PRIVACY POLICY(PERSONAL INFORMATION PROTECTION POLICY)

NTT Resonant Technology Incorporated (“we” or the “Company”) is engaged in cloud-based testing businesses. In the course of its business activities, the Company handles a large amount of personal information.
Please click here for Personal Information Handling Policy.
We believe that it is our social responsibility to protect and appropriately handle personal information in all of our corporate activities. Therefore, we are committed to the appropriate handling of personal information in accordance with the following privacy policy.

1.Specifying the Purpose of Use

When acquiring personal information, we will specify the purpose of use in our “Personal Information Handling Policy”

2.Restrictions based on Purpose of Use

We will handle the personal information we obtain only within the scope necessary to achieve the specified purposes of use. However, the foregoing does not apply when required by law or when necessary for the protection of human life, body, or property.

3.Proper Acquisition

We will only acquire personal information by lawful and fair means.

4.Notification, Publication, and Consent at the Point of Acquisition

When acquiring personal information, we will notify or publicly announce the purpose of use and other necessary matters in advance, and acquire personal information only after obtaining the consent of the customer. The same applies to the acquisition of personal information of customers in writing. When changing the purpose of use, etc., we will notify the customer in advance or publicly announce the purpose of use and other necessary matters to the customer in person, and obtain the consent of the customer himself/herself.

However, the foregoing does not apply when required by law or when necessary for the protection of human life, body, or property.

5.Securing the Accuracy of Information Contents

We will endeavor to keep personal information accurate and up-to-date to the extent necessary to achieve the purposes for which it is used.

6.Security Management Measures

We will take necessary safety measures to prevent leakage, loss, or damage of personal information and to otherwise safely manage personal information, and will review such measures as appropriate.

7.Employee Supervision

We supervise our employees who handle personal information in a necessary and appropriate manner to ensure the safe management of such personal information.

8.Outsourcing Supervision

1. We may outsource the handling of acquired personal information in order to achieve the purpose of its use. In such cases, we will select a contractor that is deemed to handle personal information properly, and will obligate the contractor to take necessary measures to protect personal information by concluding a contract, etc., and will supervise the contractor appropriately.
2. With respect to the preceding item, when outsourcing personal information to a business operator located in a foreign country (excluding countries specified in the laws and regulations on the protection of personal information as countries that have systems for the protection of personal information that are recognized as being at the same level as those in Japan in protecting the rights and interests of individuals), if consent has not been obtained from the customer, we will oblige the business operator to take necessary measures to protect personal information by concluding a contract, etc., with such business operator, in accordance with the requirements, such as having in place the necessary systems to continuously take measures equivalent to those required to be taken by the personal information handling business operator under the laws and regulations on the protection of personal information, and we will also supervise such business operator appropriately.

9.Provision of Personal Information to Third Parties

1. When we provide personal information to a third party, we will obtain the prior consent of the customer. However, the foregoing does not apply when required by law or when necessary for the protection of human life, body, or property.
2. Notwithstanding the preceding item, in the following cases 1. through 3., the person to whom such personal information is provided shall not be considered a third party.
   1. When all or part of the handling of personal information is outsourced to a third party within the scope necessary to achieve the purpose of use.
   2. When personal information is provided as a result of the succession of business due to merger or other causes.
   3. When personal information is to be jointly used; and the items of personal information to be jointly used, the scope of the joint users, the purpose of use, the name or title of the person responsible for managing such personal information, address, and name of the representative of the users are notified to the individual concerned or are made readily accessible to the individual concerned in advance.
3. Notwithstanding the preceding item, if the person to whom the personal information is provided is a business operator located in a foreign country (excluding countries specified in the laws and regulations on the protection of personal information as countries that have systems for the protection of personal information that are recognized as being at the same level as those in Japan in protecting the rights and interests of individuals), such business operator shall not be categorized as a third party, only if we obligate the business operator to take necessary measures to protect personal information by concluding a contract, etc. with such business operator in accordance with the requirements, such as having in place the necessary systems to continuously take measures equivalent to those required to be taken by the personal information handling business operator under the laws and regulations on the protection of personal information, and supervise such business operator appropriately.

