HANDLING OF PERSONAL INFORMATION

1. Personal Information Acquisition

We clearly present use purposes to customers and employees and obtain personal information by a legitimate fair means within the scope necessary for achieving the use purposes to which customers and employees consented. Note that personal information is defined as information that can identify a specific individual and personal data is defined as personal information that makes up personal databases, etc.

<Business operator>
Warehouse TERRADA

<Name of business operator representative>
President & CEO, Kohei Terada

<Company address>
2-6-10 Higashi-Shinagawa, Shinagawa-ku, Tokyo

<Name or title, department, and contact of personal information manager>
Chief Privacy Officer: Yoshiaki Kimura
Address: 2-6-10 Higashi-Shinagawa, Shinagawa-ku, Tokyo 140-0002
Tel: +81(0)3 5479 1608 / Email: privacy_policy@terrada.co.jp

<Use purposes of personal information> (As of September 2022)

1. Conclusion and fulfillment of contracts between customers and us
2. Communication for business talks or meetings with customers
3. Running events
4. Notice of services, products, etc. of us, associated companies, or our alliance partners (e.g., sending direct-mails, advertising mails or other printed materials, or making phone calls )
5. Gathering statistical data for marketing, sales promotion, and product planning (the data do not allow personal identification)
6. Running campaigns, prize offers, and surveys
7. Development, analysis, and research of our services
8. Proposal, offering, and conclusion of contracts in our businesses and operations (real estate business, preserving/safekeeping business and related business)
9. Communication in our businesses and operations (real estate business, preserving/safekeeping business and related business)
10. Emergency contact
11. Affairs related to recruitment, employment, labor, human resource management, and official procedures
12. Others incidental or related to the above

(The items above are our personal information use purposes that must be disclosed)

As for the scope of use of personal numbers, we limit it to specific affairs related to social security, taxes, and disaster countermeasures.
The specific affairs are entering the personal numbers of employees etc. in documents such as certifications of income and local tax withheld from regular pay, payment records, and notices of acquisition of the health insurance/welfare pension insurance qualification according to laws to submit them to administrative agencies etc. and health insurance unions etc.
However, this shall not apply to the following cases:

1. When a financial institution pays money at a serious disaster etc.
2. When it is necessary for protection of a human life, body, or property and an individual concerned provides consent or it is difficult to obtain the consent

<Phone recording>
Please note that we may record phone conversations in order to correctly know customers’ opinions, requests, etc.
The recorded conversations are deleted immediately when the use purposes are met.

<Video recording by monitoring cameras>
Please note that we may use monitoring cameras for video recording in our facilities to ensure customers’ safety and crime-prevention.
The recorded information is stored for a set period and then deleted immediately.

<Acquisition of biometric data (face, eyes, fingerprints, veins, etc.)>
Biometric authentication systems (including facial, fingerprint and vein recognition systems) are in place for entry and access to buildings and rooms at our facilities to ensure customers’ safety and crime-prevention. Please note that we may require you to register your biometric authentication data before entering a building or room. Your registered biometric authentication data is deleted immediately when the use purposes are met. At WHAT MUSEUM, it is deleted immediately on the day of your booking once we have confirmed that you have exited the premises. We do not provide any biometric authentication data to third parties.

2. Use of Personal Information

We use personal information within the scope necessary for achieving the specified use purposes. When we use personal information beyond this scope, we provide necessary information to an individual concerned to use his/her personal information within the scope necessary for achieving the use purposes to which the individual concerned consented.
However, this shall not apply to the following cases:

a) When announcing or notifying an individual concerned of use purposes is likely to harm the life, body, property, or other rights or interests of the individual concerned or a third party;
b) When announcing or notifying an individual concerned of use purposes is likely to harm our rights or legitimate interests;
c) When it is necessary to offer cooperation to the implementation of legally-defined affairs by national authorities, local governments, or those who receive a commission therefrom, and obtaining consent from an individual concerned may bring about an obstacle to the implementation of the said legally-defined affairs; and
d) When use purposes are found to be clear in light of the circumstances of the acquisition.

Use of individual numbers  is limited to specific affairs related to social security, taxes, and disaster countermeasures. We do not use individual numbers beyond the scope necessary for achieving the use purposes.

By utilizing technologies including Cookie and JavaScript, we may acquire and use attribute information which cannot identify individuals such as age, sex, occupation, and residential area (limited to information which cannot identify individuals even with the combination thereof) from among information provided by customers, terminal information, user action history within the website of the service (accessed URLs, contents and order of references, etc.), and location information based on users’ consent and application when using smartphones, etc.

