Measures for managing the security of personal information

Personal information: Hereinafter, this includes personal information the Company collects or attempts to collect.

Measures for managing the security of personal data

Personal data: Hereinafter, this includes personal information the Company collects or attempts to collect that the Company plans to handle as personal data.

Basic policy

To ensure the appropriate handling of personal data, the Company has formulated and published its Privacy Policy as a basic policy on matters such as compliance with applicable laws, regulations, and guidelines and contact points for handling inquiries and complaints.

Rules on personal data handling

Based on the requirements of the Privacy Mark, the Company has developed a management system to safeguard personal information and maintains related rules and standards.

Organizational security measures

The Company has appointed a Chief Privacy Officer to oversee matters related to personal data. It also clearly indicates the scope of the employee duties related to handling personal data and the personal data handled, and sets forth lines for reporting and communicating to those responsible any real or potential violations of laws, rules, or standards.

The Company carries out periodic self-inspections of the state of personal data handling and audits by the section in charge of information security. The Company has earned Privacy Mark certification and undergoes periodic reviews of its handling of personal data.

Human security measures

The Company trains all employees (including officers and employees of partner companies) in proper procedures for the handling of personal data upon hiring and annually thereafter.

The Company's rules of employment include provisions on maintaining the confidentiality of personal data.

Physical security measures

The Company controls employee entry and egress for areas in which personal data is handled and restricts devices and other items that employees may bring with them into such areas. It also takes steps to prevent the viewing of personal data by unauthorized personnel.

The Company takes steps to prevent theft, loss, etc. of devices, digital media, documents, etc. used to handle personal data. It also takes steps to ensure that personal data cannot be readily identified when transporting such devices, media, etc., including when moving such within business sites.

Technological security measures

The Company implements access controls to restrict staff access and the scope of personal information databases and other data that they may handle.

The Company has adopted systems to protect the information systems used to handle personal data from threats such as intrusion and malware.

Ascertaining external environmental conditions related to personal data collected

The Company implements various security measures based on assessments of the systems related to protection of personal information in the USA where it stores personal information.

See the URL below for explanatory materials, survey results, and other information from the Personal Information Protection Commission of the Government of Japan concerning systems in each country