Basic Policy on Handling of Personal Data

JR East Design Corporation (representative: Shinji Ariyama) (hereinafter referred to as ‘we’, ‘us’ and ‘our’) has established a self-management system to comply with laws, regulations and other norms regarding the protection of personal information (defined as any information relating to an identified or identifiable natural person) of our customers, business partners, employees and others who use personal information in the course of their work (hereinafter referred to as ‘Personal Data’). This Policy is our top-level policy for the protection of Personal Data and we will ensure that various measures are implemented in accordance with this Policy.

Handling of Personal Data

  • 1.We manage Personal Data, appropriately and strictly, and take thorough security measures to prevent information leakage, loss, unauthorised access, destruction and falsification.
  • 2.We comply with all laws, regulations and other norms relating to the protection of Personal Data.
  • 3.We respond appropriately to inquiries about Personal Data and data protection.
  • 4.We collect Personal Data appropriately and does not provide it to third parties without the prior consent of the individual, except in the cases described in "5. Scope of disclosure of Personal Data".
  • 5.We will ensure that all directors, employees and relevant persons are aware of the above, and will implement, improve and maintain them.

1. Collection of Personal Data

We collect Personal Data by proper and lawful means.

2. Scope of Personal Date we collected

We collect the following Personal Data from you who are located (or reside) outside Japan for the purposes of business operations and service provision.
If you do not provide Personal Data that are necessary for each operation and service, the business and service may not be able to be provided.

(1) Customer information for our business operations and service provision

  • a)Personal Data related to our business operations
    • We collect your name, telephone number, e-mail address, company name, company address, and title/position.
  • b)Personal Data related to inquiries to us
    • We collect your name, address, age, occupation, telephone number, e-mail address, and other information if necessary.
  • c)Personal Data related to the provision of our service information and other business activity information
    • We collect your name and e-mail address.
  • d)Personal Data related to the collection of customer feedback
    • We collect your name, address, age, occupation, telephone number, e-mail address, and other information if necessary.

(2) Business contact information we collect when attending events or meetings

  • a)Personal Data related to exchanged business cards
    • We collect your name, telephone number, e-mail address, company name, company address, and title/position as business contact information.
  • b)Personal Data collected for sending seasonal greetings and greeting letters
    • We collect your business contact information which includes your name, telephone number, e-mail address, company name and address (including company address).
  • c)Personal Data related to attendee lists
    • We collect your personal data (your name, affiliation, and title/position) provided on attendee lists at international conferences.
  • d)Personal Data used for meetings and invitations
    • We collect your name, background information, career information, and photograph when we meet you or invite you to visit us.
  • e)Minimum required personal data of our business partners

(3) Recruitment

  • a)Personal Data of potential employees
    • We collect your name, contact details, employment history, skills such as languages, etc. and any necessary information for recruitment as recruitment information.

(4) Management of employees

  • a)Personal Data necessary for the management of our employees
    • For employee management purposes, we collect necessary information such as your name, address (including place of residence and country of residence), telephone number, birthdate, gender, family name, family employment information, health status, contact details, background information (including highest level of education), employment history, language skills, etc).
    • For employee management purposes, we collect information (your name, address, telephone number, and e-mail address) included on our name list and in our contact network.
    • For administrative purposes related to our employees, we collect your passport number, visa number, social security number, and bank account information.

(5) Personal Data we automatically collect when you access our website

  • a)Personal Data related to the use of our website
    • We collect cookies, internet domain names, IP addresses, access status, and other information in the form of access logs. A cookie is a technology that allows sites to store information in the browser of your computer, etc. and the information can be retrieved later. There are some contents using cookies in our website. It is possible to disable cookies in your browser settings at any time, but please notice that in this case there may be some contents which cannot function properly or be shown correctly. We, however, does not use cookies to collect any information that allows it to identify individual users. The browser can be set so that the functions of cookies are nullified. Nullifying the functions of cookies does not affect the ability to use this website. For more information about cookies, please visit our Cookie Policy.
    • This website uses Google Analytics to assess site usage. Google Analytics collects information about users by means of cookies. For the Google Analytics terms of service and privacy policy, see the Google Analytics website. We bear no responsibility for any damage resulting from use of the Google Analytics service.

