Privacy Policy

Policy for the Protection of Personal Information

SAN HOLDINGS receives and uses the information concerning customers in order to conduct holding company, real estate and administrative operations. We are well aware of the social obligations concerning the proper management of this information. We have established the following policy for the protection of personal information as guidelines for the establishment and improvement of a sound risk management framework for personal information. In addition, a personal information protection management system has been established for the reliable implementation of measures in accordance with this policy.

This personal information protection policy is used for activities within the SAN HOLDINGS Group as well as for external activities.

For personal information used for business activities, the purpose of use is clearly defined when the information is received and individuals providing this information are notified of the purpose or the purpose made available to the public. Furthermore, this information is used solely as needed for the designated purpose.
Employees receive thorough training to be certain that personal information is used solely for the purpose that was explained to individuals when the information was received or was made public.
SAN HOLDINGS does not share personal information with third parties except when the consent of the individual has been received or the provision of information is required by law.
SAN HOLDINGS complies with Japan’s Personal Information Protection Law as well as the directives and other rules of all countries associated with the business operations of SAN HOLDINGS. Personal information is managed strictly by all group companies in accordance with the provisions of JIS Q 15001, which contains requirements for personal information protection management systems.
SAN HOLDINGS analyzes and recognizes risk factors concerning the handling of personal information and exercises care to prevent leaks, losses and damage involving this information. In addition, there is a framework in place for quickly and properly responding to an incident of this type concerning personal information.
Individuals can contact SAN HOLDINGS concerning opinions or complaints, questions about the personal information protection policy, or other matters involving their personal information. Contact information is provided in writing when information is received, in the SAN HOLDINGS website and in other ways. We have a framework for responding quickly to personal information inquiries.
SAN HOLDINGS is continuously working on the improvement of its personal information protection management system, which is guided by this personal information protection policy, by incorporating advances in IT network technologies, social changes involving the protection of personal information, and the opinions, complaints and other input from individuals who provide this information.
This policy is applicable to all personal information handled by SAN HOLDINGS in addition to information involving the business operations explained in the preceding sections, such as but not limited to information concerning employees and information used for recruiting activities.

Date of establishment: March 1, 2005

Date of most recent revisions: March 3, 2025

SAN HOLDINGS, INC.
President and Representative Director　Satoshi Harishima

Handling of Personal Information

1. Company name

SAN HOLDINGS, INC.

2. Personal Information Protection Manager

General Manager of General Affairs Division

3. Purpose of using personal information

We use the following personal information for the business activities as described below.

(1)Personal information of executives, employees, retirees, etc.:
Recruiting procedures, employment, and personnel management.
(2)Personal information of the persons involved in traffic accidents:
Actions taken in response thereto.
(3)Personal information of the job applicants to SAN HOLDINGS:
Hiring decisions and the notifications thereof.
(4)Personal information of the job applicants to SAN HOLDINGS for employment in its group companies (the “Group Companies”):
Provision to the group companies for hiring decisions and notifications thereof.
(5)Personal information of the persons working at the Group Companies, regardless of direct employment contact:
Execution of contractual obligations in subcontracted activities, which are personnel and labor management, accounting and finance, administrative tasks, purchasing management, IT system management, training operations, and internal audits, to the extent required for fulfillment of such obligations.
(6)Personal information of persons who make inquiries to SAN HOLDINGS:
Actions taken in response thereto.

Notes:

(a)The above does not apply to the personal information held by the Group Companies that was obtained in recruiting activities through employment services companies and the personal information that EXCEL SUPPORT SERVICE obtained directly from the job applicants at employment. For such information, please directly contact the company to which you have applied.
(b)Personal data held by SAN HOLDINGS and the purpose of use thereof fall under (1), (3), (4), and (6).

