Basic Policy on Personal Information Protection

1. Acquisition of personal information

We collect personal information only to the extent necessary for business purposes and in a proper manner in compliance with the Act on the Protection of Personal Information and other relevant laws and regulations. When handling customer inquiries over the phone, we may record calls to ensure accurate understanding of inquiries and to enhance future service quality.

2. Purpose of use of personal information

We use personal information only to the extent necessary to achieve the following purposes and do not use it for any other purposes.

（1）Soliciting insurance entrusted by the non-life and life insurance companies listed in the links below, acting as an agent or intermediary for insurance contracts, maintaining and managing insurance contracts, and performing operations as an insurance agency.

（2）Provision of services of the Company (including group companies and partner companies) that are incidental to or related to （1）, as well as services entrusted by insurance companies.

We publish these purposes of use on our website along with the Basic Policy and make them publicly available by displaying them at our headquarters, sales divisions, branch offices, and sub-branch offices.

• *Please refer to the websites of insurance companies that entrust their agency business to us for their purposes of personal information use.

3. Security management measures for personal information

We implement the following sufficient security measures to prevent the leakage, loss, or damage of personal information and ensure its proper management. We also take appropriate measures to keep personal information accurate and up-to-date.

(Establishment of the Basic Policy)

We establish guidelines regarding the Company's name, the establishment of a contact point for complaints, inquiries, and requests related to personal information, a declaration on the secure management of personal information, a commitment to continuous improvement of the Basic Policy, and a statement on compliance with relevant laws and regulations.

(Establishment of rules for the handling of personal information)

Our rules and procedures for personal information establish the basic methods for acquiring, using, storing, and handling such information.

(Organizational safety management measures)

We appoint personnel responsible for personal information management, establish and implement an inspection and audit system for its handling, and develop a response framework for potential data breaches and other incidents.

(Personnel security management measures)

We have concluded confidentiality agreements on personal information with our employees, established working regulations, ensured thorough dissemination, and implemented education and training programs.

(Physical security management measures)

We have taken measures such as storing documents and external media under lock and key to prevent loss and theft, shredding, incinerating, dissolving, and deleting personal information when disposing of it, and prohibiting the removal of personal information without the consent of the information manager.

(Technical security management measures)

We implement measures to prevent unauthorized access, including the use of strong passwords, the prohibition of ID sharing, and the use of devices with encryption capabilities.

(Supervision of contractors)

We establish criteria for selecting contractors based on the status of their security management systems when outsourcing the handling of personal information to a third party. We specify conditions for subcontracting and responsibilities in case of data breaches in the outsourcing agreement, and conduct regular assessments of the contractor's security management systems.

4. Provision of personal information to third parties and acquisition from third parties.

We do not provide personal information to third parties without prior consent from the individual, except in the following cases.

(1) When required by laws and regulations.

(2) When necessary to protect a person’s life, body, or property, and when obtaining their consent is difficult.

(3) When particularly necessary to improve public health or promote the sound upbringing of children, and when obtaining the individual's consent is difficult.

(4) When necessary to cooperate with a national government agency, local government, or an entity entrusted by them in executing affairs prescribed by laws and regulations, and when obtaining the individual's consent is likely to hinder the execution of those affairs.

(5) When the third party is a research institution and needs to handle the personal data for academic research purposes (including cases where part of the purpose of handling the personal data is academic research), except when there is a risk of unjust infringement on the rights and interests of individuals.

When personal information is provided to or obtained from a third party, we verify the details of the provision and acquisition process, record and store legally required information such as the name of the recipient or provider.

5. Shared use of personal information

We may jointly use personal information obtained in the course of business with insurance agencies that conduct insurance solicitation business under the Agreement on Joint Solicitation with us. Additionally, based on a business cooperation contract, we may share personal information with insurance agencies engaged in telemarketing and partner companies providing agency services for handling telephone inquiries, in accordance with '2. Purpose of Use of Personal Information' above, for contracts with Aflac Life Insurance Japan Ltd.
The personal information to be jointly used will be the same as that used by us, and we will be responsible for security management."

6. Handling of sensitive information

We do not acquire, use, or provide to third parties any special care-required personal information (race, creed, social status, medical history, criminal records, and crime victim information, etc.), nor personal information related to labor union membership, lineage, registered domicile, healthcare, or sexual life ('sensitive information'), except as stipulated by the Personal Information Protection Act and other applicable laws and guidelines.

7. Responding to requests for disclosure or correction of personal information

We will promptly respond to the request unless there is a special reason after confirming the identity of the customer if we are requested by a customer for the disclosure, correction, addition, or suspension of use of personal information related to the customer.
We have established a contact department responsible for handling inquiries from customers about personal information. Please contact the responsible department provided at the end of this page for any inquiry related to personal information, such as disclosure and correction, etc.

8. Revisions

We may revise this basic policy as necessary to ensure appropriate protection of personal information and to comply with amendments to the Personal Information Protection Act and other relevant laws and regulations. If this basic policy is revised, we will promptly disclose the changes through methods such as posting them on our website.