• TOP
  • Privacy Policy

Personal Information Protection Policy

Sansan, Inc., a corporation established and existing under the laws of Japan, having its principal office at: Shibuya Sakura Stage 28F, 1-1 Sakuragaoka-cho, Shibuya-ku, Tokyo 150-6228, Japan, (“Sansan”) engages in information management service for corporations and individual customers (compiling business cards into a database, etc.) and has the privilege of contributing to the society. In addition, in view of the advancement of informatization and increasing recognition of privacy in recent years, we believe the proper handling of personal information is now strongly requested. Based on this philosophy, we have set forth the following personal information protection policy, and we will properly handle personal information in accordance with this policy.

  1. Rules

    The Company shall comply with the laws and regulations, governmental guidelines, and other rules related to the handling of personal information.

  2. Acquisition

    We will acquire personal information in an appropriate manner without using any false or otherwise dishonest means.

  3. Purpose of Use

    When handling personal information, we will specify the purpose of use as much as possible.

  4. Notification

    When acquiring personal information, we will notify the customers of the purpose of use in the event we are required to comply with the provisions of JIS Q 15001.

  5. Use

    We will handle personal information in an appropriate manner only within the scope necessary to achieve the specified purpose of use, and we will take the necessary precautions for that purpose.

  6. Consent

    When we obtain personal information, change the purpose of use, or gain access to any individual customers, we will obtain the consent of such individual customers in question in accordance with the provisions of JIS Q 15001.

  7. Accuracy

    We will keep the contents of personal information in an accurate and updated condition as much as we can within the scope necessary to achieve the purpose of use.

  8. Safety Management

    We shall endeavor to prevent or correct any unauthorized access, leakage, loss, or damage of personal information and take all other necessary and proper precautions to safely manage personal information.

  9. Employees

    For the purpose of safely managing personal information, we will provide our employees with necessary and proper supervision as well as regular and proper education.

  10. Entrustment

    When we entrust the handling of personal information, we shall endeavor to select a contractor who can fully meet the standards to protect personal information. And in order to strive for the safety management, we shall endeavor to provide such contractor with all necessary and appropriate supervision.

  11. Provision

    Except for cases based on the provisions of JIS Q 15001, we will obtain the prior consent of an individual customer when we provide personal information to third parties.

  12. Disclosure

    In connection with the disclosure of personal information subject to disclosure, we will take the necessary precautions in accordance with the provisions of JIS Q 15001.

  13. Complaints and Consultations

    We will strive to deal with complaints and consultations regarding the handling of personal information in an appropriate and prompt manner and will strive to put in place an organization to achieve such processing.

  14. Audit

    We will regularly audit the status of conformance of our personal information protection management system to JIS Q 15001 and the operating status of our personal information protection management system.

  15. Correction

    We will securely implement corrective and preventive measures for any nonconformities found as a result of the audit.

  16. Review

    In order to maintain appropriate protection of personal information, we will regularly review and endeavor to continuously improve our personal information protection management system.

  • Date of enforcement: August 15, 2007
  • Date of the latest revision: October 12, 2023
  • Sansan, Inc.
  • Representative Director/CEO: Chika Terada

‐ Inquiries regarding personal information protection policy ‐

【Personal Information Complaints and Consultations Counter】
Sansan, Inc., Personal Information Complaints and Consultations Counter
Address: Shibuya Sakura Stage 28F, 1-1 Sakuragaoka-cho, Shibuya-ku, Tokyo 150-6228, Japan
TEL: +81-3-6758-0033
Business Hours: Monday through Friday 10:00a.m.-4:00p.m. JST excluding national holidays in Japan

Handling of Personal Information

*For Handling of Personal Information of Eight service, please visit here
*For handling of personal information received from customers relating to bank agency service providings, please visit here.

  1. Name, Trade Name, Address, and Name of Representative of Business Operato

    Sansan, Inc.
    Shibuya Sakura Stage 28F, 1-1 Sakuragaoka-cho, Shibuya-ku, Tokyo 150-6228, Japan
    Representative Director/CEO: Chika Terada

  2. Title, Office, and Contact Address of Personal Information Administrative Manager

    CISO (Chief Information Security Officer)/DPO (Data Protection Officer​) Kenji Shiomi (Please refer to the contact details “Personal Information Complaints and Consultations Counter” at the bottom of this page.)

