Ryoyo Ryosan Holdings, Inc. (hereinafter, the “Company”) and companies directly or indirectly controlled by the Company (collectively hereinafter, the “Group”) recognize the importance of protecting privacy. In all the countries and regions where the Group does business, the Group observes the applicable laws, regulations and other norms and guidelines, etc., pertaining to the handling of personal information acquired in the course of its business operations that belongs to customers, business partners, shareholders, employees (including directors, officers, regular employees, dispatched employees, part-time employees, temporary employees), and employment applicants, prospective employees etc., (hereinafter, collectively referred to as “you” or “your”). The Group strives to practice continual review and improvement in the areas of providing education to employees, developing the technical safety measures and corporate structures, and properly managing personal information in accordance with the Ryoyo Group Code of Conduct.

Note that Ryoyo Electro Corporation and Ryosan Company, Limited are included in the Group. For other companies included in the Group, please visit the Group’s website.

1. Acquisition of Personal Information

The Group will acquire your personal information to the extent appropriate and through lawful and fair means, upon notifying you of the purpose of use, etc. in advance.

2. Items of Personal Information to be Acquired

The items of the personal information acquired from you shall be as follows:

• (i)  The personal information of customers and business partners
  Name, name of your employer (e.g. company name), affiliated department, job title, physical address, telephone number, fax number, e-mail address, responses to questionnaire prepared by the Group, etc.
• (ii) The personal information of shareholders
  Name, physical address, types and numbers of shares held by such shareholders, etc.
• (iii)   The personal information of employees
  Name, name of your employer (e.g. company name), affiliated department, job title, sex, physical address, date of birth, face photo, telephone number, e-mail address, etc.
• (iv)   The personal information of employment applicants and prospective employees
  Name, physical address, sex, date of birth, academic history, work experience, telephone number, e-mail address, etc.

3. Purpose of Use of Personal Information Acquired

The Group will use the personal information acquired within the scope of the following purposes or purposes separately notified to you at the timing of acquisition.

(i)　Purpose of use of the personal information of customers and business partners

• • Providing products and services, providing after services such as maintenance, or other purposes for performing contract with customers or business partners.
  • Sending information regarding products or services, or conducting other marketing activities.
  • Planning, developing, designing and improving products and services, etc.
  • Processing payments for products or services.
  • Responding to inquiries and complaints, and providing consultation services about products and services.
  • Providing information about or operating exhibitions, seminars, training, prize competitions, contests and other events hosted, co-hosted, supported or sponsored by the Group.
  • Providing information about products or services of the business alliance partners of the Group, or providing information about exhibitions, seminars, training, prize competitions, contests and other events hosted, co-hosted, supported or sponsored by such business alliance partners.
  • Responding to inquiries and requests by the customers and providing consultation services, etc., to customers.
  • Performing questionnaires for improvement of services and operating websites.

(ii)　Purpose of use of the personal information of shareholders

• • Undertaking administrative procedures for the exercise of rights and performance of obligations of shareholders under the Companies Act, etc.
  • Managing information regarding shareholders (e.g., updating shareholders registry)
  • Providing shareholder special benefit services and delivering IR information.

(iii)　Purpose of use of the personal information of employees

• • Employment management such as business contact, attendance management, social insurance related procedures, personnel evaluation, determination of assignment, promotion, secondment, administrative leave, and return to work.
  • Payment of salaries, etc.
  • Settlement of expenses for travel, business trips, etc.
  • Provision of health and welfare benefits.
  • Health management, security management, or other industrial or occupational safety and health matter.
  • Ensuring security and safety related to crime prevention and management of office access.
  • Ensuring security and safety related to disaster prevention and confirmation of personal safety.
  • Supporting sustainability-related efforts such as sporting events and conducting social contribution activities.
  • Enabling mutual access to personal information of employees within appropriate scope in order to promote mutual communication of employees or to implement personnel exchange, or implementing other measures necessary to streamline the Group’s business.
  • Undertaking administrative procedures for former employees and communication as necessary related to social gatherings, etc.

(iv)　Purpose of use of personal information of employment applicants and prospective employees

• • Performing activities for recruitment and selection
  • Sending information on or planning or managing recruitment-related events the Company holds or attends.
  • Sending information on or planning or managing recruitment-related events the Company holds or attends.

Notwithstanding, the Group may use your personal information beyond the scope of the purposes of use indicated in the foregoing items in the event that:

• • Such use is required under the relevant laws and regulations;
  • Such use is necessary for the protection of the life, body or property of an individual and it is difficult to obtain consent from you;
  • Such use is specifically necessary for improving public health or promoting the sound growth of children and it is difficult to obtain consent from you;
  • Such use is necessary for cooperating with a government agency or a local government or an entity entrusted by such agency or government in executing the affairs prescribed by laws and regulations and obtaining consent from you is likely to interfere with the execution of the affairs.
  • Such use is allowed under the relevant laws and regulations (other than the events above).

