Privacy Policy

Privacy Policy (Including specified personal information)

The OYO group, as a handler of personal information, considers the protection of personal information and specific personal information as a crucial aspect of our business operations. We have established the 'Personal Information Protection Regulations' and 'Specific Personal Information Handling Regulations' to govern the protection of personal information. Based on the following principles, we strive to handle personal information accurately and securely.

  1. (2) We will disclose the purpose of collection and use when collecting personal information and specific personal information.
  2. (3) We use the information we collect within the scope of the individual's consent and do not provide or disclose it to third parties beyond the scope of consent obtained or as required by law. With respect to specific personal information, we do not use, provide, or disclose it to third parties beyond the limits prescribed by law.
  3. (4) We will take necessary, reasonable, and appropriate safety measures against unauthorized access, leakage, loss or damage to the use and storage of personal information and specific personal information.
  4. (5) We will respond to any request from the person to disclose, correct, delete, or deny the use of personal information and specific personal information within a reasonable and an appropriate period and range in accordance with laws, ordinances, social norms, and practices.
  5. (6) We will endeavor to ensure that all board members and employees are aware of the importance and the responsibility of protecting personal information and specific personal information.
  6. (7) We review and improve our personal information protection and specific personal information practices when necessary.

Purpose of Use of Personal Information

1. Purpose of Use

We will use our personal information and specific personal information for the following purposes.

Personal information
  1. Contacts for business purposes, execution of contracts (provision of services, goods, etc.)
  2. Sending of information on the services and products we and our group companies provide
  3. Sending information on exhibitions and seminars held by us and group companies
  4. Carrying out customer satisfaction surveys, etc.
  5. Response to inquiries or requests from the information provider
  6. Otherwise, the purpose informed to the information provider in advance and obtained with the consent of the information provider.
Specific Personal Information
  1. Affairs related to withholding by employers under the Income Tax Act
  2. Affairs related to the individual inhabitant tax carried out by the employer under the Local Tax Act
  3. Affairs related to employment insurance carried out by employers under the Employment Insurance Act
  4. Affairs related health insurance (applications and benefits) carried out by employers under the Health Insurance Act
  5. Affairs related welfare pension insurance (applications) carried out by employers under the Welfare Pension Insurance Act
  6. Affairs related to (1) to (5) above

In order to carry out our business smoothly, we may entrust part of our business and deposit personal information and specific personal information held to the extent necessary to the entrusted party. In this case, we select the entrusted party which satisfies the standards established by us, and conclude a contract for the handling of personal information and specific personal information as well as conducting appropriate supervision of the entrusted party.

2. Use for purposes other than the above

In the case it becomes necessary to use personal information for purposes other than the above, we shall obtain the consent of the information provider, except as permitted by laws and regulations. Specific personal information shall not be used for any purpose other than those stipulated by law.

3. Disclosure and provision to third parties

We will not disclose or provide personal information or specific personal information to any third party except when depositing such information with the entrusted party described above or when any of the following applies.

Personal information
  1. The case where the consent of the information provider is obtained (excluding specific personal information)
  2. The case when disclosing or providing statistical data or other information in a state where the person cannot be identified
  3. The case when disclosure and provision are requested in accordance with laws and regulations
  4. The cases where it is necessary for the protection of the life, body, or property of a person and where it is difficult to obtain the consent of the information provider
  5. The case where it needs to cooperate with the national government or local governments, etc., in implementing public affairs, and there is a risk of hindering the execution of such affairs by obtaining the consent of the information provider
Specific Personal Information
  1. The case when providing to an Administrative Organ, etc. or a Health Insurance Association, etc. in accordance with laws and regulations, in order to process affairs related to individual numbers
  2. The case when the business is succeeded due to the entrustment of all or part of administrative procedures or merger, etc.
  3. The case when requested by the Specific Personal Information Protection Committee
  4. The case when it is necessary for the public interest
  5. The case when it is necessary for the protection of human life, body, or property
  6. Any other case prescribed by laws and regulations

4. Security Control Actions

We implement necessary, rational, and appropriate security measures to prevent unauthorized access, leakage, loss, or damage in the use and storage of personal information and specific personal information.

Establishment of Basic Policies To ensure the appropriate handling of personal data, we have established a 'Personal Information Protection Policy' (this policy) and other related policies.
The Establishment of Regulations Regarding the Handling of Personal Data

We have established internal regulations such as the 'Personal Information Protection Regulations' and the 'Guidelines in Handling the Disclosure of Retained Personal Data' to outline the appropriate handling methods of personal data, and the responsibilities of personnel in their duties.

Institutional Security Control Measures

As an individual with responsibility and authority over the protection of personal information, we appoint a Personal Information Protection Manager. The Personal Information Protection Manager oversees the establishment of internal regulations related to personal information protection, implementation of security measures, along with education and training.

Furthermore, the Personal Information Protection Manager ensures that individuals engaged in activities involving the acquisition, use, provision, or entrustment of personal information understand and comply with the Personal Information Protection Regulations and other relevant guidelines, which clarifies the responsibilities and authorities of the applicable employees.

We have also established an effective reporting / communication system with the Personal Information Protection Manager to address instances of factual violations of laws or regulations or signs of such violations.

Under the guidance of the Personal Information Protection Manager, the General Affairs Managers of each office function as managers for personal information protection, overseeing the implementation of personal information protection measures under their jurisdiction.

