True Data Inc. (hereinafter referred to as “Company”) believes that its social responsibility is to protect information that may specify or identify individuals, including customers (hereinafter referred to as “Personal Information”). Since storage, accumulation, and analysis of a large amount of Personal Information have become possible with the acceleration in the speed of networking and digitization of computers, the risk of personal privacy violations has increased significantly, and societal demands for the protection of Personal Information have grown accordingly.
The Company has established a management system for the protection of Personal Information in line with JIS Q 15001 and appropriately handles not only Personal Information obtained by the Company but also Personal Information entrusted to the Company by customers in accordance with this management system.
- The Company appoints a Personal Information Management Officer in each department with the aim of protecting Personal Information and strives to appropriately handle Personal Information, including not only by the Company but also by its business partners.
- In obtaining Personal Information, the Company’s objectives are limited to the extent necessary for the smooth use of various services provided by the Company, improvement of services, responses to inquiries made to the Company, e-mail delivery of the Company’s newsletters to customers who subscribe to the service, recruitment screening, personnel affairs and welfare benefits of the Company’s officers and employees, and provision services of marketing information entrusted to the Company by customers, and such Personal Information is obtained in an appropriate manner while the purposes of acquisition and use and the contact window for each customer are defined.
- The Company will not use and provide Personal Information beyond the scope of its use and provision that were agreed upon by customers at the time of acquisition of Personal Information. In addition, the Company will not use Personal Information for any purpose other than the intended purpose and take measures to ensure use only for the intended purpose.
- The Company will take reasonable safety and corrective measures against risk, including unauthorized access to Personal Information, loss, destruction, falsification, and leakage of Personal Information.
- The Company will take prompt action within a reasonable range, if the Company receives a request for disclosure, correction, modification of the range of provision and deletion of Personal Information, any complaint and consultation from customers as the individuals concerned.
- When creating or handling anonymously processed information, the Company will do so in compliance with laws and regulations, as well as take appropriate safety measures. Further, when providing such information to a third party, the Company will disclose to the public the categories of information included and its method of provision, and state explicitly to that effect that the information being provided is anonymously processed information.
- The Company complies with laws and regulations, guidelines provided by the government, and other rules applicable to Personal Information, and will continuously conduct a review and make improvements in our effort to protect Personal Information.
Date of Establishment: November 17, 2008
Date of Last Update: July 18, 2019
True Data Inc.
President and CEO
Our Policy on the Handling of Personal Information
a) Name of Company True Data Inc.
b) Chief Privacy Officer and Contact Information
Personal Information Chief Management Officer
(Personnel and General Affairs Department)
Contact Information: email@example.com
c) Intended Use of Personal Information
- The Company obtains and uses Personal Information for the purpose of smooth use and improvement of its services, responses to inquiries made to the Company, and e-mail delivery of its newsletters to customers who subscribe to the service.
- The Company obtains and uses Personal Information of applicants for employment positions within the Company only for the purpose of recruitment screening. After employment begins, the Company uses Personal Information for the purpose of personnel affairs, welfare benefits, etc.
- The Company uses Personal Information entrusted by customer companies within a range of such entrusted business.
- Personal Information entrusted by customer companies shall be compiled into database form that does not allow personal identification, and such a database shall be used for the purpose of statistics and analysis.
- Personal Information obtained from cookie information shall be compiled into database form that does not allow personal identification, and such a database shall be used for the purpose of statistics and analysis.
The above items 1 and 2 correspond to retained personal data of the Company.
d) Shared Use of Personal Information Personal Information obtained by the Company may be shared with a business partner who conducts business in collaboration with the Company, when such a business partner is required. In this case, the Company will share Personal Information with such a business partner after publishing the intended use, name of the business partner, type of information, and name of the administrator.
e) Provision of Personal Information to Third Parties Personal Information obtained by the Company will not be provided to any third parties unless such provision is required by laws and regulations and except for cases that fall under any of the following cases. For the avoidance of doubt, the provision to a business partner shall not be deemed to be the provision to a third party.
