4. Security control measures for retained personal data
The Group at all times manages retained personal data carefully and appropriately, as follows.
4-1. Establishment of rules relating to the handling of personal data
At each stage of acquisition, use and provision of personal data, regulations on the handling of personal data are formulated with respect to how they are to be handled, the person(s) responsible, the person(s) in charge, their respective duties, etc.
4-2. Organizational security control measures
In addition to establishing the person(s) responsible for the handling of personal data, and clarifying which employees are to handle the personal data, and the scope of personal data to be handled by the said employees, a system is in place whereby any actual violation, or any indication of violation, of the law or regulations on the handling of personal data is reported to the person(s) responsible.
4-3. Individual security control measures
Employees undergo regular training on points of attention pertaining to the handling of personal data. In addition, efforts are made to prevent leaks via employees, with matters relating to the confidentiality of personal data being set out in the rules of employment.
4-4. Physical security control measures
In addition to monitoring employee access to areas where personal data are handled, and restricting equipment that may be brought into the area, measures are in place to prevent the viewing of personal data by unauthorized persons.
4-5. Technical security control measures
Access controls are in effect, with limits set on the persons in charge and the scope of personal data they handle. In addition, mechanisms have been introduced to protect the information system that handles the personal data from malware or unauthorized access from outside.
4-6.Grasp of the external environment
Websites operated by the Group and some file servers make use of the Cloud, which is located in the United States of America, so that some customer and business partner personal data are stored in the USA. The Group also makes use of marketing automation tools and webinar delivery tools that are located in the USA. The Group implements security control measures with a clear grasp of the system relating to the protection of personal information in the USA.
5. Disclosure of retained personal data
For more information on the following requests relating to the handling of retained personal data, complaints and on the provision of personal data to third parties outside Japan, please contact the inquiries address given under paragraph 6 below.
- Disclosure of retained personal data
- Disclosure of records provided to third parties
- Correction, addition or deletion of retained personal data
- Suspension of use or erasure of retained personal data