Sanko Metal Industrial handles all personal information obtained and used in business (hereinafter referred to as “Personal Information”) in the following manner, in the light of the importance of protection of personal information:

1. Observance of laws and regulations, compliance with guidelines and establishment of office regulations

(1) We abide by the “Act on the Protection of Personal Information” and related laws and regulations. We also make efforts to conduct business in compliance with guidelines established by administrative organizations.

(2) We establish office regulations concerning management of Personal Information, and make efforts to protect it in an appropriate manner.

(3) We ensure that the laws, regulations, guidelines and office regulations mentioned above are made known to and observed by all employees. We also review and improve this basic policy and office regulations on a continual basis.

2. Basic policy concerning acquisition and use of Personal Information

(1) When we obtain Personal Information, we specify the purpose of use of the information as clearly as possible.
When we obtain Personal Information at first hand, we notify the relevant person of the purpose of use of the information, or make it known to the public.
We disclose the purpose of use of the Personal Information in an appropriate manner upon request by the relevant person after we obtain it (except in cases where the application of this policy is exempted by laws and regulations).

(2) We use the Personal Information within the scope of the specified purpose. We never change the purpose of use and provide it to third parties without prior consent of the relevant person.
We take appropriate measures promptly upon request by the relevant person such as notification of the purpose of use, disclosure or correction of the information, and discontinuation of use (except in cases where the application of this policy is exempted by laws and regulations).

(3) We keep the Personal Information obtained in as correct and up-to-date state as possible. We take appropriate measures to protect it against incidents such as unauthorized access, loss, corruption, falsification and leakage of data.

(4) When we outsource data processing of the Personal Information, we stipulate the responsibility of the contractor to manage the information by agreement in advance, or take other appropriate measures.