PRIVACY POLICY (BASIC POLICY ON PROTECTION OF PERSONAL INFORMATION)

Ricksoft Co., Ltd. (hereinafter referred to as the “Company”) believes that compliance with laws and regulations related to the protection of personal information and protecting personal information is foundational to business activities and social responsibility. The Company stipulates and implements the Basic Policy on the Protection of Personal Information (Privacy Policy) in order to implement proper collection, use, protection as well as security management of personal information of its clients/shareholders/officers and employees (meaning any person who is an officer of the Company or is in an employment relationship with the Company (including contract workers and part-time workers) as follows.

Obtainment, Use and Provision of Personal Information

The Company will obtain personal information handled in all businesses of the Company by fair and legitimate means.
When obtaining personal information, the Company will, in principle, first notify or disclose the purpose of use of such personal information.
The Company will use personal information to the extent necessary to accomplish such purpose of use as informed.
Except as otherwise stipulated by laws and regulations, the Company will not provide any third party with personal information without first obtaining consent from the concerned person.

Laws and Regulations, Guidelines, and Code of Conduct for Protecting Personal Information

The Company will comply with all laws and regulations and other codes of conduct for protecting personal information including the Act on the Protection of Personal Information.

Security Management of Personal Information

The Company will endeavor to prevent and remedy risks such as leakage and loss of personal information or damage to personal information due to unauthorized access, falsification, loss, etc. by implementing necessary and appropriate security measures.

Complaint and Consultation Relating to Personal Information

The Company will establish a contact point to deal with any inquiry and consultation relating to personal information and try to deal with the same appropriately and promptly.

Continuous Improvement of the Protection of Personal Information

In order to verify that the mechanism for the protection of personal information is being appropriately implemented, the Company will inspect and audit its implementation regularly.
The Company will review the mechanism for the protection of personal information regularly and improve the same continuously in light of the change in the circumstances and social trend.

HANDLING OF PERSONAL INFORMATION

Ricksoft Co., Ltd. (hereinafter referred to as the “Company”) will endeavor to perform proper management and protection of personal information of its clients/shareholders/officers and employees (meaning any person who is an officer of the Company or is in an employment relationship with the Company (including contract workers and part-time workers)) in accordance with the “Privacy Policy (Basic Policy on the Protection of Personal Information).”

Specifically, the Company will handle personal information in accordance with the following.

Obtainment of Personal Information and Clear Indication of Purpose of Use

The Company will, when requesting provision of personal information, first notify the purpose of use of such information and clearly state whether such information will be/not be provided to any third party, etc. Personal information described below will be used within each purpose of use.
As of September 1, 2017

Type of personal information	Purpose of use
Inquiry information that has been input on the Company’s website	For answering the inquiry For sending goods and making settlement For introducing goods and services For delivering e-mail newsletters
Shipping information about goods ordered on the website	For shipping goods
Information about business cards and questionnaires obtained in the course of business activities and at the event venue	For introducing goods and services For delivering e-mail newsletters For statistical data-processing to promote sales
Information about client’s person in charge	For business services such as business communication, negotiation, consultation, placement and acceptance of orders, settlement with the client For introducing goods and services For delivering e-mail newsletters
Information about shareholders	For performing services related to shareholders
Information provided in an application for recruitment	For screening for employment of and communicating with the applicant
Information about officers and employees and their family members	For labor management of officers and employees For benefits packages for officers and employees
Information about retired persons	For sending documents and items for communication

Security Management Measures on the Website

When personal information is provided by filling out forms on the Company’s web site, the Company implements security measures against information leakage, etc. by using data encryption through SSL (Secure Socket Layer) communication.

Cookies

The Company’s website uses cookie technology on some pages to enable users to use the site more conveniently. By using cookies, the website will be able to identify users’ computers without obtaining information that can identify them such as name, address, telephone number, or email address.
Users may reject to receive cookies or enable notifications when receiving cookies by changing their browser setting accordingly.
Even if rejecting to receive cookies, users may use the Company’s website with limited functions.

Use of Google Analytics
The Company may use Google Analytics on the Company’s website to comprehend its utilization status. Google Analytics collects information about access to the Company’s website using first-party cookies but never obtains information that can be used to identify an individual.
Methods for collection and use of access information are stipulated by the Google Analytics Terms of Service and Google Privacy Policy.
http://www.google.com/analytics (Google Analytics ^TMis a registered trademark of Google Inc.)

Management of Personal Information

The Company will properly manage personal information provided by users in accordance with laws and regulations, code of conduct, and internal rules related to personal information.
The Company will appoint a Chief Privacy Officer and develop the internal personal information protection system in order to ensure appropriate management of personal information.
The Company will continuously conduct education and awareness activities related to the protection of personal information for its officers and employees.

For any question about the security management measures taken by the Company, please make an inquiry to a contact point established by the Company.

Use of Personal Information

The Company will not use personal information provided by users for any purposes other than those that the Company informs to users as described under item 1. above. In the case that the Company uses personal information for any purpose other than such purposes or changes the purpose of use itself, it shall first notify users or disclose to that effect. The Company will promptly and appropriately delete and destroy any personal information that is no longer necessary in light of the purpose of use

Disclosure or Provision of Personal Information to Third Parties

The Company will not disclose or provide personal information to any third party except in cases falling under any of the following:

a. If consent to disclosure or provision thereof is obtained from the concerned person;

b. If all or part of handling of personal information is entrusted to a third party (in such case, the Company will endeavor to appropriately supervise such entrusted parties by entering into an agreement on the protection of personal information with such parties, etc.);

c. If personal information is disclosed or provided in a way that cannot be used to identify an individual, such as statistical data;

d. If disclosure or provision thereof is required under laws and regulations;

e. If such disclosure or provision thereof is necessary to protect human life, body or property and if it is difficult to obtain consent of the concerned person;

f. If it is necessary to cooperate with national or local public authorities, etc. in their implementation of official clerical work and if obtaining consent of the concerned person is likely to pose a problem for the implementation of such clerical work.

