We collect and use Personal Data in several ways, depending on your interactions with us. These include:

1. Information You Submit Through the Internet Services

When you interact with the Site or other Internet Services, we may collect information you voluntarily provide, such as completing online forms, subscribing to updates, or contacting us. This information may include:

• Identifiers: Your name, username, password, postal address, email address, and phone number.

• Personal Information Categories: Such as those listed in California Customer Records statute (e.g., name, address, and phone number).

• Sensitive Personal Information: Account login credentials.

• Communication Data: Information shared in emails or conversations with our personnel.

• Marketing Preferences: Including any consents you provide.

2. Information We Collect Automatically

We may collect certain Personal Data automatically, including internet and other electronic activity data ("Usage Data"), to understand how you use the Internet Services. Examples include:

• IP address

• Browser and device type

• Access times

• Referring and exit pages

We may combine Usage Data with other Personal Data to trace usage to individual users.

3. Information from Third Parties

Occasionally, we may receive Personal Data from trusted third-party sources, such as web analytics providers.

4. Information Collected During Visits to Our Offices

When you visit our offices, we may collect:

• Identifiers: Your name when signing in at the front desk.

• Visual Information: Recorded by security cameras for safety and compliance purposes.

5. Sensitive Personal Information

We may collect "sensitive" information (e.g., login credentials) as defined by applicable laws. Such data is processed only for lawful purposes in compliance with the GDPR, UK GDPR, and CCPA.

We process Personal Data for the following purposes:

• To provide, maintain, and improve the Internet Services.

• To communicate with you and respond to inquiries.

• To comply with legal and regulatory obligations.

• To tailor marketing communications based on your preferences.

EU/UK Disclosure:

We will not use Personal Data to make decisions based solely on automated processing (including profiling) that produce legal or significant effects. Additionally:

1. Legal Obligations: Where required by applicable law, we process Personal Data to comply with obligations such as record-keeping, taxation, and regulatory reporting.

2. Contractual Necessity: Certain Personal Data is necessary for the performance of contracts, including providing services you have requested.

3. Legitimate Interests: We may process Personal Data to pursue legitimate interests, such as improving the Internet Services, detecting fraud, or ensuring the security of our systems.

4. Consent: Where required, we will obtain explicit consent for specific data uses, such as for direct marketing or sharing Personal Data with third parties.

Individuals in the EU and UK have the right to object to processing based on legitimate interests and may withdraw consent at any time without affecting prior processing.

We may share Personal Data with:

• Service Providers: To perform functions on our behalf, such as analytics.

• Legal and Regulatory Authorities: In response to legal obligations or to establish, protect, or defend legal rights.

• Affiliates and Partners: To entities under common control with Arakuto.

• Corporate Transactions: In the event of mergers or asset sales.

CCPA Disclosure:

California residents may request detailed information about our data sharing practices. Specifically:

Categories of Shared Personal Data:

• Identifiers (e.g., name, address, email address).

• Internet activity data (e.g., browsing behavior, IP address).

• Professional and employment-related information.

Business Purposes for Sharing:

• Service provision and maintenance.

• Fraud detection and prevention.

• Compliance with legal obligations.

No Sale of Personal Data:

• Arakuto does not sell or share Personal Data for cross-context behavioral advertising.

California residents have the right to:

• Request access to the specific pieces of Personal Data collected about them in the preceding 12 months.

• Request deletion or correction of Personal Data, subject to applicable exceptions.

• Opt-out of any future sales or sharing of Personal Data.

Requests can be submitted by emailing privacy@arakuto.com

Your Personal Data may be transferred to, processed in, and accessed from jurisdictions outside your country of residence. Specifically, data may be transferred to Arakuto entities and third-party providers in the United States. Where applicable, such transfers are made in compliance with the GDPR and/or UK GDPR through mechanisms such as:

• Standard Contractual Clauses approved by the European Commission.

• Binding Corporate Rules.

• Other safeguards permitted by applicable law.

We retain Personal Data as long as necessary to:

• Fulfill legal and contractual obligations.

• Maintain communication with users.

• Comply with record retention policies.

Our website is hosted and powered by Squarespace. As such, Squarespace utilizes cookies and similar technologies to provide essential site functionality, improve performance, and enable additional features. Below is a detailed explanation of the types of cookies used, their purposes, and how you can manage them.

