1. Purpose of Use of Personal Information

   We collect and use personal information as defined in the Act on the Protection of Personal Information for the following purposes:

   1. Personal information of business partners and customers
      • To process billing and payment and other business transactions, contract-related processing, and business communications with business partners and customers;
      • To respond to inquiries and requests from business partners and customers;
      • To send information regarding our services;
      • To send invitations to seminars, product information sessions, and exhibitions hosted or sponsored by us and our group companies;
      • To request satisfaction surveys and other questionnaires;
      • To send New Year's cards, information on office relocation, and transfers;
      • Other purposes as communicated to and mutually agreed upon by our business partners and customers in advance.
   2. Personal information disclosed to us during the course of business transactions
      

      We manage personal information disclosed to us by our business partners within the scope of the intended purposes of data processing and other contracted services.

   3. Personal information of employees of partner companies
      • To process billing and payment, and other business transactions, contract-related processing, and business communications with cooperating companies;
      • To respond to inquiries and requests from cooperating companies;
      • To send information regarding our services;
      • To send invitations to seminars, product information sessions, and exhibitions hosted or sponsored by us and our group companies;
      • To request satisfaction surveys and other questionnaires;
      • To send New Year's cards, information on office relocation, and transfers;
      • Other purposes communicated to and mutually agreed upon by our business partners and customers in advance.
   4. Personal information of shareholders
      • To exercise rights and perform obligations under the Companies Act;
      • To provide various benefits to the shareholders in relation to their status as a shareholder;
      • To implement various measures to facilitate the relationship between us and our shareholders;
      • To manage shareholders, such as preparing shareholder data in accordance with prescribed standards under various laws and regulations.
   5. Personal information of officers and employees
      

      We manage personal information of our directors and employees (including employees, contracted employees, part-time employees, employees seconded to us, dispatched employees, also including their family members to the extent necessary for the following purposes), our applicants for employment and retirees for the following purposes:

      • Personnel and labor affairs, calculation, determination, and payment of compensation;
      • Training, termination/retirement, and other employment management;
      • Performance management, ensuring proper business operations;
      • Communications from us to employees;
      • Operations related to recruitment and selection, and entry procedures.
2. Outsourcing Management of Personal Information

   To ensure the smooth execution of our business, we may outsource a part of our business and management of personal information to a contractor to the extent necessary. In such cases, we will select a contractor that meets our standards. In addition, personal information that falls under paragraph 2 of section 1 (above) will be entrusted to the contractor only after obtaining the consent of the business partner.

3. Joint Use of Personal Information

   We may use jointly personal information described in paragraph 1, sections 1, 3, and 5:

   1. Categories of personal information
      The name, company name, address, telephone number, e-mail address, information regarding employee salary, social insurance, work status, and other information related to personnel management and benefits, and other items necessary to achieve the purpose of use.
   2. Scope of joint users
      Our group of companies
   3. Purpose of use
      The information will be used jointly within the scope of the purposes of use described in paragraph 1, sections 1, 3, and 5 above.
   4. Contact Information for company responsible for managing personal information:
      Name 　： System Support Inc.
      Address ： 9F Rifare, 1-5-2 Honmachi, Kanazawa-shi, Ishikawa, Japan
      Representative Director ：Ryoji Koshimizu
      
      For inquiries regarding joint use, please contact below: 9F Rifare, 1-5-2 Honmachi, Kanazawa-shi, Ishikawa, Japan
      Personal Information Protection Consultation Desk, General Affairs Department, System Support Inc.
      Telephone number : 076-265-5151
      Hours : 9 a.m. to 5 p.m. weekdays (except Saturdays, Sundays, national holidays, and company holidays)
4. Providing Personal Information to Third Parties

   We will not provide personal information to third parties without the consent of the individual, except in the following cases: (a) In accordance with the provisions of laws and regulations;
   (b) If it is particularly necessary to protect the life, body, or property of an individual and it is difficult to obtain the consent of the individual;
   (c) To provide information for joint use to those listed in the scope of joint users in section 3 above;
   (d) Other cases as stipulated in the Act on the Protection of Personal Information.

5. Security Measures

   We take necessary and appropriate security measures to prevent leakage, loss, or damage of personal information. We also exercise necessary and appropriate supervision over employees and contractors (including subcontractors) who manage personal information. Regarding the security measures for personal information, we stipulate internal rules and measures, the main contents of which are as follows: Establishment of protection guidelines
   To manage personal information properly, we have established guidelines such as "Compliance with Related Laws and Guidelines," "Contact for Questions and Complaints," and "How to Request Disclosure, Correction, and Deletion of Personal Information.” Preparation of rules and regulations concerning the management of personal information
   For each stage of acquisition, use, storage, provision, and deletion/disposal, we have determined the management method, responsible person/persons in charge, and their duties. Organizational security measures
   In addition to appointing a person responsible for the management of personal information at each site, we have prepared a system for clarifying the employees who manage personal information and the scope of personal information managed by said employees, and for reporting to the Information Security Management Officer in the event that a violation of the Act on the Protection of Personal Information or internal regulations concerning the management of personal information is detected, or any indication of such a violation is detected. We have conducted periodic self-inspections of personal information management status and audits by other departments and external third parties. Human security measures
   We have regularly trained our employees in considerations for the management of personal information. We have described the items with regard to confidentiality of personal information in our internal rules. Physical security measures
   We have on-premises controls for the entry and exit of employees, restricted the equipment and other items they may bring into the office, and implemented measures to prevent unauthorized persons from accessing personal information in areas where it is managed. We have taken measures to prevent theft or loss of equipment, electronic media, and documents that include personal information, and to prevent personal information from being easily discovered when such equipment, electronic media are moved, including during transportation within the business site. Technical security measures
   We have implemented access controls which limit the scope of persons in charge and personal information databases managed. We have put in place mechanisms to protect information systems that manage personal information from unauthorized external access or unauthorized software. Selection of contractors
   If personal information collected by us is stored in a foreign country, we will select a contractor that knows the systems for protecting personal information in the foreign country where the information is stored and that takes necessary and appropriate security management measures.

