Naring Creative Inc. (hereinafter referred to as “our company”) believes that it is our social responsibility to properly manage personal information in order to protect the rights and interests of individuals. We have established the following policy on personal information protection, will thoroughly inform our employees and related parties of this policy, and will strive to protect personal information even more than before.

1. Collection, use, and provision of personal information: We will establish a system for protecting and managing personal information, and will establish and comply with internal rules regarding the appropriate collection, use, and provision of personal information.
2. Safety measures for personal information: We will take all possible preventive measures against unauthorized access to personal information, and against the loss, destruction, falsification, and leakage of personal information. In addition, in the unlikely event that a problem does occur, we will take prompt corrective measures.
3. Verification, correction, and suspension of use of personal information: If the relevant person requests verification, correction, or suspension of use of the information, we will investigate the matter and respond appropriately in accordance with our separately determined internal rules.
4. Compliance with laws and regulations regarding personal information: We will comply with laws and other regulations regarding personal information.
5. Education and continuous improvement: In order to properly maintain our personal information protection system, we will thoroughly educate and train our employees and continually review and improve our internal rules.

Purpose of use of personal information

All businesses are now subject to the Personal Information Protection Act, which came into force on May 30, 2017. Accordingly, we will use all personal information provided to us in the course of our operations for the following purposes.

1. Personal information on customers and related parties (business partners, related organizations)
   1. For design and presentation creation
   2. To carry out project management operations
   3. To propose and sell products and services
   4. To conduct research and analysis to improve the value of our services
   5. For business communication, cooperation, negotiation, contract performance, performance requests, etc.
   6. To provide maintenance support
2. Personal information relating to recruitment and employment activities, internship applicants, employees and former employees
   1. For hiring and recruitment activities (including internships)
   2. To provide information and contact applicants
   3. For use related to recruitment and hiring activities
   4. To provide information and contact former employees
   5. For personnel and labor management operations
   6. To calculate, determine and pay remuneration
   7. For other employment management, performance management, and ensuring proper business operations
   8. To entrust employee personnel and labor matters, calculation of remuneration, etc. to tax accountants and social insurance and labor consultants
   9. For use in relation to other employee administrative procedures
3. Use of employee personal numbers based on the Numbers Act
   1. To prepare legal records regarding salary, etc.
   2. To handle employment insurance, health insurance, and employee pension insurance notification procedures
   3. For other administrative tasks related to personal numbers as stipulated by law

Management of personal information

We will thoroughly implement the following measures in managing information provided by customers, related parties (business partners, related organizations), and employees.

1. Ensuring accuracy of information: We will endeavor to ensure that the information you provide is always accurate and up-to-date.
2. Safety control measures: We strictly handle personal information in accordance with the following safety control measures.
   • (Organizational safety control measures)The person in charge will verify that personal data is being handled in accordance with established procedures. Establish a reporting and communication system from employees to the person in charge.
   • (Personnel safety management measures)Regular training is provided to employees on important points regarding the handling of personal data. Matters regarding confidentiality of personal data are concluded at the time of employment contract.
   • (Physical security measures)Implement measures to prevent personal data from being easily viewed by anyone other than employees who can handle personal data and the person himself/herself.
     Implement measures to prevent theft or loss of devices, electronic media, documents, etc. that handle personal data, and
     Implement measures to prevent personal data from being easily identified when carrying such devices, electronic media, etc., including when moving around the workplace.
   • (Technical security control measures)Clarify the devices that can handle personal data and the employees who handle those devices, and prevent unnecessary access to personal data.
     Introduce a mechanism to protect devices that handle personal data from unauthorized external access or malicious software.
   • (Understanding the external environment)If personal data is to be stored in a foreign country in the future, we will implement safety management measures after understanding the systems for protecting personal information in that foreign country.
3. Employee supervision: We ensure strict application of regulations regarding the handling of personal information in accordance with our company regulations.
4. Supervision of contractors: When outsourcing the handling of personal information, we will only entrust it to contractors who meet the requirements based on our internal regulations and will manage the information appropriately.
5. Retention period and disposal: We will set a retention period for the information you provide and will discard it after the retention period has expired. In addition, if the information is no longer needed, we will discard it immediately even if it is still within the retention period.

Procedures for “Requests for disclosure, etc. of personal information”

In principle, we will respond appropriately in writing to requests from individuals for disclosure, etc., of personal data held by our company (personal information subject to disclosure *1). In addition, if you request notification of the purpose of use of personal data, correction, addition, or deletion of content, suspension of use, or suspension of provision to third parties based on the “Act on the Protection of Personal Information” (hereinafter referred to as the Protection Act), the following will apply.

