Privacy Policy
Privacy Policy (Including specified personal information)
The OYO group, as a handler of personal information, considers the protection of personal information and specific personal information as a crucial aspect of our business operations. We have established the 'Personal Information Protection Regulations' and 'Specific Personal Information Handling Regulations' to govern the protection of personal information. Based on the following principles, we strive to handle personal information accurately and securely.
- (2) We will disclose the purpose of collection and use when collecting personal information and specific personal information.
- (3) We use the information we collect within the scope of the individual's consent and do not provide or disclose it to third parties beyond the scope of consent obtained or as required by law. With respect to specific personal information, we do not use, provide, or disclose it to third parties beyond the limits prescribed by law.
- (4) We will take necessary, reasonable, and appropriate safety measures against unauthorized access, leakage, loss or damage to the use and storage of personal information and specific personal information.
- (5) We will respond to any request from the person to disclose, correct, delete, or deny the use of personal information and specific personal information within a reasonable and an appropriate period and range in accordance with laws, ordinances, social norms, and practices.
- (6) We will endeavor to ensure that all board members and employees are aware of the importance and the responsibility of protecting personal information and specific personal information.
- (7) We review and improve our personal information protection and specific personal information practices when necessary.
Purpose of Use of Personal Information
1. Purpose of Use
We will use our personal information and specific personal information for the following purposes.
Personal information |
|
Specific Personal Information |
|
In order to carry out our business smoothly, we may entrust part of our business and deposit personal information and specific personal information held to the extent necessary to the entrusted party. In this case, we select the entrusted party which satisfies the standards established by us, and conclude a contract for the handling of personal information and specific personal information as well as conducting appropriate supervision of the entrusted party.
2. Use for purposes other than the above
In the case it becomes necessary to use personal information for purposes other than the above, we shall obtain the consent of the information provider, except as permitted by laws and regulations. Specific personal information shall not be used for any purpose other than those stipulated by law.
3. Disclosure and provision to third parties
We will not disclose or provide personal information or specific personal information to any third party except when depositing such information with the entrusted party described above or when any of the following applies.
Personal information |
|
Specific Personal Information |
|
4. Security Control Actions
We implement necessary, rational, and appropriate security measures to prevent unauthorized access, leakage, loss, or damage in the use and storage of personal information and specific personal information.
Establishment of Basic Policies | To ensure the appropriate handling of personal data, we have established a 'Personal Information Protection Policy' (this policy) and other related policies. |
The Establishment of Regulations Regarding the Handling of Personal Data |
We have established internal regulations such as the 'Personal Information Protection Regulations' and the 'Guidelines in Handling the Disclosure of Retained Personal Data' to outline the appropriate handling methods of personal data, and the responsibilities of personnel in their duties. |
Institutional Security Control Measures |
As an individual with responsibility and authority over the protection of personal information, we appoint a Personal Information Protection Manager. The Personal Information Protection Manager oversees the establishment of internal regulations related to personal information protection, implementation of security measures, along with education and training. Furthermore, the Personal Information Protection Manager ensures that individuals engaged in activities involving the acquisition, use, provision, or entrustment of personal information understand and comply with the Personal Information Protection Regulations and other relevant guidelines, which clarifies the responsibilities and authorities of the applicable employees. We have also established an effective reporting / communication system with the Personal Information Protection Manager to address instances of factual violations of laws or regulations or signs of such violations. Under the guidance of the Personal Information Protection Manager, the General Affairs Managers of each office function as managers for personal information protection, overseeing the implementation of personal information protection measures under their jurisdiction. We conduct regular self-assessments of the handling of personal data and perform audits conducted by auditors as defined in the regulations. |
Human Security Control Measures |
In order to ensure the appropriate acquisition, usage, provision, entrustment, etc. of personal information, we provide continuous and regular training to our employees. Furthermore, our employees are required to submit a pledge prescribed by the Company upon joining and leaving the company to ensure adherence to the information management practices. |
Physical Security Control Measures |
We have defined the scope of management for handling personal data and are implementing proper employee access control and security measures. Based on standards for media handling, we impose restrictions on devices that handle personal data. For portable information devices and storage media, security measures are implemented to guard against theft, loss, and other security risks. |
Technical Security Control Measures |
We have placed a firewall at connection points with external networks to block unauthorized access. In addition to the security software, our information systems and computers are equipped with systems that detect and remove unauthorized behavior, thereby preventing third-party intrusion. Access to our information systems and data is controlled through device authentication and user authentication. Proper access controls are implemented to restrict usage. For laptops and external storage media taken outside the company premises, we enforce user authentication and device encryption. |
Contact regarding Personal Information
1. How to make inquiries
Inquiries regarding personal information or specific personal information, as well as requests for disclosure, correction, suspension of use, deletion, etc. of retained personal data and records of third-party provision of personal data, please contact the following inquiry desk.
Personal Information Contact Point |
Administration Department, Administration Headquarters: +81-3-5577-4501 (representative) E-mail: prosight@oyonet.oyo.co.jp |
Specific Personal Information Contact Point |
Human Resource Planning Department, Administration Headquarters: +81-3-5577-6722 E-mail: jinji@oyonet.oyo.co.jp |
2. Procedures for Requesting for Disclosure of Personal Information, etc.
The procedures for requesting disclosure (disclosure, correction, suspension of use, deletion, etc.) of retained personal data and records of third-party provision of personal data are as follows.
(1) Request for Disclosure, etc. |
When requesting disclosure of personal information, please fill in the documents specified in (2) and mail them to the following address. Please write "Disclosure Request Documents"
in red on the envelope.
(Request for disclosure of personal information) Administration Department, Administration Headquarters, OYO Corporation 7 Kanda-Mitoshiro-cho, Chiyoda-ku, Tokyo, 101-8486, Japan (Request for specific personal information) Human Resource Planning Department, Administration Headquarters, OYO Corporation 7 Kanda-Mitoshiro-cho, Chiyoda-ku, Tokyo, 101-8486, Japan |
(2) Documents to be submitted upon request |
When requesting disclosure, please download the following request form, fill out all necessary items, enclose the identification documents and service charge (only in the case of disclosure request), and send them by mail.
|
(3) Request for disclosure, etc. by an agent |
If the agent is the applicant of request for disclosure, etc., please enclose the agent's identification document and a document certifying the relationship with the person.
|
(4) Disclosure request service charge |
A service charge is required to make a disclosure request.
|
(5) Response to the request |
The requested personal data disclosure and related documents will be sent via registered and limited delivery mail to the address of the requester (or the address of the representative if requested by a representative). If you prefer email, the information will be sent to the email address provided in the personal data disclosure request. |
(6) Purpose of use of personal information acquired in response to requests for disclosure, etc. |
Personal information acquired in response to requests for disclosure, etc. shall be handled only to the extent necessary to respond to the request for disclosure, etc. |
(7) Causes of non-disclosure |
If a request for disclosure, etc. falls under any of the following, we will not disclose. If we decide not to disclose the information, you will be notified to that effect with the reason attached. In that case, service charge will not be refunded.
|
Date of Establishment: April 1, 2005
Revision date: February 1, 2019
Revision date: April 1, 2023