The Olympus Group Personal Information Protection Policy (Translation)

Note: This Personal Information Protection Policy is based on a Japanese law, and thus is applicable only to Olympus Group Companies in Japan (excluding companies with their own personal information protection policy in place).

The Olympus Group recognizes the importance of protecting personal information in the network society and believes that it is the Olympus Group's social responsibility to properly handle and protect personal information. Accordingly, the Olympus Group shall implement the following measures.

Established Mar. 11, 2005
Updated Oct. 1st, 2015

See Handling of Personal Information for information on how the Olympus Group handles personal information.

1. Implementation of an Internal System

The Olympus Group shall implement its internal system for the protection of personal information and educate all of its Directors, Auditors and employees to enable proper handling of personal information. In addition, in order to ensure that initiatives to protect personal information are being accurately implemented, the Olympus Group shall periodically hold audits.

2. Proper Handling of Information

The collection of personal information shall be limited to the appropriate scope and amount and may only occur after the person who provides his or her personal information (the "Information Provider") has been clearly informed of the intended purpose and use of such information. In addition, the Olympus Group shall not handle any personal information outside the appropriate scope and shall accommodate an Information Provider's requests for disclosure, correction, deletion or discontinued of use of his or her personal information within a reasonable period following such request. Furthermore, the Olympus Group shall handle specific personal information only within the scope of purpose of use prescribed by law.

3. Limitation of Provision and Disclosure of Personal Information to Third Parties

Unless consent of the relevant Information Provider is obtained or otherwise required by law, the Olympus Group shall not disclose or otherwise provide personal information to third parties.
Furthermore, unless required by law, the Olympus Group shall not disclose or provide any specific personal information the Olympus Group hold to any third party, regardless of whether the relevant Information Provider consents to the disclosure.
If the Olympus Group engages a third party on a matter that involves disclosure of personal information (maintained by the Olympus Group) to the third party, the Olympus Group shall cause such third party to enter into a contract that obligates such party to properly maintain and manage personal information.
Further, in such situations, the Olympus Group shall supervise and provide directions to such third party in connection to the protection of personal information.

4. Ensuring of Accuracy and Safety

The Olympus Group shall make efforts to maintain accurate and up-to-date personal information, and take appropriate security measures against risks such as unauthorized access to personal information, loss, destruction and falsification of personal information, and unauthorized disclosure of personal information.

5. Compliance with Laws and Regulations, and Continuous Improvements

The Olympus Group shall comply with laws, regulations and standards applicable to the protection of personal information and review and make continuous improvements to the above-mentioned measures.