Established on April 1, 2021
Revised on July 1, 2023
Open Up Group Inc.
Daio Sato, President and Representative Director

Privacy Policy

Open Up Group Inc. recognizes the importance of its social responsibility to handle personal information carefully and to protect the rights and interests of individuals. Accordingly, it fully complies with relevant laws and regulations and strives to protect all personal information in its possession.


1. Acquisition, use, and provision of personal information

Whenever we request personal information from individuals, we specify the purpose for its use as specifically as possible. We apply lawful and fair methods to the extent necessary to achieve such a purpose. Moreover, we only obtain personal information defined as sensitive by Japan's Personal Information Protection Act with the advance consent of the individuals concerned.

We only use personal information within the scope necessary to achieve the purpose explicitly notified or disclosed to the individuals concerned, and we take measures to prevent unintended information use.
When providing or outsourcing the handling of personal information to a third party, we do so legally within the scope necessary to achieve the purpose consented to by the individuals concerned.


2. Information security measures

To ensure that personal information remains accurate and is always used securely, we have established information security measures and other safety mechanisms. We take proper steps to prevent unauthorized access to personal information, as well as its leakage, loss or corruption, and we continually enhance the security measures concerned.
In addition, we have established internal rules governing the protection of personal information under which we are working on the security control of personal information, such as the provision of training for officers and employees, entrance/exit management of offices, and the supervision of outsourcing companies


3. Proper complaint response

We respect the rights of individuals who have provided their personal information to us. Whenever an individual whose personal information is held by the Company requests the disclosure, correction, or deletion of that information, or requests a suspension of the use or provision of that information, we handle the request as legally required, and also respond appropriately to any concerns such individuals may express.


4. Compliance with laws, guidelines and norms

To ensure proper protection of personal information, we comply with applicable laws and regulations concerning personal information handling, as well as with guidelines set by the government and other norms.


5. Continual improvement of the management system for personal information protection

We regularly audit our management system for personal information protection to ensure it is operating properly. We maintain and continuously improve the system, while enhancing the overall level of personal information protection.

Basic Policy on the Proper Handling of Specific Personal Information

We establish our basic policy in order to work, as an organization, on ensuring the proper handling of individual numbers and specific personal information (hereinafter referred to as "Specific Personal Information").


1. Compliance with Relevant Laws, Regulations, and Guidelines

We properly handle Specific Personal Information by complying with the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures (commonly called the "My Number Act") and the Act on the Protection of Personal Information (commonly called the "Personal Information Protection Act," as well as cabinet orders, ministerial orders, and guidelines related thereto.


2. Security Control Measures

In order to appropriately control Specific Personal Information, we separately establish internal rules relating to the handling of Specific Personal Information and comply with the rules.


3. Contact information for inquiries and complaint handling

For inquiries and complaints regarding the handling of Specific Personal Information, please see section 5 "Contact information for inquiries concerning personal information" of Personal Information Handling described below.

Personal Information Handling

We are working to ensure the appropriate protection of personal information based on our Privacy Policy. Please refer to the following should you have any questions concerning our acquisition and holding of personal information for business purposes.


1. Name of the organization handling personal information

Open Up Group Inc.
2-14-1 Higashi-shimbashi, Minato-ku, Tokyo 105-0021, Japan


2. Personal information manager and contact information

The manager of the Group Management Department acts as the Company's personal information protection manager.

* Please see section 5 "Contact information for inquiries concerning personal information" described below.


