Information Security/
Personal Information Protection Policy
and Basic Policy Against Antisocial Forces

Information Security Protection Policy

NETSTARS Co., Ltd. (hereinafter “the Company”) recognizes that efforts to ensure information security are an extremely important responsibility in the course of our business activities. Therefore, we will fulfill our social responsibility as an IT company by being aware of and thoroughly implementing information security on a daily basis.

• 1.We will comply with information security-related laws and regulations, as well as industry standards.
• 2.We will manage and use personal information safely in accordance with our Personal Information Protection Policy.
• 3.We will maintain the confidentiality of information assets related to our corporate activities and implement information security in the services we provide.
• 4.We will establish an information security management system and provide thorough information security education to all employees.
• 5.The entire Group will work together to maintain and improve our information security measures on an ongoing basis.

Enacted: June 27, 2018
Tsuyoshi Ri, Representative Director and President
NETSTARS Co., Ltd.

Personal Information Protection Policy

NETSTARS Co., Ltd. (hereinafter, “the Company”) considers the protection and appropriate handling of personal information of our customers and other persons related to the Company to be a social responsibility in the course of our provision of payment services related to electronic payment. In accordance, we will comply with laws and regulations regarding the protection of personal information, and make every effort to protect personal information appropriately in accordance with the basic policy set forth below.

• 1. Compliance with Laws and Regulations
  We will comply with laws and regulations regarding the protection of personal information, as well as guidelines and other standards established by the government of Japan.
• 2. Purpose of Use of Personal Information
  We will clearly specify the purpose of use of personal information within the scope required for us to provide our services, and we will acquire, use and provide personal information appropriately. We will not use acquired personal information for any purpose other than the specified purpose of use, and will take appropriate measures to ensure that the said personal information is not used for any other purpose.
• 3. Security Management of Personal Information
  We will take preventative measures against unauthorized access to personal information in our possession, and also to prevent any leakage, loss, or damage of said personal information. In the event that such an issue occurs, we will take swift remedial measures.
• 4. Joint Use of Personal Information
  We will appropriately supervise all contractors who handle personal information to ensure that sufficient security management systems are in place.
• 5. Disclosure, etc. of Personal Information
  We will respond in good faith, in accordance with laws and regulations, to requests from individuals for notification of the purpose of use of their personal information, as well as requests for disclosure, correction, addition or deletion, suspension of use or erasure of such personal information, suspension of provision to third parties, and disclosure of records of provision to third parties.
• 6. Responding to Complaints and Consultations
  We will respond to complaints and consultations regarding personal information without delay.
  Please direct related inquiries to the contact point for complaints and consultations regarding the handling of personal information, as specified below.
• 7. Maintaining the Accuracy of Personal Information
  We have established an Information Security Committee to raise awareness of the protection of our customers’ personal information among our management, employees, and external contractors, and to review and improve the appropriate management of personal information protection on an ongoing basis.
• 8. Revision of Content
  The Company reserves the right to revise the contents of this Policy in response to amendments to laws and regulations or other requirements.
  In the event that changes are made to the above Purpose of Use of Personal Information, the Company shall in principle send written notification of the said changes to the individual(s) concerned, or publicize the said changes on the Company’s website (https://www.netstars.co.jp/).

Enacted: June 27, 2018
Last Revised: April 18, 2025

NETSTARS Co., Ltd.
Representative Director and CEO: Tsuyoshi Ri

Inquiries Related to Personal Information Protection
NETSTARS Co., Ltd. Information Security Committee, Personal Information Consultation Desk
Sumitomo Fudosan Hatchobori Building, 3-3-5 Hatchobori, Chuo-ku, Tokyo
E-mail: security_info＠netstars.co.jp
Operating Hours: Mon-Fri 10:00am-7:00pm (Closed on weekends, holidays, and New Year period)
*About Handling of Personal Information

Notification Regarding Joint Use under the Participating Merchant Information Exchange System

About Joint Use of Participating Merchant Information
The Company carries out the joint use of participating merchant information as set forth below, pursuant to Article 27, Paragraph 5, Item 3 of the Act on the Protection of Personal Information.

