Policies for handling personal information

At P.C.F. FRONTEO, Inc., its parent company and group companies, (hereafter the "Company"), the right of individuals to the privacy of their personal information and individual number is honored, about personal information (Act on the Protection of Personal Information, Article 2 paragraph 1), and individual number (Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure, Article 2 paragraph 5). The following practices are in place to protect such information:

• Company assigns managers to deal with departments at sites which have responsibility for dealing with personal information and individual number.
• Company acquires personal information by lawful and fair means with obtaining the consent of the Person ("Person" shall mean a specific individual identified by personal information.) and within the scope necessary for the achievement of the purpose of utilization.
• Company will handle personal information within the scope of the following utilization purpose.
      1. The utilization purpose of personal information that Company acquires in other manner besides Company obtains
          from the Person in writing directly.
        1-1. Utilization for the purpose of executing the entrusted business adequately when Company accepts on trust.
        1-2. Applicants information for a job opening through the job sites.
              a. To notify information for a job opening, review and decide candidates
      2. The utilization purpose of personal information for disclosure
        2-1. Dealing with personal information of Company's service user
              a. To supply, invoice, and process payment for products/services ordered to Company
              b. To notify about Company's products/services and to send/collect surveys
              c. To send presents as Company's campaign activities
              d. To confirm, respond to, and address the content of inquiries to Company
        2-2. Dealing with customer's personal information
              a. To conduct business correspondence
              b. To confirm, respond to, and address the content of inquiries to Company
        2-3. Dealing with personal information regarding inquiries/complaints etc. to Company
              a. To confirm, respond to, and address the content of inquiries/complaints etc. to Company
        2-4. Dealing with shareholder's information
              a. To secure exercise of rights for shareholders, to contact, and to send IR materials
        2-5. Dealing with applicants information for a job opening and employee (including temporary workers and former workers) information
              a. To notify information for a job opening, review and decide candidates
              b. To manage human resources and offer welfare programs
        2-6. Beyond above, to use according to the utilization purpose that the Person has agreed previously

        Provided that, the provisions of the preceding two paragraphs shall not apply to the following cases:
              i.  Cases in which the handling of personal information is based on laws and regulations.
              ii. Cases in which the handling of personal information is necessary for the protection of the life, body, or property of an individual
                  and in which it is difficult to obtain the consent of the person.
              iii. Cases in which the handling of personal information is likely to interfere significantly with Company's proper operation.
              iv. Cases in which the handling of personal information is specially necessary for improving public health or promoting the sound growth
                  of children and in which it is difficult to obtain the consent of the person.

• Company will handle individual number, within laws and within utilization scope that set by the third commission established in laws.
  Provided that, the provisions of the preceding shall not apply to the following cases:
            v. Cases in which the handling of individual number is necessary for the payment from financial institution at the time of disasters.
            vi. Cases in which the handling of individual number is necessary for the protection of the life, body, or property of an individual.
• When Company changes the purpose for which the personal data is used, Company shall, in advance, notify the person of the content of the change or put it in a readily accessible condition for the person. (excluding the above (i)~(iv))
• Company will not disclose personal information to any third parties without seeking Person's prior consent. (excluding the above (i)~(iv))
• Company will not share and use personal information with a third party without Person's prior consent.
• Company may outsource a part of Company’s job so that Company provides better service to Company’s customer. On this occasion, Company may entrust personal information and individual number to the outsourcing contractor. Company will select the outsourcing contractor which Company can choose according to Company’s selection policy, make a contract including the protection of information, and manage and/or supervise the outsourcing contractor seriously.
• Company will respond to requests from Person or Person's representative pertaining retained personal information to disclose, correct, add to, delete, halt or erase utilization, halt provision to a third party (collectively referred to hereafter as "Disclosure etc."). When requesting Disclosure etc., specify items subject to Disclosure etc. and follow the procedure below or the procedure separately designated by the party Person is issuing the request to for Disclosure etc.


