Toyo Co., Ltd. (hereafter "the Company") considers the correct handling of personal data as one of our fundamental business activities, and as our responsibility to society. In light of this, we pledge to comply with the policies stated below.

1. Compliance with laws

In order to handle customer data in an appropriate manner, the Company faithfully complies with the Act on the Protection of Personal Information (hereafter "the Law"), as well as duties that are defined by related miscellaneous regulations regarding the protection of personal data.
As defined in Article 2.1 of the Law, personal data refers to data related to persons in existence that can be used to personally identify specific individuals. This definition also applies in the following paragraphs.

2. Usage of personal data

The Company handles personal data within the scope of the state purpose of use after specifying how the data will used insofar as is possible, excepting cases where consent has been obtained from the person in question beforehand, or where the data is handled as an exception in accordance with laws and regulations.
The “person in question” refers to a specific individual who is identified by means of personal data. This definition also applies in the following paragraphs.

3. Proper acquisition of personal information

When the Company obtains personal data, it is assumed that said data has been obtained through appropriate means. The purpose of use is either made public in advance, or is announced to the person in question (or is made public) immediately after the data is obtained, except in cases whether said data is to be handled as an exception in accordance with laws and regulations. Note that in cases where personal data is directly obtained from the person in question, this is made clear in advance.

4. Measures taken to ensure safe management

The Company strives to keep the data of each individual that it handles within the scope of their purpose of use, in an accurate and up-to-date manner; and takes the necessary and appropriate measures for safe management, to appropriately oversee our employees and outsourced companies.
The "individual data" is defined as personal information that makes up a personal information database or other resource (Article 2.2 of the Law), as defined in Article 2.4 of the Law.

5. Provision of personal information to third parties

The Company will not provide individual data to any third party without the prior consent of the person in question, excepting data that is considered an exception in accordance with laws and regulations.

6. Requesting disclosure of information

The Company will comply with requests to disclose, correct, or otherwise handle the individual data we store, from the person in question.

7. Inquiries regarding complaints, etc.

The Company will take care of any complaints regarding the personal data we handle from the person in question in a speedy and appropriate manner, and we also strive to create internal frameworks for this purpose.

8. Internal audits and ongoing improvement

The Company will continue to improve our protection policies in regard to the personal data we handle, through appropriate internal audits and so on.