Personal information protection policy

MEDLEY, INC. (hereinafter referred to as "the Company") believes that it is our social responsibility to properly handle personal information when conducting corporate activities. To fulfill this responsibility, we have established a personal information protection policy, as shown below. We have also established a personal information protection management system and take responsibility in fulfilling our obligations as a company.

Article 1: Acquisition and Use of Personal Information

The Company acquires personal information after clarifying the purpose of use and will use this information only within the scope of the purpose.

Article 2: Management and Protection of Personal Information

The Company will strive to implement appropriate security to prevent the loss, misuse, or modification of personal information under the Company's control and take immediate corrective measures in the event of any issues. In addition, in principle, data will not be disclosed or provided to third parties unless the data subject.

Article 3: Compliance with Laws and Regulations

The Company will comply with applicable laws, regulations, national guidelines, and other standards concerning the handling of personal information under the Company's control.

Article 4: Response to Inquiries and Complaints

The Company will respond promptly to inquiries and complaints about personal information under the Company's control.

Article 5: Continuous Improvement and Structure of the Personal Information Protection and Management System

The Company will continue to make improvements to our management systems and procedures for protecting personal information.

1. Purpose

The purpose of these regulations (hereinafter referred to as "the Regulations") are established for the purpose of ensuring that the Company appropriately collects and uses personal information that the Company collects, stores, uses, and provides, and that the Company stores the personal in a safe and up-to-date condition and properly disposes of it to ensure the security of personal information. The Company may, in addition to and separate from the Regulations, establish separate privacy policies, rules, terms, and conditions (collectively referred to as “the Individual Rules”) for specific services, activities, websites, etc. (collectively referred to as “the Specific Services”) and apply the Individual Rules to the Specific Services. For details, please refer to “13. Services, etc. to which the Individual Rules Apply” below.

2. Definitions

1. “Personal information” means information on individuals (including individual customers, business partners, and employees) that can be used to identify the individual by using letters, images, or sounds, such as addresses, names, telephone numbers, or e-mail addresses.
2. “Data subject” means the individual who can be identified by personal information.

3. Personal Information Manager and Contact Information

The Personal Information Manager Contact Information is as follows:
MEDLEY, INC.
Personal Information Manager
Telephone number: 03-4520-9820
E-mail address: privacy@medley.jp
* Working hours are from 9 a.m. to 6 p.m. on weekdays.
* We are unable to accept inquiries made by direct visits to the Company.

4. Purpose of Collection and Scope of Use of Personal Information

The Company collects personal information within the scope of our business activities, clearly defines the purpose of collection, and uses it within the scope necessary to achieve that purpose. When the Company collects and uses information beyond the scope of the purpose, we will give notice to that effect to the data subject and collect and use personal information after obtaining the consent of the data subject. However, if the data subject provides comprehensive consent for the notification, individual consent shall not be required. The purpose of collection and scope of use of personal information are as below. Please note that the purpose of collection and scope of use of personal information obtained through the Specific Services may be stipulated in the Individual Rules. For details on the Individual Rules for the Specific Services, please refer to “13. Services, etc. to which the Individual Rules Apply” below.

1. To provide services of the Company
2. To improve and upgrade the services of the Company or to research and develop new services
3. To send information and materials regarding the services of the Company or its group companies and to conduct other marketing activities
4. To receive applications for various questionnaires, campaigns, etc., and to contact winners and to ship prizes, etc.
5. To recruit monitors and interviewees for articles and to accept applications, and to contact with the relevant individuals
6. To perform the tasks required to respond to inquiries from data subjects
7. To contact regarding studies, proposals, negotiations, etc. to promote business or transactions with the Company or its group companies
8. To prevent, monitor and investigate illegal, improper or prohibited activities, etc.
9. To fulfill obligations and to conduct procedures in accordance with laws, contracts, etc.
10. Other cases necessary for the performance of work related to or incidental to the aforementioned works

5. Provision of Personal Information to Third Parties

As a general rule, we do not provide the personal information of the data subject to any third party without the consent of the data subject. We provide personal information only if the data subject agrees to it after identifying the recipient and the content of the personal information to be provided. However, in the following cases, personal information may be provided without the permission of the data subject.

