Student Organizations
Brave hearts
privacy policy
Student organisation brave hearts
The organisation declares that it has established the following policy on the handling of personal information, and that it will make it public and comply with it.
Article 1 (Personal information)
The term 'personal information' refers to 'personal information' as defined in the Act on the Protection of Personal Information (Act No. 57 of 2003, hereinafter referred to as the 'Personal Information Protection Act'). Personal information" means information relating to a living individual that can be used to identify a specific individual by name, date of birth or other description contained in the information, or that contains a personal identification code.
Article 2 (Purpose of use).
1 The Organisation shall only use the personal information it has acquired to the extent necessary to achieve the following purposes of use. In the event that personal information is acquired directly from a participant in writing in connection with the conclusion of a contract with the participant, the purpose of use shall be clearly stated in advance.
<Purpose of use> [Note: The following purposes of use are examples. When using the template, please specify and describe the purpose of use in concrete terms that match the actual situation of your organisation].
(1) For the provision of services handled by our organisation through international exchange activities.
(2) To verify the identity of customers.
(3) To contact you and respond to your enquiries as necessary in connection with the provision of services, etc.
(4) To improve and upgrade services
(5) For research and development of products and services through market research, data analysis and questionnaires
(6) To send out direct mail, to provide information by telephone and to make various proposals relating to the products and services in question.
(7) For the appropriate and smooth performance of other transactions with customers. 2.
2 In the event that personal information is used beyond the scope of the purpose of the preceding paragraph, consent shall be obtained from the customer in an appropriate manner in advance.
Article 3 (Information to be acquired and method of acquisition)
The Company shall properly acquire personal information to the extent necessary for the purposes of use stipulated in the preceding article.
The information to be acquired and the method of acquisition are as follows.
<Note: When using the template, please describe the information to be acquired and the method of acquisition, etc., which are appropriate to the actual situation of your organisation.
Article 4 (Provision to third parties)
The Company shall not provide customers' personal information to third parties without obtaining the prior consent of the customer. However, we may provide your personal information to third parties without your consent in the following cases.
(1) Where it is necessary for the protection of a person's life, body or property and it is difficult to obtain the customer's consent.
(2) When it is particularly necessary for improving public health or promoting the sound development of children and it is difficult to obtain the customer's consent.
(3) When it is necessary to cooperate with a state body, a local authority or an individual or entity entrusted by one in order to carry out affairs stipulated by law, and obtaining the consent of the customer may impede the carrying out of such affairs.
(4) Other cases permitted by law.
Article 5 (Joint use of personal data)
The Company may share the personal data of customers to the extent necessary for the purposes set out in Article 2, as described below.
(1) Scope of joint users
00
(2) Purpose of joint use
For the purpose of 00.
(3) Items of personal information to be shared
00 (4) Name of the person responsible for the management of the personal data to be jointly used
(4) Name, address and name of representative of the person responsible for the management of the personal data to be jointly used
(Name) Brave hearts
(Address)
(Name of representative) Kensei Sato
Article 6 (Entrustment of handling)
The Company may entrust the handling of personal data within the scope of the purpose of use in the course of performing work relating to the products and services handled by the Company. In this case, the Company will select a contractor that is deemed to handle personal information properly, and will properly stipulate in the contract of consignment the security control, confidentiality, conditions for re-consignment and other matters relating to the handling of personal information, and carry out necessary and appropriate supervision.
Article 7 (Security control measures)
The Company shall endeavour to keep the personal information of its customers accurate and up-to-date and shall take necessary and appropriate security control measures to prevent unauthorised access to, and leakage, loss or damage of, personal information, etc.
The security control measures taken by the Company are shown in the Annex.
Article 8 (Disclosure of personal information)
If you wish to request disclosure of your personal information held by the Company, please make your request in accordance with the procedures prescribed by the Company, which will be provided at the contact point mentioned in Article 12. The Company will disclose to the Customer the personal information held by the Company without delay after the request has been made. However, the Company may not disclose all or part of the information if disclosure would result in any of the following cases. Please note in advance.
(1) If there is a risk of harm to the life, body, property or other rights or interests of the customer or a third party.
(2) If there is a risk of significant hindrance to the proper conduct of our business.
(3) If it would violate other laws and regulations.
Article 9 (Correction, addition or deletion of personal information)
1. if the customer requests the correction, addition or deletion (hereinafter referred to as "correction, etc.") of the content of personal information on the grounds that the personal information held by the Company about the customer is untrue. If you wish to request a correction, addition or deletion of your personal information (hereinafter referred to as "correction") on the grounds that it is not true, please make your request in accordance with the procedures prescribed by the Company, which are provided at the contact point mentioned in Article 12. The Company shall carry out the necessary investigation without delay after the request and determine the necessity of the correction, except where special procedures are stipulated in other laws and regulations with regard to the correction of the contents. 2.
2. if the Company determines that a correction is necessary based on the investigation in the preceding paragraph, the Company shall correct the content of the personal information held by the Company and notify the customer of the correction without delay.
If the Company determines that no correction is necessary based on the investigation in paragraph 1, the Company will notify the Customer of the result of this determination without delay.
Article 10 (Suspension of use of personal information, etc.)
