Trio System Plans Co., Ltd. Michiomi Kinoshita, CEO
Trio System Plans Co., Ltd. affirms that the ultimate focus of the information services we provide is people. Our basic policy is to provide warm, people-friendly information services. As such, we organically and efficiently fuse together the three elements of hardware, software and human touch, or human-ware, through our resourcefulness and technology as we seek to be a company that contributes to the creation of an affluent, advanced information-oriented society. We fully recognize that continually ensuring the safety of personal information while properly using such information for the provision of information services via an advanced, complex IT infrastructure is a social responsibility of our company as we aim to provide people with optimal information services. With protecting individual rights as our top priority, we establish trust with our customers and provide information services they can use with peace of mind by implementing optimal information security measures for personal information based on observance of social norms concerning such information.
A specific effort we have engaged in toward that end is the development of a management system for the protection of personal information aimed at achieving the objective of our basic policy on the protection of personal information outlined below. We hereby declare that we will instill the policy in our directors and all employees and come together as a company in efforts to maintain and promote it.
We will observe laws regarding the handling of personal information, JIS (JISQ 15001) guideline on requirements related to management systems for protection of personal information, and other national guidelines, as well as other related rules such as guidelines of local authorities and industry organizations.
We have established optimal and appropriate rules for handling of personal information and have made them into internal regulations with full understanding and recognition of how the personal information made available to our businesses is handled, taking stock of the contents of agreements with customers and their requirements, and we will observe these internal regulations in the collection, use, provision, etc. of personal information.
We have stipulated within internal regulations that we will not use or provide personal information to third parties outside the scope of the specified purpose of use. We will deter use outside the intended purpose by clarifying the procedures for use of personal information and will prevent incidents by engaging in such efforts as thorough management of access privileges.
Recognizing and analyzing the risk of leaks, loss or manipulation of personal information, we have formulated measures to prevent and correct such things in order to take appropriate steps according to the importance of personal information. Additionally, by reflecting these measures in internal regulations, we have clearly specified the measures to be implemented and given them shape.
We fully respect the rights of the individual with respect to their personal information. We have established and opened a point of contact to handle complaints, inquiries and requests for the disclosure, correction, discontinuation of use, etc. of personal information and will respond promptly, efficiently and safely.
In order to achieve optimal protection of personal information, including the items above, we will maintain, promote and review our management system for the protection of personal information on an ongoing basis and will make improvements as necessary.
Enacted on May 1, 2005 Revised on November 1, 2006
Trio System Plans Co., Ltd. has always recognized the importance of protecting personal information and has worked to protect our customers' information, but as part of our efforts to strengthen that protection, we have acquired Privacy Mark certification. As a certified company, we will continue to deepen our commitment to the protection of personal information as we go about our business so that our customers can entrust us with their personal information with peace of mind.
Trio System Plans recognizes the importance of protecting personal information in an advanced information and communication society and believes that safely and properly handling the personal information of all those with whom we interact, from our customers and the representatives of our business partners to our employees, is an important social responsibility.
The job title and contact information for the manager in charge of protecting personal information are provided below. This person bears full responsibility for promoting, maintaining, implementing and improving the internal personal information protection system.
Personal Information Protection Manager, Corporate Administration Department TEL: +81-52-201-6991 / FAX: +81-52-201-6993
The personal information we handle is divided into the following main categories:
We collect personal information using only fair and legal means.
Moreover, in accordance with our management system for the protection of personal information, we obtain the consent of the individual prior to collecting the information.
When working with indirectly collected personal information entrusted to us by clients, we confirm with our clients that they have obtained the consent of the individual.
However, we may forgo this in the event that we determine that notifying or disclosing information to the individual or obtaining their consent would put their life/property or that of a third party at risk or violate the law. Such decisions will not be made arbitrarily but objectively based on logical reasoning and common sense.
When we collect personal information from an individual directly in writing, we explain the voluntariness as well as the impact on the individual if we are unable to obtain the information on a case by case basis. In many cases, if we are unable to obtain certain personal information, we likely will not be able to provide the individual with services involving said information, but depending on the item, there are also many pieces of information for which provision is voluntary, so in addition to individual points of contact, we also have a point of contact for complaints and inquiries provided below.
We use personal information only within the scope of the purpose to which the individual has given their consent.
The purpose of use of personal information we handle within our business is as follows:
Within the scope of the purpose of use to which the individual has given their consent, we may share or disclose the personal information we have collected with third parties.
We share/disclose personal information primarily in the following work/formats:
When we take on information processing/software development work, we may entrust a third party with the handling of personal information with the consent of the client in order to serve the purpose. When entrusting a third party with the handling of personal information, we select a business partner that meets a certain level of requirements regarding the proper protection of such information in accordance with our management system for the protection of personal information, and we conclude a confidentiality agreement with them, checking and monitoring the handling of the information after the work is assigned and managing/overseeing the information until it is returned or destroyed after the work is complete.
We may provide the personal information of employees to a third party when subcontracting the preparation of company PR materials (such as brochures and websites) or labor/social insurance operations. In such cases, we handle selection of the company and conclusion of agreements in the same way as subcontracting of software development.
We retain the personal information we collect for a certain period of time based on internal document control rules according to the format, type, etc. of the information. In particular, with regards to the information of job applicants, policy holders, shareholders, employees and junior employees for which we have responsibility corresponding to the individual's rights as presented in the following paragraph, there are some items we retain even after the individual is no longer affiliated with us (due to cancellation, leaving the company, etc.) in order to respond to legal requirements and resolve subsequent problems.
We implement reasonable and appropriate safety measures with respect to risk pertaining to personal information based on the rules of our management system for the protection of personal information as we go about managing the personal information we collect (from collection to return or disposal).
In the event that we receive a request from the individual to which the personal information we retain or manage belongs to exercise the rights described below, we will take action (including deciding whether the request is appropriate or not) and notify the individual of the result (including the reason we were unable to comply with the request if we were unable to do so) without delay.
The points of contact for the respective services will respond to inquiries regarding the procedures for such requests and will explain the contents of disclosure, format, external proof (means to confirm identity) required of the individual or his/her proxy, etc. In the event that the point of contact is unknown, the point of contact for complaints and inquiries below will handle the request or direct you to the appropriate point of contact.
By periodically educating about and familiarizing employees and junior employees with our management system for protecting personal information, we will maintain its proper operation, and by regularly auditing the system and reviewing it under the direction of the company president, we will engage in ongoing improvements to as well as promotion and maintenance of the system.
We have established a point of contact for complaints and inquiries which takes complaints and inquiries regarding all the personal information in our care from the individual in question.
This point of contact will also respond to requests for disclosure or discontinuation of use of personal information on behalf of the division in charge of collecting or using the information.
Requests to resolve complaints regarding our handling of personal information may be submitted to the third party organization below, which is an authorized personal information protection organization and of which we are a member, based on the Act on the Protection of Personal Information.