4. Disclosure and Provision of Personal Information to Third Parties

The Group will not disclose or provide your personal information to any third party, except in the event that any of the conditions listed below applies. Note that provision of personal information in the course of joint use or outsourcing is not deemed to constitute disclosure or provision to third parties.

• (i)  You have given consent yourself.
• (ii) Disclosure or provision is based on the relevant laws or regulations.
• (iii)   Disclosure or provision is necessary to protect human life, health, or property, and it is difficult to obtain your consent.
• (iv)   Such disclosure is specifically necessary for improving public health or promoting the sound growth and development of children and it is difficult to obtain consent from you.
• (v) Disclosure or provision is necessary to cooperate with the official affairs of national or local governments, or business operators entrusted by such official affairs to perform works stipulated under the relevant laws or regulations, and it is difficult to obtain your consent.
• (vi)   Information is disclosed or provided as statistical data (in a form that is not personally identifiable by eliminating reference to specific individual).
• (vii)  Information is disclosed or provided in conjunction with the succession of business due to a merger, company split, transfer of business, or other reason.
• (viii) Such disclosure or provision is allowed under the relevant laws and regulations (other than the events above).

5. Outsourcing of operations to outside business operators

In order to accomplish the purposes of use as notified to you, the Group may outsource some related operations to outside business operators and may provide your personal information to them to the extent necessary to perform the outsourced operations. In such cases, the Group will conduct appropriate management of its outside business operators, including establishing agreements with these business operators concerning their handling of your personal information.

6. Joint Use

The Group may jointly use personal information of its customers, business partners, or the Group’s employees within the Group to the extent necessary in conjunction with the uses outlined below.

(i)　Scope of joint users
・Group companies in and outside Japan:
　Group Companies | About Us | RYOYO RYOSAN HOLDINGS

(ii)　Purpose of use by joint users and items of personal information jointly used

	Purpose of use by joint users	Items of personal information jointly used
The personal information of customers and business partners	Purposes listed above in the item (i) in “3. Purpose of Use of Personal Information Acquired”	Name, name of your employer (e.g. company name), affiliated department, job title, physical address, telephone number, fax number, e-mail address or other contact information, responses to questionnaire prepared by the Group
The personal information of employees (including former employees)	Purposes listed above in the item (iii) in “3. Purpose of Use of Personal Information Acquired”	Name, employee ID number, affiliated department, job title, business telephone number, business e-mail address, emergency contact, working status, salary information, personnel evaluation, academic history, work experience or other information collected in relation to the position as an employee

(iii)　Name, address, and representative of the party responsible for management and operation of your personal

information for joint use within the Group
Moritaka Nakamura, Representative Director, President and Chief Executive Officer, Ryoyo Ryosan Holdings,
Inc., 2-3-5, Higashi Kanda, Chiyoda-ku, Tokyo 101-0031

7. Cross-Border Transfer of Information to Third Parties Outside of Japan

When the Group jointly uses your personal information in accordance with “6. Joint Use” above, the personal information may be transferred to a group company which is located in a foreign country.
Also, when the Group is permitted to outsource the handling of personal information to outside business operators in accordance with “5. Outsourcing of operations to outside business operators” above, the Group may transfer personal information to outside business operators located in foreign countries.
In the event that the Group transfers your personal information to third parties outside of Japan, including to joint users within the Group or outsourced business operators located outside of Japan, the personal information will be provided after obtaining your consent, except in the event that either of the conditions listed below applies:

(i)　The third party to which the transfer is being made is located in a country prescribed by laws and regulations as a country with a personal information protection system equivalent to that of Japan; or

(ii)　The third party to which the transfer is being made maintains a system which conforms to the standard prescribed in the relevant laws and regulations as the standard which is necessary to continuously take measures equivalent to the measures business operators handling personal information in Japan would be expected to take.

Note that in the case of (ii) above, each group company will take necessary and appropriate measures to ensure that the third party takes the corresponding measures on an ongoing basis. If you wish to confirm the details of these measures, please make a request in accordance with “12. Requests Concerning Handling of Personal Information.”

8. Collection of Information from Your Device

On the Group’s webpages, the Group or third parties authorized by the Group may use technologies such as cookies and web beacons to collect browsing history and other information from your device (such as a PC, smartphone, or tablet).

(i)    About Cookies and Web Beacons

A “cookie” is a means of exchanging information between the browser of a website visitor and a web server. The use of cookies allows the website to identify your browser. Web beacons are small image files embedded in a website. The use of web beacons enables the website to recognize information, such as whether and how often you have visited the website. Cookies neither identify you individually nor cause any damage to your computer.

If you do not want information collected using cookies, you can configure your internet browser settings to disable the cookies function. Please note that disabling cookies may prevent you from using some functions such as contact/inquiry forms. Please contact the software provider for instructions on how to configure your browser settings.

