Privacy Policy

TOROTAKU, Ltd. (hereinafter "the Company") engages in business including system design, software development, data analysis, and maintenance. In the course of providing such services, the Company considers protection of personal information to be a social responsibility, and hereby establishes, implements, and maintains the following privacy policy.

1. The Company will, in light of the nature and scale of its business, appropriately acquire, use, and provide personal information. In particular, the Company will not handle personal information beyond the scope necessary to achieve the specified purpose of use, and will take measures to that effect.

2. The Company will comply with laws, national guidelines, and other norms relating to the handling of personal information.

3. The Company will take measures to prevent and correct leakage, loss, or damage of personal information.

4. The Company will respond appropriately and promptly to complaints and inquiries regarding the handling of personal information. Please contact the personal-information complaint and consultation desk listed below.

5. The Company will strive for continuous improvement of its personal-information protection management system.

Handling of Personal Information

Below is the Company's handling of personal information.

1. Purpose of Use of Personal Information

(1) Personal information of those wishing to join the Company
- To send recruitment materials and to communicate with applicants.
- For recruitment selection processes.

(2) Personal information of Company employees and similar persons
- For employment management, including operational management.
- For health insurance, social insurance, welfare benefits, and similar procedures.

(3) Personal information acquired during inquiries to the Company
- To respond to and reply to such inquiries.

(4) Personal information of contacts at business partners
- For necessary business communications, negotiations, contracts, and so on.
- For business-partner information management, payment, and revenue processing.

(5) Personal information handled in outsourced operations (this is not retained personal data)
- For performance of contracts with the outsourcing client.

2. Procedures in Response to Disclosure Requests

(1) Where to direct disclosure requests
- "Personal Information Complaint and Consultation Desk" (listed at the end of this document)

(2) Form and other manner of submitting requests for disclosure
Please send the following to the Company's "Personal Information Complaint and Consultation Desk":
(i) Application form for disclosure
 The Company has prepared an "Application for Disclosure" form; please contact us to obtain it.
(ii) Identity verification documents
 Driver's license, passport, health insurance card, residence card, or My Number Card. (Please redact information about your registered domicile.)
When a request is made by the principal's representative, in addition to verification of the principal, verification of the representative is also required.
 - Documents proving the qualification of a statutory representative include a certified copy of the family register, an extract of the family register, or certificates from a family court.
 - The document proving the qualification of an authorized representative is a power of attorney.
(iii) Fee
 A fee of JPY 1,000 will be charged per application for "notification of the purpose of use of retained personal data" or "disclosure of retained personal data." Please enclose JPY 1,000 in the form of a postal money order with the documents above.

3. Measures Taken for Safe Management of Retained Personal Data

The Company has taken the following safety management measures to protect retained personal data. For detailed inquiries about safety management measures, please contact the personal information inquiry desk.

(1) Establishment of basic policy
- We have established a basic policy regarding the appropriate handling of personal data.

(2) Development of rules for handling personal data
- To prevent leakage and otherwise ensure safe management of personal data, we have established rules governing the handling of personal data.

(3) Organizational safety management measures
- We appoint a person responsible for the handling of personal data and have established a reporting and communication system to that person when facts or risks of legal or regulatory non-compliance are discovered.
- We clarify which employees handle personal data and the scope of personal data they handle.
- To check the status of personal-data handling, we periodically conduct self-assessment and undergo external review.
- We monitor and review the status of personal-data handling and continuously improve our personal-information protection framework.

(4) Personnel safety management measures
- We disseminate and raise awareness of the importance of personal-information protection in the handling of personal data, and conduct periodic training.
- We obtain confidentiality oaths from employees who handle personal data.

(5) Physical safety management measures
- We control the entry and exit of employees and visitors in areas where personal data is handled.
- We have established measures for the use, storage, and disposal of equipment, documents, and electronic media that handle personal data, in order to prevent theft and loss.

(6) Technical safety management measures
- We implement access controls to limit which personnel can access which personal-information databases.
- We identify and authenticate employees who use information systems that handle personal-information databases.
- We have introduced mechanisms to protect information systems handling personal data from external unauthorized access and malicious software.

(7) Awareness of the external environment
- With respect to handling of personal information overseas, we appropriately implement the safety management measures above after understanding the personal-information protection systems of the foreign jurisdictions concerned.