Basic Policy for the Protection of Personal Numbers and Specific Personal Information

MITSUI-SOKO HOLDINGS Co., Ltd.
Date of enactment: January 1, 2016

The Company’s policy for the handling of personal numbers and specific personal information (hereinafter referred to as “specified personal information”), based on the “Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures”, is outlined below.

1. The Company handles specific personal information appropriately and within the statutory scope of its business related to personal numbers.
2. The Company acts appropriately in the collection, use, provision, storage and disposal of specific personal information. It observes the internal regulations it has formulated in relation to these matters.
3. The Company carries out education, training, and auditing for all personnel involved in handling specific personal information.
4. The Company complies with laws and regulations on the handling of specific personal information, guidelines stipulated by the government and other standards.
5. The Company takes precautions to prevent any leakage, loss of or damage to specific personal information.
   In the unlikely event of a leak or similar occurrence, we will take immediate remedial action as the situation requires.
6. The Company responds promptly and appropriately to complaints and inquiries about specific personal information.
   The contact details for any inquiries are outlined below.
7. The Company continuously reviews and improves its processes for the management of specific personal information.

Contact for Inquiries on the protection of specific personal information

MITSUI-SOKO HOLDINGS Co., Ltd. Personnel Department
TEL: 03-6400-8001

End

Security policy
MITSUI-SOKO Group Basic Policy for Information Security

The Company Group is strongly aware of the fact that the confidential information that the Company Group possesses, customers’ confidential information received from customers, and personal information are information assets that should be protected, it is building an information security management system, and it is implementing and improving the measures stated below in order to maintain that information security management system.

Establishment and maintenance of an information security management system

In order to have the board members and employees (including temporary employees and part-time employees) who use the Company Group’s information assets understand and adhere to the Basic Policy for Information Security, the Company Group will establish an information security management system, and prepare an organization system for the purpose of maintaining that information security management system and a system for conducting risk management.

Formulation of security measure standards

The Company Group will formulate the Regulations for Information Security Management and Detailed Regulations for Information Security Management that stipulate basic requirements and judgment criteria that are necessary for adhering to the Basic Policy for Information Security.

Other compliance with related laws and ordinances

The Company Group will adhere to related laws and ordinances and confidentiality obligations that are stipulated in agreements, formulate voluntary management standards as necessary, and conduct maintenance and management for security. It will also, through agreements, take the necessary measures in order to have external consigned business operators also adhere to the Basic Policy for Information Security, Regulations for Information Security Management and Detailed Regulations for Information Security Management that are stipulated by the Company Group. In addition, for protection of personal information, it will separately stipulate Provisions for Protection of Personal Information and take the necessary measures.

Maintenance of promotion organizations and systems

The Company Group will stipulate a Chief Information Security Officer (CISO), maintain information security management organizations and operation systems, and strive to clarify roles and responsibilities.

Education for employees, etc.

In order to strive to make employees aware of the Basic Policy for Information Security, Regulations for Information Security Management and Detailed Regulations for Information Security Management and improve awareness about information security, the Company Group will formulate and implement education plans related to information security.

End

July 2, 2019.

Privacy Policy

MITSUI-SOKO HOLDINGS Co., Ltd. (Address: 3-20-1 Nishi-Shimbashi, Minato-ku, Tokyo; Name of Representative: Hirobumi Koga; hereinafter referred to as "we" or "our") strongly recognizes that the proper handling and management of personal information is a corporate social responsibility, and has established the following policy regarding the protection of personal information, and is engaged in activities to establish, maintain, and improve its internal management system.

Collection of Personal Information

When collecting personal information, we do so appropriately within the scope of our business activities and other needs, ensuring that we do not obtain such information through deceitful or any other illegitimate means.

Management of Personal Information

Besides implementing reasonable measures to prevent unauthorized access to personal information and to safeguard against loss, destruction, falsification, or leakage of such data, we have formulated Personal Information Protection Regulations. Moreover, we guarantee that all employees are well-versed in the proper management of personal information. To uphold an effective personal information protection system, we designate a personal information protection officer, institute and regularly evaluate the management system, and swiftly execute corrective actions in case of any issues.

Compliance with Laws and Regulations

We adhere to laws, regulations, and other relevant norms concerning the safeguarding of personal information.

