DoEPION

Personal Information Protection Policy

Doepion Co., Ltd. (hereinafter referred to as the “Company”) is engaged in the businesses of management consulting, system development and sales, business process re-engineering (BPR), and business education and training. The Company is aware of our important responsibility to protect the personal information of its customers, employees, parties related to its business partners, and any other persons concerned. Therefore, the Company, in full recognition of its social mission, shall comply with laws and regulations concerning personal information and protection of the rights of information subjects based on the philosophy of personal information protection and the Code of Conduct established by the Company.

Furthermore, the Company hereby declares that it will establish a personal information protection management system to implement the following policies and that it will make company-wide efforts to continuously improve the management system while always taking into account the latest trends in information technology, changes in societal demands, and fluctuations in the business environment.

1. The Company will acquire, use, and provide personal information in an appropriate manner, and will not handle it beyond the scope necessary for the achievement of the specified purposes of use. Also, the Company will take measures to implement the above-mentioned policy.
2. The Company will comply with laws, regulations, national guidelines, and other norms concerning the handling of personal information.
3. In order to take reasonable security measures to prevent the leakage, loss, or damage of personal information, the Company will devote management resources in line with the actual business conditions and will continuously improve the security system for personal information. In the event that any of the above-mentioned situations should occur, the Company will promptly take corrective measures.
4. The Company will respond promptly and sincerely to any complaints or consultations regarding the handling of personal information.
5. The Company will review its personal information protection management system in a timely and appropriate manner and will continuously improve the management system in light of changes in and the realities of the environment surrounding the Company.

Date of Establishment: October 21, 2020
Tadaharu Sasaki
President & Representative Director, Doepion Co., Ltd.

Public Announcement of Purposes of Use of Personal Information

Doepion Co., Ltd. (hereinafter referred to as the “Company”) announces, in accordance with Article 18, Paragraph 1 of the Act on the Protection of Personal Information (the Personal Information Protection Act), that it will use personal information within the scope of the following purposes of use.

Purposes of use of personal information

（１）Purposes of use of personal information acquired directly from the information subject in writing (including via website or email; hereinafter referred to as “writing”)

• With regard to customers’ personal information: to send products, to render relevant after-sale services, and to provide information about new products or services (including by email if the information subject has given consent) in the course of the Company’s management consulting business, system development and sales business, business process re-engineering (BPR) business, and business education and training business.
• With regard to the personal information of those who contact the Company to make inquiries regarding its business: to respond to their inquiries.
• With regard to the personal information of those who contact the Company to make inquiries regarding its business: to respond to their inquiries.
• With regard to the personal information of applicants who directly apply to the Company: for recruitment.

（２）Purposes of use of personal information obtained by any other method

• With regard to the personal information received from the Company’s business clients: to carry out management consulting business, system development and sales business, business process re-engineering (BPR) business, and business education and training business.
• With regard to the personal information of applicants obtained through Hello Work or private employment agencies: for recruitment.
• With regard to recorded phone call data: to use for analysis and diagnosis of call quality based on outsourcing contracts.

Public Announcement of Matters Concerning Retained Personal Data

Doepion Co., Ltd. (hereinafter referred to as the “Company”) announces certain matters concerning the handling of Retained Personal Data (personal data over which the Company is authorized to notify the purpose of use; disclose; correct, add, or delete the content; discontinue use; erase; disclose records of provision to third parties; and discontinue provision to third parties) as follows.

１．Name, title, and contact information of the manager in charge of personal information

Company Name: Doepion Co., Ltd.（Representative: Tadaharu Sasaki）
Name of the manager: Daisuke Kimura, Personal Information Protection Manager
Title: Director of the BPR Business Promotion Department. Address: TK Sarugakucho Building 3F, 2-7-6 Kanda-Sarugakucho, Chiyoda-ku, Tokyo 101-0064 Japan TEL: 03-5577-3855

2．Purposes of Use of Retained Personal Data

• Personal information of those who make inquiries about the Company’s businesses: to respond to their inquiries.
• Personal information of applicants who apply to the Company: to use for recruitment or to suggest job offerings of the Company’s group companies.
• Personal information of customers: to send products, to render relevant after-sale services, and to provide information about new products or services in the course of the management consulting business, system development and sales business, business process re-engineering (BPR) business, and business education and training business, and to provide information about the group companies’ products and services.
• Personal information of the Company’s employees: for personnel and labor management, business management, health management, security management, etc.

