Privacy Policy

Privacy Protection Policy

i³ Systems, Inc. stipulated its basic policy regarding the protection of personal information in the form of our "Personal Data Protection Policy" on July 1st, 2011. The details of this policy are further stipulated by our "Rules for the Treatment of Personal Data"....

more

July 1, 2011
i³ Systems, Inc.
President/CEO Tsutomu Sasaki

As a software platform vendor developing and providing services based on information technology, i³ Systems, Inc. (herein referred to as "the Company") recognizes that personal information is an invaluable asset to every individual. The Company has instituted a Personal Information Protection and Management System that it strives to continually improve in order to appropriately collect, use, and provide personal information, comply with laws and regulations relating thereto, and prevent or remedy leaks of personal information.

  • 1. In addition to employing reasonable security management measures to prevent the leakage, loss, or damage of personal information, the Company will strive to remedy any leak that may occur by taking both internal and external opinions and suggestions into consideration.
  • 2. The Company will comply with the Act on the Protection of Personal Information# as well as similar such laws, regulations, government mandated guidelines, and other such norms related to personal information, paying careful attention those that are newly established or revised.
  • 3. In addition to designating an Administrative Manager to whom responsibility and authority related to the implementation and operation of the Personal Information Security Management System will be given, the Company will designate a Personal Information Security Auditor and take other such measures to continually reevaluate and improve the content of the Personal Information Security Management System.
  • 4. The Company will strive to respond to any inquiries or complaints relating to personal information. Please refer any inquiries regarding the Company's treatment of personal information or the Personal Information Security Management System to the contact information below.
  • 5. Should the Company (with its clients' permission) provide a third party with the Personal Information of its clients or consign a job to another company, the Company will conclude all agreements and implement appropriate management to ensure that the personal information of the Company's clients is not leaked or re-presented.

Rules for the Treatment of Personal Data

i³ Systems, Inc. will clearly state when it collects user information either online or offline, and will also describe the intended use, management, and operation of said information. The preceding constitutes our Privacy Statement....

more

July 1, 2011
i³ Systems, Inc.
President/CEO Tsutomu Sasaki

Section 1 General Provisions

Article 1 Purpose

These rules stipulate the treatment of personal data by i³ Systems, Inc. (referred to below as “THE COMPANY”).

Article 2 Limitation of Handlers
  • 1 A Personal Data Administrator appointed by the general manager of each head office will have the role / responsibilities of a handler of personal data at each head office, and must publicize the appropriate treatment of said data within the company.
  • 2 The Personal Data Administrator appointed by the general manager of each head office must limit the number of handlers at each head office so that personal data is only treated by those with a work-related need to do so.
Article 3 Restricted Treatment of Sensitive Information

Personal data handlers may not handle information related to an individual's political views, beliefs (e.g. religious, philosophical, and ideological), affiliation with labor unions, race and ethnicity, lineage and legal domicile, healthcare and sexual activity, or criminal record (referred to below as "SENSITIVE INFORMATION") from among personal information except for in the following instances:

  • (1)When in accordance with laws and regulations, etc.;
  • (2)When an official copy of the family registry or other document listing SENSITIVE INFORMATION and in which individuals are identifiable is obtained, used, provided, or stored for the purpose of identifying said individual;
  • (3)When such information is handled with the consent of said individual due to a need to ensure appropriate business operation;
  • (4)When there is a need to do so in order to protect people's lives, well-being, or assets;
  • (5)When there is a specific need to do so in order to improve public health or advance the healthy development of children;
  • (6)When there is a need for people that have received 【???】 of a government agency, regional public entity, or the committees thereof to cooperate in the pursuance of duties stipulated by laws and regulations.
Article 4 Method of Obtaining Individual Consent in the Treatment SENSITIVE INFORMATION
  • 1 As a rule, the method for obtaining the consent of an individual (as described in Article 3.3 above) will be in written format.
  • 2 Even when handling SENSITIVE INFORMATION with the consent of an individual in accordance with Article 3.3 above, personal data handlers must only obtain the minimum amount necessary to carry out their duties.
  • 3 Should SENSITIVE INFORMATION be included in personal data obtained via mail, etc., personal data handlers will (as a rule unless otherwise permitted by said individual) promptly return said information to said individual or dispose of said information in a manner of the individual's designation; provided, however, that should other information listed in said documentation, etc. be necessary to their duties, personal data handlers will obtain said documentation but promptly make the portions listing said SENSITIVE INFORMATION illegible.
Article 5 Limitation of Personal Data Subject to Treatment

Personal Data Administrators must limit the personal data that they handle to that which is necessary to their duties.

