Personal Information Protection Policy
First published: November 3, 2006
Last revised: October 12, 2023
Yamato Holdings Co., Ltd. (hereinafter referred to as "Our Company") is fully aware of the importance of personal information ("Personal Information" as defined in Article 2, (1) of the Act on the Protection of Personal Information; the same shall apply hereinafter), pseudonymized personal information (information concerning an individual that is processed so that a specific individual cannot be identified without reference to other information), anonymized personal information (information concerning an individual that is obtained by processing personal information so that a specific individual cannot be identified and the said personal information cannot be restored to re-identify the specific individual), and personally related information (information that can be easily collated with other information and thereby identify a specific individual) (hereinafter collectively referred to as "Personal Information") of customers (including consignees), shareholders, officers, employees, applicants for employment (includes applicants for internships; the same shall apply hereinafter), and retirees (hereinafter collectively referred to as "Customers"), and handles them appropriately as part of its corporate social responsibility.
- 1Compliance with Laws and Regulations
In handling Personal Information, Our Company shall comply with related laws and regulations and internal rules concerning the protection of personal information.
- 2 Purpose of Use
With regard to Personal Information, Our Company shall specify the purpose of use and handle it within the scope necessary for achieving the purpose of use, and shall not handle it beyond that scope. If the purpose of use of specific Personal Information is specially limited under laws and regulations, Our Company shall not handle it for any purpose other than the said purpose of use. Please refer to "Purpose of Use of Personal Information" for the handling of Personal Information by Our Company.
- 3Acquisition of Personal Information
Our Company shall obtain the Personal Information of the Customers by proper and lawful means to the extent necessary to achieve the purpose of use.
- 4Proper Management of Personal Data, etc.
Our Company shall take measures to prevent unauthorized access, loss, destruction, falsification, leakage with respect to personal data (Personal data defined in Article 16, (3) of the Act on the Protection of Personal Information). Our Company shall make efforts to ensure that the contents of personal data are accurate and up to date within the scope necessary for the purpose of use and to delete such personal data without delay when the use thereof are no longer necessary.
- 5Restrictions on Provision to Third Parties
In principle, Our Company will not provide personal data to any third party unless the consent of the individual Customers is obtained or such provision is required by law. However, Our Company may provide personal data to parties other than Our Company without the consent of the individual in the case of entrusting another party to handle personal data within the scope necessary for achieving the purpose of use, in the case of a merger, etc., and in the case of joint use with a specific party separately specified.
- 6Handling of Sensitive Personal Information
Our Company will not obtain any sensitive Personal Information (refers to "sensitive personal information" as stipulated in Article 2, (3) of the Act on the Protection of Personal Information) of Customers unless prior consent has been obtained from the individual or unless otherwise required by law.
- 7Supervision of Outsourcing Contractors
When entrusting the handling of personal data of Customers to a third party, Our Company will appropriately supervise the entrusted party to ensure safe information management by concluding a contract, etc.
- 8Joint Use
The personal data of Customers other than shareholders will be shared by Our Group companies. For more information on shared use, please refer to "Sharing Personal Information."
- 9Request for Disclosure, etc., of Personal Data Our Company Holds
Requests for disclosure, correction, deletion, suspension of use, etc., of personal data Our Company holds (“Personal data the entity holds” as defined in Article 16, (4) of the Act on the Protection of Personal Information; the same shall apply hereinafter) will be handled promptly to a reasonable extent by contacting the contact point at Our Company, unless otherwise provided for by laws and regulations. For requests for disclosure, etc., of personal data Our Company holds, please refer to "Requests and Procedures for Disclosure of Personal Information."
If you are a resident of the United States, including California, please visit our website to request disclosure, deletion, or opt out of your personal data under the laws of your state.
- 10Security Control Measures
Our Company has taken the following security control measures to strengthen its efforts to protect Personal Information throughout the company.
- 1Formulation of basic policy
- 2Development of regulations concerning the handling of personal data
For the purpose of appropriate handling and protection of personal data, handling rules have been developed that specify handling methods, responsible persons and persons in charge, their roles, etc.
- 3Organizational security control measures
- The responsible person of each department handling personal data shall be in charge of management, and thoroughly implement security control.
- In the event of leakage of Personal Information or if any fact or sign of violation of laws and regulations or handling regulations is detected, a report to the responsible person shall be made.
- 4Human security control measures
- Implementation of security control training for officers and employees at the time of employment and on a regular basis regarding Personal Information.
- Establishment of rules of employment stipulate the handling of confidentiality and penalties for violations.
- 5Physical security control measures
Define important information management areas (security areas) for buildings and facilities, manage the entry and exit of employees to and from such facilities (rooms), and restrict the equipment to be brought in.
- 6Technical security control measures
Restrict access from the outside with firewalls, regularly monitor unauthorized access, install antivirus software, update pattern files as needed, manage application installation, implement URL filtering, etc.
- 7Grasping the external environment
Confirmation of laws and regulations for the protection of personal information in foreign countries and correspond to them.
- 1Formulation of basic policy
- 11Continuous Improvement
Our Company shall review its management system and actions for the protection of Personal Information as appropriate in light of developments in information technology and changes in social requirements, and endeavor to continuously improve such systems.
- 12About Inquiries
Inquiries regarding Our Company's Personal Information can be received at Our Company (Telephone No.: 03-3541-4141 Reception hours: 9:00 to 17:00 on weekdays).
Yamato Holdings Co., Ltd.
(Business Operator Handling Personal Information)