We conduct regular self-assessments of the handling of personal data and perform audits conducted by auditors as defined in the regulations.
Human Security Control Measures

In order to ensure the appropriate acquisition, usage, provision, entrustment, etc. of personal information, we provide continuous and regular training to our employees.

Furthermore, our employees are required to submit a pledge prescribed by the Company upon joining and leaving the company to ensure adherence to the information management practices.

Physical Security Control Measures

We have defined the scope of management for handling personal data and are implementing proper employee access control and security measures.

Based on standards for media handling, we impose restrictions on devices that handle personal data. For portable information devices and storage media, security measures are implemented to guard against theft, loss, and other security risks.

Technical Security Control Measures

We have placed a firewall at connection points with external networks to block unauthorized access.

In addition to the security software, our information systems and computers are equipped with systems that detect and remove unauthorized behavior, thereby preventing third-party intrusion.

Access to our information systems and data is controlled through device authentication and user authentication. Proper access controls are implemented to restrict usage.

For laptops and external storage media taken outside the company premises, we enforce user authentication and device encryption.

Contact regarding Personal Information

1. How to make inquiries

Inquiries regarding personal information or specific personal information, as well as requests for disclosure, correction, suspension of use, deletion, etc. of retained personal data and records of third-party provision of personal data, please contact the following inquiry desk.

Personal Information Contact Point Administration Department, Administration Headquarters: +81-3-5577-4501 (representative)
E-mail: prosight@oyonet.oyo.co.jp
Specific Personal Information Contact Point Human Resource Planning Department, Administration Headquarters: +81-3-5577-6722
E-mail: jinji@oyonet.oyo.co.jp

2. Procedures for Requesting for Disclosure of Personal Information, etc.

The procedures for requesting disclosure (disclosure, correction, suspension of use, deletion, etc.) of retained personal data and records of third-party provision of personal data are as follows.

(1) Request for Disclosure, etc.

 When requesting disclosure of personal information, please fill in the documents specified in (2) and mail them to the following address. Please write "Disclosure Request Documents" in red on the envelope.

(Request for disclosure of personal information)
Administration Department, Administration Headquarters,
OYO Corporation
7 Kanda-Mitoshiro-cho, Chiyoda-ku, Tokyo, 101-8486, Japan

(Request for specific personal information)
Human Resource Planning Department, Administration Headquarters,
OYO Corporation
7 Kanda-Mitoshiro-cho, Chiyoda-ku, Tokyo, 101-8486, Japan

(2) Documents to be submitted upon request

When requesting disclosure, please download the following request form, fill out all necessary items, enclose the identification documents and service charge (only in the case of disclosure request), and send them by mail.

  2. Identification Documents (Copies of any of the following)
    driver's license, health insurance card, pension book, passport

    • driver's license
    • health insurance card
    • pension book
    • passport
    • My Number Card
  3. Service charge (only in case of disclosure request)

(3) Request for disclosure, etc. by an agent

If the agent is the applicant of request for disclosure, etc., please enclose the agent's identification document and a document certifying the relationship with the person.

  1. Identification documents of the agent (Copies of any of the following)
    • driver's license
    • health insurance card
    • pension book
    • passport
    • My Number Card

  2. Documents certifying the relationship with the person (any of the following)

    Legal representative

    • a copy of their family register, an abstract of their family register (issued within three months)
    • a written representation of the registered items of the guardian of an adult (Issued within 3 months)
    • documents that prove they are the legal representative

    Voluntary representative

    • a power of attorney and a certificate of registered seal (issued within three months)
    • documents that prove they are the voluntary representative

(4) Disclosure request service charge

A service charge is required to make a disclosure request.

  1. Service charge
    1,000 yen (including tax) for each request
  2. Payment Method
    Please enclose the amount of the postal money order
  3. Precaution
    • If the charge is insufficient, or if the charge is not enclosed, we will notify you to that effect. If you will not pay the charge within the prescribed period, you will be treated as if you have not requested disclosure.
    • The charge shall not be refunded even if it falls under the grounds for non-disclosure.

(5) Response to the request

 The requested personal data disclosure and related documents will be sent via registered and limited delivery mail to the address of the requester (or the address of the representative if requested by a representative). If you prefer email, the information will be sent to the email address provided in the personal data disclosure request.

(6) Purpose of use of personal information acquired in response to requests for disclosure, etc.

 Personal information acquired in response to requests for disclosure, etc. shall be handled only to the extent necessary to respond to the request for disclosure, etc.

(7) Causes of non-disclosure

If a request for disclosure, etc. falls under any of the following, we will not disclose. If we decide not to disclose the information, you will be notified to that effect with the reason attached. In that case, service charge will not be refunded.

  • The case where there is a risk of harm to the life, body, property or other rights and interests of the person or a third party
  • The case where there is a risk of causing a significant hindrance to the proper business operations
  • The case where it violates laws and regulations
  • The case when the requested retained personal data does not exist
  • The cases where identity confirmation of the applicant is unable to be made
  • The case where a request that does not follow the procedures specified by us
  • The case where "Request Form for Disclosure of Retained Personal Data" or identification document is deficient and there is no notice of correction within 30 days from the time when we asked for correction
  • The case when the authority of representation cannot be confirmed at the time of application by the agent
  • The case where the prescribed fee is not paid upon submission of a request for disclosure of retained personal data

Date of Establishment: April 1, 2005
Revision date: February 1, 2019
Revision date: April 1, 2023