To fulfil our corporate social responsibilities, we will establish "Personal Information and Specific Personal Information Protection Policy" and hereby declares that we will make every effort to implement it. This policy complies with applicable personal information protection laws (including, but not limited to, laws, regulations, guidelines, and other directives related to the protection of personal information, as well as overseas personal information protection laws such as the EU General Data Protection Regulation (GDPR)).

1.    Acquisition, use, and provide personal information, etc.

When handling personal information and specific personal information at our company, we will obtain, use, and provide such information only to the extent necessary for the performance of our business and for the employment and human resources management of our employees. When obtaining personal information and specific personal information, we will disclose the purpose of use or clearly indicate it to the individual concerned, establish and implement procedures to ensure that such information is not used for any purpose other than the disclosed purpose, and take necessary measures to prevent unauthorized access, loss, or damage. Similarly, we will strictly manage personal information and specific personal information entrusted to us by our business partners, and will handle such information solely within the scope specified in the relevant business outsourcing contract.

2.    Compliance with Laws and Regulations

We will comply with all applicable laws and regulations regarding personal information and specific personal information, including the GDPR and other overseas personal information protection laws, as well as guidelines established by the government and other relevant standards.

We will take reasonable security measures and corrective actions to prevent unauthorized access to personal information and specific personal information, as well as the loss, destruction, alteration, or leakage of such information. For details on the security measures we have implemented, please contact us at "12. Contact Information."

4.    Management System

We have appointed a personal information management officer responsible for the protection of personal information and specific personal information, and have granted them the necessary authority and responsibility to implement and operate the personal information protection management system, ensuring appropriate management.

5.    Continuous Improvement

Our personal information protection management system will be continuously improved through education, operation, audits, and reviews.

6.    Purpose of Use and Legal Basis

The personal information we obtain will be used within the scope of the following purposes. For details on the purposes of use and handling of personal information of customers residing in the EU and the UK, please refer to "13. Handling of Personal Information of Customers Residing in the EU and the UK."

No.	Personal information subject to this policy	Purpose
1	Personal information entrusted to us in connection with the research, development, manufacturing, sales, and operation of medical-related systems and other services provided by our company	① Performing tasks necessary for research and development ② Personal authentication related to the services we provide, and investigation of unauthorized use such as impersonation ③ Sending notices and materials regarding the services we provide ④ Acceptance of applications for various surveys, campaigns, etc., and notification to winners and gift shipments ⑤ Conducting necessary business operations for the provision of our services and handling inquiries ⑥ Collection and analysis of marketing data (statistical information processed in a form that does not identify individuals) ⑦ Issuance of newsletters (with consent) ⑧ Other tasks related to or incidental to the above tasks
2	Personal information (including cookie information) collected through our websites and other services	① Personal authentication related to the services we provide, as well as investigations into unauthorized use such as impersonation ② Sending notices or materials related to the services we provide ③ Acceptance of applications for various surveys, campaigns, etc., notification of winners, and shipment of prizes, etc. ④ Conducting necessary operations for providing our services and responding to inquiries ⑤ Tasks necessary for the aggregation and analysis of marketing data (statistical information processed in a form that does not identify individuals) ⑥ Issuance of newsletters (with consent) ⑦Performance of other tasks related to or incidental to the above tasks Ⓑ Analysis of website usage, improving usability, and delivering optimal advertisements (detailed provisions are separately specified in the Cookie Policy)
3	Personal information received through inquiries submitted via our website	Confirmation, response, and communication regarding inquiries
4	Personal information of individuals who wish to apply for employment with our company	① Procedures related to the recruitment process ②Provision of information, communication, and notifications to applicants regarding recruitment procedures, etc.
5	Personal information about employees	① Procedures related to personnel management ② Procedures for salary management ③ Unemployment insurance and social insurance procedures ④ Explanation of qualifications and job performance capabilities to customers ⑤ Publication in internal newsletters, advertisements, websites, etc. (with consent) ⑥Performance of other tasks related to or incidental to the above-mentioned duties
6	Personal information of employees and other individuals	In accordance with applicable laws and regulations, we will record the personal identification numbers of employees, subcontractors, and other individuals on documents such as withholding tax statements for salary income, payment statements, and applications for enrollment in health insurance and employee pension insurance, and submit such documents to government agencies and health insurance associations.

7.    Retention period for personal information

We will retain personal information for the period necessary to achieve the purposes specified above and will appropriately delete or anonymize such information upon the expiration of the retention period. The specific retention period will be determined based on the type of personal information, the purpose of use, legal obligations, and other factors. For details, please contact the "12. Contact Information."

