Personal Information Processing Agreement
Upon entering into this Agreement with the User, the Company shall handle the personal information entrusted to the User following the personal Information processing agreement (after this referred to as the "Regulations"). In connection with the User's entrustment of the Company to handle personal information upon entering into this Agreement with the User, the Company shall handle the entrusted personal information following the contents of the Personal Information Handling Regulations (after this referred to as "Regulations").
Article 1 (Definitions)
The definitions of terms used in these rules are as follows.
(1) Personal Information Databases, etc.
A collection of information containing personal information, which is listed below (excluding those specified by a Cabinet Order as being of negligible risk of harm to the rights and interests of individuals in terms of the method of use)
(a) Information that is systematically organized so that specific personal information can be retrieved using a computer
(b) In addition to what is listed in the preceding item, specified by a Cabinet Order as being systematically organized so that specific personal information can be easily retrieved.
(2) Personal Data
Personal information that constitutes Personal Information Databases, etc.
(3) Individual
A specific individual who is or may be identified by personal information
(4) Employees
A person who is engaged in the business of a business operator directly or indirectly under the direction and supervision of the business operations within the organization of the Company. This shall include employees in employment relationships (regular employees, contract employees, contract employees, part-time employees, etc.) and directors, executive officers, board members, auditors, inspectors, temporary employees, etc.
Article 2 (Obligation of Confidentiality)
1. We will not use, copy, reproduce, or process the personal information entrusted to us by the User (after this referred to as "the Personal Information") for any purpose other than the performance of the Services, without obtaining the prior written consent of the User. (after this referred to as the "Company") shall not use, copy, reproduce, or process the personal information entrusted to the Company by the User (after this referred to as the "Personal Information") for any purpose other than the performance of the Services without obtaining the prior written consent of the User.
2. We will not provide or divulge the Personal Information to any other party, except when delivering it to a subcontractor authorized by the User following Article 6 or when it is necessary to process the Business in question.
Article 3 (Prohibition of taking out)
We will not remove Personal Information from our business premises without the User's prior written consent, except when necessary to process the Business.
Article 4 (Prohibition of Use for Other Purposes)
We will not use the Personal Information for any purpose other than the purpose of this business.
Article 5 (Security Control Measures)
1. In performing the Services, following the Personal Information Protection Law and related laws and regulations, as separately stipulated by the Company, the Company shall take necessary and appropriate measures (after this referred to as "Security Control Measures") to prevent leakage, loss, or damage (after this referred to as "Leakage, etc.") of the Personal Information to the extent reasonably permissible. In performing this business, we will take necessary and appropriate measures for organizational, personnel, physical, and technical security control (after this referred to as "security control measures") to the extent reasonably deemed necessary to prevent leakage, loss, or damage (after this referred to as "leakage, etc.") of the personal information, following the Personal Information Protection Law and related laws and regulations. The Company will take necessary and appropriate measures for organizational, human, physical, and technical security management (after this referred to as "security management measures") to the extent reasonably deemed necessary to prevent the loss or damage (after this referred to as "leakage, etc.") of personal information.
2. If there are any changes in the separately stipulated items, we will promptly report such changes to the user.
3. If the User reasonably believes that the security control measures taken by the Company are insufficient, the Company and the User shall discuss the details of the security control measures, taking into consideration the content, scale, and compensation for the Services.
Article 6 (Recommissioning)
1. In the course of performing the Work in question, the Company may entrust (after this referred to as "Recommission") all or part of the handling of the Personal Information to a third party (after this referred to as "Recommissioner"). In the event of subcontracting all or part of the handling of Personal Information to a third party (after this referred to as "Subcontractor") in the course of performing the Business, we shall notify the User in writing of the subcontracting and the name and address of the Subcontractor in advance and obtain written consent from the User.
2. In the event of re-consignment, the Company shall impose on the re-consignee the same security control measures outlined in the preceding Article and other obligations equivalent to the Company's obligations outlined in these Rules and shall provide necessary and appropriate supervision.
Article 7 (Response to Incidents of Leakage, etc.)
1. If an incident at the time of the leakage of the personal information in question has occurred or is likely to appear, we will immediately report the incident to the user. At this time, the Company and the User shall take measures deemed reasonably necessary to prevent the expansion or recurrence of the incident.
