Handling of Personal Information
(1) Purpose of Use of Retained Personal Data
上記1.(1)~(3)、(5)〜(7)の通り。
(2) Procedures for Requests for Disclosure, etc.
For retained personal data handled by the Company, we will promptly respond to any requests for notification of the purpose of use, disclosure, correction, addition, deletion, suspension of use, erasure, or suspension of provision to third parties (collectively, “Requests for Disclosure, etc.”), as well as requests for disclosure of records of provision to third parties.
For detailed procedures regarding such requests (including submission methods, application forms, and identity verification), please contact the office listed in section 4. Inquiries regarding the handling of personal information below.
(3) Complaints Regarding the Handling of Retained Personal Data
For complaints or inquiries concerning the handling of retained personal data, please contact the office listed in section 4 below.
Taking into consideration the external environment, the Association implements the following measures to ensure the secure management of retained personal data.
| Organizational Security Measures | We have established an internal framework to ensure compliance with regulations governing the handling of personal data, developed mechanisms to monitor handling status, and established systems to respond to incidents such as data breaches. We also take necessary measures to review and continuously improve our security management practices based on the results of regular assessments. |
|---|---|
| Human Security Measures | We provide regular training and awareness programs for employees on the proper handling of personal data. In addition, all employees are required to sign confidentiality agreements that include provisions regarding the protection of personal information. |
| Physical Security Measures | We implement appropriate measures to manage areas where personal data is handled, prevent theft or loss of devices and electronic media, prevent data leakage when such media are transported, and ensure the secure deletion or disposal of personal data, devices, and storage media when no longer required. |
| Technical Security Measures | We have implemented measures such as access control, user identification and authentication, prevention of unauthorized external access, and safeguards to prevent information leakage during system use. |
(5) Outsourcing of Personal Data Handling
The Company may outsource the handling of personal information. In such cases, we conduct appropriate and necessary supervision to ensure that contractors properly manage and protect the security of the entrusted personal information.
3. Information security basic policy
| 01 | The Company prioritizes the protection of risks such as loss, destruction, tampering, and leakage at all times in order to provide thorough security measures for information assets of customers and others handled in business. |
|---|---|
| 02 | The Company employs security measures that are appropriate for its information assets, taking into account their value and aiming to maximize their effective exploitation. |
| 03 | The Company establishes an internal 'Risk Management Committee' to oversee information security. In addition, it designates accountable individuals and personnel for managing information security at the departmental level, and enforces, administers, and advocates for security measures for information assets through a comprehensive organizational framework. |
| 04 | The Company consistently organizes educational and awareness initiatives about information security for all personnel, including officers, employees, and part-time workers and strives for thorough dissemination of the information security policy. All officers, employees, etc., who handle information assets, are required to comply with the information security policy and fulfill the obligations and responsibilities stipulated therein. |
| 05 | The Company regularly performs risk assessments on its information assets, including technical improvements and changes in the business environment from various perspectives. The Company's purpose is to uphold and enhance information security by aligning the outcomes with the information security policy and implementing various measures accordingly. |
| 06 | We are committed to conducting frequent audits of operational factors pertaining to information security and actively striving to ensure information security by implementing relevant corrective actions as needed. |
| 07 | We aim to maintain the structure of the online society and actively contribute to its healthy development. |
| 08 | The Company complies with other laws and regulations related to information security. |
| 09 | The Company implements an information security management system to address risks associated with information security. The system is executed and undergoes continuous assessment and improvement. |
4. Inquiries regarding the handling of personal information.
SANAN CONNECT CO., LTD.
Personal Information Protection Manager:
TEL:03-6424-8631
E-mail : security@sanancorp.com
【認定個人情報保護団体の名称及び苦情の解決の申出先】
※個人情報の取り扱いに関する苦情のみを受け付けています。
一般財団法人日本情報経済社会推進協会
認定個人情報保護団体事務局
〒106-0032 東京都港区六本木一丁目9番9号 六本木ファーストビル内
03-5860-7565 / 0120-700-779