Established on April 1, 2005
Revised on April 1, 2024

Contact for Inquiries Regarding this Policy and Our Handling of Personal Information

MITSUI-SOKO HOLDINGS Co., Ltd. Personnel Department
Address: 3-20-1 Nishi-Shimbashi, Minato-ku, Tokyo
Name of Representative: Hirobumi Koga
Responsible Department: Legal and General Affairs Division

TEL: 03-6400-8000
Opening hours: 9:00 a.m. to 5:00 p.m. weekdays (except Saturdays, Sundays, national holidays, and our company holidays such as year-end and New Year holidays)

End

Handling of Personal Information

We manage the personal information that we acquire and utilize in the following manner.

Purposes of Using Personal Information

We collect personal information required for our business operations, as outlined in the "Type of Personal Information" section below. This information is utilized within the specified purposes detailed in the "Purpose of Use" section.

Type of Personal Information	Purpose of Use
Information on our customers, suppliers, contractors, and any other business partners	• Conducting activities such as sales and the provision of products and services by our group companies, as well as the procurement of their raw materials, which includes communications, visits, payments, and billing. • Conducting promotion of products and services offered by our group companies through advertising, notifications, and sales promotions, which involve disseminating information about events, seminars, campaigns, shows, surveys, and questionnaires, as well as informing about changes in terms and conditions. • Providing customer support, encompassing after-sales service for products and services provided by our group companies, which involves addressing inquiries and requests from customers. • Conducting testing, development, and research activities, including efforts to enhance features and improve the quality of products and services offered by our group companies. • Conducting operations incidental to the foregoing.
Information on shareholders and investors	• Exercising rights and fulfilling obligations in accordance with the Companies Act of Japan. • Providing information to shareholders and investors • Implementing various measures to facilitate the relationship between shareholders/investors and our group. • Overseeing shareholders and share management. • Conducting operations incidental to the foregoing.
Data associated with inquiries, information provision, and website access	• Addressing inquiries, documenting, and securely storing communication materials. • Performing analysis and statistical assessments to enhance the services and quality of our group companies. • Compiling statistical data in a manner that ensures individual identities cannot be discerned. • Conducting operations incidental to the foregoing.
Information on internship and recruitment opportunities	• Supplying information and reaching out to applicants regarding internship and job opportunities. • Conducting questionnaires and other surveys related to recruitment activities and compiling statistical data. • Responding to inquiries. • Enforcing procedures for onboarding newly hired employees and overseeing their employment after the hiring decision has been made. • Conducting other activities related to recruitment and hiring.
Information on individuals who have left our organization	• Conducting severance (retirement) processes. • Preserving records of employment details, salaries, health information, and other pertinent data throughout the period of employment. • Addressing various inquiries related to social insurance. • Initiating contact from our side. • Conducting operations incidental to the foregoing.
Information on our directors, officers, and employees	• Overseeing personnel and labor management within our group companies. • Coordinating sales and other business activities across our group companies.
Information on entry and exit activities at our facilities	• Supervising visitors to the facility and individuals entering and exiting the premises. • Facilitating emergency communication and overseeing the utilization of the facility. • Conducting operations incidental to the foregoing.

Sharing of Personal Information

(1) Shared by
• Our group companies

（https://www.mitsui-soko.com/company/group/）
• （https://www.mitsui-soko.com/company/group/msc/business）
• （https://www.mitsui-soko.com/company/group/mse/business）
• （https://www.mitsui-soko.com/company/group/msl/business）
• （https://www.mitsui-soko.com/company/group/mscs/about）
• （https://www.mitsui-soko.com/company/group/mst/business）




(2) Personal information to be shared




Name, gender, facial photograph, date of birth, residential or professional postal code, address, phone number, and email address, affiliation, department, title, and other data acquired in compliance with this Policy.




(3) Purpose of sharing personal information




Any company listed in the "Shared by" section above may utilize the shared personal information to accomplish the purposes outlined in the "Purposes of Using Personal Information" section above.




(4) Name of person responsible for sharing personal information




MITSUI-SOKO HOLDINGS Co., Ltd.
Address: 3-20-1 Nishi-Shimbashi, Minato-ku, Tokyo; Name of Representative: Hirobumi Koga
Responsible Department: Legal and General Affairs Division




Sharing of Personal Information with Third Parties

We do not share personal information with any third parties except as outlined in this Privacy Policy, with the explicit consent of the individual, or in compliance with the Personal Information Protection Law and other relevant laws and guidelines.




Disclosure of Personal Information

If a request for notification of the purpose of use, disclosure, correction, addition, deletion, suspension of use, elimination, or suspension of provision to a third party of personal data in our possession is made, we will respond accordingly in compliance with the law, ensuring the request is legitimately from the individual who provided the pertinent personal information. In such instances, you might be required to cover a processing fee.
For detailed billing information, kindly reach out to the contact provided in this Privacy Policy.





End