Basic Policy on the Protection of Personal Information

Agency Name: Elisapo Mirai Co., Ltd.

Erisapo Mirai Co., Ltd. recognizes the importance of protecting personal information and is committed to handling customer data appropriately in order to enhance public trust in the insurance industry.

1. Compliance with Laws and Regulations

We comply with the Act on the Protection of Personal Information, other relevant laws and regulations, and guidelines issued by regulatory authorities.

2. Employee Education

We provide thorough education and guidance to our employees to ensure proper handling of personal information.

3. Purpose of Use

We use personal information obtained through insurance solicitation activities entrusted by insurance companies only within the scope necessary for providing non-life and life insurance services and related offerings. We may also use this information to offer products and services from multiple insurance companies with whom we have business relationships. We do not use personal information for any other purposes.
If we change the purpose of use, we will do so only within a reasonably related scope and notify the individual in writing or via our website.

For the purposes of use by insurance companies that entrust us with solicitation activities, please refer to their respective websites:

• Sompo Japan Insurance Inc.
• SOMPO Himawari Life Insurance Inc.
• Dai-ichi Life Insurance Company, Limited

4. Acquisition of Personal Information

We acquire personal information only through lawful and fair means, and only to the extent necessary for our business operations.

5. Security Measures for Personal Data

We implement robust security measures to prevent leakage, loss, or damage of personal data (including Individual Numbers and Specific Personal Information). These include internal regulations, operational systems, and procedures to ensure accuracy and timeliness.
Our internal security measures include:

• Policy Development: Establishing and reviewing basic policies on compliance, security, and complaint handling.
• Regulatory Framework: Defining procedures for acquisition, use, storage, provision, deletion, and disposal.
• Organizational Measures: Appointing data managers, implementing internal audits, and establishing incident response systems.
• Human Measures: Confidentiality agreements, role clarification, training, and compliance monitoring.
• Physical Measures: Managing access to data areas, preventing theft, and secure disposal of devices and media.
• Technical Measures: User authentication, access control, data protection, and system monitoring.
• Supervision of Contractors: Selecting appropriate contractors and regularly reviewing their data handling practices.
• Understanding External Environments: Assessing data protection laws in countries where data is handled.

6. Provision of Personal Data to Third Parties

We do not provide personal data to third parties without the individual's consent, except in the following cases:

1. When required by law
2. When necessary to protect life, body, or property and obtaining consent is difficult
3. When necessary for public health or child welfare and obtaining consent is difficult
4. When cooperating with government agencies and obtaining consent may hinder operations
5. When the third party is a research institution and the data is used for academic purposes (excluding cases that may unjustly infringe on individual rights)

We record and retain the required information when providing or receiving personal data from third parties.

7. Handling of Sensitive Information

We do not acquire, use, or provide sensitive information (e.g., race, creed, medical history, criminal records, union membership, etc.) except in the following cases:

1. When required by law
2. When necessary to protect life, body, or property
3. When necessary for public health or child welfare
4. When cooperating with government agencies
5. When necessary for insurance premium collection involving political/religious affiliations
6. When necessary for insurance claims involving inheritance procedures
7. When necessary for proper insurance operations with the individual's consent

8. Handling of Individual Numbers and Specific Personal Information

We do not acquire, use, or provide Individual Numbers or Specific Personal Information.

9. Review and Improvement

We regularly review and improve our handling of personal information and related security measures.

10. Requests for Disclosure, Correction, or Suspension

Requests for disclosure, correction, or suspension of retained personal data under the Personal Information Protection Act will be referred to the relevant insurance company.

11. Inquiries, Consultations, and Complaints

We respond promptly to inquiries, consultations, and complaints regarding personal information.
Please contact the following office. For insurance claims, you may also contact the claims department listed on your insurance policy.

Note: We will verify the identity of the inquirer before responding.

<Contact Information>

Agency Name: Erisapo Mirai Co., Ltd.
Representative: Makoto Numasa, President
Address: 7-41-1 Okawa-cho, Yoichi-cho, Hokkaido 046-0004, Japan
Phone: 0135-23-6161
Business Hours: 9:00 AM – 5:00 PM
Email: contact@025365.jp