PRIVACY POLICY

1. Purpose of personal information use

Our company will use the personal information obtained (referred to as "personal information" as defined in Article 2, Paragraph 1 of the Personal Information Protection Act, and the same shall apply hereinafter) for the following purposes.

Classification

Purpose of Use

Information for individual customers and members

For the purpose of identity verification and prevention of fraudulent use in our services.

For the smooth provision, maintenance, and improvement of our services, including notifications, communications, and other communication functions to customers.

For the purpose of making various proposals related to our services, including notifications, advertising, promotion, direct mailings, and telephone introductions concerning products and services of our company, registered companies, and affiliated partners that may be useful to customers.

For the purpose of notifying important information related to our services, such as changes to the terms of use, this policy, suspension, discontinuation, or termination of contracts.

Based on the personal information you registered, we will aggregate it as statistical information within a range that cannot identify you as an individual, to serve as a reference for developing useful services for customers.

To provide personal information to third parties in accordance with the regulations on "Handling of Personal Information" when the user agrees to these regulations.

Information for affiliated representatives

To verify the contents of orders and deliveries related to our services.

To handle inquiries and provide guidance regarding our services.

To notify users about the terms of use of our services, changes to these regulations, suspension, discontinuation, termination of contracts, and other important notices concerning our services.

Employee Information of Our Company

For the personnel and labor management of our employees, as well as business management.

For the Health Management of Our Employees.

For the security management of our company.

Recruitment Applicant Information for Our Company

For contacting job applicants and managing our recruitment operations.

Specific personal information

For the purposes specified by the My Number Act.

Electricity contract application information

To confirm the application details and to forward the application content to the affiliated electricity company.
To provide guidance on our services and respond to inquiries.

Personal information of individuals who have made "enquiries"

To provide guidance on our services and to respond to inquiries.

Recorded audio from phone response (non-disclosure)

To improve call center operations management and the quality of customer service, as well as to verify the content of conversations with customers.

Personal information handled in the services entrusted to us (non-disclosure)

To appropriately handle and manage personal information based on the contract between the client and our company.
For the execution of system development operations, maintenance support services, and related tasks.

Information for shareholders and potential shareholders

For the exercise of rights and performance of obligations under the Companies Act.
In order to provide various conveniences from our company for your position as a shareholder.
To implement various measures to facilitate the relationship between shareholders and our company.
For shareholder management, including the creation of shareholder data based on prescribed standards according to various laws and regulations.

2. Appropriate acquisition of information

We acquire personal information through legal and fair means, without resorting to deception or other fraudulent methods.

4. Entrustment of Personal Information Handling

Our company may entrust third parties with handling all or part of the personal information obtained from users to the extent necessary for achieving the target of use, which includes analyzing, managing, and other tasks involving personal information. In this case, we will conclude confidentiality agreements with the entrusted parties in advance and conduct necessary and appropriate supervision to ensure the proper safety management of the information by the entrusted parties.

6. Safety Management System

To prevent the leakage, loss, or damage of personal information and protect personal data, we implement necessary and appropriate measures for safety management, such as restricting access to personal information files, limiting access rights to the minimum necessary, recording access logs, and introducing security software to prevent unauthorized access from outside.

a. Formulation of the Basic Policy
To ensure the proper handling of personal data, we have established a "Personal Information Protection Policy" covering aspects such as "compliance with relevant laws and guidelines" and "inquiry and complaint handling desk."

b. Development of regulations related to the handling of personal data
Personal information protection regulations have been formulated concerning the handling methods, responsible persons, and their duties at each stage, including acquisition, use, storage, provision, and deletion/disposal of held personal data.

c. Organizational Safety Management Measures

• i. We have appointed a person responsible for handling personal data, clearly defined the scope of personal data handled by employees, and established a reporting system to notify the responsible person if there are any signs or facts of violations of laws or handling regulations.
• ii. Regarding the handling of personal data, we regularly conduct self-inspections and audits by other departments and external parties.

d. Personnel safety management measures

• i. We conduct regular training sessions for employees on important considerations regarding the handling of personal data.
• ii. We have received confidentiality pledges concerning personal data from all employees.

e. Physical Security Management Measures

• i. In areas where personal data is handled, we implement measures to manage the entry and exit of employees and restrict the devices brought in, while also preventing unauthorized access to personal data.
• ii. Measures are in place to prevent the theft or loss of devices, electronic media, and documents that handle personal data. Additionally, precautions are taken to ensure that personal data does not easily come to light when these devices and electronic media are carried, including during movement within the business premises.

f. Technical safety management measures

• i. We implement access control to restrict the range of personnel and the personal information database they handle.
• ii. We have implemented a system to protect information systems handling personal data from unauthorized access or malicious software from external sources.