1. Notification of purpose of use – When the purpose of use cannot be clearly confirmed from the information stated in “Handling of personal information”
2. Correction, addition, or deletion of content – If the content of your personal data is different from the facts
3. Suspension of use – If the Company is handling the personal data of the individual beyond the scope necessary for the achievement of the purpose of use, or if the personal data of the individual has been obtained by illegal means
4. Suspension of provision to third parties – If the Company provides personal data to a third party without the prior consent of the individual

Please note that the following personal information will not be disclosed:

1. Anything that does not fall under “retained personal data” (personal information subject to disclosure *1)
   1. The Company is merely outsourced to provide services and has no authority to disclose the data.
2. Items not subject to disclosure, etc., pursuant to Article 25 of the Personal Information Protection Act
   1. When disclosure, etc. may pose a risk to the life, body, property, or other rights and interests of the individual or a third party
   2. When disclosure, etc. is likely to seriously impede the proper performance of our business
   3. When disclosure, etc. violates other laws and regulations
3. Other cases stipulated by laws and regulations

1. 1. Scope of disclosure, etc.The scope of disclosure, etc. is limited to your address, name, our purpose of use, and other personal data included in the retained personal data (personal information subject to disclosure *1) that has been acquired and is currently in our possession.
      • 1 Personal information subject to disclosure is a name defined in JISQ15001:2017, and refers to personal information that a personal information handling business (our company) has the authority to respond to all requests from the individual for disclosure, correction, addition or deletion of content, suspension of use, and suspension of provision to third parties. Retained personal data is a name defined in the Personal Information Protection Act, and refers to personal data that a personal information handling business (our company) has the authority to disclose, etc., but does not apply to data that is deleted within six months (Article 2, Paragraph 5 of the Personal Information Protection Act).
   2. Disclosure requirements
      1. Notification of purpose of use – When the purpose of use cannot be clearly confirmed from the information stated in “Handling of personal information”
      2. Correction, addition, or deletion of content – If the content of your personal data is different from the facts
      3. Suspension of use/deletion – When the Company processes the personal data of the individual beyond the scope necessary for the achievement of the purpose of use, or when the data is processed in a manner that encourages or induces illegal or unjust acts, or when the personal data of the individual has been obtained by illegal means, or when otherwise stipulated by the Personal Data Protection Law.
      4. Suspension of provision to third parties – If the Company provides personal data to a third party without the prior consent of the individual
   3. Scope of disclosure, etc.When requesting disclosure, etc., please fill out the necessary items on our designated application form, enclose the necessary documents for identity verification and a fee (only for requests for disclosure and notification of purpose of use), and send it to the address below by a method that leaves a delivery record, such as certified mail. Please note that we will not return any documents you send us. Please also note that we cannot accept requests made in person at our company.

1. Documents required for requesting disclosure, etc.If you are making a request for disclosure, etc., please download and print the following request form for disclosure, etc., fill in all the required information, enclose document 1-2 for identity verification, and mail it to the address listed in 3 above (Personal Information Protection Consultation Desk, Information Security Promotion Department of our company) by a method that leaves a record of delivery, such as delivery record mail. If your current address differs from the address recorded in the data we hold about you due to relocation, etc., please submit a document showing your relocation history, etc. If your registered domicile, etc. is listed on the document below, please make a copy excluding the registered domicile, etc.
   1. When a request is made by the person himself/herself
      1. Personal information disclosure request form
         Download the request form for personal information disclosure, etc.
      2. Documents for identity verification (one of the following a to e)
         1. a. Copy of driver’s license
         2. b. Copy of your passport
         3. c. A copy of your health insurance card
         4. d. Copy of your pension book
         5. e. Copy of your Alien Registration Card
   2. In the case of a legal representative
      1. Personal information disclosure request form
      2. Documents for identity verification (same as 1-2 above)
      3. A copy of your family register or health insurance with your dependents listed
      4. Identification document of the legal representative of the minor or adult ward
   3. In the case of a delegated representative
      1. Personal information disclosure request form
      2. Power of attorney as specified by our company
         Download the power of attorney
      3. Personal seal certificate (issued within the last 3 months)
      4. Documents for identity verification (same as 1-2 above)
      5. Identification document of the representative (same as 1-2 above)
      6. Recipients of the results of disclosure, etc.

