Sansan, Inc., a corporation established and existing under the laws of Japan, having its principal office at: Shibuya Sakura Stage 28F, 1-1 Sakuragaoka-cho, Shibuya-ku, Tokyo 150-6228, Japan, (“Sansan”) engages in information management service for corporations and individual customers (compiling business cards into a database, etc.) and has the privilege of contributing to the society. In addition, in view of the advancement of informatization and increasing recognition of privacy in recent years, we believe the proper handling of personal information is now strongly requested. Based on this philosophy, we have set forth the following personal information protection policy, and we will properly handle personal information in accordance with this policy.
Rules
The Company shall comply with the laws and regulations, governmental guidelines, and other rules related to the handling of personal information.
Acquisition
We will acquire personal information in an appropriate manner without using any false or otherwise dishonest means.
Purpose of Use
When handling personal information, we will specify the purpose of use as much as possible.
Notification
When acquiring personal information, we will notify the customers of the purpose of use in the event we are required to comply with the provisions of JIS Q 15001.
Use
We will handle personal information in an appropriate manner only within the scope necessary to achieve the specified purpose of use, and we will take the necessary precautions for that purpose.
Consent
When we obtain personal information, change the purpose of use, or gain access to any individual customers, we will obtain the consent of such individual customers in question in accordance with the provisions of JIS Q 15001.
Accuracy
We will keep the contents of personal information in an accurate and updated condition as much as we can within the scope necessary to achieve the purpose of use.
Safety Management
We shall endeavor to prevent or correct any unauthorized access, leakage, loss, or damage of personal information and take all other necessary and proper precautions to safely manage personal information.
Employees
For the purpose of safely managing personal information, we will provide our employees with necessary and proper supervision as well as regular and proper education.
Entrustment
When we entrust the handling of personal information, we shall endeavor to select a contractor who can fully meet the standards to protect personal information. And in order to strive for the safety management, we shall endeavor to provide such contractor with all necessary and appropriate supervision.
Provision
Except for cases based on the provisions of JIS Q 15001, we will obtain the prior consent of an individual customer when we provide personal information to third parties.
Disclosure
In connection with the disclosure of personal information subject to disclosure, we will take the necessary precautions in accordance with the provisions of JIS Q 15001.
Complaints and Consultations
We will strive to deal with complaints and consultations regarding the handling of personal information in an appropriate and prompt manner and will strive to put in place an organization to achieve such processing.
Audit
We will regularly audit the status of conformance of our personal information protection management system to JIS Q 15001 and the operating status of our personal information protection management system.
Correction
We will securely implement corrective and preventive measures for any nonconformities found as a result of the audit.
Review
In order to maintain appropriate protection of personal information, we will regularly review and endeavor to continuously improve our personal information protection management system.
‐ Inquiries regarding personal information protection policy ‐
【Personal Information Complaints and Consultations Counter】*For Handling of Personal Information of Eight service, please visit here
*For handling of personal information received from customers relating to bank agency service providings, please visit here.
Name, Trade Name, Address, and Name of Representative of Business Operato
Sansan, Inc.
Shibuya Sakura Stage 28F, 1-1 Sakuragaoka-cho, Shibuya-ku, Tokyo 150-6228, Japan
Representative Director/CEO: Chika Terada
Title, Office, and Contact Address of Personal Information Administrative Manager
CISO (Chief Information Security Officer)/DPO (Data Protection Officer) Kenji Shiomi (Please refer to the contact details “Personal Information Complaints and Consultations Counter” at the bottom of this page.)
Purpose of Use on Acquiring Personal Information
In light of our service that requires personal information from customers and operates information management services for enterprise and individual users (“Service”), the purpose of use of personal information are set forth as follows:
Furthermore, there is a set period that personal information is stored for the extent necessary for the purpose of use, and once this period passes or the purpose of use has been achieved, the personal information is swiftly deleted, unless there is a period set forth by the law or unless consent has been received from the customer.
(1) Customers’ personal information
(2) Provided personal information from customers
(3) Venders, suppliers, or business partners’ personal information other than above (1)
(4) Shareholders’ personal information
(5) Prospective employees’ personal information
(6) Our employees’ personal information
(7) Personal information of customers who contacted us(Including requests for information materials)
(8) Personal information of parties that participate in seminars, events, etc. and respond to questionnaires, etc.
(9) Publicly disclosed personal information (including information on directors, officers, employees, and shareholders of a corporation or other entities, which is disclosed or publicly announced by such individuals themselves or by such corporations or entities), personal information acquired from maps, publications, and magazines sold to the general public as well as information reported by news media (“Disclosed Information”)
Entrustment
Within the scope of achieving the Purpose of Use on Acquiring Personal Information as set forth in paragraph 3 above, the Company may entrust an outside contractor with the handling of personal information. For this entrustment, the Company shall select such a contractor that is capable of the proper management of personal information in accordance with the standards of the Company, and based upon conclusion of a nondisclosure agreement with the said contractor, monitoring shall be provided through conditions related to the clarification of entrusted duties, the obligation for security control, re-entrustment, reporting, auditing, etc., which is necessary to ensure the safety of personal information.
In addition, the systematic, human, physical, and technical security control measures of the contractor shall be evaluated in line with the Company’s contractor control regulations, and a re-evaluation shall be conducted annually.
Provision of Personal Information to Third Parties
The Company will not provide any acquired personal information to any third parties except in cases in which the individual gives prior consent or in cases in which such provision is based on laws and regulations. Such provision shall be made to parties that receive applications for the various seminars and events organized by the Company.