  3. Purpose of Use on Acquiring Personal Information

    In light of our service that requires personal information from customers and operates information management services for enterprise and individual users (“Service”), the purpose of use of personal information are set forth as follows:
    Furthermore, there is a set period that personal information is stored for the extent necessary for the purpose of use, and once this period passes or the purpose of use has been achieved, the personal information is swiftly deleted, unless there is a period set forth by the law or unless consent has been received from the customer.

    1. (1) Customers’ personal information

      • To provide and manage the Service properly
    2. (2) Provided personal information from customers

      • To provide and manage the Service properly
    3. (3) Venders, suppliers, or business partners’ personal information other than above (1)

      • To provide and manage the Service properly
    4. (4) Shareholders’ personal information

      • To exercise rights and perform obligations under the Companies Act and Commercial Code of Japan
      • To provide various conveniences
      • To implement various measures to facilitate the relationship between shareholders and us
      • To prepare and manage the shareholders’ database in accordance with the standards of various laws and regulations
    5. (5) Prospective employees’ personal information

      • To provide recruiting information and contact the persons who are interested in and have applied for a position with us
      • To conduct recruiting activities
      • To provide guidance regarding seminars, events, etc.
      • To implement questionnaire surveys
    6. (6) Our employees’ personal information

      • To contact an employee in the course of business operations, make a list of employees, proceed with any legally required procedures including those after retirement, and manage the employment operations
      • To make decisions on personnel selection, transfer, secondment, or dispatch
      • To make decisions on compensation and payment, handle taxes, and social insurance and provide welfare benefits
      • To execute the safety control measures such as video and online monitoring
      • To conduct our PR or advertisement activities
      • To operate proper health management (except in the case of the requirement of laws and regulations, we do not acquire, use, or provide health information of employees such as results of medical check-ups.)
    7. (7) Personal information of customers who contacted us(Including requests for information materials)

      • To improve our customer service satisfaction
      • To understand accurately and deal with the inquiries and notifications
      • To provide guidance regarding personal information management services, etc.
      • To provide guidance regarding seminars, events, etc.
      • To implement questionnaire surveys
      • To distribute newsletters
      • To perform analytics for use in sales of information management services, etc. and to be used in marketing
    8. (8) Personal information of parties that participate in seminars, events, etc. and respond to questionnaires, etc.

      • To accurately acquire and process inquiries and details of communications
      • To provide guidance regarding information management services
      • To provide guidance regarding seminars, events, etc.
      • To provide recruiting information and contact the persons
      • To implement questionnaire surveys
      • To distribute newsletters
      • To perform analytics for use in sales of information management services, etc. and to be used in marketing
      • To use for public relations, promotion, sales, recruitment activities, etc. as statistical data that does not identify individuals
      • To take photographs, videos, audio recordings, etc. (“Event Recordings”) of seminars, events, etc. to provide guidance regarding Company services, seminars, events, etc. and to be used in PR, publicity, business activities, etc.
    9. (9) Publicly disclosed personal information (including information on directors, officers, employees, and shareholders of a corporation or other entities, which is disclosed or publicly announced by such individuals themselves or by such corporations or entities), personal information acquired from maps, publications, and magazines sold to the general public as well as information reported by news media (“Disclosed Information”)

      • To keep information up-to-date in providing the Service
      • To provide Disclosed Information to customers or business partners using the Service on condition that the provision to the third parties of such information is suspended upon request from a person whose personal information is at issue (“Data Subject”)
        • Method of acquiring Disclosed Information to be provided to the third parties
          Acquisition of information published by companies and organizations on their own websites, etc., Acquisition of information disclosed by government agencies in accordance with various laws, regulations, and systems, Acquisition of press information by the news media
        • Method of updating Disclosed Information to be provided to the third parties
          Updating of databases, upon comparing the new with the existing
        • Details of Disclosed Information to be provided to the third parties
          Company name, department name, job title, address, name, contact information, etc.
        • Method of acquisition and provision of Disclosed Information provided to the third parties
          By telephone, facsimile, e-mail, or on the Internet
        • Procedure to suspend the provision of Disclosed Information to the third parties
          We will suspend the provision of Disclosed Information to the third parties upon request from a Data Subject. If you would like to request it, please contact at the following e-mail address.
          personnel_transfersansan.com
  4. Entrustment

