Personal information shall be obtained in a lawful and fair manner.

1. When information is directly obtained from an individual, how the information will be used shall be clearly explained in advance to the individual in the materials such as application forms, contracts, or survey forms, etc., or in an attachment.
2. When obtaining personal information indirectly, how the information will be used shall be publicly announced or the individual shall be promptly notified.

2.Use of personal information

In addition to complying with the Personal Information Protection Law and related laws, ordinances, and guidelines when handling personal information, the Company shall adhere to its own Basic Regulations on Managing Personal Information. If the handling of personal information is outsourced to a third party, the Company shall protect the information by selecting a business that meets the following standards and conducting appropriate monitoring and management.

1. The company or group company has been awarded the privacy mark or is ISMS certified
2. The company maintains a certain level of safety management for personal information that has been entrusted to the company, such as meeting all the following requirements:
   1. Has a personal information protection policy
   2. Has internal rules on personal information protection
   3. Has a person responsible for the protecting personal information

3.Safety management for personal information

The Company shall appropriately manage safety according to risks related to all personal information, including personal data possessed by the Company and personal data entrusted to third parties.

4.Response to requests regarding disclosing and revising personal information

If an individual requests that the personal information, which the Company possesses about himself/herself be disclosed or that the personal information be revised, updated, or deleted since the information is incorrect, the Company shall promptly respond to the request after confirming the identity of the individual or the lawful representative in an appropriate manner.

5.Personal information protection system

The Company shall establish a Personal Information Protection Committee and shall appoint a person as a Personal Information Manager. All employees handling personal information shall follow legal regulations, these regulations and other relevant procedures, as well as items supported by the Information Manager. Further, the Personal Information Protection Committee shall create periodic education and training plans and conduct the training, which will thoroughly protect personal information.

6.Response to issues such as requests from individuals

Requests received from an individual, representative of the individual, or similar party regarding the following issues related to personal information (1 through 3) shall be handled by the Personal Information Protection Committee. The Personal Information Protection Committee shall set the liaison person, response time and method, method for receiving requests, fees, response procedures, and other items in advance and publicly announce the items.

1. Notification of use, disclosure, revisions, or other requests related to personal information
2. Termination of use
3. Complaint or consultations

7.Review of Basic Personal Information Policy

In response to changes in the organizational structure of the Company, society, related laws, and technology, the Personal Information Protection Policy shall be reviewed in a timely manner and continually improved so that it is always rational and realistic.

PAGETOP

Use of personal information

1.Specified uses

The use of information shall be specified when using personal information for new businesses or using new personal information for existing businesses.

2.Notification of use when obtaining information

1. When information is directly obtained from an individual, how the information will be used shall be clearly explained in advance to the individual in the materials such as application forms, contracts, or survey forms, etc., or in an attachment.
2. When obtaining personal information indirectly, how the information will be used shall be publicly announced or the individual shall be promptly notified.
3. If there are changes to how the information will be used, the individual shall be notified of the change or the change shall be publicly announced.
   
   However, in the following situations, notification is not necessary.
   1. If notifying the individual or publicly announcing the change may result in loss of life, physical harm, damage to property or interests, or infringement of rights of the Company or a third party.
   2. If notifying the individual or publicly announcing the change may infringe on the rights or damage the legitimate interests of the Company.
   3. If making notification or publicly announcing the use of personal information that the Company obtained to cooperate with the work of national government bodies or local governments stipulated by law may hinder the that work.
   4. If it is determined that the use was obvious when considering how the information was obtained.

3.Restrictions on use

Personal information shall not be used more extensively than necessary to achieve the objective specified in article 1. However, the following are exemptions to this rule.

1. If consent is received from the individual
2. If use falls under one of the following:
   1. Based on laws or ordinances
   2. Necessary to protect the life or property of or prevent physical harm to a person, and it would be difficult to obtain the consent of the individual
   3. It is particularly important to improve public health or promote the healthy development of children, and it would be difficult to obtain the consent of the individual
   4. It is necessary to cooperate with the lawful work of national government bodies, local governments, or parties undertaking their work, and there are concerns that obtaining the consent of the individual would hinder the execution of this work

PAGETOP

Joint use of personal information

If personal information is shared between the Company and specified parties such as affiliated companies or agencies, the individual shall be notified in advance of the following or the information shall be made easily available.

1. That some information will be shared
2. What information will be shared
3. The scope of sharing
   • Kokando Co., Ltd.
   • Nihon Yakuzai Co., Ltd.
4. Purpose for sharing
5. Name of representative: Kokando Co., Ltd.

PAGETOP

Method for making requesting such as disclosure of personal information

Disclosure

The Company shall not disclosure personal information to third parties without the consent of the customer. However, personal information may be provided in the following situations:

• It is requested by an official body such as a court or the police based on laws or ordinances
• It is specially stipulated by law or ordinance
• There are concerns about loss of life, bodily harm, or loss of property of the customer or a third party and it is impossible to obtain the consent of the individual
• It is necessary to protect rights, property, or services of the Company due to violations of laws, ordinances, or the Company’s rules on use/notes, and it is impossible to obtain the consent of the individual

request

If a request is received from a customer for the disclosure of personal information possessed by the Company, the information shall be provided as long as it can be confirmed that the request was from that individual.