PRIVACY POLICY

Privacy Policy

HOIST Corp. (hereinafter, “HOIST”) is a company engaged in drug discovery research to address unmet medical needs. HOIST recognizes the critical importance of “Personal Information Protection” in operating its business and strives to appropriately handle all personal information in our possession, thoroughly maintaining confidentiality. This Privacy Policy clarifies HOIST’s policy regarding the handling of personal information acquired by HOIST. By thoroughly informing and educating our officers and employees, we aim to share the importance of personal information protection.

Name of Business Operator Handling Personal Information: HOIST Corp.
Headquarters Address: New Erimo Bldg. 8F, 2-2-1, Sembanishi, Minoh-shi, Osaka, 562-0036, JAPAN
Representative Director: Chihaya Kakinuma

Acquisition, Use, and Provision of Personal Information

HOIST acquires personal information through appropriate and fair means within the scope necessary to achieve the following purposes. Except as required by law, HOIST will not provide personal information to third parties without obtaining the prior consent of the individual.
Please see "Handling of Personal Information" below for specific purposes of use.

Management of Personal Information

HOIST takes security control measures to prevent unauthorized access to, loss, destruction, falsification, or leakage of personal information and strictly manages personal information.

Compliance with Laws and Regulations Regarding Personal Information

HOIST complies with laws, regulations, and guidelines regarding personal information protection and appropriately handles personal information.

Maintenance and Improvement of Personal Information Protection

HOIST continuously reviews its management system for personal information protection and makes improvements as necessary. In addition, HOIST regularly conducts education and training on personal information protection for executives and employees to improve awareness regarding the handling of personal information.

Request for Disclosure of Retained Personal Data, etc.

HOIST will respond in good faith, in accordance with laws and regulations, to requests from individuals for disclosure, correction, addition, deletion, suspension of use, and erasure of personal information.

Handling of Personal Information

Purposes of Use of Personal Information and Data Acquired by HOIST for Drug Development

(1) Personal Information Regarding Healthcare Professionals:

Surveys and research in the medical and pharmaceutical fields.
Provision and collection of medical and academic information.
Request and implementation of clinical trials and post-marketing studies.
Notification and reporting to government agencies.

(2) Personal Information Regarding Users of Company Contact Points and Patients:

Consideration, investigation, and response to consultations and inquiries.
Contacting and providing information to healthcare professionals, etc.
Notification and reporting to government agencies.

(3) Personal Information Regarding Shareholders:

Fulfillment of obligations stipulated in the Companies Act and response to the exercise of shareholder rights.
Sending of business reports and other distributed materials.

(4) Personal Information Regarding Job Applicants:

Consideration and decision regarding employment.

(5) Personal Information Regarding Employees:

Work, salary payment, personnel evaluation, skills development, welfare, and health and safety management.
Contacting and providing information to health insurance associations.
Notification and reporting to government agencies.

Provision of Personal Data to Third Parties

In principle, HOIST will not provide personal information to third parties without the consent of the individual, except in cases required by law or when outsourcing part of its business.
However, for the "Purposes of Use of Personal Information and Data," personal data of healthcare professionals, etc., may be provided to other healthcare professionals, business partners, etc. Measures such as suspension of such provision will be taken if requested by the individual. Please see "Security Control Measures" for information on the procedure.

Inquiries Regarding Disclosure, Correction, Addition, Deletion, Suspension of Use, and Erasure, etc., of Personal Information

HOIST will respond to requests from individuals for disclosure, correction, addition, deletion, suspension of use, and erasure of personal information after confirming the identity of the individual, in accordance with laws and regulations. Please note that we may not be able to respond to requests if we cannot confirm the identity of the individual.

Inquiries Regarding Personal Information

For questions, complaints, or consultations regarding personal information, please contact us by mail or e-mail at the following address (excluding Saturdays, Sundays, national holidays, year-end and New Year holidays, and other HOIST holidays):

＜By Mail＞
HOIST Corp. Administration Division
New Erimo Bldg. 8F, 2-2-1, Sembanishi, Minoh-shi, Osaka, 562-0036, JAPAN

＜By E-mail＞
info@hoist-jp.com

Security Control Measures

HOIST takes the following security control measures to prevent leakage, loss, or damage of personal information and for the proper management of other personal data:

Formulation of Basic Policy

A basic policy is established to ensure the proper handling of personal information and to address questions and complaints.
Rules and regulations for personal information management have been established for each step of personal information acquisition, use, storage, provision, deletion, and disposal, with clear lines of responsibility and assigned tasks.

Organizational Security Control Measures

A person responsible for handling personal data (Personal Information Management Supervisor) is appointed.
The scope of personal data handled by employees and the scope of personal data handled by those employees are clearly defined.
A reporting system to the Personal Information Management Supervisor is in place if a fact or indication of violation of laws or internal regulations is identified.
Self-inspections are conducted regularly regarding the handling of personal information, and audits are conducted by other departments or external parties.

Personnel Security Control Measures

Employees receive regular training on matters to be noted regarding the handling of personal information.
Matters regarding the confidentiality of personal information are stated in the work regulations.

Physical Security Control Measures

Measures are taken to prevent theft or loss of equipment, electronic media, and documents, etc., that handle personal information.
When transporting equipment, electronic media, etc., that handle personal information, including movement within the workplace, measures are taken to prevent easy identification of personal information.

Technical Security Control Measures

Access control is implemented to limit the range of personal information handled by responsible personnel.
A mechanism to protect information systems handling personal information from unauthorized access or malicious software from outside is introduced.

Understanding the External Environment

When HOIST handles personal data in a foreign country, it implements safety management measures after grasping the system concerning the protection of personal information in the foreign country.