DISC PRIVACY POLICY
Effective: June 16, 2025

We value the trust that you place in us by sharing your personal data with us. ASICS takes your privacy seriously and is committed to handling your personal data in a way that is fair and worthy of that trust. ASICS will take all reasonable steps to protect your information from misuse and to keep it secure.

We believe it is important to inform you about how we will use your personal data. This privacy policy (the “Policy“) explains how and why ASICS Ventures Corporation and ASICS Corporation (collectively, “ASICS”, “we” or “our”) collect, store, use, and manage the information, including personal information and data, you provide or we collect in connection with DISC provided on Meta Quest and the related websites (collectively, the “Services”). Therefore, we encourage you to carefully read this Policy, which describes our privacy practices and the rights and choices you have regarding your personal data. We also encourage you to read possible additional privacy clauses that may be applicable when you use certain services or purchase certain products.

PERSONAL DATA WE COLLECT
We collect personal data about you:

(i) directly (e.g., the data you submit to us);
(ii) automatically (for example when you access and use our Services, see the section ‘Personal Data We Collect and Process Automatically’); and
(iii) special categories of personal data.

We may also combine and process personal data from these sources in order to infer additional information about you. The personal data we collect may include the following, depending on the circumstances:

(I) PERSONAL DATA WE COLLECT FROM YOU DIRECTLY

  • Your account details. We may collect information from Meta Quest when you create an account to play DISC via such platform, such as your profile picture, display name, user ID, or other information that you choose to make available via your privacy settings on Meta Quest. This may include your personal and physical details, including your age, height, weight, gender or gender identity, language and other account preferences.
  • Your purchases. We use the Meta Quest payment portal for our payment processing and do not collect or store any payment data. We may collect aggregate information from Meta Quest (e.g., what has been purchased and refund metrics) for any payments made for our Services that are processed through Meta Quest.
  • Your communications with us. We may collect personal information, such as your name and email address, when you chat with us for support (including on platforms such as Discord) or other reasons or otherwise communicate with us.
  • Your interactions with us. We and others who use our Services may have access to personal information that you submit or make available through our interactive features (e.g., the game itself, our Discord, our forums, blogs and social media pages). For example, you may be able to speak directly with other players via the in-game chat feature. Any information you provide on these features will be considered “public”, unless otherwise required by applicable law. Keep in mind that others may have the ability to record or screengrab content with you in it when you’re in a public area of the Services. Please do not share any personal information over these public forums, including, without limitation by verbally sharing such information.
  • Your gameplay data. When you use the Services, we process the data needed to provide an immersive and realistic virtual experience, like your motion and controller inputs, position and orientation of the headset and controls, gameplay behavior, and settings preferences. We will store gameplay input data to give you access to features including, but not limited to, instant replay, playback clips, and highlight reels.
  • Sweepstakes or Contests. We may collect personal information you provide for any sweepstakes or contests that we offer. In some jurisdictions, we are required to publicly share information of sweepstakes and contest winners.
  • Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.

(II) PERSONAL DATA WE COLLECT AND PROCESS AUTOMATICALLY

  • Subject to local law requirements, we may also collect personal data about how you use our Services and your interactions with us and others, such as information we collect automatically via cookies, pixel tags, or similar technologies ), such as personal data about how you access, use and interact with our Services, your IP address, MAC address, mobile device identifier (IDFA or GAID), cookie ID, cookie content, browser type, browsing and click behavior and other activities, purchase information, domain name, referrer-URL, access dates and times, hardware and software information and settings, information about the device you use (e.g., device ID, device type), operating system, language, and approximate location inferred from IP address (collectively “electronic identification data”). We may also use pixels in HTML emails we send to you to evaluate and improve our marketing emails. For example, we may use pixels to understand if you read the emails we send to you. For more information, see the section ‘Cookies, Analytics and Personalization’ below or our Cookie Policy.

