[Personal Information Protection Policy]
YC GROUP, Inc. (the “Company”) recognizes the importance of personal information protection in our PR and event management businesses, and hereby declares our company-wide commitment to operating a personal information protection management system based on the following policy.
- 1. In relation to the personal information handled in all our businesses, as well as the personal information of our executives and employees, the Company shall comply with the Act on the Protection of Personal Information, the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures, and other guidelines and regulations established by the national government.
- 2. The Company shall clearly define the purpose of use within the scope necessary for business execution, and shall appropriately acquire, use, and provide personal information. Acquired personal information shall be used solely within the scope of its intended purpose, and measures shall be taken to prevent its use for any other purposes.
- 3. When outsourcing all or part of the handling of personal information acquired pursuant to the preceding paragraph, the Company shall select an individual (or enterprise) that satisfies sufficient protection standards and shall implement appropriate measures through contracts or other means.
- 4. The Company shall implement appropriate and reasonable security measures to prevent and correct unauthorized access, leakage, loss, or damage to personal information.
- 5. The Company shall respond sincerely and promptly to complaints and consultations from the individuals concerned.
- 6. The Company shall respond without delay to requests for the disclosure, correction, deletion, or suspension of use of relevant personal information, as well as to complaints and consultations from the individuals concerned.
- 7. The Company shall periodically review and continuously improve its personal information protection management system.
Established: March 1, 2022
Last Revised: August 1, 2024
YC GROUP, Inc.
Yohei Kozono, President & CEO
For inquiries and complaints regarding the handling of personal information, please contact the desk below.
[Point of Contact] Personal Information Protection Manager, Director of Corporate Planning Division
Aoyama KY Bldg. 3F, 2-12-13 Kita-Aoyama, Minato-ku, Tokyo 107-0061
Personal Information Complaints & Consultation Desk, Director of Corporate Planning Division, YC GROUP, Inc.
Phone: +81-3-6271-5271
(Hours: 10:00 AM – 6:00 PM JST, excluding weekends and New Year holidays)
Contact us here: https://yc-group.jp/en/contact/
[Handling of Personal Information]
Established: December 25, 2023
Last Revised: January 22, 2026
YC GROUP, Inc.
Yohei Kozono, President & CEO
Based on the Act on the Protection of Personal Information (hereinafter referred to as the “Act”), we hereby announce the following matters.
Note 1: This includes matters that are legally required to be “kept in a state where the principal can easily know” and “kept in a state where the principal can know (including cases where responses are made without delay upon the principal’s request).”
1. Matters Concerning the Publication of the Purpose of Use of Personal Information
1) The purposes of use of personal information held by the Company are as follows:
| Types of Personal Information | Purpose of Use |
|---|---|
| (1) Personal information related to business operations | [PR Business] ・To provide information on seminars and exhibitions; to provide information and promotional materials regarding products and services; to propose or provide products and services; and to introduce sales and service contacts. ・For research and analysis related to product and service development. ・To provide maintenance and support. ・For billing and payment processes related to service provision. [Marketing Business] *We may provide this information to our business partners within the scope necessary to achieve the above purposes. |
| (2) Personal information concerning applicants for employment, or executives and employees (including retirees) of the Company | [Regarding applicants for employment] ・For recruitment and selection processes. [Regarding executives and employees (including retirees)] ・For personnel and attendance management, etc. |
| (3) Personal information concerning those who wish to receive information from the Company | ・To provide information from the Company. |
| (4) Personal information concerning visitors to the Company | ・To ensure the physical and operational security of the Company. |
| (5) Personal information concerning those who make inquiries to the Company, other than the above | ・To respond to inquiries, manage correspondence, and provide requested information. |
However, the following cases are excluded regarding the above purposes of use:
- (1) Cases where notifying the principal of or publicly announcing the purpose of use is likely to harm the life, body, property, or other rights or interests of the principal or a third party.
- (2) Cases where notifying the principal of or publicly announcing the purpose of use is likely to harm the rights or legitimate interests of the Company.
- (3) Cases where it is necessary to cooperate with a state organ or a local government in executing affairs prescribed by laws and regulations, and notifying the principal of or publicly announcing the purpose of use is likely to impede the execution of said affairs.
- (4) Cases where the purpose of use is recognized to be clear from the circumstances of the acquisition.
2) The purposes of use of personal information entrusted to the Company are as follows:
・Personal information entrusted to us in connection with outsourced business:
Shall be used strictly to perform the respective outsourced operations.
