• Appoint a personal information protection manager and a personal information protection auditor.
• Department managers are appointed as administrators, and personnel responsible for each operation are designated to practice personal information protection.
• We appoint individuals responsible for personal information education and complaint handling. Each is responsible for internal education, training, and complaint resolution.
• All employees, including those seconded or dispatched, must comply with employment regulations, the basic policy on personal information protection, and the basic regulations on personal information protection. They are also required to promptly report any defects or accidents.

When seeking consent from individuals providing personal information, the following information will be provided:

• Purpose of collecting information.
• Whether the company will entrust or deposit the information, and if so, the main purpose of the entrustment or deposit.
• Whether the information will be provided to third parties, and if so, the purpose and recipients.
• Contact information for inquiries regarding the handling of personal information.
• Matters related to disclosure, correction, deletion, and refusal; methods of identification; and guidelines for response.

• When acquiring personal information directly from an individual, we will notify the individual in advance of the purpose for which the information will be used and obtain his/her consent before acquiring the information.
• Personal information entrusted to us will be used within the scope of the entrustment contract.
• When receiving information from a third party, we confirm whether consent has been obtained for the intended use. If not, we obtain consent from the subject of the information.
• When acquiring publicly available personal information, we will specify the purpose of use and use the information accordingly.

• Personal information will be handled in accordance with its intended use. If the purpose of use changes, we will obtain consent from the information subject.
• For security management from external parties, we will strive to protect personal information from third parties according to the risk level specified in the basic policy on the protection of personal information.
• Internally, we will limit the number of persons who handle personal information based on their job roles and establish protocols to prevent the unnecessary use of personal information.
• We will take measures appropriate to the purpose and risk associated with each use of personal information, including transportation and destruction.

We do not entrust the collection of personal information unless otherwise specified in individual policies or prior notice. In cases of entrustment, we will provide prior notice and obtain the consent of the person providing personal information. If the consignee's name is not disclosed, we will manage the consignee internally.

We do not provide personal information to third parties unless otherwise specified in individual policies or prior notice. When providing personal information to a third party, we will obtain consent from the information subject either at the time of acquisition or before providing the information to a third party.

We will respond to requests for disclosure, correction, or deletion of personal information, unless otherwise specified in each individual policy or prior notice. The response method and estimated time required for response will be indicated in each individual policy or prior notice.

8.Continuous Improvement

We will conduct internal or external audits and reviews at least once a year to ensure continuous improvement. In addition to periodic audits, we will promptly address any deficiencies identified.

In principle, the handling of personal information will be conducted in accordance with the above paragraphs 1 through 8,

• When required by law
• In the event of an emergency that threatens life or property
• In other unavoidable cases

and other exceptions will be handled under the responsibility of the person in charge of personal information protection.

If you have any questions regarding our Privacy Policy or personal information protection, please contact the Personal Information Protection Section of our General Affairs Department.

*The contents may be subject to change in accordance with the enactment or modification of laws and regulations, or changes in internal rules.