Graffer, Inc., (hereinafter referred to as “Company”) will handle a large amount of personal information of its customers and employees in its business operation. The Company believes that it is the most important responsibility of the Company to protect personal information and having all employees recognize the importance thereof, thus, it stipulated the following policy to establish the personal information management system and realize responsible responses as a business entity. The Company will also properly handle the information concerning legal entities or other organizations using our services in the same manner as the personal information.
1.Compliance with Laws and Regulations
The Company will comply with the Act on the Protection of Personal Information, guidelines of ministries and agencies, and other laws and ordinances to protect personal information.
2.Handling of Personal Information
The Company will establish the management system for the protection of personal information adequate to the business situation and handle personal information appropriately and carefully in compliance with the Company rules and regulations.
1. Acquisition of Personal Information
The Company will, upon clearly stating the purposes of use, acquire the personal information of individual persons using the service provided by the Company (hereinafter referred to as “User”) within the scope necessary for such purpose of use.
2. Use and Provision of Personal Information
The company will not use the collected personal information for any purpose other than the prescribed purpose of use or provide the same to any third party, except when the prior consent of the User has been obtained, a request for disclosure under the laws or ordinances has been made, there is any illegal acts such as threats and unauthorized access, or there is any other special reasons. Provided, however, the Company may publish statistical data that is processed so that no individual person is identifiable.
3.Measures for Safe Management
The Company will, at its responsibility, implement reasonable security measures for appropriate management of the collected personal information to prevent any leakage, loss, or damage.
4.Supervision of Outsourcing Contractors
The Company may outsource the whole or any part of the handling of the collected personal information within the scope necessary for the accomplishment of the prescribed purpose of use. In such case, the Company shall select the person who will rightfully handle the personal information and shall implement the appropriate and necessary measures for appropriate protection of the personal information.
Representative Director and CEO,