Privacy Protection Policies

As the responsibility of a corporation that provides system development, advertisement-related business to support promotion, and IT-based services including consulting, environment fields and project promotion, IntaSect declares to act, maintain, and abide by the following privacy protection policies.

1. IntaSect respects and abides by any government regulations and policies regarding the use of personal information for every type of work that involves the handling of personal information. IntaSect also has established a privacy protection management system that follows JISQ15001 (the privacy protection management system regulations of the Japanese Industrial Standards) in order to protect personal information.
2. IntaSect analyzes a risk to prevent the damage to the owner of the information by the acquisition of the inappropriate personal information or the misuse and designs the appropriate measures based on the result.
3. When IntaSect perform the acquisition, the use, trust of the personal information of the customers, we allow a customer to choose the methods.
4. When obtaining or using personal information, IntaSect will clearly identify the purpose behind the utilization and will not use the information any more than necessary. In order for employees to not use personal information any more than is necessary, IntaSect will lecture employees about appropriate handling and managing methods.
5. IntaSect will not distribute personal information to third parties unless the owner of the information grants permission or if the specific usage abides by the law.
6. If IntaSect receives any complaints or concerns about privacy handling, IntaSect will swiftly investigate related matters and respond within a reasonable time period.
7. In order to appropriately manage obtained personal information, IntaSect will lecture employees about organizational, individual, physical, and technical safety measures and will strive to prevent any loss, damage, and leaking of personal information.
8. Based on social and environmental changes, IntaSect will periodically review and revise the privacy protection management system to improve personal information handling within the company.

Enactment date：December 1st, 2007
Last modified date：December 14th, 2016
IntaSect Communications, Inc.
CEO Yufeng Tan

Announcement Concerning Personal Information

IntaSect Communications, Inc.
BM Building 3-1 Kanda Ogawamachi, Chiyoda-ku, Tokyo
CEO Yufeng Tan
Chief Privacy Officer, Business Management Headquarters,
Risk Management Office Manager

1. Purpose of use of personal information
   

   We will use personal information for the following operations and to the extent necessary for the achievement of the purpose of use.

   (1) Details of the operations
   a. Operations related to the system development and services for providing customer-oriented solutions
   b. Operations related to advertisements for supporting promotion
   c. Operations related to the manufacture and sales of environmental devices
   d. Operations related to planning and consulting for management and business administration

   (2) Purpose of use
   <1. Information provided by clients>
   Information provided by clients as part of the contract services
   a. Storage and use (including information processing) of personal information based on the service contract (in compliance with the client’s purpose of use)
   b. Responding to maintenance and troubleshooting after system development
   Information provided at the time of signing a contract with the client for the purpose of providing our services to the client
   a. Maintenance work of the system in which a personal information database exists
   <2. Information provided an individual>
   Information acquired at the time of signing a contract with an individual person for the provision of our services or for purchase or use of products*
   ・Social media management service
   a. Opening the official account
   ・System operation service
   a. Responding to maintenance and troubleshooting after system development
   ・Provision of various services
   a. Provision of the service
   b. Provision to the payment settlement company based on the contract
   ・EC service
   a. Product shipment
   ・Advertising related service
   a. Screening conducted by the advertiser
   Information concerning inquiries*
   a. Response to inquiries
   b. Maintenance and improvement of quality when handling telephone calls (The conversations may be recorded.)
   Information about visitors to the company*
   a. Management of the visit records
   b. Ensuring the company’s security
   Information about participants and visitors to events and seminars*
   a. Response to inquiries
   b. Business reports to municipalities to which we provide support
   Client information*
   a. Contract management
   b. Member store management
   Personal information about employees, job applicants and retirees*
   a. Screening for hiring employees
   b. Management of the benefits plan and employment of employees
   c. Providing information and communicating with retirees
   d. Expansion of video streaming service
   Personal information about shareholders*
   a. Exercise of rights or execution of duties based on the Companies Act
   b. Provision of benefits from our company in relation to the status as a shareholder
   c. Implementation of measures to facilitate the relationship between both the company and shareholders from the perspective of a corporation and its constituents
   d. Management of shareholders, such as creating shareholder data based on the designated standards set forth in the laws and regulations
   Specific personal information about the employees, employee candidates undergoing hiring activities, external experts, shareholders, and others*
   a. When we submit the individual number of employees, employee candidates undergoing hiring activities, external experts, shareholders, and others to the administrative agency and health insurance association based on the laws and regulations in relation to the documents, such as income withholding records, payment records, and written notices of acquisition of the health insurance qualification and employment insurance qualification
   (*) Indicates personal data in our possession.