6. Sensitive Personal Information

   Sensitive personal information refers to personal information that encompasses details such as the individual’s race, creed, social status, medical history, criminal record, the experience of having been a victim of a crime, or other identifiers as specified by a Cabinet Order. These identifiers necessitate special care to prevent unjust discrimination, prejudice, or other disadvantages to the person involved.
   In addition to race, creed, social status, medical history, criminal history, and status as a crime victim, the following are also applicable: physical disability, intellectual disability, mental disability, other disabilities, results of medical examinations and other tests, health guidance, and medical and perscription information.
   We will not acquire any sensitive personal information without obtaining the prior consent of the person, except in the cases listed in each item of Article 20, Paragraph 2 of Act on the Protection of Personal Information.

7. Pseudonymized Personal Information

   If we create pseudonymized personal information (defined in Article 2, Paragraph 5 of the Act on the Protection of Personal Information, and the same definition applies hereinafter), we will create personal information in compliance with the standards stipulated in relevant laws and regulations, including Article 41, Paragraph 1 of the Act on the Protection of Personal Information, and the Order of the Personal Information Protection Commission.
   If we create or obtain pseudonymized personal information along with deleted information, we will implement measures to securely manage the deleted information, following the standards prescribed by the Rules of the Personal Information Protection Commission, as necessary to prevent leakage. We will not provide pseudonymized personal information (excluding information falling under the category of personal information) to any third party, except as required by law. In managing pseudonymized personal information, we will not cross-check it with other information in order to identify the individual whose personal information was used to create the pseudonymized data. If we no longer need to use personal information or deleted information, we will strive to delete such data without delay. We commit to taking necessary and appropriate measures for the secure management of pseudonymized personal information, addressing complaints related to the creation or managing of such data, and implementing other necessary measures to ensure its proper management. Additionally, we will make concerted efforts to publicly announce the details of such measures.

8. Anonymized Processed Information

   If we create anonymized processed information (as defined in Article 2, Paragraph 6 of the Act on the Protection of Personal Information), we will create it in accordance with the standards set forth in laws and regulations such as Article 43, Paragraph 1 of the Act on the Protection of Personal Information, and the Order of the Personal Information Protection Commission.
   If we create anonymized processed information, we will implement secure management measures, preventing the leakage of descriptions deleted from personal information used in the anonymization process, personal identification codes, and information from the processing method (limited to information capable of restoring said personal information using that data). If we create anonymized processed information, we will promptly disclose what information is contained in such data through the internet or other appropriate means. If we provide anonymized processed information to a third party, whether created by us or supplied by third parties, we will publicly announce the specific personal information included in the anonymized information to be shared with the third party, along with the method of provision beforehand. Also, we will clearly indicate to the third party that the provided information is anonymized processed information. In order to identify the individual whose personal information is used to create anonymized processed information, we will not:
   (1) cross-check anonymized processed information with other information; or
   (2) obtain information regarding descriptions, deleted from the relevant personal information, personal identification codes, or processing methods used in accordance with the provisions of Article 43, Paragraph 1 of the Personal Information Protection Law (clause 2 applies only to the relevant anonymized processed information provided by a third party) in managing anonymized processed information. We implement necessary and appropriate security measures for anonymized processed information, address complaints related to the creation or management of other anonymized processed information and take other necessary measures to ensure the proper management of anonymized processed information. Furthermore, we commit to publicly announce the details of such measures.

9. Disclosure, Correction, Suspension of Use, Deletion of Personal Information

   We respond to requests for disclosure and inquiries about personal information held by us in accordance with the provisions of the law. Please note that we may verify the individual's ID for this procedure.

   〇For requests for disclosure or inquiries regarding personal information of shareholders, please contact the following: Sumitomo Mitsui Trust Bank, Limited (Shareholder register administrator)
   

   Address:	4-5-33, Kitahama, Chuo-ku, Osaka-shi, Osaka Department: Stock Transfer Agency Department
   Phone:	Phone Number: 0120-782-031 (toll free) Operating Hours: 9 a.m. – 17 p.m. (except Saturdays, Sundays, holidays, and bank holidays)

   〇For requests for disclosure or inquiries from customers using our services, please contact the department with which you have business relations. 〇For requests for disclosure or inquiries regarding other personal information, please contact the below: 【Contact Information】

Public Announcements on External Transmission

We transmit the following user information externally ("External Transmission"). Regarding the External Transmission of user information, we publish the following items in accordance with the provisions of the Telecommunications Business Act on regulations for external transmission (Article 27-12 of the Telecommunications Business Act).