8. Security Control Measures and Supervision over Outsourcing Parties
To protect personal information of the Person against unauthorized disclosure, loss or destruction, the Company will incorporate appropriate company organizations and strict security measures for the protection of personal information by means of establishing, and reviewing and revising from time to time, internal regulations regarding the protection of personal information (Including security control measures according to each stage of acquisition, use, maintenance, etc. of personal data).
[Formulation of Policies and Disciplines regarding personal information protection]
In order to ensure the proper handling of personal data, the company has formulated this Privacy Policy (Personal Information Protection Policy) regarding “Compliance with Applicable Laws and Regulations” and “Contact for Inquiries about Protection of Personal Information”, etc. In addition, the Company has formulated internal rules such as “Personal information handling regulations” for each stage of acquisition, use, storage, provision, deletion, disposal, etc. of personal data, regarding methods, responsible persons, and their duties.
[Organizational Security Control Measures]
In addition to defining the responsibility and authority for the handling of personal data, clarifying the officers and employees who handle personal data and scope of personal data handled by those, the Company has established a reporting and liaison system in the event of facts or signs of violations of the Personal Information Protection Law or Personal information handling regulations are identified. The Company also regularly conducts self-checks and audits regarding the handling of personal data.
[Human Security Control Measures]
The Company continuously provides educational training etc. to its officers and employees regarding matters to consider regarding the handling of personal data, and provide guidance and supervision to ensure security management.
The Company requires its officers and employees to submit a letter regarding confidentiality of information at the time of joining and resigning the Company, in order to maintain the confidentiality of personal information and not to use it outside of work. In addition, the Company has stipulated in our employment regulations that we must comply with the prohibition of information leakage of confidential information including personal information, and works to make it known.
[Physical Security Control Measures]
In addition to locked storage of important documents that contain personal information, by such as monitoring people who enter and exit the office with video recordings, the Company take measures to prevent unauthorized person from viewing personal data, and to prevent theft or loss of such as equipment, electronic media, documents to process personal data.
[Technical Security Control Measures]
In addition to implementing access control for the information system and limiting the scope of the personal information database, etc. and access right holders of them, the Company monitors the usage and handling status by managing access logs on the information system, etc. The Company takes measures to protect its information systems that process personal data from unauthorized external access or unauthorized software.
[Supervision over Outsourcing Parties]
When entrusting the handling of personal information, etc., the Company will make appropriate selection of outsourcing parties, and set up necessary and appropriate supervision over outsourcing parties to ensure its security.
[International Transfer of Personal Information associated with entrusting the handling]
When entrusting the handling of personal information to a foreign corporation, etc., the Company will do so only when the Person consents in advance, and will announce or notify the following matters regarding the entrustment.
(1) Method of providing personal information to the foreign contractor;
(2) Measures implemented by the foreign contractor;
(3) Systems concerning the protection of personal information in the foreign country;
(4) Frequency and method of confirmation regarding protection of personal information;
(5) Suspension of provision of personal information;