8.    Disclosure of personal information to third parties

(1)    Except in the following cases, we will not provide personal information to third parties without the prior consent of the individual concerned.

●    When required by law
●    When necessary to protect human life, physical safety, or property, and obtaining the individual's consent is difficult
●    When it is particularly necessary for the improvement of public health or the sound development of children, and obtaining the individual's consent is difficult
●    When it is necessary to cooperate with national or local government agencies or their authorized representatives in the performance of their duties as prescribed by law, and obtaining the individual's consent would likely hinder the performance of such duties
●    When entrusting the handling of all or part of personal information to a third party within the scope necessary to achieve the purpose of use (see "9. Outsourcing" below)

(2)    We will not provide specific personal information to third parties except when required by law or judicial proceedings.

9.    Outsourcing

We may outsource the handling of personal information we have received to external parties for the purpose of achieving the purposes of use specified in "6. Purpose of Use and Legal Basis." In such cases, we will contractually obligate the outsourcing party to comply with overseas personal information protection laws, including the GDPR, and to implement appropriate security measures, and we will conduct necessary and appropriate supervision.

10.    Data Subject Rights

The data subject or their authorized representative has the following rights regarding their personal information held by us. (The main rights under Japan's Personal Information Protection Act are as follows. For rights under the GDPR, etc., for customers residing in the EU and the UK, please refer to "13. Handling of Personal Information of Customers Residing in the EU and the UK.") If you wish to exercise these rights, please contact us at "12. Contact Information." We will provide details on the procedures.

(1)    Right to Request Disclosure, etc.: You may request notification of the purpose of use, disclosure (including disclosure of records of provision to third parties), correction, addition, or deletion of content, suspension of use, deletion, and suspension of provision to third parties (hereinafter referred to as "disclosure, etc.").
(2)    Response Method: When a request for disclosure, etc. is received, we will respond using the method specified by the individual or their authorized representative, such as providing electronic records or delivering written documents. However, if the requested method is deemed excessive in light of the costs associated with disclosure, etc., or other circumstances, we may respond using a method specified by our company.
(3)    Verification of Identity: When responding to inquiries, we may verify the identity of the individual making the request or their authorized representative. If we are unable to verify the identity of the individual making the request, we may be unable to respond to the request.
(4)    Response within a reasonable period: We will respond to requests for disclosure of personal information, etc. from the individual or their representative, and our response to such requests will be provided within a reasonable period.
(5)    Fees: When notifying the purpose of use or disclosing personal information or records of disclosure to third parties, a fee of 1,000 yen (including tax) will be charged for each request.

11.    Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO). For inquiries regarding the handling of personal information, please use the contact window at "12. Contact Information."  For inquiries regarding the GDPR, you may also use the contact window listed in "13. Handling of Personal Information of Customers Residing in the EU and the UK."

12.    Contact Information

For any questions, complaints, or consultations regarding the handling of personal information, or inquiries regarding the exercise of rights as defined in "10.Data Subject Rights," please contact the following contact point.

AI Medical Service Inc. Personal Information Complaint Consultation Desk
Email:personal-info@ai-ms.com 
Mailing Address: Hareza Tower 11F, 1-18-1, Higashi-Ikebukuro, Toshima-ku, Tokyo, 170-0013, JAPAN
Personal Information Protection Officer

13.    Handling of Personal Information for Customers Residing in the EU and the UK

We will handle personal information obtained from customers residing in the EU and the UK in accordance with the following separate policy.

(1)    Personal information of customers residing within the EU and UK that we handle, along with its purpose of use and legal basis

The personal information we obtain from customers will be used within the scope of the following purposes, based on the legal basis specified under the GDPR.

Personal information subject to this policy	Purpose	Legal basis under the GDPR
Personal information entrusted to us in connection with the research, development, manufacturing, sales, and operation of medical-related systems and other services provided by our company	① To carry out necessary business operations for research and development ② Personal authentication related to the services we provide, and investigation of unauthorized use such as impersonation ③ Sending information or materials related to the services we provide ④ Accepting applications for various surveys, campaigns, etc., notifying winners, and sending gifts, etc. ⑤To perform necessary operations for providing our services and responding to inquiries ⑥ Aggregation and analysis of marketing data (statistical information processed in a form that does not identify individuals) ⑦ Issuance of newsletters (with consent) Ⓑ Other operations related to or incidental to the above operations	To fulfill contracts For the performance of the contract For our legitimate interests (service improvement, prevention of unauthorized use) With the individual's consent (where applicable)
Personal information (including cookie information) entrusted to us through our websites, etc.	① Personal authentication related to the services we provide, and investigation of unauthorized use such as impersonation ② Sending information or materials related to the services we provide ③Accepting applications for various surveys, campaigns, etc., notifying winners, and sending gifts, etc. ④To perform necessary operations for providing our services and responding to inquiries ⑤Aggregation and analysis of marketing data (statistical information processed in a form that does not identify individuals) ⑥ Issuance of newsletters (with consent) ⑦Other operations related to or incidental to the above operations ⑧ To analyze website usage, improve convenience, and deliver optimal advertising (details specified separately in the Cookie Policy)	For the performance of the contract For our legitimate interests (service improvement, fraud prevention, website optimization) With the individual's consent (for cookie usage, newsletter distribution, etc., where applicable)
Personal information received through inquiries submitted via our website	Confirmation, response, and contact regarding the inquiry	For our legitimate interests (inquiries)

