1. Basic Policy on Personal Information Protection

NTT Solmare Corporation (hereinafter referred to as “the Company”) fully recognizes societal demands for the protection of personal information and believes that promotion of the proper handling of personal information is an important social responsibility it must fulfill.

In order to fulfill this responsibility and continue operating as a company with high credibility, the entire Company will strive to protect personal information based on the “NTT Group Information Security Policy” and the basic policy outlined below.

(1) The Company will strive for thorough compliance by properly handling personal information according to the provisions stipulated by laws and regulations*1 pertaining to the protection of personal information.

(2) The Company will clearly define the purposes for which it uses personal information and properly handle personal information to the extent necessary to achieve those purposes of use. In addition, the Company will strive to keep personal information accurate and updated.

(3) In order to properly manage personal information, the Company will establish an internal management system for protecting personal information.

(4) The Company will conduct necessary education, training, etc. for its employees who handle personal information in the course of work, and supervise those employees appropriately. In addition, in the case of outsourcing the handling of personal information, the Company will manage and supervise the relevant subcontractor by entering into a confidential agreement, etc. with the subcontractor to ensure that personal information is properly handled.

(5) In order to ensure personal information security, the Company will take the necessary security control measures while referring to various standards, guidelines, etc.

(6) The Company will appropriately respond to opinions, questions, etc. from customers pertaining to the handling of personal information by the Company.

(7) In order to promote greater protection of personal information, the Company will strive to continuously improve the management system, security control measures, and other necessary measures.

Furthermore, the Company recognizes the importance of strictly protecting not only personal information, but also information pertaining to corporate customers and other types of customer organizations. The Company will appropriately handle this information equally as it handles personal information.

*1  Examples of laws, regulations, etc. related to the protection of personal information- (Unless otherwise specified, the laws and regulations are those of Japan.)
- Act on the Protection of Personal Information (Act No. 57 of 2003; hereinafter referred to as the “Personal Information Protection Act”)

- Policy on Measures to be Implemented by Companies to Secure the Proper Handling of Personal Information in Employment Management (Ministry of Health, Labor and Welfare Public Notice No. 259 of 2004)

- Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure (Act No.27 in 2013; hereinafter referred to as “Number Act”)

- Guidelines for Proper Handling of Specific Personal Information (for Business Operators) (December 11, 2014, Specific Personal Information Protection Committee)

2. Policy concerning the Practical Use of Personal Information

(1) Acquisition of personal information to be used by the Company
The Company will acquire, within the confines of the purposes of use described in Sub-section II. below and by legitimate and fair means, the following personal information*2 orally, in writing (including documents such as application forms, electromagnetic records, and Web screens), through sound or video recording, mechanically or electromagnetically, or through other means. The Company will acquire such personal information also through the succession of business operations by reason of merger, etc.
In responding to our customers by telephone, we may record our telephone conversations with our customers with the aim of grasping details of orders, opinions, requests, inquiries, etc. accurately and thereby improving our customer services in future.

*2 Personal Information
The personal information as referred to here is that personal information which is defined in Article 2 of the Personal Information Protection Act, including data on a person and that owned personally. Regarding a customer other than an individual, such personal information includes that which the Company will use in providing and selling services, etc., or doing similar transactions among personal information on the representative, directors, employees, etc. of a customer. However, Specific Personal Information, etc. is not included in the definition of the personal information in this privacy policy. Hereinafter the same meaning shall apply.

(i) Personal information that the Company will acquire through the application, use, and inquiries concerning the Company’s services, etc. (hereinafter referred to as “applications, etc.”)

(ii) Personal information that the Company acquires in handling consultation and requests at the consultation contacts (including requests to disclose personal information; hereinafter the same meaning shall apply.)

(iii) Personal information that the Company acquires from questionnaire surveys and other activities that the Company conducts with the participation of customers as well as from participation in prize competitions and membership programs (hereinafter referred to as “participation in questionnaire surveys and other activities”)

(iv) Personal information that the Company acquires through conducting services delegated by other companies

(v) Personal information that the Company will receive from a company to whom the Company contracts out part of its business operations, as a result of the act of contracting out

(vi) Personal information acquired, with the consent of the person in question, by means of a third party such as introduction by a customer

(vii)Personal information acquired legally from third parties such as public agencies or credit information organizations

(viii)Other personal information acquired by the Company through conducting services.

(2) Purpose for using personal information
The Company defines the purposes as follows for handling personal information when digital content distribution services, etc. are provided, sold, etc.