Disclosure of Retained Personal Data or Record of Third-Party Provision

If a request is made to disclose information with respect to the retained personal data or the record of third-party provision, the Company will, after identifying the person who has requested the same as the concerned person, respond to such request within a reasonable timeframe and to a reasonable extent.
Provided, however, that in any of the cases described below, such information will not be disclosed. If the Company has determined not to disclose such information, it will notify users of such determination with the reason thereof.

If the Company cannot identify the requesting person to be the concerned person of the retained personal data or the record of third-party provision.
In the case of a request through an agent, if the Company cannot verify the authority of such agent.
If there is any deficiency in the application form or if the request does not follow the method as described under item 10. below.
If the information for which disclosure has been requested does not fall under the retained personal data or the record of third-party provision.
If such disclosure is likely to harm life, body, property or other rights/interests of the requesting person or a third party.
If such disclosure is likely to pose a significant problem for the proper implementation of the Company’s work.
If such disclosure would violate any other laws and regulations.
Otherwise, if the Company is not obliged to disclose such information pursuant to the Act on the Protection of Personal Information.

Partial Correction or Deletion, Etc. of the Contents of the Retained Personal Data

If a request is made for a correction, addition or deletion about any part of the contents of personal information relating to the retained personal data (hereinafter referred to as the “Correction”), the Company will, after identifying the requesting person the same as the concerned person, make the Correction. within a reasonable timeframe and to a reasonable extent as long as there is any content different from the fact.
Provided, however, that in any of the cases described below, the Correction will not be made. If the Company has determined not to make the Correction, etc., it will notify the requesting person of such determination with the reason thereof.

If the Company cannot identify the requesting person as the concerned person of the retained personal data.
In the case of a request through an agent, if the Company cannot verify the authority of such agent.
If there is any deficiency in the application form or if the request does not follow the method as described under item 10. below.
If the information for which the Correction has been requested does not fall under the retained personal data.
If the reason for requesting the Correction is other than the reason that the contents of the retained personal data is the error.
If, from the viewpoint of the purpose of obtaining information, the Correction is not necessary, or if the indication that such information is the error is incorrect.
Otherwise, if the Company is not obliged to make the Correction pursuant to the Act on the Protection of Personal Information.

Suspension of Use or Deletion

If a request is made for the suspension of use, in whole or in part, or deletion, in whole, of information relating to the retained personal data (hereinafter referred to as the “Suspension of Use”), the Company will, after identifying the requesting person the same as the concerned person, implement the Suspension of Use within a reasonable period and to a reasonable extent.
Provided, however, that in any of the cases described below, the Suspension of Use will not be implemented. If the Company has determined not to implement the Suspension of Use, it will notify the requesting person of such determination with the reason thereof.

If the Company cannot identify the requesting person as the concerned person of the retained personal data.
In the case of a request through an agent, if the Company cannot verify the authority of such agent.
If there is any deficiency in the application form or if the request does not follow the method as described under item 10. below.
If the information for which the Suspension of Use has been requested does not fall under the retained personal data.
If the reason for requesting the Suspension of Use is other than the following purposes: (1) such information is used for a purpose other than those for obtaining information, (2) such information has not been obtained properly, or (3) provision of such information violates the restriction on provision to third parties.
If a fact which falls under the reasons requesting the Suspension of Use is not found.
If the Company is obligated to retain such information pursuant to the relevant laws and regulations.
Otherwise, if the Company is not obligated to implement the Suspension of Use pursuant to the Act on the Protection of Personal Information.

Contact Method and Contact Point of the Company on Disclosure, Etc. of Personal Information

For inquiries relating to personal information, please contact “Inquiry Contact” below. For requests of “Disclosure of the Retained Personal Data” described under item 7., “Partial Correction or Deletion of Contents” under item 8., and “Suspension of Use or Deletion” under item 9., the Company will, after such request has been accepted by the Inquiry Contact, send the requesting person the “Application Form for Disclosure, Correction, Deletion, Etc. of Personal Information” and a guidebook for details about requesting method.

[Inquiry Contact]
Address:

Ricksoft Co., Ltd., Information Security Office, person in charge of personal information management

Otemachi Nomura Bldg. 8F, 2-1-1 Otemachi, Chiyoda-ku, Tokyo 100-0004, JAPAN
TEL: +81-3-6262-3947
E-mail: isms@ricksoft.jp

[Required documents] Documents, etc. to be submitted for requests as described under items 7., 8., and 9.

Copy of public document with a face photo such as driver’s license or passport (in the absence of them, a copy of your health insurance card is permitted): one (1)
Copy of certificate of residence: 1
Application form prescribed by the Company with all necessary matters completed: 1
An envelope to be used to send documents in implementing identity verification and stamps for registered mail (500 yen worth)
An envelope to be used to send documents in reply and stamps for registered mail (500 yen worth)

[Fees]
No fees will be charged. However, please provide the envelopes necessary for replying and identity verification as well as the stamps for registered mail.

[Reply]
The Company’s reply will be made in writing. All or part of information may not be disclosed depending on the contents of the application. If the Company has determined not to disclose information, it will reply with the reason thereof.

[Purpose of use of personal information obtained in such request]
Personal information obtained in requests described under items 7., 8., and 9. and other inquires relating to personal information will be used to the extent necessary to deal with such requests and inquiries.

CONTACT FOR HANDLING OF PERSONAL INFORMATION

Ricksoft Co., Ltd., Information Security Office

E-mail: isms@ricksoft.jp