    Within the scope of achieving the Purpose of Use on Acquiring Personal Information as set forth in paragraph 3 above, the Company may entrust an outside contractor with the handling of personal information. For this entrustment, the Company shall select such a contractor that is capable of the proper management of personal information in accordance with the standards of the Company, and based upon conclusion of a nondisclosure agreement with the said contractor, monitoring shall be provided through conditions related to the clarification of entrusted duties, the obligation for security control, re-entrustment, reporting, auditing, etc., which is necessary to ensure the safety of personal information.
    In addition, the systematic, human, physical, and technical security control measures of the contractor shall be evaluated in line with the Company’s contractor control regulations, and a re-evaluation shall be conducted annually.

  5. Provision of Personal Information to Third Parties

    The Company will not provide any acquired personal information to any third parties except in cases in which the individual gives prior consent or in cases in which such provision is based on laws and regulations. Such provision shall be made to parties that receive applications for the various seminars and events organized by the Company.

    1. (1) The Company may provide customer personal information on behalf of the customer to exhibition, sponsor, and co-Sponsor Companies (“Sponsor Companies, etc.”), including cases in which personal information is directly acquired by the Sponsor Companies, etc.
      1. ① Destination of Provision

        Sponsor/co-sponsor companies for various seminars and events organized by the Company (to be listed in the details)

      2. ② Items of Personal Information to be provided

        Company name, Department name, Title, Company address, Name, Contact information, etc., Event details

      3. ③ Purpose of providing Personal Information
        • For Sponsor Companies, etc. to deal with customer’s inquiries;
        • For Sponsor Companies, etc. to provide information on services and seminars;
        • For Sponsor Companies, etc. to deliver e-mail newsletters;
        • For Sponsor Companies, etc. to publish and release event details in print media and online with the purposes of PR, publicity, business activities, etc.
        • For Sponsor Companies, etc. to provide other guidance and communications
      4. ④ Method of provision

        Common methods such as telephone, fax, e-mail, and postal mail

    2. (2) The Company may provide Event Recordings to various press/media, etc. with the purpose of assisting with reports, articles, publications, etc. by the said press/media, etc. Event Recordings may also be made directly by the press/media, etc.
    3. (3) The Company may publish/release Event Recordings in print media/online with the purpose of PR, publicity, business activities, etc.
  6. Sharing of Personal Information

    1. (1) Items of personal information to be shared

      Such items of personal information acquired for “Purpose of Use on Acquiring Personal Information” set forth in Section 3 above may be shared between or among our subsidiaries.

    2. (2) Scope of such sharing

      Sansan, Inc.
      Sansan Global Pte. Ltd.
      Sansan Global Development Center, Inc.
      Sansan Global (Thailand) Co., Ltd.

    3. (3) Purpose of use of such shared personal information

      Same as those in Section 3 above, “Purpose of Use on Acquiring Personal Information”

    4. (4) Name, trade name, address, and name of representative of person responsible for management of the said Personal Information

      Sansan, Inc.
      Shibuya Sakura Stage 28F, 1-1 Sakuragaoka-cho, Shibuya-ku, Tokyo 150-6228, Japan
      Representative Director/CEO: Chika Terada

    5. (5) Method of acquisition or provision

      By telephone, facsimile, e-mail, or on the Internet

  7. Measures Taken for the Safe Management of Personal Information

    1. (1) Enactment of basic policy

      Publication of a personal information protection policy that includes the observance and continuous enhancement toward the regulations of personal information protection laws

    2. (2) Provision of regulations regarding the handling of personal information

      Provision of internal regulations stipulating measures for each stage of acquisition, use, storage, provision, deletion/elimination, etc.