4. Complaints and other communications involving personal information subject to disclosure and questions about the personal information protection policy

SAN HOLDINGS, INC. General Manager of General Affairs Division

Telephone

Toll-free: 0120-199-628

Monday to Friday 9:00 to 17:00

Closed on weekends and holidays

E-mail

privacy@san-hd.co.jp

Monday to Friday 9:00 to 17:00

Closed on weekends and holidays

Postal mail

4-6-39 Tenzinbashi, Kita-ku, Osaka, 530-0041, Japan

5. Accredited personal information protection organization

JIPDEC

Contact for resolving complaints: Secretariat of the accredited personal information protection organization

Address: Roppongi First Building,1-9-9 Roppongi, Minato-ku, Tokyo, 106-0032, Japan

Telephone: 03-5860-7565 / 0120-700-779

6. Procedure for requesting disclosure or other actions

We respond to requests from an individual concerning his or her own information held by us and subject to disclosure for the notification or disclosure of the purpose of use, revisions, additions or deletions involving the purpose of use, termination of the use or deletion of the individual’s personal information, termination of the provision of the information to third parties, and disclosure of the records on the provision to the third parties (collectively “disclosure procedure”).
To request a disclosure procedure, individuals are asked to use the contact information in the preceding item 4. Complaints and other communications involving personal information subject to disclosure and questions about the personal information protection policy.
SAN HOLDINGS will send by postal mail information concerning disclosure procedure requests concerning personal information subject to disclosure and a form for requesting a procedure. Please complete this form and return the form to SAN HOLDINGS directly or by postal mail.

Notes:: Provided, however, that this does not apply to disclosure procedure requests concerning the personal information provided, when an individual was hired, to the employment services companies which were used by the Group Companies in recruiting activities as well as to EXCEL SUPPORT SERVICE.

7. Measures to ensure the safe management of personal data held by the company

The following is a summary of the main measures we take to ensure the safe management of personal data.

(1) Formulation of a basic policy on the protection of personal information

In order to ensure the proper handling of personal data, we have formulated a basic policy (Personal Information Protection Policy) regarding "compliance with relevant laws, guidelines, etc.", "proper acquisition", "public announcement of the purpose of use and use within the scope of the purpose of use", "prohibition of provision to third parties in principle", "contact for questions and complaints", etc.

(2) Development of rules related to the handling of personal data

We have established internal regulations regarding information management, including the handling of personal data, regarding the handling methods, responsible persons and staff, and their duties, etc., for each stage of the acquisition, use, storage, provision, deletion, and disposal of personal data.

(3) Organizational safety management measures

In addition to appointing individuals responsible for the handling of personal data, we have clarified the scope of personal data handled by employees and the employees who handle such data, and have established a reporting and communication system to be used in the event of a leak or other incident, or in the event that there is a violation or indication of a violation of related laws or internal regulations.
In addition to performing regular self-inspections to ensure the proper handling of personal data, we also conduct audits by other departments.

(4) Human safety management measures

We carry out regular training for all employees to ensure compliance with relevant laws and internal regulations regarding the proper handling of personal data.
Upon joining the company, employees are required to sign a confidentiality agreement regarding the protection of personal data.
Matters relating to the confidentiality of personal data and reasons for disciplinary action in the event of a breach are stipulated in internal regulations such as the employment regulations.

(5) Physical safety management measures

Measures are in place to prevent unauthorized access to personal data in areas where personal data is handled, as well as to manage employee access to and from these areas.
In addition to taking measures to prevent the theft or loss of devices, electronic media, and documents that handle personal data, we also take measures to prevent personal data from being easily identified when carrying such devices, electronic media, etc., including when moving within the office.

(6) Technical safety management measures

We implement appropriate access controls, including limiting the scope of employees who handle personal data and the personal data databases they handle.
We have introduced a system to protect information systems that handle personal data from unauthorized access or unauthorized software outside the company, and we are implementing appropriate operations.
We have taken measures to prevent incidents such as the leakage of personal data when using information systems, and we are implementing appropriate operations.

The personal information protection policy is disseminated to all those within the organization who handle personal information at our company through means such as internal company notices, meetings on personal information protection, and training courses, and is disclosed in the company brochure and on the company website so that interested parties can easily access it whenever necessary.

Company summary

Corporate Philosophy

About San Holdings

List of officials

Organization chart

History

Group company

Key themes for the
SAN HOLDINGS Group

Shareholder and Investor Information

Top Message

Management Policy

Corporate Governance

Group Introduction

Documents & Events

Financial Information

Stock-related
information

Calendar

Market Trends

Sustainability

Top Message

Policy / Framework

Corporate Governance

Compliance

Risk management

Environment

Social responsibility

Human resource management/Working styles/Diversity-Equity-Inclusion