JAPANESE

Effort to protect personal information

Note
Please note that this document is an unofficial translation and was prepared for reference purpose only. The original release is in Japanese.
Effort to protect personal information

BB Satellite Corp. (hereafter called “BBSAT”) has recognizes that it is important to establish an organization for management and be thorough in order to handle personal information properly. BBSAT decides on BBSAT's policy as follows and effort to protect personal information.

1.Legal Compliance

BBSAT will comply with laws for the handling personal information as well as other laws, ordinances, and guidelines.

2.Handling personal information

BBSAT will, in case of acquiring personal information, specify the purpose of utilizing the personal information as explicitly as possible and acquire by proper means. BBSAT will use said personal information within the scope of the specified purpose. And BBSAT will not provide personal information to a third party without obtaining in advance a principal's consent, except in cases based on laws and regulations.

3.Security Control Action

In order to prevent the leakage, loss or damage handled personal information, BBSAT will take necessary and appropriate action: access control, bringing-out restriction, unauthorized access prevention.

4.Supervision over Employees

BBSAT will exercise necessary and appropriate supervision over the employees and cooperative company entrusted a whole or part of the handling of personal information so as to handle it properly and to seek the security control of it.

5.Disclosure, Utilization Cease etc.

Regarding disclosure, correction, deletion, utilization cease etc, opinions, and consultation, BBSAT will promptly cope with them based on laws and regulations.

October 1, 2023
Kiyoshi Takeuchi
President
BB Satellite Corp

Personal Information Protection Principles

BB Satellite Corp. (hereafter called “BBSAT”) works for implementation of the following matters to ensure full compliance with “Act on the Protection of Personal Information” (Act No. 57 of May 30, 2003) , “Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure” (Act No. 27 of May 31, 2013), “Guidelines for proper handling of Specific Personal Information (for private entities)”, “Personal Information Protection Management Systems – Requirements” (JISQ15001) and others to protect personal information.

1. Strengthened employees' training

Conduct training on management of personal information for employees.

2. Development of company rules concerning personal information handling

Ensure that tough stance of BBSAT against leakage of personal information is fully communicated in BBSAT as well as develop company rules concerning personal information handling to present a clear policy for handling of personal information.

3. Placement and enhanced functions of “chief privacy officer”

Build up a structure with visible roles to comply with laws and guidelines, develop relevant company rules, build up an audit structure and oversee the handling of personal information as well as place “chief privacy officer” to appoint information security manager as such officer.

4. Implementation of appropriate measures for information security

Implement necessary and appropriate measures to administer access to personal information, limit taking-out of personal information and prevent unauthorized access from outside with intent to prevent personal information from being leaked, lost or damaged and safely control personal information.

5. Outsourced operations

(1) Outsource, in some cases, all or part of its personal information handling operations in sales of various services, response to customers' inquiries, facility maintenance, tariff-related works, marketing tasks and other related works.

(2) Fully examine the eligibility of outsourcing agents when concluding outsourcing agreements. Further, set out safety management measures, confidentiality, terms of subcontract and proper handling of personal information in such outsourcing agreements and oversee BBSAT's outsourcing agents in an appropriate manner by regularly monitoring outsourced operations.

(3) Use personal information provided by an outsourcer in association with the acceptance of outsourced operations to the extent necessary for the purpose of the agreement with such outsourcer.

6. Setup/Enhancement of audit structure

Set up an audit structure which enables BBSAT to internally audit whether personal information is properly protected.

7. Proper acquisition, use, provision and announcement of personal information

Upon acquiring personal information, BBSAT legally and fairly obtains personal information by means of application forms, web site or verbal explanation upon clarifying the purpose of use of such personal information. Upon using and providing personal information, and upon announcing retained personal information, BBSAT properly performs the act by considering details and a scale of business.

8. Continuous improvement of personal information protection-related activities

Continuously attempt to review/improve the activities stated in paragraph 1 through 7 above.

9. Revision

BBSAT may revise all or a part of the present “Personal Information Protection Principles”. In the event of a material change, BBSAT announces it on its official web site in an easily comprehensible manner.

Coverage of “Personal Information Protection Principles”

"Personal information" in this "Action Guideline for the Protection of Personal Information" means the information related to the individual, identified by name, date of birth or other explanation, or individual number, other code, image or voice.(Includes information that can not be identified using the information alone, but can easily identify an individual compared to other information.), and the target doesn't matter whether it is the customer of BBSAT, employees of business partners or of BBSAT.

“Personal Information Protection Principles” applies, unless otherwise stated in each paragraph, to all personal information managed by BBSAT.

Supplementary provisions

This Personal Information Protection Principles shall be enforced from October 1, 2023.

October 1, 2023
Kiyoshi Takeuchi
President
BB Satellite Corp

Information Security Policy

Note
Please note that this document is an unofficial translation and was prepared for reference purpose only. The original release is in Japanese.
Information Security Policy

BB Satellite Corp. (hereafter called “BBSAT”)has developed “Information Security Policy” in order to always get the trust of society including our customers by taking drastic and high-level measures against the risk of information leakage.
BBSAT intends, from now on, to comply with “Information Security Policy” and “Personal Information Protection Principles (privacy policy)” as separately indicated and maintain information security by protecting information assets from various threats and by properly handling them.

Application of Information Security Policy

Buildup of information security management structure

Build up a highly secured information security management structure to gain the society's confidence at any time through making every possible effort to protect all information assets held by BBSAT as well as complying with the information security-related statutes and other rules.

Assignment of “Chief Information Security Officer”

Assign “Chief Information Security Officer (CISO)”, which enables BBSAT to take proactive actions to have accurate visibility of the company-wide information security status and to promptly take necessary measures.

Development of information security-related company rules

Develop company rules based on Information Security Policy to demonstrate the clear policy for not only the personal information but also information assets in general as well as internally and externally keep everyone informed about BBSAT's tough stance against the information leaks.

Development/enhancement of audit structure

Further develop the structure which enables BBSAT to carry out internal audits of compliance with Information Security Policy, the company rules and other relevant rules. BBSAT will prove that all of its employees, etc. comply with Information Security Policy.

Implementation of system with full information security measures

Implement a fully protected system against unauthorized access to, leaks, modification, loss, destruction or hindered use, of the information assets.

Enhancement of information security literacy

Ensure that the employees, etc. are given security education/training and that all people engaged in BBSAT's information assets perform activities with the information security literacy.
In addition, BBSAT will continue providing its employees with education/training to cope with ever-changing circumstances.

Strengthened management structure of outsourcing agents

Request outsourcing agents to keep a security level which is the same or more than that of BBSAT by fully examining eligibility of the outsourcing agents when outsourcing operations. In addition, BBSAT intends to continuously review the outsourcing agents to reinforce contracts' terms with intent to confirm without interruption that the security level is adequately maintained.

Coverage of Information Security Policy

“Information assets” covered by this policy are information obtained or known in the ordinary course of BBSAT's business and all the information held by BBSAT for its business. All of BBSAT's “Directors, employees and temporary staffers” who are engaged in handling and controlling these information assets as well as “outsourcing agents and their employees” who deal with BBSAT's information assets must comply with Information Security Policy.

Supplementary provisions

This Information Security Policy shall be enforced from October 1, 2023.