Protection of personal information of employees, etc.

Personal Information Protection Policy for Nitori Group Employees

1. Compliance with Relevant Laws and Guidelines

The Nitori Group complies with the "Act on the Protection of Personal Information" (hereinafter referred to as "the Act"), as well as related cabinet and ministerial orders, guidelines, and other relevant regulations concerning the acquisition, use, and other handling of personal information.

2. Purposes of Use of Personal Information

The Nitori Group specifies the purposes of use for the personal information provided and handles such information only within the scope necessary to achieve those purposes. The purposes of use of personal information within the Nitori Group are as follows:

• (1) For business communication, business management, and facility management
• (2) For recruitment, assignment decisions and notifications, attendance management, and other personnel management
• (3) For sending recruitment information and conducting recruitment activities
• (4) For payroll, bonuses, and the implementation of welfare programs
• (5) For health management, safety management, and maintenance of the working environment
• (6) For tax and social insurance administration
• (7) For providing education, talent development, and other training opportunities
• (8) For the development of products and services
• (9) For crime and disaster prevention through cameras and recording devices installed within facilities
• (10) For projecting footage from cameras installed within facilities onto monitors within the same facility for crime and disaster prevention purposes
• (11) For sending communications from the company
• (12) To prepare for and respond to large-scale disasters such as earthquakes and floods, infectious disease outbreaks, and other major accidents or emergencies, and to carry out the following tasks when such events occur:
  • (ｉ) Rapidly confirming the safety of employees, etc. and providing necessary communications and instructions in the event of an emergency
  • (ⅱ) Providing company support to affected employees, etc. (such as payment of consolation money or provision of relief supplies)
  • (ⅲ) Providing information to family members, business partners, and related organizations (police, fire departments, local governments, etc.) when deemed necessary for the safety of employees, etc.
  • (ⅳ) Communication and coordination for the continuation and recovery of business activities based on the Business Continuity Plan (BCP)
• (13) For operations incidental to each of the above items

3. Purposes of Use of Specific Personal Information

The Nitori Group specifies the purposes of use for the specific personal information provided and handles such information only within the scope necessary to achieve those purposes. The purposes of use of specific personal information within the Nitori Group are as follows:

• (1) For preparing withholding tax certificates
• (2) For preparing payment records
• (3) For filing and processing notifications and applications related to individual resident tax
• (4) For filing notifications related to health insurance and employee pension insurance
• (5) For filing notifications and applications related to employment insurance
• (6) For submitting declarations, notifications, and application forms related to property accumulation housing savings and property accumulation pension savings
• (7) For processing the payment of pension benefits or lump-sum payments under the Defined Benefit Corporate Pension Act
• (8) For notifications to the corporate-type record-keeping and management institution, recording and storing of registers related to corporate-type pension subscribers, and processing the payment of corporate-type pension benefits or withdrawal lump-sum payments under the Defined Contribution Pension Act
• (9) For providing information to the Employee Shareholding Association for the purpose of preparing payment records regarding its members

4. Exceptions for publication of utilization purpose

The purposes of use will not be disclosed or explicitly stated in the following cases:

• (1) When there is a risk of harm to the life, body, property, or other rights and interests of the individual or a third party
• (2) When there is a risk of harm to the rights or legitimate interests of the Nitori Group
• (3) When it is necessary to cooperate with national government agencies or local public bodies in performing duties prescribed by law, and disclosure may hinder the execution of such duties
• (4) When the purposes of use are deemed to be evident from the circumstances in which the information is obtained

5. Altering of Utilization Purpose

The purposes of use specified in the preceding article may be changed only within a scope reasonably deemed to be relevant to the purposes of use before the change. In such cases, the Nitori Group will disclose the revised purposes of use through its website or other appropriate means.

6. Utilizing within the scope of utilization purpose

The Nitori Group handles personal information only within the scope necessary to achieve the specified purposes of use, and will obtain the individual's consent if the information is to be used beyond that scope. However, exceptions are made in the following cases:

• (1) When required by law
• (2) When it is necessary to protect a person’s life, body, or property and it is difficult to obtain the individual’s consent
• (3) When it is particularly necessary for the improvement of public health or the sound development of children, and it is difficult to obtain the individual’s consent
• (4) When it is necessary to cooperate with a national government agency, local public body, or a party entrusted by them to carry out duties prescribed by law, and obtaining the individual’s consent may impede the execution of such duties
• (5) When providing personal data to an academic research institution, etc., and the institution needs to handle the personal data for academic research purposes (including cases where only part of the purpose is for academic research, except where there is a risk of unjustly infringing on the rights and interests of the individual)

7. Proper Acquisition

The Nitori Group does not acquire personal information by improper means.

