Personal Data Protection Policy (Privacy Policy)
- SECOM's Basic Policy on Personal Data Protection -

1. Collection, Use and Provision of Personal Data

SECOM collects, uses and provides personal data appropriately, given the nature and size of SECOM’s business. SECOM will not handle personal data beyond what is necessary to achieve the purpose of use and will take measures to ensure this.

2. Compliance Regarding Personal Data

SECOM complies with all applicable laws, regulations, national guidelines and other rules regarding the handling of personal data retained by SECOM. SECOM is committed to protecting personal data in accordance with this Personal Data Protection Policy and internal policies.

3. Safe Management of Personal Data

SECOM shall strive to prevent the leakage, loss or damage of personal data of SECOM by educating and training its employees to ensure strict control of the data and by taking all necessary and appropriate security measures and other safety control measures. Whenever the need for improvement arises, SECOM will promptly correct and prevent it.

4. Response to Complaints and Consultations

We will establish a point of contact for complaints and consultations about the handling and protection management system of personal data to respond quickly and appropriately.

5. Continuous Improvement

In order to handle personal data appropriately, SECOM will establish a personal data protection management system and strive for continuous improvement.

6. Inquiries Regarding Personal Data Protection Policy

Contact the following for inquiries about our Personal Data Protection Policy.

Yasuyuki Yoshida, President and Representative Director, SECOM CO., LTD.
5-1, Jingumae 1-chome, Shibuya-ku, Tokyo 150-0001

Established on October 31, 2007
Revised on April 1, 2020

SECOM has obtained the Privacy Mark from Japan Institute for Promotion of Digital Economy and Community. Privacy Mark is granted to businesses that handle personal data appropriately under the Personal Information Protection Management Systems that conforms to JIS Q 15001.

Handling of Personal Data

1. Purpose of Use of Personal Data

In connection with our business activities, SECOM will only handle your personal data within the scope necessary for the achievement of the following purposes and will take the necessary measures. Please note that SECOM's business activities are very diverse and we encourage you to visit our website for more information.

Personal Data in General Business

• Acceptance of applications for products and services from customers
• Confirmation of identity and individual contact for the provision of products and services
• Shipment and provision of ordered products and services
• Response to inquiries and consultations
• Provision of information via mailings, visits, etc. to customers concerning the products, services, events, campaigns, questionnaire and of SECOM Group companies and affiliated companies, and distribution of advertisements tailored tocustomers' interests
• Sending of members' newsletters, prizes, etc. to customers
• Market research
• Data analysis of interest, demand, satisfaction, etc. based on personal information acquired through business activities, browsing on websites, behavior history, etc.
• Research, planning, development, and improvement of the products, systems, and services of SECOM Group companies
• Provision of products and services considered appropriate for customers, and of information on these
• Business negotiations, interviews and related communications
• Performance of work entrusted by outsourcers
• Provision of personal information to third parties in accordance with law
• Screening of contracts with customers, and contract management overall, including contract procedures and payment procedures
• Appropriate and smooth execution of business management and risk management by SECOM Group companies
• Other appropriate and smooth responses to customer needs

• SECOM Group companies mean SECOM CO., LTD., its consolidated subsidiaries and equity-method affiliate companies. The same applies below.
• Personal information acquired through the business activities of ⑧ includes each item of "4. Sharing Data "(1). ⑤⑨⑩⑪⑮⑯ includes the analysis of ⑧.

Personal Data of Shareholders, job applicants, retirees and employees

<Personal data on our shareholders>

• Exercising rights and performing obligations under the Companies Act
• Communication of IR activities and shareholder management
• Implementation of various measures

<Personal data on our business partners>

• Business meetings, interviews and related communications
• Contract management

<Personal data on job applicants>

• Communication related to SECOM’s recruiting activities, guidance of events such as job fairs, sending materials, confirming identity, etc.
• Recruitment management

<Personal data on retirees and employees>

• Personnel and labor management, benefits, compliance with labor-related laws and regulations, communication memo, etc.

2. Sharing Data with Third Parties

SECOM will not provide personal data to any third party without the prior consent of the individual, except when it is:

• based on laws and regulations
• necessary for the protection of human life, body or property and it is difficult to obtain the consent of the individual
• particularly necessary for improving public health or promoting the sound growth of children and it is difficult to obtain the consent of the individual
• necessary for national institutions, local governments, or other parties entrusted by them to cooperate with each other in the performance of legally prescribed duties, and obtaining the consent of the individual concerned may interfere with the performance of such duties
• When it is permitted due to provision to academic research institutes for academic research purposes or other exceptions to laws and regulations.

3. Supervision of Contractors

SECOM will disclose personal data to the extent necessary to achieve the purpose of use when outsourcing business. SECOM will enter into an agreement with the contractor and stipulate that they must comply with laws and guidelines related to personal data, and provide necessary and appropriate guidance and supervision.

4. Sharing Data

SECOM Group companies may share personal data as follows;

(1) Categories of Shared Personal Data

• Data provided by you in connection with the use of our products and services
  Name, address, date of birth, gender, contact information, place of work, family information, health information, authentication and identification, residence information, payment information, etc.
• Data acquired through the use of our products and services
  Device and software operation information, acquired information (image, sound, environment-related, health-related), usage status, usage history, etc.
• Details of the products and services you use
  Name of product or service, device and model information, date of start of use, date of purchase, location of use, motive for use, referral information, etc.
• Data provided by you or acquired for the purpose of research and development, such as demonstration experiments
  Name, address, date of birth, gender, contact information, family information, device and software operation information, acquired information (image, sound, environment-related, health-related), etc.
• Data obtained by SECOM through inquiries, visits, work, or transactions
  Date, subject, respondent information, payment status, business card information, event participation history, questionnaire, etc.

(2) Scope

SECOM Group companies

Click here to see which companies we share personal data with.

(3) Purpose

As described in "1. Purpose of Use of Personal Data"

(4) The Person Responsible for Personal Data Management

SECOM CO., LTD. (See Personal Data Protection Policy for address and the Representative Director.)

(5) How to Obtain Personal Data

• Verbally or in writing by the individual
• Through the services and devices you use
• From third parties based on the consent or the like of the individual
• Shared by SECOM Group companies

5. Safety Control Measures and Request for Disclosure of Personal Data Retained

SECOM shall take necessary and appropriate measure for the safe management of personal data that it handles. In the event SECOM receives requests from the individual for the disclosure (or the like; i.e., notification of the purpose of use, disclosure, correction, addition or deletion of content, cessation of use or erasure, cessation of provision to third parties) of personal data retained by SECOM or a record of the provision of said personal data to third parties, SECOM shall comply with such requests in accordance with laws and regulations and internal procedures..

> Click here for the procedure for disclosure and others.

6. Retention of Specific Personal Data and Others

The basic policy on the appropriate handling of personal numbers and specific personal data retained by SECOM as defined in the "Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures" is separately stipulated in the "Basic Policy on Protection of Specified Personal Data".

> Click here for the "Basic Policy on Protection of Specified Personal Data”.

7. Contact for Complaints and Consultations Regarding Personal Data

The person responsible for the protection of personal data is the General Manager of Operations Department , Head Office, SECOM CO., LTD.

8. Authorized Personal Information Protection Organization

SECOM is a target entity of All Japan Security Service Association, an authorized personal information protection organization. All Japan Security Service Association accepts complaints and consultations about the handling of personal information of the target entity.

Established on October 31, 2007
Revised on April 1, 2022