Shinsho Corporation (“the Corporation”) fully understands the inherent responsibility to properly protect personal information of all persons including customers and suppliers who provide personal information to the Corporation (“the Individual”). To that end, the Corporation will handle personal information according to the manners as stated below.

（1）The Corporation complies with all applicable laws and regulations regarding the protection of personal information and in accordance with generally accepted practices for the handling of personal information. The Corporation will also make efforts to improve the handling of such information as necessary.

（2）The Corporation ensures the regulations concerning the handling of personal information to be clear, and makes all of our employees fully understand them. The Corporation also gives supervision to outsourcing companies concerning the handling of this information as appropriate and when necessary.

（3）When handling personal information, the Corporation will specify the purpose for its use and then notify or make a public announcement of it. The Corporation will handle the personal information according to the stated purpose of use.

（4）The Corporation will take necessary measures and properly management on personal information to prevent the leakage, loss, fabrication, etc.

（5）Requests from the Individual for disclosure, amendment, deletion or suspension of use of personal data held by the Corporation will be received at specified contact points and the Corporation will respond sincerely to such requests.

当When conducting its business, the Corporation will use personal information that is acquired in a proper and lawful manner for purposes listed below ("the Purpose") as necessary, unless it notifies the Individual involved by other methods.

Details of business operations of the Corporation are described below.

［1］Information regarding customers and suppliers

• To promote and provide products and services; to conclude, execute, and manage contracts; and to implement after-sales services.
• To develop products and services
• To purchase raw materials, goods and services
• To respond to inquiries from persons

［2］Information regarding job applicants

• To provide corporate information of the Corporation to job applicants and prospective employees and to decide or notify of success or failure in the job application.

The Corporation may share personal data it acquires within the scope specified below.

［1］Items of personal data for joint use

• Name, address, telephone number, email address, product purchase history, employer, title, etc.

［2］Scope of persons for joint use

• Among the companies in the Shinsho Corporation Group listed under 10 below.

［3］Purpose of use

• Within the purposes of use described in the preceding paragraph

［4］Person responsible for management of personal data for joint use

• Shinsho Corporation

Unless permitted by laws and regulations, the Corporation will not provide any personal data to a third party without the prior consent of the Individual involved.

The Corporation may outsource operations for shipping products, publications, etc. to customers, name card management operations, clerical work for employment-related tasks, and other operations to third parties. In this case, the Corporation selects outsourcing companies that meet the standards established by the Corporation, concludes outsourcing contracts that specify periodic submission of reports in writing on the status of handling of personal information by the outsourcing companies, among other things, in order to grasp such status.

The Corporation takes necessary and appropriate measures to ensure safe management of personal data that it holds, including prevention of leakage, loss or damage thereof, as follows.

［1］Formulation of basic policy

• To ensure that personal data is appropriately handled, the Corporation formulated a basic policy on matters such as compliance with relevant laws, regulations and guidelines and contact desk for dealing with inquiries and complaints.

［2］Establishment of rules on the handling of personal data

• The Corporation formulated internal rules concerning methods, etc. of handling personal data for each step of the process, including acquisition, use, retention, provision, deletion, and disposal.

［3］Systematic safety control measures

• The Corporation assigns a person responsible for the handling of personal data, determines employees who may handle personal data, clarifies the scope of personal data to be handled, and develops a system for reporting to and liaising with the person responsible in the event of the discovery of an actual or suspected breach of the Act on the Protection of Personal Information and internal rules.
• The Corporation implements periodic self-check and internal audits on the status of handling personal data.

［4］Personnel safety control measures

• The Corporation provides employees periodical training on matters that require attention regarding the handling of personal data, to ensure that they handle personal data in accordance with internal rules.
• Matters regarding confidentiality of personal data are stipulated in internal rules.

［5］Physical safety control measures

• In areas where personal data is handled, the Corporation uses employee access control, limits equipment, etc. to be brought in, and takes measures to prevent unauthorized persons from viewing personal data.
• The Corporation takes steps to prevent the theft, loss, etc. of equipment, electronic media, documents, etc. that contain personal data. Moreover, when carrying such equipment, electronic media, etc. inside offices and between offices and other locations, measures are taken to ensure that personal data cannot be easily accessed.
• When disposing of documents, etc. that describe personal data, or device, electronic media, etc. that record personal data, the Corporation applies measures to ensure that the deleted data is unrecoverable.

［6］Technical safety control measures

• The Corporation implements access control to limit the persons in charge of handling personal information and the scope of the personal information database they handle.
• The Corporation introduced frameworks to protect information systems that handle personal data against illegal access from outside or malware.

［7］Assessment of external environment

• In handling personal data in foreign countries, the Corporation collects information about and understands the personal information protection schemes of the said foreign counties, and pursues safety control measures accordingly.

When requested by an Individual or his/her agent for notification of purpose of use of his/her personal data held by the Corporation, disclosure of personal data held by the Corporation, or disclosure of records of the provision of data to third parties, the Corporation will respond to such request without delay, excluding cases defined as exceptions under laws and regulations. When the Corporation does not make notification or disclosure or when it does not hold the requested personal data, it will reply to that effect.

Moreover, when an Individual or his/her agent requests a correction, addition or deletion of personal data held by the Corporation or the suspension of use, removal, or suspension of provision to a third party thereof, the Corporation will conduct investigation and respond to such request in accordance with laws and regulations.

上Requests described in 7 above and other inquiries regarding personal information will be received at the point of contact given at the time when the Corporation received the provision of personal information or the service counter for suppliers. Details about the identity verification process and fees will be explained at the time when such request or inquiry is made. Please contact the consultation desk described under 9 below for any question about the point of contact.

Please contact the following for questions or complaints about handling of personal information by the Corporation.

The domestic subsidiaries and overseas subsidiaries which are listed as Subsidiaries and Affiliates in Corporate Information on our homepage.

April 1, 2022 revision