In compliance with applicable data protection laws and regulations (including, but not limited to the General Data Protection Regulation (EU) 2016/679 (GDPR)), MS&AD InterRisk Research & Consulting, Inc., (the “Company,” or “we,” or “our”) hereby prescribes the following Global Privacy Policy (in this Global Privacy Policy referred to as this “Policy”) to cover the processing of personal information of Users in relation to the InterRisk ID and Flood Risk Finder(hereinafter referred to as the “Service”).
For the processing of personal information of Users residing in Japan, and the State of California in the United States, “Privacy Policy (for domestic Users),” and “Supplementary Provisions for Processing of Personal Information of California Residents” shall respectively be applied and be referred to. Please note that the Service is intended for Users residing in the service area, and Users located in China are not eligible for the Service.

Categories of Personal Information We Collect

The Company will collect and process the following personal information in relation to the Service:

• Basic information of the Users (name, company name, email address, etc.);
• Information on the location to be analyzed (address, latitude, longitude, and asset value, etc.);
• Payment and settlement information (bank account, and credit card number, etc.);
• Information obtained from the Users’ terminals (type of terminal, OS, terminal identifier, IP address, browser type and other browser information, referrer information, cookie ID, information related to browsing history and purchase history obtained by using cookies and cookie-like technologies, advertising identifiers, etc.);
• Information entered in the inquiry form (name, email address, etc.).

Purposes of Use of Personal Information and Legal Grounds for Data Processing

The Company collects and processes personal information based on the User’s consent, our legitimate interests to carry out our business or legal obligations for the following purposes of use in connection with the Service:

• To authenticate and confirm the identity of the Users;
• To provide the Service to the Users and companies or organizations to which the Users belong;
• To request feedback on the Service from the Users;
• To provide the Users with promotional marketing, advertising and publicity relating to the Service, services related to the Service and the Company as well as related entities of the Company;
• To investigate and analyze the usage of the Service by the Users and to maintain, protect and improve the Service, etc.;
• To respond to inquiries about the Service;
• To respond to actions that violate the Company’s terms or the like regarding the Service;
• To notify changes etc., of the terms or the like regarding the Service;
• To prevent the occurrence of failures, malfunctions, and incidents in the systems of the Service, and to promptly respond to them when they occur; and
• To perform certain processing activities to comply with legal obligations to which the Company is subject.

Please note that the Company does not make decisions that may have legal or similar material effects on Users based solely on automated processing, including profiling, using Users' personal information.

Disclosure of Personal Information

The Company may provide the User’s personal information to the following businesses:

1. The Company uses outsourcing companies such as service providers and security service providers to offer the Service, and these contractors will access and process the Users’ personal information to the extent necessary to offer the Service.
2. The Company may provide personal information to our group companies in order to achieve the purposes of use described in “2. Purposes of Use of Personal Information and Legal Grounds for Data Processing”.
3. The Company may disclose personal information to public authorities in accordance with applicable laws and regulations (including ordinances, court rulings, and administrative orders and recommendations).

Sources of Personal Information

The Company primarily collects personal information directly from the Users or companies or organizations to which the Users belong.

International Transfer of Personal Information

The Company may transfer the User’s personal information to Japan, in the case where Japan is outside of the User’s country of residence, (for Users residing in the EU, to outside of the EU) (the “International Transfer”), for the purpose of offering the Service.
When the Company conducts the International Transfer of Users’ personal information to Japan, Thailand, and China, it will take necessary measures for the protection of personal information such as implementing an adequate level of protection, and the execution of standard contractual clauses as set forth by the supervisory authority. If you would like more information, such as obtaining a copy of the standard contractual clauses, etc., please contact us by mailing a letter to the address or by sending an e-mail to the e-mail address listed in section “12. Inquiries” below.

Retention Period of Personal Information

The Company will retain Users’ personal information for as long as it is necessary to fulfil the purposes of use prescribed in this Policy.
To determine the appropriate retention period for the personal information we consider:

1. whether the Company has an ongoing relationship with the User;
2. whether the Company is legally obligated to store the User’s personal information, and
3. whether storing the User’s personal information is necessary to fulfill the contract with the User.

Rights for Disclosure, Correction, Addition, Deletion etc., of Personal Information

The Users may have the following rights with respect to their own personal information, in accordance with applicable laws and regulations, the:

1. right to seek access to personal information (including copies thereof);
2. right to request correction;
3. right to seek removal (the right to be forgotten) when certain conditions are met;
4. right to restrict (cease the processing) the processing of personal information if certain conditions are met; and
5. right to receive personal information in a structured, machine-readable form if certain conditions are met (the right to data portability).

These rights may be limited, on an exceptional basis, if complying with a User's request would infringe the rights of the Company or a third-party, or if we are requested to delete information that we are required to retain in accordance with laws and regulations. The exceptions to these rights are set out in the applicable laws and regulations.
If you wish to exercise these rights, please contact us by mailing a letter to the address or by sending an e-mail to the e-mail address listed in section “12. Inquiries” below.

