Policy on the Protection of
Personal Information

In June 2006, the Company obtained the Privacy Mark which is granted by Japan Information Processing Development Center (currently JIPDEC) to companies that deal with personal information in a proper manner.

> About the Privacy Mark

When the Company obtains personal information, it will notify or publicize the purpose of use in an appropriate manner. The purposes for which the Company obtains and uses personal information are as follows.

1. 1. Customer information

   1. (1) To process applications for LUMINE CARD and other operations that are outsourced by View Card Co., Ltd.
   2. (2) To dispatch direct mail and other notifications of various services
   3. (3) To respond to customers' opinions and requests which are posted to the Voice of Customers Box placed inside individual stores or via the inquiry form of this site
   4. (4) To deliver a gift to prizewinners selected in a lottery for various campaigns
   5. (5) To process the operation of customer management, product delivery, settlement of payment, and distribution of mail magazines, and conduct events, campaigns, questionnaires and other beneficial programs, etc. in iLUMINE and the Lifestyle Business
   6. (6) To promote sales activities including the research and analysis of iLUMINE and Lifestyle Business marketing data and advertisement delivery, etc.
   7. (7) To make notifications regarding matters necessary for operating the site of iLUMINE and the Lifestyle Business
   8. (8) Customer management, product shipment, payment settlement, and contact regarding products and services for the LUMINE Card online payment service via the ONE LUMINE app
   9. (9) Contacting customers as necessary for the operation of the LUMINE Card online payment service via the ONE LUMINE app

2. 2. Business partners' information

   1. (1) To conduct operations appropriately and smoothly in order to pursue the purpose of the Company's business

3. 3. Recruitment and employee information

   1. (1) To process operations regarding screening and acceptance procedures
   2. (2) To manage employee labor

4. 4. Specific personal information

   1. (1) To manage employee labor
   2. (2) To conduct operations of the employee shareholding association and the employee saving schemes
   3. (3) To prepare and submit a statutory payment record, etc.
   4. (4) To provide services other than the above which are specified by the My Number Act

To make a request for notification of purpose of use, disclosure, correction, addition or deletion of content, suspension of use, erasure, or suspension of provision to third parties (hereinafter referred to as “Request for Disclosure, etc.”), or for complaints and consultations, regarding personal data in our possession or records provided to third parties, please contact the following. We will guide you through the necessary procedures. If you want to request disclosure, etc. via electromagnetic methods, please state so when making your request. In principle, your request will be processed in accordance with your wishes. Please note that a handling fee of 600 yen will be charged for any requests for notification of purpose of use or disclosure of personal data.

Contact inquiring about personal information or requesting disclosure, correction, cessation of utilization, etc.

The Company is recognized as an accredited personal information protection organization.
Complaints regarding our dealing with personal information can also submitted to:

Personal Information Protection Claim Office of JIPTEC

1.About Google Analytics
Some pages on the Company’s website use Google Analytics in order to understand how the website is used. Google Analytics uses cookies to collect information on website usage trends without identifying individual users, and the information collected is managed in accordance with Google’s Privacy Policy.
Google Analytics can be disabled in your browser’s add-on settings. To do so, you can download and install the “Google Analytics Opt-Out Browser Add-on” from the Google Opt-Out Add-on Download Page below and change the add-on settings in your browser.

https://tools.google.com/dlpage/gaoptout?hl=ja

The Company’s website also collects data using Google Signals. With Google Signals, website visitation data is collected by Google Analytics and correlated with the logged-in user’s Google account information in a manner that does not personally identify users. (However, only users who have agreed to be linked for the purpose of customizing their ads are eligible for linking.)

2. About social plugins
Some social networking services (SNS) may automatically receive user IDs, accessed websites, and other information from websites with SNS “buttons” without the user having to press the button.

3. Cookie Policy
The Company’s website uses cookies, web beacons, and other tracking technologies to collect information about visits to the Company's website (hereinafter referred to as “Cookie Information”) for the purpose of analyzing browsing information and providing services, information, advertisements, etc. that are optimized for individual customers. This Cookie Policy (hereinafter referred to as “This Policy") describes the purposes of use of Cookie Information managed by the Company’s website and how customers can refuse the use of cookies, web beacons, etc.

*Cookies are a function that stores browsing information when a customer accesses a website or service on their device (PC, smartphone, etc.). It is not possible to identify any customer’s personal information from the Cookie Information.

1) Purposes of Use of Cookie Information
The Company’s website uses Cookie Information and the results of its analysis (hereinafter referred to as “Statistical Information”) for the following purposes. Statistical Information does not contain information that could be used to identify a specific customer (name, address, telephone number, e-mail address, credit card number, etc.).

a. To statistically analyze customer usage history of the Company’s website and utilize the information to improve the website’s convenience, etc.
b. To individually customize for each customer the information displayed on the Company’s website
c. To distribute the Company’s advertisements on websites managed by the Company and third parties affiliated with the Company’s website

2) Use of Advertisement Distribution Services
The Company may provide Statistical Information about its website to the following advertisement distribution service providers to whom distribution of advertisements is outsourced, for the purpose of displaying the Company’s advertisements on the websites of other companies. You may opt out of the delivery of advertisements by advertisement distribution service providers by following the opt-out procedures on their respective opt-out pages.

3) Cookie & Web Beacon Settings
You may refuse cookies, web beacons, etc. by setting your browsers to refuse them, but please note that some services may not be available if they are refused.

1) Formulation of basic policy
In order to ensure proper handling of personal data, a “Policy on the Protection of Personal Information”, regarding compliance with relevant laws, regulations, guidelines, etc. and contact information for handling questions and complaints, has been established.

2) Development of discipline regarding the handling of personal data
Personal information protection rules have been established regarding handling methods, responsible persons/persons in charge and their duties, etc. for each stage of handling, including acquisition, use, storage, provision, and deletion/disposal.

3) Organizational security management measures
(1) In addition to appointing persons responsible for the handling of personal data, the Company makes clear which employees can handle personal data and the scope of personal data handled by such employees, and has established a system for reporting to the persons responsible in the event that facts or signs of violations of the law or handling regulations have been discovered.
(2) Periodic self-inspections are conducted on the status of personal data handling, as are audits by other departments and outside parties.

4) Human security management measures
(1) Regular training to employees regarding points to note concerning the handling of personal data is being carried out.
(2) Matters concerning confidentiality of personal data are described in the work regulations.

5) Physical security management measures
(1) In the areas where personal data is handled, the Company controls the entry and exit of employees, restricts equipment and other items that can be brought in, and takes measures to prevent unauthorized persons from accessing personal data.
(2) Measures are taken to prevent the theft, loss, etc. of equipment, electronic media, documents, etc. that handle personal data, and measures are taken to prevent personal data from being easily discovered when such equipment, electronic media, etc. are carried, including within the work site.

6) Technical safety management measures
(1) Access controls are implemented to limit the scope of persons in charge and the personal information databases, etc. to be handled.
(2) Mechanisms are in place to protect information systems that handle personal data from unauthorized external access or unauthorized software.