(i) Provision of digital content distribution services, etc.
The personal information below, which the Company handles for customers’ applications, etc. for digital content distribution services, etc., will be used to the extent necessary to verify the identity of the customer, control credit, provide digital content distribution services, etc.*5, calculate and bill charges for digital content distribution services, etc., contact customers in relation to these matters, and carry out the contents of the contract, based on the contract provisions, etc.
The information will also be used to the extent necessary to introduce, propose, and consult about digital content distribution services, etc., carry out measures (including questionnaires) to improve the quality, customer satisfaction, etc. of digital content distribution services, etc., plan and develop new digital content distribution services, etc., manage and improve facilities related to the provision of digital content distribution services, etc., and conduct other business related to the Company digital content distribution services, etc.
Even after a customer's subscription to digital content distribution services, etc. is cancelled, personal information may still be used for the purposes listed above.

(ii)Support services such as customer consultation
The personal information below, which the Company handles in consultation, requests, etc. at the Company’s contact point will be used to the extent necessary to respond to the contents of consultation and requests, as well as to the extent necessary to improve the quality of content delivery services, etc. or develop new services, etc. based on the contents of the opinions, consultation, etc. of customers.

(iii) Participation in questionnaire surveys and other activities
The personal information below, which the Company handles for customer participation in questionnaire surveys, prize contests, membership system programs and other surveys (hereafter referred to as “questionnaire surveys”) conducted by the Company, will be used to the extent necessary to send materials required to conduct questionnaire surveys and other activities, send rewards for participation in questionnaire surveys and other activities, send prizes, improve service quality, etc., develop new services, etc., and introduce about the Company services, etc.

(iv) Contracted out services
Personal information that the Company handles when carrying out work contracted out by other companies (sales, agency business, surveys etc. for the products and services of other companies) will be used to the extent necessary to carry out the contracted out work.

(3) Provision of personal information accompanying the contracting out of business operations to other companies, etc.

The Company may provide personal information handled by the Company, according to the provisions in Item 1 of Paragraph 4 of Article 23 of the Personal Information Protection Act, to other companies to which the Company will contract out the business operations.
In this case, the Company will select companies who are identified as handling personal information properly, appropriately define the details of the handling of personal information, including security control measures, confidentiality, and terms and conditions of renewal of the contract, in the contract agreement, and supervise such companies as required and appropriately. The Company may also provide personal information to a third party in accordance with its contract provisions, etc. or provisions of the Personal Information Protection Act, and other related laws and regulations.

(4) Basic Concept on Security Control Measures
The Company will endeavor to appropriately carry out the measures below to securely manage personal information when such information is handled.

(i) Technical Protection Measures
The Company will endeavor to protect personal information from unauthorized access or disclosure, loss, or destruction by taking the appropriate measures to control access to personal information, restrict the means of taking out personal information, and protect against unauthorized access from outside the company, etc.

(ii) Organizational Protection Measures
- A person responsible for protecting personal information will be placed in each organization that handles such information, and responsibility and authority will be clearly defined.
- To securely manage personal information, company regulations, manuals, etc. will be established, employees who engage in work that involves handling such information will be made to comply with them, and compliance will be appropriately managed and supervised.
- By regularly and properly educating and training employees engaged in work that involves the handling of personal information, the company will strive to enhance the awareness of each and every employee so that they recognize the importance of personal information and know how to properly handle such information.
- When the Company contracts out the handling of personal information, this will be supervised by such measures as concluding a nondisclosure agreement, etc. to ensure that such personal information is properly handled.

(iii) Physical protection measures
The Company will take measures such as access control for buildings and floors where personal information is handled, prevention of theft, etc., restricting the means of taking out systems and documents, and locking to ensure systems and documents are kept securely.

(5) Personal Information from Children
The Company’s websites, and digital content delivery services, etc. for the United States are not intended to be used by children under the age of 13, and the Company does not knowingly collect personal information from anyone under the age of 13, knowingly allow such persons to register, and does not use or disclose such information to third parties. Children under the age of 13 should not use the Company’s websites, information-providing services, or digital content delivery services at any time. If a child under the age of 13 submits personal information to the Company without verification of parental consent and the Company finds that the person submitting the information is a child under the age of 13 or that no parental consent has been confirmed, the Company will delete the information immediately.

(6) Procedures for Disclosure, etc.
The Company has laid out the following procedures in cases where the company receives requests (hereinafter referred to as “requests for disclosure, correction, etc.”) from customers for notices of the purpose for using personal information, the disclosure (hereinafter referred to as “disclosure, etc.”) of personal information, or the correction, addition, or deletion of personal information and stoppage of usage or stoppage of provision to third parties (hereinafter referred to as “correction, etc.”)..