10.Personal Related Information

When we receive personal related information from a third party and obtain it as personal data, we will do so only after obtaining the consent of the customer, unless the third party has obtained the consent of the customer in advance to provide the personal related information as personal data.

If we provide personal related information to a third party and the third party is expected to acquire the personal related information as personal data, we will provide the information only after confirming that the third party has obtained the consent of the customer in advance, except in cases where we have obtained the prior consent of the customer to provide the personal related information as personal data. However, the foregoing does not apply when required by law or when necessary for the protection of human life, body, or property.

11.Pseudonymized Processed Information

When handling pseudonymized processed Information, we will follow appropriate procedures in accordance with the laws and regulations on the protection of personal information, and will conduct safe management of the pseudonymized processed Information, as well as appropriately review the necessary safety measures.

12.Anonymously Processed Information

When we process personal information to create anonymously processed information, we will follow appropriate procedures in accordance with the laws and regulations on the protection of personal information, and we will also take necessary safety measures and conduct appropriate reviews for the safety management of anonymously processed information in accordance with the safety management of personal information. When providing anonymously processed information to a third party, we will also follow appropriate procedures in accordance with the laws and regulations on the protection of personal information.

13.Publication, etc., of Matters Concerning Personal Information

We will disclose the following information regarding personal information in our “Personal Information Handling Policy,” on our service website or in our terms of service, or respond without delay when we receive any inquiry.

1. Name of the personal information handling business operator, its address, and name of its representative
2. Purpose of use
3. Procedures necessary for disclosure to a customer or correction of his or her own personal data or to request discontinuation of use, etc.
4. Contact for inquiries
5. Measures taken for safety management

14.Purposes of Use regarding Outsourcing of Personal Information

We use personal information outsourced to us by third parties in the course of performing the outsourced work.

15.Disclosure of Personal Data

When a customer requests that we disclose to him or her his or her own personal data or records of provision to third parties, we will respond promptly. However, in the following situations, we may not disclose all or a portion of such data. In such cases, or when the relevant personal information does not exist, or when otherwise required by law, we will notify customers to that effect without delay. In addition, a fee will be charged when responding to a request for disclosure.

1. When there is a risk of harm to the life, body, property, or other rights or interests of the customer or a third party.
2. When there is a risk of significant obstruction to the proper operation of our business.
3. When such disclosure would violate the law.

16.Correction of Personal Data

If we receive a request from a customer to correct, add, or delete (“Corrections”) his/her personal information (only when the content of the personal information is not true), we will conduct the necessary investigation without delay and make the Corrections based on the results of the investigation.

17.Discontinuing Use of Personal Data

When we receive a request from a customer to discontinue use or delete his/her personal information (“Discontinuation of Use, etc.”), we will do so without delay if the request is found to be reasonable. In addition, if a customer requests us to stop providing his/her personal information to a third party (only in cases where we are providing such information to a third party in violation of the law), we will stop providing such information to the third party without delay if the request is found to be reasonable.

18.Contact Information

We take customer requests for disclosure, Corrections, and Discontinuation of Use, etc., of personal information, inquiries, opinions, complaints, etc., from our customers seriously and respond to them appropriately and promptly.

<Contact Address>
NTT Resonant Technology Incorporated
Personal Information Response Desk
Otemachi First Square, East Tower, 1-5-1, Otemachi, Chiyoda-ku, Tokyo 100-0004, Japan
E-mail: contact@nttr-tech.co.jp

19.Administrative System

We have an administrator responsible for managing personal information and implementing necessary protective measures. We also make efforts to maintain and improve the protection of personal information by periodically conducting in-house audits.

20.Employee Education

We educate and emphasize to our directors and employees the importance of appropriate handling of personal information while implementing all necessary measures.

21.Legal Compliance

We comply with the laws and regulations on the protection of personal information, the Personal Information Protection Commission’s “Guidelines Concerning the Act on the Protection of Personal Information”, and the Ministry of Internal Affairs and Communications’ Guidelines Concerning Protection of Personal Information in the Telecommunications Industries. In order to protect personal information, we will establish and comply with the necessary internal rules regarding handling methods, responsible persons and persons in charge, and their duties at each stage of acquiring, using, storing, providing, deleting, and disposing of personal information. In addition, we will continuously improve our personal information protection management system in response to changes in the social environment.