, maintenance, and operations, while engaging with customers' valuable information based on computers and information communication networks. Recognizing its social responsibility regarding the protection of personal information handled in these business activities, the Company is committed to safeguarding individuals' rights and interests and complying with relevant personal information protection laws and regulations.

Furthermore, in order to implement the following policies, the Company has established a Personal Information Protection Management System. While continuously monitoring advancements in IT technology, changes in social demands, and fluctuations in the business environment, the Company commits to the ongoing improvement of this system with the full cooperation of all employees.

a) Regarding the personal information handled in the Company's business activities, as well as in employment and personnel management, the Company shall appropriately acquire, use, and provide such information within the scope of the predetermined purpose of use. The Company shall not handle personal information beyond the necessary scope to achieve its intended purpose (prohibited secondary use) and shall take appropriate measures to ensure compliance with this principle.

b) The Company shall comply with laws, guidelines set forth by both Vietnam and Japan, and other applicable regulations concerning the handling of personal information.

c) The Company shall implement reasonable security measures against risks such as unauthorized access, leakage, loss, or damage of personal information. Management resources shall be allocated appropriately based on business conditions to continuously enhance the security framework for personal information. Additionally, internal regulations shall be established to rectify any inappropriate handling, ensuring optimal protection of personal information.

d) The Company shall establish internal regulations for handling complaints and inquiries regarding personal information and shall respond promptly and sincerely to such concerns.

e) The Company shall regularly review and appropriately revise the Personal Information Protection Management System in response to changes in the Company's operational environment, ensuring continuous improvement.