Benesse Corporation Group Information Security and Personal Information Protection Policy

Benesse Corporation Group
April 1, 2026

• Corporate Philosophy and Information Security

  The Benesse Corporation Group supports people's desire for self-improvement and problem-solving throughout their lives, in order to realize each individual's "Well-Being." Ensuring the security of information within the Group is an indispensable requirement for achieving this, and is one of the most important issues in the management and business operations of each Group company.
  The Benesse Corporation Group aims for the world's highest level of security and will steadily implement information security management by establishing a group-wide information security management system.

• Protection of personal and important information

  At Benesse Corporation Group, we consider personal information entrusted to us by our customers, information entrusted to us by our business partners based on contracts, and internal trade secrets including these to be particularly important information. When handling personal information, we respect our customers' wishes and handle it only in accordance with their consent. To protect this important information, we establish and implement appropriate management measures from the standpoint of confidentiality, integrity, and availability. In particular, for databases containing personal information entrusted to us, we will build a security level that takes into account checks and balances on authorized personnel, including those at our subcontractors.

• Compliance with laws and regulations and conformity to standards

  Each company within the Benesse Corporation Group complies with laws and regulations concerning information security and privacy protection. Given our business operations in multiple countries overseas, we adopt international standards for information security management and ensure that each company's management rules conform to these standards. Furthermore, if an employee of the group commits a violation, we will investigate the cause, prevent recurrence, and impose strict penalties on the person involved.

• Continuous improvement

  The information security environment is constantly changing. The Benesse Corporation Group will continuously improve its information security management to adapt to these changes. Furthermore, recognizing that neglecting vulnerabilities increases the risk to information protection, we will always strive to address new vulnerabilities.

• Implementation of education and training

  Recognizing that a deep understanding and participation from everyone in the organization are essential for information security management, the Benesse Corporation Group will provide information security education and training to all executives and employees throughout the group, as well as implement effective awareness-raising activities such as confirming understanding and taking measures to improve awareness.

Benesse Corporation's Commitment to Personal Information Protection

privacy policy

Benesse Corporation
3-7-17 Minakata, Kita-ku, Okayama City
May 25, 1999
(Last) Revised: April 1, 2026
Representative Director, Chairman and President: Daisuke Iwase

Benesse Corporation 's Philosophy and Commitment to Customers

At Benesse Corporation, one of our core management principles is to provide products and services that support each and every customer in leading a fulfilling life.
We recognize that our customers' personal information is essential for providing our services, and that securely storing and handling this information is our top priority. We will ensure that all employees and related parties involved in our business activities adhere to this principle.

Based on the obligations and social ethics that businesses handling personal information must uphold, we will establish an internal organizational structure and develop regulations to protect personal information.
We will adhere to this and strive to protect our customers' personal information.

Furthermore, we promise to inform our customers about all aspects of how we handle personal information. As a necessary procedure for ensuring mutual trust and effective communication between our customers and Benesse Corporation, we will implement the following pledges regarding the handling of personal information.

• We acquire and use information based on our customers' expectations and trust.
  We acquire personal information through appropriate means to provide products and services that meet our customers' expectations. To gain our customers' trust, we will inform them of the purpose for which we will use their personal information.
• We will handle your personal information with the utmost respect.
  We will handle your personal information with your best interests in mind.
  We strive to keep the personal data we handle as accurate and up-to-date as possible, to the best of our ability, as required by our business operations.
• We manage information in a way that gives our customers peace of mind.
  We implement thorough security measures to protect our customers' personal information.
• We respect our customers' rights.
  Customers can ask about their personal information at any time they want to know more.
  We will promptly respond to requests from individuals in accordance with the law.
  Furthermore, we will address any complaints from individuals promptly and appropriately, and if any errors or violations are found, we will take the necessary corrective measures.
• We offer our customers the opportunity to "choose" according to their needs.
• It is up to the customer to decide whether or not to use the services we provide. We offer a means for customers who have received materials mailed from Benesse Corporation to opt out of being removed from the mailing list or to decline further email communication if they do not wish to receive such communications.

Efforts to protect personal information

• Compliance with laws, national guidelines, and other regulations.

