Your Privacy Is Important To GSRJL

In the course of serving as a full-service asset management company or providing back office and support functions to our affiliates, Goldman Sachs Realty Japan Ltd. (“GSRJL”) may obtain personal information about you as described in the following Section. We handle such personal information in accordance with the Personal Information Protection Law (2003, Law No.57) (the “PIP Law”) and its related regulations and applicable guidelines. This Policy describes the types of personal information we may collect about you, the purposes for which we use the information, the circumstances in which we may share the information with third parties, and the steps that we take to safeguard the information to protect your privacy.

The Sources of Information

The personal information GSRJL collects comes primarily from the following sources:

• GSRJL may obtain personal information such as persons’ names and addresses of tenants, golf course members, debtors, hotel guests etc., from its affiliates in the course of providing asset management services to such affiliates.
• GSRJL, in order to support its affiliates (limited to the co-users of the personal information and the asset holding companies GSRJL has been consigned to), as Real Estate Broker or as Type 2 FIEL service provider, may directly be the contact etc. for potential buyers of assets, their brokers and other assignee, and may obtain personal information from potential buyers, their brokers and other assignees.
• GSRJL may be provided with the personal information from the borrower and the guarantor when it lends money as registered Money Lender.;
• GSRJL may obtain personal information from real estate registry certificates, corporate registry certificates and other publicly available official documents.

The Personal Information We Have

We may have the following personal information (but not limited to below):

• The name, address and other contact details of tenants, golf course members, debtors, hotel guests etc. regarding the assets managed by its affiliates;
• Extensive financial information, including source of wealth, past history of borrowings etc. of the debtors of GSRJL; and
• Certain identifying information (e.g., passport photo, etc.) as required by the Identification Law (2002, Law No. 32) (‘the Identification Law”), and related regulations

Purpose of our Use of Personal Information

We may use the personal information and Retained Personal Data (as defined below) for the following purposes:

• Underwriting and assessing risks for potential acquisition deals of various assets;
• Documenting the asset information after acquisition;
• Providing asset management and oversight services;

• Providing agency or intermediary services (such as looking for potential purchasers or tenants, or negotiating with them on behalf of its affiliates, or being the contact for such affiliates) for leasing, sales or purchase of real estate assets including hotels and golf courses;

• Providing oversight services for its affiliates which enter into sale or purchase of loan asset, or similar transactions;
• Providing personal information to third parties such as potential buyers in relation to the services described above;
• Providing loans to a borrower, which requires confirmation of the identity of the loan applicant in accordance with Criminal Proceeds Transfer Prevention Law (2007, Law No. 22);
• In order to provide credit and manage such credit history;
• Reporting to the external lender or investor related to assets managed by GSRJL and its affiliates; and
• Providing support and back office services to affiliates including K.K. Minato Saiken Kaishu (“MSK”) and Archon Hospitality K.K. (“AH”), details of which, including their respective privacy policies, are available in each individual affiliates website.

Joint use of The Personal Data (as defined below) within GSRJL and Its Affiliates

The Personal Data (“Personal Data” (Kojin Data) in the meaning set out in Section 2, Paragraph 3 of the PIP Law) (such as the subject's name, address, financial situation, and the like) may be used jointly with MSK, AH, Goldman Sachs Japan Co., Ltd., Goldman Sachs & Co. and Archon Group LP. The purposes of use are as set forth above. GSRJL is responsible for managing the Personal Data used jointly with the above companies.

Disclosures of The Personal Data to Third Parties

GSRJL does not disclose the Personal Data to third parties, except as described in this Policy and as permitted by the PIP Law. Third party disclosures may include sharing such information with non-affiliated companies that perform support services with GSRJL, including those that provide professional, legal, or accounting advice to GSRJL as well as non-affiliated companies and organizations that assist GSRJL in providing services. Non-affiliated companies that assist GSRJL in providing services to you are required to maintain the confidentiality of such information to the extent they receive it, and to use the Personal Data only in the course of providing such services and only for the purposes that GSRJL dictates. GSRJL may also disclose the Personal Data to fulfill the instructions by the assignees, to protect our rights and interests and those of our business partners, or pursuant to the express consent of the owner of the Personal Data. Finally, under limited circumstances, the Personal Data may be disclosed to third parties to the extent and as permitted by the individual in question, or to comply with applicable laws and regulations, and to otherwise cooperate with law enforcement or regulatory authorities, or with organizations such as exchanges and clearinghouses. Further we may provide certain Personal Data (such as an individual’s name, address, financial conditions and so on), to a third party (such as purchasers or prospective purchasers of various assets, or financial institutions providing loans to or investors providing funds to affiliates managed by GSRJL. Such provision will be made by hand delivery, postal mail, telephone, internet, e-mail and other methods. However, when you so request, the disclosure and provision of your information shall be immediately discontinued.