Right to Object to the Processing of Personal Information

The Users may have the right at any time to object to the processing of personal information that is being processed on the basis of legitimate interests under applicable laws and regulations.
The Users may have the absolute right under applicable laws and regulations to refuse direct marketing if their personal information is being handled for direct marketing purposes.
If you wish to exercise these rights, please contact us by mailing a letter to the address or by sending an e-mail to the e-mail address listed in section “12. Inquiries” below.

Right to Withdraw Consent

The Users have the right to withdraw their consent whenever the Company handles their personal information based on their consent. This withdrawal does not affect the legality of any treatment on the basis of consent previously given.
If you wish to exercise these rights, please contact us by mailing a letter to the address or by sending an e-mail to the e-mail address listed in section “12. Inquiries” below.

Required Personal Information

The personal information that Users are required to provide for the provision of the Service is indicated in the form to be completed by the User. The User is under no obligation to provide such personal information, but if such personal information is not provided, the Company is unable to offer the Service.

The Right to File a Complaint with a Supervisory Authority

The Users may have the right to file a complaint with a supervisory authority under applicable laws and regulations. The supervisory authorities to which complaints can be filed may include the supervisory authorities where the User resides or works.

Inquiries

For inquiries regarding personal information, please contact the below:

Corporate Planning Department of MS&AD InterRisk Research & Consulting, Inc.
WATERRAS ANNEX, 2-105, Awaji-cho, Kanda, Chiyoda-ku, Tokyo 101-0063, Japan
E-mail: irric_souki@ms-ad-hd.com

The contact information for the Company’s representative in the EU is as follows:
PLANIT // LEGAL Rechtsanwaltsgesellschaft mbH
Jungfernstieg 1, 20095 Hamburg, Germany
E-mail: mail@planit.legal

The contact information for the Company’s representative in the UK is as follows:
TMI Associates London LLP
CityPoint One Ropemaker Street, London EC2Y 9SS, United Kingdom
E-mail: msadinter_representative@tmi.gr.jp

Supplementary Provisions for Processing of Personal Information of California Residents

In addition to the provisions set forth above, the following provisions apply to the processing of personal information of residents residing in the state of California in the United States (that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household, hereinafter the same) in accordance with the California Consumer Privacy Act (the “CCPA”), as amended by the California Privacy Rights Act. In the event of any discrepancy between the provisions of these Supplementary Provisions and this Policy, the provisions of these Supplementary Provisions shall prevail.

Categories of Personal Information We Collect and the Parties Receiving the Information

The Company will collect and has collected in the last twelve (12) months, the following categories of personal information from the Users. Further, the Company has disclosed the personal information collected in the last twelve (12) months to the receiving party indicated below. The section numbers indicated under “Receiving Party” are the numbers indicated in section “3. Disclosure of Personal Information” above.

For details on personal information we collect, refer to section “1. Categories of Personal Information We Collect” above, for the business purpose and commercial purpose of personal information we collect, refer to section “2. Purposes of Use of Personal Information and Legal Grounds for Data Processing” above, for the sources of personal information we collect, refer to section “4. Sources of Personal Information” above, and for the retention period of the personal information we collect, refer to section “6. Retention Period of Personal Information” above.

Your Rights and Choices under the CCPA

The CCPA provides residents of California with specific rights regarding personal information. If the User is a California resident, the following describes your rights under the CCPA and explains how to exercise those rights.

1. Right to access personal information
   The Users have the right to request that the Company discloses certain information to you about our collection, sharing, disclosure or use of your personal information. Once the Company receives and confirms your verifiable user request, we will disclose the following information to you:

   • The categories of personal information we collected about the User;
   • The categories of sources for the personal information we collected about the User;
   • Our business or commercial purposes for collecting, selling, or sharing the personal information;
   • The categories of third-parties with whom we share or sell that personal information; and
   • The specific pieces of personal information we collected about the User.

2. Right to request deletion
   The Users have the right to request that the Company deletes any of the Users’ personal information that we have collected from you and retained, subject to certain exceptions. Once the Company receives and confirms your verifiable user request, we will delete (and notify our contractors to delete the same) your personal information from our records, unless an exception applies.
   The Company may deny the User’s deletion request if retaining the information is necessary for us or our contractors in order to:

   1. Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by the User, or reasonably anticipated by you within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
   2. Help to ensure security and integrity to the extent the use of the User’s personal information is reasonably necessary and proportionate for those purposes;
   3. Debug products to identify and repair errors that impair existing intended functionality;
   4. Exercise free speech, ensure the rights of other consumers to exercise their free speech rights, or exercise other rights provided for by law;
   5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
   6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the personal information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
   7. Enable solely internal uses that are reasonably aligned with consumer expectations based on the relationship between the User and the Company; or
   8. Comply with legal obligations.
3. Right to request correction
   The Users have the right to request that the Company corrects any of your inaccurate personal information that we have collected from you and retained. Once the Company receives and confirms your verifiable user request, we will correct (and notify our contractors to correct the same), your inaccurate personal information. The Company may deny the User’s correction request if we determine that the contested personal information is more likely than not to be accurate based on the totality of the circumstances.
4. Right to opt-out of sale or sharing
   The Company has not sold or shared personal information collected from the Users in the past twelve (12) months and it will not sell or share such personal information in the future.
5. Right to limit the use of sensitive personal information
   The Company has not collected and will not collect sensitive personal information from the Users.