(2)    Processing based on consent and the right to withdraw consent

We will handle your personal information in strict accordance with this Privacy Policy and the provisions of the preceding paragraph, based on your consent to the handling of personal information as set forth herein. Please note that you may withdraw your consent at any time; however, such withdrawal will not affect the legality of any processing conducted by us prior to the withdrawal. Additionally, if you are under the age of 16 and wish to use the services provided by us, you must obtain consent from your parent or guardian before agreeing to use the services provided by us.

(3)    Necessity of Providing Personal Information

The personal information provided by customers is necessary for us to provide services to customers. Therefore, customers who do not provide such information may not be able to use the services provided by our company.

(4)    Disclosure of Personal Information to Third Parties and Transfers to Third Countries

Except as necessary to achieve the purposes specified in Section 1, or as required by law, we will not disclose personal information to third parties without prior consent from customers.
We may transfer and process your personal information to countries outside the EU and the UK (including Japan). We will only transfer such information if the country to which it is transferred has been deemed by the European Commission to provide an adequate level of data protection, or if we have implemented appropriate safeguards, such as the Standard Contractual Clauses (SCCs).

(5)    Retention Period

We will retain your personal information for as long as necessary to provide you with our services. However, we will promptly delete such information once it is no longer necessary. For specific retention periods, please contact us at "12. Contact Information."

(6)    Data Subject Rights

Customers located within the EU and the UK have the following rights under the GDPR and applicable data protection laws. If you wish to exercise any of these rights, please contact the "(7) Data Protection Representative in EU and UK" listed below.

●    Right to request disclosure
●    Right to request rectification
●    Right to erasure (right to be forgotten)
●    Right to restrict processing
●    Right to data portability (the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible)
●    Right to object (including processing for direct marketing purposes, the right to object to the processing of personal data based on our legitimate interests)
●    Right to withdraw consent (see above "(2) Processing based on consent and the right to withdraw consent")

(7)    Data Protection Representative in EU and UK

We have appointed Data Protection Representative Limited (hereinafter referred to as "DataRep") as our Data Protection Representative.

For any questions regarding GDPR or UK data protection laws, or to exercise your rights regarding personal data, please use the following methods:

●    Contact DataRep by email: Send an email todatarequest@datarep.com with "AI Medical Service Inc." in the subject line.
●    Submit an inquiry via the web form: Access the form at www.datarep.com/data-request and complete the form.
●    Inquire by mail: Please mail your inquiry to the DataRep office most convenient for you, as listed on the DataRep website (www.datarep.com/data-request). When inquiring by mail, please be sure to include "Data Protection Representative Limited" in the address and clearly indicate that the inquiry is regarding "AI Medical Service Inc." in the letter.

If you have any concerns about how DataRep handles personal data required for its data protection representative services, please refer to DataRep's Privacy Notice at www.datarep.com/privacy-policy .

(8)    Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with the data protection supervisory authority responsible for the handling of your personal information.

(9)    Other

We may handle personal information differently from the above in accordance with the GDPR, other relevant laws and regulations, and the laws of the United Kingdom.

14.    Cookie Policy

Our website uses cookies for the purposes of improving customer convenience, statistically analyzing website usage for website improvement, displaying the most appropriate content to customers, and delivering advertisements. For more details about our cookie policy, please refer to our separate "Cookie Policy."

15.    Changes to the Privacy Policy

We may revise this Privacy Policy as necessary due to changes in laws and regulations or for operational reasons. In such cases, we will notify you by posting the revised policy on our website or by other appropriate means. We will endeavor to notify you in advance of any significant changes.

Effective Date: 2nd September 2019
Last Revised: 1st November 2024
AI Medical Service Inc.

Representative Director Tomohiro Tada