Sponsor/co-sponsor companies for various seminars and events organized by the Company (to be listed in the details)
Company name, Department name, Title, Company address, Name, Contact information, etc., Event details
Common methods such as telephone, fax, e-mail, and postal mail
Sharing of Personal Information
(1) Items of personal information to be shared
Such items of personal information acquired for “Purpose of Use on Acquiring Personal Information” set forth in Section 3 above may be shared between or among our subsidiaries.
(2) Scope of such sharing
Sansan, Inc.
Sansan Global Pte. Ltd.
Sansan Global Development Center, Inc.
Sansan Global (Thailand) Co., Ltd.
(3) Purpose of use of such shared personal information
Same as those in Section 3 above, “Purpose of Use on Acquiring Personal Information”
(4) Name, trade name, address, and name of representative of person responsible for management of the said Personal Information
Sansan, Inc.
Shibuya Sakura Stage 28F, 1-1 Sakuragaoka-cho, Shibuya-ku, Tokyo 150-6228, Japan
Representative Director/CEO: Chika Terada
(5) Method of acquisition or provision
By telephone, facsimile, e-mail, or on the Internet
Measures Taken for the Safe Management of Personal Information
(1) Enactment of basic policy
Publication of a personal information protection policy that includes the observance and continuous enhancement toward the regulations of personal information protection laws
(2) Provision of regulations regarding the handling of personal information
Provision of internal regulations stipulating measures for each stage of acquisition, use, storage, provision, deletion/elimination, etc.
(3) Systematic safety management measures
(4) Human security control measures
(5) Physical security control measures
(6) Technical security control measures
(7) Understanding external environments
Safety control measures are implemented based on an understanding of the systems of personal information protection in Singapore, the Philippines, and Thailand where our subsidiaries are located. Regarding entrustment by the Company, the following measures, etc. (related to the Personal Information Protection Act (the “Act”), Article 28 (3)) are to be taken in the case that personal data is provided to a person that maintains the systems required to continuously implement the measures corresponding to the measures that should be taken by business that acquire personal information.
The Philippines, Myanmar, Vietnam, Bangladesh, and Thailand
Purpose of Use of Personal Information Subject to Disclosure*1
Same as Section 3 above, “Purpose of Use on Acquiring Personal Information.” Notwithstanding the foregoing, “Provided Personal Information from Customers” set forth in (2) shall not be included in Personal Information Subject to Disclosure.
Notification of Purpose of Use, Request Fee Amount, and Request Procedures of Disclosures, etc. for Personal Information Subject to Disclosure
(1) Request procedures of Disclosures, etc. for Personal Information Subject to Disclosure
For those requesting notification of the purpose of use and disclosure of Personal Information Subject to Disclosure, disclosure of records of when such was provided to a third party, disclosure of records of when such was received from a third party, correction of the details of such, addition or deletion of such, suspension of use, or deletion or suspension of provision to third parties (collectively, “Disclosure, etc.”), the Company will accept such requests by telephone, postal mail, and e-mail. Upon receiving such a request, we will inform you in detail how to proceed. The party making the request shall provide identification documents in order for the procedures to be carried out.
(2) Request fee amount
For the notification and disclosure of Personal Information Subject to Disclosure, a request fee of JPY1,000 per request (JPY1,000/request) will be charged. In addition, depending on the details of the request, we may charge extra fees according to the amount of work a great deal of time is required for such disclosure. In this case, the party making the request will be provided with an estimated cost in advance.
Cautions Regarding the Provision and Input of Personal Information
The provision of information other than the required items is voluntary. However, in the case that such information is not provided, it may not be possible to provide an accurate response to any inquiries or questions, etc.
Acquisition of Personal Information in a Manner not Easily Recognizable by a Data Subject
Distribution Advertisements by Advertising-Related Businesses
(1) Purpose of Use
The Company may identify users of services held by advertising-related businesses by linking them to user lists, and may use the information for marketing analysis, provision of information, advertising, and proposal on the relevant services.
(2) Scope and attributes of provision
Advertising-related businesses to which information is provided can be found here.
(3) Items of Personal Information to be provided
E-mail address, telephone number and other contact information
Acquisition of Personal Information for Integration with External Services
The Company integrates the Service with external services. Customer can choose to permit or restrict the integration of the Service with external services. When the customer permits an external service, information explicitly expressed to the external service is acquired by the Company for the provision of the Service.
Personal Information Complaints and Consultations Center
Sansan, Inc., Personal Information Complaints and Consultations Counter
Address: Shibuya Sakura Stage 28F, 1-1 Sakuragaoka-cho, Shibuya-ku, Tokyo 150-6228, Japan
TEL: +81-3-6758-0033
Business Hours: Monday–Friday; 10:00 a.m.–4:00 p.m. JST excluding national holidays in Japan
[Access from the EU]
We have designated Enobyte GmbH as our EU representative pursuant to Art. 27 of GDPR.
For inquiries regarding privacy and rights, please contact the representative as below.
Contact details: Enobyte GmbH
Augustenstr. 49, 80333 Munich, Germany
Email: eurepenobyte.com
TEL: +49 89 215 4774 -30
*1: “Personal Information Subject to Disclosure” is personal information comprising the aggregation of systematically organized information that can be searched using a computer, or the aggregation of systematically organized information that allows specific personal information to be searched with ease by organizing, classifying, indexing, and coding according to certain rules, for which the Company has the authority to respond to all requests from a Data Subject for the disclosure, correction, addition, or deletion of their own personal information and to suspend the provision of such personal information to third parties. Please feel free to contact the “Personal Information Complaints and Consultations Counter” for further information.
Note:
This document has been translated from the Japanese original for reference purposes only. In the event of any discrepancy between this translated document and the Japanese original, the original shall prevail.