1. Name, address, and representative of the Company
Shibuya-ku, Tokyo 150-6033
President, CEO & CCO: Yuzo Tanaka
2. Scope of application
This policy shall be applied to personal information handled by the Company.
3. Acquisition and use of acquired personal information
When acquiring personal information, the Company shall clearly specify the purpose of use in advance and shall acquire such information from individuals by appropriate and lawful means. The Company shall use personal information to the extent of achieving the initially intended purpose. If the purpose of use changes, the Company shall notify of disclose this, or obtain prior consent from individuals who provide the Company with their personal information.
4．Types of acquired personal information, method of acquisition, and purpose of use
Types of acquired personal information, method of acquisition, and purpose of use are as follows: See "Data Policy for Online Advertising" for handling of Internet user data utilized in ad and other services operated by the Company and its subsidiaries.
1. The Company shall acquire the following types of personal information:
(1) Name, address, and contact details (telephone number, email address)
(2) Occupation, name of company or affiliated organization, and age
(3) Login information (ID, password) and other information necessary for the Company to provide its services
(4) Personal information obtained from transaction parties for outsourced operations
(5) Other information acquired for the purpose of use
2. The Company shall acquire personal information primarily through the following ways:
(1) Through Company-prescribed input forms used to introduce or deliver a service, to conduct a survey, or to submit an inquiry
(2) Through the stock transfer agency of the Company
(3) Provided by applicants during recruitment activities or by the employment agency that supports the Company with recruitment activities, or by the employees after being employed
(4) Provided by transaction parties for outsourced operations
3. The Company shall use personal information for the following purposes:
(1) Personal information provided by customers and transaction parties shall be used:
- To provide services, to contact customers, to implement agreements or contracts, to manage other administrative matters, to improve and enhance the services the Company provides
- To introduce services, to provide information of events, seminars, and other matters
- To verify the customer, for personal authentication
(2) Personal information provided by customers related to inquiries and other shall be used:
- To accurately access the nature of the inquiry, provide a response to the inquiry, to send requested reference materials, etc.
- To improve customer service
(3) Personal information provided by shareholders shall be used:
- To prepare a registry of shareholders and manage other shareholder matters in accordance with the Companies Act and related laws.
- To provide shareholders with information, materials, and other services.
(4) Personal information provided by management executives, employees, temporary employees, and others shall be used:
- To manage personnel and labor management matters and to provide welfare services.
- To prepare documents in accordance with the Companies Act and other laws and regulations
(5) Personal information provided by recruitment applicants (including internships) shall be used:
- To provide applicants with information regarding interviews, interview results, and other matters
(6) Personal information provided by transaction parties for outsourced operations shall be used:
- To execute contracted work to conduct surveys, analyses, and other duties related to campaigns, events, study sessions, seminars, ad deliveries, and marketing.
5．Provision of personal information to third parties
The Company shall not provide personal information to a third party in principle unless otherwise specified as follows:
(1) With prior consent of the individual concerned
(2) When required by laws and regulations
(3) When necessary for the protection of a person’s life, body, or property and when it is difficult to obtain consent of the individual concerned
(4) When specifically necessary for the improvement of public health or for the sound growth of children and when it is difficult to obtain the consent of the individual concerned
(5) When necessary to cooperate with a national or local government organization, or a business operator entrusted by such an organization to execute affairs prescribed by laws and regulations and in which obtaining the consent of the individual concerned would likely impede the execution of such affairs.
6. Security control measures
The Company shall put into place security control measures that are necessary and appropriate to prevent the leakage, loss, damage or other of personal data. In addition, the Company will provide necessary and appropriate supervision of employees and contracted parties (including subcontractors and others) who handle personal data.
1. Formulation of a basic policy
To ensure the appropriate handling of personal data, we shall strictly abide by the Personal Information Protection Law and related laws (including guidelines) and have formulated this policy (hereinafter, this Policy) to designate the handling party for complaints and other matters.
2. Adherence to strict protocols in the handling of personal data
The methods, persons responsible, persons in charge, and the duties related to the handling personal data are formulated in the Personal Information Handling Rules.
3. Organizational security control measures
(1) In addition to assigning an administrative manager in charge of handling personal data, the Company has clearly defined the scope of personal data that employees and other relevant workers may handle. In the event of a violation or suspected violation of the Personal Information Protection Law and Personal Information Protection Regulations, the Company has put in place a reporting system to the administrative manager.
(2) In addition to assigning the division manager to conduct necessary and appropriate audits regarding the handling status of personal data, the Company implements audits by other divisions or external parties.
