Handling of Personal Information

Handling of Personal Information

Table of Contents

  1. Basic Approach
  2. Provision of Personal Information to Third Parties through Opt-Out Procedures
  3. Handling of Personal Information of Persons Located in the European Economic Area (EEA)

 

1. Basic Approach

FRONTEO, Inc. and its subsidiaries and affiliates (hereafter referred to as “the Company”) recognize the importance of personal information and Individual Numbers, and have implemented the following measures for the handling of information.

  • We assign a manager to each department that handles personal information and Individual Numbers to properly manage such information.
  • We will acquire personal information by legal and fair means only with the consent of the individual and only to the extent necessary to achieve the purpose of the acquisition.
  • We will handle personal information only within the scope of the following purposes of use. Please refer to "Provision of Personal Information to Third Parties through Opt-Out Procedures" below regarding the use of personal information through opt-out procedures.

  1. Purpose of use of personal information obtained by means other than directly in writing

      (1) To properly perform outsourced work in the event that such work is outsourced.

      (2) Personal information of applicants for employment obtained via job sites
            a. To contact those who wish to receive information regarding recruitment and for employment selection

      (3) To authorize the following contractors to whom personal information management is entrusted to use such information within the scope stipulated in the terms and conditions of use of the service

 

  1. Purpose of use of personal information subject to disclosure
    (1) Personal information of customers
          a.To provide, bill, and pay for products and services for which we have received orders
          b. To send and collect information, support, and questionnaires regarding our products and services
          c. To send gifts for campaigns, etc.
          d. To confirm your identity and respond to inquiries

    (2) Personal information of business partners
         a. To contact regarding transactions, etc.
         b. To confirm identity and respond to inquiries

    (3) Personal information related to inquiries, complaints, etc.
         a. To confirm the contents of inquiries and complaints to the Company, and to respond

    (4) Personal information of shareholders
         a. To ensure the exercise of rights as a shareholder, to contact and to send IR materials

    (5) Personal information of applicants for employment and employees (including temporary employees and retired employees)
         a. To contact those who wish to receive information regarding recruitment and for employment selection
         b. For personnel and labor management and welfare benefits for employees

    (6) For other purposes agreed to in advance by the person concerned


However, this shall not apply in the case of i through iv below.

i. When required by law
ii. When it is necessary for the protection of the life, body, or property of the person concerned or a third party, and it is difficult to obtain the consent of the person concerned
iii. When there is a risk of significant hindrance to the proper conduct of our business
iv. When it is particularly necessary to improve public health or to promote the sound growth of children, and it is difficult to obtain the consent of the person concerned.

  • Individual Numbers will be used and provided only within the scope of use stipulated by laws and regulations and by third-party organizations designated by laws and regulations, and only after obtaining the information by legal and fair means. However, this shall not apply in the following cases v to vi.

ⅴ. To make monetary payments by financial institutions in the event of a catastrophic disaster, etc.
vi. When it is necessary to use Individual Numbers for the protection of a person's life, body, or property.

  • If we change the purpose of use of personal information, we will notify the person concerned or publicly announce the changed purpose of use (except in the case of i through iv above).

  • We will never disclose or provide personal information to third parties outside of our company without the consent of the person concerned (except in the case of i through iv above).

  • We will not share your personal information with any third party outside of our company without your consent.

  • In order to provide better service to our customers, we may outsource some of our operations and entrust personal information and Individual Numbers to a subcontractor. In this case, we will select a contractor that meets sufficient security standards, conclude an information protection agreement with the contractor, and thoroughly manage and supervise the contractor. The same measures will also be taken in the unlikely event that the business is re-consigned.