(III) SPECIAL CATEGORIES OF PERSONAL DATA
We may obtain information about you from other sources, including from other users and through third-party services and organizations. We may also collect personal data you voluntarily provide to us in relation to your physique or condition in order to recommend, customize and enhance your experience when using our Services. Such personal data may – by itself or in combination – reveal information about your (physical) health, which could be considered ‘special categories of personal data’ under certain laws.

In addition, we may also collect and use information regarding your location, such as GPS data (including precise geolocation data that shows your geographical position).

Where required under applicable law, we will only collect and use health and location data if you voluntarily share it with us, and with your prior consent or at your direction for the purposes set out in this Policy. You may refuse or revoke your consent at any time, as set out below in the section ‘Your Rights’.

HOW WE USE YOUR PERSONAL DATA
We use and process the personal data for the purposes set out below.

  • For the providing the Services to you. We process personal data where necessary so that we can provide the Services, you can play DISC and we are able to repair and improve the Services. To this end, we use the personal data for the following purposes:
    • Managing your information and accounts, as applicable;
    • For customization of your player’s avatar;
    • Using and disclosing your credit, debit or payment card or other financial information to process payments and prevent fraud;
    • Providing access to certain areas, functionalities, and features of our Services;
    • Answering requests for customer or technical support;
    • Performing moderation activities to enforce our Terms of Use;
    • Communicating with you about your account, activities on our Services, and policy changes; and
    • For other purposes as disclosed at the time you provide your personal information or otherwise with your consent.
  • To comply with a legal obligation. Any information referred to above in the section ‘Personal Data We Collect’ may be used to maintain appropriate business records, to comply with lawful requests by public authorities, or to otherwise comply with applicable laws and regulations.
  • For our legitimate commercial interests. We will process the personal data referred to above in the section ‘Personal Data We Collect’ where we have a legitimate interest; for example, our interests could include the effective delivery of information, Services and products to you and the effective and lawful operation of our business (in each case provided such interests are not overridden by your rights).

Specifically, we may use the personal data we collect about you (listed in the section ‘Personal Data We Collect’ above) for the following interests:

    • Improving our products and Services: to improve our products and Services as well as to better understand our customers both on an aggregated and on an individual basis. We do this by combining certain personal data we have obtained about you across the different ASICS group entities and analyze your use of the Services. This helps us to improve the Services and to give you a better user experience;
    • Advertising: We use personal information to promote our products and Services and to allow us to provide, personalize, measure, and improve our digital advertising. For example, to show you suggestions and targeted ads (including on third party websites or social media) based on how you interact with us or to create specific target audiences. To do this, we may share certain personal data (such as electronic identification data and e-mail address) with our advertising partners, including social media platforms such as Facebook, Instagram, Google, Snapchat, Pinterest etc. If you have any questions about our advertising and marketing practices or if you would like to withdraw consent of the use of your personal information for advertising and marketing purposes, you may contact us at any time as set forth below.
    • Personalize experience: to personalize your experience of our Services including:
      • To personalize the recommendations we give you when you use our Services and create personal profiles to enable us to send you personalized marketing materials and advertising about products and Services we think you may be interested in (if you have chosen to receive such materials);
      • To personalize your experience of specific Services, such as to further customize your avatar or to provide you with more precise game matching;
      • To provide you with other optional benefits in our Services.
    • Analytics and statistics: We need to process some of your personal data for our statistical purposes. These include either purely technical data (i.e. information not containing any personal data at all) or the other above-described data in pseudonymized form, that is, highly confidential data to which we assign a special number so that nobody except for us is able to match the data to the existing identifier using the given number. This processing is based on our legitimate interest, which is the continuous improvement the Services. For information such as contest and event data, your communication data and information regarding your activity, personal physical measurements, you will have the right to object to this processing in the manner described below.
    • Security: When you engage in public activity with the Services, such as interacting with others in DISC, your interactions may be recorded for the purposes of reporting and enforcing against abuse, bullying, harassment, or other violations of our Terms of Use. This data is stored locally on your device and on our servers. In the event a report is submitted, either by you or another user, we may review this data to investigate and determine if enforcement action is appropriate. We may also use violation data to train our systems and moderators how to recognize and resolve harmful behavior and violations. In some situations, we may be legally required to keep this data for specific periods of time, in accordance with legal obligations. We need to process certain personal data for security and fraud prevention and detection purposes as well as to maintain the integrity of our systems (i.e. preventing hacking, cheats, spamming, etc.). We also use personal data when investigating any misuse of our Services or other types of unlawful activities and to take action regarding (suspected) illegal activities, potential threats to the safety or legal rights of any person or third party, violations of this Policy, or breaches of our applicable agreements and Terms of Use;
    • Business Operations: We use your information for various administrative purposes listed below where we have a legal basis to do so, such as:
      • Product research and development (including marketing research);
      • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
      • Measuring interest and engagement in our Services;
      • Improving, upgrading or enhancing our Services;
      • Ensuring internal quality control and safety;
      • Authenticating and verifying individual identities;
      • Debugging to identify and repair errors with our Services;
      • Auditing relating to interactions, transactions and other compliance activities;
      • Enforcing our agreements and policies; and
      • To create aggregated analytics information, such as information about the device from which you access our Services.
    • Other purposes: for other legitimate business purposes as permitted by applicable law.