2. Matters Concerning the Provision of Personal Information to Third Parties
The Company may, for business purposes, outsource a part of its operations handling personal information to third parties, and disclose or entrust personal information to such third parties. In such cases, the Company shall select contractors who satisfy the standards for personal information protection, conclude contracts regarding personal information protection, and exercise thorough management and supervision over said contractors. However, the following cases are excluded:
- (1) Cases based on laws and regulations;
- (2) Cases where there is a need to protect a human life, body, or property, and it is difficult to obtain the consent of the principal;
- (3) Cases where there is a special need to enhance public hygiene or promote the fostering of healthy children, and it is difficult to obtain the consent of the principal;
- (4) Cases where there is a need to cooperate with a state organ, a local government, or a person entrusted thereby in executing the affairs prescribed by laws and regulations, and obtaining the consent of the principal is likely to impede the execution of said affairs.
Furthermore, in the following cases, the recipient of the personal information shall not fall under the category of a “third party” from whom prior consent of the principal must be obtained:
- (1) Cases where the Company outsources all or part of the handling of personal data within the scope necessary to achieve the purpose of use;
- (2) Cases where personal data is provided accompanying a succession of business caused by a merger or other reasons;
- (3) Cases where personal data is to be used jointly with a specific person, and the principal has been informed in advance, or a state has been provided where the principal can easily know, to that effect, the items of the personal data to be used jointly, the scope of the joint users, the purpose of use of the users, and the name or appellation of the person responsible for the management of said personal data.
3. Matters Concerning Security Control Measures Implemented for Personal Information
The Company appropriately implements the following security control measures for the personal information acquired from customers to handle it properly and prevent loss, damage, leakage, and unauthorized access.
(1) Formulation of Basic Policy
To ensure the proper handling of personal information, the Company has formulated a Personal Information Protection Policy.
(2) Preparation of Rules for Handling Personal Information
Based on the Personal Information Protection Policy formulated in (1), we have established a personal information protection management system to appropriately acquire, use, provide, and manage personal information. We have also prepared rules and related documents to establish a management structure, identify handled personal information, analyze risks, implement countermeasures, prepare operational procedures, and verify and improve operational status.
(3) Implementation of Organizational Security Control Measures
Based on the rules and related documents prepared in (2), we implement the following measures:
・Establishment of a personal information management structure.
・Preparation of operational procedures for handling personal information.
・Establishment of a structure and procedures to respond to incidents such as leakages.
・Preparation of procedures to verify the handling status of personal information.
・Implementation of proper personal information handling in accordance with various procedures.
・Verification of the handling status of personal information, and review/improvement of operational procedures and security control measures based on the results.
(4) Implementation of Personnel Security Control Measures
・Necessary and appropriate supervision of employees to ensure they handle personal information properly.
・Stipulation that employees handling personal information must maintain its confidentiality.
・Regular training for employees on the proper handling of personal information and the implementation of the personal information protection management system.
(5) Implementation of Physical Security Control Measures
・Entry and exit management in areas where personal information is managed and handled.
・Lock management in server rooms and storage cabinets for equipment, electronic media, and documents handling personal information.
・Implementation of data protection or use of trackable transportation services when transporting electronic media or documents containing personal information.
・Disposal of equipment and electronic media recording personal information using methods that render the personal information unrecoverable.
(6) Implementation of Technical Security Control Measures
・Limiting access to personal information or the use of information systems handling personal information to the minimum necessary authorized employees, and implementing identification and authentication.
・Blocking unauthorized external access.
・Detection and isolation of malware, etc., in information systems.
・Correction of vulnerabilities when discovered in information systems and equipment.
・Encryption of communications containing personal information.
4. Matters Concerning Procedures for Responding to “Requests for Disclosure, etc.”
Regarding the personal information held by the Company (described in “1.1”) that qualifies as “Retained Personal Data” (see note), we will respond to requests from the principal or their representative (statutory representative or authorized representative) for “notification of purpose of use; disclosure; correction, addition, or deletion of content; suspension of use or erasure; suspension of provision to third parties; and disclosure of records concerning provision to third parties” (hereinafter referred to as “Requests for Disclosure, etc.”) based on the following procedures.
Note: What is “Retained Personal Data”?
It refers to personal data over which the Company has the authority to disclose, correct, add or delete content, suspend use, erase, and suspend provision to third parties as requested by the principal. However, if any of the following apply, it will not be treated as “Retained Personal Data.”
- (1) Data whose presence or absence, if made known, is likely to harm the life, body, or property of the principal or a third party.
