BREXA Group Privacy Policy
The BREXA Group (the companies in which BREXA Holdings Inc. (hereinafter referred to as the "Company") directly or indirectly holds a majority of the issued voting shares or interests (hereinafter referred to as the "Group Companies", and the Company and the Group Companies, hereinafter collectively referred to as the "BREXA Group") recognizes the importance of protecting personal information in order to maintain trust with customers, applicants, and related parties. Accordingly, all offices, including the headquarters and branches, shall appropriately handle and protect the personal information of customers, business partners, applicants, their related parties, and employees of the BREXA Group in accordance with the following Privacy Policy (hereinafter referred to as the "Policy").
The terminology used in this Policy is based on the terminology defined by the Act on the Protection of Personal Information (hereinafter referred to as the “Personal Information Protection Act”).
1. Appropriate Protection of Personal Information
The BREXA Group shall establish an organizational framework for the protection and management of personal information. Through this framework, the BREXA Group will ensure that all acquired personal information is managed appropriately and securely, and will implement protective measures to prevent unauthorized access, misuse, loss, destruction, alteration, or leakage of personal information.
2. Appropriate Acquisition, Use and Provision of Personal Information
When acquiring personal information, the company shall specify the purpose of use in view of the nature of the business and acquire, use and provide personal information within the scope of that purpose. All personnel, regardless of title, including but not limited to representative directors, directors, corporate auditors, executive officers, advisors, executive director, employees, contract workers, and part-time workers (collectively referred to hereinafter as “Employee”), shall understand the intended purpose of use and shall not use personal information beyond the scope necessary to achieve that purpose. Furthermore, appropriate measures shall be taken to prevent any use of personal information for purposes other than those originally intended.
3. Compliance with Laws, Government Guidelines, and Other Standards Related to the Handling of Personal Information
The BREXA Group shall identify and comply with laws, government-issued guidelines, and other relevant standards concerning the handling of personal information that are applicable to its business operations. Any enactment, amendment, or repeal of such regulations shall be promptly reflected in the BREXA Group's Personal Information Protection Management System.
4. Management of Contractors
The BREXA Group shall instruct and supervise contractors to whom personal data obtained in accordance with the preceding paragraph is disclosed to ensure that they sign confidentiality agreements and handle and protect personal data in an appropriate manner.
5. Prevention and Correction of Risks to Personal Information
The BREXA Group recognizes the risks of leakage, loss or damage of personal information and takes reasonable safety measures from physical, human, technical and operational perspectives to protect personal information. In addition, the BREXA Group shall periodically review the risks associated with personal information and the effectiveness of the implemented security measures and shall take corrective actions as necessary to ensure the continued effectiveness of those measures.
6. Handling of Complaints and Inquiries Regarding Personal Information
The BREXA Group shall establish a contact point to appropriately and promptly respond to complaints and inquiries from individuals regarding the handling of personal information and the Personal Information Protection Management System.
7. Continuous Improvement of the Personal Information Protection System
To ensure the proper maintenance of personal information protection, the BREXA Group shall formulate and operate internal regulations based on this Policy and shall continuously improve them through regular monitoring of their content.
Please note that this Policy is subject to change without notice. Any changes to this Policy will be announced on the BREXA Group website.
Effective Date: 1 July 2025
BREXA Holdings Inc.
Chairman of the Board and Representative Director: Kenji Kamiyama
BREXA Next Inc.
President and Representative Director: Yohei Nishimura
<Inquiries>
For inquiries regarding this policy, please contact the following contact point.
For inquiries regarding the contents of the privacy policy, please contact
BREXA Holdings Inc.
Personal Information Management System Secretariat (Information Security Section, Compliance Management Department)
8-3, Marunouchi 1-chome, Chiyoda-ku, Tokyo 100-0005, Japan
e-mail: information-security@brexa.com
TEL: 03-3286-4888 FAX: 03-3286-4999
Handling of Personal Information by BREXA Next Inc.
