AIMS Inc. (hereinafter referred to as “AIMS”) recognizes the importance of personal information, and in order to thoroughly protect personal information, AIMS shall comply with the Act on the Protection of Personal Information, the Act on the Use, etc. of Numbers to Identify Specific Individuals in Administrative Procedures, guidelines regarding the Act on the Protection of Personal Information (general rules, anonymous processed information, obligation to confirm and record information when providing to third parties, (General Rules, Anonymous Processed Information, Obligation to Confirm and Record Information when Providing Personal Information to a Third Party, and Providing Personal Information to a Third Party in a Foreign Country), and other laws, regulations, and guidelines related to our business.
１ Acquisition of Personal Information
The Company handles the following information (1) through (6) obtained through legal and fair means. Although some information may not fall under the category of personal information, we shall give due consideration to the handling of customer information.
- Information obtained from customers in writing (e.g., application forms), on the Web or other screens, or orally, etc., in order for us to provide our services. In addition, when we respond to customers by telephone, we may record the call in order to confirm the content of the inquiry and improve our services.
- Information obtained through inquiries to public institutions, such as residence records
- Information obtained from various publicly available sources such as telephone directory, official gazettes, etc.
- Information obtained from credit bureaus.
- Other information lawfully obtained from third parties, such as customer referrals.
In addition, when we provide application software (hereinafter referred to as “Application”), we will publish clear and appropriate regulations for each Application regarding the acquisition of personal information for that Application. In addition, when we provide application software (“Applications”), we will publish clear and appropriate regulations for each Application regarding the collection of personal information in the relevant Application.
When acquiring information that is required by law as personal information requiring special consideration, we will acquire such information only with the consent of the customer.
With regard to personal numbers (My Number) and specific personal information based on the Law Concerning the Use of Personal Numbers to Identify Specific Individuals in Administrative Procedures, we will collect and use such information only within the scope of the purposes of use stipulated in this Law.
２ Use of Personal Information
(1) Purpose of Use
We will handle customers’ personal information appropriately within the scope of the purposes specified in the following items.
- To screen registrations for use of our services
- To provide our services and to confirm the identity of the customer
- To bill and settle usage fees for our services
- To provide information on our services and to respond to inquiries, etc.
- To notify you of changes to the Terms of Service or this Policy, suspension or discontinuation of our services, cancellation of contracts, and other important notices regarding our services
- To distribute advertisements regarding our or third parties’ products and services
- To maintain and improve our services and to consider new services, etc.
- To survey and analyze the usage of our services
(2) Scope of Use
Personal data held by the Company may be used within the scope necessary to achieve the purposes of use of the respective services and operations, and may also be used mutually, except in the following cases. In addition, the Company may also use the contents of the services and other information of its affiliates and business partners.
- When the customer has given consent
- When required by law
- When it is necessary for the protection of the life, body, or property of an individual and it is difficult to obtain the consent of the customer
- When it is especially necessary to improve public health or to promote the sound growth of children and it is difficult to obtain the customer’s consent
- When it is necessary to cooperate with a national agency, a local government, or an individual or entity entrusted by either a national agency or local government to perform duties as prescribed by law, and obtaining the customer’s consent may impede the performance of those duties.
(3) Change of purpose of use
The Company may change the purpose of use if it is reasonably deemed to be relevant to the purpose of use before the change. In the event that the purpose of use is changed, the Company will notify the individual of the changed purpose of use or publicly announce it on the Company’s website or through other means.
(4) Erasure of personal data
When the purpose of use has been achieved, or when the purpose of use has not been achieved but the business itself, which is the premise for the purpose of use, has been terminated, etc., we will delete the relevant personal data without delay. Please note that we may use personal data within the scope of the purpose of use even after various contracts with customers have been terminated.
３ Handling of Anonymous Processed Information
- When creating anonymized processed information, we will take necessary measures to ensure that the identification of specific individuals and the personal information used in such work cannot be recovered.
- In addition, when using anonymized processed information by itself, it will not be matched with other information for the purpose of identifying (re-identifying) the individual to whom the original personal information pertains.
- When we create anonymized processed information, we will publicly disclose items related to individuals contained in such anonymized processed information as required by law.
- When providing anonymized processed information created by our company to a third party, we will, in accordance with the provisions of the law, publicly announce the items of information concerning individuals included in the anonymized processed information to be provided to the third party and the method of providing such information, and clearly indicate to the third party that the information to be provided is anonymized processed information. (2) The Company shall not provide anonymized processed information to any third party.