Cases where before the provision,
- The fact that the provision to third parties is the intended use;
- The categories of personal data that are provided to third parties;
- The means or method of provision to third parties; and
- The fact that at the request of the principal, the provision to third parties of personal data by which the principal is identified shall be suspended;
- Cases where the disclosure or provision is carried out in a form from which the principal cannot be identified, such as statistical data.
f) Entrustment of Personal Information to Outsourcees The Company may entrust Personal Information entrusted by customer companies and some of recruitment screening, personnel affairs and welfare benefits of its officers and employees or applicants for employment positions to outsourcees. In this case, Personal Information shall be limited to the range of purpose of entrustment and entrusted to such an outsourcee after evaluating that the outsourcee is a company which can appropriately control Personal Information.
(Establishment of Regulations for Handling Personal Data)
The Company has established the internal regulations and operation procedures that specify the handling method of personal data at each stage of acquisition, use, retention, provision, deletion and disposal, etc., and strives to ensure safety control of personal data.
(Institutional Security Control Measures)
The Company has assigned a chief management officer in charge of handling of personal data and clarified the scope of employees handling personal data and personal data handled by such employees. The Company also reviews the access authority on a regular basis.
The Company has also established a system of reporting and communicating to the chief officer where any employee becomes aware that an actual or potential breach of the internal regulations, etc., or leakage or loss, etc., of personal data has occurred.
Handling of personal data by the Company is regularly inspected and audited.
(Human Security Control Measures)
The Company conducts, on a regular basis, training for all employees and confirmation of the degree of their understanding on the matters to be noted concerning handling of personal data and information security.
Matters concerning confidentiality of personal data are specified in the Company’s Work Rules in order for employees to comply with the matters.
In addition, the Company receives a pledge of confidentiality from each employee when the employee joins the Company.
(Physical Safety Control Measures)
The Company has established rules for employees for entering and leaving offices and responding to visitors using the entrance and exit management system in order to conduct management. The server room, etc., are designated as access-restricted areas to protect equipment and information.
The Company has taken measures to prevent theft or loss, etc., of devices, electronic media, and documents, etc., that handle or cover personal data as well as measures so that personal data cannot be easily identified when such device or electronic media, etc., is carried to any place.
(Technological Safety Control Measures)
The Company implements access control to limit users and the scope of personal information database, etc., handled.
The Company has also introduced a mechanism to protect the information system that handles personal data from unauthorized outside access or unauthorized (malicious) software.
A request for disclosure, correction, suspension of use, etc., of the retained personal data will be accepted via postal mail or facsimile, unless otherwise provided for in special procedures. Please enter necessary information in the “Request Concerning Handling of Personal Information” and send it to the mail address described in this document.
*No fee shall be collected for procedures for disclosure, etc.
Method of Confirming that You are the Principal or an Agent at the Time of a Request Concerning Retained Personal Data
In order to prevent Personal Information from being leaked to a third party attempting to impersonate the principal, with respect to your request for the disclosure of the retained personal data, please submit a total of two documents mentioned in (a) and (b) below. In the case where such documents cannot be sent, a reply will be sent via postal mail using ID confirmation delivery service.
One of the following documents (copy)
A copy of your driver’s license, passport, health insurance card of any kind, pension book or other certificate issued by a public authority.
(*Only such documents that contain your address, name and the date of birth, the effective period of which has not expired or which is currently valid)
- A copy of your original resident certificate (*One issued within the past three months which does not contain your Individual Number)
- One of the following documents (copy)
- In the case of a request for correction, suspension of use, etc., of the retained personal data other than its disclosure as mentioned in item a above, in order to prevent unauthorized alteration, etc., by a third party attempting to impersonate the principal, identification will be confirmed by making contact at the home of the principal or by other means.
Method by Which an Agent Requests Disclosure, etc.
When the principal authorizes an agent to request disclosure, correction, suspension of use, etc., of the retained personal data, please send the following documents. In the case where such documents cannot be sent, a reply will be sent via postal mail using ID confirmation delivery service.
- A power of attorney given by the principal to the agent One copy
- A certificate of registration of seal impression of the principal (one issued within the past three months for the seal impression affixed to the power of attorney) One copy
i) Request for Disclosure, etc. of Personal Information Entrusted Personal Information entrusted to the Company by customer companies is personal information obtained by the customer companies, and the Company cannot respond to any inquiries about such Personal Information.
j) Consent to Provision of Personal Information is Optional Your consent to the provision of Personal Information to the Company is optional. The disadvantage in case of not consenting is:
- limited to the possibility that the Company cannot respond to your inquiry, and e-mail delivery of our newsletters will not be made to customers who may even subscribe to the service;
- if anyone who wishes to work for the Company does not consent to the provision of Personal Information, he or she shall be deemed to have declined his or her recruitment screening.
k) Acquisition of Personal Information in a Way That Does Not Allow You to Recognize It Personal Information may be obtained and used in a way that does not allow you to recognize it by adopting cookies on our website. The details of Personal Information obtained there include name, gender, age, and place of residence.