- (2) Data whose presence or absence, if made known, is likely to encourage or induce illegal or unjust acts.
- (3) Data whose presence or absence, if made known, is likely to harm national security, damage trust relationships with other countries or international organizations, or cause disadvantages in negotiations with other countries or international organizations.
- (4) Data whose presence or absence, if made known, is likely to impede the prevention, suppression, or investigation of crimes, or the maintenance of public safety and order.
(1) Application Method for “Requests for Disclosure, etc.”
When making a Request for Disclosure, etc., please fill in all necessary items on the “(1) Company-designated application form,” enclose the “(2) Documents for identity verification,” and mail them to the contact point specified above using a method that leaves a delivery record.
In the case of a request by a representative, in addition to the required documents (1) and (2) below, please enclose the “(3) Documents for representative verification” and mail them to the contact point specified above using a method that leaves a delivery record.
(1) Company-designated application form
“Application for Disclosure, etc. of Personal Information”
(2) Documents for identity verification
a. In the case of a request from the principal
・One copy of any of the following containing the same name and address as the person requesting disclosure: Driver’s license, passport, health insurance card, alien registration certificate, or basic resident registration card.
* Please redact (black out) information regarding your registered domicile (honseki) before sending.
・In addition to the above document, one original copy (photocopies not accepted) of either a certificate of residence (juminhyo) or an alien registration certificate.
(3) Documents for representative verification
a. In the case of a request from a person with parental authority or an adult guardian
・One copy of a document proving such qualification, such as a certified copy of the family register, an extract of the family register, a certificate from a family court, or a certificate of registered matters.
* Limited to documents issued within 30 days prior to the date of the request.
* Please redact (black out) information regarding your registered domicile.
・Documents for verifying the person with parental authority or adult guardian (same as (2) above).
b. In the case of a request from a representative authorized by the principal
・One power of attorney (signed and sealed by the principal).
・One certificate of a registered seal (inkan shomeisho) for the seal used on the power of attorney.
・Documents for verifying the representative (same as (2) above).
(2) Destination for “Requests for Disclosure, etc.”
Personal Information Complaints & Consultation Desk, YC GROUP, Inc.
(Personal Information Protection Manager, Director of Corporate Management Division)
TEL: +81-3-6271-5271 (Hours: 10:00 AM – 6:00 PM JST, excluding weekends, national holidays, New Year holidays, and company-designated holidays)
Contact us here: https://yc-group.jp/en/contact/
(3) Fees
As a general rule, requests for disclosure, etc., are free of charge. However, please note that we may charge a reasonable fee depending on the content of the request.
(4) Response Method
As a general rule, we will respond by providing electromagnetic records or by other methods specified by the applicant. However, if disclosure by the specified method requires significant cost or is otherwise difficult, we will respond by delivering a written document (by sending “Restricted Delivery Mail” to the applicant’s address).
(5) Handling of Personal Information Acquired in Connection with Requests for Disclosure, etc.
Personal information acquired by the Company in connection with a request for disclosure, etc., will be handled only to the extent necessary to respond to the request. Submitted documents will be retained for three years after the response is completed, and subsequently destroyed.
(6) Cases Where We Cannot Respond to Requests for Disclosure, etc.
Please note in advance that we cannot respond to requests for disclosure, etc., in the following cases. If we are unable to respond, we will notify the principal or their representative in writing of the reason.
- (1) When the identity of the principal cannot be verified.
- (2) In the case of a request by a representative, when the authority of the representative cannot be verified.
- (3) When there is a risk of harm to the life, body, property, or other rights or interests of the principal or a third party.
- (4) When there is a risk of significant hindrance to the proper execution of the Company’s business.
- (5) When it would violate other laws and regulations.
5. Matters Concerning the Voluntary Nature of Providing Personal Information
Providing personal information to the Company is strictly voluntary. However, please note that if you choose not to provide the requested personal information, we may be unable to provide you with the desired information, services, or responses.
6. Matters Concerning the Contact Desk for Complaints and Consultations
For any complaints or consultations regarding our handling of personal information, please contact the desk below.
Aoyama KY Bldg. 3F, 2-12-13 Kita-Aoyama, Minato-ku, Tokyo 107-0061
Director of Corporate Planning Division, YC GROUP, Inc.
Personal Information Complaints & Consultation Desk
TEL:+81-3-6271-5271
Contact us here:
https://yc-group.jp/en/contact/
** Please note that we cannot accept inquiries or requests made by visiting our office in person.**