Regarding Personal Information
Regarding Protection of Personal Information
The Action Guideline for Protection of Personal Information prescribes basic guidelines pertaining to personal information of the Company considering all personal information that the Company collects and uses as the object thereof.
Action Guideline for Protection of Personal Information
Regarding Treatment of Personal Information
Regarding Personal Information of the Personnel
The Company treats the personal information of the personnel out of the personal information that the Company treats as follows.
Regarding Treatment of Personal Information of the Personnel
Usage purpose in case of collecting personal information other than that of this Regarding Personal Information is made clear every time of collection.
Information Security Policy
SoftBank Commerce & Service Corp. (hereinafter referred to as the Company) has established Information Security Policy to always gain the confidence of customers and society by taking drastic and high level measures against the risk of leakage of information.
Operation of Information Security Policy
- 1. Establishment of Information Security Management System
- The Company will establish a very secure Information Security Management System so as to always gain the confidence of society by protecting the information properly in the possession of the Company and observing the laws and regulations pertaining to information security and other norms.
- 2. Deployment of Chief Information Security Officer
- The Company will deploy a Chief Information Security Officer (CISO) so as to clarify who is responsible for information security. The Company will appoint the vice president of each division as the information security officer of the division. By placing the information security officer at each division, Chief Information Security Officer (CISO) will do positive activities so as to grasp the status of the information security at the company level correctly and take the necessary countermeasures promptly.
- 3. Preparation of Internal Regulations pertaining to Information Security
- The Company will prepare internal regulations pursuant to the Information Security Policy, indicate a clear policy pertaining to the treatment of general information, as well as personal information, and make it well known inside and outside the Company that the Company will take a tough stance on information leakage, etc.
- 4. Preparation and Enhancement of Inspection System
- The Company will prepare a system that enables internal inspection of compliance with an Information Security Policy and regulations, rules, etc. The Company will strive to continue inspections by outside inspectors so as to receive more objective evaluations. The Company will prove that employees observe the Security Policy by carrying out such inspections systematically.
- 5. Realization of System with Drastic Information Security Measures
- The Company will realize a system reflecting drastic measures against the wrong approach, leakage, falsification, loss, destruction, and interference of use of information. As to measures, the Company will take the attitude to thoroughly control access to data and systems with work in a security area, grant of access rights based on the need to know principle*, restriction of database access rights, etc.
* Need to know principle means the principle that information is given only to persons who need to know it and not given to persons who do not need to know it.
- 6. Improvement or Information Security Literacy
- The Company will educate and train employees thoroughly so that all members concerning information of the Company may carry out their duties with information security literacy. The Company will continue education and training so as to be able to cope with the changing situation.
- 7. Reinforcement of Control System at Business Subcontractor
- In concluding business subcontracts, the Company will make due checks of eligibility for subcontractors and request maintenance of the same security level as the Company or higher. The Company will review the business subcontractor continuously and strive for reinforcement of the contract so that the Company may continue to confirm that the security level is properly maintained.
- 8. Continuous improvements of Information Security
- The Company will revise continually internal regulations and various measures relating to information security in line with changes in society, technology, laws, etc. with an eye to making improvements.
Objects of Information Security Policy
Information as the objective of this Policy means the information obtained and known through business activities of the Company and all information possessed by the Company in the course of business, and the officers, staffs, temporary employees of the Company engaged in treatment of and control of the information property and the Business Subcontractor and Employees thereof who treat the information property of the Company shall observe the Policy.
Personal Information Inquiries
– This Information Security Policy is in force as of April 1, 2014.
– Revised as of November 1, 2014.
– Revised as of February 1, 2015.
– Revised as of May 1, 2017.