    3. (3) Systematic safety management measures

      • In addition to defining the person responsible for the handling of personal information, the clarification of the scope of personal information to be handled by employees who handle personal information and the scope of the said employees, and the provision of a report and contact system to the person responsible
      • A risk evaluation is performed during service development and when beginning duties which handle personal information. Considering each aspect of the handling, if appropriate security control measures are not taken then anticipated risks are identified and countermeasures are implemented
      • Yearly independent inspections and audits by the auditing department
    4. (4) Human security control measures

      • Implementation of periodic training regarding the protection of personal information
      • Description of items related to confidentiality in work regulations and contracts
      • Company policy states that those violating the company’s policy on handling of personal information will face disciplinary action
    5. (5) Physical security control measures

      • Control of entry/exit points and restriction of equipment brought in
      • Measures to prevent inspection of personal information by unauthorized persons
      • Locking/encryption measures, etc. to prevent the theft or loss of equipment, electronic media and documents, etc. containing personal information
    6. (6) Technical security control measures

      • Access controls for personal information databases, etc.
      • Introduction of structures for protection against outside unauthorized access and fraudulent software
    7. (7) Understanding external environments

      Safety control measures are implemented based on an understanding of the systems of personal information protection in Singapore, the Philippines, and Thailand where our subsidiaries are located. Regarding entrustment by the Company, the following measures, etc. (related to the Personal Information Protection Act (the “Act”), Article 28 (3)) are to be taken in the case that personal data is provided to a person that maintains the systems required to continuously implement the measures corresponding to the measures that should be taken by business that acquire personal information.

      1. ① A work subcontract including personal information safety control measures (“security control contract, etc.”) shall be executed by the said third party and the contractor for the provision of systems stipulated in Article 28 (1) of the Act.
      2. ② Summary of the measures to be implemented by the said third party
        • At the time of entrustment, the Company shall select such a contractor that is capable of the proper management of personal information in accordance with the standards of the Company, enact a security control contract, etc. and monitoring shall be provided through conditions related to the clarification of entrusted duties, the obligation for security control, re-entrustment, reporting, auditing, etc., which is necessary to ensure the safety of personal information.
        • The systematic, human, physical, and technical security control measures of the contractor shall be evaluated in line with the Company’s contractor control regulations, and a re-evaluation shall be conducted annually.
        • In line with the nature of the entrusted duties, the Company shall take system security measures including the implementation of work by accessing specialist tools developed by the Company.
      3. ③ Frequency and method of confirmations stipulated in Enforcement rules of the Personal Information Protection Act, Article 18(1)ⅰ
        • The systematic, human, physical, and technical security control measures of the contractor shall be evaluated in line with the Company’s contractor control regulations, and a re-evaluation shall be conducted annually.
        • The inspection of foreign law is entrusted to the office of a lawyer, which provides reports as and when necessary.
      4. ④ Names of the relevant countries

        The Philippines, Myanmar, Vietnam, Bangladesh, and Thailand

      5. ⑤ Existence and summary of systems in the respective countries that may impact the implementation of the relevant measures by the third party
        • The inspection of foreign law is entrusted to the office of a lawyer, which provides reports as and when necessary. No confirmation is made of the existence of systems that may impact the implementation of the relevant measures.
        • As a measure with regard to general government access, in addition to setting a security control contract, etc. with the contractor, depending on the nature of the entrusted duties, the Company shall take system security measures including the implementation of work by accessing specialist tools developed by the Company.
        • Click on the links for information and survey results, etc. from the Personal Information Protection Commission (PPC) with regard to overseas systems and trends in connection to personal information protection.
      6. ⑥ Existence and summary of any hindrances to the implementation of the relevant measures by the third party
        • No confirmation is made of any hindrances.
        • Operations may be suspended immediately in the case that there is a hindrance to the implementation of the relevant measures.
      7. ⑦ Summary of measures to be taken by the said party handling personal information based on Enforcement rules of the Personal Information Protection Act, Article 18 (1) ⅱ with regard to the hindrances in the preceding item
        • No confirmation is made of any hindrances.
  8. Purpose of Use of Personal Information Subject to Disclosure*1

    Same as Section 3 above, “Purpose of Use on Acquiring Personal Information.” Notwithstanding the foregoing, “Provided Personal Information from Customers” set forth in (2) shall not be included in Personal Information Subject to Disclosure.

