We have the basic policy of management for continuous improvement of corporate value and establish better relationships with all stakeholders including shareholders by constantly focus on integrity, transparency, efficiency and promptness of corporate management. In order to realize this, we are enhancing the corporate governance centered on the Board of Directors and audit committees. Regarding the Corporate Governance Code which was adopted from June 1, 2015, efforts for compliance are explained in below. For detail, please refer to the below link (Updated on May 19, 2021).
As for the corporate governance report, please refer to the following link.
Internal Control System and Risk Management System
Our corporate governance structure is below.
We have developed and maintained the internal whistleblower system, in order to minimize the damage that may occur to the Company by discovering acts that could violate the law, the internal regulations, social credibility at the early stage, prevent scandals and take appropriate countermeasures. We made efforts to make the system to function properly by setting up the contact points both inside and outside of the Company. The external lawyer will help through the external contact point and established the reporting structure directly to the audit committee which is independent from the top management, allowing employees to make anonymous whistleblowing. Also, we treat the whistleblower and those who supported the investigations anonymously to preclude any repercussions. After the receipt of the report under the management of the compliance committee, whistle-blowing information will be strictly managed and conduct investigations and improvement measures.
In an effort to enhance an organization-wide risk management structure to function by identifying risks that may occur, the Company establishs the “Risk Management Regulations” to take appropriate approaches for various risks prevention and times of unexpected accidents.
As we are a company operating an eCommerce website as the core business, we recognize that it is extremely significant responsibility for us to work on information security to realize an appropriate risk management to protect information assets the Company possesses from any threats including information received from our customers. In order to maintain a security level that is appropriate for the company to be trusted by the society, we have established the “Basic Policy of Information Security” and thoroughly inform the related regulations inside the Company.
As a part of the personal information protection, we have established a personal information protection program which is conforming to JISQ15001:2006 and in October 2007, we have acquired the “Privacy Mark” given to the company properly handling personal information from Japan Information Processing Development Corporation(JIPDEC).
Regarding the security status of the system, we constantly monitor the access to personal information and implement a mechanism to block unauthorized request. In addition, we regularly conduct vulnerability diagnosis from external attacks by third parties. Moreover, strengthening of the security system is carried out as needed. We have been reducing the risk of unauthorized intrusion into the internal systems by applying IDs, passwords and encryptions.
From July 2018, we have commenced the global expansion of the private brand “ZOZO” at 72 countries over the world. Within the above countries, there are countries where GDPR (EU General Data Protection Rules) are applicable; thus, it is necessary for us to comply with the rules. Through a subsidiary in Germany, we are working with local lawyers and consulting companies having detailed knowledge of this rules. We will take appropriate safety control measures in processing and storage of personal data so that customers are able to use our service with security.