(3) The organization has acquired certification that it complies with international standard ISO/IEC 27001:2013 (JIS q 27001:2014), which outlines the requirements to build an ISMS (information security management system).
4. Human security control measures
(1) The Company holds regular seminars for employees regarding the handling of personal data.
(2) The Company obtains written oaths regarding the confidentiality of personal data.
5. Physical security control measures
(1) In addition to monitoring when employees enter and exit the office and placing restrictions on what equipment they are permitted to use, we have put in place measures to prevent browsing of personal data by unauthorized people.
(2) We have taken measures to prevent the theft or loss of equipment, digital media, documents, and other items that contain personal data.
6. Technological security control measures
(1) We restrict access to personal information as well as the scope of information contained in the personal information database and other.
(2) We have implemented mechanisms to protect our personal data information system against unauthorized access and unauthorized software from outside parties.
7. Understanding the external environment
We implement security control measures with an understanding of the personal information protection systems in the overseas countries where the personal data is stored.
Currently, the Company stores personal data overseas utilizing cloud services provided by Box, Inc. This company has acquired APEC-CBPR and PRP certification.
The countries where personal data is stored, and their personal information protection systems are as follows:
(2) Personal information protection systems
Survey of systems and other related to the protection of personal information overseas (link to the Personal Information Protection Commission website).
(3) Main types of informationstored
- Information about directors, employees, and temporary employees
- Information about employees of contracted companies
- Information about shareholders
- Information entrusted from other companies to fulfill other contracted duties
7．Management of personal information
In accordance with the purpose of use, we strive to ensure that the personal information we own is accurate and up to date. The personal information will be stored for no longer than is necessary and afterwards, will be deleted or discarded in a secure manner.
8．Management of outsourcing partners
9．Disclosure / revision of personal information
If an individual files a request for disclosure, correction or revision of content, addition, omission, termination of usage, deletion, or termination of provision to third parties regarding personal information, the Company shall respond without delay as required under in-house rules after confirming the identity of the individual in question.
10．Handling of leakage and other such incidents
In the event of leakage of personal information or other incident, the Company shall notify the relevant individuals of the leakage or other such incident without delay and shall publicize the incident and the corrective action taken.
11．Response to complaints
If any complaint arises regarding the handling of personal information, the Company shall endeavor to take prompt and appropriate measures.
13．Contact for requesting disclosure and the revision of content, and filing complaints
For any requests regarding the disclosure or revision of personal information, any complaints regarding the handling of personal information, comments, or inquiries regarding Company websites, please see the contact information indicated below.
14．Privacy policies of third parties used on this site
For the privacy policies of social media and other services used on this website, please refer to the service provider’s website or other.
■Regarding the use of cookie-based tools on websites operated or managed by the Company
１．How information is gathered
Websites operated or managed by the Company utilize a variety of tools to collect website browsing information and other data. Acquired data is managed and utilized in accordance with the privacy policies of each of the companies that provide the tools. The following is a list of tools the Company uses, the purpose of use, the websites being used and the privacy policies of the data that is gathered. Users who wish to stop the usage of data should follow the opt-out procedures outlined by each of the tool provider companies.
（１）Purpose of use
①To improve the website
To improve and optimize the website, we measure the time it takes for a page to load and gauge user behavior within a website, such as which pages the user browses, what page order the user views the website, and what part of the page the user clicks.
Websites that use tools imbed programs called tags to ensure that the tools work properly. To comprehensively manage multiple tags, we use tools.
We deliver ads related to Company products and services to users who visit websites managed by the Company.
④Ad effect measurement and improvement
We measure the effect of the ads we deliver and implement improvements and other to maximize ad effect.
A. The Company’s corporate website（https://www.dac.co.jp/）
B. DAC Solution Service（https://solutions.dac.co.jp/）
C. Crossborder Marketing（https://crossborder.dac.co.jp/）
E. HAKUHODO digital initiative（https://hdi.dac.co.jp/）
（３）List of External Tools
2. Revisions to this section
The Company reevaluates and improves its information management system on an ongoing basis. With this process, revisions to the content of this section may be made. Notifications of such revisions will be made in a timely manner through this website, through a website the Company manages or in a manner deemed appropriate by the Company. Revisions to the content of this page will take effect on a date that the Company will specify separately.
3. Comments, questions, complaints and other
Please direct any comments, questions, complaints or other about the handling of information the Company owns and that is stipulated on this section to the following.
Revised on April 1, 2022