2. In the case of the preceding paragraph, the measures to be taken by the Company and the User shall be determined upon consultation between the Company and the User, taking into consideration the state of implementation of security control measures, the state of infringement of rights and interests suffered by the individual due to the case, the content and scale of the issue, and other factors.
Article 8 (Compensation for Damages)
If an accident such as the leakage of personal information occurs for reasons attributable to the Company, and the User suffers damages, the Company shall be liable for compensation following Article 16.1 of these Terms of Use.
Article 9 (Return and Disposal of Personal Information)
1. Whenever the Services are terminated or at the request of the User, we shall, following the User's instructions, return to the User all of the Personal Information (including duplicates and copies thereof), or dispose of or delete such Personal Information in a manner that cannot be restored. (2) Whenever the Services are terminated, or at the User's request, we shall, following the User's instructions, return to the User, or dispose of or delete in an unrecoverable manner, all of the Personal Information (including duplicates and copies thereof).
2. Concerning the deletion or removal of personal information as described in the preceding paragraph, we will record the date of deletion or removal, the name and number of documents and data, and how the personal information was deleted or removed so that we can identify who and what kind of personal information was deleted or removed.
3. If we dispose of or delete the information as stipulated in Paragraph 1, we shall promptly deliver to the user a certificate of such disposal or deletion in writing as separately determined by us.
Article 10 (Responsible Person)
1. We will appoint a person responsible for the management of the handling of Personal Information and report to the User in the execution of this work.
Article 11 (Supervision and Training of Employees)
1. In the performance of this business, we will clarify the scope of employees who will be engaged in the affairs of handling the personal information in question and report to the user, and then provide necessary and appropriate supervision and education to such employees (after this referred to as "person(s) in charge of handling"). We will provide necessary and appropriate supervision and education to such employees (after this referred to as "Personnel in Charge of Handling").
2. We shall make the Personnel in Charge of Handling assume the obligation to maintain the confidentiality of the Personal Information.
3. When a person in charge of handling retires, we will require the person in charge of handling to return or destroy all Personal Information obtained while in office or employment, including requiring the person in charge of handling to submit a written pledge regarding confidentiality obligations after retirement, and will take measures deemed reasonably necessary to prevent leaks, etc.
Article 12 (Responsibility to the Individual, etc.)
1. The User shall ensure that the Personal Information has been appropriately obtained and shall be responsible to the individual for entrusting the handling of the Personal Information to the Company.
2. If we receive a request for disclosure, correction, addition, or deletion of Personal Information from the individual concerned, or a request from a third party other than the individual concerned, such as a government agency or judicial agency, we shall promptly notify the user of such request. In such cases, we are under no obligation to respond directly to the request or request of the person or any third party other than the person in question. The user shall respond to such request or request at his/her responsibility and expense.
Article 13 (Reporting and On-Site Investigation)
1. We will report to the User on the implementation of the security control measures and compliance with the Rules every year after the date of execution of this Agreement, following the contents and methods separately stipulated by us.
2. To the extent necessary to confirm the implementation of security control measures, the User may request, upon prior written notice, that we accept an on-site inspection. In such cases, we shall comply with the User's request, except when there is a justifiable reason, such as when it would interfere with the operation of our business.
3. In conducting the investigation outlined in the preceding paragraph, the Company will request the User to conclude a non-disclosure agreement that stipulates confidentiality obligations regarding the Company's trade secrets (meaning the trade secrets defined in Article 2, Paragraph 6 of the Unfair Competition Prevention Law). be able to.
4. If the User is required to enter a business or other facility of the Company for the investigation described in Paragraph 2, the User shall comply with the Company's prescribed rules regarding entry and exit from such facility.
5. If we deem that the investigation by the User under Paragraph 2 exceeds the expected scope, we may, upon consultation between the two parties, charge the User the costs incurred by us for accepting the investigation.
6. If we receive a report from a subcontractor regarding the status of implementation of security control measures and compliance with these Rules, we shall promptly make such a report to the User. In this case, if the User reasonably believes that the Company's supervision of the sub-consignee is insufficient, the User may provide guidance, etc. to the sub-consignee.
Established February 22, 2022
Little Help Agency LLC
Otemachi Building 2F, 1-6-1 Otemachi, Chiyoda-ku, Tokyo, 100-0004, Japan