3. Purposes of use of personal information

Types Purposes of Use
Shareholders
and investors
  • Shareholder management as required by laws and regulations
  • Enforcement of rights and performance of obligations under laws and regulations
  • Implementation of questionnaires and IR related measures
  • Analysis of data concerning shareholders and investors (including publication and disclosure to a third party of statistical data that cannot identify the specific individual)
Applicants for
recruitment by
the Company and
candidates for
initial appointment
  • Employment selection and related communication
  • Analysis of data concerning applicants and candidates for initial appointment (including publication and disclosure to a third party of statistical data that cannot identify the specific individual)
Employees
(including the Group's
employees whose personal
information is jointly used)
and family members and
guarantor thereof
  • Procedures for social insurance and employment insurance
  • Proper assessment and consideration of the workplace
  • Provision of information on and implementation of training and technical training
  • Entrance/exit management of our workplaces and security control
  • Safety and health management
  • Communication of non-work related matters (an employee shareholding association etc.)
  • Other matters related to overall personnel affairs and labor management
  • Analysis of data concerning employees (including publication and disclosure to a third party of statistical data that cannot identify the specific individual)
Retirees from
the Company
  • Notification of procedures for retirement and related matters
  • Analysis of data concerning retirees (including publication and disclosure to a third party of statistical data that cannot identify the specific individual)
Outside workers
(such as employees of
outsourcing companies and
employees from temporary
staffing companies who work
in the premises
of the Company)
  • Entrance/exit management of our workplaces and security control
  • Safety and health management
  • In the case of a worker dispatched from a temporary staffing company, compliance with the obligations of such company under the Worker Dispatching Act (including the relevant laws and regulations, ministerial ordinances, guidelines, etc.)
  • Analysis of data concerning outside workers (including publication and disclosure to a third party of statistical data that cannot identify the specific individual)
Personal information
entrusted under
an outsourcing contract
  • Performance of such outsourcing contracts
Customers and
their managers and
personnel in charge
  • Consideration and implementation of transactions and related communication
  • Provision of information on services of the Company and its Group companies
  • Analysis of data concerning customers (including publication and disclosure to a third party of statistical data that cannot identify the specific individual)
Various types of
consultations and
inquiries
  • Responses to consultations and inquiries and related communication
  • Analysis of data concerning consultations and inquiries (including publication and disclosure to a third party of statistical data that cannot identify the specific individual)

Other purposes for personal information use will be specified separately in writing.

* Obtained personal information will not be provided to a third party without the consent of the individual concerned, except when explicitly stated otherwise at the time of acquisition. However, we may outsource handling of all or part of collected personal information within the scope of the purpose of use.


4. Joint use of personal information

For the purpose of providing the comprehensive service of the Company and its Group companies, we jointly use personal information as follows.

  1. Items of personal information to be jointly used
    An individual's name, address, telephone number, e-mail address, organization the individual belongs (the name and address of the organization, and the department name, title, e-mail address, telephone number, and fax number of the individual in the organization), qualifications held, work experience, transaction history, and consultation history
  2. Scope of joint users
    Open Up Group Inc. and its subsidiary companies and affiliated companies, except for those located outside Japan (* Referring to the subsidiary company defined in Article 8, paragraph (3) of the Regulation on Terminology, Forms, and Preparation Methods of Financial Statements and the affiliated company defined in Article 8, paragraph (5), of the said Regulation)
    For the scope of the applicable Group companies, please refer to the following link.
    The Group companies of Open Up Group Inc.
  3. Joint users' purposes of use
    Please refer to section 3 "Purposes of use of personal information."
  4. Means of acquisition
    Acquisition by a written document, electronic data, such as e-mail, and oral means, such as on the phone or face-to-face
  5. Manager responsible for the administration of personal information to be jointly used
    The personal information protection manager of the company that initially acquired the relevant personal data (For the personal information protection manager, corporate addresses, and representatives of the respective Group companies, please refer to the Privacy Policy and the section "Personal Information Handling" of the website of each company.)

5. Contact information for inquiries concerning personal information

Group Management Department, Open Up Group Inc.
The section in charge of consultation concerning personal information
The inquiry by the email


6. Name of the authorized personal information protection organization for complaint resolution

Currently, the Company does not belong to an authorized personal information protection organization for this purpose.


7. Security Control Measures for Personal Information

We implement the following measures to ensure the proper handling of personal information.

(Formulation of Basic Policy)

The Company will formulate a personal information protection policy to ensure the proper handling of personal information.

