2. Definitions of Personal Information
Personal information refers to any information that can identify a specific individual by name, address, age, gender, e-mail address, photo, or any other information included in the applicable information (including information that cannot identify a specific individual with its own contents but could identify an individual by collating with other information.) The group classifies personal information into the following types:
- Information about an individual who has purchased a product from our Group or has inquired about a product or any other information;
- Information about a person in charge from a business that has transactions with our Group;
- Information about Group employees (including directors, just-in-time employees, and part-time employees), temporary employees, and job applicants;
- Information about shareholders; and
- Information about trustee development services
3. Basic Principle Regarding Handling of Personal Information
The basic principle for handling personal information by our Group shall be as follows:
- Clarification of the Purpose of Use and Prohibition of Use Other Than Specified Purpose
In the event we request personal information, we will clearly state the purpose of use in advance, and any information obtained from individuals shall be used only for the stated purpose of use. If it is necessary to use personal information for purposes other than the initially stated purpose, we will clearly indicate the new purpose in advance. In this case, if the individual does not consent to the new purpose of use, then the person may withhold the personal information at the individual’s discretion (provided, however, that in the event personal information is essential for a service, the
applicable service may not be available).
- Nondisclosure or Non-supply of Personal Information to a Third Party
Personal information will not be disclosed to a third party except as follows:
- When the individual agrees to the disclosure;
- Depending on the information, a reply is considered appropriate from an affiliated company or agent of our Group;
- When a financial institution needs the information to assure payment for products, services, and other goods;
- In the event a legal order requires disclosure of personal information; and
- In the event of the transfer of business due to merger, de-merger, business transfer, or for any other reason.
- Strict and Appropriate Management of Personal Information
Personal information will be managed appropriately and strictly. Strict security measures will be implemented in order to prevent loss, misuse, or alteration of personal information.
- Disclosure and Correction of Personal Information to Individuals
At the request of an individual, his/her personal information will be disclosed to the individual using the prescribed procedures. We will meet requests for correction, deletion, or refusal to use or supply the information.
4. Our Efforts to Protect Personal Information
In order to protect personal information, our Group ensures the following:
- Compliance with Laws, Regulations, and Norms
For the protection of personal information, we will observe all relevant laws, guidelines of any group/ organization we belong to, and corporate regulations.
- Implementation of Education of Employees
In order to ensure that all employees are informed about the appropriate handling of personal information, we will use the intranet to educate employees and periodically offer training for each of the Group companies.
- Management of Outside Subcontractors
For services supplied by outside subcontractors for stock-related clerical works or for software and system development, an operating agreement, including the following matters, shall be concluded for the purpose to manage those subcontractors appropriately.
- Matters regarding the confidentiality of personal information;
- Matters regarding prohibition or restriction of re-consignment; and
- Matters regarding handling (return, disposal, etc.) of personal information after expiration of an agreement
- Internal Audit
Internal audits will be conducted periodically to confirm the appropriate handling of personal information. If an internal audit finds the need for improvement, corrective action shall be taken immediately.
This Policy shall be effective as of March 30, 2005.
Establishment: March 30, 2005