Article 6 Management Procedure for Machines / Recording Mediums, Etc.
  • 1 Personal Data Administrators must designate an installation site, establish management sections and authority for , and (as may be necessary) perform modifications on the machines / recording mediums, etc. in which personal data being handled is saved.
  • 2Personal data handlers must comply with the designations and settings in Article 6.1 above and appropriately maintain machines / recording mediums, etc. in which personal data being handled is saved.
  • 3 Personal Data Administrators will (as needed) perform inspections related to the management status of personal data and regularly report their findings to Personal Information Security Administrators.
Article 7 Restriction of Access to Personal Data

In order to restrict access to personal data being handled, Personal Data Administrators must take the following measures related to machines / recording mediums, etc. in which personal data is saved:

  • (1)Create personal data access authority-related functions;
  • (2)Thoroughly manage the IDs and passwords necessary in the handling of personal data;
  • (3)Restrict the entry of unaffiliated people into the space(s) where machines / recording mediums, etc. in which personal data is saved are stored;
  • (4)Appropriately manage personal data received in mail, faxes, etc.
Article 8 Personal Data Access Records and Analysis

In their handling of personal data, Personal Data Administrators must, as may be necessary, obtain and maintain for a required term access and other such records related to the operating status of the system(s) in addition to analyzing said records as may be necessary in order to prevent leaks, etc.

Article 9 Measures Related to Removal of Personal Data From Management Section
  • 1 Personal Information Security Administrators must stipulate the role / responsibilities of personal information handlers in relation to taking personal data outside of a management section (regions that are pre-designated taking business scope into consideration) and publicize said policy within organization.
  • 2 Personal Data Administrators must limit handlers allowed to take personal data outside of a management section to the minimum number necessary.
  • 3 Personal Data Administrators must restrict the personal data allowed outside of a management section to the minimum amount professionally necessary.
  • 4 Personal data handlers must petition a Personal Data Administrator and receive approval before taking personal data outside of a management section.
  • 5 ersonal Data Administrators must verify that when personal data is taken outside of a management section, the person(s) handling said personal data is / are the handler(s) specified in Article 9.2 above themselves. In addition, Personal Data Administrators must verify that personal data being taken outside of a management section is within the scope of personal data specified by Article 9.3 above.
  • 6 When taking personal data outside of a management section, personal data handlers must appropriately manage said data by limiting said data to an amount stipulated separately, as well as by always carrying the machine / medium in which said data is saved.
  • 7 When taking personal data outside of a management section, depending on the type, form, etc. of said data, personal data handlers must report to the Personal Data Administrator and record the status of personal data removed necessarily and appropriately.
  • 8 In order to prevent leaks, etc. of personal data, Personal Data Administrators must (as may be necessary) verify the reported / recorded status of said personal data.
Article 10 Petitions and Authorization Process for Exceptional Treatment

Should personal data handlers wish to treat personal data in a manner not stipulated in these rules, they must petition and receive approval from a Personal Information Security Administrator through their Personal Data Administrator before doing so.

Section 2 Acquisition / Input Phase

Article 1 Definitions
  • 1 "ACQUISITION" means the obtaining of personal information through physical or electronic means from an individual or a third party.
  • 2 "INPUT" means the physical or electronic input of personal information ACQUISITIONs into an information system, such as a database, etc.
Article 2 ACQUISITION / INPUT Status Recording and Analysis
  • 1 In the ACQUISITION / INPUT of personal information, personal data handlers must (depending on the type, form, etc. of information, and as may be necessary) appropriately record the status of the aforementioned ACQUISITION / INPUT.
  • 2 In order to prevent leaks, etc. of personal data, Personal Data Administrators must (as may be necessary) verify the recorded status of said ACQUISITION / INPUT.
Article 3 Cross-check and Verification Procedures at Time of ACQUISITION / INPUT
  • 1 Personal data handlers must verify the identity and authority of information providers when making an ACQUISITION of personal information.
  • 2 Personal data handlers must verify that INPUT data is accurate when creating personal data.

