Handling of Personal Information

8-17-1 Nishishinjuku, Shinjuku-ku, Tokyo
Koki Sato, Representative Director

COMICSMART INC. (the “Company," "we" or “our”) will handle personal information obtained in relation to our business operations as follows. Rules regarding the Company's handling of personal information in individual services and initiatives shall be set forth separately for each individual service and initiative.

1. Acquisition on Personal Information
(1) The Company shall acquire personal information or personally referable information* (hereinafter referred to, collectively, as "personal information, etc.,") in relation to its business operations using any of the following methods.
a. Direct acquisition, from the individual in question
E.g.: We acquire personal information from the individual by them filling out a paper form, or by direct entry into a website form.
b. Indirect acquisition, from the individual in question
E.g.: We acquire personal information, etc., published in a publication or on the internet.
c. Direct or indirect acquisition, from a website operated by the Company
E.g.: We acquire site usage history automatically via tags set on a website operated by the Company.
d. Indirect acquisition from a third party
E.g.: We acquire personal information via a data management platform or social media.
(2) The Company may acquire personal information, etc., by methods that may not be easily perceived by the individual in question. Please see here for information regarding cookies and acquisition of personal information, etc., by ad technology, etc.. This includes cases where the Company does not acquire personal information but providers of ad technology services, etc., do acquire personal information.
*About personally referable information
“Personally referable information” means information relating to an individual which does not fall under the categories of personal information, pseudonymously processed information and anonymously processed information. It does not include statistical information.
E.g.: Postal (zip) codes, email addresses, gender, occupation, hobbies and interests, customer ID numbers, information stored in cookies, IP addresses, device ID numbers, advertisement identifiers (AAID/IDFA), other identifiers and location data, browsing histories, purchasing histories and other log data pertaining to Internet usage, etc.
The Company acquires (and handles) any personally referable information as personal information if it can be readily collated with other information and thereby identify a specific individual.

2. Purpose of Utilizing Personal Information
The purpose(s) of utilizing personal information, etc., that the Company acquires are as follows.
(1) For conclusion of agreements with our customers and partners (including membership registration for use of websites operated by the Company)
(2) For handling requests from our customers and partners and implementing agreements with customers and partners
(3) For communicating with our customers and partners
(4) For sending information about trade shows, seminars, products, and services etc. of the Company and Group companies
(5) For developing and improving products and services of the Company and Group companies and improving their quality
(6) For the marketing, sale and sales promotion of the products and services of the Company and Group companies
(7) For creating statistics
(8) For analyzing site usage and browsing status, for the purpose of improving this site
3. Use of Personally referable Information Provided to the Company by Third Parties in Conjunction with Personal Information
The Company may make use of personally referable information provided to it by third parties in conjunction with personal information already in the possession of the Company. Please see here for details regarding such cases.

4. Provision and Entrusting the Handling of Personal Information to Third Parties
(1) The Company may provide personal Information to third parties within the extent permitted by law (including when obtaining the consent of the individual in question, and performing procedures required by law.)
(2) The Company may entrust the handling of personal information to third parties ("contractors"), within the necessary scope to achieve the purpose(s) of utilizing Personal Information described in Section 2. In such cases, the Company shall enter into an agreement with the contractor, who must meet selection criteria for contractors, and appropriately manage work performed by the contractor.
(3) Third-party providers and contractors may include third parties located outside of Japan (*).
*The Company provides details regarding cases where we provide, or entrust the handling of, personal information to third parties located outside of Japan.
5. Shared Use of Personal Information
The Company makes shared use of personal information as follows.
(1) The categories of the jointly utilized Personal Information:
a. Information acquired in relation to an agreement between the Company and a customer and/or partner
b. Contact details of customers and/or partners
(2) The scope of a jointly utilizing entity:
The Group companies(http://www.septeni-holdings.co.jp/septenigroup.pdf)
(3) The utilization purpose for the jointly utilizing person:
a. For having an appropriate Group company respond to inquiries about the Group’s products and services
b. For developing and improving products and services of the Group companies and improving their quality
c. For the marketing, sale and sales promotion of the products and services of the Group companies
(4) The entity responsible for controlling the jointly utilized Personal Information:
8-17-1 Nishishinjuku, Shinjuku-ku, Tokyo
Koki Sato, Representative Director
(5) How to acquire Personal Information: In writing, in the form of electronic data, or by other means
6. Voluntary Nature of Provision of Personal Information by Individuals and the Result of Refusal to Provide Personal Information
Customers and partners may decide voluntarily whether to provide their personal information to us. If they do not provide their personal information, they may be unable to receive the services which they wish to receive.

