Personal Information and Specific Personal Information Protection Policy
ediHAS recognizes that it is a serious social responsibility to protect the personal information and specific personal information of customers, users and company employees during the recruitment process. We have the following policies for protecting personal information and specific personal information, and state that we will strive to ensure that this information is properly handled company-wide.
１． Personal information and specific personal information shall be obtained and provided by appropriate means only to the extent required by the entrusted business, employee employment and personnel management. In addition, treatment and utilization beyond the purpose of the specific utilization is not carried out and measures are taken to ensure that this is done.
２． The Company shall, through education, audit and continuous improvement, take reasonable measures to protect unauthorized access to personal information and specific personal information, or the risk of loss, destruction, tampering and disclosure of personal information, and continuously improve the protection system for personal information and specific personal information.
３． Comply with laws, regulations and other rules applicable to personal information and specific personal information held by the Company.
４． The Company shall properly and promptly respond to questions and complaints concerning personal information and specific personal information.
５． Update personal information and specific personal information protection system timely and appropriately according to social needs, personal expectations and the latest IT technology trends, and make continuous improvement.
November 1, 2018 (enacted)
President Tetsuharu Kawabe
Handling of Personal Information and Specific Personal Information
Based on the “Personal Information and Specific Personal Information Protection Policy,” ediHAS Corporation will handle personal information and specific personal information, etc. used for its business as follows.
1.Purpose of use of personal information and specific personal information, etc.
(1)Personal information handled by the Company shall be acquired for the purpose of any of the following operations, and shall be handled appropriately within the scope of the purpose of use.
①Purpose of use of personal information acquired directly in writing
・Name of personal information Personal information of the customer
・Purpose of use Provision of clinical trial information to contracting companies based on the customer’s individual agreement.
・Name of personal information Personal information obtained from employees and applicants for employment
・Purpose of use Recruitment selection, personnel and labor management
・Name of personal information Personal information obtained through inquiries
・Purpose of use To respond to inquiries
②Purpose of use of personal information obtained by means other than directly in writing
・Name of personal information Personal information acquired in the course of contracted work
・Purpose of use Performance of contract in commissioned work, etc.
・Name of personal information Personal information acquired from employment agencies
・Purpose of use Recruitment and selection
(2) Specific personal information, etc. handled by the Company shall be processed appropriately within the scope of specific administrative work related to social security, tax and disaster countermeasures.
2．Provide personal information and specific personal information to third parties
(1)The Company will not disclose or provide personal information to third parties except for the purpose of conducting business and under the following circumstances ①～④
①The parties have given their consent
②As permitted by law, etc.
③When it is necessary to protect the life, body or property of a person and it is difficult to obtain the consent of that person
④ It is especially necessary to improve public health or promote the healthy growth of children, and it is difficult to obtain the consent of the parties concerned
(2)We may provide specific personal information, etc. only in cases falling under each item of Article 19 of the Numbering Act, and will not provide specific personal information in any other cases.
3．Joint use of personal information
In order to achieve the purposes of use stated in Section 1, we may share the personal information we have received with the following parties. In the event that the Company revises the “Purposes of Sharing Personal Data” or “Handling of Personal Data”, we will announce the content in advance.
(1) Services and subjects of joint use
Information on clinical trial results of subjects who applied for the study
(2) Items of personal data to be shared
Personal data entered at the time of member registration and information on the results of each clinical trial
(3) Scope of joint use
Companies and organizations that have entered into an outsourcing contract with us
(4) Purpose of joint use
Utilization of clinical trial results for product and service development projects
(5) Person responsible for management of personal data to be jointly used
Tetsuharu Kawabe, President, ediHAS K.K.
4．Management of consignors, etc.
In order to achieve the purposes of use as stated in Section 1, we may entrust personal information and specific personal information, etc. entrusted to us to consignors. We will ensure that the consignors handle and protect the information appropriately, and prohibit them from disclosing or providing the information to any third party or using it for any purpose other than those stated in Section 1.
5．Management of personal information and specific personal information, etc.
(1) All employees handle entrusted personal information under strict information management and operation based on thorough internal information management (limitation of access rights, internal education and awareness activities, etc.). In addition, with respect to specific personal information, etc., we limit the number of persons in charge of handling such information and handles such information appropriately in controlled areas and on controlled equipment.
(2) Regarding security on the Internet, we use the industry standard SSL (Secure Socket Layer) to encrypt data transmitted over the Internet to prevent interception.
6．Procedures for Inquiries, Disclosure, etc. of Personal Information and Specific Personal Information, etc.
(1) If the person or his/her representative requests the notification of the purpose of use, disclosure, correction, addition or deletion of content, suspension of use, deletion, or suspension of provision to a third party (hereinafter referred to as “disclosure, etc.”) of personal information or specified personal information, etc., the Company will respond to such request in good faith.
(2) When making an inquiry, we may confirm the identity of the person making the inquiry or his/her representative.
(3)If we are unable to confirm your identity as the person in question or his/her representative, we may not be able to respond to your inquiry or request for disclosure, etc.
(4) Requests for disclosure of personal information and specific personal information, etc., from the person in question or his/her representative, and our response to the disclosure of personal information will be responded to within a reasonable period of time.
【Procedure for disclosure, etc.】
(1) Please contact the following consultation desk by e-mail or telephone.
(2) Please fill in the required information on the “Application for Disclosure of Personal Information” form that will be sent to you.
(3) We will verify your identity based on the personal information in our possession.
(4) If the inquiry is made by a proxy, we will confirm the identity of the proxy with a letter of attorney and proof of seal impression. Please enclose this with the “Application for Disclosure of Personal Information”.
(5) Inquiries may be made by mail using the “Application for Disclosure of Personal Information.
(6)Personal information provided on the “Application for Disclosure of Personal Information” will be used to contact and verify the identity of the inquiring customer. It will not be used for any other purpose. The documents will be kept for one year after the response to the request for disclosure, etc. is completed, after which they will be destroyed.
The procedures for disclosure, etc., of specific personal information are the same as those described above, but from the perspective of compliance with the Number Law, the specific personal information protection administrator will make a determination as to whether disclosure is possible before disclosure is made.
＊The shipping costs for “Requests for Disclosure, etc.” and the method of collection .Please enclose 800 yen worth of postage stamps with your application.
7．Contact for disclosure, etc. of personal information or specific personal information, etc., and for complaints and consultation
If you have any questions regarding our handling of personal information or specific personal information, please contact our “Personal Information Protection Manager”.
Mailing: 〒 060-0051 Nichii Cultural House 3F, 5-7-10 Minami-ichijo Higashi, Chuo-ku, Sapporo, Hokkaido 060-0051, Japan
8．Authorized personal information protection organization
We are an authorized personal information protection organization under the Act on the Protection of Personal Information.
JAPHIC Mark Certification Organization, an accredited personal information protection organization under the Act on the Protection of Personal Information.
① Name of the authorized personal information protection organization: JAPHIC Mark Certification Organization
② Contact for complaint resolution: Personal Information Consultation Center
※This is not a contact for inquiries about our products or services.
＜Address＞ 〒103-00272F Niu Building, 1-17, Nihonbashi 2-chome, Chuo-ku, Tokyo , Japan
＜Telephone number＞ 03-6280-4859（weekdays10:30～12:00、13:
Personal Information Protection Manager, ediHAS K.K.