| (1) |
The Company shall acquire personal information or personally referable information* (hereinafter referred to, collectively, as "personal information, etc.,") in relation to its business operations using any of the following methods. a. Direct acquisition, from the individual in question E.g.: We acquire personal information from the individual by them filling out a paper form, or by direct entry into a website form. b. Indirect acquisition, from the individual in question E.g.: We acquire personal information, etc., published in a publication or on the internet. c. Direct or indirect acquisition, from a website operated by the Company E.g.: We acquire site usage history automatically via tags set on a website operated by the Company. d. Indirect acquisition from a third party E.g.: We acquire personal information via a data management platform or social media. |
| (2) | The Company may acquire personal information, etc., by methods that may not be easily perceived by the individual in question. Please see here for information regarding cookies and acquisition of personal information, etc., by ad technology, etc.. This includes cases where the Company does not acquire personal information but providers of ad technology services, etc., do acquire personal information. |
| (1) | For conclusion of agreements with our customers and partners (including membership registration for use of websites operated by the Company) |
| (2) | For handling requests from our customers and partners and implementing agreements with customers and partners |
| (3) | For communicating with our customers and partners |
| (4) | For sending information about trade shows, seminars, products, and services etc. of the Company and Group companies |
| (5) | For developing and improving products and services of the Company and Group companies and improving their quality |
| (6) | For the marketing, sale and sales promotion of the products and services of the Company and Group companies |
| (7) | For creating statistics |
| (8) | For analyzing site usage and browsing status, for the purpose of improving this site |
| (1) | The Company may provide personal Information to third parties within the extent permitted by law (including when obtaining the consent of the individual in question, and performing procedures required by law.) |
| (2) | The Company may entrust the handling of personal information to third parties ("contractors"), within the necessary scope to achieve the purpose(s) of utilizing Personal Information described in Section 2. In such cases, the Company shall enter into an agreement with the contractor, who must meet selection criteria for contractors, and appropriately manage work performed by the contractor. |
| (3) | Third-party providers and contractors may include third parties located outside of Japan (*). *The Company provides details regarding cases where we provide, or entrust the handling of, personal information to third parties located outside of Japan. |
| (1) | The categories of the jointly utilized Personal Information: a. Information acquired in relation to an agreement between the Company and a customer and/or partner b. Contact details of customers and/or partners |
| (2) | The scope of a jointly utilizing entity: The Group companies(http://www.septeni-holdings.co.jp/septenigroup.pdf) |
| (3) | The utilization purpose for the jointly utilizing person: a. For having an appropriate Group company respond to inquiries about the Group’s products and services b. For developing and improving products and services of the Group companies and improving their quality c. For the marketing, sale and sales promotion of the products and services of the Group companies |
| (4) | The entity responsible for controlling the jointly utilized Personal Information: 8-17-1 Nishishinjuku, Shinjuku-ku, Tokyo SEPTENI HOLDINGS CO., LTD. Koki Sato, Representative Director |
| (5) | How to acquire Personal Information: In writing, in the form of electronic data, or by other means |
| (1) | Individuals may make the following demands ("Demands for Disclosure, etc.") to the Company, within the scope permitted by law, with regard to personal information handled by the Company. a. Notification of the purpose of use b. Disclosure of records of personal information or records of provision to third parties c. Corrections, additions or deletions of personal information, a utilization cessation or deletion, or cessation of provision to third parties |
| (2) | Procedures regarding Demands for Disclosure, etc., are as follows. a. Privacy Consultation Desk, which is written about in “Inquiries” below, will receive the Demand for Disclosure etc. b. The person who makes a procedure for Demand for Disclosure etc. is required to send by mail a request form prescribed by the Company and necessary documents, including identification documents. When you wish for information disclosed to be provided in electronic record form, please make that fact known when requesting disclosure. We will inform you regarding specific methods of disclosure. c. The person making the Demand for Disclosure, etc., will be charged a prescribed fee per demand for notification of the purpose of utilizing personal information, disclosure of the contents of personal information or records of provision to third parties. The details of the procedure are available here. |
| (1) | Formulation of basic policy To ensure that personal information is handled appropriately, the Company has formulated a basic policy covering matters such as compliance with relevant laws, regulations and guidelines and a point of contact for dealing with privacy-related questions and complaints. |
| (2) | Development of rules governing the handling of personal information The Company has formulated rules on the handling of personal information, setting out handling methods, the persons responsible/in charge, their responsibilities, etc., at every stage of the process, from collection, use, storage and provision to deletion and destruction. |
| (3) | Systematic security control action a. The Company has established a person responsible for the handling of personal information and has also clarified the employees who handle personal information and the scope of personal information handled by these employees, and developed a system for reporting to and liaising with the person responsible in the event of discovery of an actual or suspected breach of laws or privacy regulations. b. The Company implements periodic self-inspections on the status of handling personal information. |
| (4) | Human security control action a. The Company regularly provides training to employees on matters to be considered when handling personal information. b. The Company stipulates rules regarding maintaining the confidentiality of personal information in its work regulations. |
| (5) | Physical security control action a. In areas where personal information is handled, the Company restricts employee access and the equipment which can be brought in and we also take measures to prevent unauthorized persons from viewing personal information. b. The Company takes measures to prevent the theft and loss of equipment, electronic media and documents containing personal information. Moreover, when carrying such equipment, electronic media or documents around, such as when moving between offices, the Company takes measures to ensure they cannot be easily accessed. |
| (6) | Technological security control action a. The Company uses access control to limit the scope of persons in charge of handling personal information and the scope of the personal information database they handle. b. The Company introduces frameworks to protect information systems that handle personal information against illegal access from outside or malware. |
| (7) | Assessment of external environment When the Company handles personal information in overseas countries (including cases where the Company entrusts the handling of personal information to third parties located outside of Japan), it implements security control action based on an understanding of privacy legislation and other systems in place for the protection of personal information in the countries in which it stores personal data. |