1. Basic Philosophy

   giftee Inc. (hereinafter, "our company"), conducts business under the corporate philosophy, "Connecting “people & people”,“people & business”, “people & community” by gifting." The customer information and other information assets that our company handles as part of our business operations are extremely important to us. All persons who handle our information assets, including our company's executives and employees, are aware of the importance of protecting these information assets. Therefore, in order to maintain and improve the confidentiality, security, and availability of these information assets, we hereby set forth and pledge to enforce this basic security policy.

2. Basic Policy

   1. In order to protect information assets, we establish an information security policy and conduct our business in accordance with it. At the same time, we abide by any and all relevant laws, regulations, and other standards, and by any and all matters set forth in our contracts with our customers.
   2. We analyze the risk of incidents associated with information assets, such as the leakage of, damage to, or loss of information, and clarify the standards for evaluating such risks. We establish systematic risk assessment methods, and assess risks on a periodic basis. In addition, we implement necessary and appropriate security measures based on the results of such assessment.
   3. We establish an organizational structure for information security, with the executives in charge at the core. At the same time, we clarify permissions and responsibilities related to information security. In addition, in order to ensure that all of our employees are aware of the importance of information security and handle information assets appropriately, we periodically conduct education and drills.
   4. We periodically carry out inspections and audits regarding the status of compliance with the information security policy and the handling of information assets, and implement prompt measures to address any insufficiencies and items for improvement that we find.
   5. We implement appropriate measures to address the occurrence of information security events or incidents. At the same time, we establish procedures for handling any such incidents that do occur, in order to minimize the damage caused. In the event of an incident, we take prompt action and implement measures appropriately. In addition, we establish a framework for dealing particularly for incidents involving a suspension of business, and review and revise this framework periodically. By doing so, we ensure the continuity of our company's business.
   6. We establish an information security management system in order to set forth targets for implementing our basic philosophy, and implement this system while also reviewing, revising, and improving it on a regular basis.

Mutsumi Ota
CEO
giftee Inc.
Date of establishment: 1 Apr 2020
Last update: 20 May 2020