Basic Policy for the Protection of Personal Numbers and Specific Personal Information

Mitsui-Soko Holdings Co., Ltd.
Date of enactment: January 1, 2016

The Company’s policy for the handling of personal numbers and specific personal information (hereinafter referred to as “specified personal information”), based on the “Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures”, is outlined below.

1. The Company handles specific personal information appropriately and within the statutory scope of its business related to personal numbers.
2. The Company acts appropriately in the collection, use, provision, storage and disposal of specific personal information. It observes the internal regulations it has formulated in relation to these matters.
3. The Company carries out education, training, and auditing for all personnel involved in handling specific personal information.
4. The Company complies with laws and regulations on the handling of specific personal information, guidelines stipulated by the government and other standards.
5. The Company takes precautions to prevent any leakage, loss of or damage to specific personal information.
   In the unlikely event of a leak or similar occurrence, we will take immediate remedial action as the situation requires.
6. The Company responds promptly and appropriately to complaints and inquiries about specific personal information.
   The contact details for any inquiries are outlined below.
7. The Company continuously reviews and improves its processes for the management of specific personal information.

Inquiries on the protection of specific personal information

Mitsui-Soko Holdings Co., Ltd. Personnel Department
TEL：03-6400-8001

Security policy
Mitsui-Soko Group Basic Policy for Information Security

The Company Group is strongly aware of the fact that the confidential information that the Company Group possesses, customers’ confidential information received from customers, and personal information are information assets that should be protected, it is building an information security management system, and it is implementing and improving the measures stated below in order to maintain that information security management system.

Establishment and maintenance of an information security management system

In order to have the board members and employees (including temporary employees and part-time employees) who use the Company Group’s information assets understand and adhere to the Basic Policy for Information Security, the Company Group will establish an information security management system, and prepare an organization system for the purpose of maintaining that information security management system and a system for conducting risk management.

Formulation of security measure standards

The Company Group will formulate the Regulations for Information Security Management and Detailed Regulations for Information Security Management that stipulate basic requirements and judgment criteria that are necessary for adhering to the Basic Policy for Information Security.

Other compliance with related laws and ordinances

The Company Group will adhere to related laws and ordinances and confidentiality obligations that are stipulated in agreements, formulate voluntary management standards as necessary, and conduct maintenance and management for security. It will also, through agreements, take the necessary measures in order to have external consigned business operators also adhere to the Basic Policy for Information Security, Regulations for Information Security Management and Detailed Regulations for Information Security Management that are stipulated by the Company Group. In addition, for protection of personal information, it will separately stipulate Provisions for Protection of Personal Information and take the necessary measures.

Maintenance of promotion organizations and systems

The Company Group will stipulate a Chief Information Security Officer (CISO), maintain information security management organizations and operation systems, and strive to clarify roles and responsibilities.

Education for employees, etc.

In order to strive to make employees aware of the Basic Policy for Information Security, Regulations for Information Security Management and Detailed Regulations for Information Security Management and improve awareness about information security, the Company Group will formulate and implement education plans related to information security.

July 2, 2019.

Privacy policy
Personal Information Protection Policy

Mitsui-Soko Holdings Co., Ltd. fully recognizes that the appropriate handling and management of personal information is a corporate social responsibility. It has established the following Personal Information Protection Policy, and is engaged in maintaining and improving the internal management system which it has built.

Collection, use, and provision of personal information

When personal information is collected, the Company only uses this within the scope of its business activities, and other requirements necessary for its business. It does not use this information for any purpose other than the purpose for which it is collected. In addition, it will not disclose this information to third parties unless it is necessary for the provision of outsourced services, or if required by laws and regulations or the public interest.

Management of personal Information

The Company takes reasonable precautions against unauthorized access to personal information, and loss, destruction, alteration or leakage of personal information. It will promptly take corrective measures in the unlikely event of a problem.

Compliance with laws and regulations

Mitsui-Soko Holdings Co., Ltd. complies with laws, regulations, and standards regarding the protection of personal information.

Establishment of a management system

To maintain the appropriate structure for the protection of personal information, Mitsui-Soko Holdings Co., Ltd. has designated a personal information protection officer, and has established and will continuously review its management system.

Education of employees

Mitsui-Soko Holdings Co., Ltd. will carry out personal information education programs to ensure the company’s Personal Information Protection Policy and its Regulations for the Protection of Personal Information are known to its employees and to increase awareness of these.

April 1, 2005

Inquiries about this policy and the handling of personal information

TEL : 03-6400-8055
Reception hours: 9 AM - 5 PM on weekdays (excluding Saturdays, Sundays, public holidays, year-end/New Year holiday)