6. Non-discrimination
   The Company will not discriminate against California residents for exercising any of their rights under the CCPA. Moreover, unless permitted by the CCPA, we will not:

   1. Deny goods or services to the Users;
   2. Charge Users different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
   3. Provide Users a different level or quality of goods or services;
   4. Suggest that Users may receive a different price or rate for goods or services or a different level or quality of goods or services; or
   5. Retaliate against an employee, applicant for employment, or independent contractor.

7. Exercising rights for disclosure request, deletion request and correction request
   To exercise your rights for a disclosure request, deletion request and correction request described above, please submit a verifiable user request to the Company by contacting us in the manner set forth in section “12. Inquiries”.
   Only the User, a natural person or a person registered with the California Secretary of State that the User authorizes to act on the User’s behalf, or a person who has a power of attorney or is acting as a conservator for the User, may make a verifiable user request related to the User’s personal information.
   The verifiable user request must:

   1. Provide sufficient information that allows the Company to reasonably verify you are the person about whom we collected the personal information or an authorized representative; and
   2. Describe the User’s request with sufficient detail that allows us to properly understand, evaluate, and respond thereto.

Established: 1 Feb. 2024

This cookie policy (this “Cookie Policy”) describes the cookies used in connection with the website([https://www.irric.co.jp/flood-risk-finder-gl/index.php][https://larc.irric.co.jp/web/ ]) (this “Website”) managed in relation to the [Flood Risk Finder] (the “Service”), which MS&AD InterRisk Research & Consulting, Inc. (“we,” “us,” or “our”) provides.
We use cookies and other similar mechanisms (collectively, “cookies”) to collect your data while you are browsing this Website. The cookies are used for various purposes such as recognizing you as a User when you are visiting this Website (“session cookie”) or when you return to this Website (“persistent cookie”).

What is a Cookie?

Cookies are small files stored on your browser or your devices, which are used to collect data about your interactions with websites, such as browser ID, browser type, OS, IP address, and browsing dates and times. Cookies do not access your personal files stored in your devices.

The Types of Cookies We Use and Other Information

We use different types of cookies, including:

• Strictly Necessary Cookies

These cookies are used to provide the essential functions necessary for us to operate this Website and enable you to use this Website and therefore we cannot suspend functioning of these cookies. These cookies are only collected and used by us and no other third-party collects or uses these cookies.

• Performance Cookies

These cookies are used to collect and analyze the information about your use of this Website, in order to improve the function of this Website and provide Users with an improved experience of this Website.

• The Details of Cookies We Use on this Website

For further information about cookies we use on this Website, please see the table below:

First-Party/Third-Party Cookies

Cookies are placed on your device by the websites you visit (“first-party cookies”) or by third-parties providing services such as advertising (“third-party cookies”).
We do not use third-party cookies on this Website.

How Do You Manage Cookies?

You can manage your cookie settings on your internet browser. More information is available here:

• Google Chrome users:
https://support.google.com/chrome/answer/95647?hl=en
• Microsoft Edge users:
https://support.microsoft.com/en-gb/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd
• Mozilla Firefox users:
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
• Safari users:
https://help.apple.com/safari/mac/8.0/?lang=en#/sfri11471

You can also withdraw your consent to the use of cookies at any time by deleting your cookies via your internet browser settings.
If you block the use of cookies, all or a part of the services and some functionalities referred to in “2. The Types of Cookies We Use and Other Information” might not be available to you.

Changes to this Cookie Policy

We may modify this Cookie Policy at any time. When we make changes, we will revise the “Last Updated” date at the bottom of this Cookie Policy, and any change will be effective immediately upon posting. When we make changes to this Cookie Policy, we will appropriately inform you in advance where such changes impact your rights as a User of this Website or where required by law, for example by posting a notice on this Website. However, your continued use of this Website following the posting of changes will constitute your acceptance of such changes. We encourage you to review the applicable version of this Cookie Policy whenever you use this Website.

More Information

If you have any questions regarding the information in this Cookie Policy, you may contact us at the following:

Corporate Planning Department,MS&AD InterRisk Research & Consulting, Inc.
WATERRAS ANNEX, Kanda-awajicho 2-105, Chiyoda-ku, Tokyo 101-0063
TEL:03-5296-8911
E-mail: irric_souki@ms-ad-hd.com

This Cookie Policy was Last Updated and is Effective on: 03 21, 2024