Basic Policy for Information Security (Excerpt)

1. Objective

TKC Group offers various information-related services through the optimal use of the latest information and communications technology (ICT) on a constant basis to accounting firms and their clients, as well as to local governments. For the purpose of properly managing information and allowing customers to use the Company’s services with peace of mind, this Basic Policy for Information Security (“Basic Policy”) sets forth the basic measures and framework to safeguard information security within the Group based on the Cybersecurity Management Guidelines formulated by the Ministry of Economy, Trade and Industry.

2. Basic Principles

1. TKC Group recognizes that safeguarding information security is a management issue of the highest priority and will address it on a group-wide basis.
2. TKC Group will establish and continuously improve a framework in which officers and all employees maintain a sense of ethics and comply with laws and regulations, norms stipulated by government agencies and other authorities, and internal regulations.
3. In the event that an incident that may pose a threat to information security is discovered, TKC Group will conduct a thorough investigation to identify the cause, discuss measures to prevent its recurrence, and implement these measures.

TKC Group’s Basic Policy for Information Security (full text) can be found at:https://www.tkc.jp/security (Japanese)

Policy on the Protection of Personal Information

TKC Corporation (the “Company”), an information service provider, recognizes the importance of protecting the personal information and specific personal information (collectively “Personal Information”) of customers, shareholders, business partners, and the Company’s officers and employees in an IT-based society, and has set forth the following Policy on the Protection of Personal Information as part of its commitment to the protection of Personal Information on a company-wide basis.

1. The Company will conduct awareness education and internal training for officers and all employees of the Company to ensure compliance with the Act on the Protection of Personal Information, the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures, and other laws and regulations, as well as guidelines and other norms stipulated by the national government, and will strive to manage Personal Information appropriately.
2. When obtaining or using Personal Information, the Company will notify the person in question of the purpose of use, the Company’s contact information, etc., obtain Personal Information only to the extent necessary, and use it within the scope of the purpose of use.
3. Except in cases where doing so is required by law, the Company will not provide Personal Information to third parties without first obtaining the consent of the person in question.
4. To ensure the appropriate management of Personal Information, the Company will appoint a chief administrator for each department that handles Personal Information, and in particular, it will appoint a chief administrative officer and administrative personnel for each department that handles specific personal information.
5. The Company will adopt reasonable technical and physical measures to prevent and rectify unauthorized access to and the loss, destruction, leakage, and tampering of Personal Information.
6. The Company prohibits the subcontracting of operations without first obtaining the consent of the person in question regarding their Personal Information.
7. To ensure the security of Personal Information, the Company will review and improve its management system for the protection of Personal Information as necessary.
8. The Company will respond in good faith to inquiries, complaints, and consultation requests regarding Personal Information from the person in question, as well as to requests for the disclosure, correction, addition, deletion, or suspension of use of Personal Information.