  9. Notification of Purpose of Use, Request Fee Amount, and Request Procedures of Disclosures, etc. for Personal Information Subject to Disclosure

    1. (1) Request procedures of Disclosures, etc. for Personal Information Subject to Disclosure

      For those requesting notification of the purpose of use and disclosure of Personal Information Subject to Disclosure, disclosure of records of when such was provided to a third party, disclosure of records of when such was received from a third party, correction of the details of such, addition or deletion of such, suspension of use, or deletion or suspension of provision to third parties (collectively, “Disclosure, etc.”), the Company will accept such requests by telephone, postal mail, and e-mail. Upon receiving such a request, we will inform you in detail how to proceed. The party making the request shall provide identification documents in order for the procedures to be carried out.

    2. (2) Request fee amount

      For the notification and disclosure of Personal Information Subject to Disclosure, a request fee of JPY1,000 per request (JPY1,000/request) will be charged. In addition, depending on the details of the request, we may charge extra fees according to the amount of work a great deal of time is required for such disclosure. In this case, the party making the request will be provided with an estimated cost in advance.

  10. Cautions Regarding the Provision and Input of Personal Information

    The provision of information other than the required items is voluntary. However, in the case that such information is not provided, it may not be possible to provide an accurate response to any inquiries or questions, etc.

  11. Acquisition of Personal Information in a Manner not Easily Recognizable by a Data Subject

    1. (1) The Company may use Cookies, web beacons, and other similar technologies (“Cookies”) to protect privacy, enhance usage, distribute advertisements, and acquire statistical data with regard to customers who use the Service, etc. and customers and visitors (“Visitors”) to the website. Cookies may be used to acquire and analyze the state of use by the Visitors and the Visitors’ attribution information.
      The Company uses Cookies in behavioral advertising to distribute advertisements optimized to the customer. If the customer wishes to opt out of this service, please follow the “procedures” stipulated by the advertising service provider.
    2. (2) The Company may automatically create and save information such as the customer’s IP address, type of browser, and browser language (“Browser Language and Other Information”). We may use such information to analyze user environments, offer better services, and prevent improper acts that disturb normal provision of the Service.
    3. (3) Cookies and Browser Language and Other Information may be handled by the Company as personal information.
  12. Distribution Advertisements by Advertising-Related Businesses

    1. (1) Purpose of Use

      The Company may identify users of services held by advertising-related businesses by linking them to user lists, and may use the information for marketing analysis, provision of information, advertising, and proposal on the relevant services.

    2. (2) Scope and attributes of provision

      Advertising-related businesses to which information is provided can be found here.

    3. (3) Items of Personal Information to be provided

      E-mail address, telephone number and other contact information

  13. Acquisition of Personal Information for Integration with External Services

    The Company integrates the Service with external services. Customer can choose to permit or restrict the integration of the Service with external services. When the customer permits an external service, information explicitly expressed to the external service is acquired by the Company for the provision of the Service.

  14. Personal Information Complaints and Consultations Center

    Sansan, Inc., Personal Information Complaints and Consultations Counter
    Address: Shibuya Sakura Stage 28F, 1-1 Sakuragaoka-cho, Shibuya-ku, Tokyo 150-6228, Japan
    TEL: +81-3-6758-0033
    Business Hours: Monday–Friday; 10:00 a.m.–4:00 p.m. JST excluding national holidays in Japan

    [Access from the EU]
    We have designated Enobyte GmbH as our EU representative pursuant to Art. 27 of GDPR.
    For inquiries regarding privacy and rights, please contact the representative as below.
    Contact details: Enobyte GmbH
    Augustenstr. 49, 80333 Munich, Germany
    Email: eurepenobyte.com
    TEL: +49 89 215 4774 -30

*1: “Personal Information Subject to Disclosure” is personal information comprising the aggregation of systematically organized information that can be searched using a computer, or the aggregation of systematically organized information that allows specific personal information to be searched with ease by organizing, classifying, indexing, and coding according to certain rules, for which the Company has the authority to respond to all requests from a Data Subject for the disclosure, correction, addition, or deletion of their own personal information and to suspend the provision of such personal information to third parties. Please feel free to contact the “Personal Information Complaints and Consultations Counter” for further information.

Note:
This document has been translated from the Japanese original for reference purposes only. In the event of any discrepancy between this translated document and the Japanese original, the original shall prevail.