SOCOCARA TRADE

Disclosure of Personal Information

In accordance with the Act on the Protection of Personal Information and JIS Q 15001:2017, Hanamaru Co., Ltd. (the “Company,” or “we”) will disclose the following items. (Including items that should be in an accessible condition for the person.)

1. Personal Information Handling Business Operator

Hanamaru Co., Ltd.
1-14-16-40F, Nanko-kita, Suminoe-ku, Osaka-shi, Osaka, 559-0034 Japan
President: Kazuya Okazaki

2. Scope of Use

We will strive to acquire, use, and provide personal information in an appropriate manner, taking into consideration the nature and scale of our business. We will use personal information for the purposes specified in advance at the time of acquisition, will not use personal information for purposes outside those specified, and will take measures to prevent the use of personal information for purposes other than those specified.

3. Purpose of Use of Personal Information

We will strive to acquire, use, and provide personal information in an appropriate manner, taking into consideration the nature and scale of our business. We will use personal information for the purposes specified in advance at the time of acquisition, will not use personal information for purposes outside those specified, and will take measures to prevent the use of personal information for purposes other than those specified.

(1) Purpose of use of personal information

• (i)

  When acquiring personal information in writing directly from the person, the purpose of use will be clearly stated each time.

• (ii)

  Information that has been acquired, such as browsing history and purchase history, will be analyzed and used for advertisements for new products and services that meet the interests and preferences of customers.

• (iii)

  After analyzing the acquired behavioral history and other information and calculating a credit score, that score will be provided to a third party.

• (iv)

  When personal information is acquired directly, it will be handled within the limitations of (2) Restrictions on use.

(2) Restrictions on use

• (i)

  Customers we purchase from
  To communicate with customers regarding the execution of entrusted business activities, such as sales activities for purchasing stock, deposits and withdrawals, product transportation, product delivery, and research and registration of information

• (ii)

  Customers of sales auctions
  To communicate with customers regarding the execution of entrusted business activities, such as sales activities, deposits and withdrawals, product transportation, product delivery, and research and registration of information

• (iii)

  Customers who make personal transactions
  To communicate with customers regarding the execution of entrusted business activities, such as sales activities for personal transactions, deposits and withdrawals, product transportation, product delivery, and research and registration of information

• (iv)

  Representatives of corporate customers
  To communicate with customers regarding the execution of entrusted business activities, such as sales activities for sales promotions, deposits and withdrawals, product transportation, product delivery, and research and registration of information

• (v)

  Business partner information
  To communicate regarding outsourcing and management

(3) Information on applicants for employment, employees, and government-issued personal identification numbers

• (i)

  To manage employees in Personnel and General Affairs, and for related communications

• (ii)

  To select new hires and related communications

• (iii)

  To make notifications related to tax and social insurance, such as payment records, withholding tax certificates, health insurance, and employees’ pension

(4) Information of customers with concerns

To handle and respond to complaints and consultations

(5) Information of shareholders

To manage shareholders and make notifications and communication regarding exercise of rights

(6) Purpose of use of entrusted personal information

The purpose of our use of entrusted personal information is as follows.
Note: The following information is not subject to the disclosure of personal information.

We may outsource personal information to other businesses within the extent necessary to achieve the purpose of use. In such cases, we will select a contractor with a well-developed personal information protection system and conclude a contract regarding the protection of personal

4. Provision of Personal Information to Third Parties

We will properly manage the personal information we have obtained and will not provide it to any third party without obtaining the prior consent of the person.
However, the following cases are excluded.

Cases based on laws and regulations

• (1)

  Cases in which there is a need to protect the life, body, or property of an individual, and when it is difficult to obtain the prior consent of the person

• (2)

  Cases in which there is a special need to improve public health or promote the sound growth of children, and when it is difficult to obtain the prior consent of the person

• (3)

  Cases in which there is a need to cooperate with a state organ, a local government, or being entrusted by either of the former two to execute the affairs prescribed by laws and regulations and when obtaining the consent of the person is likely to impede the execution of the affairs concerned

5. Outsourcing of Personal Information

We may outsource a part of our operations related to personal information to other businesses as follows to the extent necessary to achieve our purposes. We will evaluate these businesses according to our standards, select reliable businesses, and conclude a contract regarding the handling of personal information.

• (1)

  When we operate servers and databases

• (2)

  When we issue direct mail or service announcements

• (3)

  When we do administrative work such as service announcements and campaigns

6. Security Measures

When handling personal information, we will appropriately implement organizational security measures, human security measures, physical security measures, technical security measures, and assess the external environment.

