Personal information protection policy

Medley Inc. (hereinafter referred to as "the Company") believes that it is our social responsibility to properly handle personal information when conducting corporate activities. To fulfill this responsibility, we have established a personal information protection policy, as shown below. We have also established a personal information protection management system and take responsibility in fulfilling our obligations as a company.

Article 1: Acquisition and Use of Personal Information

The Company acquires personal information after clarifying the purpose of use and will use this information only within the scope of the purpose.

Article 2: Management and Protection of Personal Information

The company will strive to implement appropriate security to prevent the loss, misuse, or modification of personal information under the Company's control and take immediate corrective measures in the event of any issues. In addition, in principle, data will not be disclosed or provided to third parties unless the user consents.

Article 3: Compliance with Laws and Regulations

The Company will comply with applicable laws, regulations, national guidelines, and other norms concerning the handling of controlled personal information.

Article 4: Response to Inquiries and Complaints

The Company will respond promptly to inquiries and complaints about managed personal information.

Article 5: Continuous Improvement and Structure of the Personal Information Protection and Management System

The Company will continue to make improvements to our management systems and procedures for protecting personal information.

1. Objectives

The purpose of these regulations is to ensure the security of individuals and personal information by collecting, storing, using, and providing personal information appropriately, as well as storing and disposing of such information in a safe and up-to-date state.

2. Definitions

1. Personal information is information on individuals, including individuals' customers, business partners, and employees, that can be identified using letters, images, or sounds, such as addresses, names, telephone numbers, or e-mail addresses.
2. Information subjects are individuals who can be identified by personal information.

3. Personal Information Manager Contact Information

The Personal Information Manager Contact Information is as follows:
Medley Incorporated
Personal Information Manager
Telephone number: 03-4520-9820
E-mail address: privacy@medley.jp
* Working hours are from 9 am to 6 pm on weekdays.
* We do not accept inquiries coming to the Company directly from visitors.

4. Purpose of collection and use of personal information

The Company collects personal information within the scope of our business activities, clearly defines the purpose of collection, and uses it within the scope necessary to achieve that purpose. When the Company collects and uses information beyond the scope of the objective, we will notify the information subject of this fact and collect and use information after obtaining the consent of the information subject. However, if the information subject provides overall consent for the notification of information, individual consent is not required. The purpose and scope of personal information collection are as follows:

1. Personal certification of our user services and membership services
2. Disclosure to hospitals etc. using our services on the basis of consent of the information subject
3. Sending information and materials regarding our services
4. Receipt of applications for various questionnaires, campaigns, contacting winners, shipment of prizes, etc.
5. Monitoring for preparing articles, recruitment and acceptance of applications for interviews, contact with subjects, etc.
6. To provide our services and perform the tasks required to respond to inquiries from users
7. Contact hospitals, etc. to confirm the status of user employment
8. Personal inquiries about payments for recruitment congratulations through our trading bank
9. Other cases necessary for the execution of businesses related to or incidental to the aforementioned duties

5. Provision of personal information to third parties

As a general rule, we do not provide the personal information of the user to any third party without the consent of the user. This information will be provided only if the user agrees to it after identifying the destination and the content of the information provided. However, in the following cases, personal information may be provided without the permission of the user.

1. When disclosure or provision is permitted by law
2. When the user is determined to be violating the interests of a third party
3. Disclosure of the user's personal information is requested by a court, public health authority, police, lawyers' associations, consumer centers, or similar institutions.
4. When it is particularly necessary to improve public health or promote healthy child development and it is difficult to obtain the consent of the user
5. Where it is necessary for a national institution, a local public organization, or a person commissioned by the institution to cooperate in implementing the affairs specified by law, and where it is determined by the Company that there is a risk of interfering with the performance of the affairs by obtaining the consent of the user himself/herself.
6. When the user is required to explicitly disclose or provide the information to a third party
7. When part or all of the duties for handling personal information are outsourced within the range necessary to achieve the purpose of use
8. Provided in association with succession of the project for mergers or other reasons
9. Providing the information within the scope of our legitimate businesses and without the risk of harm to the interests of the information subject

6. Indemnification

In the following cases, we are not responsible for obtaining personal information from third parties.

1. When the user himself/herself provides his/her personal information to a third party
2. Identification of individuals on the basis of information entered by the user or other users into our services
3. When a user provides personal information via an external site linked to our services or when the personal information is used by a third party.
4. When information (ID, passwords, etc.) that can be identified by a user other than the user is obtained

7. Personal information management in hospitals and other third parties such as the Company's business banks

Based on the consent of the user, the personal information of the user provided to third parties, such as the Company's business bank and the applicant hospital, is managed under the responsibility of the third party of each provider.

8. Regarding the outsourcing of personal information

The Company may subcontract all or part of the handling of personal information to the extent necessary to achieve the objectives of use. If the handling of personal information is outsourced, appropriate outsourced individual/companies will be selected, and efforts will be made to appropriately supervise the handling of personal information so that it can be managed safely.

9. Accuracy of personal information

The Company will strive to accurately process the personal information provided. However, the user is responsible for ensuring that the content of the personal information provided is accurate and up-to-date.

10. Use of statistical data

On the basis of the personal information provided by the user, the Company may process statistical data; however, the user will not be identified. The Company has no restrictions on the use of statistical data processed to prevent the identification of individual users.

11. Changes to personal information, etc.

As a general rule, only the user can request disclosure, correction, deletion, or suspension of use of the registered personal information, as well as suspension of provision to third parties (hereinafter referred to as "disclosure"). The deletion of personal information or the cessation of personal information use may make it impossible for users to receive services currently in use. In addition, if any of the following situations arise consequent to our response to disclosure, the Company may not be able to respond to disclosure after explaining to the user that we are unable to respond and the reason for which that is the case.

1. When there is a risk of harm to the life, body, property, or other rights of a user or a third party
2. Instances that may significantly interfere with the proper implementation of our businesses
3. Instances of violation of laws and regulations

12. Obtaining personal information by a method not easily recognized by the individual

Information on attributes and behavior history may be obtained using technologies such as cookies to improve the usability of sites, to obtain statistical information such as accessibility, and to optimize the efficacies of advertising. However, the use of such technologies will not result in the obtainment of personal information not entered by the user. Individuals can also refuse to save cookies by setting up their browsers; however, the required features such as logging in will no longer be available.
Please refer to this "example of using external services" for more information about cookies, the setting of behavioral targeting ads, and procedures for opting out.

13. Changes in personal information handling regulations

Unless otherwise specified by law or regulation, the Company will be able to change the regulations regarding the handling of personal information at any time.