Action Guidelines for Protection of Personal Information
SoftBank Commerce & Service Corp. (hereinafter referred to as the “Company”) strives for thorough compliance with the Act on the Protection of Personal Information (Act No. 57, 2003), Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure (Act No. 27, 2013), Guidelines for proper handling of Specific Personal Information (for private entities) and Personal Information Protection Management System – Requirements (JIS Q 15001) and endeavors to execute the following respective items in order to protect personal information.
1. Enhancement of Employee Training
The Company will prepare learning material pertaining to the protection of personal information and distribute the same to all personnel of the Company and dispatched employees, and execute training by making all personnel of the Company and dispatched employees who treat personal information an object at least once a year.
2. Preparation of Internal Regulations pertaining to Protection of Personal Information
The Company will prepare internal regulations pertaining to the Protection of Personal Information, indicate a clear policy pertaining to the treatment of personal information, and make it well known inside the Company that the Company will take a tough stance on personal information leakage, etc.
3. Deployment of Protection Administrator of Personal Information and Enhancement of Function
The Company will deploy a Protection Administrator of Personal Information and assign the Chief Information Security Officer to that post and prepare a system clearing roles to execute compliance with the laws and regulations and guidelines, establishment of internal regulations, preparation of inspection system, supervision of treatment of personal information, and so forth.
4. Implementation of Proper Information Security Measures
The Company will prevent leakage, loss, or damage to personal information; control access to personal information; restrict taking out personal information for safety control of personal information; and take measures to prevent wrong access from outside and other necessary and appropriate measures.
5. Regarding Business Subcontract
(1) The Company may subcontract the whole or part of the treatment of personal information in sales operations, work to answer queries, marketing business, and other business. The contractor may be outside of Japan.
- (2) In concluding business subcontracts, the Company will make due check of eligibility for a party to whom the business is subcontracted. In the business subcontract, the Company will prescribe safety control measures, confidentiality, terms and conditions of re-entrustment, and other matters pertaining to the proper treatment of personal information, and appropriately supervise the business subcontractor of the Company by carrying out regular monitoring, etc., on the state of the subcontracted business.
- (3) With regard to personal information provided (deposited) by the entrustor together with the business entrusted to the Company, the Company will use the same to the extent required for accomplishment of the purpose of the contract with the said entrustor.
6. Preparation and Enhancement of Inspection System
The Company will prepare a system to inspect the company as to whether the protection of personal information is properly carried out or not.
In addition, the inspection utilizing access log is considered effective to finding out a leaker of personal information and prevent leakage by exerting a deterrent effect thereof, and the Company will study an execution method of such inspection.
7. Proper collection, Use, Provision, and Publication of Personal Information
In collection of personal information, the Company will make the usage purpose clear, and receive personal information in legal and just way by means of documents like application, pictures like website, verbal information, etc. Besides, in use, provision and publication of personal information, the Company will consider contents and size of business and properly execute the same, and when it is used for consideration of new services, etc., it performs irreversible anonymous processing to the extent that individual can not be identified. Furthermore, in answering to customers on phone, the talk may be recorded for confirming the contents of query (opinion, request, etc.) and improving service.
8. Continuous Improvement of Action pertaining to Protection of Personal Information
The Company will continuously review and improve actions pertaining to the protection of personal information set forth in the above clauses 1 to 7.
9. Regarding Revision
The Company may revise the whole or part of the Action Guidelines for Protection of Personal Information. In the event of critical revision, it will be reported on the website of the Company, etc.
Objective of the Action Guidelines for Protection of Personal Information
“Personal Information” as used in the Action Guidelines for Protection of Personal Information means that information relating to a living individual which falls under any of each following item:
(i) those containing a name, date of birth, or other descriptions etc. (meaning any and all matters (excluding an individual identification code) stated, recorded or otherwise expressed using voice, movement or other methods in a document, drawing or electromagnetic record (meaning a record kept in an electromagnetic form (meaning an electronic, magnetic or other forms that cannot be recognized through the human senses; whereby a specific individual can be identified (including those which can be readily collated with other information and thereby identify a specific individual)
(ii) those containing an individual identification code
The Action Guidelines for Protection of Personal Information is applied to all personal information in the possession of the Company unless otherwise notified.