４ Restrictions on Provision to Third Parties
We will not provide personal information to third parties without prior consent of the customer, except in the following cases
- When required by law
- When it is necessary for the protection of a person’s life, body, or property and it is difficult to obtain the customer’s consent
- When it is especially necessary to improve public health or promote the sound growth of children and it is difficult to obtain the customer’s consent
- When it is necessary to cooperate with a national agency, a local government, or an individual or entity entrusted by either a national agency or local government to execute affairs prescribed by law, and obtaining the customer’s consent is likely to impede the execution of such affairs.
- When the following items are notified or announced in advance
- The purpose of use must include provision to a third party
- Data items to be provided to third parties
- Means or method of provision to third parties
- Cessation of provision of personal information to third parties at the request of the customer
５ Provision to third parties located in foreign countries
When providing personal data to a third party located in a foreign country, we will take necessary measures, such as obtaining consent, in accordance with applicable laws and regulations.
６ Management of personal information
We will take necessary and appropriate measures to manage access to personal information, limit the means of taking personal information out of the Company, prevent unauthorized access from outside the Company, prevent leakage, loss, or damage of personal information, and otherwise safely manage personal information (hereinafter referred to as “safety management measures”). The Company will take all necessary and appropriate measures to prevent unauthorized access to personal information.
(1) Technical safeguards
- Control access to personal information, i.e., limiting access privileges (including measures such as immediately disabling the accounts of employees who have transferred or retired), monitoring access (e.g., long-term storage of access logs), periodic password changes, access control, etc. (e.g., by limiting access privileges (including measures such as immediately deactivating the accounts of employees who have been transferred or retired), monitoring access (e.g., long-term storage of access logs), periodic password changes, access control, etc.).
- Restrictions on procedures for taking personal information out of the company (e.g., prohibition of recklessly recording personal information on external storage media, monitoring of e-mails between the company and outside the company in accordance with internal rules, etc.).
- Measures to prevent unauthorized access from outside (e.g., firewall measures, etc.) will be implemented.
(2) Organizational safeguard
A) Monitoring of employees (including temporary employees and outsourced workers)
- We appoint an “Information Security Officer” as the person in charge of personal information management, and clearly define the responsibilities and authority of employees regarding the safe management of personal information.
- The Company shall establish internal rules and manuals for safety management, ensure that all employees comply with such rules and manuals, and conduct appropriate audits of the status of compliance with such rules and manuals.
- Provide employees with education and training on the security management of personal information.
B) Supervision of subcontractors
We may outsource all or part of the handling of personal information. In such cases, we will select a company that is deemed to handle personal information properly, and will properly stipulate in the consignment contract security control measures, confidentiality, conditions for re-consignment, return of personal information at the end of the consignment contract, and other matters related to the handling of personal information, and will conduct necessary and appropriate supervision.
When we receive a request for disclosure of such personal data from the customer or his/her representative, we will respond without delay, except in the following cases.
- If there is a risk of harm to the life, body, property, or other rights or interests of the customer or a third party
- If there is a risk of significant hindrance to the proper execution of our business
- If it would violate laws and regulations.
- For inquiries regarding requests for disclosure of personal data, please contact the following.
「AIMS Inc. Personal Data Disclosure Consultation Desk」
#9F, 1-23-8, Kandanishikicho, Chiyoda-ku, Tokyo, 101-0054, Japan
(9:00-17:00 except Saturdays, Sundays, national holidays, and year-end and New Year holidays)
８ Other Receptions Regarding Personal Data
(1) Correction, etc. of personal data (correction, addition or deletion, or cessation of use or cessation of provision to third parties)
When we receive a request from a customer or his/her representative to correct his/her personal data, we will investigate without delay. As a result, if the Company finds that the content of the relevant personal data is not true, the retention period has passed, or the handling of the personal data is not appropriate, the Company will make corrections, etc. without delay.
Requests for correction, etc. of personal data should be directed to the “AIMS Inc. Personal Data Disclosure Desk” in 6.
(2) Notification of Purpose of Use
When we receive a request for notification of the purpose of use from the customer or a third party, we will notify the customer without delay, except in the following cases.
- When the purpose of use of personal information that identifies the person concerned is clear
- When there is a risk of harm to the life, body, property, or other rights or interests of the person concerned or a third party
- If there is a risk of harm to the rights or legitimate interests of the Company
- When it is necessary to cooperate with a national agency or local public body in the execution of its legally prescribed duties, and there is a risk of interfering with the execution of such duties.
Requests for notification of the purpose of use should be made to the “AIMS Inc. Personal Data Disclosure Consultation Desk” as described in 6.
(3) Complaints about the handling of personal data
We will handle complaints regarding the use, provision, disclosure, or correction of personal data and other complaints regarding the handling of personal data appropriately and promptly.
Please request complaints to the “AIMS Inc. Personal Data Disclosure Desk” as described in 6. Please note that in all cases, we do not accept any requests made in person at our office.