  • We use the services of the following contractors to manage personal information. Depending on the terms of use of the outsourced service, there is a possibility that personal information may be used for purposes such as improvement and development of the outsourced service/system, redisclosure to outsourced group companies, or for other purposes specified in the terms of use. If you do not wish your personal information to be used for any of the following services, please refer to the next section and follow the procedures to stop the provision of your personal information to third parties. If you do so, we will stop providing your personal information to the third party and take appropriate measures such as deletion of your personal information as soon as possible.
    1. Adobe (Please refer to the following URL for Terms of Service)
      https://www.adobe.com/content/dam/cc/jp/legal/terms/enterprise/pdfs/GeneralTerms-JP-2020v1.1.pdf
    2. Salesforce (Please refer to the following URL for Terms of Service)
      https://www.salesforce.com/jp/company/legal/sfdc-website-terms-of-service/

  • We will respond to requests for disclosure, correction, addition, deletion, suspension of use or elimination, or suspension of provision to third parties (hereinafter referred to as "disclosure, etc.") of retained personal data from the person in question or his/her representative. To make a request for disclosure, etc., please specify the subject of the disclosure, etc. and submit your request via the following request method.

<How to request disclosure of personal information>

Persons who may request disclosure, etc.

The person himself/herself, legal representative, and voluntary representative

Reception Method

Please prepare the required documents and mail them to the request address.

Necessary documents

(1) Request Form for Disclosure, etc. (Any format is acceptable. The contents of the request, name, address, and telephone number are required items.)

(2) Identification documents (a copy of one of the following documents: driver's license, resident certificate, passport, or other document issued by a public institution)

If the request is made by a voluntary representative or legal representative, the following documents must also be attached

(3) Documents confirming authority of representation

<Legal representative> A copy of the family register or other document that confirms the right of legal representation

<Voluntary representative> A letter of attorney (with the applicant's seal) and a certificate of seal registration (issued within the last 3 months)

(4) Identification documents of the representative (a copy of one of the following documents: driver's license, resident certificate, passport, or any other document issued by a public institution).

Fee

Free of charge (however, the cost of mailing the documents for the request for disclosure, etc. shall be borne by the person making the request)

Billing address (e.g. credit card)

Meisan Takahama Building, 2-12-23 Konan, Minato-ku, Tokyo 108-0075, Japan
FRONTEO Corporation Personal Information Manager

Other precautions

<Regarding documents confirming identity and authority of proxy>
If there is any information on the applicant's legal domicile or medical records, please cross out such information before sending the documents.

<If we are unable to comply with disclosure, etc.>
We will not be able to respond to your request for disclosure, etc. in the following case. Please note that we will clearly notify the reason why we cannot respond to a request.
 

(i) Where the identity of the person making the request for disclosure, etc. cannot be confirmed as the individual or his/her representative with respect to the retained personal data
(ii) Where the subject of the request for disclosure, etc. does not fall under the category of retained personal data
(iii) Where there is a risk of harm to the life, body, property, or other rights or interests of the individual concerned or a third party
(iv) When there is a risk of causing significant hindrance to the proper conduct of our business
(v) If it would violate other laws and regulations, etc.


<Purpose of use of personal information obtained in connection with a request for disclosure, etc.>

Personal information obtained in connection with a request for disclosure, etc. shall be handled only to the extent necessary for disclosure, etc.
Documents submitted will not be returned.
After the response to the request for disclosure is completed, the information will be properly managed and disposed of.

 

  • In order to ensure the accuracy of the content of personal data, we will make every effort to keep personal information and Individual Numbers accurate and up-to-date within the scope of the purposes of use.
  • We will comply with all applicable laws and regulations regarding personal information and Individual Numbers held by us, and will review and improve our handling of personal information as appropriate, including strengthening our internal security control measures.
  • For complaints or consultations regarding the handling of personal information and Individual Numbers, please contact:


In addition to personal information and Individual Numbers, we also handle other important information about our customers. Because we handle such important information, we have implemented the following measures.

  • Regarding the establishment and operation of our dedicated data analysis laboratory, we limit the number of persons within the company who are authorized to enter and exit the laboratory.
  • We have installed a system that requires vein authentication when entering and exiting our dedicated data analysis lab, and logs are kept for each person whose fingerprints are registered.
  • Low-light surveillance cameras are installed in our dedicated data analysis lab to record and store all entry and exit from our dedicated data analysis lab, as well as access to analysis PC booths and servers, 24 hours a day.
  • We use our forensic hardware on all PCs in our company to acquire and preserve data in HDDs on a regular basis.
  1. Provision of Personal Information to Third Parties through Opt-Out Procedures

We will provide personal information to third parties through opt-out procedures only within the scope of the following purposes of use.

