Privacy Policy — Personal Information Handling Regulations

Privacy Policy

Kakehashi Realty / BIB & Co., Ltd.
These regulations set forth the proper handling of customers’ and other stakeholders’ personal information in compliance with the Act on the Protection of Personal Information and other applicable laws and regulations.

▶ Positioning of These Regulations
These regulations, pursuant to Article 12 of the Business Outsourcing Agreement (for full-commission agents), set forth rules for the protection of personal information acquired and handled in the course of performing outsourced work. All contractors (agents) and employees under this agreement are obligated to comply with these regulations.

— Table of Contents / Contents —

Chapter 1 — General Provisions

General Provisions

Article 1 (Purpose)

These regulations apply to BIB & Co., Ltd. (the “Company”) and its service brand, Kakehashi Realty, and are intended to ensure the proper handling of customers’ and other stakeholders’ personal information in compliance with the Act on the Protection of Personal Information (the “APPI”) and other applicable laws and regulations.

Article 2 (Scope of Application)

These regulations apply to all persons engaged in the Company’s business, including officers, employees, agents under business outsourcing agreements, and others (collectively, “Personnel”).

Article 3 (Definitions)

  1. “Personal information” means information relating to a living individual that can identify a specific individual by name, date of birth, or other description contained in such information, or that includes an individual identification code.
  2. “Special care-required personal information” means information that requires special care in handling to prevent unfair discrimination, prejudice, or other disadvantages to the individual, such as the individual’s race, creed, social status, medical history, or criminal record.
  3. “Personal data” means personal information that constitutes a personal information database, etc.
  4. “Retained personal data” means personal data over which the Company has the authority to disclose, correct, add, delete, etc.

Chapter 2 — Acquisition & Use

Acquisition and Use

Article 4 (Methods of Acquisition)

  1. Personnel shall acquire personal information by lawful and fair means.
  2. Personal information shall be acquired after notifying the individual of, or publicly disclosing, the purpose of use.
  3. When acquiring personal information from foreign customers, the purpose of use shall be clearly stated in a language the individual can understand (e.g., English or Chinese).

Article 5 (Purposes of Use)

The purposes for which the Company uses personal information it acquires are as follows:

  1. Provision of real estate purchase/sale and leasing brokerage services
  2. Property introductions, proposals, and viewing arrangements
  3. Transaction procedures such as contract execution, settlement, and registration
  4. After-sales support and provision of concierge services
  5. Identity verification and transaction verification pursuant to the Act on Prevention of Transfer of Criminal Proceeds and the Foreign Exchange and Foreign Trade Act
  6. Responding to customer inquiries and complaints
  7. Analysis, surveys, and research to improve service quality
  8. Information on Kakehashi Realty and related services
  9. Fulfillment of legal obligations

Article 6 (Restrictions on Use)

  1. Personnel shall not handle personal information beyond the scope necessary to achieve the purposes of use.
  2. When changing the purposes of use, the change shall not exceed a scope reasonably recognized as having a substantial relationship with the purposes of use prior to the change.
  3. If the purposes of use are changed, the individual shall be notified or the change shall be publicly disclosed.

Chapter 3 — Storage & Management

Storage and Management

Article 7 (Security Control Measures)

To prevent leakage, loss, or damage of personal information and to ensure other aspects of secure management, the Company shall implement the following measures:

1 Organizational security control measures
  • Appointment of a Personal Information Protection Manager
  • Regular education and training for Personnel
  • Establishment of a reporting and communication framework in the event of leakage, etc.
2 Physical security control measures
  • Lock-and-key control of areas where personal information is handled
  • Storage of paper documents in locked cabinets, etc.
  • Restrictions on taking out documents and storage media containing personal information
3 Technical security control measures
  • Access control to systems such as CRM (ID/password and two-factor authentication)
  • Acquisition and monitoring of access logs
  • Implementation of antivirus software
  • Encryption of communications (HTTPS/TLS)
4 Human security control measures
  • Clearly stipulating confidentiality obligations under business outsourcing agreements and these regulations
  • Obtaining written pledges regarding the handling of personal information

Article 8 (Retention Period)

  1. The retention period for personal information shall be the period necessary to achieve the purposes of use and any legally required retention period.
  2. Personal information related to transaction records, etc. under the Real Estate Brokerage Act shall be retained for 10 years from the contract execution date.
  3. Identity verification records under the Act on Prevention of Transfer of Criminal Proceeds shall be retained for 7 years after completion of the transaction.
  4. After the above periods have elapsed, the information shall be promptly deleted or disposed of in an irrecoverable manner.

Chapter 4 — Third-party Provision & Delegation

Third-Party Provision and Outsourcing

Article 9 (Provision to Third Parties)

  1. The Company shall not provide personal information to third parties without the individual’s consent, except in the following cases:
    1. When required by laws and regulations
    2. When necessary to protect a person’s life, body, or property and it is difficult to obtain the individual’s consent
    3. When particularly necessary for improving public health or promoting the sound development of children
    4. When it is necessary to cooperate with a national government agency, local government, or a party entrusted by either to perform duties prescribed by laws and regulations
  2. When providing information to a third party, the Company shall record the date of provision, the recipient, and the items of personal data provided.

Article 10 (Supervision of Contractors)

When outsourcing the handling of personal information, the Company shall contractually require the contractor to implement security control measures equivalent to these regulations and shall provide necessary and appropriate supervision.

Article 11 (Provision to Third Parties Located in Foreign Countries)

  1. When providing personal data to a third party located in a foreign country (excluding countries designated by the Personal Information Protection Commission as having a personal information protection system), the Company shall obtain the individual’s prior consent.
  2. In obtaining consent, the Company shall provide information such as the personal information protection system in the relevant foreign country and the measures taken by the recipient.
If information of customers in the Greater China region is shared with affiliated companies or professionals in Mainland China, Hong Kong, or Taiwan, this article applies and prior consent is required.

Chapter 5 — Rights of the Individual

Rights of the Individual

Article 12 (Requests for Disclosure, etc.)

  1. An individual may request disclosure, correction, addition, deletion, suspension of use, or suspension of third-party provision with respect to the individual’s personal data retained by the Company.
  2. Upon receiving a request, the Company shall respond within a reasonable period. In responding, the Company shall strictly verify the identity of the requester.
  3. As a general rule, the Company shall not charge a fee for responding to requests for disclosure, etc.

Chapter 6 — Incident Response

Response to Leaks, etc.

Article 13 (Reporting of Leaks, etc.)

  1. If leakage, loss, damage, or any other incident involving personal information (collectively, “leakage, etc.”) occurs, Personnel shall immediately report it to the Personal Information Protection Manager.
  2. Depending on the scale and nature of the incident, the Personal Information Protection Manager shall take the following actions:
    1. Investigation of the facts and identification of the cause
    2. Notification to the affected individual
    3. Reporting to the Personal Information Protection Commission (in cases such as leakage of special care-required personal information, risk of property damage, or unauthorized access)
    4. Consideration and implementation of measures to prevent recurrence

Chapter 7 — Training & Audit

Training and Audit

Article 14 (Education and Training)

The Company shall provide all Personnel with education and training on personal information protection upon joining the Company and at least once per year thereafter. For agents, the Company shall also explain the contents of these regulations during onboarding at the time of contract execution.

Article 15 (Audit)

The Personal Information Protection Manager shall conduct an internal audit at least once per year regarding compliance with these regulations and shall implement corrective measures as necessary.

Last revised
2026-05-01

Inquiries Regarding Personal Information
If you have any questions, please feel free to contact us using the details below.
BIB & Co., Ltd. / contact@bibandco.com

Contact