HANDLING OF PERSONAL INFORMATION

1. Personal Information Acquisition

We clearly present use purposes to customers and employees and obtain personal information by a legitimate fair means within the scope necessary for achieving the use purposes to which customers and employees consented. Note that personal information is defined as information that can identify a specific individual and personal data is defined as personal information that makes up personal databases, etc.

<Business operator>
Warehouse TERRADA

<Name of business operator representative>
President & CEO, Kohei Terada

<Company address>
2-6-10 Higashi-Shinagawa, Shinagawa-ku, Tokyo

<Name or title, department, and contact of personal information manager>
Chief Privacy Officer: Yoshiaki Kimura
Address: 2-6-10 Higashi-Shinagawa, Shinagawa-ku, Tokyo 140-0002
Email: privacy_policy@terrada.co.jp

*The above is a dedicated contact for inquiries regarding our handling of personal information.
Please note that we may not be able to reply to any inquiries other than those related to our handling of personal information.
For inquiries related to our services, please contact us at the following address.
https://www.terrada.co.jp/en/contact/

<Use purposes of personal information> (As of September 2022)

a) Conclusion and fulfillment of contracts between customers and us
b) Communication for business talks or meetings with customers
c) Running events
d) Notice of services, products, etc. of us, associated companies, or our alliance partners (e.g., sending direct-mails, advertising mails or other printed materials, or making phone calls )
e) Gathering statistical data for marketing, sales promotion, and product planning (the data do not allow personal identification)
f) Running campaigns, prize offers, and surveys
g) Development, analysis, and research of our services
h) Proposal, offering, and conclusion of contracts in our businesses and operations (real estate business, preserving/safekeeping business and related business)
i) Communication in our businesses and operations (real estate business, preserving/safekeeping business and related business)
j) Emergency contact
k) Affairs related to recruitment, employment, labor, human resource management, and official procedures
l) Others incidental or related to the above

(The items above are our personal information use purposes that must be disclosed)

As for the scope of use of personal numbers, we limit it to specific affairs related to social security, taxes, and disaster countermeasures.
The specific affairs are entering the personal numbers of employees etc. in documents such as certifications of income and local tax withheld from regular pay, payment records, and notices of acquisition of the health insurance/welfare pension insurance qualification according to laws to submit them to administrative agencies etc. and health insurance unions etc.
However, this shall not apply to the following cases:

a) When a financial institution pays money at a serious disaster etc.
b) When it is necessary for protection of a human life, body, or property and an individual concerned provides consent or it is difficult to obtain the consent

<Phone recording>
Please note that we may record phone conversations in order to correctly know customers’ opinions, requests, etc.
The recorded conversations are deleted immediately when the use purposes are met.

<Video recording by monitoring cameras>
Please note that we may use monitoring cameras for video recording in our facilities to ensure customers’ safety and crime-prevention.
The recorded information is stored for a set period and then deleted immediately.

<Acquisition of biometric data (face, eyes, fingerprints, veins, etc.)>
Biometric authentication systems (including facial, fingerprint and vein recognition systems) are in place for entry and access to buildings and rooms at our facilities to ensure customers’ safety and crime-prevention. Please note that we may require you to register your biometric authentication data before entering a building or room. Your registered biometric authentication data is deleted immediately when the use purposes are met. At WHAT MUSEUM, it is deleted immediately on the day of your booking once we have confirmed that you have exited the premises. We do not provide any biometric authentication data to third parties.

2. Use of Personal Information

We use personal information within the scope necessary for achieving the specified use purposes. When we use personal information beyond this scope, we provide necessary information to an individual concerned to use his/her personal information within the scope necessary for achieving the use purposes to which the individual concerned consented.
However, this shall not apply to the following cases:

a) When announcing or notifying an individual concerned of use purposes is likely to harm the life, body, property, or other rights or interests of the individual concerned or a third party;
b) When announcing or notifying an individual concerned of use purposes is likely to harm our rights or legitimate interests;
c) When it is necessary to offer cooperation to the implementation of legally-defined affairs by national authorities, local governments, or those who receive a commission therefrom, and obtaining consent from an individual concerned may bring about an obstacle to the implementation of the said legally-defined affairs; and
d) When use purposes are found to be clear in light of the circumstances of the acquisition.

