We recognize that ensuring the security of information assets is one of our important management issues, and therefore protect our information assets from internal and external threats, fulfill our social responsibilities, and carry out business operations continuously and stably by providing a sense of trust and security to our business partners, thus improving our corporate value. To earn the trust of our business partners and society, we shall establish, implement, and promote the information security policy described below.

1. Information assets are appropriately collected, utilized, and provided for our business development according to our internal rules.
2. Appropriate measures are taken to prevent and remedy unauthorized access to and loss, leakage, falsification, or destruction of information assets.
3. Information security laws and regulations and other norms are observed.
4. Officers and all persons engaged in business are proactively educated and trained to increase awareness of the importance of information security and ensure the appropriate use of information assets.
5. Compliance with information security policy is inspected and evaluated as a regular audit to ensure information security. Based on the results, the policy is reviewed to continuously improve operations.

CRECON Medical Assessment Inc. shall establish, implement, and promote the following personal information protection policy to comply with the laws and other norms regarding personal information protection in order to ensure the security of personal information that is collected, stored, and used for our business purposes.

1. In collecting personal information, we shall reveal the purpose of using personal information by legal and fair means, and publish necessary information on our website.
2. For proper handling and management of personal information, we shall thoroughly inform all related parties, such as our officers and employees (including general officers and employees, part-timers, and dispatched employees) and other contractors, about our policy.
3. To prevent the loss, destruction, falsification, or leakage of personal information, we shall take appropriate measures for information security against unauthorized access, computer viruses, etc.
4. To entrust personal information to a third party for outsourcing, we shall thoroughly investigate the third party, conclude a necessary contract, and take other legally necessary measures.
5. Only duly authorized personnel in our company may use personal information within the scope of a specified purpose as needed for the performance of business.
6. We provide information, such as the names of officers and persons in charge in companies surveyed by our company, to a third party.
7. We recognize that those who provide personal information have the right to disclose, correct, discontinue the use of, and delete their personal information, and we shall appropriately respond to their request after confirming their identity.

CRECON Medical Assessment Inc.

+81-3-3407-4491