Handling of Personal Information

1 Intended use of Personal Information

1. Personal Information of business partners, those who participated in seminars sponsored or co-hosted by us, those who answered to our surveys, those who we received inquiries, users of our services, and visitors to our website (hereinafter collectively referred to as “Customers”)
   1. In order to provide our services, our affiliated companies services and alliance partners services to Customers.
   2. To analyze information such as Customers usage history of our services and the history of viewing the websites we operate, and to inform Customers of the services or the seminars which we, our affiliated companies and alliance partners provide.
   3. For the purpose of exercising rights and fulfilling obligations under contracts with Customers and laws and regulations
   4. For clerical work related to Customers
   5. For the research and development of services
   6. For the purpose of responding to inquiries, questions, and sending brochures upon requests
2. Personal Information of applicants for employment

   For managing our recruitment activities and for communicating with our recruitment applicants

3. Personal Information of partner companies

   For personnel management in the execution of business

4. Personal Information entrusted by business partners

   For the performance of the consigned services

5. Personal Information of employees and retirees
   1. For personnel management, labor management, payment of salaries and bonuses, welfare, health management, safety management, etc. concerning employees
   2. Preparation of withholding tax forms for retirees, payment of retirement pensions, and communication

2 Matters concerning security control measures for Personal Data

1. Formulation of the basic policy
   To ensure the proper handling of Personal Data, we have formulated and publicly announced our Personal Information Protection Policy as our basic policy.
2. Disciplines concerning the handling of Personal Data
   In order to appropriately manage and record the acquisition, use, storage, provision, deletion, and discard of Personal Data, we have established the Personal Information management ledger. We have also established various internal rules, rules, and guidelines concerning information management, including the clarification of the roles and responsibilities of persons responsible for the management of Personal Information and persons responsible for the management of Personal Information, and the handling of Personal Data.
3. Systematic security control measures
   We have appointed the Personal Information Protection Manager as the person responsible for the handling of Personal Information, and established the Personal Information Management Promotion Committee to implement internal controls on the protection of Personal Information.
   In addition, we have established a system in which employees are required to comply with various internal rules, rules, and guidelines concerning information management, including the handling of Personal Data, and to report to the Personal Information Supervisors when they are aware of a violation of the internal rules, etc.
   In addition, the Personal Information Management Promotion Committee meets regularly to assess the status of the handling of Personal Information, then review and improve the security control measures.
4. Human security control measures
   We regularly provide employees with education and training on the proper handling of Personal Data.
5. Physical security control measures
   We strictly control the scope of information assets that can be accessed by employees and implement measures to prevent unauthorized access to Personal Data.
   In addition, measures are taken to prevent the theft or loss of equipment, electronic media, and documents used for the handling of Personal Data.
6. Technical security control measure
   We implement appropriate access controls, such as limiting the scope of Personal Information databases by employees who handle Personal Data.
   We have also introduced a system for protecting information systems that handle Personal Data from unauthorized access from outside or unauthorized software, and have implemented appropriate operations.
7. Understanding of the external environment
   When handling Personal Data overseas, we will understand the system concerning the protection of Personal Information in the relevant foreign country and take the necessary and appropriate measures to ensure the safe management of Personal Data.

3 Procedures for Disclosure Request

If you are requesting a notification or disclosure of the purpose of use of our retained Personal Data (disclosure of retained Personal Data, correction, cease of use, or disclosure of records of provision to a third party), please follow the procedures below.

1. Request method
   Disclosure requests are accepted only by mail.
   Please attach the necessary documents to the prescribed application form and send it by post.
   Please note that the application cannot be accepted if there is any omission or error in the application form.
   Please send us the application form by postal mail or registered mail, specifying your request such as “Application for Disclosure” on the envelope.
   We do not accept requests made by any means other than the above (including but not limited to direct visits to the company or by e-mail).
2. Documents to be submitted
   Written application
   Please download the application form from here.
   Attached documents
   Document for identification of the applicant
   1. We will verify your identification.
   2. Please enclose a copy of your driver’s license, passport, health insurance card, residence card, or other identification document issued by a public organization (two copies among the above, if it is not a photo ID) when you send the application by mail.
   3. Please note that we will not be able to accept your request if the identification documents are not enclosed.
   4. If the person who is requested to disclose is the legal representative of the minor or the adult ward or the agent who entrusted the request for disclosure, please enclose the following documents.
      In the case of a statutory agent, one copy of a document (copy of the family register or, in the case of a person with parental authority, a copy of the health insurance card with dependents) to confirm that the person has the statutory agent, and one copy of a document (copy of the driver’s license, health insurance card, or passport) to confirm that the person is the statutory agent.
      In the case of a commissioned agent, one (1) copy of a driver’s license, passport, health insurance card, certificate of residence, or other identification document issued by a public organization (two copies among the above, if it is not a photo ID), and a power of attorney.
   