1. When disclosure or provision is permitted by law
2. When the data subject is determined to be violating the interests of a third party
3. When disclosure of the data subject's personal information is requested by a court, public prosecutor’s office, police, lawyers' associations, consumer centers, or similar institutions.
4. When it is particularly necessary to improve public health or promote healthy child development and it is difficult to obtain the consent of the data subject
5. Where it is necessary for the Company to cooperate with a national institution, a local public organization, or a person commissioned by such institution or organization to in the execution of duties prescribed by law and it is determined by the Company that there is a risk of interfering with the execution of duties by obtaining the consent of the data subject
6. When the Company is explicitly requested by the data subject to disclose or provide the personal information to a third party
7. When part or all of the duties for handling personal information are outsourced within the scope necessary to achieve the purpose of use
8. When providing personal information in association with succession of business due to merger or other reasons
9. When providing personal information within the scope of the Company’s legitimate businesses and without the risk of harm to the interests of the data subject

6. Indemnification

In the following cases, we are not responsible for obtaining personal information by third parties.

1. When the data subject himself/herself provides his/her personal information to a third party
2. When the data subject is identified based on information entered by the data subject or others into the services of the Company
3. When the data subject provides personal information via an external site linked to the services of the Company or when the personal information is used by a third party.
4. When information (ID, passwords, etc.) that can be used to identify the data subject is obtained by someone other than the data subject

7. Management of Personal Information by Third Parties

The personal information provided to third parties based on the consent of the data subject shall be managed under the responsibility of the third party as a recipient.

8. Outsource of Personal Information

The Company may outsource all or part of the handling of personal information to the extent necessary to achieve the purpose of use. When we outsource the handling of personal information, we will select appropriate service providers and strive to ensure that the personal information is managed safely and appropriately.

9. Accuracy of Personal Information

The Company will strive to accurately process the personal information provided. However, the data subject shall be responsible for ensuring that the content of the personal information provided is accurate and up-to-date.

10. Use of Statistical Data

Based on the personal information provided, the Company may process statistical data which cannot be used to specify any individual. The Company may use statistical data that has been processed so that any individual cannot be identified without any restrictions.

11. Changes to Personal Information

As a general rule, only the data subject can request disclosure, correction, deletion, or suspension of use of the registered personal information, as well as suspension of provision to third parties (hereinafter referred to as "the Disclosure"). The deletion of personal information or the suspension of use of personal information may make it impossible for the data subject to receive services currently in use. In addition, if the Company is unable to respond to a request for the Disclosure due to any of the following reasons, the Company will explain to the data subject why the Company is unable to respond to it. Applications for the Disclosure of personal information to the Company shall be made using the application form template specified by the Company.

1. There may be a risk of harm to the life, body, property, or other rights of the data subject or a third party
2. There may be a risk of significant interference with the proper implementation of the businesses of the Company
3. It would be violation of laws and regulations

12. Obtaining Personal Information by a Method Not Easily Recognized by the Data Subject

Information on attributes and behavior history may be obtained using technologies such as cookies to improve the usability of sites, to obtain statistical information such as accessibility, and to optimize the efficacies of advertising. However, the use of such technologies will not result in the obtainment of personal information not entered by the data subject. Individuals can also refuse to save cookies by setting up their browsers; however, the required features such as logging in will no longer be available.
Please refer to this "example of use of external services" for more information about cookies, the setting of behavioral targeting ads, and procedures for opting out.

13. Services, etc. to which the Individual Rules Apply

As stated in “1. Purpose” above, the Company may, in addition to and separate from the Regulations, establish the Individual Rules for the Specific Services and apply the Individual Rules to the Specific Services. In such cases, unless otherwise stipulated in the Individual Rules, the Individual Rules shall apply, together with the Regulations, to the relevant Specific Services, and in the event of any inconsistency or conflict between the Individual Rules and the Regulations, the content of the Individual Rules shall prevail.
The Individual Rules (in Japanese) and the Specific Services include the following.

14. Changes in Regulations for Handling Personal Information

Unless otherwise specified by law or regulation, the Company may change the Regulations for Handling Personal Information at any time.