(Maintenance of internal rules for the handling of personal information)

The Company shall establish internal rules for the handling of personal information to ensure the safe management of personal information, including the prevention of leaks, etc. of personal information.

(Organizational safety control measures)

  1. Organizational structure
    The roles of relevant personnel at each stage of personal information handling (acquisition, use, storage, provision, deletion/disposal, etc.) shall be defined, and an organizational structure shall be established in accordance with these rules.
  2. Confirmation of operation
    Personal information shall be handled in accordance with the established internal rules, and records of the handling shall be made in the form of system logs and documents, etc., to confirm as appropriate whether the operation is in accordance with the internal rules.
  3. Ledger management
    As a means of grasping and confirming the status of personal information handling, we will create and manage a management ledger of personal information that we have acquired or that has been entrusted to us.
  4. Response to accidents
    We will establish a system and procedures in the event of accidents such as leakage.
  5. Inspection and Review
    We will conduct periodic self-inspections of the handling of personal information, as well as checks by the Information Management Department, Internal Audit Department, and outside contractors, to continuously evaluate, review, and improve our safety management system.

(Personnel safety control measures)

We will provide regular training and drills to our employees on the precautions and considerations regarding the handling of personal information. In addition, we will clarify the confidentiality obligations of our employees by, for example, stating matters concerning the confidentiality of confidential information, including personal information, in employment regulations and related rules.

(Physical security control measures)

  1. Handling area
    Establish an area where personal information is handled, and formulate rules for access control to the area. In addition, rules for bringing in and taking out equipment, electronic media, documents, etc. in which personal information is recorded (or can be recorded) shall also be established.
  2. Prevention of theft of equipment, electronic media, etc
    Appropriate measures will be taken to prevent loss or theft of equipment, electronic media, documents, etc. on which personal information is recorded.
  3. Transportation of equipment, electronic media, etc
    When equipment, electronic media, documents, etc. in which personal information is recorded are transported, measures such as encryption and password control are implemented to prevent personal information from being easily leaked.
  4. Disposal of equipment, electronic media, etc
    Equipment, electronic media, documents, etc. in which personal information is recorded are disposed of in a manner that makes it impossible to recover personal information.

(Technical safety control measures)

  1. Access control
    For information systems that handle personal information, access control shall be implemented to the minimum extent necessary for business performance, and the scope of accessible personal information databases, etc. shall be limited to those employees of the Company and those employees who handle such personal information databases, etc.
  2. Identification and authentication
    Information systems that handle personal information shall be authenticated based on the results of identification to ensure that the Company's employees who use such systems have legitimate access privileges.
  3. Prevention of unauthorized access
    A system to protect the information system handling personal information from unauthorized external access or unauthorized software shall be introduced and properly operated.
  4. Prevention of leakage, etc
    Measures shall be taken to prevent leakage, etc. of personal information in the information systems that handle personal information during use.

(Supervision of contractors)

In the event that we outsource all or part of the handling of personal information to a third party, we will select an appropriate outsourcee to ensure that the outsourcee takes appropriate measures to safely manage personal information. In addition, we will properly manage and supervise the consignee by, for example, concluding a consignment contract with the selected consignee and periodically auditing the consignee to understand how the consignee is handling the personal information consigned by us.

(Grasping the external environment)

We will implement safety management measures based on our understanding of the systems related to personal information in the following countries where personal information is stored.

【Countries where retained personal data is stored】
The United States, Singapore

8. Procedures concerning requests for disclosure of applicable personal information

You may submit a request to the Company to be notified of the purpose of use for applicable personally identifiable information that the Company may hold. Likewise, requests can be submitted for the disclosure, correction, augmentation, deletion, suspended use, erasure, or suspended provision to third parties (collectively referred to as "personal information disclosure, etc.") concerning such information. Please contact the person indicated in "5. Contact Information for inquiries concerning personal information" above to request personal information disclosure, etc., for applicable personal information.
Upon receipt of your request, we will send you the necessary form (Request for Personal Information Disclosure, Etc.) for submission. Please complete the form and attach the indicated documents to verify your identity.