  • Purpose of use for provision to third parties
    For the purpose of risk compliance research such as risk analysis in the supply chain, research on academic research, research on public policy, and research on product development and research, we will provide information on the relationship between the subject researcher and the organization, etc. to which the researcher belongs or participates and other researchers and organizations. In addition, when providing information on papers, we will provide information on the authors associated with such papers.

  • Parties to which information is provided
    Government and municipal offices, educational institutions, private companies (companies involved in the procurement and distribution of goods, pharmaceutical-related companies, and companies that own or use R&D functions), and other corporations and individuals who request analysis and surveys from us.

  • Source of information
    Internet-based article search and publication websites, etc. (limited to websites that publish author information and articles with the consent of the author(s) of the article).

  • Information processing methods
    In order to maintain the information held and managed in our database, we check and compare the information we already have with the newly acquired information, and perform updating processes such as correcting changed data and adding new data. This includes, for example, the process of collating the names of people and organizations that have different names, and unifying them into the same name.

  • Appropriate acquisition of information
    Personal information is obtained in an appropriate manner in accordance with the Personal Information Protection Law guidelines set forth by the Personal Information Protection Commission.

  • Items of personal data provided to third parties
    Title of paper, name of author(s), organizational affiliation, country/region of affiliation, email address
  • Method of provision to third parties

(1) By email
(2) By optical disk, paper, or other media
(3) Through services on the internet that can be viewed only by subscribing users.

  • Stopping the provision of information to third parties

We will stop providing your personal information to third parties upon your request by mail or email contact.

  1. Handling of Personal Information of Persons Located in the European Economic Area (EEA)

    In addition to our "Handling of Personal Information" policy, the "Handling of Personal Information of Persons Located in the European Economic Area (EEA)" (hereinafter referred to as the "Handling Policy") applies to the processing of personal information of data subjects located in the European Economic Area (EEA), to which the European General Data Protection Regulation (GDPR) applies. The contents of the former policy will be applied in addition to the "Handling of Personal Information". In the event of any conflict between the provisions of the former and the latter, the provisions of the latter shall prevail.
  1. Terminology

    The definitions of the terms used in this Handling Policy are as follows.
  • Applicable privacy laws
    Applicable privacy laws, including the EU General Data Protection Regulations (GDPR) and related laws implemented nationally.

  • EEA
    Member states of the European Union and countries under the European Economic Area (EEA) Agreement.

  • Our company
    FRONTEO, Inc.
    Meisan Takahama Building, 2-12-23 Konan, Minato-ku, Tokyo

  • Personal data
    Information that may identify, directly or indirectly, by reference to an identifier, such as a name, identification number, location data, or online identifier, or by reference to multiple elements, an identified or identifiable natural person (hereinafter referred to as "Site User").

  • Processor
    Any natural or legal person, public institution, department, or other organization that handles personal data on behalf of the Administrator.

  • Administrator
    A natural person, legal entity, government authority, or other person who, alone or jointly with others, determines the purposes and means of processing personal data.

  • Third party
    Any natural or legal person, public authority, department, or other organization other than the Site User, the Administrator, the Processor, and any person authorized to handle personal data under the direct authorization of the Administrator or the Processor.

  • Processing limitations
    Marking personal data stored in records in order to limit its future processing.

  • Processing
    To collect, record, edit, compile, compose, record-keep, modify, alter, retrieve, reference, use, transmit to disclose, distribute, or otherwise make available, arrange or combine, restrict, erase, or destroy personal data or a group of personal data, whether by automatic means or otherwise, including, but not limited to the performance of a task or group of tasks carried out on personal data or a group of personal data.

  • Profiling
    Automatic processing of personal data, in any form, consisting in the use of personal data to evaluate certain personal aspects associated with natural persons, in particular to analyze or predict aspects related to the business performance, economic status, health, personal preferences, interests, reliability, behavior, location, and mobility of such natural persons.

