Privacy Policy

In June 2004, Cresco established a personal information protection program in compliance with JIS Q15001. Cresco was recognized by Japan Information Processing Development Corporation (JIPDEC) as a company that acts appropriately to protect personal information, and it was granted the right to display the Privacy Mark.

Cresco Ltd. (hereinafter “Cresco” or “the Company”) uses personal information it has received for various purposes such as to develop better services or products that satisfy our customers or to market these services or products. In accordance with the Code of Management and Conduct for Compliance it has formulated, the Company responds to the trust bestowed on it by everyone who provides their personal information by appropriately managing and protecting personal information while ensuring that all persons engaged in the business operations of the Company are made to recognize the importance of protecting personal information.

The directors, corporate auditors and all employees of Cresco Ltd., observe the laws and regulations, guidelines set by the Japanese government, and other rules relating to the handling of personal information.

In the gathering, use and supply of personal information, Cresco appropriately protects personal information while stating clearly its purpose by the scope that is necessary for business activities. In addition, Cresco takes measures to ensure that personal information is not used outside the scope of purpose.

To realize the appropriate protection of personal information, in addition to taking reasonable safety measures, Cresco conducts education and training and performs audits, etc. as a means of ensuring effectiveness. In the event that a breach does occur, Cresco takes prompt measures to rectify the situation.

To ensure that it takes legal and effective measures to protect personal information, Cresco continually revises and improves its management system for protecting personal information.

Cresco responds sincerely and promptly to complaints and inquiries regarding personal information.

• In cases where personal information is provided directly, personal information will be collected only with the approval of each individual concerned, clarifying the purpose of its use and in a fair and legal manner.
• Sensitive information will only be gathered with prior written permission from the individuals concerned or if required by legal or similar directives.
• Although the personal information gathered will be kept in an accurate and updated condition, if changes occur with respect to the personal information already provided, it is left to the provider’s own judgment to provide updated information.
• In addition, Cresco may gather personal information indirectly. Such personal information is information that has been publicly disclosed in a legitimate way such as by the Internet or disclosed in another way that makes it public knowledge. This personal information is also used within the scope of intended use only and is managed safely in the same way as personal information that Cresco has gathered directly.

The purpose and intended use of collected personal information will be clearly stated and the information is used within the scope that is required to achieve this purpose. The main purposes and intended uses are as follows:

• Carrying out business operations commissioned by customers
• Responding to inquiries
• Exercising rights or fulfilling obligations of the Company based on contracts for the provision of products or services
• Sending information (including sending email or email magazines, or sending direct mail) on products or services, etc. provided by the Company or by group affiliated companies*
• Sending information (including sending email or email magazines, or sending direct mail) on seminars, exhibitions, presentations, etc., and various events held (sponsored/co-sponsored/supported) by the Company or by group affiliated companies*
• Acceptance or communications regarding participant registration required as part of the operation of various events offered by the Company or group affiliated companies
• Requests of questionnaire surveys for identifying market trends or customer needs
• Confirmation of personal information of the employees or leased employees of business partners based on fulfillment of contracts
• Responses to the exercise of rights of shareholders or fulfillment of the Company’s obligations based on the Companies Act or other relevant law or regulation
• Human resources administrative work related to the employment of the Company’s employees (including retirees) and administrative work required for accounting and general affairs, etc.
• Administration and recruiting activities related to individuals applying for employment
• Health administration and contracting welfare programs, etc. of the Company’s employees
• Other purposes for which prior agreement was obtained from the individual

* Companies listed in CRESCO Group (https://www.cresco.co.jp/en/corpinfo/group.html).

Cresco provides no personal information to any third party except in the following cases.
There are cases where Cresco outsources part of its business operations in order to conduct business smoothly. The personal information disclosed and supplied in such cases shall be the absolute minimum that is required and the scope of its use shall be limited. In addition, when selecting contractors to outsource to, Cresco carries out checks on potential contractors, and in addition to choosing contractors who fulfill the Company’s criteria, Cresco performs appropriate management and monitoring through safety management measures such as concluding a confidentiality agreement regarding the handling of personal information.

• When Cresco already has consent of the individuals concerned
• When disclosing or supplying statistical data that is stripped of information that could identify individuals
• When based on laws or regulations
• When Cresco carries out commissioned work to the extent necessary for the purpose and intended use
• When a portion or entirety of customers’ personal information is jointly used to the extent of meeting the purpose and intended use
  * Regarding shared use

• In cases when the information is necessary to protect human life, safety or property and it is difficult to obtain permission from the individual.

• Cresco establishes a promotion organization for personal information protection, and it appoints a personal information protection manager, as well as persons responsible for auditing personal information protection, providing education on personal information protection, handling inquires on personal information, and the operational units of personal information protection.
• Cresco establishes internal company procedures that comply with rules and regulations related to personal information protection, the requirements of JIS Q15001 Personal Information Protection Management System, and industry guidelines.
• Cresco conducts education and awareness promotion activities to ensure everyone knows the importance of personal information protection and the above-mentioned internal procedures.
• While observing the requirements of the Personal Information Protection Management System, Cresco secures the safety of personal information by taking reasonable safety measures (including limiting access) and corrective measures for personal information.
• Cresco takes an appropriate and reasonable level of measures to prevent unauthorized access, loss, destruction, alteration or leaking of personal information.
• Encryption of communication
  • When individuals provide personal information, Cresco uses communication encryption technology such as SSL (Secure Sockets Layer) on the Company’s website to protect the personal information.
  • When the Company’s website is commissioned to third parties, Cresco only selects contractors who have cleared strict information security criteria including the PrivacyMark and ISMS.
  • In addition, Cresco has established systems that take care of individuals’ important information assets by methods such as regular vulnerability assessments conducted by a third party. In some cases, the Company’s website will deny access to a page when the browser does not support SSL or fulfill another security requirement.

• When receiving requests from individuals relating to that individual’s personal information, such as requests for notification of purpose and intention of use, disclosure, revision, etc. (including corrections, additions, deletions), termination of use, etc. (including termination of use and removal), and termination of information provision to any third party, unless there is an appropriate reason for not being able to respond to a request, Cresco, after verifying the identity of the inquiring individual, endeavors to swiftly respond to such requests to an extent that is reasonable according to socially-accepted norms.
• Cresco has established a point of contact for inquiries on the handling of personal information on its website.

• The Company has implemented and maintains a personal information protection and management system, stipulating the handling of the information in terms of the scope of application of all personal information handled by the Company in its business and personal information of employees, etc., and appointing persons in charge of each unit handling personal information.
• The Company also endeavors to improve the system continuously, using as reference the audit reports that are periodically conducted.

Formulated:October 1, 2003

Final revision:July 1, 2022

CRESCO LTD.
President Hiroshi Tominaga

Please use the contact below for any complaints/inquiries regarding personal information or requests regarding disclosures, revisions, termination of use or deletions, etc.

Name of business operator handling personal information CRESCO LTD.
Personal information protection manager Executive Officer Yasushi Sasaki

Shinagawa Intercity A-tower 26th Floor, 2-15-1, Kounan, Minato-ku, Tokyo 108-6026
TEL +81-3-5769-8011
FAX +81-3-5769-8019

Mail:　kojin_madoguchi@cresco.co.jp