3. Purpose of use of Personal Data

(1) Customer information for our business operations and service provision

  • a)To conclude and fulfil contracts, including the provision of products and services (including those for which we have been entrusted by third parties with sales and management operations, etc. The same applies below), to manage the contracts and to implement after-sales services for the products and services provided
  • b)To contact you as necessary for the provision of products and services
  • c)To provide information on products and services and other information on our business activities
  • d)To conclude and fulfil contracts with business partners and to carry out post-contract management
  • e)To receive and respond to customer enquiries and opinions

(2) Business contact information we collect when attending events or meetings

  • a)To exchange business card etc
  • b)To provide information on our services/products and other information related to our business activities
  • c)To prepare attendee lists distributed at meetings
  • d)To hold meeting and invitations
  • e)To conduct the negotiation, conclusion and performance of a contract with business partners, and the management of a contract

(3) Recruitment

  • a)To provide recruitment-related information and to perform tasks related to recruitment

(4) Management of employees

  • a)To manage employment (including secondments and transfers)
  • b)To conduct operations relating to the payment of salaries and other benefits
  • c)To conduct operations relating to welfare and other benefits
  • d)To conduct operations related to health care and other matters
  • e)To conduct various post-retirement procedures
  • f)To conduct various procedures and communications required by law
  • g)To conduct other procedures and communications necessary in the course of business

(5) Personal Data we automatically collect when you access our website

  • a)To conduct the market research on our business, or other researches or surveys
  • b)To conduct a business analysis
  • c)To ensure the security of customers and employees
  • d)To maintain and manage the facilities, equipment and machinery and their use
  • e)To examine and develop new products and services and the software, systems, facilities and equipment that provide them

4. Legal basis

The legal basis for processing your Personal Data is as follows:

  • a)When the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract
  • b)When the processing is necessary for compliance with a legal obligation to which we are subject (e.g. when following the information disclosure orders from government/court based upon laws and regulation announced by government agencies/courts)
  • c)When the processing is necessary in order to protect the vital interests of yours or of another individual
  • d)When the processing is necessary for the purpose of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your privacy related rights, interests, and freedom. The legitimate interests pursued by us or a third party are as follows:
    • -Customer satisfaction improvement;
    • -Service improvement;
    • -Direct Marketing;
    • -Illegal act prevention;
    • -Regular communication with business partners and others;
    • -Protection of assets (security) of our customers and our company; and
    • -Safety of our employees.

5. Scope of disclosure of Personal Data

In order to run each business and service, we share/provide your Personal Data with our group companies and external partners. We also share/provide the Personal Data of employees with public organizations in order to comply with laws and regulations. Our group companies and external partners with whom we share Personal Data are as follows.

(1) Customer information for our business operations and service provision

  • -our group company (located in Japan)
  • -subcontractors and third parties who have made proper contract with us (located in Japan)

(2) Management of employees

  • -public organizations (located in Japan)

(3) Personal data we automatically collect when you access our website

  • -Google, LCC

6. Transfers of Personal Data outside the EEA or the UK

Your Personal Data may be transferred to, and stored by, a third party outside the EEA or the UK. Where we transfer your Personal Data to a third party outside the EEA or the UK, we will ensure that:

  • a)the recipient destination has been subject to a finding from the European Commission or has been designated by the government of the UK as ensuring an adequate level of protection for the rights and freedoms that you possess in respect of your Personal Data; or
  • b)the recipient enters into standard data protection clauses that have been approved by the European Commission, or other contracts for the transfer of Personal Data as required by data protection laws, with us.

