Sansan, Inc., a corporation established and existing under the laws of Japan, having its principal office at: Aoyama Oval Building 13F, 5-52-2 Jingumae, Shibuya-ku, Tokyo 150-0001, Japan, (“Sansan”) engages in information management service for corporations and individual customers (compiling business cards into a database, etc.) and has the privilege of contributing to the society. In addition, in view of the advancement of informatization and increasing recognition of privacy in recent years, we believe the proper handling of personal information is now strongly requested. Based on this philosophy, we have set forth the following personal information protection policy, and we will properly handle personal information in accordance with this policy.
The Company shall comply with the laws and regulations, governmental guidelines, and other rules related to the handling of personal information.
We will acquire personal information in an appropriate manner without using any false or otherwise dishonest means.
Purpose of Use
When handling personal information, we will specify the purpose of use as much as possible.
When acquiring personal information, we will notify the customers of the purpose of use in the event we are required to comply with the provisions of JIS Q 15001.
We will handle personal information in an appropriate manner only within the scope necessary to achieve the specified purpose of use, and we will take the necessary precautions for that purpose.
When we obtain personal information, change the purpose of use, or gain access to any individual customers, we will obtain the consent of such individual customers in question in accordance with the provisions of JIS Q 15001.
We will keep the contents of personal information in an accurate and updated condition as much as we can within the scope necessary to achieve the purpose of use.
We shall endeavor to prevent or correct any unauthorized access, leakage, loss, or damage of personal information and take all other necessary and proper precautions to safely manage personal information.
For the purpose of safely managing personal information, we will provide our employees with necessary and proper supervision as well as regular and proper education.
When we entrust the handling of personal information, we shall endeavor to select a contractor who can fully meet the standards to protect personal information. And in order to strive for the safety management, we shall endeavor to provide such contractor with all necessary and appropriate supervision.
Except for cases based on the provisions of JIS Q 15001, we will obtain the prior consent of an individual customer when we provide personal information to third parties.
In connection with the disclosure of personal information subject to disclosure, we will take the necessary precautions in accordance with the provisions of JIS Q 15001.
Complaints and Consultations
We will strive to deal with complaints and consultations regarding the handling of personal information in an appropriate and prompt manner and will strive to put in place an organization to achieve such processing.
We will regularly audit the status of conformance of our personal information protection management system to JIS Q 15001 and the operating status of our personal information protection management system.
We will securely implement corrective and preventive measures for any nonconformities found as a result of the audit.
In order to maintain appropriate protection of personal information, we will regularly review and endeavor to continuously improve our personal information protection management system.
‐ Inquiries regarding personal information protection policy ‐【Personal Information Complaints and Consultations Counter】
*For Handling of Personal Information of Eight service, please visit here.
Name, Trade Name, Address, and Name of Representative of Business Operato
Aoyama Oval Building 13F, 5-52-2 Jingumae, Shibuya-ku, Tokyo 150-0001, Japan
Representative Director/CEO: Chika Terada
Title, Office, and Contact Address of Personal Information Administrative Manager
CISO (Chief Information Security Officer) (Please refer to the contact details “Personal Information Complaints and Consultations Counter” at the bottom of this page.)
Purpose of Use on Acquiring Personal Information
In light of our service that requires personal information from customers and operates information management services for enterprise and individual users (“Service”), the purpose of use of personal information are set forth as follows:
(1) Customers’ personal information
(2) Provided personal information from customers
(3) Venders, suppliers, or business partners’ personal information other than above (1)
(4) Shareholders’ personal information
(5) Prospective employees’ personal information
(6) Our employees’ personal information
(7) Personal information of customers who contacted us（Including requests for information materials）
(8) Personal information of parties that participate in seminars, events, etc. and respond to questionnaires, etc.
(9) Publicly disclosed personal information (including information on directors, officers, employees, and shareholders of a corporation or other entities, which is disclosed or publicly announced by such individuals themselves or by such corporations or entities), personal information acquired from maps, publications, and magazines sold to the general public as well as information reported by news media (“Disclosed Information”)
Within the scope of achieving the Purpose of Use on Acquiring Personal Information as set forth in paragraph 3 above, the Company may entrust an outside contractor with the handling of personal information. In this case, the Company shall select and supervise such a contractor that is capable of the proper management of personal information in accordance with the standards of the Company, and the Company will conclude a nondisclosure agreement with the said contractor, which is necessary to ensure the safety of personal information.
Provision of Personal Information to Third Parties
Sharing of Personal Information
(1) Items of personal information to be shared
Such items of personal information acquired for “Purpose of Use on Acquiring Personal Information” set forth in Section 3 above may be shared between or among our subsidiaries.
(2) Scope of such sharing
Sansan Global Pte. Ltd.
Sansan Global Development Center, Inc.