When users desire to disable technologies including Cookie and JavaScript, such users can disable Cookie and JavaScript, etc. by changing the setting of a terminal. However, if Cookie or JavaScript, etc. is disabled, users may not be able to use some functions of the service.

3. Accessing and contacting to Individualsn

We utilize technologies including Cookie and JavaScript to acquire personally referable information, which is defined as information concerning a living individual that does not fall under the definitions of “personal information,” “pseudonymously processed information,” or “anonymously processed information.” We may acquire and use attribute information which cannot identify individuals such as age, sex, occupation, and residential area (limited to information which cannot identify individuals even with the combination thereof) from among information provided by customers, terminal information, user action history within the website of the service (accessed URLs, contents and order of references, etc.), and information based on users’ consent and application when using smartphones, etc. However, this information does include any personal information.
When users desire to disable technologies including Cookie and JavaScript, such users can disable Cookie and JavaScript, etc. by changing the setting of a terminal. However, if Cookie or JavaScript, etc. is disabled, please note that users may not be able to use some functions of the service.

4. Accessing and contacting to Individuals concerned

We access to individuals concerned legally and properly within the scope necessary for achieving the use purposes to which customers and employees consented.
However, this shall not apply to the following cases:

a) When we are commissioned to handle personal information entirely or partially, and we handle the personal information within the scope necessary for achieving use purposes
b) When use purposes are clear from an obtaining situation, and we use personal information obtained without clearly presenting, notifying, or publicizing the use purposes etc. to an individual concerned
c) Cases as prescribed by law
(* Regarding the Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedures, these are limited to cases where the specific personal information of employees etc. is provided to administrative agencies etc. and health insurance unions etc. for specific affairs related to social security, taxes, and disaster countermeasures.)
d) When it is necessary for protection of a human life, body, or property, and it is difficult to obtain consent from an individual concerned
e) When it is particularly necessary for hygienic improvement or healthy development of children, and it is difficult to obtain consent from an individual concerned
f) When it is necessary to offer cooperation to the implementation of legally-defined affairs by national authorities, local governments, or those who receive a commission therefrom, and obtaining consent from an individual concerned may bring about an obstacle to the implementation of the legally-defined affairs

5. Provision of Personal Information to Third Party

When we provide personal information to a third party, we beforehand notify an individual concerned of necessary information to obtain his/her consent. We do so within the scope necessary for achieving the specified use purposes.
However, this shall not apply to the following cases:

a) If it is difficult to obtain the consent of an individual concerned, and when we notify the individual concerned of necessary information in advance or take measures equivalent thereto in accordance with the procedures provided for by laws and regulations, etc.
b) With regard to information concerning the officers and shareholders of organizations including corporations contained in information pertaining to the said organizations including corporations, if such information is released or publicly announced by the individual concerned or the said organizations including corporations by themselves, and when we notify the individual concerned of necessary information in advance or make such information readily accessible to the individual concerned; and
c) When we commission a third party to handle personal information entirely or partially within the scope necessary for achieving the specified use purposes
d) If personal information is provided as a result of succession of the business due to reasons including merger, and when the said personal information is handled within the scope of the use purposes before the succession.
e) When shared data is used for individual data, and when certain items are defined by a contract among those who jointly use it
f) Cases as prescribed by law
(* Regarding the Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure, these are limited to cases where the specific personal information of employees etc. is provided to administrative agencies etc. and health insurance unions etc. for specific affairs related to social security, taxes, and disaster countermeasures)

g) When it is necessary for protection of a human life, body, or property, and it is difficult to obtain consent from an individual concerned
h) When it is particularly necessary for hygienic improvement or healthy development of children, and it is difficult to obtain consent from an individual concerned
i) When it is necessary to offer cooperation to the implementation of legally-defined affairs by national authorities, local governments, or those who receive a commission therefrom, and obtaining consent from an individual concerned may bring about an obstacle to the implementation of the legally-defined affairs

6. Commission of Personal Information Handling

We may commission a third party to conduct our businesses/operations entirely or partially for smooth business operation and improvement. In this case, we do this legally and properly within the scope necessary for achieving the specified use purposes, select subcontractors who properly handle personal information, and determine proper management, non-disclosure issues, etc. which are necessary for proper personal information handling to conclude a contract.

