★ Personal Information Privacy Policy

Can Do Co., Ltd. (hereinafter referred to as "the Company") recognizes the importance of protecting all personal information entrusted to us. We handle that personal information (names, addresses, telephone numbers, e-mail addresses, etc. that can identify individuals) carefully and in compliance with the laws and regulations that cover the protection of personal information. We have established the following principles as the basis of our privacy policy, and have prepared an internal system to administer that policy. We strive to handle personal information appropriately.

• (1) We will control all personal information strictly and appropriately, and take safety measures to prevent leaks or loss of information, unauthorized access, or destruction or falsification.
• (2) We will respond in good faith to inquiries regarding the handling of the personal information we have received.
• (3) We will collect personal information appropriately and will not provide it to any third party without the permission of the individual who is identified by the information.
• (4) We will thoroughly educate all officers, employees and related people about the correct handling of personal information and will implement their handling and use of it appropriately.

Established on April 1, 2018
Revised on September 16, 2022
Can Do Co., Ltd.
Kazuya Kido, President and Representative Director

Handling Personal Information

1. Collection and use
We will use personal information provided by the customer, such as name, address, and telephone number, only with the customer’s consent and within the scope of the purposes specified below. In addition, we will obtain the consent of the customer in advance if it becomes necessary to use any personal information beyond these specified ranges.

• (1) To provide our products and services to our customers and/or advise them regarding the products’ application and use
• (2) To respond to customers’ inquiries
• (3) To send requested materials to prospective and active customers
• (4) To register people with our various membership services
• (5) To accept the personal data submitted by visitors to our web site via the Internet and mobile phones
• (6) For the purposes that individual customers have granted to the Company in connection with their sharing of that information.
• (7) To analyze information, such as customers’ purchase history and website browsing history, to create statistical information for use in product development and marketing activities

2. Correct data management
Our handling of customers’ personal information will be in compliance with all laws and regulations. We will appoint a manager to oversee that process and will manage collection, storage and use with the utmost care.

• (1) We have established a body of "Personal Information Management Regulations" in order to prevent unauthorized access, information leaks, loss, falsification, or destruction, etc., and will provide ongoing employee education concerning the application of these regulations.
• (2) We will appoint a Personal Information Protection Manager, establish an appropriate management system, and act resolutely to create and maintain information security measures.

3. Inquiries about personal information
We set up a consultation desk (see Section 2, "Customer's Personal Information Consultation Desk") to field inquiries about personal information. These inquiries will be answered appropriately, within the scope of the relevant laws and regulations.

• (1) Disclosure of personal information
• (2) Correction of personal information
• (3) Deletion of personal information
• (4) Suspension of use of personal information
• (5) Other inquiries and consultation related to the above items

4. Disclosure to third parties
We will not disclose or provide customers’ personal information to any third party except in the following cases.

• (1) After obtaining the customer's consent
• (2) When disclosure or such a provision is required by law, etc.
• (3) In order for the Company, Group companies and/or affiliated companies to deliver products or recall them
• (4) If we are requested by a manufacturer, etc. to recall products we have sold to you.

5. Supervision of third parties and subcontractors regarding how they handle personal information provided by the Company
If we disclose or provide your personal information to a third party in accordance with any of the items discussed in the preceding paragraph, we will take steps to prevent leaks or unintended use by that third party.
In addition, if we provide a customer's personal information to a subcontractor, we will conclude a contract with that subcontractor that specifies how they must handle the customer information, and we will check regularly to make sure they are taking the appropriate steps to manage that data.

6. Personal information of customers under the age of 16
We pay the utmost attention to the protection of the personal information of customers under the age of 16.
The personal information of customers under the age of 16 will only be provided with the consent of their guardians.

When sharing information within our Group

We may share your personal data within the Aeon Group, including within the Company.

• (1) Items of personal data that may be shared
  ① Information attributed to the customer and other information declared by the customer, including name, date of birth, gender, telephone number, postal address, e-mail address, family information, work information, information about the customer's financial circumstances, information required to conduct relevant sales and purchase transactions, publically available information, etc.
  ② Information about the specific content of the individual transactions with a particular customer, such as the types of various products and services that they are interested in, dates of contracts, amounts, goods, and services involved in transactions, balances, and due dates.
  ③ Information about the use of services provided by our Group, such as the individual’s purchase history and history of website browsing on each Group Company’s site.
• (2) Categories of people who may be granted joint use of the information database
  Domestic consolidated companies listed in the Aeon Co., Ltd. securities report, and domestic affiliated companies treated as equity-method affiliates. However, the companies granted access to this information shall be limited to those that have already made their policies for handling personal information public, based on Article 27, Paragraph 5, Item 3 of the Personal Information Protection Law.
  Click here for details about the Aeon Group companies.
• (3) The Shared Users purposes of use of the information they receive
  Their purposes of use conform with our: "Handling Personal Information Item 1. Collection and Use"
• (4) The person responsible for the management of personal data
  Kazuya Kido, Representative Director and President of Can Do Co., Ltd.
  Address: 2-21-1, Kitashinjuki, Shinjuku Ku, Tokyo

Others

1. The relevant court of jurisdiction
If a dispute arises regarding the protection of the personal information we hold, the Tokyo District Court shall be the court of first instance.

