Security policyInformation Security Policy

SMART EXCHANGE Co., Ltd. (hereinafter referred to as "our company") has a business philosophy of "Making Japan the No. 1 tourist country in the world" and strives to improve service quality and customer satisfaction by setting up and operating foreign currency exchange machines at tourist spots, accommodation facilities, transportation facilities, and other locations in order to improve convenience for foreign tourists visiting Japan and increase consumption in the local economy. In order to achieve this, we have set out our mission of contributing to a changing society through our SMART EXCHANGE business, which installs and operates foreign currency exchange machines at tourist spots, accommodation facilities, transportation facilities, and other locations. As a company that operates this business, we will deal with external attacks that hinder our business, properly protect the information we handle, and promote activities that will earn our customers' trust. In addition, we will work to prevent accidents involving information that occur due to uncertain situations such as system failures and operational errors. We recognize that engaging in these activities is an essential management responsibility for our company. In order to fulfill these responsibilities, we will hereby establish, implement, and promote our information security policy.

1. We will organize an information security system in which the management participates in order to establish, introduce, operate, monitor, review, maintain and improve the information security management system. In addition, we will determine information security objectives based on this policy and operate the information security management system to achieve these information security objectives.
2. We will identify laws, regulations and other rules related to information security, clarify our contractual security obligations and comply with them. In addition, we will periodically review our basic policy and internal regulations in response to changes in management policy, business operations, social changes, technological changes, laws and regulations, etc., to maintain compliance with requirements.
3. We will conduct risk assessments to maintain the confidentiality, integrity, and availability of all information assets we handle, and take appropriate risk countermeasures to prevent and correct security incidents, etc. We will set information security goals that include these responses and achieve these information security goals.
4. We will ensure that all executives and employees who handle information assets are aware of the importance of information security and are thoroughly informed about the proper handling of information assets. We will provide the necessary education and training for this purpose.
5. We will appropriately monitor and measure to ensure that our information security management system is functioning effectively. In addition, we will endeavor to continually improve our information security management system by regularly auditing its operation status.
6. Personal information used by our company for business purposes will be handled appropriately in accordance with our "Personal Information Protection Policy," which complies with the Personal Information Protection Act and the JISQ 15001:2023 standard.

Established April 1, 2015
Last revised April 18, 2025
SMART EXCHANGE Co., Ltd.
Representative Director　Masato Nakano