Privacy Policy

As a provider of electrical communication and data center services with the belief that as a socially contributing company we should be a role model for handling personal information, and recognizing the importance of appropriate handling of personal information, Marunouchi Direct Access (hereafter "we") has established a privacy policy for board members and employees to ensure protection of personal information and individuals' rights and benefits.

1. In obtaining personal information, we will identify the purpose for using the information as much as possible and obtain the information within the scope of achieving that purpose.

2. Should we obtain personal information in written form directly from the person in question, we will do so only within the scope required, after notifying our company name, the name of the officer who protects and manages the personal information, his/her contact information and the purpose of using the information.

3. We will use personal information within the purpose approved by the person. We will organize and enforce steps to prohibit the information's use outside the specific purpose.

4. We will appropriately manage personal information in our possession and will not disclose or offer the information to a third party without the person's consent.

5. We will manage personal information in our possession accurately and in an up-to-date manner within the scope necessary to meet the purpose of use, and will take reasonable safety measures to prevent and correct any possible divulgence, loss or tampering of such information.

6. In the event that the processing of personal information is outsourced to an external party, we will contractually obligate them not to divulge the information or provide it to any third party, and will appropriately manage them.

7. We will respond to complaints and consultations about the personal information that has come into our possession through our contact representatives answering such inquiries.

8. We will follow the state's law, policy and other rules regarding the treatment of personal information.

6 24, 2022.
MARUNOUCHI DIRECT ACCESS Ltd.
Representative Director Norihiro Yokoyama

Inquiries about our privacy policy

MARUNOUCHI DIRECT ACCESS Ltd.
General Affairs Department
Contact for consultations about personal information
〒100-0005
3-4-1 Marunouchi, Chiyoda-ku, Tokyo
TEL: 03-3214-4881
mail:

The policy went into effect on 5 30,2017.
Date updated 7 24,2017.

Intended Use of Personal Information

Ⅰ.Purpose of using personal information

We will use your personal information within the scope limited to the following purposes.

1. Personal information about customers (including companies to which they outsource work)

   1. For work-related correspondence and the execution of contracts

   2. System registration and individual authentication regarding the use of our facilities

   3. To maintain and manage security by making and checking CCTV camera recordings

   4. To provide information and advertising materials regarding our services

   5. For plans and proposals regarding our services

   6. For surveys and analyses to improve our services and service quality

   7. To make notifications and answer questions or requests about our sales

2. Personal information of employees

   1. For hiring and managing human resources

   2. To pay salaries, calculate expenses and provide medical checkups

   3. To manage our facilities and implement sales activities

   4. For emergency contact and inquiries

   5. To run the organization efficiently and seamlessly

3. Personal information of clients, business partners and companies to which work is outsourced

   1. For work-related correspondence

   2. To execute contracts

   3. For business negotiations and correspondence

   4. To answer inquiries and requests

Ⅱ.Providing personal information to third parties

In principle, we will not provide the personal information we have acquired to third parties. If we need to provide personal information to a third party, we will obtain the person's consent in advance unless otherwise required by law or other justifiable reasons.

• If the person has consented

• When using the information is considered to fall within the scope required to achieve the purpose

• If a public institution requests us to disclose such information by legal orders or other such means

Ⅲ.Cases in which we do not notify the person of the purpose for using his/her personal information

Please note that in the cases below, we may not notify or release the purpose for using personal information to the person concerned.

• When there is a pressing need to use the information to protect someone's life, or protect someone physically or protect someone's assets, and when obtaining the person's consent is difficult

• When we need to cooperate in the effort of a public institution, a municipal organization or their contractor to perform legally required administrative tasks, and when getting the person's consent could get in the way of the above parties performing the task

• When the purpose for using the information is clear judging from the situation in which the information was acquired

• When using the information is mandatory by law

• When using the information is particularly vital for improving public hygiene or for promoting healthy development of children and when obtaining the person's consent is difficult

End

The policy went into effect on 4 1, 2017.

ISMS

Fundamental philosophy

Marunouchi Direct Access (hereafter "we") consider that ensuring information security is vital for our data center service business to offer safe and secure services and win further trust of customers. Recognizing the importance of protecting these information assets from the risks of divulgence, tampering and losses, our board members, employees and everyone else involved in our company will follow this policy and be involved in activities to maintain information security including the confidentiality, completeness and availability of such information assets.

Basic policy

1. To protect information assets, we have established an information policy and conduct our business in accordance with this policy, while at the same time complying with laws, regulations and other norms related to information security as well as the terms agreed upon with our customers on information security.

2. We will set clear criteria for analyzing and evaluating the risk of damage including divulgence, tampering and losses of information assets to establish a structured risk assessment approach and perform a periodical risk assessment. We will also ensure necessary and appropriate security measures according to the results.

3. With security board members at the center, we will establish a security structure and clarify who is authorized and responsible for security management. Recognizing the importance of information security, all our employees will be regularly educated, trained and notified of appropriate handling of information assets.

4. We will regularly inspect and audit our level of compliance with our security policies and rules for handling information assets. We will immediately ensure measures to correct insufficiencies or areas of improvement as needed.

5. We will organize appropriate measures to respond to information security events and incidents. We will establish steps in advance to respond to such events and incidents to minimize damage and respond to such events and incidents immediately if they ever occur, ensuring appropriate measures to correct them. For incidents that may interrupt operations, we will establish a framework to manage such incidents and regularly respond to and perform recovery tests for and review such incidents to ensure our continued operation.

6. We will establish, follow, continuously evaluate and improve an information security management system, setting targets to achieve our fundamental philosophy.

6 24,2022.
MARUNOUCHI DIRECT ACCESS Ltd.
Representative Director Norihiro Yokoyama

Certifications ISO27001（ISMS）

Basic policy

In July 2017, Marunouchi Direct Access received Information Security Management System (ISMS)'s international certification ISO/IEC 27001:2013 JIS Q 27001:2014, having cleared their certification audits.

IS 669745 / ISO 27001