PRIVACY POLICY

NAS TOA Co., LTD. recognizes the proper and secure management of personal information and specified personal information as a critical responsibility. With this awareness, we are fully committed to protecting such information in accordance with the following principles.

1. Compliance with Laws and Regulations
We strictly observe all relevant laws and regulations concerning the protection of personal information (Note 1) and specified personal information (Note 2) when handling such data.
2. Use of Personal and Specified Personal Information
We will handle personal and specified personal information only within the scope of the stated purpose of use, and only after obtaining the individual’s prior consent, except where otherwise permitted by law.
3. Acquisition of Personal and Specified Personal Information
When acquiring such information, we use legitimate means and, unless otherwise permitted by law, disclose the purpose of use in advance or promptly notify or disclose it to the individual after acquisition. When obtaining information directly in writing from the individual, we will clearly state the purpose in advance.
4. Implementation of Safety Measures
We strive to keep all personal data (Note 4) and specified personal information accurate and up to date within the scope of the intended use. We also implement necessary security measures and supervise employees and subcontractors accordingly. Except where permitted by law, we do not disclose or provide such information to third parties without the individual’s prior consent.
5. Respect for the Rights of the Individual
We will respond appropriately, in accordance with applicable laws, to any requests for disclosure, correction, etc. of retained personal data (Note 5) or specified personal information. We will also handle complaints and inquiries from individuals promptly and in good faith.
6. Establishment and Implementation of Internal Rules
We have established internal policies, namely the “Personal Information Protection Management Regulations”, in accordance with relevant laws and regulations concerning the protection of personal information, and the “Specified Personal Information Management Regulations” regarding the secure handling of specified personal information. These policies are enforced and strictly followed by all executives and employees of the company.

（Definitions）
Note 1: Personal Information refers to information about a living individual that can identify a specific person by name, date of birth, or other descriptions contained in the information.
Note 2: Specified Personal Information refers to personal information that contains an individual number as defined by the “Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures.”
Note 3: Individual refers to a person identified by the personal information.
Note 4: Personal Data refers to personal information included in a personal information database or other systematically organized collection as defined by government ordinance.
Note 5: Retained Personal Data refers to personal data for which the company has authority to respond to disclosure or correction requests, excluding data whose existence is subject to legal exceptions (e.g., data to be deleted within six months or data whose disclosure may harm the public interest).