(ii)   Information Collection by the Group

The Group may collect browsing history and other information when you visit websites operated by the Group. The Group (including companies entrusted by the Group for research, analysis, etc.) uses the collected information to make the website more comfortable for users, and to provide better services to users by analyzing overall access trends and patterns. The information collected will be managed appropriately in the same manner as your personnel information.

(iii)  Information Collection by Third Parties

On websites operated by the Group, third parties authorized by the Group may collect browsing history and other information from your device. Details of information transmission from your device to third parties for each website are listed in the “List of collection tools of information per website” below. Please note that information may also be transmitted with third parties from websites not listed below.

・List of collection tools of information per website >

9. Management of Personal Information, etc.

In collecting your personal information, the Group will implement necessary and appropriate safety management and security measures in line with current technological standards in order to prevent unauthorized access to personal information or loss, falsification, leakage, damage, etc.

(i)    Formulation of the Group’s basic policy

In order to ensure the proper handling of personal information across the Group’s entire organization, the Group has included information security as a fundamental principle in the Ryoyo Group Code of Conduct, explicitly to defend against cyber security attacks, protect personal information, and prevent the leakage of confidential information.

(ii)   Carrying Out of an Appropriate Safety management measures

The Group carries out periodic education and training for employees, employee entry/exit management, information terminal management, communication encryption, access control, periodic vulnerability management of information systems, etc.

10. Period of Retention of Your Personal Information

The Group will retain personal information acquired from you for a period necessary for fulfilling the purpose of use or a period required by law, and will erase such personal information promptly when such period has passed.

11. Handling in Cases where Provision of Your Personal Information Is Not Desired

If you do not desire to provide your personal information, you may refuse to provide your personal information at your own discretion. In this case, please be aware that some services of the Group may not be available to you.

12. Requests Concerning Disclosure, etc. of Your Personal Information

With respect to personal information of you contained in the database held by the Group, you may make the following requests by means prescribed by each group company. When the Group receives a request, the Group responds to the request in accordance with the rules under Japan’s Act on the Protection of Personal Information, and within a reasonable timeframe and scope, after confirming whether the request was submitted by the data subject themself or (in case such request is made by a representative) an authorized representative. However, this may not apply in cases where the Group has no obligation to respond to such requests.
If you want to make these requests, please contact us as prescribed in “13. Contact for Disclosure Requests and Other Inquiries”.

(i)    Requests for disclosure of personal information or notification of purpose of use

Items of personal information, purposes of use, or records on the provision of personal information to third parties will be disclosed as requested by you. While no fees will be charged when requests for disclosure are made with the acceptance of response by email, please be aware that if printed documentation is desired, a fee (¥500 in postage) will be requested.

(ii)   Requests for correction, addition, or deletion

Correction, addition, or deletion of personal information will be performed to the extent appropriate and feasible after due review of the request.

(iii)  Requests for discontinuance of use or erasure, or suspension of transfer to third party

Items of personal information specified by you will cease to be used, will be deleted or will cease to be transferred to a third party to the extent appropriate and feasible in accordance with the submitted request. However, please be aware that such requests may prevent you from being provided with services that they had heretofore been able to use.

(iv)  Requests for provision of information concerning personal information protection measures

Information regarding the following items will be provided in accordance with your requests:

• • Details of the safety management measures taken by the Group in collecting your personal information; and
  • Details of measures taken by the Group for ensuring continuous implementation of equivalent measures by third parties outside of Japan when providing your personal information to such third parties.

The Group may be unable to fulfill your requests if compliance with such requests would seriously impact the Group’s business operations, violate relevant laws and regulations, or disrupt the safety management of personal information.

13. Contact for Disclosure Requests and Other Inquiries

For inquiries regarding the method of requests for the Group’s disclosure etc., information of safety management and security measures implemented by the Group, information of measures taken by the Group for ensuring continuous implementation of equivalent measures by third parties outside of Japan when providing your personal information to such third parties, or other inquiries by the data subjects regarding the handling of personal information by the Group, please contact us here.

14. Application of Privacy Policies of other companies in the Group

If a group company establishes a privacy policy or other policy regarding handling of personal information separately from this policy, such policies shall simultaneously apply to the handling of personal information of such company.

15. Revisions

In the event that revising this policy would be in the best interests of you or could reasonably be considered necessary or appropriate, the Group may make revisions at its own discretion. If certain procedures are required by Japan’s Act on the Protection of Personal Information or other laws and regulations in making revisions, revisions will be made in accordance with relevant laws and regulations.
Note that in the event the Group makes revisions to this policy, details of the revisions and the timing of enactment will be announced by posting this policy on the Company’s website. Use of the Group’s services after revision of this policy will be deemed to indicate consent to the revised policy.