To the extent that we rely on our legitimate interest(s) as a legal basis for our processing of your personal data, you have the right to object to such processing, and we must stop such processing, unless we can either demonstrate compelling legitimate grounds (1) that override your interests, rights and freedoms or (2) that we need to process the data for the establishment, exercise or defense of legal claims (see the section ‘Your Rights’ below).

  • Use of information based on your consent. We may also process personal data where you have provided your consent to specific purposes. This includes:
    • we may use the personal data referred to above in the subsection ‘Special Categories of Personal Data’ (i.e., health data and location data) for the purposes set out in this Policy.
    • we may use the personal data referred to above in the section ‘Personal data we collect’ where consent is required under local law for:
      • direct marketing purposes via email or other electronic means;
      • recording our customer service calls for quality and management purposes; or
      • as part of certain research projects and/or surveys you may participate in.
    • where required under local law, we will ask for your consent prior to collecting and processing your electronic identification data. For more information, please see the section ‘Cookies, Analytics and Personalization’ below or our Cookie Policy;
    • we may also ask for your consent to process certain personal data for other specific purposes. If we do so, we will provide you with details about the personal data that we would like to process and the reason for our collection and processing, so that you can carefully consider whether you wish to consent.

To the extent we rely on your consent for processing, you can withdraw your consent at any time as described in the section ‘Your Rights’ below.

HOW WE SHARE YOUR PERSONAL DATA
We may share your personal data with the following categories of parties:

