1. “Code of Conduct for Protecting Personal Information”

AI inside Inc. (hereinafter the “Company”) shall strive to thoroughly comply with the Act on the Protection of Personal Information (Act No. 57 of May 30, 2003), the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures (Act No. 27 of May 31, 2013), etc. and endeavor to implement measures listed in the following items to protect personal information in accordance with guidelines of the Personal Information Protection Committee, other related guidelines and documents published by administrative bodies.

1. Strengthening employee education

The Company shall prepare learning materials on protection of personal information, distribute them to all of its regular employees and temporary employees, and implement training at least once a year for all of its regular employees and temporary employees who handle personal information.

2. Developing internal regulations concerning protection of personal information

The Company shall develop internal regulations concerning protection of personal information, present a clear policy for handling personal information, and ensure that the Company’s strict stance on personal information leaks, etc. is disseminated in-house.

3. Assigning a Personal information Protection Manager and strengthening the manager’s function

The Company shall establish the post of Personal Information Protection Manager, assign the Information Security Administration Manager to the post, and develop a system where the role of the manager is clarified, for the purpose of supervising compliance with laws, regulations and guidelines, formulation of internal regulations, development of an audit system and other handling of personal information.

4. Implementing appropriate information security measures

To prevent leakage, loss and corruption of personal information and otherwise manage the safety of personal information, the Company shall take necessary and appropriate measures, such as managing access to personal information, putting restrictions on taking out personal information, and preventing unauthorized access by outside parties.

5. Contracting out operations

1. The Company may contract out all or a part of operations for handling personal information, with respect to sales of various services, etc., responses to inquiries, equipment maintenance, fee-related operations, marketing and other operations.
2. When entering into a service contract, the Company shall conduct a full review of whether the counterparty is qualified as a contractor. In a service contract, the Company will set forth safety management measures, maintenance of confidentiality, subcontracting conditions and other matters related to appropriate handling of personal information, and properly supervise its contractors by implementing measures, such as periodically monitoring the status of how outsourced work is conducted.
3. When we undertake work from a company, if the company provides (entrusts) personal information to us, we will use such personal information to the extent necessary to achieve the purpose of the contract with the company.

6. Developing and improving an audit system

The Company will develop a system that enables it to internally audit whether personal information is protected properly.
In addition, audits using access logs are considered effective for early detecting those who leak personal information and preventing leaks through suppression effect of such early detection. Therefore, the Company will consider how to implement such audits.

7. Appropriate collection, use, provision, publication, etc. of personal information

When collecting personal information, the Company shall clarify the purpose of use of the information and employ fair and legitimate means, such as application forms and other documents, screens of websites, etc. and oral communication. In addition, the Company shall appropriately take actions such as using, providing and publicizing personal information, taking into account the nature and size of business, and implement measures to prevent use of acquired personal information for other than the intended purpose.

8. Responses to inquiries

With respect to personal information related to a person and handled by the Company, if the Company receives a complaint, request for consultation, or inquiry from that person about disclosure, correction, stoppage of use or other matters, the Company shall make an appropriate response.

9. Continuous improvement of activities to protect personal information

The Company shall review and improve activities in 1. to 8. above related to protection of personal information on a continual basis.

10. Revision

The Company may revise the whole or a part of the Code of Conduct for Protecting Personal Information. If a material change is made to it, we will inform you on our website or via any other channel in a recognizable manner.

Scope of the Code of Conduct for Protecting Personal Information

The terms “personal information,” “personal data” and “retained personal data” used in the Code of Conduct for Protecting Personal Information have the meanings defined in the Act on the Protection of Personal Information, regardless of whether such information or data relates to our customers, employees of companies we transact with, or our employees.
Unless otherwise stated in each section, the Code of Conduct for Protecting Personal Information shall apply to all personal information acquired by the Company and all personal data managed by the Company.

Established August 3, 2015
Revised December 26, 2017
Revised April 1, 2022
AI inside Inc.
Taku Toguchi, Representative Director, President & CEO, (Concurrently) CPO

< Consultation desk related to protection of personal information>
Consultation desk for personal information
Personal Information Protection Manager
Tel: 03-5468-5041

2. Handling of Personal Information

1. Purposes of use of personal information (including retained personal data)

AI inside Inc. (hereinafter the “Company”) shall use personal information for the following purposes.

1. Personal information of companies we transact with and users of our services *
   To exercise rights and perform obligations in accordance with contracts with companies we transact with
   To provide services to users
   To Provide guidance and support on our products and services
   To analyze the browsing history of the screens of our services and use it to improve UIs, support quality, and other services
2. Personal information of our shareholders
   To exercise rights and perform obligations in accordance with the Companies Act and the Commercial Code
   For the Company to provide various benefits
   To implement various measures to facilitate a good relationship between shareholders and the Company
   To manage shareholders, for example by preparing data of shareholders based on specified criteria in accordance with laws and regulations
3. Personal information of those who wish to join the Company (including those who would like information on jobs in the Company)
   To provide information on job offers, recruitment and other matters to them and be in contact with them
   To conduct recruiting and screening activities
4. Personal information of those who make an inquiry to the Company *
   To accurately understand the details of an inquiry and information provided and make an appropriate response
   To improve customer service, etc. of the Company
   To provide information and support regarding events, our products and services that may be of interest to you
5. Personal information of those who apply or participate in events, projects, webinars, etc. held by the Company *
   To manage such events (including conducting questionnaires, etc.)
   To provide information and support regarding events, our products and services that may be of interest to you
6. Personal information handled in work which is entrusted to us by companies we transact with
   To conduct the work entrusted to us
7. Personal information provided for the purpose of research and development of artificial intelligence
   To conduct activities for research and development of artificial intelligence

