JapaneseSB C&S Corp. (hereinafter the “Company”) has established, based on the Act on Protection of Personal Information (Act No. 57, 2003) and the Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure (Act No. 27, 2013), the Action Guidelines for the Protection of Personal Information as a privacy policy pertaining to the treatment of personal information. The Company declares to observe the Action Guidelines for the Protection of Personal Information and to treat all personal information, including information on customers more safely and appropriately.
The Action Guidelines for the Protection of Personal Information prescribes the Company’s basic guidelines pertaining to all personal information that the Company collects and uses.
Action Guidelines for Protection of Personal Information
Treatment of the personal information in various businesses operated by the Company shall be as stipulated in this Treatment of Personal Information.
Treatment of Personal Information
The Company treats the personal information in secondhand articles businesses as follows:
Treatment of Personal Information in Secondhand Articles Business
The Company treats personal information of employees, employment applicants and resigned employees as follows:
Handling of Employee Personal Information
When Company collects personal information other than as stated in this Treatment of Personal Information, the purposes of use will be clearly stated upon collection each time.
SB C&S Corp. (hereinafter referred to as the Company) has established Information Security Policy to always gain the confidence of customers and society by taking drastic and high level measures against the risk of leakage of information.
From now on, the Company will strive to maintain information security by observing this Information Security Policy and Action Guidelines for the Protection of Personal Information stated separately, protecting information property from various threats, and treating the information properly.
- 1. Establishment of Information Security Management System
- The Company will establish a very secure Information Security Management System so as to always gain the confidence of society by protecting the information properly in the possession of the Company and observing the laws and regulations pertaining to information security and other norms.
- 2. Deployment of Chief Information Security Officer
- The Company will deploy a Chief Information Security Officer (CISO) so as to clarify who is responsible for information security. The Company will appoint the vice president of each division as the information security officer of the division. By placing the information security officer at each division, Chief Information Security Officer (CISO) will do positive activities so as to grasp the status of the information security at the company level correctly and take the necessary countermeasures promptly.
- 3. Preparation of Internal Regulations pertaining to Information Security
- The Company will prepare internal regulations pursuant to the Information Security Policy, indicate a clear policy pertaining to the treatment of general information, as well as personal information, and make it well known inside and outside the Company that the Company will take a tough stance on information leakage, etc.
- 4. Preparation and Enhancement of Inspection System
- The Company will prepare a system that enables internal inspection of compliance with an Information Security Policy and regulations, rules, etc. The Company will strive to continue inspections by outside inspectors so as to receive more objective evaluations. The Company will prove that employees observe the Security Policy by carrying out such inspections systematically.
- 5. Realization of System with Drastic Information Security Measures
- The Company will realize a system reflecting drastic measures against the wrong approach, leakage, falsification, loss, destruction, and interference of use of information. As to measures, the Company will take the attitude to thoroughly control access to data and systems with work in a security area, grant of access rights based on the need to know principle*, restriction of database access rights, etc.
N.B.
* Need to know principle means the principle that information is given only to persons who need to know it and not given to persons who do not need to know it. - 6. Improvement or Information Security Literacy
- The Company will educate and train employees thoroughly so that all members concerning information of the Company may carry out their duties with information security literacy. The Company will continue education and training so as to be able to cope with the changing situation.
- 7. Reinforcement of Control System at Business Subcontractor
- In concluding business subcontracts, the Company will make due checks of eligibility for subcontractors and request maintenance of the same security level as the Company or higher. The Company will review the business subcontractor continuously and strive for reinforcement of the contract so that the Company may continue to confirm that the security level is properly maintained.
- 8. Continuous improvements of Information Security
- The Company will revise continually internal regulations and various measures relating to information security in line with changes in society, technology, laws, etc. with an eye to making improvements.
Information as the objective of this Policy means the information obtained and known through business activities of the Company and all information possessed by the Company in the course of business, and the officers, staffs, temporary employees of the Company engaged in treatment of and control of the information property and the Business Subcontractor and Employees thereof who treat the information property of the Company shall observe the Policy.
Personal Information Inquiries
– This Information Security Policy is in force as of April 1, 2014.
– Revised as of November 1, 2014.
– Revised as of February 1, 2015.
– Revised as of May 1, 2017.