Measures taken for the Secure Management of Retained Personal Data

The main details of our security management measures for personal data, etc. are as follows:

(Establishment of a Basic Policy for the Protection of Personal Information)

To ensure the proper handling of personal data, Company has established a basic policy (Privacy Policy) concerning "compliance with relevant laws, regulations, guidelines, etc." and "a point of contact for handling questions and complaints.

(Rules for the Handling of Personal Data)

For each stage of acquisition, use, storage, provision, deletion/disposal, etc., Company has established rules for handling personal data, including regulations and duties for managers/persons in charge.

(Organizational Security Management Measures)

Company will clarify the employees who handle personal data and the scope of personal data handled by such employees. A reporting and communication system is also in place in the event that facts or signs of violation of the Personal Information Protection Law or Personal Information handling regulations are detected.

(Human Security Management Measures)

Regular training is provided to employees on points to keep in mind regarding the handling of personal data. Items concerning the confidentiality of personal data are stated in the employment regulations, and non-disclosure agreements are in place with employees and contractors.

(Physical Security Management Measures)

In areas where personal data is handled, measures are taken to prevent unauthorized persons from viewing personal data. These measures are taken to prevent theft or loss of equipment, electronic media, and documents that handle personal data; there are also measures implemented to prevent personal data from being easily discovered when such equipment, electronic media, etc. are carried elsewhere, including within the business site.

(Technical Security Management Measures)

Access control has been implemented to limit the scope of persons in charge and the Personal Information database, etc. that is handled. A system is also in place to protect information systems that handle personal data from unauthorized external access or unauthorized software.

(Understanding of the external environment)

When handling Personal Information from foreign countries, Company regularly collects and comprehends information on the Personal Information protection systems of those countries and implements security management measures accordingly.



back