2. Measures implemented for security control
   

   We will comply with the related laws, regulations, and guidelines, and for the security control of personal data, including prevention of leaks, loss, or damage to the personal data handled, implement the necessary and appropriate measures (hereinafter referred to as “Security Control Measures”) as follows.

   (1) Formulate a basic policy
   We have formulated the Privacy Policy (at the top of this page) as a basic policy for securing gthe appropriate handling of personal data.

   (2) Establish rules for the handling of personal data
   We have formulated internal rules setting forth the method of handling personal data, as well as the person responsible and the person in charge and their roles.

   (3) Organizational security control measures
   We have appointed the Chief Privacy Officer as the person responsible for the handling of personal information in the company’s organizational structure, and we have established a personal information protection management system and are implementing governance for personal information protection within the company. Also, we have established a structure ensuring employee (including contract and temporary employees) compliance with internal rules concerning the security control measures and for reporting or notifying the Chief Privacy Officer and other responsible persons when a fact or sign that an employee is in violation of a law or internal rules is found. In addition, when contracting operations involving the handling of personal information, we will implement strict supervision of the contractor and monitor the contractor to ensure the security control measures concerning personal information are strictly maintained.

   (4) Human security control measures
   We regularly provide employees with education and training on the appropriate handling of personal information.

   (5) Physical and technical security control measures
   We control employee and third party access to areas in which personal data is handled and, at the same time, have implemented theft prevention measures, such as locking the documents, media, and devices containing personal information. In addition, we control access to the personal information and the information systems in which personal data is handled, implement measures against computer viruses and unauthorized software, and monitor the information systems.
   Example: Prohibit saving personal data in a location other than the specified storage location, apply a high-level policy for authorization passwords, and acquire and analyze the personal data handling history

   (6) Grasp the external environment
   We contract with our group companies located in the People’s Republic of China for part or all of the handling of personal data. We implement security control measures based on an understanding of personal information protection system in the country. For an overview of the personal information protection system in the People’s Republic of China, please refer to the results of the Research on the systems concerning the protection of personal information in foreign countries published by the Personal Information Protection Commission (https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/#gaikoku).
   The contractor accesses and handles personal data stored in servers located in Japan that are managed by a cloud service provider based in Japan or the United States.

3. Voluntary provision of personal information
   

   The provision of personal information is voluntary.
   However, if you do not provide us with the information deemed necessary, we may not be able to provide the services set forth in the purpose of use.

4. Personal information acquired across national borders
   

   We acquire personal information across national borders as follows.
   a. We acquire personal information about campaign participants from our client companies in the SNS agent service.
   b. We acquire product shipment address, which is personal information, from the purchaser or our client companies in the Internet sales service.
   c. We acquire personal information about persons coming on loan to our company from our group companies to which such persons belong as part of the visa application service.
   d. We acquire reservation information from foreign travelers in the hotel reservation service targeting foreign travelers.
   e. We acquire membership registration information from our client companies in the membership card app operation service.
   f. We acquire product reservation information from our client companies in the product reservation app service.
   g. We acquire ticket purchaser information from our client companies in the ticket purchase app service.
   h. We acquire personal information about campaign participants from our client companies in the customer solicitation support service on the travel information website.
   We comply with the principles of the APEC Privacy Framework when handling cross-border personal information.

5. Details of the measures implemented for anonymously processed information
   

   We do not create nor provide to a third party anonymously processed information.

   We will implement the following measures for anonymously processed information received from our outsourcers.
   

   1. Security control measures for anonymously processed information
   We will implement appropriate security control measures based on the risks in each phase of handling anonymously processed information, including access controls based on identification and authentication measures, to make it obvious that the information is anonymously processed information.

   2. Measures to ensure appropriate handling of anonymously processed information
   We will establish an internal framework for responding to consultations concerning the handling of anonymously processed information, thoroughly disseminate the rules for using such information and prohibit the identification of the individual to the persons who handle the information, and appropriately handle anonymously processed information.

