PRIVACY POLICY

AWL, Inc. (the “Company”) complies with the Act on the Protection of Personal Information (Act No. 57 of May 30, 2003; the “Personal Information Protection Act”), all other relevant laws and regulations, and this privacy policy (this “Privacy Policy”) in its business in order to appropriately protect personal information.
Unless otherwise specified, definitions for terms used in this Privacy Policy conform to those stated in the Personal Information Protection Act and the guidelines of the Personal Information Protection Commission.

1．Acquisition of Personal Information

The Company will acquire your personal information by lawful and fair means.

2．Purposes of Use

The Company will use your personal information within, and only within, the extent necessary for the achievement of the purposes of use set out below. The Company will use your personal information by appropriate and fair means to the extent necessary for such purposes.

∙ Provision of products or services handled by the Company
∙ Management of your information
∙ Quality enhancement, improvement, or analysis of products or services handled by the Company
∙ Responding to inquiries, etc.
∙ Introduction or advertisement of products or services handled by the Company or our affiliates
∙ Development of new products or services
∙ Retrieval and preparation of statistical information
∙ Other purposes expressly indicated separately when we acquire personal information

3．Security Control Measures for Personal Information

The Company will endeavor to retain your personal information in an accurate and up-to-date condition as well as endeavor to delete that personal information without delay when it is no longer necessary to use that personal information.
The Company will also take necessary security control measures to prevent loss, destruction, manipulation, or divulgence of personal information (including maintenance of security systems, establishment of management systems, and thorough implementation of training for employees) and will implement appropriate information security countermeasures, such as countermeasures against unauthorized access and computer viruses.
If the Company handles personal data in a foreign country, the Company will take necessary and appropriate measures to manage the security of personal data based on an understanding of systems, etc. regarding personal information in that foreign country.

(i) Establishment of basic policies: The Company establishes basic policies in relation to “compliance with relevant laws, regulations, and guidelines, etc.,” “points of contact for handling questions and complaints,” and the like to ensure proper handling of personal data.
(ii) Formulation of rules regarding handling of personal data: The Company formulates rules for handling personal data in relation to handling methods, persons responsible and persons in charge, the duties of those persons, and the like at each of the stages of acquisition, use, storage, provision, deletion, disposal, etc.
(iii) Organizational security control measures: In addition to appointing a person responsible for the handling of personal data, the Company (a) clearly specifies which of its employees will handle personal data and the scope of the personal data handled by those employees and (b) establishes a reporting and communication system through which the person responsible will be notified if there is any actual or possible violation of laws and regulations or handling methods.
(iv) Personnel-based security control measures: The Company provides regular training to employees on matters that require attention regarding handling of personal data.
(v) Physical security control measures: In addition to managing employees’ entry into and exit from areas where personal data is handled and imposing restrictions on devices, etc. brought into those areas, the Company takes measures to prevent unauthorized persons from viewing personal data. In addition to taking measures to prevent theft or loss of equipment, electronic media, documents, etc. used in the handling of personal data, the Company takes measures to ensure that personal data is not readily discernible when such equipment, electronic media, etc. are transported, including when relocated within the place of business.
(vi) Technical security control measures: The Company implements access controls to limit the scope of persons in charge and the personal databases they handle. / The Company adopts frameworks to protect information systems that handle personal data against unauthorized access from outside or unauthorized software.
(vii) Ascertainment of the external environment: The Company handles personal information overseas. The Company implements security control measures upon ascertaining the personal information protection systems in these countries.

4．Entrustment of Handling of Personal Data

If the Company provides personal data to any third parties in order to entrust handling of personal data, the Company will take measures required under the Personal Information Protection Act.

5．Provision of Personal Data to Third Parties

Unless otherwise provided in laws and regulations, the Company will not provide your personal data to any third parties without obtaining your consent.
The Company may provide to third parties statistical information and data retrieved from personal data in a form by which specific individuals cannot be identified.

6．Provision of Personal Data to a Group Company or an Entrusted Party in a Foreign Country

If the Company provides personal data to a group company of the Company or to an entrusted party in a foreign country, the Company must comply with the Personal Information Protection Act and relevant laws and regulations in relation to provision to foreign countries, as well as guidelines of the Personal Information Protection Commission.

7．Disclosure, etc. of Retained Personal Data

If the Company is to conduct any procedure pertaining to a request, etc. from you in relation to the following with respect to personal data that the Company retains (collectively, “Disclosure, Etc.”), the Company will respond without delay, in accordance with the Personal Information Protection Act and other laws and regulations, after confirming that it is you making the request, etc.: notification of the purpose of use; disclosure (including disclosure of third party provision records); correction, etc.; suspension of use, etc.; and suspension of provision to third parties.
In addition, if the Company receives the submission of any complaints from you regarding the handling of personal information, the Company will investigate the circumstances and respond appropriately and promptly.

8．Responding to Inquiries

The Company will respond to requests for Disclosure, Etc., submission of complaints, and other inquiries, etc. in relation to handling of personal information at our Inquiries Desk below.

9．Revision of this Privacy Policy

The Company will endeavor to continually improve its handling of personal information by complying with applicable laws, regulations, and standards for personal information. If the privacy policy of the Company is revised through such activities, the Company will post the revised privacy policy on the Company’s website.

September, 2022

Muneharu Kitade, Representative Director
AWL, Inc.