Privacy Policy

Cyber Defense Institute, Inc. (hereinafter referred to as “the Company”) aims to contribute to the information security of our clients and society through our cybersecurity business (penetration testing, forensics, training, technical consulting, solution sales, etc.). The Company deeply recognizes the importance of personal information handled in the course of our operations and establishes the following Privacy Policy to ensure the protection of personal information.

1. Compliance with Laws and Regulations

The Company complies with the Act on the Protection of Personal Information (Personal Information Protection Act), other relevant laws and regulations, guidelines, and this Privacy Policy.

2. Collection of Personal Information

The Company collects personal information through fair and appropriate means. We may collect the following information through various forms on our website (service/recruitment inquiries, application forms, etc.) or through authorized agents.

• Service and transaction-related information: Name, company name, department, job title, contact details, and inquiry content
• Recruitment application information: Information stated in resumes, work history documents, portfolios, etc, and information collected during the selection process(name, photo, date of birth, gender, educational background, work history, address, emergency contact, email address, etc.)
• Information obtained through various checks during the selection process: All information obtained through compliance checks and reference checks (including information about referees, relationship with the applicant, job title, period of employment, etc.)

※ Items that constitute sensitive personal information will only be collected to the extent permitted by law.

3. About Our Website

Our website uses the following third-party services to provide and improve our services. Through the use of these services, information such as access data may be transmitted to each service provider. The handling of data by each service is governed by the respective service provider’s privacy policy.

Service	Provider	Purpose
Cloudflare Pages / CDN	Cloudflare, Inc.	Website hosting, delivery, and security
Google Tag Manager	Google LLC	Tag management
Microsoft Forms	Microsoft Corporation	Contact form functionality

(1) Use of Cookies and Google Services

We use cookies for marketing purposes and to provide better services to our customers. (Cookies are small files that store information about pages visited by users on their devices.)

We use “Google Analytics” and “Google Tag Manager” provided by Google as analytical tools that utilize information stored in cookies. This data is collected anonymously and does not identify individuals. You can opt out of this data collection by disabling cookies in your browser settings.

Please refer to the following sites for information on data collection and handling via cookies in Google Analytics and Google Tag Manager, as well as Google’s privacy policy.

• How Google uses information from sites or apps that use Google's services
• Data collected by Google Tag Manager
• Google Privacy Policy
• Opt out of Google Analytics

(2) Use of Microsoft Forms

Our website uses “Microsoft Forms” provided by Microsoft for our contact form. Information entered in the contact form (name, email address, phone number, inquiry content, etc.) is collected and stored on Microsoft’s cloud services.

Microsoft encrypts submitted data during storage and transmission, managing it in accordance with its privacy policies. Please note that Microsoft may set technically necessary cookies when using Microsoft Forms.

Please refer to the following sites for information on privacy and data handling in Microsoft’s services.

• Microsoft Privacy Statement
• Security and Privacy in Microsoft Forms

(3) Use of Cloudflare Pages

Our website is hosted and delivered using “Cloudflare Pages” provided by Cloudflare, Inc. As website content is delivered through Cloudflare’s content delivery network (CDN), Cloudflare may set technically necessary cookies for security and performance purposes.

Please refer to the following sites for Cloudflare’s privacy and cookie policies.

• Cloudflare Privacy Policy
• Cloudflare Cookie Policy

4. Purpose of Use of Personal Information

The Company uses collected personal information only for the following purposes and will not use it for any other purposes without the individual’s consent, except as permitted by law.

(1) Service and Transaction-Related Purposes

• Providing services such as penetration testing and forensics, and related client communications
• Delivery and support of security solutions and training products
• Issuing quotations, billing, payment processing, and providing information on new services and events

(2) Recruitment-Related Purposes

• Conducting recruitment screening, notifying applicants of results, and responding to applicant inquiries
• Analyzing recruitment activities for improvement (identifying trends by age, educational background, gender, work history, etc.)
• Conducting compliance checks (including relationships with criminal organizations, criminal history, bankruptcy history, and background verification) and reference checks
• Onboarding and ongoing employment management

5. Provision of Personal Information to Third Parties

The Company will not provide personal information to third parties except in the following cases.

• With consent or as required by law: When the individual has given consent, or when required by applicable law
• Provision related to recruitment screening: Conducting compliance checks and reference checks through third-party investigation firms, and sharing information with other companies designated by the applicant
• Items and methods of provision: Information such as name, email address, and resume/work history content will be provided via email or secure file exchange services with appropriate security measures such as encryption

6. Management and Security Measures

Personal information provided to us will be managed appropriately with security measures in place (including unauthorized access controls and antivirus protections) to prevent leakage, loss, or damage.

7. Retention Period of Personal Data

Personal data of recruitment applicants will be retained for 12 months following the conclusion of the relevant recruitment process.

8. Disclosure, Correction, and Suspension of Use of Personal Information

If an individual requests disclosure, correction, deletion, or suspension of use of personal information held by the Company, we will verify the identity of the requester and respond promptly to the extent reasonably practicable.

※ Please note that once recruitment application information is deleted, it will no longer be possible to proceed with the screening process.

9. Changes to This Policy

The Company may revise this Policy in response to amendments to personal information protection laws, changes in social conditions, or changes in the Company’s services.

When revising this Policy, the Company will establish the effective date of the revised version and notify or announce it to customers in advance by posting on our website or through other appropriate means.

10. Contact Us

For inquiries regarding this Policy or requests for disclosure of personal information, please contact us at:

Cyber Defense Institute, Inc. — Administoration department
Address: 5F Ochanomizu First Building, 2-5-1 Kanda-Surugadai, Chiyoda-ku, Tokyo
Business hours: Weekdays 9:00–18:00 (excluding weekends, public holidays, and company holidays)
Contact Form