• 1. Participating Merchant Information Exchange System
  Japan Consumer Credit Association (hereinafter, “the Association”) has received authorization from the Minister of Economy, Trade and Industry pursuant to Article 35-18 of the Installment Sales Act.
  The Association collects, organizes, and provides information necessary to protect the interests of users (credit users), which is one of its authorized activities, through the Participating Merchant Information Exchange Center (hereinafter, the “JDM Center”).
• 2. Reporting and Use of Information Collected from Participating Merchants, etc.
  Member companies of the Participating Merchant Information Exchange System (hereinafter, “JDM Members”) shall collect, use, and report to the JDM Center the information set forth in each item of “3.(2) Contents of Information for Joint Use”, and such information shall be jointly used by JDM Members for the purposes of screenings conducted upon receipt of applications to become participating merchants; surveys conducted after entering into participating merchant contracts; measures taken with respect to participating merchants; and assessments regarding the continuation of transactions with participating merchants.
• 3. Joint Use of Participating Merchant Information
  1. (1) Purpose of Joint Use
     Under the Participating Merchant Information Exchange System, which is operated as one of the activities of an Authorized Installment Sales Association as provided under the Installment Sales Act, information regarding actions by participating merchants that are insufficient to protect users, etc. (including actions suspected of posing such risk and actions for which it is difficult to determine whether they fall under such category), information regarding participating merchants that is necessary to protect users, etc., information regarding actions by participating merchants that may hinder the proper management of credit card numbers, etc., or the prevention of unauthorized use of credit card numbers, etc. (hereinafter, “proper management of credit card numbers, etc.”), and information regarding participating merchants that is necessary for the proper management of credit card numbers, etc. will be reported by the Company to the JDM Center and provided to JDM Members for joint use. The purpose of such joint use is to improve the accuracy of screenings conducted by JDM Members at the time of entering into, or during the term of the participating merchant contracts; to eliminate malicious participating merchants; to promote the proper management of credit card numbers, etc.; and thereby to contribute to the sound development of credit transactions and the protection of consumers.
  2. (2) Contents of Information for Joint Use
     • (a) Facts and reasons relating to investigations necessary for the handling of complaints regarding participating merchants in connection with individual credit purchase intermediation transactions
     • (b) Facts and reasons relating to the termination of contracts concerning individual credit purchase intermediation transactions due to actions insufficient to protect users, etc., in connection with such transactions
     • (c) Facts and reasons relating to investigations necessary to ensure the proper management of credit card numbers, etc. by participating merchants under credit card number handling contracts, etc.
     • (d) Facts and reasons relating to measures taken against participating merchants (including termination of credit card number handling contracts, etc.) under credit card number handling contracts, etc., where the measures implemented by such participating merchants for the proper management of credit card numbers, etc. were found not to conform with, or were deemed likely not to conform with, the standards provided under the Installment Sales Act
     • (e) Information consisting of objective facts regarding actions by participating merchants that caused unjust damage to JDM Members or users, etc., in connection with actions insufficient to protect users, etc. (including actions suspected of posing such risk and actions for which it is difficult to determine whether they fall under such category)
     • (f) Information deemed to constitute actions insufficient to protect users, etc. (including actions suspected of posing such risk and actions for which it is difficult to determine whether they fall under such category), among the contents of requests submitted to JDM Members by users, etc. (not limited to contractually engaged parties)
     • (g) Information regarding actions by participating merchants that may hinder the proper management of credit card numbers, etc.
     • (h) Information collected by the JDM Center regarding facts and reasons publicized by government authorities (including information publicized as violations, or suspected violations, of the Act on Specified Commercial Transactions, etc.)
     • (i) Information regarding actions insufficient to protect users, etc. other than those set forth above
     • (j) Names, addresses, telephone numbers, and dates of birth (for legal entities, corporate names, addresses, telephone numbers, corporate numbers, and names and dates of birth of representatives) of participating merchants to whom any of the above items apply. However, for information described in item (f), when it is difficult to determine whether the relevant action occurred, names and dates of birth (for legal entities, names and dates of birth of representatives) shall be excluded.
  3. (3) Period of Retention
     The information described in (2) above shall be retained for a period of no more than five years from the date of registration (for items (c) and (g), this shall be the date of completion of the measures in item (d) corresponding to the information in question, or the date of termination of the relevant contract).
• 4. Scope of Joint Users of Participating Member Information
  Joint users shall be Association Members who are also JDM Members, comprehensive credit purchase intermediation transaction operators, individual credit purchase intermediation transaction operators, parties engaged in credit card number handling contracts, and the JDM Center.
  *JDM Members are listed on the Association’s official website: https://www.j-credit.or.jp/
• 5. Inquiries Regarding the System and Disclosure Procedures
  For inquiries regarding the Participating Merchant Information Exchange System and regarding disclosure procedures, please contact the JDM Center as indicated in item 6 below.
• 6. Operational Manager
  Japan Consumer Credit Association, Participating Merchant Information Exchange Center (JDM Center)
  Address: Sumisei Nihonbashi Koamicho Building, 14-1 Nihonbashi Koamicho, Chuo-ku, Tokyo
  Representative Director: Tetsuo Matsui
  Telephone: 03-5643-0011 (Switchboard)