*Note that the term, “Personal Information” in this policy includes, in addition to “personal information,” “retained personal data,” “anonymized personal information,” “pseudonymized personal information,” and “Specific Personal Information,” and so on.
- Purpose of Personal Information Protection
The Company will ensure the “confidentiality,” “integrity,” and “availability” of the stored data concerning Personal Information held by the Company, and may delete or correct (hereinafter referred to as “Retained Personal Data”), and protect it from various threats (hereinafter referred to as “Personal Information Protection”). For this purpose, we will not only comply with laws and regulations, but also ensure a high level of security in order to contribute to the interests of our customers and stakeholders, taking into consideration ethical and social requirements and the latest trends in the handling of such information.
- Initiatives by the Board of Directors and Management
Under the supervision of the board of directors, and under the initiative of the management, the Company will systematically and continuously implement measures for Personal Information Protection and strive to improve and enhance such measures.
- Establishment of a Personal Information Protection System
The Company has established a Personal Information Protection system by appointing a person responsible for handling Personal Information (hereinafter referred to as the “Manager Responsible for Personal Information Protection”). We have clarified the Personal Information to be handled, and put in place a system for reporting to the Manager Responsible for Personal Information Protection when any fact or sign of violation of laws, regulations, or internal rules is detected. In addition, in order to protect and appropriately manage Personal Information, the Manager Responsible for Personal Information Protection has developed the “Proper Handling of Personal Information” as an integral part of this basic policy.
- Compliance with Legal Requirements
The Company will comply with all applicable laws, regulations, national guidelines, and other standards regarding the handling of Personal Information retained by the Company.
- Maintenance of Internal Rules, Etc.
In order to protect and appropriately manage Personal Information, the Company has established regulations and standards, etc. regarding the Personal Information Protection based on the preceding articles and relevant domestic and international standards and criteria, technical trends, and stakeholders’ requests, etc., and will ensure that all the persons engaged in our business will be fully aware of and will comply with them. Moreover, we have separately established “Specific Personal Information Handling Rules” for the handling of Specific Personal Information, etc.
- Specification of Purpose of Use
When acquiring Personal Information, the Company will limit the scope of use to the extent necessary for business activities, specify the purpose of its use as much as possible, acquire the information appropriately through legal and fair means to the extent necessary to achieve the purpose, and will not use it for any purpose other than the purpose of use (hereinafter referred to as the “Unauthorized Use”) in addition to taking necessary measures to ensure that the information will not be used for unintended purpose. Furthermore, except as otherwise provided by law or regulation, the Company will not handle Personal Information or provide such information to any third party beyond the scope necessary to achieve the specified purpose of use without obtaining the prior consent of the person who provided such information.
*For details about “Purpose of Use,” “Method of Acquisition,” and “Provision and Disclosure to Third Parties,” please refer to “Proper Handling of Personal Information.“
- Responding to Incidents
The Company will choose and conduct the proper response that will contribute to prevent and correct the unauthorized access to, or loss, destruction, falsification, or leakage, etc. of Personal Information.
- Implementation of Outsourced Contractor Management
When the Company outsources the handling of Personal Information to our partner company, we will single out a partner company that meets our prescribed standards for selecting outsourced contractors and will minimize the necessary amount of Personal Information to be outsourced to achieve the purpose of use, ensuring that such information will be managed appropriately.
- Implementation of Safety Control Measures
In order to prevent leakage, loss, or damage of Personal Information and to properly manage Personal Information, the Company will take safety management measures such as clarification of employee responsibilities, development of internal rules, education and training of employees, and physical and technical measures to prevent information leakage and other accidents. We implement access control in accordance with the “Need to Know” principle, and limit the number of people in charge and the scope of Personal Information they handle.
- Responding to the Exercise of the Right as a Person Concerned
The Company has established a point of contact for complaints, consultation, disclosure, correction, addition, deletion, etc., regarding the Personal Information of the person concerned, and will respond to any such inquiries without delay.
*For details, please refer to “Proper Handling of Personal Information.”
- Regular Review and Continuous Improvement
In order to sustain our efforts at Personal Information Protection and to respond to changes in the internal and external environment, such as the business environment and social conditions, the Company strives to continuously improve by regularly reviewing the content and implementation status, etc. of management measures, including the management system and internal rules, etc. regarding the Personal Information Protection.
Fernando Luis Vázquez Cao, Representative Director and CEO
SBI Digital Asset Holdings Co., Ltd.
1-6-1 Roppongi, Minato-ku, Tokyo 106-6019, Japan
Enacted on: April 1, 2020
Last revised on: May 1, 2023