• (1)

  Organizational security measures
  We have established a management system, with a committee and a person responsible for management in each organization, and they develop internal rules, prepare statements such as control ledgers and process control charts, and work for further continuous improvement.

• (2)

  Human security measures
  All employees who handle personal information, whether they are directors, employees, or temporary employees, are be informed and educated about the importance of protecting customers’ personal information, and are required to sign confidentiality agreements and undergo necessary audits and supervision to ensure the effectiveness of such measures.
  In addition, when outsourcing the handling of personal information, we will ensure that the contractor (including subcontractors, etc.) properly manages and supervises the personal information. If improvement is necessary, we will promptly request improvement.
  If no improvement is seen, we take necessary measures, such as changing the contractor, dealing with the situation strictly.

• (3)

  We take various measures, such as controlling access to buildings and floors where personal information is handled, preventing theft, taking measures against the destruction of personal information due to fire, lightning, etc. and locking systems and documents when they are taken out, transported, or stored.

• (4)

  Technical security measures
  We take technical security measures, such as access management including authentication, authority management, controls, and records when accessing personal data; measures against malware and viruses on systems; measures during transfer, transmission, and reception by means of encryption and clarification of responsibilities; and monitoring of information systems.

• (5)

  Assessing the external environment
  When handling personal information in a foreign country, we take measures for the safe management of personal information after understanding the systems, etc. concerning the protection of personal information in that foreign country.

7. Handling of Pseudonymously Processed Information

• (1)

  We handle pseudonymously processed information (limited to personal information. The same applies for the rest of this article.). In these cases, we handle that information in accordance with the stipulations of laws and regulations and the following rules.

• (2)

  We handle pseudonymously processed information as follows

  • (i)

    Except as required by law, we use personal information that has been pseudonymously processed to the extent necessary to achieve the purpose of use. The specific purpose of use, etc. will be publicly announced on each of our services, etc.

  • (ii)

    Except as required by law, we do not provide personal information that is pseudonymously processed to any third party.

8. Anonymously Processed Information

• (1)

  There is the possibility that we will create anonymously processed information based on a person’s personal information and provide it to third parties. In such cases, the following items shall be announced on our website, etc.

  • (i)

    Items of information on individuals included in the anonymously processed information created by the Company

  • (ii)

    Items of information on individuals included in the anonymously processed information provided to third parties

  • (iii)

    The method of providing anonymously processed information to third parties

  • (iv)

    Details of security measures being taken

• (2)

  We take security measures when handling anonymously processed information, etc. Also, we supervise appropriately and as necessary with respect to businesses and contractors (including subcontractors) that handle anonymously processed information, etc.

9. Provision of Personal Information to a Third Party in a Foreign Country

When providing personal information to a party in a foreign country, we provide information that will serve as a reference to the person in accordance with the stipulations of laws and regulations, and according to the country it is to be transferred to and the method of transferal.

10. Personally Referable Information

We handle personally referable information (information relating to a living individual which does not fall under personal information, pseudonymously processed information or anonymously processed information; specifically, website browsing history and GPS position information, etc.) in the following ways.

• (1)

  When we provide personally referable information
  When it can be expected that a third party we provide personal information to will acquire personally referable information as personal data, except in accordance with each item of Article 27, Paragraph 1 of the Act on the Protection of Personal Information (if the third party is located in a foreign country, including when obtaining consent, the name of the foreign country, its system for the protection of personal information, the measures taken by the third party to protect personal information, and any other information that should be of reference to the person concerned must be provided to the person concerned), we will not provide personally referable information to that third party without first obtaining the consent of the person.

• (2)

  When we acquire personally referable information as personal data
  When acquiring personally referable information as personal data, we will first obtain the consent of the person. However, if the party trying to provide the personal data has already obtained the consent of the person, this may be substituted for obtaining the consent in advance.

11. Matters concerning Procedures, etc. for Responding to Requests for Disclosure and Others

We comply with requests for disclosure and others, correction, suspension of use, deletion, and suspension of provision to third parties, of personal information subject to requests for disclosure and others from the person or his/her representative.
Disclosure includes disclosure of personal information, notification of purpose of use, and disclosure of records of provision to third parties.

(1) Personal information subject to requests for disclosure and others

The personal information subject to disclosure and others corresponds to the information provided by the person excluding the information the Company has outsourced.