(i) Requests for Disclosures and Corrections
- e-mail: [email protected]

(ii) Procedures for Disclosures and Corrections

a. Procedures for Disclosures

- The Company will respond to a request for Disclosures from a customer in writing. In this case, the customer shall make the request for Disclosures made by submitting a form designated by the Company in advance.

- Even if a customer requests Disclosures, the Company may not disclose, etc. a part or all of the information in accordance with the provisions of the Personal Information Protection Act. In this case, the Company will inform that disclosure, etc. will not be made and the reason for the decision. The Company not disclose the requested personal information to a representative in full or in part if the disclosure of personal information will violate the secrecy of communications or will cause harm to a person's life, body, assets, or other rights and interests, etc.

- Customers who want to request disclosure, etc. should call the contact number shown in the above Paragraph 1.

b. Procedures for Corrections

- When there is a request for correction, etc. from a customer, the Company will investigate the contents of the request. In this case, the customer's request for correction, etc. must be submitted on a form designated by the Company.

- If, following the investigation, the Company agrees that the existing personal information is not correct, or that the handling of relevant personal information is not proper, the Company will make the correction, etc.

- Even if there is a request for correction, etc., the Company may not correct, etc. part or all of the information based on the provisions in the Personal Information Protection Act. In this case, the Company will inform the customer that the correction, etc. will not be made and the reason for the decision.

- Customers who want to request correction, etc. should call the contact number shown in the above Paragraph 1.

(iii) Verification of Identity of Customer, etc.

- When a request for disclosure, correction, etc. is made, written documents (a copy of an official form of identification such as a driver’s license or passport) verifying the identity of the customer or that someone represents the customer, pertaining to the applicable personal information will be required.

(iv) Handling charges etc. for Requests for Disclosure, etc.

- Handling charge: JPY 1,000 (consumption tax excluded)

- Billing method: A bill will be sent for each request.

(7) Discontinuation of supplying a customer with direct mail, etc.
When a customer does not want to receive direct-mail advertising and other advertising materials and solicitation of sales, the customer may ask our contact for disclosure, correction, etc., indicated in the above Paragraph 1. of Sub-section VI., to stop sending them. We will take actions to discontinue sending advertising materials, etc. as soon as possible; however, we would like the customer to understand that we use the customer’s personal information to the extent that it is necessary to take the actions needed (including instructions to the companies to which the Company contracts out the handling personal information).

(8) Contact Point for Opinions, etc. regarding the Handling of Personal Information
The Company’s customer contact point for any questions and requests regarding the handling of personal information in the provision or sale of the Company’s digital content delivery services is as follows.

- e-mail: [email protected]

3. Policy for the specific handling of Specific Personal Information, etc.

(1)Purpose for using Specific Personal Information, etc.
The Company will use Specific Personal Information, etc.*3 only for the purposes of the following affairs.

(i) Affairs for the preparation of payment record of remuneration, charges, contract money, and monetary awards.

(ii) Affairs for the preparation of payment record for the use of real estate, etc.

(iii) Affairs for the preparation of payment record of considerations for receiving real estate, etc.

(iv) Affairs for the preparation of payment record of intermediary fees for purchase and sell or renting of real estate, etc.

(v) Affairs for the certification of income and local tax withdrawal from regular pay

The Company will require customers to provide Specific Personal Information, etc. in a proper manner within the purpose of use.
Furthermore, the Company will explicitly state the purpose of using each time when acquiring Specific Personal Information, etc. described in documents, with the exception of the case that in the cases of any Item of Paragraph 4 of Article 18 of the Personal Information Protection Act.
However, this does not apply in the cases of Item 1 or 2 o f Paragraph 3 of Article 16 of the Personal Information Protection Act which is modified in accordance with Item 3 of Article 29 of the Number Act.

*3. Specific Personal Information, etc.
Refers to an Individual Number defined on Paragraph 5 of Article 2 of the Number Act and personal information that includes the personal identification number. Hereinafter the same meaning shall apply.

(2) Provision of Specific Personal Information, etc. to third parties
The Company will not provide Specific Personal Information, etc. to any third parties. However, in the case set forth in each Item of Article 19 of the Number Act, the Company may provide necessary Specific Personal Information, etc. to the related third parties without the prior consent of the customer, or may receive such information, from related third parties.

(3) Provision of Specific Personal Information, etc. in the cases of outsourcing business operations, etc. to other companies
The Company may provide all or part of Specific Personal Information, etc. handled by the Company to other companies to which it will outsource business operations. In this case, the Company will select companies who are identified as properly handling such information, etc., and supervise them appropriately.

(4) Joint use
The Company will not jointly use Specific Personal Information, etc. with a specific person.

