1.Perspectives on personal information

Tokyu Agency Inc. (hereinafter referred to as “we” or “the Company”), recognizing the significance of information for communication activities, promotes initiatives to ensure information security – to protect and leverage the valuable information assets of the Company, including information provided by advertisers, other business partners and consumers - as one of its important corporate activities,
Particularly aware of the importance of properly managing personal information, we comply with the Personal Information Protection Law and its guidelines according to the Company’s Privacy Policy presented below. We ensure that personnel throughout the Company handle all personal information related to our corporate activities in accordance with this Privacy Policy.

2.Information for protection

The information we treat as personal information is as follows:

• （1）Personally identifiable information we are provided by our business partners, including advertisers, media companies and subcontractors, to carry out the operations with which they entrust us (e.g., information on campaign applicants or survey respondents)
• （2）Personally identifiable information we collect from consumers, directly or indirectly, when conducting surveys or research
• （3）Personally identifiable information we collect, directly or indirectly, from job applicants, the Company’s employees or employees of our affiliated companies, for employment or labor management purposes
• （4）Personally identifiable information of people who make inquiries of us
• （5）Personally identifiable information we collect for implementing other business activities

Note: Our definition of “personally identifiable information” shall conform with laws and regulations.

3. Policy on protection of personal information

（1）Collection and usage

We never use fraudulent or devious methods when collecting personal information, directly or indirectly. We clarify the legitimate purposes of its use and convey them to the person providing the information. Our use is limited to the scope of the purposes conveyed in advance to the person providing the information. Should a reason arise for the usage to extend beyond the scope of the originally stated purpose, we shall obtain the consent of the person providing the information.

（2）Personal information provided by our partners

Personal information we receive from partners such as advertisers, media companies or subcontractors for purposes of performing operations with which they entrust us shall be used only to the extent necessary to fulfill the terms of the consigned contract. As concerns matters such as the extent of our responsibility to the people providing the information, the management of their personal information and the appropriate answers to their questions, we shall check carefully with the partners entrusting us with the operation to ensure proper handling of the information according to the partners’ instructions.

（3）Entrustment of personal information

When we entrust personal information that we have collected or received to a subcontractor, we shall select the subcontractor after confirming that its security measures satisfy our requirements by reference to such information as the subcontractor’s acquisition of external certification. We shall conclude an agreement obliging the subcontractor to take security management measures and implement proper supervision over the operations.

（4）Provision of personal information to third parties

Except when stipulated by laws and regulations, we shall not provide or disclose personal information to any third party without the consent of the person concerned.

（5）Shared use

There are occasions, such as seminars held jointly with Tokyu Group companies, subcontractors, business partners and others, in which we share personal information. In such cases, we clearly notify and inform the persons responsible in advance of the purpose of use, the scope of the persons sharing the information, the items of personal information to be shared and the personal information management to be implemented, while thoroughly managing safety among those sharing the information.

（6）Anonymous processing information

When creating anonymous processing information as defined by the Act on the Protection of Personal Information, we handle the information appropriately in compliance with the Act on the Protection of Personal Information and other relevant laws and guidelines.

（7）Response to inquiries

In principle, we inform people who provide us with their personal information of our inquiry counter when collecting data directly or indirectly. We advise them to contact the inquiry counter if they wish to confirm, correct, delete, or terminate the use of their personal information. We shall respond to their requests as fully as is reasonable.

（8）Disposal and deletion of personal information

When personal information we have collected or received is no longer necessary, we shall dispose of or delete it in an appropriate manner. If we use a disposal operator, we shall confirm the completion of the disposal.

（9）Security control measures

We shall implement reasonable security control measures to prevent illegal access, loss, falsification and/or leakage of personal information we have collected or received, and thus secure the accuracy of the information.

（10）Compliance with laws, regulations, internal rules and the internal management system

We comply with all laws and regulations as well as with internal rules concerning personal information protection. We have established an organizational system for personal information protection to assure proper personal information management. We also conduct ongoing evaluation and improvement of the internal management system, including the present Privacy Policy, by checking it regularly to ensure that the system is functioning properly.

（11）Education and awareness-raising training for top management personnel and employees

We conduct education and awareness-raising training for top management personnel and employees as part of efforts to achieve full protection of personal information.

（12）Emergency procedures

Should an incident occur with respect to personal information we have collected or received, we shall immediately notify the person(s) who provided the information, as well as our partners, supervisory agencies and other relevant parties, and implement emergency measures to minimize any damage.