Use of individual numbers  is limited to specific affairs related to social security, taxes, and disaster countermeasures. We do not use individual numbers beyond the scope necessary for achieving the use purposes.

3. Acquisition and Use of Personally Referable Information

We utilize technologies including Cookie and JavaScript to acquire personally referable information, which is defined as information concerning a living individual that does not fall under the definitions of “personal information,” “pseudonymously processed information,” or “anonymously processed information.” We may acquire and use attribute information which cannot identify individuals such as age, sex, occupation, and residential area (limited to information which cannot identify individuals even with the combination thereof) from among information provided by customers, terminal information, user action history within the website of the service (accessed URLs, contents and order of references, etc.), and information based on users’ consent and application when using smartphones, etc. However, this information does include any personal information.
When users desire to disable technologies including Cookie and JavaScript, such users can disable Cookie and JavaScript, etc. by changing the setting of a terminal. However, if Cookie or JavaScript, etc. is disabled, please note that users may not be able to use some functions of the service.

4. Accessing and contacting to Individuals concerned

We access to individuals concerned legally and properly within the scope necessary for achieving the use purposes to which customers and employees consented.
However, this shall not apply to the following cases:

a) When we are commissioned to handle personal information entirely or partially, and we handle the personal information within the scope necessary for achieving use purposes
b) When it is recognized that use purposes of the personal information acquired are clear from the situation in which it is obtained, it is used without clearly presenting, notifying, or publicizing the use purposes, etc. to access or contact the individual concerned.
c) Cases as prescribed by law
(* Regarding the Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedures, these are limited to cases where the specific personal information of employees etc. is provided to administrative agencies etc. and health insurance unions etc. for specific affairs related to social security, taxes, and disaster countermeasures.)
d) When it is necessary for protection of a human life, body, or property, and it is difficult to obtain consent from an individual concerned
e) When it is particularly necessary for hygienic improvement or healthy development of children, and it is difficult to obtain consent from an individual concerned
f) When it is necessary to offer cooperation to the implementation of legally-defined affairs by national authorities, local governments, or those who receive a commission therefrom, and obtaining consent from an individual concerned may bring about an obstacle to the implementation of the legally-defined affairs

5. Provision of Personal Information to Third Party

When we provide personal information to a third party, we beforehand notify an individual concerned of necessary information to obtain his/her consent. We do so within the scope necessary for achieving the specified use purposes.
However, this shall not apply to the following cases:

a) If it is difficult to obtain the consent of an individual concerned, and when we notify the individual concerned of necessary information in advance or take measures equivalent thereto in accordance with the procedures provided for by laws and regulations, etc.
b) With regard to information concerning the officers and shareholders of organizations including corporations contained in information pertaining to the said organizations including corporations, if such information is released or publicly announced by the individual concerned or the said organizations including corporations by themselves, and when we notify the individual concerned of necessary information in advance or make such information readily accessible to the individual concerned; and
c) When we commission a third party to handle personal information entirely or partially within the scope necessary for achieving the specified use purposes
d) If personal information is provided as a result of succession of the business due to reasons including merger, and when the said personal information is handled within the scope of the use purposes before the succession.
e) When shared data is used for individual data, and when certain items are defined by a contract among those who jointly use it
f) Cases as prescribed by law
(* Regarding the Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure, these are limited to cases where the specific personal information of employees etc. is provided to administrative agencies etc. and health insurance unions etc. for specific affairs related to social security, taxes, and disaster countermeasures)

g) When it is necessary for protection of a human life, body, or property, and it is difficult to obtain consent from an individual concerned
h) When it is particularly necessary for hygienic improvement or healthy development of children, and it is difficult to obtain consent from an individual concerned
i) When it is necessary to offer cooperation to the implementation of legally-defined affairs by national authorities, local governments, or those who receive a commission therefrom, and obtaining consent from an individual concerned may bring about an obstacle to the implementation of the legally-defined affairs

6. Commission of Personal Information Handling

We may commission a third party to conduct our businesses/operations entirely or partially for smooth business operation and improvement. In this case, we do this legally and properly within the scope necessary for achieving the specified use purposes, select subcontractors who properly handle personal information, and determine proper management, non-disclosure issues, etc. which are necessary for proper personal information handling to conclude a contract.