(3) Purpose of use of such shared personal information
Same as those in Section 3 above, “Purpose of Use on Acquiring Personal Information”
(4) Name, trade name, address, and name of representative of person responsible for management of the said Personal Information
Aoyama Oval Building 13F, 5-52-2 Jingumae, Shibuya-ku, Tokyo 150-0001, Japan
Representative Director/CEO: Chika Terada
(5) Method of acquisition or provision
By telephone, facsimile, e-mail, or on the Internet
Measures Taken for the Safe Management of Personal Information
(1) Enactment of basic policy
Publication of a personal information protection policy that includes the observance and continuous enhancement toward the regulations of personal information protection laws
(2) Provision of regulations regarding the handling of personal information
Provision of internal regulations stipulating measures for each stage of acquisition, use, storage, provision, deletion/elimination, etc.
(3) Systematic safety management measures
(4) Human security control measures
(5) Physical security control measures
(6) Technical security control measures
(7) Understanding external environments
Safety control measures are implemented based on an understanding of the systems of personal information protection in Singapore and the Philippines where our subsidiaries are located. Regarding entrustment by the Company, the following measures, etc. (related to the Personal Information Protection Act (the “Act”), Article 28 (3)) are to be taken in the case that personal data is provided to a person that maintains the systems required to continuously implement the measures corresponding to the measures that should be taken by business that acquire personal information.
The Philippines, Myanmar, Vietnam, Bangladesh, and Thailand
Purpose of Use of Personal Information Subject to Disclosure*1
Same as Section 3 above, “Purpose of Use on Acquiring Personal Information.” Notwithstanding the foregoing, “Provided Personal Information from Customers” set forth in (2) shall not be included in Personal Information Subject to Disclosure.
Personal Information Subject to Disclosure: Notification of Purpose of Use, Request Fee Amount, and Request Procedures
(1) Request procedures for Personal Information Subject to Disclosure
The Company will accept such requests by telephone, postal mail, and e-mail. Upon receiving such a request, we will inform you in detail how to proceed. The party making the request shall provide identification documents in order for the procedures to be carried out.
(2) Request fee amount
For the notification and disclosure of Personal Information Subject to Disclosure, a request fee of JPY1,000 per request (JPY1,000/request) will be charged. In addition, depending on the details of the request, we may charge extra fees according to the amount of work a great deal of time is required for such disclosure. In this case, the party making the request will be provided with an estimated cost in advance.
Cautions Regarding the Provision and Input of Personal Information
The provision of information other than the required items is voluntary. However, in the case that such information is not provided, it may not be possible to provide an accurate response to any inquiries or questions, etc.
Acquisition of Personal Information in a Manner not Easily Recognizable by a Data Subject
Distribution Advertisements by Advertising-Related Businesses
(1) Purpose of Use
The Company may identify users of services held by advertising-related businesses by linking them to user lists, and may use the information for marketing analysis, provision of information, advertising, and proposal on the relevant services.
(2) Scope and Attribute of Provision
Advertising-related businesses to which the information is provided include the following.
Please refer to the respective links for information on the measures taken by each advertisement delivery service providers to protect personal information and the relevant foreign systems.
(3) Items of Personal Information to be provided
E-mail address, telephone number and other contact information
Acquisition of Personal Information for Integration with External Services
The Company integrates the Service with external services. Customer can choose to permit or restrict the integration of the Service with external services. When the customer permits an external service, information explicitly expressed to the external service is acquired by the Company for the provision of the Service.
Personal Information Complaints and Consultations Center
Sansan, Inc., Personal Information Complaints and Consultations Counter
Address: Aoyama Oval Building 13F, 5-52-2 Jingumae, Shibuya-ku, Tokyo 150-0001, Japan
Business Hours: Monday–Friday; 10:00 a.m.–4:00 p.m. JST excluding national holidays in Japan
[Access from the EU]
We have designated Enobyte GmbH as our EU representative pursuant to Art. 27 of GDPR.
For inquiries regarding privacy and rights, please contact the representative as below.
Contact details: Enobyte GmbH
Augustenstr. 49, 80333 Munich, Germany
TEL: +49 89 215 4774 -30
*1: “Personal Information Subject to Disclosure” is personal information comprising the aggregation of systematically organized information that can be searched using a computer, or the aggregation of systematically organized information that allows specific personal information to be searched with ease by organizing, classifying, indexing, and coding according to certain rules, for which the Company has the authority to respond to all requests from a Data Subject for the disclosure, correction, addition, or deletion of their own personal information and to suspend the provision of such personal information to third parties. Please feel free to contact the “Personal Information Complaints and Consultations Counter” for further information.
This document has been translated from the Japanese original for reference purposes only. In the event of any discrepancy between this translated document and the Japanese original, the original shall prevail.