Privacy Policy

1. Business operator’s name

Shikoku Kakoh Co., Ltd. (Moriroku Group)

2. Compliance with related laws and regulations, guidelines, et cetera

Concerning the handling of Personal Data, pseudonymized Personal Data, and anonymized Personal Data (hereinafter referred to as Personal Data, etc.), we shall comply with the Act on the Protection of Personal Information (Personal Information Protection Act), other laws and regulations concerning the protection of Personal Data and privacy, and related governmental and ministerial ordinances, guidelines, et cetera.

3. Acquisition

We shall acquire Personal Data lawfully and fairly to the extent necessary for our business.

4. Purpose of use

We shall use the acquired Personal Data for the following purposes (hereinafter referred to as the Purpose of Use) for concluding and performing contracts, complying with legal obligations, and for legitimate interests or with the consent of the Individual.

1. To manage the operations of the following group companies:
   • Moriroku Holdings Company, Ltd.
   • Moriroku Chemicals Company, Ltd.
   • Moriroku Technology Company, Ltd.
   • Moriroku Agri Co., Ltd.
   • Goko Kasei Industrial Co., Ltd.
   • Yukou Co., Ltd.
   • Kumamoto Moriroku Kasei Co., Ltd.
   • I.M. Material Corporation
2. To communicate with shareholders, providing various information, and managing shareholders
3. To exercise our rights or perform our obligations under the Companies Act and other laws and regulations
4. To handle inquiries, requests, et cetera
5. For personnel in charge of operations to communicate smoothly
6. To carry out various procedures related to personnel and labor management
7. To carry out other business incidental to the above items 1 through 6, or to implement various measures to facilitate smooth relations between us and our customers, shareholders, employees, et cetera

We shall use the acquired Personal Data for the following purposes (hereinafter referred to as the Purpose of Use) for concluding and performing contracts, complying with legal obligations, and for legitimate interests or with the consent of the Individual.

5. Security control measures

We are taking the following measures to prevent leakage, loss, or damage of Personal Data and to manage Personal Data appropriately.

Basic policy development

• This Protection Policy has been established to ensure the proper handling of Personal Data and to provide a contact point for questions and processing complaints.

Establishment of rules regarding the handling of Personal Data

• Rules for handling Personal Data are established for each stage of acquisition, use, retention, provision, deletion/disposal, et cetera, including handling methods, responsible persons/persons in charge, and their duties.

Systematic security control measures

• Personal Data Control Managers are to periodically conducts self-inspections of the handling status of Personal Data while the Internal Auditing Department conducts audits.
• Establish a Personal Data Management Supervisor with overall responsibility for the handling of Personal Data and Personal Data Control Managers responsible for the handling of Personal Data
• Define the employees who handle Personal Data and the scope of Personal Data handled by such employees establish a reporting and communication system for the Personal Data Management Supervisor in the event that they detect a fact or signs of non-compliance with the law or company regulations
• Concerning the handling status of Personal Data, self-inspections are to be periodically conducted by the Personal Data Control Managers, and audits are to be carried out by the Internal Audit Department.

Human security control measures

• Implement periodic training for employees on points to remember regarding the handling of Personal Data
• Include confidentiality matters relating to Personal Data in work regulations

Physical security control measures

• In areas where Personal Data is handled, control employee access to the room, limit the equipment they bring in, and implement measures to prevent unauthorized persons from viewing Personal Data
• Take measures to prevent theft or loss of equipment, electronic media, and documents containing or for handling Personal Data
• Implement measures to ensure that Personal Data is not easily revealed when equipment, electronic media, and other items containing or for handling Personal Data are transported, including when moving within the business site

Technical security control measures

• Control access to limit the scope of persons in charge and Personal Data handled
• Introduce mechanisms to protect information systems handling Personal Data from unauthorized external access or unauthorized software

Understanding the external environment

• When storing Personal Data in a foreign country, implement security control measures, having understood the system for protecting Personal Data in the relevant country. In addition, implement periodic checks of the system related to protecting Personal Data in the relevant country.

6. Provision to third parties

In principle, we shall not provide Personal Data to third parties except with the consent of the Individual or under laws and regulations. However, Personal Data may be provided to a party other than our company without the consent of the Individual if the handling of Personal Data is entrusted within the scope necessary to achieve the Purpose of Use, in the case of a merger, et cetera, and in the event of joint use with a specific party as separately determined.

7. Joint use

The Moriroku Group shares Personal Data held by our Group companies and business partners.
For details, please refer to “On the Joint Use of Personal Data by the Moriroku Group and Business Partner Companies.”

8. Special Care-Required Personal Data

We shall not acquire special care-required Personal Data (Personal Data that includes race, creed, social status, medical history, criminal record, the fact of having suffered damage by a crime, or other identifiers or their equivalent prescribed by Cabinet Order as those requiring special care so as not to cause unjust discrimination, prejudice, or other disadvantages to the Individual), except with the prior consent of the Individual or based on laws and regulations, et cetera.