   For consultations concerning anonymously processed information, please contact the following complaint and consultation desk.

6. Procedure for disclosure and correction
   

   We accept requests from the principal for disclosure of the personal information we possess or records of third party provision, notification of the purpose of use, correction, suspension of use, and suspension of third party provision (hereinafter referred to as “Disclosure Request”).

   (1) Where to file a Disclosure Request
   a. Complaint and consultation desk
   b. When filing a request by postal mail, please mail the designated request form and required documents to the following address.

   8F Himeji Shirasagi Building, 3-12 Higashinobusue, Himeji-shi, Hyogo Prefecture 670 -0965
   Intasect Communications, Inc.
   Personal information protection complaint and consultation desk

   (2) Documents to submit
   a. Request form
   ・Request for personal information disclosure
   b. Identification verification document (copy of the driver’s license or passport)
   c. In the case of a legal representative, in addition to b above, a document that can be used to confirm the authority as legal representative
   d. In the case of a nonlegal representative, in addition to b above, the proxy form designated by the company and the principal’s certificate of seal impression
   ・Proxy form
   *If the document to be submitted contains the insurer’s number and insured person symbol and number stated on the health insurance card or other special-care required personal information, please black out such information before submitting. If such information is not blacked out when submitted, we will not acquire such information by blacking it out.

   (3) Fees
   Please note in advance that, 2,000 yen will be charged as the fee per request for disclosure and notification of the purpose of use. When filing a request by postal mail, the fee shall be paid by bank transfer or other method.

   For the specific procedure for requesting a disclosure, please contact the point of contact indicated below.

7. Consultations and complaints concerning the handling of personal information
   

   For consultations and complaints concerning our handling of personal information, please contact the following.

Direct inquiries concerning the handling of personal information
Intasect Communications, Inc. Complaint and consultation desk
Telephone: 079-225-8886 (Open from 9:00 a.m. to 5:00 p.m. on Monday to Friday)
Email: pms2009@ml.intasect.co.jp

We are a member of the following authorized personal information protection organization that is certified under the law. The organization accepts complaints and consultations concerning our handling of personal information.

(Note) The organization does not accept inquiries concerning our products and services.

Name of the authorized personal information protection organization
JIPDEC

Point of contact for requesting complaint resolution
Personal information protection complaint and consultation office
Address: Roppongi First Building, 1-9-9 Roppongi, Minato-ku, Tokyo 106-0032
Telephone: 03-5860-7565, 0120-700-779

In addition, we have obtained CBPR certification through a CBPR certification audit conducted by JIPDEC. If you have any concerns about our handling of your transborder personal information, you may file a complaint with JIPDEC via the following link.

Point of contact for requesting complaint resolution
https://english.jipdec.or.jp/activities/cbpr/complaints.html

Joint use of member store information

The Japan Consumer Credit Association member store information exchange center jointly uses member store information as follows in accordance with the provisions of Article 27 (5) (iii) of the Personal Information Protection Act.

1. Member store information exchange system
   Japan Consumer Credit Association (hereinafter referred to as “Association”) is certified by the Minister of Economy, Trade and Industry in accordance with the provisions of Article 35-18 of the Installment Sales Act.
   The Association, as one of its certified operations, collects, organizes, and provides the information necessary for protecting the users’ (credit users’) interests through the member store information exchange center (hereinafter referred to as “JDM Center”).
2. Reporting and using the information collected from the member stores
   The member companies participating in the member store information exchange system (hereinafter referred to as “JDM Member(s)”) will collect and use the information set forth in each item of the 3.(2) “Details of information for joint use,” report to the JDM Center, and jointly use the information with JDM members for the purpose of member store screening when an application for member store agreement is made, as well as examining the member store after conclusion of the member store agreement and screening of member stores in relation to the measures to be implemented for member stores and continuation of transactions.
3. Joint use of member store information
   

   (1) Purpose of joint use
   In the member store information exchange system operated as a service of a certified installment sales association as set forth in the Installment Sales Act, we will report to the JDM Center information concerning acts by the member store that compromise protection of users (including suspected acts and acts that are difficult to determine whether or not they corresponds to such an act), information concerning the member store that is necessary for protecting the users, information about acts by a member store that will hinder the appropriate management of credit card numbers and prevention of wrongful use of credit card numbers (hereinafter referred to as “appropriate management of credit card numbers”), and information about the member store necessary for the appropriate management of credit card numbers. We will jointly use this information with the JDM members and thereby we aim to improve the precision of screening when a JDM member concludes a member store agreement and during the valid term of the agreement, promote the appropriate management of credit card numbers while eliminating malicious member stores, and contribute to the sound advancement of credit transactions and consumer protection.