*…Our partners may contact you in order to fulfill the purpose of use, such as to respond to your inquiry promptly and appropriately or to provide you with information. In addition, we may acquire behavioral history by monitoring the clicks of the URLs in e-mails or by acquiring opening history through a similar mechanism in image data.

Note that if we use relevant personal information for other than the above purposes, we will, in each case, clarify the purpose of use and obtain prior approval from the individual concerned. However, the following cases are excluded:-

1. Cases in which there is a possibility that informing the individual concerned of, or disclosing to the public, the purpose of use would harm the individual or third party’s life, body, fortune or other rights and interests
2. Cases in which there is a possibility that informing the individual concerned of, or disclosing to the public, the purpose of use would harm the rights or legitimate interests of the Company
3. Cases in which there is a need to cooperate with a central government organization or a local government performing affairs prescribed by laws and regulations, and when there is a possibility that informing the individual concerned of, or disclosing to the public, the purpose of use would interfere with the performance of the said affairs
4. Cases in which it can be recognized, judging from the acquisitional circumstances, that a purpose of use is clear

2. Provision of personal information to third parties

Except in any of the following cases, we will not disclose personal information we handle to any third party.

1. When the individual concerned gives approval
2. When the whole or a part of operations for handling personal information are outsourced to an external contractor with which the Company has concluded a non-disclosure agreement beforehand, to the extent necessary to achieve the purpose of use of the personal information
3. When disclosure is required by a court or public authorization in accordance with laws and regulations, etc.
4. When personal information is disclosed to protect rights and assets of the Company
5. When we are permitted by law to disclose personal information

3. Consultation desk for inquiries about personal information and contact point for complaints

If you have an inquiry or complaint about the Company’s handling of personal information, please contact:

Personal Information Consultation Desk, AI inside Inc.
Address: Shibuya Daiichi Seimei Building 4F, 3-8-12 Shibuya, Shibuya-ku, Tokyo 150-0002, Japan
Tel: 03-5468-5041
(Service hours: 9 a.m. to 5 p.m.; excluding Saturdays, Sundays, public holidays, the Year End and New Year holidays, and non-business days of the Company)

4. Contact information of a personal information protection-related accreditation organization to which the Company belongs

JIPDEC
Contact point for complaints, consultation and information provision with regard to protection of personal information by business operators granted a Privacy Mark
Tel: 0120-116-213/0120-700-779
(Consumer consultation service hours: 9:30 to 12:00, 13:00 to 16:30)

5. Measures taken for the safe management of retained personal data

We take necessary and appropriate measures (including supervision of employees and contractors) to prevent leakage, loss, or damage of retained personal data that we handle and to safely manage personal data. Please contact the “Personal Information Consultation Desk” above for specific details of said measures.

6. Disclosure, correction, stoppage of use, etc. of retained personal data

The individual concerned may request notification of purpose of use, disclosure, correction, addition or deletion, or stoppage of use, erasure or stoppage of provision to a third party with respect to retained personal data we handle. Please contact the “Personal Information Consultation Desk” above for specific request procedures.

7．About cookies

Cookies are pieces of information stored on your browser when you access websites.

The Company or the services we use may use cookies to obtain statistical information about access to our website and related websites and to measure the effectiveness of advertising. They may also be used to track website traffic and display the appropriate advertisements. You will not be identified and remain anonymous unless you enter your personal information. If you do not wish for cookies to be utilized, you can select in your browser settings to reject them. Please be mindful that if you do so, you may experience some inconveniences, such as being unable to use some of our services.

8. Services used

We may use access analysis services or advertisement distributors for the purposes below.

1. Analysis of website visitors
   To provide better services and experiences for our users by analyzing the visitors to our websites
2. Advertisement distribution
   To deliver advertisements that meet our users’ interests

Information acquired through cookies shall be handled in accordance with the privacy policies for each service.
Please see the below link for the privacy policies and how to opt out of information utilization.
The following are the services we mainly use.

1. Analysis of website visitors
   • Google Analytics
     
     Google Privacy Policy, Opt out
   • Hubspot
     
     Hubspot Privacy Policy, HubSpot Cookie Policy
   • Microsoft Clarity
     
     Privacy Policy, Opt out
2. Advertisement distribution
   • Google Ads
     
     Privacy Policy, Opt out
   • Yahoo! JAPAN Ads
     
     Privacy Policy, Opt out
   • Facebook ads
     
     Privacy Policy, Opt out

9．Personal Information Protection Manager

Personal Information Protection Manager, AI inside Inc.