Section 3 Use / Processing Phase

Article 1 Definitions
  • 1 "USE" means the treatment of personal data within the scope of its intended purpose.
  • 2 "PROCESSING" means refreshing personal data, or the USE of personal data to create a new database.
Article 2 USE / PROCESSING Status Recording and Analysis
  • 1 In the USE / PROCESSING of personal information, personal data handlers must (depending on the type, form, etc. of said information, and as may be necessary) appropriately record the status of said USE / PROCESSING.
  • 2 In order to prevent leaks, etc. of personal data, Personal Data Administrators must (as may be necessary) verify the recorded status of the aforementioned USE / PROCESSING.
Article 3 Cross-check and Verification Procedures at Time of USE / PROCESSING
  • 1 Personal data handlers must verify that personal data in USE is accurate as target data.
  • 2 Personal data handlers must cross-check personal data in USE with the original data in order to determine whether said personal data underwent correct PROCESSING.

Section 4 Transfer / Transmission Phase

Article 1 Definitions
  • 1 "TRANSFER" means moving personal data to a different location or person through physical means.
  • 2 "TRANSMISSION" means moving personal data to a different location or person through electronic means.
Article 2 TRANSFER / TRANSMISSION Status Recording and Analysis
  • 1 In the TRANSFER / TRANSMISSION of personal data, personal data handlers must (depending on the type, form, etc. of said data, and as may be necessary) appropriately record the status of said TRANSFER / TRANSMISSION.
  • 2 In order to prevent leaks, etc. of personal data, Personal Data Administrators must (as may be necessary) verify the recorded status of the aforementioned USE / PROCESSING.
Article 3 Cross-check and Verification Procedures at Time of TRANSFER / TRANSMISSION

When performing a TRANSFER / TRANSMISSION of personal data, personal data handlers must cross-check and confirm whether any variances arise at its destination.

Article 5 Storage / Saving Phase

Article 1 Definitions
  • 1 "STORAGE" means the management of personal data through physical means.
  • 2 "SAVING" means the management of personal data through electronic means.
Article 2 STORAGE / SAVING Status Recording and Analysis
  • 1In the STORAGE / SAVING of personal data, personal data handlers must (depending on the type, form, etc. of said data, and as may be necessary) appropriately record the status of said STORAGE / SAVING.
  • 2 In order to prevent leaks, etc. of personal data, Personal Data Administrators must (as may be necessary) verify the aforementioned record.
Article 3 Recording and Analysis of STORAGE / SAVING Status
  • 1 "DELETION" means using electronic or other such methods to erase the personal data of a medium SAVING personal data.
  • 2 "DISPOSAL" means the physical discarding of a medium SAVING personal data.
Article 4 DELETION / DISPOSAL Status Recording and Analysis
  • 1 In the DELETION / DISPOSAL of personal data, personal data handlers must (depending on the type, form, etc. of said data, and as may be necessary) appropriately record the status of said DELETION / DISPOSAL.
  • 2 In order to prevent leaks, etc. of personal data, Personal Data Administrators must (as may be necessary) verify the aforementioned record.
Article 5 Cross-check and Verification Procedures at Time of DELETION / DISPOSAL
  • 1 When performing a DELETION / DISPOSAL of personal data, personal data handlers must cross-check the STORAGE period of the personal data subject to DELETION / DISPOSAL with a Personal Data Management Ledger, etc. or confirm the reason(s) for said DELETION / DISPOSAL before completing said DELETION / DISPOSAL.
  • 2 When performing a DELETION / DISPOSAL of personal data, personal data handlers must perform said DELETION / DISPOSAL in a manner appropriate to the nature of the machine / recording medium, etc. SAVING said data.

Enacted July 1, 2011

Inquiries

Address: i³ Systems, Inc.
Hanamura Bldg. 5 Fl.
2-1-1 Ohashi, Minami Ward
Fukuoka City, Fukuoka 105-0013
E-mail Address: privacy@i3-systems.com
(Please paste “Personal Information Consultation” in the “Subject” line.)