   (2) Details of the information to be jointly used
   (i) Facts and reasons for the investigation necessary for handling a complaint concerning the member store in an intermediation of an individual credit purchase
   (ii) Facts and reasons for terminating a contract for intermediation of an individual credit purchase based on the grounds an act that compromises the protection of the user has been conducted in relation to the service concerning the intermediation of the individual credit purchase
   (iii) Facts and reasons for the investigation necessary to carry out appropriate management of credit card numbers by the member store under the contract for handling credit card numbers
   (iv) Facts and reasons for enacting measures against a member store when the measures for appropriate management of credit card numbers implemented by the member store do not or likely do not conform to the criteria set forth in the Installment Sales Act (including termination of the contract for handling credit card numbers) under the contract for handling credit card numbers
   (v) Information that is an objective fact concerning an act of causing unfair damage to a JDM member and user in relation to an act that corresponds (including an act that is likely to correspond or an act that cannot be determined whether or not it corresponds) to an act that compromises the protection of the user
   (vi) Notifications by users (not limited to those who have already signed a contract) to the JDM member and of the details thereof, the information that is determined to be an act that compromises the protection of the user (including information that is likely to correspond to the act or information that is difficult to determine whether or not such act is conducted)
   (vii) Information about an act that will hinder the management of credit card numbers conducted by the member store
   (viii) Information collected by the JDM Center concerning a fact announced by a government agency and the details thereof (such as information announced concerning a violation or possible violation of the Act on Specified Commercial Transactions)
   (ix) In addition to the above, information about an act that compromises the protection of the user
   (x) Name, address, telephone number, and date of birth of the member store concerning the above items (in the case of a corporation, name, address, telephone number, corporate number, as well as the name and date of birth of the representative); however, of the information in ⑥ above, concerning information that is difficult to determine whether or not the act was conducted, exclude the name and date of birth (in the case of a corporation, exclude the name and date of birth of the representative)

   (3) Retention period
   Information in (2) above will be retained for a period not exceeding five years from the registration date (for ③ and ⑦, registration date for the completion of the measures in ④ for the information or the termination of the contract).

4. Scope of joint users who jointly use the member store information
   Comprehensive credit purchase intermediaries, individual credit purchase intermediaries, entities concluding an agreement for handling credit card numbers that are a member of the Association and JDM member, and the JDM Center
   *JDM members are listed on the Association’s homepage.
   •Homepage https://www.j-credit.or.jp/
5. Point of contact concerning the system and disclosure procedure
   For inquiries concerning the member store information exchange system and disclosure procedure, please contact the member store information exchange center stated in 6 below.
6. Operation manager
   Japan Consumer Credit Association Member store information exchange center (JDM Center)
   Address: Sumisei Nihonbashi Koamicho Building, 14-1 Nihonbashi Koamicho, Chuo-ku, Tokyo 103-0016
   Executive Vice Chairman: Tetsuo Matsui
   Telephone number: 03-5643-0011 (Representative)

Handling of personal information on the website

1. About SSL
   Our website uses SSL encryption as necessary for the purpose of protecting your personal information.
   SSL encryption is a technology that enables your browser to automatically encrypt the personal information you input on our website, such as your name and email address, when sending and receiving information with our server so that even if the data is intercepted by a third party, the contents are unreadable.
   If using an SSL incompatible browser, you may be unable to access our website or input information.
2. About Cookies
   Our website may use Cookies to enhance the information and services provided and make the website more convenient to use. Our website will not use Cookies to obtain information that can be used to identify an individual unless prior consent is obtained from you.
   Cookies are a small data file written to your hard disk by the website when you visit our website that is used to identify the page you view. The information in the Cookies is exchanged between the website and your browser, but the website is not able to read Cookies written by other websites or other data contained on the hard disk.
   Cookies are used by many websites, but you can change the browser settings to reject the receipt of Cookies or display a notice in advance when visiting a website that uses Cookies.

Revised Apr 3, 2023