Established: July 1, 2019 Revised: December 12, 2024
NCS Co., Ltd. (hereinafter referred to as "the Company") recognizes the importance of personal information and data handled in its business activities and establishes the following basic policy to ensure their appropriate protection and management.
The Company recognizes the importance of collected information that can identify individuals (hereinafter referred to as "Personal Information") and hereby establishes the following policy for its appropriate protection and management. The Company shall comply with applicable laws and regulations and strive to protect personal information.
(1) Collected Personal Information shall be used within the scope of the following purposes and only to the extent necessary for business operations. Any use beyond the purposes listed below shall be explicitly indicated in advance:
Responding to inquiries and consultations
Conducting business activities
Delivering deliverables
Processing payments and billings
Providing information regarding training sessions and similar events
Conducting sales activities
Conducting surveys
Creating analytical data that cannot identify individuals
Purposes explicitly stated at the time of Personal Information collection
(2) Collected Personal Information shall not be disclosed to third parties without the prior consent of the individual.
(3) The Company shall strive to maintain appropriate management to prevent the leakage of collected Personal Information.
(4) When outsourcing the handling of Personal Information, the Company shall conclude the necessary contracts with contractors to ensure proper management and supervision, and shall implement other legally required measures.
(5) When policy revision becomes necessary due to legal amendments or other circumstances, the Company shall conduct reviews and strive to adapt to such changes.
(6) The Company shall appropriately respond to requests from individuals for the disclosure and correction of their information.
(7) Personal Information shall be maintained accurately and kept up-to-date within the scope necessary for achieving its purpose of use, and shall be promptly disclosed or corrected within a reasonable range in response to requests from the individual.
The Company deeply recognizes the importance of data provided by business partners and manufacturers, as well as deliverables including reports and results created by the Company (hereinafter referred to as "Data, etc."), and shall implement appropriate protection and operation based on the following policy.
(Note) In this policy, the term "Applicant" includes both applicants and clients.
(1) Handling of Data, etc.
Data, etc., shall be handled appropriately within the scope of business transaction purposes.
Data, etc., shall not be used for other purposes without permission from the data owner.
Data, etc., shall not be disclosed or presented to parties other than the provider and agreed-upon parties, except as required by law.
Consultations and confirmations regarding Data, etc., shall adhere to the following principles:
When provided directly by the Applicant, communications shall be conducted through the Applicant.
When provided directly by entities other than the Applicant (such as manufacturers), communications shall be conducted only through the provider.
When provided through an agent (including cases where Applicants act as agents for other entities), communications shall be conducted only through agents verified by a letter of authorization or similar document from the Data, etc., provider.
Under no circumstances shall direct Data, etc., exchange or consultation occur with business partners other than those designated by the Data, etc., provider or a legitimate agent.
The Company shall appropriately respond to any requests regarding Data, etc., handling from Applicants or other entities (such as manufacturers) who provided the Data, etc.
In cases where disputes arise between Applicants and other entities regarding Data, etc., ownership or usage rights, such disputes shall be resolved between those parties. The Company shall not be involved in such disputes. Furthermore, the Company shall suspend both the use of the relevant Data, etc., and the application review process until resolution is confirmed.
When questions arise regarding Data, etc., ownership or usage rights, the Company may conduct confirmations and inquiries with Applicants or other entities. If the Company determines there is a dispute over Data, etc., ownership or usage rights based on such confirmation or inquiry, both the use of the relevant Data, etc., and the application review process shall be suspended until resolution is confirmed.
(2) Information Management System
An Information Management Officer shall be appointed to implement appropriate access rights management.
Appropriate security measures shall be implemented to prevent unauthorized access, information leakage, tampering, and destruction.
(3) Response to Information Leakage or Improper Use
Prompt reporting to relevant parties.
Implementation of emergency measures to prevent further damage.
Development and implementation of preventive measures.
The Company shall thoroughly communicate this policy to all employees. Additionally, we shall review and improve this policy as necessary.
December 12, 2024 NCS Co., Ltd.
【Revision History】
December 12, 2024: Clarified expressions regarding the protection of data provided by customers.
July 1, 2019: Initial version