7. Procedure for Demand for Disclosure etc.
(1) Individuals may make the following demands ("Demands for Disclosure, etc.") to the Company, within the scope permitted by law, with regard to personal information handled by the Company.
a. Notification of the purpose of use
b. Disclosure of records of personal information or records of provision to third parties
c. Corrections, additions or deletions of personal information, a utilization cessation or deletion, or cessation of provision to third parties
(2) Procedures regarding Demands for Disclosure, etc., are as follows.
a. Privacy Consultation Desk, which is written about in “Inquiries” below, will receive the Demand for Disclosure etc.
b. The person who makes a procedure for Demand for Disclosure etc. is required to send by mail a request form prescribed by the Company and necessary documents, including identification documents. When you wish for information disclosed to be provided in electronic record form, please make that fact known when requesting disclosure. We will inform you regarding specific methods of disclosure.
c. The person making the Demand for Disclosure, etc., will be charged a prescribed fee per demand for notification of the purpose of utilizing personal information, disclosure of the contents of personal information or records of provision to third parties.
The details of the procedure are available here.
8. Security Control Action
The Company shall endeavor to keep personal information accurate and up-to-date, and will implement necessary and appropriate action for the security control of the information as follows for protecting the information from unauthorized access, falsification, leakage, loss or other damage.
(1) Formulation of basic policy
To ensure that personal information is handled appropriately, the Company has formulated a basic policy covering matters such as compliance with relevant laws, regulations and guidelines and a point of contact for dealing with privacy-related questions and complaints.
(2) Development of rules governing the handling of personal information
The Company has formulated rules on the handling of personal information, setting out handling methods, the persons responsible/in charge, their responsibilities, etc., at every stage of the process, from collection, use, storage and provision to deletion and destruction.
(3) Systematic security control action
a. The Company has established a person responsible for the handling of personal information and has also clarified the employees who handle personal information and the scope of personal information handled by these employees, and developed a system for reporting to and liaising with the person responsible in the event of discovery of an actual or suspected breach of laws or privacy regulations.
b. The Company implements periodic self-inspections on the status of handling personal information.
(4) Human security control action
a. The Company regularly provides training to employees on matters to be considered when handling personal information.
b. The Company stipulates rules regarding maintaining the confidentiality of personal information in its work regulations.
(5) Physical security control action
a. In areas where personal information is handled, the Company restricts employee access and the equipment which can be brought in and we also take measures to prevent unauthorized persons from viewing personal information.
b. The Company takes measures to prevent the theft and loss of equipment, electronic media and documents containing personal information. Moreover, when carrying such equipment, electronic media or documents around, such as when moving between offices, the Company takes measures to ensure they cannot be easily accessed.
(6) Technological security control action
a. The Company uses access control to limit the scope of persons in charge of handling personal information and the scope of the personal information database they handle.
b. The Company introduces frameworks to protect information systems that handle personal information against illegal access from outside or malware.
(7) Assessment of external environment
When the Company handles personal information in overseas countries (including cases where the Company entrusts the handling of personal information to third parties located outside of Japan), it implements security control action based on an understanding of privacy legislation and other systems in place for the protection of personal information in the countries in which it stores personal data.
9. Response to Information Leaks and Other Incidents
In the event of a personal information leak or other such incident, the Company reports to the relevant supervisory authorities in accordance with the Act on the Protection of Personal Information and related guidelines, and takes necessary measures, such as measures to prevent recurrences or the occurrence of similar incidents, in accordance with the instruction of the relevant supervisory authorities.

10.Personal Information Protection Manager
Secretary General of Information Security Bureau

11. Inquiries
For inquiries, complaints, consultations on the handling of and the Procedure for Demand for Disclosure etc. of Personal Information please contact Privacy Consultation Desk.

Privacy Consultation Desk
Company name: COMICSMART INC.
Contact: Secretary general of Information Security bureau
Location: 8-17-1 Nishishinjuku Shinjuku-ku, Tokyo
E-mail: pms@comicsmart.co.jp

Established February 1, 2013
Revised January 1, 2016
Revised February 1, 2017
Revised January 1, 2018
Revised January 1, 2020
Revised April 1, 2022

This English translation is for reference purposes only and not a legally definitive translation of the original Japanese texts. If a difference arises regarding the meaning herein, the original Japanese version shall prevail as the official authoritative version.