Types of Cookies We Use:

1. Necessary Cookies

• Purpose: These cookies are essential for the core functionality of the Site, such as enabling secure logins, remembering user preferences (e.g., language or region), and facilitatingsmooth navigation.

• Status: Always enabled and cannot be turned off.

2. Performance and Analytics Cookies

• Purpose: These cookies help us understand how visitors interact with our Site by collecting information about page views, traffic sources, and site performance. This data allows us to improve the user experience.

• Examples: Squarespace analytics cookies such as ss_cid, ss_cpvisit, and ss_cvisit provide insights into visitor activity.

• User Control: These cookies can be turned on or off via the "Manage Cookies" option.

3. Advertising Cookies

• Purpose: These cookies are used by advertising partners to deliver personalized ads that are relevant to your interests. They may track your browsing behavior across different websites.

• Examples: Squarespace cookies such as ss_cookieAllowed and third-party advertising cookies.

• User Control: These cookies can be turned on or off via the "Manage Cookies" option.

4. Functional Cookies

• Purpose: These cookies enable enhanced functionality and personalization, such as remembering your choices or enabling live chat features.

• Examples: Cookies that remember form submissions or other custom settings.

• User Control: You can manage these cookies in your preferences.

Cookie Duration

• Session Cookies: These are temporary cookies that expire once you close your browser.

• Persistent Cookies: These cookies remain on your device until they expire or are manually deleted.

Managing Your Cookie Preferences

• You can adjust your cookie preferences by selecting "Manage Cookies" in the Site’s footer or cookie consent banner.

• Most web browsers also allow you to control cookies through their settings. Refer to your browser’s help section for guidance on disabling or deleting cookies.

Third-Party Cookies

• Squarespace may integrate third-party cookies to support analytics, advertising, or social media sharing features. These cookies are governed by the third parties’ privacy policies.

• Examples: Google Analytics, Facebook Pixel, or similar tracking tools.

Your Choices

• Accept All Cookies: By selecting "Accept," you consent to the use of all cookies.

• Manage Cookies: Customize which cookies you want to allow.

• Decline Optional Cookies: If you choose to decline, only necessary cookies will remain active.

For more detailed information about the cookies used by Squarespace, visit their dedicated page: The cookies Squarespace uses.

Depending on your location, you may have rights regarding your Personal Data, including:

• Accessing, correcting, or deleting Personal Data.

• Objecting to or restricting data processing.

• Receiving Personal Data in a portable format.

• Filing complaints with a data protection authority.

EU/UK Disclosure:

In addition to the rights above, EU/UK residents have:

• Right to Data Portability: You may request your Personal Data in a structured, machine-readable format and ask that it be transferred to another controller where technically feasible.

• Right to Lodge Complaints: You have the right to lodge complaints with your local data protection authority if you believe we have not complied with applicable data protection laws.

• Right to Restrict Processing: In specific circumstances, you may request that we limit the processing of your Personal Data, such as when contesting its accuracy or objecting to its processing.

CCPA Disclosure:

California residents may:

• Access Specific Categories and Data Points: Request detailed information about the categories of Personal Data collected and shared.

• Request Deletion: Ask for Personal Data to be deleted, subject to applicable exceptions (e.g., where retention is required by law).

• Correct Inaccurate Data: Request corrections to inaccurate Personal Data.

We will verify the identity of any individual making a request under the CCPA. Verification may require matching information provided by the requester with data already held by Arakuto. For sensitive requests, we may require additional proof of identification.

We take the security of your Personal Data seriously and implement measures designed to protect it from unauthorized access, loss, misuse, or alteration. These measures include:

• Encryption: Personal Data is encrypted during transmission (e.g., via HTTPS) and while stored, where applicable.

• Access Controls: Access to Personal Data is restricted to authorized personnel on a need-to-know basis.

• Monitoring: We regularly monitor our systems for vulnerabilities and suspicious activity to prevent breaches.

• Data Minimization: We limit the collection and retention of Personal Data to what is necessary for the purposes outlined in this policy.

• Employee Education: Arakuto employees who come into contact with personal data are informed about data protection practices to ensure that they understand their role in protecting your information.

• Third-Party Assessments: Service providers handling Personal Data are vetted for their security measures and contractual commitments to protect your data.

While we strive to use industry-standard security measures, no method of transmission or storage is entirely secure. As such, we cannot guarantee the absolute security of your Personal Data. In the event of a security breach, we will notify affected individuals and regulators as required by applicable laws.