7. Notification regarding the handling of retained personal data.

We will handle requests for notification of purpose of use, disclosure, correction, addition, or deletion of content, suspension of use, erasure, and suspension of provision to third parties (hereinafter referred to as "Requests for Disclosure, etc.") regarding the personal data or records of third-party provision held by our company, in accordance with the following procedures.

a. Name of the business operator
ENECHANGE Ltd.
Toranomon 30 Mori Building 2F, 3-2-2 Toranomon, Minato-ku, Tokyo 105-0001, Japan
Tomoya Maruoka, Representative Director and CEO

b. Personal Information Protection Administrator
Administrator name: Yuichiro Shinohara
Department Assignment: General Affairs & Legal Department

c. Purpose of use for all held personal data
The same as above "2. Purpose of Using Personal Information"
*Excluding undisclosed information.

d. Contact point for complaints regarding the handling of retained personal data
Please contact us through the [Inquiry Desk] at the bottom of the page for opinions, questions, complaints, and other inquiries regarding the handling of personal information (Note: Business hours are from 10:00 to 18:00 on weekdays).

e. Certified Personal Information Protection Organisation
Name: Japan Institute for Promotion of Digital Economy and Community
Complaint Resolution Contact: Personal Information Protection Complaint Consultation Room
Address: 1-9-9 Roppongi First Building, Roppongi, Minato-ku, Tokyo 106-0032
Phone Number: 03-5860-7565 / 0120-700-779

f. Procedures for responding to requests for disclosure of retained personal data or records of third-party provision.

i. Disclosure request contact point

For requests regarding disclosure, please contact the personal information inquiry desk above.
* If you wish to use electronic procedures for disclosure, please state so. We will generally accommodate your request.

ii. Procedures for Demands for Disclosure, etc.

• (1) After receiving your request, we will send the specified invoice form, "Request for Disclosure of Retained Personal Data," by mail or as an email attachment.
• (2) Please mail the completed invoice, a document confirming the proxy when requested by a proxy, and a postal money order for the fees (only for notifying the purpose of use and requesting disclosure) to the above personal information inquiry desk.
• (3) After receiving the above invoice, we will inquire about two pieces of personal information registered with us that can be used to verify your identity, such as your phone number and date of birth.
• (4) Responses will, in principle, be provided to the individual in writing (sent by sealed letter).

iii. Documentation to confirm that the individual is an authorized representative when making a request through a proxy.

If the person requesting disclosure, etc. is a representative, please enclose documents proving the representative status, as well as documents proving the identity of the representative themselves. The domicile information included in each document should be limited to the prefecture level, and any further information should be redacted. Additionally, please send documents that do not contain personal numbers, or ensure that all digits are redacted.

• (1) Documents proving that one is an agent
  〈If the request for disclosure or similar actions is made by a representative authorized by the individual.〉
  The original power of attorney from the individual.
  〈If the proxy is the legal guardian of a minor〉
  A copy of either the family register, resident card (with the relationship stated), or other public documents verifying legal guardianship.
  〈If the proxy is the legal guardian of an adult ward〉
  A copy of either the certificate of registered matters concerning guardianship registration or other public documents verifying legal guardianship.
• (2) Document to verify the identity of the representative
  A copy of either driver's license, passport, and health insurance card (Please submit with all symbols and numbers blacked out), certificate of residence.

iv. Fee for Requesting Notification or Disclosure of Purpose of Use

A charge of 1,000 JPY per purchase applies.
(If billing is done on paper, please enclose a postal money order with the invoice you send. For other billing methods, please consult us at the time of billing.)