7. Storage Period for Personal Data

We will retain your Personal Data that we collect for the period necessary to process such Personal Data. However, this doesn’t apply if we are required by law to retain your Personal Data for a longer period of time, in which case, we will retain it for the period required by law.

8. Security Control Measures of Personal Data

We implement the following items and other measures to ensure the safe management of Personal Data. The followings are examples only and the specific measures for security management to be implemented may vary depending on each Personal Data.

  • a)Establishment of basic policy
    We have established and publicly announced its "Basic Policy on the Handling of Personal Information" for the proper handling of Personal Data.
  • b)Establishment of regulations regarding the handling of Personal Data etc.
    We establish internal rules for the handling of Personal Data for the purpose of appropriate acquisition, storage, use, and management.
  • c)Organizational safety control measures
    We appoint a person responsible for the handling of Personal Data, clarify the employees who handle Personal Data, and establish a system for contacting the person responsible in the event of an accident such as the leakage of Personal Data (including cases where signs are detected).
  • d)Security control measures by human factors
    We regularly educate and train our employees on matters to keep in mind regarding the handling of Personal Data, and include matters relating to the confidentiality regarding Personal Data in our internal regulations.
  • e)Security management measures by physical factors
    When disposing of or deleting Personal Data, we use methods that are difficult to restore, such as cutting, dissolving or physical destruction.
  • f)Security management measures by technical factors
    When storing or transferring Personal Data outside us, we take the necessary measures to prevent leakage, such as encryption and setting passwords.
  • g)Understanding of the external environment
    We will take the necessary and appropriate measures to ensure that Personal Data is managed safely and securely, based on an understanding of the systems for the protection of Personal Data in the foreign country where the Personal Data is stored.
  • h)Supervision of employee
    We conduct an audit at least once a year to ascertain the status of the handling of Personal Data by employees, to ensure that it is being operated in accordance with the law and our internal regulations, and to promptly make improvements if there are any problems.
  • i)Supervision of contractors
    We conduct audits at least once a year to ascertain the status of the handling of Personal Data by contractors, to ensure that they are operating in accordance with the contract, laws and regulations, etc, and takes the necessary measures if there are any problems.

9. Your Rights

You have a number of legal rights in relation to the Personal Data that we hold about you. These rights may vary depending on where you are located and which data protection laws apply to the relationship between you and us, but typically will include the following:

  • a)Right to obtain information regarding the processing of the relevant Personal Data and to access the relevant Personal Data that we hold;
  • b)Right to request rectification of the relevant Personal Data if it is inaccurate or incomplete;
  • c)Right to request erasure of the relevant Personal Data in certain circumstances;
  • d)Right to request that we restrict our processing of the relevant Personal Data in certain circumstances;
  • e)Right to object to our processing of the relevant Personal Data;
  • f)Right to receive the relevant Personal Data in a structured, commonly used, and machine-readable format and/or to request that we directly transmit such Personal Data to a recipient where this is technically feasible; and
  • g)Right to withdraw your consent to our processing of the relevant Personal Data at any time (the withdrawal does not affect the lawfulness of processing of Personal Data based on consent before its withdrawal).

You may exercise any of your rights by contacting us, using the information about us indicated in Section 10 below. You also may lodge a complaint with the data protection authority if you believe that any of your rights have been infringed by us.

10. Contact details for Personal Data

For any queries regarding the handling of Personal Data obtained by us, contact the 'Personal Data Reception Desk' by email or mail. Note that we will not respond to any enquiries other than by these methods (including if you visit us in person).

[Personal Data Reception Desk]
This contact point is dedicated to enquiries about the handling of Personal Data. Enquiries other than about personal information cannot be accepted.

○email
Click here to email us with enquiries about Personal Data.
privacy-info@jred.co.jp

○mail
14F, JR Minami Shinjuku Building, 2-1-5 Yoyogi, Shibuyaku, Tokyo 151-0053, Japan
JR East Design Corporation (JRED)
Personal Data Reception Desk