Personal Information Protection Policy
Fana, acknowledging importance of personal information, will make efforts to protect personal information in accordance with the following policy:
1.Acquisition of personal information
Fana will acquire personal information through legally appropriate and fair means.
2.Utilization of personal information
(1)Fana will utilize personal information within the scope of the purposes of utilization that Fana has already notified or publicly announced.
(2)When Fana entrusts a certain subcontractor with the handling of personal data, Fana will carefully check and select such subcontractor and will exercise necessary and appropriate supervision over such subcontractor in order to ensure the security control of the entrusted data.
3.Provision of personal data to a third party
Fana will not provide personal data to a third party without obtaining the prior consent of the principal except in case of providing it to a third party pursuant to laws or regulations.
4.Control of personal data
(1)Fana will maintain personal data accurate and conduct the security control of such personal data within the scope necessary for the achievement of purposes of utilization.
(2)Fana will take reasonable measures for information security against unauthorized access in order to prevent the loss, destruction, falsification and leakage of personal data.
5.Disclosure of retained personal data, etc.
When any person who is the subject of Fana’s retained personal data requests Fana to disclose, correct, add, delete, discontinue using or erase such data, Fana will appropriately respond to such request in accordance with applicable laws and regulations.
6.Internal system for control and protection of personal information
(1)Fana will appropriately establish and maintain internal system for control and protection of personal information, including the personal information protection committee and the person responsible for control and protection of personal information.
(2)Fana will educate and exercise necessary and appropriate supervision over its employees concerning appropriate control and protection of personal information.