HOME > Personal Information Protection Policy

 

Personal Information Protection Policy

SHINTOA CORPORATION (“the Company”) recognizes the importance of protecting personal information (personal information as stipulated under the Act on the Protection of Personal Information and specific personal information, etc. stipulated in the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures), and has set forth the following Personal Information Protection Policy. The Company will thoroughly enforce the policy among its officers and employees including staff, advisors, contract employees and temporary employees (collectively “officers and employees,” hereafter), and endeavor to protect the rights and interests of individuals.

1. Principle of Acquisition

Personal information will be acquired by identifying the purpose to the greatest extent possible, and be carried out in a lawful and fair manner.

2. Use of Personal Information

Except when required to comply with laws or regulations, personal information will only be used within the scope of the purposes of use notified to the individual or publicly announced in advance in the “Handling of Personal Information” section below.

3. Management of Personal Information

The Company will strive to keep personal data accurate and up to date to the extent necessary to fulfill the purpose of use, and shall promptly delete the data if it no longer needs to be used.

4. Outsourcing

When the Company provides personal data to a contractor in order to carry out the purpose of use, the Company will perform the necessary and appropriate supervision of the contractor to ensure the personal data is securely managed.

5. Restriction on Third Party Provision

The Company will not provide personal information to a third party without obtaining the prior consent of the individual concerned, except when following laws and regulations that prescribe otherwise.

6. Disclosure, Correction and Suspend of Use, etc. of Retained Personal Data

When the Company has received a request from an individual for the disclosure, correction, suspension of use, etc. or disclosure of records of third party provision with respect to their personal information, the Company will promptly respond in accordance with the applicable laws and regulations.

7. Pseudonymized Information

Refer to the following for information about the creation and use of pseudonymized information at the Company.

Pseudonymized information
When creating pseudonymized information, the Company will comply with the applicable laws and regulations, and create the information in a way that prevents specific individuals from being identified unless it is cross-checked with other information.
When creating pseudonymized information, the Company will take necessary measures to securely manage deleted information, etc. to prevent its leakage. In addition, the Company will not cross-check pseudonymized information with other information for the purpose of identifying individuals.
When creating pseudonymized information, the Company will publicly announce the items related to individuals that are included in the pseudonymized information, in accordance with the provisions of the applicable laws and regulations.
The Company will not provide pseudonymized information it has created to third parties, except when otherwise stipulated by laws or regulations.

8. Anonymized Information

Refer to the following for information about the creation, provision and use of anonymized information by the Company.

Anonymized information
When creating anonymized information (limited to information that constitutes a database of anonymized information, etc.), the Company will take necessary measures to ensure that specific individuals cannot be identified from the anonymized information, and that the personal information used in its creation cannot be recovered from it. In addition, when using anonymized information itself, the Company will not cross-check it with other information for the purpose of identifying (or re-identifying) any individuals related to the source personal information.
When it has created anonymized information, the Company will publicly announce the items related to individuals that are included in the anonymized information, in accordance with the provisions of the applicable laws and regulations.
When providing anonymized information to a third party, the Company will publicly announce the items of information on individuals contained in the anonymized information and the method of provision, and will clearly specify to the third party concerned that the information provided is anonymized information.

9. Information Related to Personal Information

Refer to the following with regard to matters concerning information related to personal information.

Information related to personal information
When it is assumed that a third party will acquire information related to personal information (limited to information that constitutes a database of information related to personal information, etc.), the Company will not provide the applicable information related to personal information to the third party without confirming the following matters in advance.
(1) That the consent of the individual concerned has been obtained to the effect that the third party will receive the information related to personal information from the Company and acquire it as personal data that can identify the individual.
(2) That if the intended recipient is in a foreign country, that the individual concern has been provided in advance with information about personal information protection systems and other relevant information pertaining to that country.

10. Management System

The Company will appoint a Personal Information Protection Supervisor who has overall responsibility for the handling of personal information. The Personal Information Protection Supervisor will also provide regular education and training to the Company’s officers and employees.

11. Compliance with Relevant Laws and Regulations, and Review

The Company will comply with the laws and regulations that apply to personal information, and as necessary review and make improvements to initiatives concerning the foregoing matters to thoroughly ensure the protection of personal information.

For inquiries concerning personal information, please contact the Company via the “Contact Us” section on the Company website.

Katsumi Morita, President, SHINTOA CORPORATION

[History]
Established on March 28, 2005
Revised on August 1, 2017
February 1, 2024
July 1, 2024

Handling of Personal Information

Purposes of Use of Personal Information

Personal information acquired by the Company will be used only as permitted by law and regulations and within the scope of the following purposes of use.