< Disclosure Request Procedure of the personal information >
Those who may request Disclosure etc.: Person, Person's legal representative, or Person's mandatary
Procedure:             Prepare the required documents below and send to Request Contact.
Required Document: 1. Request for Disclosure etc. (in any format; must include specification of requested content,
                                   your name, address, and telephone number.)
                               2. Identity verification (A copy of a document issued by an official agent, such as a driver license,
                                   resident card, or passport)
                                   If request is being issued by a legal representative or mandatary, the following documents must also be attached.
                               3. Document to confirm power of attorney: Copy of a document to confirm legal power of attorney,
                                   such as a family register.
                                   A letter of proxy (with your registered seal) and your seal registration certificate (issued within the last three months)
                               4. Document to verify the identity of the representative (A copy of a document issued by an official agent,
                                   such as a driver license, resident card, or passport)
Fee:                         None (however, cost and expense to send the document regarding request for Disclosure etc. shall be borne
                               by a requester.)
Request Contact:      Attn; Head of administrating personal information, P.C.F. FRONTEO, Inc.
                                       2-12-23, Kounan, Minato-ku, Tokyo, 108-0075, Japan
Other precautions:   < Precautions regarding Person's identity verification documents and document to confirm power of attorney >
                               Please black out any listed information about registered domicile, medical records, etc. before sending by post.
                               < Cases in which Disclosure etc. cannot be accommodated >
                               Please note that Company cannot accommodate requests for Disclosure etc. in the following cases.
                               Should this occur, Company will advise so and specify the reason.
                                   1. When Company cannot confirm that the person requesting Disclosure etc. of retained personal information is
                                     Person or its representative
                                   2. When the information subject to the Disclosure etc. request does not qualify as retained personal information
                                   3. When there is danger of harming Person or a third party's life, health, property, or other rights and interests
                                   4. When there is risk of significant interference in appropriate execution of Company's operations
                                   5. When this will result in violation of other laws
                               < Purpose of utilization of personal information obtained through Disclosure etc. requests >
                                 Personal information obtained through Disclosure etc. requests will be handled only as needed
                                 for Disclosure etc. Submitted documents will not be returned. Company will appropriately manage and dispose
                                 the documents after completing our response to the request for Disclosure etc.


• To maintain the accuracy of personal data, Company shall strive to manage to personal information and individual number strictly and make them as up-to-date, within the scope of the utilization purpose.
• Handling of personal information and individual number provided from our customers is in compliance with applicable laws and regulations regarding personal information held by Company. Company continues, at all times, to review and improve its handling of personal information.
• Please contact the below for complaints and inquiries regarding handling of personal information and individual number by Company.
      Attn; Head of administrating personal information, P.C.F. FRONTEO, Inc.
              2-12-23, Kounan, Minato-ku, Tokyo, 108-0075, Japan
              Phone: +81-(0)3-5463-8333
              Business hours (Japan Time): 10:00 AM to 5:00 PM; closed Saturdays, Sundays, national holidays,
              and holidays designated by Company)



Company's services may require Company's customers to allow Company to handle critical data besides personal information. The following preventive measures accompany critical processes such as e-discovery and advanced forensics services:

• Only authorized personnel are allowed within some purpose-built Labs for computer-analysis (hereinafter “Lab”).
• Biometrics authentication systems are set up at entry and exit points of the Lab, which logs all entry and exits.
• Surveillance Cameras are set up in the Lab. The surveillance cameras record and preserve any event of anyone entering or leaving the Lab or accessing the Server or PC terminals.

January 1, 2019
P.C.F. FRONTEO, Inc.
Representative Director Syusaku Nozaki
Tel: +81-3-5463-8333
E-mail ： pcf_info@pcf.co.jp

We are ISO27001 certified

Registered organization	P.C.F. FRONTEO, Inc.
Date of registration	March 24, 2012
Attestation standard	ISO/IEC 27001:2013 JIS Q 27001 : 2014
Registration range	Forensic service Information security diagnosis and Consulting service
Accrediting agency	Union of Japanese Scientists and Engineers (JUSE)
Attestation registration number	JUSE-IR-164

ISO:27001 is an international standard of information security management system (ISMS). The information security management system based on ISO: 27001 will continue to be maintained in the future. It works on strengthening and maintaining the security of customers’ valuable information.