1. Purpose of Use of Personal Information
The Company will use the personal information obtained (excluding Specific Personal Information, which includes Individual Numbers and any personal information containing Individual Numbers. For details regarding Specific Personal Information, please refer to the note* below) for the following purposes. Sensitive personal information shall be obtained only with the consent of the individual, except in cases where exceptions are permitted by applicable laws and regulations. When the purpose of use is separately specified to the individual at the time of collection, such personal information shall be used solely for the purposes explicitly stated at the time of collection.
| Personal Information relating to customers | Responding to inquiries. Sending of documents upon request. |
|---|---|
| Information on executives and employees of business partners | Information and guidance regarding the services provided by the Company and related offerings. Requests for questionnaires, surveys, etc. relating to services. and related information provided by the Company. Registration for various seminars. Management of business partners. Contact and execution of contracts in the course of business. Responding to inquiries. |
| Personal information of individuals utilizing human resources services | Various procedures relating to registration for use. Provision of the human resources services applied for. Registration procedures for job placement, interviews, consultations and provision of job information (including job information from business partners). Provision of information to recruiting companies. Provision of information to business partners for employment placement. Provision of information on guidance, proposals, relating to human resources services. Counselling, career support. Planning, development and improvement of human resources services and campaigns, and research, statistics and analysis for these purposes. Notification of important information concerning human resources services. Improvements of operations related to employment placement. Other work related to or incidental to employment placement. Guidance regarding reapplication. Compliance with applicable laws and regulations. Responding to various inquiries, consultations, and complaints. |
| Information on job applicants | Receipt of applications for employment selection, implementation and notification of results. Improvement of the operation of recruitment and selection processes. Other operations related to or incidental to employment selection. Appropriate assignment (placement), including medical examinations at the time of hiring. Post-employment management, labour management and personnel performance evaluation. Implementation of education and training, provision of various welfare services. Communication in the course of business, emergency communication in the event of a disaster. Requests for questionnaires for the purpose of service improvement. |
| Information on executives and employees of the Company | Personnel and labour management. Procedures and management relating to employment insurance, social insurance and taxation. Health and safety and health management. Provision of welfare benefits. Training and personnel development. Procedures for personnel performance evaluations, awards and disciplinary actions. Procedures relating to hiring, retirement and transfers. Management of salaries, bonuses, retirement benefits, company pensions. Proposals, provision of information, counselling and various procedures relating to labour dispatch. Business liaison, facilities and equipment management. Management of company housing, search for housing accommodations. Emergency communication in the event of disasters (including drills). Planning, development and improvement of operations, as well as research, statistics and analysis for these purposes. Guidance, proposals and implementation of various campaigns, events and projects. Responding to inquiries. |
* However, with regard to Specific Personal Information, the Company will only use the information within the scope of the following purposes permitted by the "Act on the Use of Numbers to Identify Specific Individuals in Administrative Procedures" (hereinafter referred to as the "Individual Number Use Act"), regardless of whether or not the person concerned has given his or her consent.
- Administrative procedures relating to employment insurance notifications.
- Administrative procedure relating to health insurance and employee pension insurance notifications.
- Administrative procedures related to notifications for Category III insured persons under the National Pension system.
- Preparation and submission of withholding tax certificates and other tasks related to withholding tax.
- Administrative procedures related to the preparation of declarations, notifications, and applications for property accumulation housing savings and property accumulation pension savings.
- Preparation and submission of payment reports for remuneration, fees, contract payments, and awards.
- Preparation and submission of payment records for real estate usage fees and consideration for real estate acquisitions.
- Other administrative tasks related to each of the aforementioned items.
2. Joint Use
The Company may jointly use the personal data it has acquired as follows. However, the data will not be shared beyond the extent necessary to achieve the purpose of use.
Items of Personal Data to be Jointly Used
Attribute information such as address, name, telephone number, age, gender, e-mail address, as well as acquired information and the content of inquiries or communications.
