NIPPON Rent-A-Car Group 
Information security policy

The Group appropriately manages information assets and information security, prevents information leakage, falsification, theft, etc., prevents loss of social credibility and business interruption, and ensures that all employees, including executives, The purpose is to help employees deepen their understanding of the necessity and responsibility of information security, establish a system to appropriately manage information, and protect confidential information.

The scope of this policy applies to all information assets owned by our group, as well as all persons, including officers and employees, who come into contact with all information assets.

All employees of the Group, including executives, will comply with laws and regulations regarding information security, or similar norms, and contractual requirements.

Our group has established internal rules regarding information security, provides clear policies regarding the handling of information assets in general, and continuously disseminates information, maintains and improves these rules.

The Group has established an operational system for information security measures, such as appointing a person in charge of information security measures, and continuously carries out activities including maintenance and improvement.

In order to protect the information assets we hold and prevent information leakage, falsification, theft, etc., the Group continuously manages information security appropriately in accordance with laws and regulations, other norms, and information security policies, recognize technical, human, and organizational threats and take appropriate and necessary information security measures.

Our group complies with laws and regulations regarding personal information protection and other norms regarding the personal information it holds, manages and handles it in accordance with various regulations regarding personal information protection, and appoints a personal information protection manager to carry out appropriate management.

The Group provides education on necessary information security measures to those who use information assets, and strives to maintain and improve awareness of information security measures.