Yaegaki Biotechnology, Inc. (hereinafter referred to as “we” or “us”) treat the safe handling of personal information relating to our clients, business affiliates, employees etc. (hereinafter referred to as “clients etc.”) as a matter of the highest importance in our business operations and we constantly endeavor to fulfil our duties in protecting this personal information. Furthermore, we shall observe laws and regulations and other standards regarding protection of personal information and shall protect the information of clients etc. and demonstrate ourselves to be trustworthy through accurate and safe handling of personal information. We shall handle personal information as stated below, unless a particular provision is otherwise specified in laws and regulations or in our company regulations.
Handling of Personal Information
We shall clearly establish the purpose for which personal information is to be utilized within our business before obtaining the prior consent of clients etc. and shall handle the personal information within the scope necessary for the achievement of the purpose of utilization.
Acquisition of Personal Information
- 1. We shall acquire personal information by legal and fair means.
- 2. When acquiring personal information, regardless of whether the information is acquired directly or indirectly, we shall notify the purpose of utilization to, and obtain consent of, the clients etc.
Management of Personal Information
- 1. We shall maintain personal data so that it is accurate and up to date.
- 2. We shall take the necessary and appropriate measures, including the following, for the prevention of unauthorized access, leakage, loss, or damage, and for other security control of the personal data;
- 1. We shall clearly establish the responsibilities and authorities of employees for security control of personal data and establish, apply, and monitor the implementation status of provisions and procedures for security control of the personal data.
- 2. We shall ensure our employees execute a non-disclosure agreement for personal data that is designated as confidential and shall put in place education and training for employees regarding security control of personal data.
- 3. We shall take measures for the control of access to areas where personal data is held and for the prevention of theft of personal data.
- 4. We shall take technical measures for security control of personal data, including control of access to the personal data and information systems handling the personal data, shall take countermeasures against malicious software, and take measures for surveillance of information systems.
Provision of Personal Information to a Third Party
We shall not provide personal information to a third party without obtaining the prior consent of the clients etc.
Rights of Clients Etc. Concerning Personal Information
- 1. With respect to retained personal data, we shall publicly announce matters, such as the purpose of utilization of the retained personal data, specified in laws and regulations and in our company regulations.
- 2. When we are requested by clients etc. to disclose retained personal data, we shall disclose the retained personal data to the clients etc. without delay.
- 3. When we are requested by clients etc. to correct, add, or delete content of retained personal data, we shall make necessary investigations without delay and, on the basis of the results, correct, add, or delete the content of the retained personal data.
- 4. When we are requested by clients etc. to discontinue using or erase retained personal data, we shall discontinue using or erase the retained personal data without delay.
- 5. When we are requested by clients etc. to discontinue providing retained personal data to a third party, we shall discontinue providing the retained personal data to the third party without delay.
Prohibition of Acquisition of Specific Sensitive Personal Information
We shall not acquire, use, or provide personal data containing the following content; however, this provision shall not apply in cases in which we have obtained explicit consent from the clients etc., cases in which a particular provision is otherwise specified in laws and regulations, or in cases in which the personal data is essential for judicial proceedings;
- 1. Information relating to ideology, belief, and religion
- 2. Information relating to race, ethnic group, family origin, registered domicile (excluding information regarding the prefecture where the registered domicile exists), physical and mental disorders, criminal records, and other matters which may lead to social discrimination
- 3. Information relating to the right of workers to organize and other matters concerning acts of collective bargaining and action
- 4. Information relating to participation in mass demonstration, the exercise of the right of petition, and other matters concerning the exercise of political rights
- 5. Information relating to health care and sexual life
Joint Use and Entrustment of Personal Information
- 1. When we entrust an individual or a business entity with the handling of personal data in whole or in part within the scope necessary for the achievement of the purpose of utilization, we shall make investigations to ensure that the entrusted party complies with standards established by us, shall execute a contract with the entrusted party, and shall take necessary legal measures.
- 2. When we use personal data jointly with specific entrusted individuals or business entities, we shall, in advance, notify the clients etc. of the following matters;
- 1. The fact that personal data shall be used jointly
- 2. The items of personal data to be used jointly
- 3. The scope of the joint users
- 4. The purpose for which the personal data is to be used by the joint users
- 5. The name of the entrusted individual or business entity to be responsible for the management of the personal data