NAGASE Group Basic Policy for Personal Data Processing

LEGAL

Last updated January 2023

To ensure that the processing of personal data by the NAGASE Group is lawful, transparent, fair and secure, officers and employees of the NAGASE Group should comply with this Policy and each NAGASE Group's internal rules.

The purpose of collecting personal data should be specified and clear and its use should be consistent with the purpose of collection.

Collected personal data should not be used for any purpose other than those explained at the time of collection, except with the consent of the data subject, in accordance with the provisions of law, or for any other legitimate grounds.

Personal data should be collected by appropriate means and collected and used to a minimum extent in light of the purposes described at the time of collection.

Personal data should be accurate, complete, and kept up-to-date, and should be to the extent necessary for the purposes.

The risk of personal data processing operations should be assessed, reasonable security measures commensurate with the risk should be taken, and personal data should be protected from loss or destruction and from unauthorized or illegal use, correction, disclosure, etc.

The purpose of use, the content of the data, the controller, the disclosure destination, etc. related to the processing of personal data should be clearly indicated to the data subject.

The data subject should be made aware of the location and content of the data relating to such data subject, and in principle should be guaranteed the right to request disclosure, correction, deletion or suspension of use.

The controller of personal data should be responsible for demonstrating compliance with the law.