  Given the nature of our business activities, which involve the use of personal information, we recognize and adhere to the importance of complying with laws and regulations concerning personal information, guidelines from the Personal Information Protection Commission and relevant government agencies, rules of affiliated organizations, and the spirit of these laws and regulations.

• Proper acquisition, use, and provision of personal information

  • We will acquire, use, and provide personal information appropriately, taking into account the nature and scale of our business. When acquiring personal information, we will clarify the purpose of use and will not use it for any purpose other than those we have informed our customers of. We will also take measures to prevent unauthorized use or provision.
  • We will not provide your personal information to third parties except when required by law or when outsourcing business operations to fulfill the purpose of use.

• Proper management of personal information

  We have established regulations for handling personal data, including procedures for each stage of acquisition, use, storage, provision, deletion, and disposal, as well as the responsible parties and their roles. We will always strive to protect personal information by implementing appropriate management as described below.

  • Implementation of strict security measures to prevent leakage, loss, damage, alteration, misuse, unauthorized access, etc. (Human, physical, and technical security management measures)
  • We have appointed a Chief Privacy Officer to oversee the implementation of our established handling regulations, and to continuously improve our systems for protecting and managing personal information, including implementing security measures, taking corrective actions for optimization, and ensuring security. (Organizational security management measures)
  • Implementing restrictions on access to personal information databases to ensure they are managed in a secure environment. (Technical security measures)
  • Thorough employee training on the protection of personal information. (Personnel security management measures)
  • Establishment of a reporting and communication system and emergency response system in case of any facts or signs of leakage, loss, damage, alteration, misuse, unauthorized access, etc. Investigation of the causes of each fact or sign, and implementation of improvement and corrective measures to prevent recurrence. (Organizational security management measures)
  • When outsourcing business operations to fulfill the purpose of use, we will implement appropriate management and supervision of the outsourced party regarding the handling of personal information. (Organizational security management measures)
  • When outsourcing business operations to a third party in a foreign country or using a foreign cloud service, confirm the country name and its personal data protection regulations. (Understanding the external environment)
    

    The relevant foreign countries are listed below.
    Republic of the Philippines, Commonwealth of Australia, Canada, United States (Federal,California), Republic of Korea, Taiwan

• Procedures for disclosure, correction, suspension of use, etc., and handling of inquiries regarding complaints and consultations concerning personal information protection.

  • To keep our customers' personal information stored in our personal information database as accurate, complete, and up-to-date as possible, we will promptly correct or update it upon customer request in accordance with separately defined rules.

  • If you do not wish to receive information from us via mail, email, etc., please let us know and we will take steps to stop sending you such information.

    Requests for disclosure, correction, or cessation of use of personal information, as well as complaints and consultations regarding the content of our personal information protection policy, will be accepted at the contact point listed below.

    Please note that we may record or audio-record the content of calls related to transactions or inquiries. The information obtained will be used to respond appropriately and promptly to your requests.

    Personal Information Inquiry Desk

    Phone: 0120-924721 (9:00 AM - 6:00 PM, excluding Sundays, public holidays, and New Year's holidays)

• Continuous improvement of the personal information protection management system

  We will ensure that all executives and employees are fully aware of our internal management system for protecting personal information. Furthermore, we will implement and maintain this system, review it regularly, and strive for continuous improvement.

This book may be amended or revised due to the enactment or repeal of laws and regulations.

Public statement regarding the protection of personal information

Personal Information Handling Business Operator
Benesse Corporation
April 1, 2005
(Last) Revised: April 1, 2026
Chief Personal Information Protection Officer

In accordance with the Act on the Protection of Personal Information, the Basic Policy on the Protection of Personal Information (Cabinet Decision), the Enforcement Order of the Act on the Protection of Personal Information, the Guidelines established by the Personal Information Protection Commission and the competent minister based on the Act on the Protection of Personal Information, and the rules of the organizations to which we belong, we will publish the purposes for which we use the personal information we acquire, the procedures for responding to requests for provision to third parties, disclosure, etc., and matters concerning the handling of complaints.
Please note that this announcement does not include personal information regarding employee employment management or job applicants.

Publicly Disclosed Matters

• Publication of the purpose of use of personal information

  • The purposes for which our company uses personal information obtained directly or indirectly from individuals are as follows: (A) related to the business described below, and (B) related to the business described below.

