The Company, upon entering into the Contract with the User based on this Regulations, shall handle the entrusted personal information from the User based on the contents stipulated in the personal information processing regulations (hereinafter referred to as these “Regulations”).
Article 1 (Definitions)
The definitions of terms in these Regulations shall be as defined in the following items:
(1) Personal Information Database, etc.
A collection of information that includes personal information, shall consists of the following (excluding those specified by Cabinet Order as posing little risk to the rights and interests of individuals):
(a) Those systematically organized to enable the search of specific personal information using electronic computers.
(b) Those, other than the ones mentioned in the previous item, stipulated by Cabinet Order as systematically organized to enable easy search of specific personal information.
(2) Personal Data
Personal information that constitutes a personal information database, etc.
(3) The Individual
A specific individual who is identified or identifiable through personal information.
Anyone within the organization of the Company who is directly or indirectly under the control and supervision of the Company and engaged in the Company’s Services. This includes not only employees in an employment relationship (regular employees, contract employees, advisory employees, part-time employees, temporary staff, etc.), but also directors, executive officers, trustees, auditors, supervisory board members, dispatched staff, etc.
Article 2 (Duty of Confidentiality)
- The Company shall not use, copy, duplicate, or modify the personal information entrusted by the User for the execution of the Company’s Services (hereinafter referred to as “personal information”) for purposes other than the execution of the Company’s Services, without prior written consent from the User.
- Except where provided to the re-entrusted party approved by the User under Article 6 or in case necessary for the execution of the Company’s Services, the Company shall not disclose or leak personal information to others.
Article 3 (Prohibition of Taking Out)
The Company shall not take out personal information from the premises of the Company, except in case necessary for processing the Company’s Services, without prior written consent from the User.
Article 4 (Prohibition of Use for Other Purposes)
The Company shall not use personal information for purposes other than those of the Company’s Services.
Article 5 (Safety Management Measures)
- In executing the Company’s Services, the Company shall take organizational, human, physical, and technical safety management measures (hereinafter referred to as “safety management measures”) as judged reasonably necessary and appropriate within the scope recognized as reasonable for the prevention of leakage, loss, or damage (hereinafter referred to as “leakage, etc.”) of personal information, in accordance with the Personal Information Protection Law, related laws and regulations, and as separately stipulated by the Company.
- In case there are changes to the matters separately stipulated, the Company shall promptly report these changes to the User.
- In case the User reasonably judges the safety management measures taken by the Company to be insufficient, the Company and the User shall discuss the contents of the safety management measures, taking into consideration the content, scale, and compensation fees of the Company’s Services.
Article 6 (Re-entrustment)
- In the execution of the Company’s Services, in case the Company re-entrusts all or part of the handling of personal information to a third party (hereinafter referred to as the “re-entrusted party”), the Company shall inform the User in written form in advance about the intention to re-entrust, including the name and address of the re-entrusted party, and obtain the User’s written consent.
- In case re-entrusting, the Company shall impose on the re-entrusted party obligations equivalent to those stipulated in the preceding article and other obligations under these Regulations and shall conduct necessary and appropriate supervision.
Article 7 (Response to Leakage Incidents)
- In case an incident of leakage of personal information occurs, or there is a possibility of such an incident, the Company shall immediately report this to the User. In this event, both the Company and the User shall take measures deemed reasonably necessary to prevent the expansion or recurrence of the incident.
- In the case of the preceding paragraph, the measures to be taken by the Company and the User shall be determined after discussion between both parties, taking into account the implementation status of the safety management measures, the extent of infringement of rights and interests of the individual due to the incident, and the content and scale of the incident.
Article 8 (Damage Compensation)
The Company shall be responsible for compensating damages in accordance with Article 16, Paragraph 1 of this Agreement, in case it causes incidents such as leakage of personal information, etc. due to reasons attributable to the Company resulting in damage to the User.
Article 9 (Return and Disposal of Personal Information)
- In case the Company’s Services ended, or at any time upon the User’s request, the Company shall return all personal information (including any copies and duplicates thereof) to the User or dispose of or delete it using non-restorable means, following the User’s instructions.
- The Company shall record the date of disposal or deletion, the name and number of documents or data, and the method used, to ensure that the disposed of or deleted personal information, including the individual to whom it pertains can be identified.
- In case the Company has carried out the disposal or deletion as mentioned in Paragraph 1, the Company shall issue a certificate to the User, stating that the disposal or deletion has been carried out, in a form separately stipulated by the Company, and provide it promptly.
Article 10 (Responsible Person)
The Company shall designate a manager responsible for handling personal information in the execution of the Company’s Services and report this to the User.
Article 11 (Supervision and Education of Employees)
- In the execution of the Company’s Services, the Company shall clearly define the scope of employees involved in handling personal information and report this to the User and shall conduct necessary and appropriate supervision and education of these employees (hereinafter referred to as “handling personnel”).
- The Company shall impose a duty of confidentiality regarding personal information on the handling personnel.
- In case handling personnel leave the Company, the Company shall require them to submit a pledge regarding confidentiality obligations post-employment and obligate them to return or destroy all personal information they came to know during their tenure or employment, and shall take measures deemed reasonably necessary to prevent any leakage, etc.
Article 12 (Responsibilities to the Individual)
- The User guarantees that personal information has been appropriately acquired and assumes responsibility towards the individual for entrusting the handling of personal information to the Company.
- In case the Company receives a request from the individual for disclosure, correction, addition, or deletion of personal information, or in case it is requested by administrative or judicial authorities, or any third party other than the individual, to provide personal information, the Company shall promptly notify the User. In such cases, the Company is not obligated to directly respond to the requests or demands of the individual or any other party, and the User shall handle the response at their own responsibility and expense.
Article 13 (Reporting and On-site Inspection)
- The Company shall report to the User at intervals of one year from the date of the contract execution on the implementation status of the safety management measures and the compliance status with these Regulations, in accordance with the content and method separately stipulated by the Company.
- The User may request to conduct an on-site inspection of the Company, to the extent necessary to verify the implementation status of the safety management measures, by giving prior written notice. In this case, the Company shall comply with the User’s request unless it impedes the operation of the business or there is another valid reason.
- During the inspection mentioned in the preceding paragraph, the Company may request the User to sign a non-disclosure agreement concerning the Company’s trade secrets (as defined in Article 2, Paragraph 6 of the Unfair Competition Prevention Act).
- In case the User needs to enter the Company’s premises for the inspection mentioned in Paragraph 2, the User shall comply with the Company’s rules and regulations concerning entry and exit.
- In case the Company judges that the inspection by the User as mentioned in Paragraph 2 exceeds the expected scope, the Company may charge the User for the costs incurred in accepting the inspection, after discussion between both parties.
- In case the Company receives a report from the re-entrusted party about the implementation status of the safety management measures and the compliance status with these Regulations, it shall promptly report to the User. In this case, when the User reasonably deems that the Company’s supervision over the re-entrusted party is insufficient, the User may give instructions or guidance to the re-entrusted party.
Established on February 22, 2022
Little Help Agency LLC
2nd Floor, Otemachi Building, 1-6-1
Otemachi, Chiyoda-ku, Tokyo 100-0004