Personal Data Protection Policy of OISHI GROUP

Principle and Reason

As OISHI Group Pcl and its subsidiaries (collectively “OISHI”) recognize and respect the privacy and the protection of personal data of directors, executives, employees, shareholders, customers, partners, business partners, service receivers, service providers, and other stakeholders of OISHI who are natural persons, OISHI has put in place a personal data protection policy to prevent any inappropriate use of personal data of the aforesaid persons and safeguard such personal data in accordance with the personal data protection laws of any countries in which OISHI operates its businesses or conduct any activities, and in line with other generally accepted standards.

Extent of the Policy

The Personal Data Protection Policy (the “Policy”) will be applied to all of directors of OISHI (“Directors”), executives of OISHI (from the Assistant to the Vice President to the President and CEO) (“Executives”) and employees of OISHI (“Employees”), and will also be applied to all entities over which OISHI has management power e.g. subsidiaries and joint ventures.
Additionally, OISHI wishes and encourages its partners and business partners which OISHI does not have management power over to support and comply with the Policy.

Definitions

“Personal Data” means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly;
“Sensitive Personal Data” means Personal Data relating to racial or ethnic origin, political opinions, cults, religious or philosophical beliefs, sexual behaviors, criminal records, health-related data, disability, labour-union information, genetic data, biometric data or other data which will affect the Data Subject in accordance with those specified in the personal data protection laws;
“Partners” means contractors, sub-contractors, dealers, wholesalers, manufacturers, primary manufacturers, franchisees, licensees, agents, brokers and advisors who enter into any transactions with OISHI;
“Data Subject” means a natural person who is the owner of the Personal Data;
“Person” means a natural person;
“Business Partners” means the OISHI’s dealers, partners in joint ventures and customers.

Purposes and practice guidelines of the Policy are as follows:

1. OISHI will collect, use and disclose the Personal Data according to the purposes, extent and method with lawfulness, fairness and transparency. OISHI will notify the purposes and details as required by laws to the Data Subject and request for consent of the Data Subject before or at the time of collecting, using or disclosing in accordance with the appropriate method and in line with the personal data protection laws except for the case where the consent is not required. In case of the Sensitive Personal Data, OISHI will request for express consent of the Data Subject before or at the time of collecting, using or disclosing except for the case where the consent is not required.
2. OISHI will collect, use and disclose the Personal Data according to the purposes notified to the Data Subject. If OISHI will collect, use and disclose the Personal Data for any purposes other than those notified to the Data Subject, OISHI will notify the new purposes to the Data Subject and request for consent of the Data Subject without delay except for the case where the consent is not required.
3. OISHI will collect the Personal Data to the extent necessary for the business operation under the lawful purposes relating to OISHI’s businesses.
4. OISHI will ensure that the Personal Data collected remain accurate, up-to-date, complete and not misleading.
5. OISHI will collect the Personal Data for a period necessary for achieving the purposes notified to the Data Subject or as specified by the laws.
6. OISHI will not deliver or transfer the Personal Data to any countries which have inadequate data protection standards unless the delivery or transfer falls under the exceptions imposed by the personal data protection laws, or the delivery or transfer is in compliance with the criteria and methods specified by the personal data protection laws.
7. The Data Subject has the right to deal with his/her Personal Data which is in OISHI’s responsibility as specified by the personal data protection laws. OISHI will provide measures, channels and methods for the Data Subject to exercise his/her rights as specified by the personal data protection laws.
8. OISHI will provide appropriate data protection security measures as specified by the personal data protection laws.
9. OISHI will appoint data protection officers (“DPO”) to perform their duties as specified by the personal data protection laws and will notify information, contact details and communication channels of the DPO to the Data Subject via appropriate methods.
10. OISHI will provide appropriate rules, regulations, guidelines or measures for protection of the Personal Data to be in line with the personal data protection laws.
11. OISHI will communicate with its Partners and Business Partners to comply with the personal data protection laws.
12. OISHI will provide inspection processes in respect of compliance with the personal data protection laws, infringement of the Personal Data or infringement of the Data Subject’s rights in order to specify the issues and evaluate the risk and effect.
13. The President and CEO, and Executives are obliged to promote, create understanding and support relevant persons to comply with the Policy.
14. The violators of the Policy will be submitted to the disciplinary action. Upon completion of the investigation by the responsible committee, the violators will be punished according to the working rules and regulations of OISHI. If such violation is also considered as violation of the laws, the violators may further be subject to any legal action.
15. The Board of Directors will consider and update the Policy from time to time.