We endeavor to keep the personal information of our customers and other individuals accurate and up to date, and we have also adopted a basic policy and rules for the handling of personal information, and implement necessary and appropriate security measures accordingly.
To ensure that personal information is handled appropriately, we have formulated a basic policy covering matters such as compliance with relevant laws, regulations and guidelines and a point of contact for dealing with privacy-related questions and complaints.
We have formulated rules on the handling of personal information, setting out handling methods, the persons responsible/in charge and their responsibilities, at every stage of the process, from collection, use, storage and provision to deletion and destruction.
We have established a person responsible for the handling of personal information and we have also clarified the employees who handle personal information and the scope of personal information handled by these employees, and developed a system for reporting to and liaising with the person responsible in the event of discovery of an actual or suspected breach of laws or privacy regulations.
We carry out self-inspections on a regular basis to assess the handling of personal information and are also audited by other business units and external parties.
We regularly provide training to employees on matters to be considered when handling personal information.
Our work rules include information about the confidentiality of personal information.
In areas where personal information is handled, we restrict employee access and the equipment which can be brought in and we also take measures to prevent unauthorized persons from viewing personal information.
We take measures to prevent the theft and loss of equipment, electronic media and documents containing personal information. Moreover, when carrying such equipment, electronic media or documents around, such as when moving between offices, we take measures to ensure they cannot be easily accessed.
We use access control to limit the scope of persons in charge of handling personal information and the scope of the personal information database they handle.
We have adopted various defenses to protect information systems containing personal information from being hacked or infected by malware.
We implement security measures based on an assessment of the privacy legislation in the foreign countries in which we store personal information.
The names of such foreign countries, an outline of their privacy legislation, as well as the security measures we have taken are as follows.
* For details of privacy legislation in foreign countries published by the Personal Information Protection Commission, please visit the link below: (https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/) (https://www.ppc.go.jp/personalinfo/legal/
kaiseihogohou/)
We select contractors in an appropriate manner based on verification of the security measures contractors are required to take.
We conclude agreements on the protection of personal information with contractors, receive reports on their handling of personal information on a regular basis and carry out inspections where necessary.
Newly hired employees must sign a non-disclosure agreement and submit an oath.
We make sure that employees are familiar with rules and procedures for the protection of personal information and provide them with relevant training on a regular basis.