  • Data controllers within the ASICS Group. Amongst the responsible ASICS companies that may use your personal data as described in this Policy. An overview of the relevant ASICS companies can be found here.
  • Service providers and processors. With third party vendors, agents, service providers, and affiliated entities that we engage to provide services to us and on our behalf. This includes service providers that provide us with IT support, hosting, moderation, payment processing, customer service, marketing and related services. Your personal data is also processed by the Meta Quest platform through which you have purchased DISC and the Services and, in those circumstances, your personal data will be processed in accordance with Meta Quest’s privacy policy, https://www.meta.com/jp/en/legal/privacy-policy. Any payment card information you use to make a purchase on the Service is collected and processed directly by through Meta Quest. Meta Quest may use your payment data in accordance with its privacy policy. Your personal data is also processed by Cognitive 3D, which ensures the creation and management of statistics concerning our game. (Privacy policy available at: https://cognitive3d.com/privacy-policy/). By using our Services, you acknowledge that your personal information may be transferred to such third-party service providers. In providing their services, these third parties may access, receive, maintain or otherwise process personal data on our behalf. Our contracts with these service providers do not permit use of your information for their own commercial purposes. Consistent with applicable legal requirements, we take commercially reasonable steps to require third parties to adequately safeguard your personal data and only process it in accordance with our instructions.
  • Partners. Sometimes ASICS may offer you a service, application or promotion in co-operation with our partners or co-sponsors or allow you to connect to third-party platforms and services using your Meta Quest account. In such cases, we may disclose your personal data to the relevant partners, but only where you have consented or directed that we do so, or where doing so is necessary to fulfil your order or respond to your request. You may choose not to participate or to otherwise object to such sharing. If you win a contest or sweepstake, we may disclose the names of winners online.
  • Other users and the public. Your profile and other user-generated content may be visible to other users of the Service. For example, other users of the Service may have access to your information if you chose to make your profile or other personal information available to them through the Service. You may also choose to share your information with third-party platforms (such as Discord, Facebook, Instagram or other social media platforms), or otherwise share information on our social media pages on third-party platforms. This information can be seen, collected and used by others, including being cached, copied, screen captured or stored elsewhere by others, and we are not responsible for any such use of information.
  • APIs/SDKs. We may use third-party Application Program Interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of our Services.
  • Third parties in case of a legal requirement. We may also disclose your personal data if we believe we are required to do so by law, or that doing so is reasonably necessary to comply with legal processes; when we believe it is necessary or appropriate to disclose personal data to law enforcement authorities, such as to investigate actual or suspected fraud or violations of law, breaches of security, or breaches of this Policy; to respond to any claims against us; and, to protect the rights, property, or personal safety of ASICS, our customers, or the public.
  • Corporate transaction. We may disclose personal data, as part of any actual or contemplated merger, sale, transfer of ASICS’ assets, acquisition, bankruptcy, or similar event, including related to due diligence and negotiations conducted prior to such event, where permitted by law.
  • With consent. We may also otherwise disclose information about you, including personal data, to any other third parties, where you have consented or requested that we do so.

Notwithstanding anything else in this Policy, we may collect, use, and share aggregate or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual. Where we use, disclose or process de-identified information, we will maintain and use this information in de-identified form and not attempt to reidentify the information, except in accordance with applicable laws.

COOKIES, ANALYTICS AND PERSONALIZATION
Subject to your prior consent (to the extent required under appliable law), we and our third-party providers use cookies, clear GIFs/pixel tags, JavaScript, local storage, log files, and other mechanisms to automatically collect and record information about your usage and browsing activities, interactions with the Services, the content of your communications with the Services, and electronic identification data. We may also combine this information with other personal data that we collect about you.

Generally, we use this information to understand how you use and interact with our Services, track and troubleshoot bugs and errors, improve and develop our Services, verify account credentials, allow logins, track sessions, prevent fraud, and protect our Services, as well as for targeted marketing and advertising purposes, to personalize content, for analytics and similar purposes. For more detailed information about these mechanisms and how we collect and use such information, see our Cookie Policy.

Do-Not-Track. Please note we do not respond to browser do-not-track requests. You may, however, disable certain cookies as discussed in our Cookie Policy.

CHILDREN’S INFORMATION
DISC and the Services are not directed to children under (13) thirteen years of age and we do not knowingly collect personal data directly from children under the age of (13) thirteen. If you believe we have collected personal information about a child under the age of (13) thirteen without a legal basis, please contact us (see ‘Contact and Queries’ below) so that we may take appropriate steps to delete such information, and/or refuse to permit us from further collecting or using the child’s personal information.

If a Minor uses the Services, a parent or legal guardian must consent on their behalf. That guardian is responsible for the Minor’s use of the Services, including actions taken through any accounts or in connection with Meta Quest. You are responsible for any activity conducted through your account, whether authorized or not.

INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
Please be informed that we transfer and process any personal data you provide to us to countries/regions other than your country/regions of residence. The laws of these countries/regions may not provide an equivalent level of protection to your personal data as the laws in your home country/region. ASICS will therefore seek to ensure that adequate safeguards are in place and that applicable laws and regulations are complied with in connection with such transfer.
For personal data transferred from the European Economic Area (“EEA”) or United Kingdom (“UK”) to countries outside the EEA/UK that do not provide an adequate level of protection, ASICS is using Intra-Group Data Transfer Agreements based on the EU Standard Contractual Clauses adopted by the European Commission (“Standard Contractual Clauses”) and other local legal transfer provisions. With respect to transfers from the EEA and UK to parties outside the ASICS group companies, ASICS will base the transfer on appropriate safeguards, such as the Standard Contractual Clauses or other approved data transfer or certification mechanisms, together with binding and enforceable commitments by the recipient. In each instance, ASICS will assess the transfer and ensure that any additional technical and organizational measures are put in place to ensure that an adequate level of protection is provided.

SECURITY
ASICS has implemented technical, physical, and organizational measures and controls designed to protect the personal data we collect against unauthorized or unlawful use, alteration, unauthorized access or disclosure, accidental or wrongful destruction, and loss. Please be aware that despite our efforts, no security measures can guarantee absolute security. In addition, you can also take certain steps to protect your account and your personal data, for example by not sharing passwords, reusing passwords across multiple websites, choosing passwords that are not easily guessed, and promptly reporting any suspicious activity or unauthorized account access.

DATA RETENTION
ASICS retains your personal data for as long as required to satisfy the purpose for which it was collected (for example, to process your order, provide you with customer service, answer queries, or resolve technical problems, etc.), unless a longer period is necessary to meet our legal obligations or to defend against a legal claim. However, most of the data is kept in aggregate form only (where you cannot be identified) and only for as long as necessary.

YOUR RIGHTS
Subject to any limitations and exceptions under applicable law, you may have the following rights related to your personal data collected by us:

  • The right to access. You have the right to request access to the personal data we hold about you as well as information about our processing of your personal data.
  • The right to rectification. If the personal data we hold is inaccurate or incomplete you may request to have it updated or corrected.
  • The right to deletion. Subject to exceptions such as where we are required to retain your personal data by law, exercise or defend claims or have an overriding legitimate purpose, you may ask us to delete your personal data.
  • The right to object. You have the right to object to our processing of your personal data on grounds relating to your particular situation where we are processing personal data based on our legitimate interest (unless we can demonstrate compelling legitimate grounds to continue processing your personal data).
  • The right to withdraw consent. Where we rely on your consent to process personal data, you have the right to withdraw consent at any time with effect for the future. If you refrain from providing personal information or withdraw your consent to processing, some features of our Service may not be available.
  • The right to restriction of processing. Under certain circumstances, you have the right to restrict our processing of your personal data, such as if you believe that (i) the personal data we have about you is inaccurate; (ii) the personal data is not being processed lawfully, but rather than deleting the personal data, you would prefer us to restrict processing instead; or (iii) we no longer need your personal data for the purposes we collected it, but you require the data in order to establish, exercise or defend legal claims.
  • The right to data portability. Under certain circumstances, you have the right to ask us to transfer personal data which you have provided to us, to a third party if we are processing that data either on the basis of your consent or to perform a contract with you and the processing is carried out using automated means.

If you would like to exercise any of the above rights, please submit a request by contacting us as set forth in “Contact and Queries” below.

We will respond to your privacy rights request consistent with applicable law. For your and the protection of others, we may (depending on the type of request) need to verify your request and identity before addressing your request.

OTHER WEBSITES
Our websites and mobile applications may contain links to third-party websites and services; if you follow these links, you will exit our websites and mobile applications. ASICS does not control and is not liability for the collection and use of your personal data by these third parties. For more information, please consult the privacy statement of the website you are visiting (if such a statement is provided).

CHANGES TO THE POLICY
This Policy is current as of the Last Updated date set forth above. We may change this Policy from time to time by posting the updated version of the Policy on our websites and applications. If we make any changes to this Policy that materially affect our practices with regard to the personal data we have previously collected from you, we will endeavor to give you reasonable notice in advance of such change by highlighting the change on our websites or notifying you electronically. We encourage you to periodically review our Policy to stay informed about how we process your personal data.

CONTACT AND QUERIES
If you have questions regarding the processing of your personal data or this Policy, please contact us by email at: disc_support@asics.com.