Handling of Personal Information

As a business operator handling personal information, Ricoh Industrial Solutions Inc. (hereafter referred to as the Company) considers it a grave responsibility to protect the privacy of everyone providing the company with their personal information,and maintains the following policies for the protection of sensitive information:

• 1.Management of personal information
• 2.Purpose of acquisition and utilization of personal information
• 3.Disclosure of personal information to third parties
• 4.Inquiries and procedures required relating to the disclosure and other processes concerning personal information
• 5.Handling of personal information within the corporate website
• 6.Revision of policies

1.Management of personal information

In order to prevent leakage, loss, destruction, etc. of personal information, RINS endeavors to protect personal information in its possession complying with laws, regulations, guidelines, and internal rules and take appropriate safety control measures.Employees of RINS will be trained on proper handling of personal information so that they may make best efforts to protect the personal information.

Page Top

2.Purpose of acquisition and utilization of personal information

1. (1)RINS will acquire personal information by proper means in the spirit of compliance with laws. In the event RINS intends to acquire personal information and requests individual subjects to provide such information to the company directly by appropriate documents or corporate website, the intended purpose of use for such information shall be clearly indicated. However, RINS may omit clarification of the purposes of use if they are obvious from the circumstances where the personal information is provided.
2. (2)The company shall utilize the provided personal information to the extent necessary for the achievement of corporate objectives as stipulated within the "list of corporate activity and purpose of use".
3. (3)As for the information acquired prior to the enactment of the "Private Information Protection Law (before March 31, 2005)" and maintained by the company within its corporate databases, the continued use of such information shall be maintained in accordance with the provisions as set forth above.
4. (4)In the event the company acquires personal information by means of corporate merger, splitting or transfer of business or similar development, the company shall acquire approval from, or provide notice to the individual concerned prior to used, or utilize the information to the extent necessary for the achievement of the announced purpose of use.
5. (5)Additionally, the company may put personal information to use beyond the scope of the purpose indicated above without prior consent upon requirement by applicable laws/regulations, or when the use of such information corresponds to "situations necessary for the wellbeing of people or the protection of property" or "situations necessary for the cooperation to public agencies".

Page Top

3.Disclosure of personal information to third parties

RINS does not provide personal information to third parties except in the following cases:

1. (1)When the principal has given a prior consent.
2. (2)When the personal information is provided for use by business partners such as subcontractors, agents, etc. who are appropriately supervised by RINS.
3. (3)When the information is to be jointly used among the parties concerned.As for the extent of the parties entitled to the joint use of the personal information, please refer to the "List of joint users of information".
4. (4)When the personal information is initially acquired with the intention of provision to third parties, and the objectives of use, data items to be disclosed, method of provision, and contact for the request to terminate such usage is notified or readily available when required.
5. (5)When the personal information is required to protect human life, limb, or property, and it is difficult to obtain the consent of the principal.
6. (6)When a judicial or administrative organization demands provision of personal information according to laws and regulations.
7. (7)When RINS provides the personal information to other parties because of merger, split-up, business transfer, etc.

Page Top

4.Inquiries and procedures required relating to the disclosure and other processes concerning personal information

1. (1)For procedures and contacts pertaining to the requests for the inquiry, modification or termination of use of the personal information to be made by the individual concerned or an agent thereof, please refer to the "Contacts for the inquiry relating to personal information".
2. (2)At the time of inquiry, RINS may wish to confirm that the requesting person is the principal or his/her legal representative.
3. (3)
   RINS may not be able to comply with submitted requests in the following situations.

   • <1>When RINS is unable to confirm that the request was submitted by the individual concerned or a legal agent thereof.
   • <2>When requests for disclosure, modification, addition, deletion or termination of use was made relating to personal information not included in the information maintained by RINS (note 1).
   • <3>When the disclosure of the information maintained by RINS may result in adversely affecting the physical wellbeing, property,or other rights and interests of the subject individual or any third party.
   • <4>When the disclosure of the personal information maintained by RINS may significantly impair the capability of RINS to carry on with its daily business activities.
   • <5>When the disclosure of the personal information maintained by RINS may violate the provisions of applicable laws and regulations.
   • <6>When the request for modification or addition of the personal information maintained by RINS is deemed unnecessary considering the purpose of use or the request is contrary to the actual information.
   • <7>When requests for the deletion, termination of use or other such demands (hereafter referred to as termination of use, etc.) were made for the personal data maintained by RINS, and were found to be in violation of the procedures specified (use/acquisition outside of the intended purpose or disclosure to third parties for reasons other than as indicated in sections 3(1) through (7)).
   • <8>In the event requests for the termination of use submitted for personal data maintained by RINS is difficult to comply with, and there are alternate measures available to protect the rights and interests of the subject individual.

Page Top

5.Handling of personal information within the corporate website

1. (1)Telesecurity for data being transmitted
   In the event sensitive personal information is to be transmitted by subject individuals through websites maintained by RINS, the transmitted data shall be encoded with SSL(Secure Sockets Layer) in order to enable secure transmission of the data. However, such a technology may not be used depending on the computer environment of the customer, and RINS also offers web pages for browsers not supporting SSL. Although web pages not encoded by SSL are also available for non-compatible web-browsers, the information transmitted through these pages shall not be securely encoded.
2. (2)
   Use of Cookies and web beacons
   Cookies (note 2) and web beacons (note 3) may be in use within the websites maintained by RINS for the following objectives:

   • <1>To identify a browser in use or a user to facilitate authentication.
   • <2>To research the usage of websites and mail-news to further improve the corporate site.
   • <3>To customize the Website indication for the convenience of individual customers.
   • <4>To understand use of services and improve contents of services where personal information is registered in advance.

   When setting web browsers to reject cookies distributed or avoid displaying images used within our corporate website, some functions incorporated into the RINS website may not become available.
3. (3)Usage of log information
   The RINS website records access log information of users including IP addresses. Such log information is recorded for use strictly as data concerning the use of the corporate website, and shall not be used for the identification of individual users in pages not demanding user certification.
4. (4)Handling of personal information for linked webpages
   RINS cannot assume any responsibility for the handling of personal information published on websites not maintained by the Ricoh Group but connected to our corporate website via Internet links.

Page Top

6.Revision of policies

RINS may update this "Handling of Personal Information" because of revisions of purposes of use, improvement of safety, or according to revisions of related laws, regulations, or criteria. It is recommended that customers confirm the revision of policies on our coraporate website on a regular basis.

• Note1Refers to personal information available to RINS for disclosure, modification or termination of use, to be maintained for a duration in excess of six months.
• Note2Identification information provided initially from the web server when browsers access the corporate website, to be sent back by the browser to the server upon each access.
• Note3Small image files contained within website pages to record the page access.

October 1, 2014
Ricoh Industrial Solutions Inc.