Congrès Inc. (hereinafter referred to as “Congrès”) recognizes the importance of personal information and the importance of our responsibility to protect privacy. To ensure that we meet the demands and earn the trust of society, including our clients, our business partners and all persons engaged, we have established the following “Personal Information Protection Policy” and organization to handle personal information properly.

1. To ensure a transparent framework and responsibility, Congrès appoints a chief privacy officer and a chief privacy auditing officer, establishes the rules for handling personal information, and familiarizes all persons engaged in handling personal information with these rules through comprehensive training.
2. Congrès sets forth clearly in advance the purpose of acquisition and use of personal information. When Congrès acquires personal information directly from a person in a written document, with prior written notice of such purpose and written consent, Congrès acquires, uses and/or, provides to a third party (refer to Article 3) the personal information to the extent necessary for such purpose. In order to prevent unauthorized use of personal information outside the extent agreed and necessary, Congrès documents this policy and purpose of use in “The Handling of Personal Information” and ensures that all employees maintain common knowledge of the policy and that the policy is available to the general public.
3. Congrès may entrust personal information to other enterprises (hereinafter referred to as “trustees”) to the extent of the purpose of use. In that case, Congrès selects the trustee who satisfies its personal information protection standards, makes a contract with the trustee, and continues to bear the responsibility for control and supervision of the information.
4. Congrès takes reasonable security measures for the prevention of unauthorized access to personal information, leakage, loss or damage of personal information. In the unlikely event of an accident, Congrès promptly notifies the person to that effect or ensures that the person has ready access to the report on the situation, or takes other appropriate measures.
5. Congrès adheres to the laws, regulations and guidelines of Japan pertaining to the handling of personal information, and defines procedures in accordance with these regulations.
6. Congrès periodically carries out audits to ensure the personal information protection is properly maintained and continually improves its personal information protection management system.
7. When a person submits a request, complaint or consultation, for example to correct, add or delete the contents, disclosure, notification of the purpose of use, or to suspend or discontinue use or to cease provision to a third party, etc., Congrès shall respond without delay after positive identification of the person by its customer service representative in charge of personal information.

Congrès may amend the above policy without notice and all amendments will be made public through its website.

July 20, 2007
Noriko Takeuchi
President
Congrès Inc.

Customer Service Representative in charge of Personal Information
E-mail:cpid@congre.co.jp

Congrès Inc. is a private enterprise certified for and granted the Privacy Mark (*).
* The Privacy Mark will be granted when an enterprise is certified as one which properly handles personal information in accordance with the Japan Industrial Standard, “Requirements for compliance program on personal information protection, JISQ15001:2006”, based on a privacy mark system operated by the Japan Institute for Promotion of Digital Economy and Community (JIPDEC).