The Company implements the following technical, administrative, and physical safeguards to ensure the safety of users' personal information so that it is not lost, stolen, leaked, altered, or damaged.
Article 16 (Establishment and Implementation of an Internal Management Plan)
The Company has established and implemented an internal management plan covering personal information protection and related matters to ensure the safe processing of personal information.
Article 17 (Password Encryption)
Member passwords are stored and managed in encrypted form so that only the individual concerned can know them, and verification and modification of personal information can be performed only by the individual who knows the password.
Article 18 (Measures Against Hacking and Similar Threats)
The Company does its utmost to prevent the leakage or damage of members' personal information due to hacking, computer viruses, and similar threats. To prepare for damage to personal information, the Company regularly backs up data, uses the latest antivirus programs to prevent users' personal information or data from being leaked or damaged, and uses encrypted communications to safely transmit personal information over the network. The Company also uses an intrusion prevention system to control unauthorized external access and strives to install all technically possible measures to secure systemic security.
Article 19 (Storage of Access Records for Breach Response)
The Company does its utmost to prevent personal information breaches. In addition, to respond to such breaches, the Company retains and manages records of access to personal information storage systems for at least six months and implements technical measures to prevent the records from being forged or altered.
Article 20 (Minimization and Training of Personal Information Handlers)
The Company limits employees who handle personal information to those in charge, assigns separate passwords for this purpose that are regularly renewed, and continually emphasizes compliance with the Privacy Policy through frequent training of such personnel.
Article 21 (Operation of a Dedicated Personal Information Protection Organization)
Through an in-house dedicated personal information protection organization, the Company verifies the implementation of this Privacy Policy and the compliance of those in charge, and strives to immediately correct any issues identified. However, the Company shall not be liable for damages not attributable to the Company, such as accidents caused by the user's own negligence or by incidents occurring outside the Company's control, even where the Company has fulfilled its personal information protection obligations.