7. Voluntary Provision of Personal Information

If we cannot be provided with personal information necessary for achieving the use purposes, we may not be able to properly conduct our businesses and operations, which may hinder the achievement of the use purposes.

8. Dissemination of issues related to personal information subject to disclosure and requests for disclosure etc.

Regarding personal information subject to disclosure over which we have the authority to respond to all of requests from an individual concerned for disclosure, correction, addition or deletion, suspension of use, erasure, and suspension of provision to a third party, we promptly respond to, if any, a request from an individual concerned for notice of use purposes, disclosure, correction, addition or deletion, suspension of use, erasure, or suspension of provision to a third party (hereinafter, referred to as disclosure etc.). We obtain personal information by a legitimate fair means to use it within the scope necessary for achieving the specified use purposes.
This also applies to records provided to third-parties subject to disclosure.
Requests for disclosure of records provided to third parties, etc., shall be treated in accordance with this.

<Counter for complaints related to handling of personal information subject to disclosure>
Warehouse TERRADA Personal Information Complaints Counter
Tel: +81(0)3 5479 1608 / E-mail: privacy_policy@terrada.co.jp
Opening hours: Weekdays 9:00 AM-5:00 PM
Closed on Saturdays, Sundays, public holidays, and New Year holidays
* We also receive complaints and inquiries related to our personal information protection at this counter.
Contact the counter via email or phone. We then let you know procedure details. Please note that we cannot accept your request when you visit us.

<Procedure for requesting disclosure etc. of personal information subject to disclosure>

1. You can request disclosure etc. of personal information subject to disclosure from the “Counter for complaints related to handling personal information subject to disclosure.”
2. We ask your identity verification for prevention of data leakage and charge a fee (800 yen (tax included) per request) according to Section 30 of the Personal Information Protection Law.
3. Although we try to promptly carry out the request procedure, we may not be able to accept your request due to law etc. In this case, we let you know the reason.
4. For procedure details, contact “Warehouse TERRADA Personal Information Complaints Counter.” We send you a designated form (Request for disclosure etc. of personal information).

<Documents necessary for identity verification>
We check any of the following documents to confirm the identity of a person requesting for disclosure etc.
A copy of any one of the documents: a driver’s license, health insurance card, passport, company ID card etc., residence certificate, seal registration certificate, and alien registration certificate which contains a name and address of a person requesting for disclosure etc. noted in the “Request for disclosure etc. of personal information.”
Note 1. Black out your legal domicile and individual number before sending us the copy.
Note 2. We return the copy to you along with a “Reply to request for disclosure etc. of personal information subject to disclosure.”

<Requests by a proxy for disclosure etc.>
If your proxy requests for disclosure etc., contact “Warehouse TERRADA Personal Information Complaints Counter.”

<Use purposes for personal information obtained at request for disclosure etc.>
Personal information obtained at your request for disclosure etc. shall be handled only within the scope necessary for the request for disclosure etc. Although we return your identity verification document to you, we properly manage other documents, and after replying to the request for disclosure etc., we dispose of them.

9．Security control measures

Our security control measures are conducted in accordance with our Information Security Management System (ISMS), which includes the establishment of internal regulations related to organizational, personal, physical and technical factors, the establishment of organizational systems, conducting regular inspections and audits, training employees, implementing measures to prevent unauthorized access, etc., and maintaining an understanding of the external environment.
Our establishment of internal regulations and organizational systems, conducting of regular inspections and audits, training of employees, measures to prevent unauthorized access, etc., and maintaining an understanding of the external environment are based on the Information Security Management Systems Requirements (JIS Q 27001:2014, ISO/IEC 27001:2013), including organizational, personal, physical and technical measures.

Inquiries

*Please check the following points prior to contacting us.
Warehouse TERRADA (hereinafter, referred to as “we” or “us”) handles the personal information of customers and employees in a lawful and appropriate manner in accordance with our Privacy Policy.

1. Use purposes of personal information
We handle personal information of customers and employees related to inquiries in a lawful and appropriate manner within the scope necessary to achieve the use purposes to which customers and employees have agreed, or when otherwise required by law.
1) To respond to or contact you regarding an inquiry

2. Procedure for inquiries and requests regarding personal information
Please contact the following complaints and consultation counter for inquiries regarding the handling of personal information by us, or to request a notice or disclosure of use purposes, correction, addition, deletion or suspension of use of personal information held by us.
When customers and employees provide us with personal information, they do so at their own volition and with their consent to the above information. We may be unable to perform business operations if said consent is not provided.