    In addition, within the scope of (B), we may analyze the acquired personal information together with the following information.
    Usage history of our products and services, and usage history of our websites (including those accessed through our apps) (including cookies, etc.)

    A. Businesses eligible for use

    • Distance learning business
    • Business providing learning content, learning support services, and life support services using the internet, etc.
    • Editing and sales of books and magazines, including educational books, learning materials, and learning magazines.
    • Manufacturing and sales of learning equipment and learning software.
    • Businesses include the sale and administration of mock exams, diagnostic tests, and aptitude tests; consultation, guidance, counseling, and information provision regarding career paths, higher education, education, and learning; and information provision regarding job hunting and employment.
    • Sales of magazines and other goods and services related to childbirth, childcare, hobbies, housework, culture and arts, qualifications and practical skills, as well as information provision services.
    • Tutoring, language classes, and other learning center businesses
    • Travel, hotel, and entertainment businesses
    • Partner credit card service business *
    • Other businesses related to or incidental to the above items

    B. Regarding the purposes for which the use is permitted *

    • In order to provide the products and services you have applied for.
    • To provide you with information and announcements regarding our products and services.
    • To create questionnaires, surveys, statistical data, and marketing materials.
    • For use in research, planning, and development related to the project.
    • For the purpose of outsourcing tasks, requesting cooperation such as monitoring, and requesting part-time workers in each stage of the planning, development, production, distribution, sales promotion, sales, and provision of the product/service in question.
    • Other purposes related to or incidental to the above items

    However, personal information provided (entrusted) by the client in connection with the acceptance of the business will be used only to the extent necessary to achieve the purpose of the contract with the said client.

    ​​​
    * The purposes for which retained personal data are used are (B) A to F.

  • Our company will use personal information provided (entrusted) by clients in connection with contracted services such as data processing for mock exams only to the extent necessary to achieve the objectives of the contract with the said client.

• Matters concerning "provision to third parties"

  • Our company properly manages the personal data we hold and will not provide it to third parties without the prior consent of the individual concerned. However, this does not apply in the following cases:

    • In cases based on laws and regulations
    • When it is necessary to protect a person's life, body, or property, and it is difficult to obtain the person's consent.
    • When it is particularly necessary for the improvement of public health or the promotion of the sound upbringing of children, and it is difficult to obtain the person's consent.
    • When it is necessary to cooperate with a national or local government agency or an entity entrusted by them in carrying out duties prescribed by law, and obtaining the person's consent would likely hinder the performance of those duties.
    • When the third party is an academic research institution or similar entity, and it is necessary for that third party to handle the personal data for academic research purposes (including cases where part of the purpose for handling the personal data is for academic research purposes, and excluding cases where there is a risk of unduly infringing on the rights and interests of individuals).

  • When we share personal data with a specific third party, we will either directly notify the individual concerned of the fact that their personal data will be shared with a specific party, the categories of personal data to be shared, the scope of the parties sharing the data, the purpose of use by those parties, and the name of the person responsible for managing the personal data, or we will publish this information on our website.

• Procedures for disclosure, correction, addition, or deletion of personal data held by the company, and disclosure of records of provision to third parties.

  In accordance with the Personal Information Protection Act, our company responds to requests from individuals or their representatives for disclosure, correction, addition, or deletion of personal data held by our company, as well as requests for disclosure of records of provision to third parties.

  • Identification of retained personal data items subject to "requests for disclosure, etc."

    The individual making the request for disclosure, etc., or their representative, must specify the information they wish to have disclosed, corrected/added, or deleted from the list of personal data held by our company, as indicated in the application form provided by our company.

  • Contact information for requests for disclosure, etc.

    Requests for disclosure, etc., can be made by calling the contact number listed in Section IV, and we will mail you the necessary documents.

  • Documents (forms, etc.) to be submitted when making a "request for disclosure, etc."

    To make a "request for disclosure, etc.," please fill in all the required information on the prescribed application form that we will mail to you, enclose the documents for identity verification, and return it to us. The documents to be returned are (A) and (B) below.

    A. One copy of our prescribed application form
    B. Identity Verification Documents

    • If you have a document that shows your current address, such as a driver's license or health insurance card, please attach a copy of one of them to your application form.
    • If your current address is not listed on your passport or other identification document, please attach one copy of your passport, along with one copy of your resident registration certificate, to your application form.