8. Special Care-Required Personal Information

When the Nitori Group acquires sensitive personal information (personal information defined in Article 2, Paragraph 3 of the Act as requiring special consideration to prevent unfair discrimination, prejudice, or other disadvantages), it will obtain the individual's prior consent. However, sensitive personal information may be acquired without the individual's prior consent in the following cases:

• (1) When required by law
• (2) When it is necessary to protect a person’s life, body, or property, and it is difficult to obtain the individual’s consent
• (3) When it is particularly necessary for the improvement of public health or the sound development of children, and it is difficult to obtain the individual’s consent
• (4) When it is necessary to cooperate with a national government agency, local public body, or a party entrusted by them to carry out duties prescribed by law, and obtaining the individual’s consent may impede the execution of such duties
• (5) When the sensitive personal information has been disclosed by the individual, national government agencies, local public bodies, persons specified in Article 76, Paragraph 1 of the Act, or others specified by Personal Information Protection Commission regulations
• (6) Other cases specified by government ordinances as corresponding to the above items

9. Data Accuracy

The Nitori Group maintains personal data in an accurate and up-to-date manner within the scope necessary to achieve the purposes of use. In accordance with the purposes of use and in compliance with relevant laws and guidelines, the Group establishes retention periods for personal data and promptly deletes personal data after the expiration of the retention period.

10. Security Control

The Nitori Group takes necessary and appropriate security management measures to protect personal data (including personal information acquired or to be acquired by the Nitori Group that is intended to be handled as personal data; hereinafter the same applies in this article) from unauthorized access, alteration, leakage, loss, and damage, including but not limited to the following:

• (1) Organizational Security Management Measures
  ・Establishment of organizational structures for security management and systems for reporting and communication when a leakage or other incident is detected
  ・Development of internal regulations related to the handling of personal data
  ・Monitoring of personal data handling status using a personal information management ledger
• (2) Physical Security Management Measures
  ・Management of areas where personal data is handled
  ・Prevention of leakage, etc., when carrying electronic media
• (3) Personnel Security Management Measures
  ・Regular training of employees regarding the handling of personal data
• (4) Technical Security Management Measures
  ・Access restrictions and identification/authentication of accessors
  ・Mechanisms to protect against unauthorized external access
• (5) Understanding of External Environments
  ・Regular confirmation of personal information protection systems in foreign countries and implementation of security management measures

11. Supervision and Auditing of Employees

The Nitori Group provides necessary and appropriate supervision of employees to ensure the security management of personal data and conducts regular audits.

12. Audit of subcontractors

The Nitori Group may entrust all or part of the handling of personal data to third parties within the scope necessary to achieve the purposes of use specified in Article 2. In such cases, the Nitori Group selects contractors who are deemed to handle personal information appropriately in accordance with security management measures. The Group properly stipulates matters related to security management, confidentiality, conditions for sub-contracting, and other handling of personal data in the outsourcing contract, monitors the handling status of personal data by the contractor, and provides necessary and appropriate supervision.

13. Provision to Third Parties

The Nitori Group, in accordance with laws and regulations, will not provide personal data to third parties or acquire personal information related to individuals as personal data from third parties except in the following cases, as separately stipulated in this Personal Information Protection Policy, or when prior consent has been obtained from the individual.

• (1) When required by law
• (2) When it is necessary to protect a person’s life, body, or property and it is difficult to obtain the individual’s consent
• (3) When it is particularly necessary for the improvement of public health or the sound development of children, and it is difficult to obtain the individual’s consent
• (4) When it is necessary to cooperate with a national government agency, local public body, or a party entrusted by them to carry out duties prescribed by law, and obtaining the individual’s consent may impede the execution of such duties
• (5) When the third party is an academic research institution, etc., and the institution needs to handle the personal data for academic research purposes (including cases where only part of the purpose is for academic research, except where there is a risk of unjustly infringing on the rights and interests of the individual)
• (6) When shared use is conducted as stipulated in the next article

14. Joint Utilization

The Nitori Group jointly utilizes personal data held by Group companies and business partners as follows:

(1) Items Subject to Shared Use

• (i) Personnel and Labor Information
  Name, gender, address, date of birth, phone number, email address, driver's license information, passport information, health information (medical checkup results, information on physical or mental disabilities, information related to leaves of absence, etc.), biometric information (fingerprints, palm prints, etc.), emergency contact, qualifications, education and training history, work experience, department information (department name, location, position, email address, phone number, fax number, etc.), work information, salary and account information (base salary, bonuses, allowances, bank account details, etc.), evaluation information, self-declarations, awards and disciplinary actions, work-related accident information, resume information (address, emergency contact, family address, family information, academic background, work history, qualifications, etc.), nationality, residency status information, and other personnel/labor-related information
• (ⅱ) Tax and Social Insurance Information
  Income tax, resident tax, withholding tax, health insurance, employee pension insurance, workers' accident compensation insurance, employment insurance, and other tax/social insurance-related information
• (ⅲ) Family Information
  Family member's name, gender, date of birth, relationship, residence information, marital status, dependent status, and other information related to the employee’s family
• (ⅳ) Welfare Information
  Various celebration and condolence information, welfare facility usage, employee shareholding association-related information, etc.
• (v) Other Information Related to Business Communication, Business Management, and Facility Management

(2) Scope of Shared Users

• ＜Nitori Group Companies＞
  Nitori Holdings Co., Ltd. and consolidated subsidiaries listed in securities reports, etc.
• ＜Related Associations, etc.＞
  Nitori Health Insurance Association
  Labor unions of Nitori Group companies
  Nitori Holdings Employee Shareholding Association
  Nitori Holdings Executive Shareholding Association
  Nitori Scholarship Foundation

(3) Purposes of Use

As specified in Article 2 (Purposes of Use).

