1. Our Company Profile
Please refer to Company > Corporate Profile on Sojitz Corporation’s corporate website.
2. Compliance with Laws and Other Rules
We will strictly comply with Personal Information Protection Laws, guidelines, industry self-regulation rules, and internal rules, etc. when carrying out operations in which personal information is handled.
3. Acquisition of Personal Information
We will acquire personal information by fair and legitimate means. In addition, unless permitted by Personal Information Protection Laws, we will not acquire any special care-required personal information without the prior consent of the individual to whom such personal information pertains.
4. Use of Personal Information
- （1）We will use personal information only for the purposes of use officially announced in advance or within the scope of use informed at the time of acquisition and to the extent necessary to carry out business.
- （2）We will not use personal information in a manner that may encourage or induce illegal or unlawful activities.
- （3）In the case where we share personal data with a third party, or entrust the handling of personal data to a third party, we will examine such third party rigorously, and perform proper supervision to ensure that such third party keeps the personal information confidential.
5. Provision of Personal Data to Third Parties
Except as provided by Personal Information Protection Laws, we will not provide personal data to any third party without the prior consent of the individual to whom such personal data pertains.
6. Provision of Personal Data to Third Parties in Foreign Countries
When we disclose or provide personal data to a third party located in a foreign country, we will comply with the rules of Personal Information Protection Laws, and in principle, we will obtain the consent of the individual in question after providing the information required by Personal Information Protection Laws in advance.
7. Sharing of Personal Data with Sojitz Group Companies
We will share personal data as follows:
- （1）Personal Information Items
The person's address, name, postal code, telephone number, fax number, email address, organization to which the person belongs, position in the organization, and other information included on the person's business card, as well as related information such as the date, time, and location of the business card exchange, etc.
- （2）Scope of Shared Users
Sojitz Corporation and Sojitz Group companies*
* Refers to subsidiaries as defined in Article 8, Paragraph 3 of the Regulation on Terminology, Forms, and Preparation Methods of Financial Statements, and to affiliated companies as defined in Paragraph 5 of the same article.
Please refer to Company > Operating Bases and Company > Major Group Companies on Sojitz Corporation’s corporate website.
- （3）Purpose of Use
The information will be shared within the scope of negotiations, communications, consultations, order placement, financial settlement or other processes related to trading, and the appropriate and smooth execution of other Company activities.
- （4）Name of Company Responsible for Managing the Personal Data
We are responsible for the personal information that we share. For our address and representative, please refer to Company > Corporate Profile on Sojitz Corporation’s corporate website.
8. Safety Management Measures for Personal Information
- 1. We will work to store and manage personal information in an accurate and up-to-date manner, and will take the necessary safety control measures to prevent unauthorized access or leakage of personal information.
- 2. We will take the following specific security management measures.
- I.Formulation of a Basic Policy and Maintenance of Discipline Regarding the Handling of Personal Data
In order to ensure the proper handling of personal data, we will establish a basic policy that includes compliance with Personal Information Protection Laws and the creation of a point of contact for related questions and concerns.
- II.Organizational Safety Management Measures
In addition to appointing a manager responsible for handling personal data, we will clarify the employees involved with handling personal data as well as the scope of the data, and we will establish a system for reporting and contacting the manager if evidence or indications of violations of Personal Information Protection Laws or internal rules is detected. In addition to regular self-inspections regarding the handling of personal data, we will undergo audits conducted by outside departments and third parties.
- III.Human Security Management Measures
We will provide training to employees regarding precautions when handling of personal data. Articles concerning the confidentiality of personal data are included in the employee regulations.
- IV.Physical Safety Management Measures
In regions where personal data is handled, the Company places restrictions on employee access and on equipment that can be brought into the office. We will also implement measures to prevent unauthorized persons from viewing personal data. The Company will take measures to prevent the theft or loss of equipment, electronic media, and documents, etc., and takes measures to ensure that personal data is not easily revealed when such devices or electronic media are transported, including within company premises.
- V.Technical Safety Control Measures
We will implement access restrictions in order to limit the scope of employee access to the personal information database, and of the database itself. We have implemented a system to protect information systems that handle personal data from unauthorized outside access or harmful software.
- VI.Understanding the External Environment
We will implement safety management measures based on an understanding of the personal information protection system in place in the United States of America, where we store personal data.
9. Disclosure, Correction, Suspension of Use, and Deletion of Personal Information
We will promptly respond to requests from the owners of personal information for disclosure, correction, suspension of use, and deletion, etc. of their own personal data as well as to complaints and inquiries, in an appropriate manner and to a reasonable extent in accordance with Personal Information Protection Laws. Please contact the Personal Information Inquiry Desk listed separately.
10. Compliance Program for the Protection of Personal Information