1. 1The Company will clearly define purposes of use for personal information and collect personal information by appropriate means within the scope of its business operations.
2. 2The Company will use personal information only to the extent necessary to achieve the purposes of use and will not use personal information for purposes other than those stipulated, except with the consent of the person concerned or as permitted by law.

1. 1The Company will appoint a person in charge of managing personal information and will strictly control such information to prevent any unauthorized use within the Company. The Company will also take appropriate and reasonable security measures technically and organizationally as described below to protect personal information from risks such as unauthorized access from outside, loss, destruction, falsification, and leaks.

   (1) Formulating basic policies

   • • Formulate basic policies established to handle personal information properly and to provide a point of contact for questions and complaints

   (2) Establishing rules for handling personal information

   • • Establish personal information handling rules covering handling methods as well as the identities and duties of the officers/persons responsible for each stage of handling personal information: acquisition, use, storage, provision, deletion/disposal, etc.

   (3) Implementing organizational security control measures

   • • Assign a person responsible for the handling of personal information (Personal Information Management Officer)
     • Clearly identify those employees who handle personal information and the scope of personal information to be handled by such employees
     • Establish a system for reporting actual or suspected violations of laws or Company regulations to the Personal Information Management Officer whenever discovered
     • Conduct periodic self-inspections of personal information handling and have other organizations conduct audits

   (4) Instituting personal security control measures

   • • Provide periodic training for employees on points to bear in mind when handling personal information

   (5) Carrying out physical security control measures

   • • Control employee access to rooms/areas where personal information is handled, limit the equipment employees bring into such rooms/areas, and implement measures to prevent unauthorized persons from accessing personal information
     • Implement measures to prevent theft or loss of equipment, electronic media, and documents that contain personal information
     • Implement measures to ensure that personal information cannot be readily accessed when equipment, electronic media, and other items containing personal information are carried from one location to another within or outside Company premises

   (6) Executing technical security control measures

   • • Undertake access control to limit the scope of employees handling personal information and of personal information handled.
     • Introduce mechanisms to protect information systems that handle personal information from unauthorized access from outside or unauthorized software

   (7) Understanding the external environment

   • • Carry out security control measures when handling personal information in a foreign country based on an understanding of the systems for protecting personal information in that country.
     • The Company stores some personal information in the US and has introduced systems to ensure that the companies with which this information is stored do not handle personal information held by the Company based on its understanding of the systems in place in the US for protecting personal information.
2. 2The Company may provide personal information to third parties in foreign countries when permitted by law as follows.

   ① Names of the foreign countries concerned
   The names of the countries in which personal information will be provided to regulatory authorities, business partners, contractors, academic/research organizations, academic societies or researchers cannot be specified at the time the personal information is obtained, as they will depend on the results of testing and investigations, the status of applications for and acquisition of permits and approvals, and the outcomes of future research and development, but the scope of these countries will include the United States, Canada, Germany, the United Kingdom, Israel, China, Taiwan, South Korea, Indonesia, Singapore, and other countries in which the Company's group companies are located or countries in which the Company's business partners and contractors conduct business.

   ② Systems for the protection of personal information in relevant foreign countries
   Please refer to the website of the Personal Information Protection Commission:
   https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/#gaikoku (Japanese only)

3. 3The Company will strive to ensure that the personal information in its possession is as accurate and up-to-date as possible, and will endeavor to erase it without delay when it is no longer needed for use.
4. 4The Company will continuously and regularly educate and train all personnel engaged in Company operations to ensure that they are aware of the importance of protecting personal information and that they implement all necessary measures in that regard.
5. 5The Company may use personal information jointly with third parties or outsource information processing and other operations involving personal information. The Company will select contractors that meet the standards for adequate protection of personal information, will conclude agreements with them on matters necessary for the protection of personal information in contracts, etc., and will have them carry out appropriate management of personal information.
6. 6The Company will not disclose or provide personal information to third parties other than joint users or subcontractors in accordance with the preceding paragraph 5., except with the consent of the individual or as permitted by law.

The Company will review this Privacy Policy at its discretion, making improvements as necessary and using reasonable means to make all changes publicly known.