Direct Marketing MiX Inc. (the “Company”) and its group companies believe that properly handling and protecting personal information in every aspect of their business activities, while taking into consideration the usefulness to society and rights and interests of individuals, is an important social responsibility.

The Company, as specified below, strives to comply with the Act on the Protection of Personal Information and the related laws and regulations, establish an internal system and engage in associated initiatives.

Established: August 3, 2017
Amended: October 1, 2023

Direct Marketing MiX Inc.
Yuki Kobayashi, Member of the Board of Directors, President and CEO, Representative Executive Officer

The Company complies with the Act on the Protection of Personal Information and the related laws and regulations, including guidelines regarding business operators, etc. that handle personal information.

1. Personnel-related operations Procedures for joining the Company, labor management, employment management, personnel management, necessary communication, and other personnel-related procedures, etc.
2. Shareholder- and investor-related operations Management of shareholders and investors based on the Companies Act, appropriate provision of information concerning the Company’s condition, etc.
3. Other business operations Business-related communication with business partners and other related parties, performance of agreements, business discussions, etc.

Besides the above, the Company specifies the purpose of use for new business operations, existing business operations, etc. Furthermore, we endeavor to minimize data by limiting retained personal information to items that are sufficient, relevant, and required for the purpose of use. We will manage acquired personal information appropriately and, unless stipulated by law, etc., will not supply or disclose it to a third party without the person’s consent. In accordance with provisions relating to joint use in the Act on the Protection of Personal Information, if we do share and disclose personal information to a third party, we will clarify the purpose of joint use, the items of personal information to be jointly used, the scope of joint users, and the responsible administrator beforehand, provide notification or public announcement, and thoroughly conduct security management so that joint users also abide by the DmMiX Group’s Privacy Policy in the handling of the personal information concerned.

1. Establishment of disciplinary rules concerning the handling of personal information The Company has established the “Personal Information Protection Regulations (PIPR)” to ensure proper handling of personal information.
2. Systematic security control measures In accordance with PIPR, the Company has established a representative for personal information protection management and a personal information manager, and has built and implemented a management system. In addition, in accordance with the Information Security Regulations based on the Information Security Basic Policy, the Company has built and implemented an information security management system.
3. Human security control measures The Company conducts training regarding personal information for all employees several times, including when the employees join the Company and during the year on an irregular basis, and takes necessary measures to ensure that the proper handling of personal information is well known and carried out appropriately.
4. Physical security control measures For the retained personal information, the Company has implemented controls for employees entering and leaving areas where personal data is handled, while also controlling access to personal data and taking measures to prevent unauthorized persons from accessing personal data. In addition, in areas outside of those controlled by the Company, the Company has taken measures to prevent theft, loss, etc. of devices, electronic media, documents, etc. that contain personal data, and taken measures to ensure that personal data is not easily identified when the devices, electronic media, etc. are transported, including transfers inside and outside of business sites. Furthermore, when disposing of personal data and electronic media, the Company has taken measures to ensure that they are destroyed and cannot be restored or recovered.
5. Technical security control measures The Company controls security by limiting the persons who are authorized to access the information and the scope of access granted to authorized persons according to the retained information, or by keeping records of access to the information. In addition, the Company has taken measures to prevent unauthorized access, etc. from outside the Company and to prevent information leakage, etc. when using information systems.
6. Understanding of the external environment From the standpoint of information security, when the Company uses cloud servers of a service provider to store personal data, the Company uses only cloud servers that are located in Japan.

DmMiX respects the rights of personal information subjects regarding their personal information. If requested by a personal information subject to disclose, correct or delete, or not use or provide their personal information (hereafter referred to as “disclosure, etc.”), we will comply with such requests within a reasonable scope in accordance with the law and the Personal Information Protection Regulations.

1. Contact point for requesting disclosure, etc. Regarding requests for disclosure, etc., please mail the “Request Form for Disclosure of Retained Personal Information” and the necessary documents. When mailing the documents, please use acceptance-recorded mail, simplified registration registered mail, or other method where a record of the delivery can be confirmed, and write “Request for disclosure of personal information” on the envelope in red ink.
2. Document to submit when requesting disclosure, etc. When requesting disclosure, etc., fill out all of the specified information on the “Request Form for Disclosure of Retained Personal Information.”
3. Proof of identity To confirm the identity of the person requesting disclosure, etc., the Company requires that you submit the personal identification documents specified in the “Request Form for Disclosure of Retained Personal Information.”
4. Request for disclosure, etc. by a representative If you have delegated a person to act as your representative to request disclosure, etc., please submit the request authorization confirmation document specified in the “Request Form for Disclosure of Retained Personal Information.”
5. Fees for requesting disclosure and notification of the purposes of use The fees and payment methods for requesting disclosure and notification of the purposes of use are specified in the “Request Form for Disclosure of Retained Personal Information.”
6. Method of responding to requests for disclosure, etc. In accordance with the request, the Company will respond in writing by mail to the address specified in the “Request Form for Disclosure of Retained Personal Information” or respond by e-mail.

(Contact point for requests for disclosure, etc. of personal information)
Personal Information Inquiry Desk, Direct Marketing MiX Inc.
WeWork Midosuji Frontier 16F
1-13-22 Sonezakishinchi, Kita-ku, Osaka 530-0002, Japan

(Contact point for inquiries and complaints regarding personal information)
Personal Information Inquiry Desk, Direct Marketing MiX Inc.
e-mail: soumu@dmix.co.jp

* This policy complies with guidelines established by the national government and other standards. We will handle all personal information relating not only to customers but also to the Company’s executives and employees in the same manner as described above, and we will disclose this Privacy Policy at any time upon receiving an external request. If all or part of our Privacy Policy is changed, we will give notification of the changes on our website.