  • Consent of the person in question
    Refers to a freely given, identified, prior, unambiguous indication of the intention of the Site User, whereby the Site User expresses his/her consent to the processing of personal data relating to him/her by means of a statement or a clear positive act.

  • Our website
    https://www.fronteo.com/

  1. Scope of the Handling Policy

    a. Individual use of our website and the processing of personal data via our website, to which the applicable privacy laws apply. The Administrator of such processing is our company.
    b. Our website may contain third-party information (e.g., hyperlinks, banners, etc.). We do not control such third-party information and are not responsible for the compliance of such third parties with applicable privacy laws. We encourage you to carefully read the privacy policies of any third-party websites you visit.

  2. The purposes for which we use the personal data we obtain and retain and the basis for lawful treatment in accordance with the EU General Data Protection Regulation (GDPR) are as follows.

    a. Business partners: For transactions with us and related communications. Based on the person's consent (Art. 6(1)(a) GDPR) or legitimate interests (Art. 6(1)(f) GDPR)
    b.To respond to inquiries from the person in question. Based on the person's consent (Article 6(1)(a) GDPR) or legitimate interests (Article 6(1)(f) GDPR)

  3. Personal data to be collected
    We may collect the following personal data from users of the website.

    a. Name and address
    b. Email address
    c. User name and password
    d. IP address
    e. Cookies
    f. Information on employment, resume

    We do not collect sensitive personal data such as passport information or health data through our website except as required by applicable privacy laws.

  1. Purpose of data processing
    We collect personal data when any of the following actions are taken by users of our website. We process personal data only in accordance with applicable privacy laws as described in this Handling Policy.

    a. When registering on our website
    b. When applying for employment through our website
    c. When using our website for other purposes.

    We collect and process personal data only for the purposes described below.

    d. Customers and business partners: To execute contracts or to respond to requests from users of our website prior to the conclusion of a contract.
    e. Customer service: To respond to inquiries about products and services, to provide important information, and to respond to complaints.
    f. Marketing: To provide various information on our products, services, and events, to conduct surveys, and to send gifts for campaigns, etc.
    g. Shareholders: To ensure the exercise of rights as a shareholder, to contact and respond to inquiries, and to send IR materials.
    h. For applicants for employment: To contact those who wish to receive information regarding employment and for employment selection.


    6. Third country transfer

When we provide personal data to our companies, contractors, or subcontractors, it may involve transfers outside of the EEA. We will only transfer personal data to third parties located outside the EEA if at least one of the following applies

a. Transfers to countries where the European Commission has certified that the level of protection of personal data is adequate (Article 45 GDPR)
b. Transfers to a contractual partner with whom a data transfer agreement containing standard contractual clauses specified by the European Commission has been concluded (Article 46(2) GDPR)
c. Transfers that fall under the exceptions set forth in Article 49(1) of the GDPR

 

      7. Retention period

We will store personal data for an appropriate period of time as stipulated by the relevant laws and regulations. After the retention period, personal data that is no longer required to be handled will be appropriately erased in accordance with internal regulations.

  1. Change of registration information

    When we receive a request for disclosure, correction, addition, deletion, suspension of use, or erasure of personal data, we will respond to the request in an appropriate manner after confirming that the person making the request is the person in question or a person authorized by the person in question.

    (Handling of personal information described in <How to request disclosure of personal information>)
    These requests and other inquiries related to personal data will be accepted by each point of contact in charge. If you do not know who the point of contact in charge is, please contact us at the following address.

    In addition to the requests for the items listed above, EEA residents may also make the following requests with respect to their own personal data.
  • Disclosure (access)
  • Amendment
  • Elimination
  • Restrictions on handling
  • Data portability
  • Objection
  • Withdrawal of consent
  1. Filing an objection with the supervisory authority
    If you are located in the EEA, you have the right to appeal against the processing of your personal data to the relevant supervisory authority (which can be found at the following URL)
     http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
  1. Contact information of the Data Protection Officer
Meisan Takahama Building,
2-12-23 Konan, Minato-ku, Tokyo 108-0075, Japan
FRONTEO Personal Information Manager
Email address