Acquisition of Privacy Mark Certification

In June 2004, Cresco established a personal information protection program in compliance with JIS Q15001. Cresco was recognized by Japan Information Processing Development Corporation (JIPDEC) as a company that acts appropriately to protect personal information, and it was granted the right to display the Privacy Mark.

Certification number


Acquisition date

June 16, 2004

Mark-granting organization

Japan Information Processing Development Corporation (JIPDEC)

Designated examining authority

Japan Information Technology Services Industry Association (JISA)

Renewal date

June 16, 2022

Personal Information Protection Policy (Privacy Policy)

Cresco Ltd. (hereinafter “Cresco” or “the Company”) uses personal information it has received for various purposes such as to develop better services or products that satisfy our customers or to market these services or products. In accordance with the Code of Management and Conduct for Compliance it has formulated, the Company responds to the trust bestowed on it by everyone who provides their personal information by appropriately managing and protecting personal information while ensuring that all persons engaged in the business operations of the Company are made to recognize the importance of protecting personal information.

1. Compliance with Laws, and Regulations, etc. for Personal Information

The directors, corporate auditors and all employees of Cresco Ltd., observe the laws and regulations, guidelines set by the Japanese government, and other rules relating to the handling of personal information.

2. Gathering, Use and Supply of Personal Information

In the gathering, use and supply of personal information, Cresco appropriately protects personal information while stating clearly its purpose by the scope that is necessary for business activities. In addition, Cresco takes measures to ensure that personal information is not used outside the scope of purpose.

3. Implementation of Safety Measures

To realize the appropriate protection of personal information, in addition to taking reasonable safety measures, Cresco conducts education and training and performs audits, etc. as a means of ensuring effectiveness. In the event that a breach does occur, Cresco takes prompt measures to rectify the situation.

4. Continuing Improvement of Personal Information Protection

To ensure that it takes legal and effective measures to protect personal information, Cresco continually revises and improves its management system for protecting personal information.

5. How Cresco Responds to Complaints and Inquiries

Cresco responds sincerely and promptly to complaints and inquiries regarding personal information.

[Handling of Personal Information]

1. Gathering of personal information

  • In cases where personal information is provided directly, personal information will be collected only with the approval of each individual concerned, clarifying the purpose of its use and in a fair and legal manner.
  • Sensitive information will only be gathered with prior written permission from the individuals concerned or if required by legal or similar directives.
  • Although the personal information gathered will be kept in an accurate and updated condition, if changes occur with respect to the personal information already provided, it is left to the provider’s own judgment to provide updated information.
  • In addition, Cresco may gather personal information indirectly. Such personal information is information that has been publicly disclosed in a legitimate way such as by the Internet or disclosed in another way that makes it public knowledge. This personal information is also used within the scope of intended use only and is managed safely in the same way as personal information that Cresco has gathered directly.

2. The Purpose and Intended Use of Personal Information

The purpose and intended use of collected personal information will be clearly stated and the information is used within the scope that is required to achieve this purpose. The main purposes and intended uses are as follows:


  • Carrying out business operations commissioned by customers
  • Responding to inquiries
  • Exercising rights or fulfilling obligations of the Company based on contracts for the provision of products or services
  • Sending information (including sending email or email magazines, or sending direct mail) on products or services, etc. provided by the Company or by group affiliated companies*
  • Sending information (including sending email or email magazines, or sending direct mail) on seminars, exhibitions, presentations, etc., and various events held (sponsored/co-sponsored/supported) by the Company or by group affiliated companies*
  • Acceptance or communications regarding participant registration required as part of the operation of various events offered by the Company or group affiliated companies
  • Requests of questionnaire surveys for identifying market trends or customer needs
  • Confirmation of personal information of the employees or leased employees of business partners based on fulfillment of contracts
  • Responses to the exercise of rights of shareholders or fulfillment of the Company’s obligations based on the Companies Act or other relevant law or regulation
  • Human resources administrative work related to the employment of the Company’s employees (including retirees) and administrative work required for accounting and general affairs, etc.
  • Administration and recruiting activities related to individuals applying for employment
  • Health administration and contracting welfare programs, etc. of the Company’s employees
  • Other purposes for which prior agreement was obtained from the individual

* Companies listed in CRESCO Group (

3. Disclosure and Supply of Personal Information to Third Parties

Cresco provides no personal information to any third party except in the following cases.
There are cases where Cresco outsources part of its business operations in order to conduct business smoothly. The personal information disclosed and supplied in such cases shall be the absolute minimum that is required and the scope of its use shall be limited. In addition, when selecting contractors to outsource to, Cresco carries out checks on potential contractors, and in addition to choosing contractors who fulfill the Company’s criteria, Cresco performs appropriate management and monitoring through safety management measures such as concluding a confidentiality agreement regarding the handling of personal information.


