Personal Information Protection Policy

We respect the value of information and strive to ensure its proper management and protection.
We recognize the importance of protecting personal information and its value, and will implement the following measures.

1. We have established a personal information protection management system (a management system which confirms and reviews personal information protection policies, framework, plans, implementation, and operation) and will implement, maintain, and continuously improve this system.
2. We have established an organizational management system for the protection of personal information, taking into account the nature and scale of our business. We take sufficient measures to ensure that personal information is obtained, used, and provided appropriately, in compliance with all relevant rules and restrictions, and that it is not used for any purpose other than those stated.
3. We take all necessary and relevant measures for managing the security of personal information, and prevent or correct any divulgation, damage, or loss of personal information.
4. We comply with the Act on the Protection of Personal Information, the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures, and other relevant laws, regulations, and guidelines established by the government. In addition, we will ensure that our Personal information protection management system complies with relevant laws and other standards.
5. We will respond appropriately and quickly to any complaints or questions about personal information, and strive to resolve any problems which may arise.

Handling of Personal Information

We have committed to protecting personal information in accordance with our ‘Personal Information Protection Policy’. We will comply with the following items when handling personal information as a personal information handler.

• 1) Chief Privacy Protection Officer
  Miguel A.Estevez Abe, CEO/Representative Director
• 2) Purposes of use
  We will use personal information within the following scope. If we notify or disclose the purpose of use individually, it will be based on that purpose of use. Providing personal information is voluntary, but if you do not provide it, it may hinder the fulfillment of the intended purposes.

  Type of personal information	Purposes of use
  Information about trading partners	・Business communications ・Performance of agreements ・Notice of products and services offered by us and our group companies(*1), along with requests for accompanying surveys ・Notice of seminars and exhibitions held by us and our group companies (as the sponsor, co-sponsor, or cooperator) ・Specific purposes from the subcontractor in certain commissioned tasks. (*2) ・Response to inquiries and requests (*3)
  Personal information of our business partners and individual temporary workers	・Identification of employees of our business partners and individual temporary workers for the performance of various agreements
  Personal information of shareholders	・Management of affairs related to the exercise of rights by shareholders and the performance of our obligations under the Company Act and other related acts and ordinances ・Notice to request the shareholders to exercise their voting rights at the general meeting of shareholders
  Personal information of employees including ex-employees and applicants for employment	・Personnel and labor management concerning employment and engagement of employees and confirmation of matters related to accounting and administrative affairs. ・Communications, information provision, and administrative affairs for applicants for employment about employee selection. ・Personnel/staffing management for Gran Manibus’s executives and employees.
  Other	・Any other purpose for which we have notified a person and obtained the person's consent in advance

  *1) Group companies refer to SCSK Corporation, our parent company, and companies in which it directly or indirectly holds 20% or more of the voting rights of all shareholders.

  *2) When we undertake specific commissioned tasks and receive personal information from the client or outsourcer to carry out those tasks, we handle the relevant personal information within the necessary scope to achieve the purpose of the commissioned tasks.

  *3) Personal information shall include the personal information that we receive or acquire through exchanging business cards.

• 3) Use other than the above purposes.
  If there is a need to use personal information for purposes other than those specified in the aforementioned (2), except where permitted by law, consent from the individual will be obtained regarding such use.
• 4) Subcontracting of personal information
  There may be a case where we subcontract part of the business to a subcontractor for the purpose of smooth running of business, and disclose personal information to such subcontractor within the scope required for such purpose. In such an event, we will appoint a subcontractor who meets the standards established by us and will enter into an agreement with such subcontractor and/or appropriately supervise the subcontractor concerning the handling of personal information.

• 5)Disclosure or provision to a third party
  We will not disclose or provide personal information to any third party other than a subcontractor, or unless it is used in any of the following cases.

  ●When we have obtained the individual’s consent.

  ●When disclosing/providing statistical data or other information in a state where it is not possible to identify the individual.

  ●When disclosure or provision of personal information is requested by law.

  ●When disclosure of personal information becomes necessary for protection of the life, body, or property of anybody and it is impossible to obtain the person's consent.

  ●When we must improve public hygiene or promote the sound growth of children and in which it is difficult to obtain the consent of the person.

  ●When we must cooperate with governmental agencies or local public entities in their performance of affairs provided for in laws or ordinances and there is a possibility that their performance will be impeded if we try to obtain your consent

• 6) Procedures for Requests Regarding Disclosure of Personal Information or Records of Provision to a Third Party
  If you, as the individual or a representative, wish to receive notifications of the purpose of use, disclosure, correction, suspension of use, deletion, or cessation of third-party provision regarding the personal information held by us or disclosure of records of provision to a third party, please contact the designated contact listed in 8).
  Upon confirming your identity as the individual or representative, we will respond within a reasonable period and scope. Please note that requests related to disclosure of personal information, based on relevant laws and regulations, may not always be accommodated.
  For requests related to notification of the purpose of use or disclosure of personal information or disclosure of records of provision to a third party, there may be a fee charged, so please be aware of this.
  Additionally, if proof of identity (such as a driver’s license or a copy of a passport with a photo for identity verification) is required, please contact the designated contact below and then send the necessary documents to our company. Detailed instructions will be provided later.

• 7) Safety Management Measures

  ●Formulation of Basic Policy

  　・To ensure the proper handling of personal information, we have formulated and published a “Personal Information Protection Policy.”

  ●Establishment of rules for the handling of personal data

  　・We have established and stipulated rules for handling personal information, including methods of handling, responsible persons, and their duties.

  ●Organizational safety management measures

  　・We have appointed a Chief Privacy Protection Officer for handling personal information. We clarify the scope of personal information handled by employees and establish a reporting and communication system to the Chief Privacy Protection Officer in case of any violations of the Act on Protection of Personal Information or handling rules.

  　・We conduct an annual inventory of personal information handling and appropriate audits by the internal auditor.

  ●Human safety management measures

  　・We conduct annual training for employees on handling personal information.

  　・Matters related to confidentiality of personal information are stipulated in the rules of employment.

  ●Physical safety management measures

  　・In areas where personal information is handled, we manage employee access and implement measures to prevent unauthorized persons from viewing personal information.

  　・We take measures to prevent theft or loss of equipment, electronic media, and documents handling personal information.

  ●Technical safety management measures

  　・We implement access control to limit the scope of personal information databases handled by responsible persons.

  　・We have introduced mechanisms to protect information systems handling personal information from unauthorized access from outside.

  ●Understanding the international rules

  　・For some personal information handling operations, we may provide personal information to third parties located abroad through outsourcing, etc. Please check Personal Information Protection Commission’s website for information on personal information protection systems in the relevant countries.

• 8) Inquiries about personal information
  Personal Information Inquiry Counter, Gran Manibus Co., Ltd.
  Contact Method: Please input your inquiry details and send them via our website in the "Contact" section.
  Opening Hours: Monday to Friday, from 9:30 AM to 6:00 PM (excluding weekends, holidays, and year-end holidays from December 28th to January 3rd).
• 9) Our affiliated ‘Certified Personal Information Protection Organization’ and the contact point for complaints.
  We are currently not affiliated with any Certified Personal Information Protection Organizations.