7. Voluntary Provision of Personal Information

If we cannot be provided with personal information necessary for achieving the use purposes, we may not be able to properly conduct our businesses and operations, which may hinder the achievement of the use purposes.

8. Dissemination of issues related to personal information subject to disclosure and requests for disclosure etc.

Regarding personal information subject to disclosure over which we have the authority to respond to all of requests from an individual concerned for disclosure, correction, addition or deletion, suspension of use, erasure, and suspension of provision to a third party, we promptly respond to, if any, a request from an individual concerned for notice of use purposes, disclosure, correction, addition or deletion, suspension of use, erasure, or suspension of provision to a third party (hereinafter, referred to as disclosure etc.). We obtain personal information by a legitimate fair means to use it within the scope necessary for achieving the specified use purposes.
This also applies to records provided to third-parties subject to disclosure.
Requests for disclosure of records provided to third parties, etc., shall be treated in accordance with this.

<Counter for complaints related to handling of personal information subject to disclosure>
Warehouse TERRADA Personal Information Complaints Counter
E-mail: privacy_policy@terrada.co.jp
Opening hours: Weekdays 9:00 AM-3:00 PM
Closed on Saturdays, Sundays, public holidays, and New Year holidays
* We also receive complaints and inquiries related to our personal information protection at this counter.
Please contact the counter. We then let you know procedure details. Please note that we cannot accept your request when you visit us.

* The above is a dedicated contact for inquiries regarding complaints related to handling of personal information.
Please note that we may not be able to reply to any inquiries other than those related to complaints related to handling of personal information.
For inquiries related to our services, please contact us at the following address.
https://www.terrada.co.jp/en/contact/

<Procedure for requesting disclosure etc. of personal information subject to disclosure>

1. You can request disclosure etc. of personal information subject to disclosure from the “Counter for complaints related to handling personal information subject to disclosure.”
2. We ask your identity verification for prevention of data leakage.
   In response to requests for “a notice of use of personal information” or “a disclosure of personal information,” we charge a fee of 800 yen (tax included) per request by TEIGAKU (fixed-amount) postal money order or postal stamps, in accordance with the provisions of the Personal Information Protection Law (Act on the Protection of Personal Information).
3. Although we try to promptly carry out the request procedure, we may not be able to accept your request due to law etc. In this case, we let you know the reason.
4. For procedure details, contact “Warehouse TERRADA Personal Information Complaints Counter.” We send you a designated form (Request for disclosure etc. of personal information).

<Documents necessary for identity verification>
We check any of the following documents to confirm the identity of a person requesting for disclosure etc.
A copy of any one of the documents: a driver’s license, health insurance card, passport, company ID card etc., residence certificate, seal registration certificate, and alien registration certificate which contains a name and address of a person requesting for disclosure etc. noted in the “Request for disclosure etc. of personal information.”
Note 1. Black out your legal domicile and individual number before sending us the copy.
Note 2. We return the copy to you along with a “Reply to request for disclosure etc. of personal information subject to disclosure.”

<Requests by a proxy for disclosure etc.>
If your proxy requests for disclosure etc., contact “Warehouse TERRADA Personal Information Complaints Counter.”

<Use purposes for personal information obtained at request for disclosure etc.>
Personal information obtained at your request for disclosure etc. shall be handled only within the scope necessary for the request for disclosure etc. Although we return your identity verification document to you, we properly manage other documents, and after replying to the request for disclosure etc., we dispose of them.

9．Security control measures

Our security control measures are conducted in accordance with our Information Security Management System (ISMS), which includes the establishment of internal regulations related to organizational, personal, physical and technical factors, the establishment of organizational systems, conducting regular inspections and audits, training employees, implementing measures to prevent unauthorized access, etc., and maintaining an understanding of the external environment.
Regarding our security control measures for personal data, which includes information we have acquired or are about to acquire, as well as data intended for handling as personal data, the establishment of internal regulations and organizational systems, conducting of regular inspections and audits, training of employees, measures to prevent unauthorized access, etc., and maintaining an understanding of the external environment are based on the Information Security Management Systems Requirements (JIS Q 27001:2014, ISO/IEC 27001:2013), including organizational, personal, physical and technical measures.