(4) Administrator Responsible for Shared Use

Nitori Holdings Co., Ltd.
1-2-39, Shinkotoni 7-jo, Kita-ku, Sapporo, Hokkaido
Representative Director: Toshiyuki Shirai

15. Provision to a Third Party in a Foreign Country

Notwithstanding other provisions regarding third-party provision in this Personal Information Protection Policy, the Nitori Group will not provide personal data to third parties located outside Japan except in the following cases, in other cases separately stipulated in this Personal Information Protection Policy, or when prior consent has been obtained from the individual:

• (1) When the foreign country has a personal information protection system recognized by the Personal Information Protection Commission regulations as being at a level equivalent to that of Japan for the protection of individual rights and interests
• (2) When the recipient has established a system that meets the standards specified by the Personal Information Protection Commission regulations to continuously implement measures equivalent to those required for personal information handling businesses under this section
• (3) When required by law
• (4) When it is necessary to protect a person’s life, body, or property and it is difficult to obtain the individual’s consent
• (5) When it is particularly necessary for the improvement of public health or the sound development of children, and it is difficult to obtain the individual’s consent
• (6) When it is necessary to cooperate with a national government agency, local public body, or a party entrusted by them to carry out duties prescribed by law, and obtaining the individual’s consent may impede the execution of such duties
• (7) When shared use is conducted as specified in the preceding article

16. Pseudonymized Information

The Nitori Group creates pseudonymized information, which is processed so that employees, etc. cannot be identified unless combined with other information, and uses this information for analysis for the purpose of developing new products and services within the Nitori Group.

17. Anonymized Information

The Nitori Group provides anonymized information, created from acquired personal information, to third parties and may also receive anonymized information from third parties. When creating anonymized information, the Group establishes processing standards based on the criteria of the Personal Information Protection Commission and the processing methods of accredited personal information protection organizations. In addition to implementing safety management measures for processing methods and related information, the Group fulfills obligations such as public disclosure at the time of creation.

【Preparation and Provision of Anonymous Processing Information】

18. Confirmation and Keeping Record

When the Nitori Group exchanges personal data with third parties and it is required by relevant laws and guidelines, the Group will appropriately confirm and record such exchanges in accordance with the provisions of the relevant laws and guidelines.

19. Notification, Disclosure, Correction, and Suspension of Use of Retained Personal Data

The Nitori Group will appropriately respond to requests for notification, disclosure, correction, and suspension of use, etc. regarding retained personal data in accordance with the Act on the Protection of Personal Information.
For information on how to make such requests, please refer to [20. Contact for Personal Information Inquiries].

20. Contact for Personal Information Inquiries

(1) Opinions and Consultations

For opinions or consultations regarding the handling of personal data by the Nitori Group, please contact the following "Inquiry Desk."

(2) How to Request Disclosure, etc. of Personal Data

• (i) Requests
  Please contact the "Inquiry Desk" below first. We will inform you of the required documents for disclosure, etc. (such as identification documents, and if requested by a representative, documents to confirm the representative’s authority).After you submit the necessary documents, we will proceed with the disclosure process. Please note that postage costs for submitting the required documents will be borne by the individual making the request. Thank you for your understanding.
• (ⅱ) Response Method
  Upon receiving your request for disclosure, etc., the Nitori Group will confirm and investigate the details, and respond to the individual in writing.If the request is made by a representative, we will respond to the representative. Please note that we may refrain from responding if disclosure, etc. could harm the life, body, property, or other rights and interests of the individual or a third party.

(3) Inquiry Desk

Nitori Co., Ltd. Customer Service Office (Reception hours: 10:00–20:00)
From landline phones: 0120-014-210 (toll-free)
From mobile phones: 0570-064-210 (Navi Dial)

21. Amendment

This Personal Information Protection Policy may be revised within the scope permitted by laws and guidelines.

Established: December 2, 2025

The forecasts and projected operating results contained in this report are based on information available at the time of preparation, and thus involve inherent risks and uncertainties.
Accordingly, readers are cautioned that actual results may differ materially from those projected as a result of a variety of factors.



Adobe Reader is required for reading documents in the PDF format.
Please download it from. Adobe System Inc.