  • When Cresco already has consent of the individuals concerned
  • When disclosing or supplying statistical data that is stripped of information that could identify individuals
  • When based on laws or regulations
  • When Cresco carries out commissioned work to the extent necessary for the purpose and intended use
  • When a portion or entirety of customers’ personal information is jointly used to the extent of meeting the purpose and intended use
    * Regarding shared use

Items of personal information that are subject to shared use

Name, address, telephone number, email address, image, and other items

necessary for achieving the purpose

Scope of entities engaging in shared use

Group affiliate companies

Purpose of shared use

The scope of “2. The Purpose and Intended Use of Personal Information” above.

Entity responsible for management of personal information subject to shared use, and

address and representative thereof

CRESCO LTD. Personal information protection manager

Shinagawa Intercity A-tower 26th Floor, 2-15-1, Kounan, Minato-ku, Tokyo 108-6026

President Hiroshi Tominaga

Method of acquisition

Provision by the owner of the personal information, either directly or by input into the Company’s website

  • In cases when the information is necessary to protect human life, safety or property and it is difficult to obtain permission from the individual.

4. Safety Management Measures

  • Cresco establishes a promotion organization for personal information protection, and it appoints a personal information protection manager, as well as persons responsible for auditing personal information protection, providing education on personal information protection, handling inquires on personal information, and the operational units of personal information protection.
  • Cresco establishes internal company procedures that comply with rules and regulations related to personal information protection, the requirements of JIS Q15001 Personal Information Protection Management System, and industry guidelines.
  • Cresco conducts education and awareness promotion activities to ensure everyone knows the importance of personal information protection and the above-mentioned internal procedures.
  • While observing the requirements of the Personal Information Protection Management System, Cresco secures the safety of personal information by taking reasonable safety measures (including limiting access) and corrective measures for personal information.
  • Cresco takes an appropriate and reasonable level of measures to prevent unauthorized access, loss, destruction, alteration or leaking of personal information.
  • Encryption of communication
    • When individuals provide personal information, Cresco uses communication encryption technology such as SSL (Secure Sockets Layer) on the Company’s website to protect the personal information.
    • When the Company’s website is commissioned to third parties, Cresco only selects contractors who have cleared strict information security criteria including the PrivacyMark and ISMS.
    • In addition, Cresco has established systems that take care of individuals’ important information assets by methods such as regular vulnerability assessments conducted by a third party. In some cases, the Company’s website will deny access to a page when the browser does not support SSL or fulfill another security requirement.

5. Requests for Disclosures, Revisions, Deletions and Termination of Use, etc.

  • When receiving requests from individuals relating to that individual’s personal information, such as requests for notification of purpose and intention of use, disclosure, revision, etc. (including corrections, additions, deletions), termination of use, etc. (including termination of use and removal), and termination of information provision to any third party, unless there is an appropriate reason for not being able to respond to a request, Cresco, after verifying the identity of the inquiring individual, endeavors to swiftly respond to such requests to an extent that is reasonable according to socially-accepted norms.
  • Cresco has established a point of contact for inquiries on the handling of personal information on its website.

6. Ongoing Improvement of the Personal Information Protection Management System

  • The Company has implemented and maintains a personal information protection and management system, stipulating the handling of the information in terms of the scope of application of all personal information handled by the Company in its business and personal information of employees, etc., and appointing persons in charge of each unit handling personal information.
  • The Company also endeavors to improve the system continuously, using as reference the audit reports that are periodically conducted.

Formulated:October 1, 2003

Final revision:July 1, 2022


President Hiroshi Tominaga

[Inquiries Relating to the Privacy Policy]

Please use the contact below for any complaints/inquiries regarding personal information or requests regarding disclosures, revisions, termination of use or deletions, etc.


Name of business operator handling personal information CRESCO LTD.
Personal information protection manager Executive Officer Yasushi Sasaki

Contact for Personal Information

Shinagawa Intercity A-tower 26th Floor, 2-15-1, Kounan, Minato-ku, Tokyo 108-6026
TEL +81-3-5769-8011
FAX +81-3-5769-8019