(5) Basic policy on security control measures
The Company will endeavor to appropriately carry out the measures below to securely manage Specific Personal Information, etc. when handling such information.

(i) Technical protection measures
The Company will endeavor to protect Specific Personal Information, etc. from unauthorized access or disclosure, loss, or destruction by taking the appropriate measures to control access to Specific Personal Information, etc., to restrict the means of taking out such information, and to protect against unauthorized access from the outside.

(ii) Organizational and human protection measures

- A person responsible for protecting and a person in charge of clerical work*4 for protecting Specific Personal Information, etc. will be placed in each department that handles such information, and responsibility and authority will be clearly defined.

- To securely manage Specific Personal Information, etc., The Company will establish the company regulations, manuals, etc. and make a person in charge of affairs comply with them, and manage and supervise their compliance on a regular basis.

- By regularly and properly educating and training a person in charge of affairs, The Company will endeavor to enhance the awareness of each employee so that they recognize the importance of Specific Personal Information, etc. and know how to properly handle such information.

- When the Company outsources the handling of Specific Personal Information, etc. to third parties, The Company will supervise such third parties by such measures as concluding a nondisclosure agreement, etc. to ensure that such information, is properly handled.

*4. Person in charge of affairs
Refers to a person involved in affairs related to Specific Personal Information, etc. Hereinafter the same meaning shall apply.

(iii) Physical protection measures
The Company will take measures such as access control for buildings and floors where Specific Personal Information, etc. is handled, prevention of theft, etc., and locking when taking out or storing systems and documents.

(6) Procedure for disclosure, correction, etc.
The Company has set the following procedures of requests (hereinafter referred to as “requests for disclosure, correction, etc.”) from customers for notices of the purpose for using Specific Personal Information, etc., the disclosure of such information (hereinafter collectively referred to as “disclosure, etc.”), or the correction, addition, or deletion, or the stoppage of usage of such Information, etc. (hereinafter collectively referred to as “correction, etc.”).

(i) Contact point for requesting disclosure, correction, etc.

- e-mail: [email protected]

(ii) Procedure for requesting disclosure, correction, etc.

a. Procedure for disclosure, etc.

- When a customer requests disclosure, etc.to the Company, the Company will respond in writing. In this case, the request for disclosure, etc. must be submitted on a form designated in advance by the Company.

- Even if a customer requests disclosure, etc.to the Company, the Company may not notify or disclose all or part of such information based on provisions in the Personal Information Protection Act. In this case, the Company will inform the customer that disclosure, etc. will not be made and the reason for the decision. The Company may not disclose all or part of the requested Specific Personal Information, etc. to a representative of a customer if the disclosure of such information may cause harm to a person's life, body, assets, or other rights and interests, etc.

- Customers who want to request disclosure, etc. should call the contact number shown in the above Paragraph 1. The Company will provide information for detailed procedure to such customer.

b. Procedure for correction, etc.

- When a customer requests correction, etc.to The Company, The Company will investigate the contents of the request. In this case, the request for correction, etc. shall be submitted in a form designated by the Company.

- If, following the investigation, The Company admits that the contents of Specific Personal Information, etc. is not correct, or that the handling of such Information is not proper, The Company will make the correction, etc.

- Even if a customer requests correction, etc.to The Company, The Company may not correct, add, delete, or stop using all or part of Specific Personal Information, etc. based on the provisions in the Personal Information Protection Act. In this case, the Company will inform the customer that the correction, etc. will not be made and the reason for the decision.

- A customer who want to request correction, etc. shall contact the contact point shown in the above Paragraph 1. The Company will provide information for detailed procedure to such customer.

(iii) Identity Verification, etc.
When a customer requests disclosure, correction, etc. , The Company request such customer to submit documents that may confirm the identity of or representation from such customer who have Specific Personal Information, etc. Please call the contact number shown in the above Paragraph 1. for details on the required documents.

(iv)Handling charges, etc. for the requests for disclosure, etc.

- Handling charge: JPY 1,000 (consumption tax excluded)

- Mailing cost: Actual cost for sending by simplified registered mail

- Billing method: A bill will be sent each time.

- Please contact the contact point shown in the above Paragraph 1. for details on the handling charges, etc.

(7) Contact point for opinions, etc. regarding the handling of Specific Personal Information, etc. The Company accept inquiries or requests, etc. regarding the handling of Specific Personal Information, etc. at the following contact point.

- e-mail: [email protected]

4.Revisions

The Company may revise a part or all of the content of this privacy policy. If the policy is revised, the Company will make the revisions public by posting the updated content on this website, etc.

January, 2016