Customers can prevent their information from being collected by Google Analytics by installing the Google Analytics opt-out browser add-on to their web browser.
The Company utilizes retargeting functions, such as remarketing advertisements, etc., that use Cookie information, including advertisements for sales activities. Therefore, advertisements of the Company may appear on various websites by third-party distribution companies, including Google , Facebook and Microsoft based on the records of access to our website.
(Cookie information does not contain any information that can identify and distinguish individuals.)
Network Advertising Initiative（http://www.networkadvertising.org/managing/opt_out.asp）
In this regard, the Company does not collect information for the purpose of retargeting, including remarketing advertisements, etc., targeting individuals within the EEA (European Economic Area).
n) Handling of Specific Personal Information
- With regard to specific personal information, the Company complies with the “Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure” (hereinafter referred to as “My Number Act”), the “Act on the Protection of Personal Information,” and the “Guidelines for the Appropriate Handling of Specific Personal Information (for Business Operators).”
- The Company ensures the appropriate handling of specific personal information by treating its “Policy on the Protection of Personal Information” as a “Basic Policy on the Appropriate Handling of Specific Personal Information.”
- The Company will obtain and use specific personal information to the extent necessary in order to achieve its objective by limiting the scope of use of specific personal information to the performance of the administrative procedures for social insurance, taxes, and countermeasures against disaster provided for in each provision of Article 9 of My Number Act.
- The Company will not provide specific personal information to any third parties, unless otherwise specified by laws and regulations. Also, the Company will not make shared use of specific personal information. However, the Company may provide specific personal information to third parties in any of the cases specified in Article 19 of My Number Act (Limitation on the Provision of Specific Personal Information).
- The Company may outsource the handling of specific personal information within the scope of the purpose of use specified by laws and regulations.
- Any request for disclosure, correction, addition, deletion, suspension of use, suspension of provision to third parties, or any request for notice of the intended use, or any complaint pertaining to specific personal information held by the Company will be accepted by e-mail at the contact window listed below. Such requests and complaints will be handled only after customer identity confirmation (required items on the registration screen on our website, etc.). No fee shall be collected for procedures such as Disclosure, etc.
o) Handling of Anonymously Processed Information The Company may create anonymously processed information (information relating to an individual that can be created from processing Personal Information so as neither to be able to identify a specific individual nor to be able to restore the Personal Information) in compliance with laws and regulations and provide the same to a third party. When creating and providing such information, the Company will take the following measures:
Creation of Anonymously Processed Information
The Company shall:
- Process such information in accordance with the standards stipulated by laws and regulations when creating the same;
- Take security control actions pursuant to the standards stipulated by laws and regulation in order to prevent leaks of deleted information and information related to the processing method;
- Disclose to the public the categories of information relating to the individual contained in the anonymously processed information created; and
- Refrain from doing anything to identify the principal concerned with the Personal Information used for such creation.
Provision of Anonymously Processed Information
When providing anonymously processed information to a third party, the Company shall disclose to the public the categories of information relating to the individual contained in the anonymously processed information to be provided and its method of provision and state to the recipient explicitly to that effect that the information being provided is anonymously processed information.
[Contact Window for Inquiries/Complaints]
Contact Window for Inquiries/Complaints: Personnel and General Affairs Department, True Data Inc.
Email Address: firstname.lastname@example.org
Accredited Personal Information Protection Organization which designates the Company as the Covered Business Operator
The Company is a covered business operator of the General Incorporated Foundation, Japan Information Processing and Development Center (Abbreviation: JIPDEC), an accredited personal information protection organization.
The covered business operator can make a request to the Center for resolution of complaints concerning handling of Personal Information.
[Name of Accredited Personal Information Protection Organization and Contact to Request Resolution of Complaints]
Name of Accredited Personal Information Protection Organization: General Incorporated Foundation, Japan Information Processing and Development Center
Contact to request resolution of complaints: Accredited Personal Information Protection Organization Administrative Office
Address: Roppongi First Building 12F, 9-9 Roppongi 1-chome, Minato-ku Tokyo, 106-0032 Japan