(2) Contact for requests for disclosure and others

For requests for disclosure and others, please ask for the prescribed application form from our Complaints/Consultation Desk, attach the required documents, and send the form by mail.
Please write “Request for Disclosure and Others” in red ink on the envelope.

Personal Information Inquiry Desk, Hanamaru Co., Ltd. 1-14-16-40F, Nanko-kita, Suminoe-ku, Osaka-shi, Osaka, 559-0034 Japan

(3) Documents (forms) to be submitted for Requests for Disclosure and Others

When making a request for disclosure and others, please fill in all the prescribed items on the application form (i) and send it by mail, enclosing documents for confirming identification (ii).

• (i)

  Application form specified by the Company
  　　 Personal Information Subject to Disclosure and Others Application Form for disclosure and others
  Personal Information Subject to Disclosure and Others Application Form for change or suspension of use

• (ii)

  Documents for confirming identification
  One copy of an official document that confirms the name and address of the applicant, such as a certificate of residence.

(4) Request for disclosure and others by the person’s representative

If the person making the request for disclosure and others is a representative authorized by the person, please enclose the following documents in addition to the documents listed in the preceding paragraph.

• (i)

  One power of attorney

• (ii)

  One copy of an official document that confirms the name and address of the representative, such as a certificate of residence

(5) Fees for requests for disclosure and others and method of collection

2,000 yen per application
Please enclose 2,000 yen worth of postage stamps with the application form.

Note 1: If the payment is insufficient, or if the fee is not enclosed, we will notify you to that effect. If payment is not received within two weeks of notification, we will assume that no request for disclosure and others has been made.

Note 2: For other requests, no fee is required.

(6) Method of response to requests for disclosure and others

We will respond in writing to the applicant at the address stated in the application form.

(7) Purpose of use of personal information acquired in connection with a request for disclosure and others

Personal information obtained in connection with a request for disclosure and others shall be handled only to the extent necessary for the request for disclosure and others.
The submitted documents will be retained for two years after the response to the request for disclosure and others is completed, after which they will be disposed of.
In the following cases, we will not disclose the personal information subject to disclosure and others. If a decision is made not to disclose and others, a notice to that effect and the reason will be given.
Please note that the prescribed fee will be charged even in the case of non-disclosure and others.

• (i)

  When the applicant cannot be identified, such as when the address on the application form and the address on the documents for identification do not match

• (ii)

  When the power of attorney cannot be confirmed for an application by a representative

• (iii)

  When the prescribed application documents are deficient

• (iv)

  When the subject of the request for disclosure and others does not fall under the category of personal information subject to disclosure and others

• (v)

  When there is a risk of harm to the life, body, property, or other rights or interests of the person or a third party

• (vi)

  When there is a risk of significant hindrance to the proper conduct of our business

• (vii)

  When it would violate other laws and regulations

(8) Methods of disclosure and others of Personal Information

With respect to disclosure and others of personal information and disclosure and others of records of provision to third parties, customers may select from the following methods of disclosure and others: provision of electromagnetic records, delivery of paper documents, and other methods determined by the Company.

12. Matters concerning the Complaints/Consultation Desk

Please contact the following for any complaints or inquiries regarding our handling of personal information.

• (1)

  Contact information for complaints and consultation regarding handling of personal information
  Personal Information Inquiry Desk, Hanamaru Co., Ltd.
  1-14-16-40F, Nanko-kita, Suminoe-ku, Osaka-shi, Osaka, 559-0034 Japan
  Telephone number
  81-6-6613-3330
  
  Visiting Our Offices
  Please note that we are unable to accept requests made in person at our office.

• (2)

  The purpose of use of personal information obtained in connection with complaints and consultations Personal information obtained in connection with a complaint or consultation will be used only to the extent necessary to respond to the complaint or consultation. The information provided will be stored for two years after the response is completed, after which it will be disposed of.

• (3)

  Name of the accredited personal information protection organization to which the Company belongs and the contact for filing complaints

JIPDEC

Contact for resolution of complaints
Accredited Personal Information Protection Organization Office
Roppongi First Building, 9-9 Roppongi 1-chome,
Minato-ku Tokyo, 106-0032 Japan

Telephone numbere
81-3-5860-7565e
(This number is only for complaints about the handling of personal information. This is not the contact for inquiries about our products or services.)

Enacted June 1, 2005
Revised August 1, 2012
Last revision April 1, 2022
Kazuya Okazaki
President
Hanamaru Co., Ltd.