Basic Policy on Data Protection

The purpose of this Basic Policy on Data Protection is to protect the rights and interests of users, including the privacy in handling of data entrusted to us by our users. To achieve its mission*1, the Z Holdings Group (the "ZHD Group" or "Group"), comprised of Z Holdings Corporation and its consolidated subsidiaries and affiliates, will work together to protect data in accordance with the following basic policy. 


The advancement of information technology has brought greater convenience and affluence to people's lives. The spread of information technology into every corner of our lives has enabled people to overcome various "barriers" they previously faced, such as physical distance, time, and national borders. In particular, AI technology has made it possible to handle vast amounts of data that are incomparably greater than ever before, bringing new insights to people every day and opening up a world of new possibilities.


Meanwhile, the penetration of information technology and the development of AI technology also entail the risk of possible infringement of privacy and other rights and interests, including human rights. In addition, considering the fact that data easily crosses national borders as a result of the penetration and development of information technology, it is necessary to address such threats to rights and interests from a global perspective. We are deeply aware that without appropriate responses to these threats, we will not be able to accomplish our mission and be accepted by our users and society. Our corporate activities are based on the ethics of society and are aimed at realizing a better society. In the event of a conflict between the ethics of society and the interests of the company, we will give priority to the ethics of society and operate our business prioritizing the privacy and other rights and interests of users, including human rights. Furthermore, from the planning stage, we will take into consideration the impact that systems, services, and functions related to the use of data may have on users and the social group and will take appropriate measures to prevent such impact. In this regard, we hereby declare that we will conduct our business operations based on these basic concepts and that our basic policy is "User Privacy First."


We will establish and observe the following five principles in the use of data entrusted to us by our users in order to realize "User Privacy First." 

The primary purpose is to provide benefit to our users

We believe that the primary purpose of the use of data entrusted to us by our users should be to provide benefits to our users. We will use data within an appropriate scope, based on the premise that the benefit to users includes the convenience, ease of understanding, and safety of our services.

We handle data with an emphasis on transparency

In handling data, we believe it is important for users to feel secure in providing us with their data. Therefore, we are committed to providing honest and clear explanations of the purposes and methods of obtaining, using, and providing the data to third parties, including subcontractors.

We endeavor not to infringe on the rights and interests of our users

The rights and interests of users must by no means be infringed in data usage. We are responsible for the use of data and will do our utmost to ensure that the results of our analysis of the data entrusted to us do not lead to or encourage unfair discrimination or facts.

Data provided to us belongs to our users

The data provided by users using our services and functions belongs to the users. When we receive requests from users to browse, correct, terminate the use or provision of, or delete their data, we will respect their wishes to the greatest extent possible, based on their requests.

We protect and manage data under appropriate security management system

We are deeply aware that we are entrusted with data that is extremely important and valuable to our users. We are committed to properly protecting and managing such data in accordance with the Z Holdings Group's Cybersecurity Policy*2 and security control measures.

In adhering to these principles, we establish and strengthen horizontal and vertical governance systems*3 from the users' perspective and oversee their implementation. As examples of our efforts to establish such systems, we will continue to conduct Privacy Impact Assessments (PIA), introduce the privacy framework defined by the U.S. National Institute of Standards and Technology (NIST), and promote the acquisition of certification from the APEC Cross Border Privacy Rules (CBPR) System, with the aim of establishing a protection system at a level that meets global standards.


We will also continue to assign Data Protection Officers (DPOs) in major subsidiaries and affiliated companies that handle data entrusted from the users. The DPOs will monitor the use of data by each company from an independent third-party standpoint, provide advice from the users' perspective, and work to ensure that the use of data by each company does not violate the principles mentioned above. Z Holdings Corporation will monitor the efforts of the entire Group from the users' perspective, while at the same time work to improve the coordination and functionality of the DPO of each company. 


We are committed to making continuous improvements to the initiatives to establish the systems mentioned above, through regular feedback from the external expert panel, which will provide appropriate evaluations and opinions from a third-party perspective.


This Basic Policy on Data Protection will be verified and improved as necessary in response to opinions from our users, social conditions, and changes in the implementation system.