Scope of Joint Users
Domestic group subsidiaries of the Company.
Purpose of Use by Joint Users
Same as the Purpose of Use stated in "1. Purpose of Use of Personal Information ".
Entity Responsible for Management
Name: BREXA Next Inc.
Address: Marunouchi Trust Tower Main 19F, 1-8-3 Marunouchi, Chiyoda-ku, Tokyo
Name of Representative: Yohei Nishimura
3. Management of Personal Information
The Company shall not use any personal information it obtains (except for Specific Personal Information. For Specific Personal Information, please see * below.) in a strict and appropriate manner in accordance with the Company's rules and regulations. Personal information that is no longer required for use will be promptly deleted or disposed of in accordance with the procedures stipulated by the Company.
* The management of Specific Personal Information shall be entrusted to OSBS Inc., a domestic subsidiary of the Company. Such information shall be managed strictly and appropriately in accordance with applicable laws and regulations concerning Specific Personal Information, as well as the Company's internal policies and procedures.
4. Implementation of Security Measures
The Company implements the following measures to ensure the secure management of personal data.
Personnel Security Measures
The Company provides regular training and awareness programs to employees regarding the proper handling of personal data. In addition, the Company obtains written pledges that include confidentiality obligations from employees related to personal data.
Physical Security Measures
The Company implements necessary measures to manage areas where personal data is handled, to prevent theft or loss of equipment and electronic media, to prevent data leakage when such media is transported, and to ensure the secure deletion of personal data and disposal of equipment and electronic media.
Technical Security Measures
The Company implements necessary measures related to its information systems, including access control, identification and authentication of users, prevention of unauthorized access from external sources, and protection against data leakage in connection with the use of information systems.
5. Provision of Personal Data to Third Parties
The Company shall not provide acquired personal data (except for Specific Personal Information. For Specific Personal Information, please see * below.) to any third party other than contractors without the prior consent of the individual. Furthermore, the Company shall not provide personally related information that is expected to be acquired as personal data by the recipient to any third party without the individual's prior consent. However, this does not apply in cases where disclosure is required by law or where there is a legitimate reason.
* Specific Personal Information shall not be provided to any third party, regardless of whether the individual has given consent, except in cases where the recipient is a contractor entrusted with operations, or where disclosure is permitted under Article 19 of the Individual Number Use Act and other applicable laws and regulations.
6. Retention Period and Disposal of Personal Information
The Company retains personal information only for the period necessary to fulfill the purposes of use, as defined by applicable laws and internal policies. Once the retention period has expired or the information is no longer required, the Company shall promptly delete or dispose of such personal information in a secure and appropriate manner, in accordance with its prescribed procedures.
7. Disclosure, Correction, and Suspension of Use of Retained Personal Data
In accordance with applicable laws and regulations, if an individual requests disclosure, correction (including amendment, addition, or deletion), or suspension of use (including cessation of use, erasure, or suspension of provision to third parties) of retained personal data that can identify the individual, or requests disclosure of records related to the provision of such data to third parties or records confirming the receipt of such data from third parties, the individual may contact the inquiry desk listed at the end of this policy. Upon confirming the identity of the individual, the Company will respond promptly and within a reasonable scope.
However, such requests may be denied if they infringe upon the rights of other third parties, significantly interfere with the proper execution of the Company's operations or violate applicable laws and regulations.
8. Contact for Inquiries and Complaints Regarding the Handling of Personal Information
For questions, concerns, complaints, or other inquiries regarding the Company's efforts to protect personal information, please contact the “Personal Information Inquiry Desk” listed at the end of this policy.
Please note that we do not accept inquiries made in person at our office. We appreciate your understanding in advance.
For further information, please contact.
Personal Information Inquiry Desk, BREXA Next Inc.
〒 100-0005 8-3, Marunouchi 1-chome, Chiyoda-ku, Tokyo 100-0005, Japan
E-mail: pi-jinji@brexa.com
TEL: 03-3286-5144 FAX: 03-3286-4999