Data Security Measures

1. Formulation of Basic Policy

To ensure the proper handling of personal data, our company has formulated a basic policy regarding "compliance with relevant laws and guidelines," "inquiries and complaint handling," and other related matters.

2. Establishment of Rules for Handling Personal Data

Our company has formulated information management regulations in accordance with the "Guidelines for Personal Information Protection in the Financial Sector" established by the Personal Information Protection Commission and the Financial Services Agency, as well as the rules of self-regulatory organizations to which our company belongs as a financial instruments business operator. These regulations cover handling methods, responsible persons, personnel, and their duties for each stage, including acquisition, use, storage, provision, deletion, and disposal.

3. Organizational Security Management Measures

(1) We appoint a person responsible for handling personal data, clarify the scope of personal data handled by employees and the employees who handle it, and establish a reporting and communication system to the responsible person in the event of detecting facts or signs of violations of laws or handling regulations.
(2) We conduct regular self-inspections of personal data handling status and also carry out audits by the auditing department or, when necessary, by external parties.

4. Personnel Security Management Measures

(1) We provide regular training to employees on precautions regarding the handling of personal data.
(2) We stipulate confidentiality matters regarding personal data in our information management regulations, require employees to submit confidentiality agreements to ensure the confidentiality of personal information and prevent its use outside of work, and also define and enforce legal compliance obligations in our employment regulations. 

5. Physical Security Management Measures

(1) In areas where personal data is handled, we manage employee entry and exit, restrict equipment brought in, and implement measures to prevent unauthorized individuals from viewing personal data.
(2) We take measures to prevent the theft or loss of devices, electronic media, documents, etc., that handle personal data. When transporting such devices, electronic media, etc., including within the office, we implement measures to ensure that personal data cannot be easily identified.

6. Technical Security Management Measures

(1) We implement access controls to limit the scope of personnel and the personal information databases they handle.
(2) We have introduced mechanisms to protect information systems that handle personal data from unauthorized external access or malicious software.

7. Assessment of External Environment

In accordance with economic security principles, our company does not store customers' personal information outside of Japan. Should we need to store customers' personal information outside of Japan in the future, after understanding the personal information protection systems in that country, we will implement security measures equivalent to those described in the "Practical Guidelines for Security Management Measures, etc., under the Guidelines for Personal Information Protection in the Financial Sector," and will publicly announce this or notify the individuals concerned.