9. Pseudonymized Personal Data

When we create pseudonymized Personal Data, we perform the following.

• Perform appropriate processing under the standards stipulated in laws and regulations
• Take security control measures to prevent the leakage of deleted data and information on the processing method under the standards stipulated in laws and regulations
• Specify and disclose the Purpose of Use of the created pseudonymized Personal Data
• Do not perform any act to identify an Individual whose Personal Data was used to create the data

When sharing pseudonymized data, the Company shall do so as described in the section “On the Joint Use of Personal Data by the Moriroku Group and Business Partner Companies.”

10. Anonymized Personal Data

When we create anonymized Personal Data, we perform the following.

• Perform appropriate processing under the standards stipulated in laws and regulations
• Take security control measures to prevent the leakage of deleted data and information on the processing method under the standards stipulated in laws and regulations
• Disclose items of information contained in the created anonymized Personal Data
• Do not perform any act to identify an Individual whose Personal Data was used to create the data

When providing anonymized Personal Data to a third party, we shall disclose the items of information regarding individuals contained in the anonymized Personal Data to be provided and the method of provision. We shall also clearly indicate to the third party that the information is anonymized data.

11. Handling of outsourcing

We may outsource the handling of Personal Data to a third party. In such a case, we shall ensure necessary and appropriate supervision of the outsourcing company under laws and regulations.

12. Disclosure, correction, deletion, et cetera of retained Personal Data

We shall endeavor to respond appropriately and promptly under laws and regulations in the event that an Individual or the Individual’s agent requests disclosure, correction, or deletion of retained Personal Data or rejects the use or provision of Personal Data. Please contact the “Contact for inquiries and complaints” below for specific requests or inquiries.

13. Continuous improvement

We shall strive to review and improve our Personal Data handling continuously.

14. Contact for inquiries and complaints

Please contact the following email address for inquiries or complaints regarding our handling of Personal Data and the creation and handling of anonymized Personal Data. In addition, an appeal may be made to the Personal Information Protection Commission or other supervisory authority regarding the handling of Personal Data.

1. Business operator’s name

Shikoku Kakoh Co., Ltd.

2. Compliance with related laws and regulations, guidelines, et cetera.

We shall comply with laws and regulations regarding personal numbers and Specific Personal Data, the Personal Information Protection Commission guidelines, and other norms (hereinafter referred to as Related Laws and Regulations, etc.)

3. Purpose of use

We shall use the Specific Personal Data, etc., provided to us for the following purposes.

1. Specific Personal Data, etc. of business partners
   1. Preparation duties for payment records related to real estate transactions
   2. Preparation duties for payment records related to remuneration, fees, contract payments, and monetary awards
2. Specific Personal Data, etc. of shareholders
   1. Preparation duties for payment records related to dividends and distributions of surplus
3. Specific Personal Data, etc. of our employees, etc.
   1. Tax-related duties, et cetera
      1. Preparation duties for withholding records
      2. Submission duties for declarations, notifications, and application forms related to property accumulation savings for house construction and property accumulation pension savings
      3. Submission of information to an employee stock ownership plan for preparation duties for payment records conducted by that plan for a person who is a member of the plan
   2. Social insurance-related duties
      1. Clerical duties for health insurance and welfare pension insurance notifications, applications, and claims
      2. Notification, application, claim, and certificate preparation duties for employment insurance and workers’ compensation insurance
4. Specific Personal Data, etc. of spouses and relatives of our employees, et cetera.
   1. Tax-related duties
      1. Preparation duties for withholding records
   2. Social insurance-related duties
      1. Clerical duties for health insurance and employee’s pension insurance notifications

4. Matters related to security control measures

We shall establish and comply with internal rules on organizational, human, physical, and technical security control measures to ensure the proper handling of Specific Personal Data, etc.

5. Handling of outsourcing

We may outsource the handling of Specific Personal Data, etc., to a third party. In such a case, we shall ensure necessary and appropriate supervision of the outsourcing company under Related Laws and Regulations, etc.

6. Continuous improvement

We shall strive to review and improve our handling of Specific Personal Data, etc., continuously.

7. Disclosure of Specific Personal Data, etc.

When we receive a request for disclosure of retained Personal Data pertaining to Specific Personal Data, etc., from an Individual or the Individual’s agent, we shall respond without delay, with the exception of the following cases.

1. If there is a risk of harm to the life, body, property, or other rights or interests of the Individual or a third party
2. If there is a risk that the proper conduct of our business will be significantly hindered
3. If it would be in violation of laws and regulations

8. Contact for inquiries

We have established a point of contact to handle inquiries regarding Specific Personal Data, etc.