   Certificate of Payment of Fees
   1. 500 yen (including consumption tax) per application as a fee for notification of the Purpose of Use, disclosure of Personal Information, and disclosure of records of provision to third parties.
      If multiple requests are made simultaneously in a single application, the total amount shall be multiplied by the number of such requests.
   2. Please enclose a Fixed Amount Postal Money Order based on the fee.
   3. No fees shall be charged for correction, addition, deletion, suspension of use, deletion, or cease of provision of Personal Information to third parties.
   ※We will inform you of any shortage of the fixed amount of the commission or the absence of the fixed amount of the exchange. However, if you do not send us the fixed amount of the commission separately during the prescribed period, we will handle as if there was no request for disclosure.
3. Address
   〒103-8317 Nihonbashi Kabutocho 7-1 KABUTO ONE, Chuo-ku, Tokyo
   QUICK Corp.
   Attention: Secretariat, Legal Affairs Office, Personal Information Control Promotion Committee
4. Response
   Unless otherwise specified, responses to you will be provided in writing or by e-mail.
5. Contact Information
   Please contact us here for any inquiries regarding requests for notice or disclosure of the purpose of use of our retained Personal Data.

4 Revision

We acknowledge that the contents of the Personal Information Protection Policy and the Handling of Personal Information may be changed, added, or deleted as we consider it is necessary.
The revised Personal Information Protection Policy and the handling of Personal Information will be announced on our website.

GDPR (General Data Protection Regulation of the EU) Supplementary Rules

1 April, 2023

QUICK Corp. (“QUICK”) will comply with the following supplementary rules in handling Personal Data provided from the EU（European Union, including its Member States and, in the light of the EEA Agreement, Iceland, Liechtenstein and Norway, collectively “EU”) or the United Kingdom (“UK”) based on an adequacy decision in accordance with the General Data Protection Regulation of the EU and its equivalent laws and regulations in the UK (collectively, “GDPR”).

1. Special Care-required Personal Information
   In the event that Personal Data received from the EU or the UK based on an adequacy decision contains data concerning a natural person’s sex life, sexual orientation, or labor-union membership, which are defined as “Special Categories of Personal Data” under the GDPR, QUICK shall handle such Personal Data in the same manner as Special Care-required Personal Information within the meaning of Article 2, Paragraph 3 of the Act on the Protection of Personal Information of Japan (“Act”).
2. Specifying the Purpose of Use and Restrictions on the Purpose of Use
   In the case where QUICK receives Personal Data from the EU or the UK based on an adequacy decision, the circumstances regarding the acquisition of the said Personal Data shall be confirmed and recorded as prescribed by Article 30, Paragraphs 1 and 3, including the utilization purpose for which it is received from the EU or the UK.
   Similarly, in the case where QUICK receives Personal Data from another Personal Information handling business operator, that was previously transferred to such business operator from the EU or the UK based on an adequacy decision, the circumstances regarding the acquisition of the said Personal Data shall be confirmed and recorded as prescribed by Article 30, Paragraphs 1 and 3, including the utilization purpose for which it was received.
   In the above-mentioned cases, QUICK shall specify the purpose of utilizing the said Personal Data within the scope of the utilization purpose for which the data was originally or subsequently received, as confirmed and recorded pursuant to Article 30, Paragraphs 1 and 3, and utilize that data within the said scope (as prescribed by Articles 17, Paragraph 1 and Article 18, Paragraph 1 of the Act).
3. Restrictions on Provision to Third Parties in Foreign Countries
   When providing a third party in a foreign country with Personal Data that has been received from the EU or the UK based on an adequacy decision, QUICK shall obtain in advance the consent of the individual to the effect that the individual approves the provision of the Personal Data to the third party in the foreign country, after providing the individual with information on the circumstances surrounding the transfer destination necessary for the individual to make a decision regarding the consent, excluding the cases fall under one of the following (1) through (3).
   1. The third party is located in a country that is prescribed by the Rules of the Personal Information Protection Commission as a foreign country establishing a Personal Information protection system that is recognized to have equivalent standards to that in Japan in regard to the protection of an individual’s rights and interests.
   2. The third party located in a foreign country takes “measures in line with the purpose of the regulations in Chapter 4, Section 2 of the Act” in an “appropriated and reasonable manner”.
   3. Cases fall under each item of Article 27, Paragraph 1 of the Act.
4. Anonymously Processed Information
   QUICK shall deem Personal Data received from the EU or the UK based on an adequacy decision to be Anonymously Processed Information within the meaning of Article 2, Paragraph 9 of the Act, only if QUICK takes measures that make the de-identification of the individual irreversible for anyone including by deleting processing method etc. related information (*).

(*) The processing method etc. related information means information relating to those descriptions etc. and individual identification codes which were deleted from Personal Information used to produce Anonymously Processed Information, and information relating to a processing method carried out pursuant to the provisions of Article 43, Paragraph 1 of the Act (limited to those which can restore the Personal Information by use of such relating information).