  • Contact between customers and the Company, and notices or greetings based on social customs
  • Conclusion or execution of a contract between a customer and the Company, or other transaction management
  • Provision of information concerning the Company’s products and services
  • Investigation, research and analysis related to the Company’s business
  • Provision of information about exhibitions, seminars and other events
  • Reporting of results or other information to persons who have cooperated with or participated in questionnaires, events or similar undertakings
  • Provision of products or services using direct mailing, email transmission, fax communications or other means of communication
  • Provision of corporate information to and necessary communications with job applicants and prospective employees
  • Responding to inquiries from customers
  • Other operations related or incidental to the foregoing

Security management measures

The Company has implemented the following measures to securely manage the personal data it has acquired. Note that the personal information that has been acquired will only be retained for the period necessary to achieve the purposes of use described above.
The Company will determine specific retention periods after taking into account various factors including the purpose of use, nature of the personal data, and the legal or operational need to retain the personal data.

(1) Establishment of Basic Policy
To ensure the appropriate handling of personal data, the Company has formulated this policy as a basic policy stipulating “Name of Business Operator,” “Compliance with Related Laws, Regulations, Guidelines and Other Requirements,” “Matters Concerning Security Control Measures,” “Question and Complain Handling Service” and other information.
(2) Systematic Security Control Measures
The Company has appointed a person responsible for the handling of personal data, established internal regulations on the secure handling of personal data, and built a system to report to and contact the person responsible if facts or signs of a violation of the applicable laws, regulations or internal rules have been ascertained.
(3) Human Security Measures
The Company regularly provides training to officers and employees on matters to be considered when handling personal data.
(4) Physical Security Control Actions
The officers and employees authorized to enter personal data control zones is limited, and the zones are controlled with locked doors (keypad type).
Entry and exit control is implemented for officers and employees in personal data handling zones, to which the entry of persons other than officers and employees without permission is prohibited.
(5) Technological Security Control Actions
The Company implements access control to limit the scope of the assigned personnel and the personal information databases, etc. that are handled, and has introduced systems to protect information systems that handle personal data from unauthorized access from the outside and unauthorized software.

Joint Use of Personal Data

The Company may jointly use the personal data of customers as follows.

1. Items of Personal Data To Be Shared
The company name, address, name, department, job title, telephone number and email address of a customer
2. Scope of Joint Users
The Company, KANEMATSU CORPORATION, and affiliate companies listed in the securities report of Kanematsu Corporation
3. Purposes of Joint Use
For each joint user, the same purpose as use as the Company’s “Purposes of Use of Personal Information” described above, to the extent related to the business of the joint user concerned
4. Name of the Party Responsible for Managing Personal Data
SHINTOA CORPORATION

Procedures for Requests for Disclosure and Other Handling of Personal Data

1. If you wish to submit a request to the Company regarding personal data it retains with respect to the notification of its purpose of use, or its disclosure, correction, addition, deletion, suspension of use, removal or the disclosure of records on its provision to third parties, please fill out the necessary matters in the Company-designated Request Form for the Disclosure, etc. of Retained Personal Data, enclose the request form with the attached documents described below, and mail it to the following address.

Company address: 8th Floor, Marunouchi Center Bldg., 6-1, Marunouchi 1-chome, Chiyoda-ku, Tokyo 100-8383
Personal Information Handling Manager, Human Resources & General Affairs Department, SHINTOA CORPORATION

(Attached documents)
When a request is sent, documentation to confirm the identity of the individual concerned (a copy of driver’s license, passport or health insurance card) must be enclosed, If there is a change of address for a health insurance card or driver’s license, include a copy of the reverse side of the card. Also note that in addition to the attached documents described above, the Company may request that a customer submit other documentation.
(Fees)
When the nature of a request entails notification of the purpose of use of personal data or the disclosure of personal data, an administrative fee may be requested.

2. When the Company has received a Request Form for the Disclosure, etc. of Retained Personal Data and attached documentation as described in section 1 above, if an administrative fee needs to be paid, the Company will respond to the customer or otherwise fulfill their request in accordance with the relevant laws and regulations contingent upon the payment of that administrative fee.

Collection of Personal Information From the Website

1. Use of Cookies
There are pages on the Company website that use a technology known as cookies. A cookie is a function where a website sends data to a user’s internet browsing software (browser) and references the information contained therein so that the user can use the website with greater convenience when they visit again. Cookies do not collect any personal information about users. In addition, browser settings can be configured to refuse to accept cookies.
2. SSL
To enable users to securely enter personal information and other information, the Company website employs Secure Sockets Layer (SSL) encryption technology in the “Contact Us” section. SSL encrypts information entered by a user before sending it.
3. Acquisition of Access Logs
The Company website automatically records information about users in the form of access logs. These access logs contain information including the IP addresses of users, the type of browser they use and the number of accesses, but do not containing information that can identify individual users. While access logs are used for statistics and analysis regarding website usage, they are not used for other purposes.