  • Requests for disclosure, etc., made by an agent

    If the person making the "request for disclosure, etc." is a legal representative of a minor or an adult under guardianship, or an agent authorized by the person to make the request for disclosure, etc., please enclose the following documents ((A) or (B)) in addition to the application form in paragraph (A) above.

    A. In the case of a legal representative

    • Documents to confirm legal representation

      • Family register transcript, and, in the case of a parent with parental authority, a copy of the health insurance card listing dependents (1 copy)

    • Documents to verify the identity of the legal representative

      • If your current address is listed on your driver's license or other identification document, please provide one copy.
      • If your current address is not listed on your passport or other document, please submit one copy of the document along with one copy of your resident registration certificate.

    B. In the case of an agent appointed by power of attorney

    • One copy of our prescribed power of attorney form.

    • One copy of the person's seal certificate

    • Documents to verify the identity of the representative

      • If your current address is listed on your driver's license or other identification document, please provide one copy.
      • If your current address is not listed on your passport or other document, please submit one copy of the document along with one copy of your resident registration certificate.

      Note) The "copy of resident registration" and "seal registration certificate" in (3) and (4) must have been issued within three months of the application date.

  • Procedure fees and methods of collection

    We charge the following fees for "requests for disclosure." (There are no fees for requests for correction, addition, or deletion.)
    970 yen (including consumption tax) per application.
    Please make the payment to the financial institution designated by our company. Please note that the financial institution's fees will be borne by the person making the "disclosure request" or their representative.

  • Method of responding to requests for disclosure, etc.

    We will respond to you by mail or by electronic means using a method designated by our company, based on the information provided in your application form.

  • Purpose of use of personal information obtained in connection with "Requests for Disclosure, etc."

    Personal information obtained in connection with "requests for disclosure, etc." will be handled only to the extent necessary to respond to such requests. Submitted documents will not be returned. Such documents will be stored for two years after the completion of the response to the "requests for disclosure, etc." and then destroyed.

  • Precautions

    • We will contact you in the following cases. Please note that if you do not respond within the specified period after being contacted, your request will not be accepted as a proper "request for disclosure, etc." In this case, any fees already paid will be refunded.

      • If there are any deficiencies in the required application documents
      • If your identity cannot be verified, for example, if the address listed on the application form, the address listed on the identification documents, and the address registered with our company do not match.
      • If the power of attorney cannot be confirmed when an application is made by an agent
      • If the fee was insufficient, or if the fee was not transferred.

    • The following cases will be grounds for non-disclosure. If we decide not to disclose the information, we will notify you of this fact and the reasons for it. In the event of non-disclosure, the prescribed fee will be refunded.

      • If the subject of the disclosure request does not fall under the category of "personal data held by the company"
      • If there is a risk of harming the life, body, property, or other rights and interests of the person concerned or a third party.
      • If there is a risk of significantly hindering the proper conduct of our business operations.
      • If it would violate other laws and regulations

• Customer service desk regarding personal information

  • For inquiries regarding complaints about our handling of personal information, requests for notification of the purpose of use of personal data we hold, requests for disclosure, etc., and procedures such as suspension of use, suspension of provision to third parties, deletion, etc., please contact the following office.

    個人情報問い合わせ窓口
    電話：0120-924721（9〜18時 日祝・年末年始除く）

    Please note that we cannot accept requests made in person at our company.

  • Name of the "Certified Personal Information Protection Organization" to which our company belongs and contact information for filing complaints
    *We only accept complaints regarding the handling of personal information.

    Name of the certified personal information protection organization: Japan Information Economy Society Promotion Association (JIPDEC)

    Contact for filing a complaint: Secretariat of the Certified Personal Information Protection Organization

    Address: Roppongi First Building, 1-9-9 Roppongi, Minato-ku, Tokyo 106-0032, Japan

    電話番号 03-5860-7565 0120-700-779

Handling of customer information on the website and app

Established June 16, 2023

Benesse Corporation collects information about its customers from their personal computers, smartphones, and other devices through its website and application services (hereinafter collectively referred to as "sites and apps"). To provide products and services that meet customer expectations, we handle information as follows, clearly defining the purpose of its acquisition and use.