1. in accordance with the provisions of the Personal Data Protection Act, if the customer requests the Company to stop using, erase or stop providing to a third party (hereinafter referred to as "stop of use") the customer's personal information held by the Company, the Company shall notify the customer of the decision in accordance with Article 12. If you wish to request the suspension of the use, erasure or cessation of provision to third parties (hereinafter referred to as "suspension of use") of your personal information held by the Company in accordance with the provisions of the Personal Data Protection Act, please make your request using the procedures prescribed by the Company as indicated in Article 12. The Company shall carry out the necessary investigation without delay after the request and determine the necessity of the Cessation of Use, etc. 2.
If the Company determines that the suspension of use is necessary based on the investigation in the preceding paragraph, the Company will suspend the use of the personal data in its possession and notify the customer to that effect without delay. However, if it is difficult to suspend the use of the information, for example because it would require a large amount of money, we may take alternative measures to protect the rights and interests of the customer instead of suspending the use of the information. 3.
If we determine that suspension of use, etc. is not necessary based on the investigation in paragraph 1, or if we determine that suspension of use, etc. is not necessary, we will notify you of the result of our determination without delay.
Article 11 (Compliance with laws and regulations)
The Company shall comply with the Personal Data Protection Act, other relevant laws and regulations, guidelines for the protection of personal data applicable to the Company and this Privacy Policy in the acquisition, use and all other handling of personal data of the Customer.
Article 12 (Contact for complaints, claims and other enquiries)
The Company will respond promptly and appropriately to complaints, requests and other enquiries from customers regarding the handling of personal data.
Complaints, requests and other enquiries can be made at the following address.
(Name of contact: brave hearts SNS Department
(Contact number) 080-6754-2029
(Office hours) Weekdays: 15:40~23:00, holidays: all day
Article 13 (Indication of the Company's name, address, representative director and personal data protection manager)
The name, address, name of the representative director and data protection manager of the Company are as follows
(Name) Brave hearts
(33-4-201 Umegaoka, Aoba-ku, Yokohama City, Kanagawa Prefecture, Japan
(Name of representative: Kensei Sato
(Kensei Sato (Personal data protection manager)
Article 14.
<Contact person
Telephone:
(Weekdays from 15:00 to 21:00)
E-mail: bravehearts.study@gmail.com
Article 15 (Continuous improvement)
The Company shall strive to continuously improve the handling of personal data within the company through the development of internal regulations for the protection of personal data, training of employees and the implementation of internal audits.
Article 16 (Revision)
The Company will review and improve its privacy policy from time to time. The content of the Privacy Policy may be changed, and changes shall come into effect when notified to users in the manner prescribed by the Company or posted on the Company's website.
Above.
10 April 2024 Enacted and enforced
Attachment
Safety management measures
Note: The following security control measures are illustrative. When using the template, please describe the safety management measures that suit your company's actual situation.
<Formulation of basic policy
In order to ensure the proper handling of personal data as an organisation, the Company shall formulate a basic policy that stipulates compliance with relevant laws, regulations and guidelines, matters relating to safety management measures, and a contact point for handling questions and complaints.
<Discipline for the handling of personal data
In order to prevent leaks of personal data and otherwise ensure the safe management of personal data, the Company shall establish specific rules for the handling of personal data, including handling methods, responsible persons, persons in charge and their duties.
<Organisational security control measures
The Company shall take the following measures as organisational security control measures
(1) Organisational structure
The Company will establish an organisational structure to implement security control measures, such as appointing a person responsible for implementing security control measures and clarifying his/her responsibilities, as well as clarifying the employees who handle personal data and the scope of their handling.
(2) Operation in accordance with rules for the handling of personal data
Personal data will be handled in accordance with the rules for the handling of personal data established in advance. In order to confirm the status of operation in accordance with the established rules for the handling of personal data, the status of use, etc. will be recorded.
(3) Means for checking the status of handling of personal data
Means for checking the status of handling of personal data will be developed.
(4) Establishment of a system for dealing with incidents of leakage, etc.
A system will be put in place to respond appropriately and promptly in the event that a leakage incident occurs or signs of a leakage incident are detected. In the event of a leakage incident, the facts and measures to prevent recurrence shall be made public as soon as possible, depending on the incident, in order to prevent secondary damage and the occurrence of similar incidents.
(5) Monitoring the handling situation and reviewing safety management measures
The company shall monitor the state of handling of personal data and evaluate, review and improve safety management measures.
<(6) Human security control measures
The Company shall ensure that its employees are aware of the proper handling of personal data, provide them with appropriate training and supervise them when handling personal data.
<Physical security control measures
The Company takes the following measures as physical security control measures.
(1) Control of areas where personal data is handled
Appropriate management is carried out in areas where important information systems such as servers and main computers that handle personal information databases, etc. are managed, as well as in areas where other operations handling personal data are carried out.
(2) Prevention of theft of equipment and electronic media
Appropriate controls are in place to prevent the theft or loss of equipment, electronic media and documents that handle personal data.
(3) Prevention of unauthorised external access
A system to protect information systems handling personal data from unauthorised external access or unauthorised software shall be introduced and operated appropriately.
(4) Prevention of leaks etc. associated with the use of information systems
Measures to prevent leaks, etc. of personal data as a result of the use of information systems shall be implemented and operated appropriately.
<Understanding the external environment
If the Company handles personal data in a foreign country, the Company will take the necessary and appropriate measures for the safe management of personal data, based on an understanding of the systems for the protection of personal data in that foreign country.
Translated with DeepL.com (free version)