Information security and
privacy protection

TRUSCO NAKAYAMA Corporation and its consolidated subsidiaries (hereinafter referred to as "our group") handle the personal information it acquires.
We will pay the utmost attention to the following basic policy regarding the protection of personal information.

1. (1) We will appoint a personal information management manager for the protection of personal information of the Group, and will supervise the handling of personal data throughout the Group under the personal information management manager. In addition, in each department of the Group, a personal information manager who is in charge of personal information protection is appointed to clarify the responsibility, and guidance and education on the handling of personal data are given to employees of the Group in their own department. At the same time, we will build an organization / system that maintains, manages, and operates the protection of personal information.
2. (2) We will comply with laws and regulations such as the Law Concerning the Protection of Personal Information (May 30, 2003 Law No. 57) and related guidelines.
3. (3) When handling personal information, we will clearly specify the purpose of use to the extent reasonably possible.
4. (4) We will acquire personal information within the necessary range by an appropriate and fair method.
5. (5) We will endeavor to keep the content of the acquired personal information accurate and up-to-date so that there are no mistakes.
6. (6) When handling personal information, the personal information manager will take necessary and appropriate safety management measures so that leakage, loss or damage will not occur.
7. (7) As a general rule, personal information will not be provided to a third party without the prior consent of the individual. However, this does not apply to statistical data aggregated in a form that cannot be identified by an individual.
8. (8) When outsourcing the handling of personal information to a third party, we will select only the outsourcer who can sufficiently protect the personal information, and conclude a contract regarding the handling of personal information before outsourcing. In addition, we will implement necessary and appropriate supervision of the subcontractors so that appropriate safety management can be achieved at the subcontractors.
9. (9) If there is an inquiry about personal information acquired by the Group or an offer to disclose personal information, we will respond promptly and appropriately in accordance with the procedures established by the Group.

If required by law, we may handle it differently from the above, while respecting the purpose of the law.