1. Privacy Mark certification obtained

We have obtained the Privacy Mark certification and commits to protection of personal information.

■ Privacy Mark certification

Approved number: No. 10821880
Acquisition date: November 8, 2006

■ Major commitment to personal information protection

Development of the privacy policy
Establishment of the specialized unit
Personal information management by ledger
Clarification of resource, role, responsibility and authority
Preparation of internal rules
Identification of utilization purpose
Appropriate acquisition, utilization, and operation
Implementation of safety control measures (see below)
Securing personal rights
Education (Once a year, e-learning, etc.)
Audit (Once a year)
Review by the representative

2. Safety control measures

We implement the following safety control measures conforming to the measures that should be taken and specified in the “Act on the Protection of Personal Information (Part of General Rules)/Personal Information Protection Committee” and the requirements of the personal information protection management system (JIS Q15001).

■ Development of basic policy

Established the “privacy policy” as the basic policy to commit appropriate handling of personal information.

■ Development of the discipline for handling personal information

Develop the rules, etc. for handling the personal information including the handling method, responsible person, person in charge, and their duties for each step of personal information handling

■ Organizational safety control measures

  • 1) Development of the organizational structure to implement the safety control measures of personal information
  • 2) Operation according to the discipline related to the handling of personal information
  • 3) Development of measures that can be used to check the handling conditions of the personal information
  • 4) Development of the system that can cope with a case of personal information leakage
  • 5) Understanding of the condition of the personal information handling and re-evaluation of the safety control measures

■ Personal safety control measures

  • 1) Conclusion of a non-disclosure agreement with employees when the employment contract is signed, and conclusion of a non-disclosure agreement between the assignor and assignee when the consignment contract (including a worker dispatch contract) is signed
  • 2) Announcement, education, and training of the internal rules, considerations, etc. about the handling of personal information, implemented for employees
  • 3) Give disciplinary punishment to employees who have violated the code according to the work regulations

■ Physical safety control measures

  • 1) Appropriate management of the section in which the personal information is handled
  • 2) Theft prevention of devices and electronic media used to handle personal information
  • 3) Leakage Prevention of personal information when carrying the electronic media in which personal information is stored or the papers on which personal information is written, or when using the Internet to transmit personal information
  • 4) Deletion of the personal information with the measure which destroys the data to the state in which it is not restorable, and discarding electronic media, etc. in an appropriate way

■ Technical safety control measures

  • 1) Control of access to the personal information
  • 2) Identification and authentication of the person who accesses the personal information
  • 3) Prevention of unauthorized access to the personal information from the outside
  • 4) Prevention of personal information leakage through the use of the information system handling the personal information

■ Understanding of the external environment

When handling personal information abroad, implement the safety control measures based on the understanding of the protection system of personal information in the relevant foreign country

3. Emergency response

It is specified that the following measures shall be taken when an incident of personal information occurs.

  • 1) Fact-finding, cause-finding
  • 2) Identify the scope of influence
  • 3) Consideration and implementation of recurrence prevention measures
  • 4) Contacting the person who is possibly affected
  • 5) Report to the authorized personal information protection organization (JIPDEC) and Personal Information Protection Commission
  • 6) Report to the entruster