– Action Guidelines for Protection of Personal Information is in force as of April 1, 2014.
– Revised as of December 1, 2015.
– Revised as of May 1, 2017.
SoftBank Commerce & Service Corp.
President & CEO
Regarding Treatment of Personal Information
The Company aims at the provision of IT logistics services and uses and jointly uses personal information and provide a third party with personal information as follows.
1. Usage Purpose of Personal Information
- (1) Usage purpose of personal information
- The Company will use the collected personal information mainly for puposes of the following:
1) to provide of goods, services, work, etc., based on IT logistics service;
2) to provide of membership service and the services;
3) to provide of advertisements, promotion and marketing content;
4) to undertake service improvement, research and development;
5) to respond appropriately to customer inquiries; and
6) to prevent and mitigate fraudulent or illegal activities
- In addition to the aforementioned puposes, the Company will use the collected personal information for puposes of the following:
- 1. Provision of goods, services, work, etc., based on IT logistics service.
- To provide functionality of the Company’s sytem, and to offer, provide, manage, the estimations and the orders of products or servises.
- 2. Provision of membership service and the other services.
- To enable customer’s use of the membership service and the other services,
To deliver products or provide services, content, and information related to the membership service and the other services.
- 3. Advertisements, promotion and marketing.
- To display or send to customers advertising content, such as direct mail or email newsletters, relating to products, service, campaign, seminar, with customers’s consent, or via methods otherwise permitted under applicable law.
- 4. Improvement of service , research and development.
- To improve existing services and conduct for the development of new services.
- 5. Responding appropriately to customer inquiries.
- To respond appropriately to customers inquiries, complaints, or requests in relation to Company’s services and advertisements.
- 6. Prevention and mitigation of fraudulent or illegal activities.
- To engage in prevention activities of, to identify and to investigate fraudulence, cyber-attacks and other illigal or potentially illegal activities, or to engage in any other activities necessary to protect the legal rights of the Company or the other party.
- (2) Joint Use
- The Company aims at provisions of IT logistics service and uses personal information jointly as follows.
- a. The parties who use personal information jointly with the Company:
- SoftBank Corp.
- Group companies of the Company.
- b. Personal information to be used jointly:
- Name, e-mail address, basic information of enterprises (address, telephone number, facsimile number,etc.), and all personal information acquired through IT logistics service.
- c. Purpose of joint use:Marketing research and analysis.
- d. Protecting manager of personal information used jointly:Chief Information Security Officer of the Company.
- (3) Provision to a Third Party
- The Company may notify a third party, police or other relevant agency of information provided by an individual when the Company considers it causes disadvantage to a third party. In the event the Company is requested to disclose the information provided by the said individual by a court, public prosecutor’s office, police, bar association, consumer consultation center, or other agencies having the equivalent right, the Company may disclose the information in compliance with such request, or provide the information for the purpose of protection of rights and property of the Company.
2. Regarding Disclosure, Revision, and Suspension of Use of Personal Information
(1) In the event that the Company is requested by the person concerned personally to notify or disclose the purpose of use of or revision of the personal information that the Company receives from the customer, the Company will answer to it in writing (provided that the person consents to this means).
At the time of the said answer, the Company may claim the charge within a reasonable extent taking the actual cost into account.
(2) With regard to inquiry by the person concerned about disclosure, revision or the like of personal information which the Company receives from the customer and complaint about treatment of the said personal information, please present the same to the following contact.
Personal Information Inquiries
– Regarding Treatment of Personal Information is in force as of April 1, 2014.
– Revised as of April 1, 2015.
– Revised as of July 1, 2015.
– Revised as of May 1, 2017.