2. Who to consult about customers’ personal information
Can Do Co., Ltd. Customer Service Section
e-mail：webmaster@cando-web.co.jp
Phone number: 03-5331-5500(choose “Customer Service” from the spoken menu)
Desk is open: from 10:00 to 17:00, except Saturdays, Sundays, and national holidays

3. Continuous Improvement
We will comply with the laws and regulations covering the handling of customers’ personal information, and will review and improve our policy as appropriate. Therefore, this policy will be subject to change without notice.

4. Date Enacted / Date Revised
If new items are added or revisions are made to any of the items, as discussed in the preceding paragraph, the date of the addition or revision will be indicated in a timely manner.

About Using Our Website

1. About website cookies (our cookie policy)
We may use cookies to provide you with better service, but this does not allow us to collect personally identifiable information and does not infringe on your privacy. You can change the cookie settings to disable this cookie function by changing the settings in your browser. However, this may result in limiting your ability to use all or some of the services on our web site.
* A cookie is a small amount of data sent from a web server to your browser, some of which is stored as files on your computer’s hard disk. The web server can identify your computer by referring to the cookie stored on it. This allows you to use our website efficiently.

2. Website data transmission / reception security
The pages on our website where customers are providing their personal information uses a feature called an SSL (a Secure Socket Layer) that encrypts and transmits data. Therefore, even if a third party intercepts the data you send, there is no possibility that the contents can be stolen. Our server has a system called a “firewall” to prevent unauthorized access. We take all possible measures, including the use of these security features, to manage and protect the personal information of customers who register with us, so that it will not be leaked or stolen.

3. About our website’s contents
Our website can be accessed from all over the world by people in countries that have different laws from those in Japan. The contents of our website comply with the laws of Japan. Therefore, we prohibit access from areas where anything contained in the publications on our website is illegal.

4 What happens if you refuse to provide your information on our website?
Customers can use our website without registering or providing personal information. However, in that case, certain services on our website may not be available to you. Also, if you have not entered an ID or password, you may receive frequent reminders to enter your ID or password.

Established on April 1, 2018
Revised on April 1, 2022

Procedure for Requesting Help Related to Your Personal Information

If you wish to inquire about, correct, or delete your registration or the personal information you provided, please contact the following. After we confirm your identity, we will take the required action as promptly as possible.

• (1) Consultation counter for customers’ personal information
  Can Do Co., Ltd. Customer Service Section
  Address: Shinjuku Front Tower 33F, 2-21-1, Kitashinjuki, Shinjuku Ku, Tokyo
  e-mail： webmaster@cando-web.co.jp
  Phone number: 03-5331-5500 (Enter the menu number given by the spoken menu )
  Available hours: 10:00 to 17:00, except Saturdays, Sundays, and national holidays
• (2) If you wish to inquire about, correct, or delete your personal information, please contact the above consultation desk. We will verify the identity of the customer who is making the request.
• (3) If an agent contacts us to request disclosure about a customer’s information, we will check the documents certifying that the person to verify the this is actually an appropriately designated agent of the customer involved.

How We Respond to a Request for a Disclosure

We will reply to a request for access to your personal information by using the method previously agreed upon with you. However, the personal information that is obtained as a result of that request for disclosure will only be used within the scope necessary to respond appropriately to a precise request for disclosure.

• (1) In the following cases, we may not be able to respond to a request for disclosure. If your request falls into one of these categories, we will inform you of that fact and the reason that we cannot provide the information.
  
  ① If the identity of the requesting person or that of an agent cannot be confirmed
  ② If the required documents for applying for disclosure are incomplete
  ③ If the information requested does not fall into the "retained personal data" category described below.
  ④ If there is a risk of harm to the life, physical health or integrity, property, or rights or interests of the specified person or a third party
  ⑤ If there is a risk of significant hindrance to the proper implementation of our business
  ⑥ If the request for disclosure involves a possible violation of the law
  
  * “Retained personal data” is personal information that is the result of our systematic collection of information. Regarding it, the Company has the authority to respond to all requests from the individual, including disclosure, correction, deletion, or suspending the provision of any of its contents to third parties. However, if any of the following (a) through (d) applies, the requested material does not fall within our category of retained personal data.
  
  (a) There is a risk of harm to the life, health, physical integrity of the body or to the property of that person or a third party if we clarify the existence or nonexistence of the personal information.
  (b) Circumstances exist that may promote or induce illegal or unjust acts if the existence or nonexistence of the personal information is clarified.
  (c) Clarifying the existence or nonexistence of the personal information may impair the security of the country, damage its relationship of trust with other countries or international organizations, or cause disadvantages in negotiations with other countries or international organizations.
  (d) Clarifying the existence or nonexistence of the personal information presents a risk of harm to the public security or maintenance of the public order; this includes interfering with the prevention or suppression of crimes, their detection and other related matters
• (2) Please note you will be charged for the actual costs, such as mailing costs, incurred during our response to any inquiry you make, even if no information is ultimately disclosed to you.

Established on April 1, 2018
Revised on April 1, 2022