Privacy Policy
We fully recognize the importance of protecting personal information. We believe that properly handling personal information is part of our social responsibility and declare that we strive to protect personal information in accordance with the following principles (hereinafter “this Privacy Policy”). The definitions of terms other than those defined separately in this Privacy Policy shall be in accordance with the definitions in the Act on the Protection of Personal Information (Act No. 57 of 2003) and other related laws and regulations (hereinafter "Personal Information Protection Laws").
1. Our Company Profile
Please refer to Company > Corporate Profile on our corporate website.
2. Compliance with Laws and Regulations
We will strictly comply with Personal Information Protection Laws, guidelines, industry self-regulation rules, and internal rules, etc. when carrying out operations in which personal information is handled.
3. Acquisition of Personal Information
We will acquire personal information by fair and legitimate means. In addition, unless permitted by Personal Information Protection Laws, we will not acquire any special care-required personal information without the prior consent of the individual to whom such personal information pertains.
4. Use of Personal Information
- (1)We will use personal information only for the purposes of use officially announced in advance or within the scope of use informed at the time of acquisition and to the extent necessary to carry out business.
- (2)We will not use personal information in a manner that may encourage or induce illegal or unlawful activities.
- (3)In the case where we share personal data with a third party, or entrust the handling of personal data to a third party, we will examine such third party rigorously, and perform proper supervision to ensure that such third party keeps the personal information confidential.
5. Provision of Personal Data to Third Parties
Except as provided by Personal Information Protection Laws, we will not provide personal data to any third party without the prior consent of the individual to whom such personal data pertains.
6. Provision of Personal Data to Third Parties in Foreign Countries
When we disclose or provide personal data to a third party located in a foreign country, we will comply with the rules of Personal Information Protection Laws, and in principle, we will obtain the consent of the individual in question after providing the information required by Personal Information Protection Laws in advance.
7. Sharing of Personal Data
We will share personal data as follows:
- (1)Personal Information Items
The person's address, name, postal code, telephone number, fax number, email address, organization to which the person belongs, position in the organization, and other information included on the person's business card, as well as related information such as the date, time, and location of the business card exchange, etc. - (2)Scope of Shared Users
Sojitz Corporation and Sojitz Group companies*
* Refers to subsidiaries as defined in Article 8, Paragraph 3 of the Regulation on Terminology, Forms, and Preparation Methods of Financial Statements, and to affiliated companies as defined in Paragraph 5 of the same article.
Please refer to Company > Operating Bases and Company > Major Group Companies on Sojitz Corporation’s corporate website. - (3)Purpose of Use
Personal information will be used for the purposes defined separately in the Purposes of Use of Personal Information. - (4)Information about the Company Responsible for Managing the Personal Data
We are responsible for the personal information that we share. For our address and representative, please refer to Company > Corporate Profile on Sojitz Corporation’s corporate website.
If you have any questions about the sharing of personal information, please contact the Personal Information Inquiry Desk listed separately.
8. Safety Management Measures for Personal Information
- (1)We will work to store and manage personal information in an accurate and up-to-date manner, and will take the necessary safety control measures to prevent unauthorized access or leakage of personal information.
- (2)We will take the following specific security management measures.
- I.Formulation of a Basic Policy and Maintenance of Discipline Regarding the Handling of Personal Data
In order to ensure the proper handling of personal data, we will establish a basic policy that includes compliance with Personal Information Protection Laws and the creation of a point of contact for related questions and concerns. - II.Organizational Safety Management Measures
In addition to appointing a manager responsible for handling personal data, we will clarify the employees involved with handling personal data as well as the scope of the data, and we will establish a system for reporting and contacting the manager if evidence or indications of violations of Personal Information Protection Laws or internal rules is detected. In addition to regular self-inspections regarding the handling of personal data, we will undergo audits conducted by outside departments and third parties. - III.Human Security Management Measures
We will provide training to employees regarding precautions when handling of personal data. Articles concerning the confidentiality of personal data are included in the employee regulations. - IV.Physical Safety Management Measures
In regions where personal data is handled, we place restrictions on employee access and on equipment that can be brought into the office. We will also implement measures to prevent unauthorized persons from viewing personal data. We will take measures to prevent the theft or loss of equipment, electronic media, and documents, etc., and takes measures to ensure that personal data is not easily revealed when such devices or electronic media are transported, including within our premises. - V.Technical Safety Control Measures
We will implement access restrictions in order to limit the scope of employee access to the personal information database, and of the database itself. We have implemented a system to protect information systems that handle personal data from unauthorized outside access or harmful software. - VI.Understanding the External Environment
We have outsourced the storage of information, including some personal data, to a cloud services provider. The personal data is stored in the United States of America under the management of the said provider. We are implementing safety management measures based on our understanding of the personal information protection system in the United States of America, based on information provided by the Personal Information Protection Commission, Japan, etc.
9. Disclosure, Correction, Suspension of Use, and Deletion of Personal Information
We will promptly respond to requests from the owners of personal information for disclosure, correction, suspension of use, and deletion, etc. of their own personal data as well as to complaints and inquiries, in an appropriate manner and to a reasonable extent in accordance with Personal Information Protection Laws. Please contact the Personal Information Inquiry Desk listed separately.
10. Compliance Program for the Protection of Personal Information
To execute this Privacy Policy, we have formulated a compliance program for the protection of personal information (which includes this Privacy Policy, Personal Information Protection Regulations and other regulations and rules) and keep our employees and other interested parties fully informed of this program, and execute and maintain this program, as well as strive to properly manage personal information through ongoing review and improvement.