In accordance with the law, SOOTH Inc. (“the Company”) properly handles all the personal information it acquires, or with which it is entrusted or provided, through its business operations. Furthermore, to ensure that this is the case, the Company shall implement a personal information protection management system for all its executives and employees.
The Company shall clarify the managers responsible for personal information protection and its protection management structure. In the course of protection management, the Company shall comply with all laws and regulations related to the handling of personal information and adhere to the guidelines and other norms stipulated by the Japanese government and to all contracts into which it enters.
When acquiring or using personal information while conducting business, the Company shall clarify the purpose and scope of that use and use all personal information, within the scope of its purpose, in legal and fair ways. The Company shall also take appropriate measures to prevent the use of personal information beyond its purpose. In the event that the Company provides or entrusts information to third parties, it shall explain to the individual to whom the information pertains the purpose of this provision or entrustment, the receiver of said information, and any other relevant information.
In the event that the Company receives a request for information disclosure from the person to whom the information pertains, the Company shall promptly disclose said information after confirming the identity of the person. In the event that the information is incorrect, the Company shall promptly correct it.
The Company shall create the appropriate information systems, protection management structures, and other policies to prevent and correct leaks, and to prevent the destruction or defamation of personal information through illegitimate access.
In the event that the Company entrusts the processing of personal information to an outside entity, it shall select this entity in accordance with Company rules and practice appropriate supervision.
In the event that an information leak or other problem arises, the Company shall immediately assess the situation and provide an appropriate response. Contact the Company via e-mail (email@example.com) with any inquiries or complaints.
The Company shall continually monitor its compliance with these policies. To conform to any changes outside the Company, it will appropriately review these policies and make any necessary improvements.
Enactment date: February 1, 2018
Presidents: Yasutoshi Nukada
The Company shall handle the personal information of its clients, business partners, and employees to the extent that is necessary for communicating business-related matters and for achieving the purposes listed below, and the Company shall not handle said personal information for any other reason. When handling personal information beyond the extent required for achieving the purpose of its use, the Company shall receive consent from the individual to whom the information pertains, except in the case outlined in Article 16, Paragraph 3 of the Personal Information Protection Law.
The Company shall not provide or disclose personal information to third parties, except when it has the consent of the individual to whom the information pertains or in the following situations:
In the event that the Company entrusts personal information to others, the Company shall independently evaluate the other parties and select operators that the Company deems to have sufficient levels of personal information protection. Moreover, the Company shall continually evaluate and supervise the parties to which personal information has been entrusted.
The Company may jointly use personal information with its business partners or other parties to the extent needed to conduct its business.
When handling personal information, the Company shall assign personal information protection management and appropriately protect and manage personal information.
The Company shall appropriately respond when asked to disclose or otherwise process* its clients' personal information that is subject to disclosure in accordance with the Personal Information Protection Law.
* “Asked to disclose or otherwise process” refers to requests to report, disclose, correct, or append the purpose of using personal information subject to disclosure; requests to delete, stop using, and erase said information; and requests to stop providing said information to third parties.