NH Foods Ltd. (the “Company”, “we”, “our”), recognizes the importance of personal information, strives to ensure the acquisition, appropriate use and management of personal information while complying with laws and regulations, and aims to be a company that can live up to the trust of customers and its social mission.

1. Basic Policy

• The Company, in relation to the protection of personal information, complies with the “Act on the Protection of Personal Information” and other related laws and regulations, and also based on various guidelines provided by the Personal Information Protection Commission and other generally accepted customary practice regarding handling of personal information, we strive to properly acquire, use and otherwise handle the personal information.
• The Company will maintain internal rules concerning the handling of personal information and keep all employees including officers and employees informed. In addition, we will take responsibility for management of contractors to which the Company entrusts handling of personal information and will request such contractors to handle personal information appropriately.
• Regarding the safety management of personal information, the Company will appoint a chief administrator and seek to establish an organizational structure for the safety management measures, educate employees, manage areas handling personal information and manage safety regarding information media and information systems which manage personal data.
• With respect to any submissions of inquiries or complaints, etc. raised from individuals identified from the personal information (“Principals”), any requests for notifying purpose of use of retained personal data, any requests for disclosure, correction, addition, removal, suspension of use or deletion regarding the retained personal data, any requests for disclosure of records provided to third parties, or any requests for suspension of provisions of retained personal data to third parties, the Company will respond in good faith according to laws and regulations upon receiving such submissions or requests through the prescribed contact point.

2. Purposes of Use etc.

• The Company will acquire personal information necessary for the execution of our businesses and use it for the purposes below. We will not use personal information for purposes other than the purposes below without prior consent of the Principal, except where permitted by laws and regulations.

  Please see here for the purposes of use of personal information.

• The Company may share personal data of a Principal.

  Please see here for the sharing personal data.

3. Provision etc. to Third Parties

• To the extent necessary for achieving the purposes of the use stipulated in 1. of Purposes of Use, etc. above, the Company may provide personal data to contractors when entrusting all or part of handling the personal data to such contractors. In such case, we will request the contractors to handle the personal data appropriately. In addition, even after selection and entrustment to the contractors, the Company will confirm as necessary whether safety management in relation to personal data is being appropriately carried out by the contractors.

• The Company will not disclose or provide personal data of a Principal to third parties unless there is a situation which falls into one of the followings:

  • where the consent of the Principal is given regarding disclosure or provision to third parties;
  • where it is based on laws and regulations;
  • when it is necessary for the protection of life, body or property of a person and it is difficult to obtain consent from the Principal;
  • when it is particularly necessary to improve public health or promote the sound growth of children, and it is difficult to obtain consent from the Principal;
  • when it is necessary to cooperate with the government agencies, local governments or contractors entrusted by them in carrying out the affairs prescribed by laws and regulations, and obtaining the consent of the Principal is likely to impede the execution of such affairs; or
  • when such third party is an academic research institution, etc., and it is necessary for such third party to handle said personal data for academic research purposes (including cases where part of the purpose of handling the personal data is for academic research purposes, and excluding cases where there is a risk of unjustly harming the rights and interests of individuals).

End.

4. Management of Pseudonymously Processed Information etc.

• In creating pseudonymously processed information (meaning information on an individual obtained by processing personal information so that a specific individual cannot be identified unless the information is collated with other information, in accordance with the provisions of the laws and regulations; the same applies hereinafter), the Company will carry out appropriate processing.
• When the Company created pseudonymously processed information or obtained pseudonymously processed information or deleted information, etc. in relation to such pseudonymously processed information (meaning descriptions, etc. and individual identification codes, etc. which are deleted from personal information used when creating the pseudonymously processed information as well as information on the processing method conducted pursuant to the preceding paragraph; the same applies hereinafter), we will take security control measures of the deleted information, etc. and implement appropriate handlings of the same.

• The Company will handle the pseudonymously processed information within the scope of the specified purpose of use, unless otherwise permitted under laws and regulations.
  Further, when the Company obtains pseudonymously processed information which is personal information or changes the purpose of use of such pseudonymously processed information, we will publicize the purpose of use of such pseudonymously processed information.

  Please see here for the purposes of use of pseudonymously processed information.

• When the Company uses the pseudonymously processed information on its own, we will not collate it with other information for the purpose of identifying the person relating to the original personal information.
  Further, the Company will not acquire the deleted information, etc. when the pseudonymously processed information is not personal information.

• In handling the pseudonymously processed information, the Company will not use the contact information or other information contained in the pseudonymously processed information to make telephone calls, send letters by mail, send telegrams, send by facsimile or electromagnetic means, or visit residences.

• The Company may share personal data which is pseudonymously processed information.

  Please see here for the sharing pseudonymously processed information.

5. Management of Anonymously Processed Information etc.

• In cases where the Company creates anonymously processed information (meaning information on an individual obtained by processing personal information so that a specific individual cannot be identified, in accordance with the provisions of the laws and regulations, and that the personal information is not capable of being restored; the same applies hereinafter), we will carry out appropriate processing. Further, when the Company created anonymously processed information, we will publicize items of information contained in the said information, take measures for safety control measures and complaints handling, etc., and publicize such measures.
• When the Company created anonymously processed information, we will take security control measures of information such as the processing method and implement appropriate handlings.

• The Company may provide anonymously processed information (which it receives from a third party) to third parties.

  Please see here for the providing anonymously processed information to third parties.

• When the Company uses the anonymously processed information on its own, we will not collate it with other information for the purpose of identifying the person relating to the original personal information.

6. Safety Control Measures Taken for Retained Personal Data

The Company will properly implement the following measures to ensure the safe control of the retained personal data.

Please see here for the safety control measures.

7. Responses to Requests from Principals

With respect to handling of the personal information by the Company, any inquiries from a Principal, any requests for notifying purpose of use of retained personal data, any requests for disclosure, correction, addition, removal, suspension of use or deletion regarding the retained personal data, any requests for disclosure of records provided to third parties or any requests for suspension of provisions of retained personal data to third parties, or any other requests will be received at “Personal Information Inquiry Desk” described below.

Please see here for the Personal Information Inquiry Desk.

8. Others

This Personal Information Protection Policy may be subject to renewal or revision without prior notice. Thank you for your understanding.

Revised as of December 1, 2024
NH Foods Group
NH Foods Ltd.
President and Representative Director
Nobuhisa Ikawa