Information Security: How We Protect Your Privacy

GSRJL is committed to implementing the highest standards of information security to protect the privacy and confidentiality of the personal information. GSRJL effects organizational security measures, physical security measures and technological security measures, and implements the following measures to ensure the security and accuracy of personal information.

• Organizational Management: The clear allocation of roles and responsibilities to each employee for information management, the supervision of the employees, the adoption of GSRJL information protection rules and the audits of how GSRJL performs personal information protection;
• Physical Management: The implementation of measures to protect individual information from misappropriation and/or loss; and
• Technological Management: The introduction of GSRJL’s general rules for the system use and the accurate and secure technical management of personal information.

In relation to the system use, as described above in Disclosures of The Personal Data to Third Parties, we limit access to the personal information to authorized GSRJL employees or agents. Our service providers are held to stringent standards regarding privacy protection. We also maintain physical, electronic, and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure. Some of the other central features of our information security program are:

• A dedicated group (the Information Technology Department) that designs, implements, and provides oversight to our information security program;
• The use of specialized technology such as firewalls;
• Testing of the security and operability of products and services before they are introduced to the Internet, as well as on-going scanning for publicly-known vulnerabilities in the technology;
• Internal and external reviews of our Internet sites and services;
• Monitoring of our systems infrastructure to detect weaknesses and potential intrusions;
• Implementing controls to identify, authenticate and authorize access to various systems or sites;
• Protecting non-public communications through encryption or other means; and
• Providing GSRJL personnel with relevant training and continually updating our security practices in light of new risks and developments in technology.

Consignment of personal information

GSRJL, within the extent necessary to achieve the purpose of its use, consigns management of the Personal Data to third parties regarding the operations related to the management and maintenance of the information system. GSRJL will provide necessary and appropriate oversight to the consignee for such consignment.

Privacy and The Internet

The following additional information will be of interest to you if you access GSRJL Web sites:

• Cookies are small text files consisting of information stored by the Web browser. This information is used for administrative purposes and to improve the experience with our Web sites. For example, this information helps authenticate you (i.e., verify that you are who you say you are), an essential component of site security. Cookies also make it easier for you to navigate GSRJL Web site. You can set the Web browser to inform you when cookies are set, or to prevent cookies from being set. However, if you decline to use cookies, you may experience reduced functionality, and declining to use authentication related cookies will prevent you from using the Web site altogether.
• Clickstream or similar data (e.g., information regarding which of our Web pages you access, the frequency of such access, and the product and service preferences) may be collected and shared internally within GSRJL in order to assess the usage, value and performance of our Web sites.

Other Privacy Policies or Statements: Changes to Policy

This Policy provides a general statement of the ways in which GSRJL protects the personal information. You may, however, in connection with specific products or services offered by GSRJL, be provided with privacy policies or statements that supplement this Policy. This Policy may be changed from time to time to reflect changes in our practices concerning the collection and use of personal information. The revised Policy will be effective immediately upon posting to our Web site. This Policy is effective April 1, 2005 and amended effective May 10, 2007 and February, 01, 2010.

• Miscellaneous

If GSRJL retains your Personal Data that falls into “Retained Personal Data” (Hoyu Kojin Data) definition, in the meaning set out in Section 2, Paragraph 5 of the PIP Law), you can make a certain request in the following ways:

(1)Procedures for disclosure of the Retained Personal Data:

You can request the disclosure of the Retained Personal Data. GSRJL will disclose the relevant data in writing upon confirming the identity of the individual in question. However, there are cases that requested disclosure is not possible. In such cases, GSRJL will state in writing the reason why disclosure is not possible. The fee for disclosure of 1,000 yen shall be charged.

(2)Procedures for the correction, addition, removal, and suspension of use and provision to third parties of the Retained Personal Data:

You can request the correction, addition and removal, or the suspension of use and provision of the Retained Personal Data to third parties. GSRJL will carry out the relevant procedure upon confirming the identity of the subject. However, there are cases that requested action is not possible. In such cases, GSRJL will state in writing the reason why compliance with such a request is not possible.

Complaint contact office

If you would like to contact GSRJL to make a request as prescribed in paragraphs (1) and (2) above or make a claim in relation to the Retained Personal Data, please send an e-mail at the address below;

Email: privacy@gsrjl.com

Compliance with Compliance Program

We will prepare compliance program to realize the protection and proper management of the personal information, provide thorough education, training and supervision and update such program periodically so our employees will know and carry out such protection and proper management of personal information. We will amend such program from time to time, in order to reflect that change in social environment as well as amendment etc. in relevant laws and regulations.