      If a proxy receives the results of disclosure, etc. from our company, please write in the power of attorney that you “delegate the authority to receive the results of disclosure, etc.” In this case, the power of attorney must be stamped with the principal’s official seal and the principal’s seal certificate must also be submitted. If the power of attorney does not state that the authority to receive the results of disclosure, etc. is delegated, the principal’s official seal is stamped, or a seal certificate is not submitted, the results of disclosure, etc. will be provided to the principal.

   4. In the case of measures following the employee’s retirement, etc.
      1. Personal information disclosure request form
      2. Company seal (or president’s seal) that can verify the following facts
         1. a. Reasons why you cannot make a claim yourself
         2. b. Relationship between the claimant and the person in question (working in the same department, successor, etc.)
         3. c. The person’s employment status and retirement status, as well as the date of employment and retirement
         4. d. One original copy of the company seal or president seal certificate
         5. e. Copy of your pension book
2. Disclosure request fees and payment methods
   1. commissionRequests for disclosure of personal information and notification of purpose of use will cost 1,000 yen (tax included) per sheet.
      • Please note that fees may change without notice.
   2. Payment MethodPlease enclose 1,000 yen worth of postage stamps with your application documents.
      • If the fee is insufficient or has not been enclosed, we will contact you and return all of the documents you submitted. We apologize for the inconvenience, but we ask that you resubmit your documents.
3. How to respond to requests for disclosure, etc.We will respond in writing to the address stated in the application form by mail with delivery restricted to the individual. Please note that it may take at least two weeks from the time all submitted documents arrive at our company until we respond, and that there may be cases where the response may be delayed longer due to operational reasons.
4. Purpose of use of personal information acquired in response to requests for disclosure, etc.Personal information obtained in response to requests for disclosure, etc. will be handled only to the extent necessary to respond to the request for disclosure, etc. After responding to the request for disclosure, etc., the documents you submit will be securely stored and managed as records for a certain period of time, and then disposed of in an appropriate manner.
5. Reasons for non-disclosure of held dataIn any of the following cases, we will not be able to comply with your request for disclosure, etc. of your personal data (hereinafter, this case will be referred to as “non-disclosure”). If we decide not to disclose, etc., we will notify you to that effect and the reason. Please note that we will not refund the prescribed fee even if we decide not to disclose, etc.
   1. If identity verification is not possible due to an incomplete address or other information on the application form
   2. When an application is made by a representative, the representative’s authority by court or power of attorney cannot be confirmed.
   3. If there are any deficiencies in the required application documents
   4. If the personal information requested for disclosure, etc. does not correspond to personal information held by our company
   5. When there is a risk of harm to the life, body, property or other rights and interests of the person or a third party
   6. When there is a risk of causing significant disruption to the proper execution of our business
   7. When it would violate other laws and regulations
6. Revision of this procedureThis procedure for requesting disclosure, etc. may be subject to partial revision in order to protect the personal information of the individual or to comply with changes in laws and regulations, etc. Please check this procedure each time you request disclosure, etc.

Information Security Policy

Naring Creative Inc. (hereinafter referred to as “our company”) will protect the information assets we handle in the course of business from various threats and respond to the trust placed in us by our customers and society, by implementing the information security policy set out below on a company-wide basis and complying with it together with our “Personal Information Protection Policy.”

1. ScopeThis information security policy applies to the information assets of our customers, related parties (business partners, related organizations), employees, etc., and to all employees (executive officers, advisors, full-time employees, associate employees, and contract employees) who handle such assets.
2. Management ResponsibilityThe Company will endeavor to systematically and continuously improve and enhance information security under the leadership of its management.
3. Establishment of internal structureThe Company will appoint a person in charge of maintaining and improving information security, establish a system for information security measures, and strive to operate appropriately.
4. Initiatives of Executives and EmployeesWe will provide education and training on information security to ensure that directors and all employees understand the importance of information security and handle information assets appropriately. All directors and employees who handle information assets will fulfill the duties and responsibilities set forth therein.
5. Compliance with legal and contractual requirementsIn order to maintain social order, we comply with laws, regulations, norms, and contractual obligations related to information security and meet our customers’ expectations.
6. Incident ResponseWe will take appropriate measures in the event of an information security incident, and will establish response procedures in advance to minimize damage in the unlikely event that such an incident does occur.
7. Introduction of IT infrastructureWe will continually improve our information security management by periodically evaluating and reviewing the above initiatives.