Furthermore, when we use information obtained through our website or app in conjunction with personal information already provided by our customers, or when we obtain personal information itself through our website or app, we will handle it in accordance with laws and regulations such as the Act on the Protection of Personal Information, as well as the contents described in our Personal Information Protection Policy and Public Statement on Personal Information Protection.

Publicly Disclosed Matters

• Information to obtain

  Our company will send the following information to us through our website and app:
  <Information to be obtained> Specific examples are shown in parentheses.

  • Information that identifies the device (model, OS version)
  • Customer's operating environment (browser, OS, IP address)
  • Advertising identifiers (IDFA, AAID)
  • Records of what customers have viewed and used on the site or app (URLs viewed, timestamps)

  Each piece of information is automatically recorded in conjunction with cookies (*1), applications, device IDs, etc., as you browse the site or use the app.
  Furthermore, this information includes customer-related information (hereinafter referred to as "personal-related information (*2)") that cannot identify a specific individual on its own, but which does possess a certain degree of identifiability. Therefore, it will be acquired and used with due consideration as information equivalent to personal information.

  Please note that, as a general rule, we will not collect the following information that can be obtained via smartphone. However, in the case of individual apps, if it is necessary to collect such information due to the nature of the service, we will explain the situation to the customer and, if required by law or other regulations, obtain their consent before collecting it.

  • GPS location information
  • Personal information and contact information listed in phone books and address books
  • Communication content (content of messages exchanged within the app, etc.)
  • Photos and videos saved on your device

  *1 A cookie is a mechanism used to record your usage environment and other information when you use a website.
  *2 In this text, this refers to personal information as defined in the "Act on the Protection of Personal Information," specifically information acquired and used by websites and apps.

• Purpose of use

  We will use the information we collect on our websites and apps as follows. If we use the information for purposes not listed below on a specific website or app, we will notify you individually on that website or app. *1

  (1) To provide services to customers or to improve the convenience of using services.

  example)

  • Personalized messages and content are displayed on the website and app based on the customer's browsing and usage history.
  • Maintain the logged-in state and eliminate the need for re-authentication.

  (2) To verify the effectiveness of the services provided, and to develop improvements and new services.
  For example, we analyze customer interests, preferences, and other attributes as marketing data.

  (3) For providing information and guidance (advertisements, etc.) regarding products and services *2
  For example, based on your browsing and usage history, we estimate your interests and other attributes, and then send you messages and deliver advertisements on our website and app.

  *1 We may use services provided by third parties. Please refer to "3. Use of Services Provided by Third Parties".
  *2 This information may be used in conjunction with personal information. In this case, it will be used as personal information. For the purposes of using personal information, please refer to the "Public Statement Regarding Personal Information Protection".

• Regarding the use of services provided by third parties

  In handling customer information as described in "2. Purpose of Use," we may use services provided by third parties. In this case, when you access our website or app, your information may be transmitted to services provided by third parties that we use.

  Details regarding services provided by third parties and the content of information transmitted will be provided within the respective websites or apps.
  Furthermore, if consent is required by law or other regulations, we will inform you individually and obtain your consent.

• Customer-controlled settings such as deletion and suspension.

  • Third-party cookies issued by advertising providers and other third parties can be disabled by changing your browser settings.
  • You can configure whether or not to allow the collection of advertising identifiers on iOS and Android devices.
  • You can stop the delivery of behavioral targeting ads from the ad notification icon.
    Click the icon in the advertisement displayed on the website or app you are browsing, and follow the unsubscribe procedure described on the respective company's website.
  • You can stop the delivery of behavioral targeting ads from the ad serving provider's website. The contact information for the ad serving provider will be provided on their individual website or app.

  Regarding personal information, we will disclose it upon your request in accordance with the provisions of the Personal Information Protection Law and other relevant laws. For details on the procedure, please refer to our "Public Statement Regarding Personal Information Protection."

• Contact Us

  本文書の記載内容に関するお問い合わせは以下の窓口で承ります。
  《個人情報に関するお客様ご相談窓口》
  電話：0120-924721（9～18時 日祝・年末年始除く）

• Changes to this document

  This document may be revised. Any revisions will be posted on this website. In addition, if any site or app requires your consent to acquire information, changes the purpose of use of personal information, or provides information to third parties, we will inform you in advance and obtain your consent in accordance with the Personal Information Protection Act.