３．Inquiries concerning Retained Personal Data

Please contact the following point of contact for any inquiries about the Company’s Retained Personal Data.

４．Certified Personal Information Protection Organization

The Company is not a member of any Certified Personal Information Protection Organization.

５．Security control measures in place for Retained Personal Data

The Company is taking the following organizational, personal, physical, and technical security control measures. In addition, in order to ensure the proper implementation of these security control measures, the Company has obtained a certification (Privacy Mark) by a third-party organization and is continuously improving its personal information protection system.

• Establishment of basic policy and rules for the handling of personal data
  The Company has established the Personal Information Protection Policy, and based on the policy, the Company has established various data handling rules for each phase (e.g., acquisition, use, storage, provision, and disposal of personal data).
• Organizational security control measures
  The Company has specifically defined the roles of various persons-in-charge and audit personnel. In addition, the Company has established a reporting and communicating system.
• Personal security control measures
  The Company regularly provides training for employees on the handling of personal information. All employees are required to enter into a Confidentiality Agreement with the Company.
• Physical security control measures
  Physical measures such as locking and access control are taken for offices and equipment used to handle personal data.
• Technical security control measures For information systems that handle personal data, the Company implements security control measures such as authorization settings and installation of security and asset management software.
• Understanding the external environment
  As a general rule, the Company will not use any foreign server for the use and/or storage of personal data. If and when it does, however, the Company will understand the personal information protection system of the relevant country and will take any necessary security control measures.

Procedures for Request of Disclosure, etc. of Retained Personal Data

Regarding your Retained Personal Data, you may make a request for: notification of purpose of use; disclosure; correction, addition or deletion of contents; discontinuation of use; erasure; records of provision to third parties; discontinuation of provision to third parties (hereinafter collectively referred to as “Disclosure, etc.”). The Company responds to such requests according to the following procedures.

１．How to make a request for Disclosure, etc.

（１）Contact the Company using the contact information below. The Company will send you a “prescribed request form” by mail. Upon receiving the form, please give your consent to the Company’s “Handling of Personal Information” and then mail or bring the completed form to the following address. （２）To verify your identity, please mail or bring any one of the following documents along with the request form.

A copy of an official identity document (e.g., driver’s license, passport) that contains the name and address of the person making the request for Disclosure, etc.

A copy of your certificate of residence (made within 30 days prior to the date of the request).

（３）If a representative makes a request on your behalf, the representative is required to mail or bring, in addition to the above-mentioned request form and an identity document of the principal, any one of the documents listed under (a) and the document described in (b).

• (a) Identity document of the representative
  • A copy of an official identity document (e.g., driver’s license, passport) that contains the name and address of the representative.
  • A copy of the certificate of residence of the representative (made within 30 days prior to the date of the request).
  • If the representative is an attorney, a document that shows his/her registration number.
• (b) Proof of authority to represent (e.g., power of attorney)
  • * If your identity document or the representative’s identity document contains your/his/her registered domicile, it may be redacted.
  • * The Company ensures that your identification and your representative’s identification will be disposed of within 2 months after receipt by the Company.

２．Fees for request for Disclosure, etc.; Method of payment

The following charges (including the postage for our response) will be charged only in the case of a request for notification of purpose of use or disclosure. Please enclose a fixed-amount postal money order (yubin teigaku kogawase) in the following amount with the request form.

• Fees: JPY 800 (tax included)

３．Notification of results of consideration

The results of the Company’s internal consideration will be notified without delay in the following manners.

• With regard to a request for notification of purpose of use, disclosure, or records of provision to third parties of the personal information: by mailing or personally delivering a written document.
• With regard to a request for correction, addition or deletion of contents, discontinuation of use, erasure, and discontinuation of provision to third parties: by telephone or email.

The results of the Company’s internal consideration will be notified in one of the following manners as deemed appropriate by the Company.

• By mailing a written response to your registered address.
• By sending a written response to your registered facsimile number.
• By sending a written response by email to your registered email address.
• By making a call to your registered telephone number and communicating the results orally.