Bplus Systems Co., Ltd. (hereinafter referred to as "our company") will protect the privacy of customers from personal information and specific personal information handled in our information processing service business (IT introduction and various system planning and development). We are deeply aware that it is an important element that composes, and we respond to the expectations and trust of our customers by ensuring that all employees comply with laws and regulations regarding the protection of personal information and specific personal information, as well as our internal regulations. I will come.
(1) Acquisition, use and provision of personal information and specific personal information
When acquiring, using, and providing personal information, we specify the purpose of use as much as possible in advance, notify the person in question, obtain consent, and acquire, use, and provide personal information to the extent necessary to achieve the purpose. In addition to providing personal information, we will take measures to prevent the acquisition, use, and provision beyond the scope necessary to achieve the purpose. In addition, we will not acquire personal information by a method that cannot be easily recognized by the person in question, or by deception or other illegal methods.
When acquiring, using, and providing specific personal information, we will verify the identity of the individual, obtain consent, and handle the information only for the purpose of use stipulated by laws and regulations. We will take measures to prevent acquisition, use and provision beyond the scope.
(2) Compliance with laws, national guidelines and other norms
We will comply with the law on the protection of personal information, the law on the use of numbers to identify specific personal information in administrative procedures, the law on the handling of personal information, and the guidelines and other norms established by the government, and thoroughly manage it. .
(3) Prevention and correction of leakage, loss or damage of personal information and specific personal information
The Company fully recognizes and analyzes the risks associated with handling personal information and specific personal information, and takes necessary and rational security control measures to prevent leakage, loss, or damage of personal information and specific personal information. In addition, when we become aware of new risks that may cause leakage, loss or damage of personal information and specific personal information, we will take corrective action without delay.
(4) Responding to inquiries, complaints and consultations regarding the content of the personal information protection policy
Inquiries about the content of the personal information protection policy, or complaints and consultations from the person who acquires personal information and specific personal information are accepted at the following inquiry window.
<Contact point for complaints and consultation regarding the handling of personal information>
a）責任者 ：苦情相談窓口責任者 石井 桂子
b）郵便 ：〒541-0051 大阪府大阪市中央区備後4-1-3 Machi
(5) Continuous improvement of personal information protection management system
Regarding the personal information protection management system formulated with this policy at the top, we will continuously improve it by fully considering the technical trends, the social situation regarding personal information protection, and the contents of opinions and complaints received from inside and outside the company.
(6) Security control measures
(Formulation of basic policy)
In order to ensure the proper handling of personal data, the Company has established basic policies regarding "compliance with relevant laws and regulations, guidelines, etc." and "point of contact for inquiries and complaints."
Contact point for questions and complaints about security control measures
a) Responsible person: Keiko Ishii, person responsible for safety management measures
b) Mail: 4-1-3 Bingo-cho, Chuo-ku, Osaka-shi, Osaka 541-0051
c) Phone number: 06-7709-1091
d) e-mail: email@example.com
(Improvement of Discipline Concerning Handling of Personal Data)
We have established rules for handling personal data for each stage of acquisition, use, storage, provision, deletion, disposal, etc., regarding handling methods and responsible persons.
(Organizational Security Control Measures)
We regularly conduct self-inspections regarding the handling of personal data.
(Personnel Security Control Measures)
a) Regularly train employees on personal data management.
b) Matters concerning the confidentiality of personal data are stated in the employment regulations.
(Physical Security Control Measures)
a) We have implemented measures to restrict access by unauthorized persons and prevent access to personal data in areas where personal data is handled.
b) We do not leave personal data on personal devices for a long period of time, and use anonymized data or dummy data for data used in development and operation verification work.
c) Use a shredder or a document dissolution service to dispose of paper media, and physically destroy hard disks, etc.
(Technical Security Control Measures)
a) We implement access control to limit the scope of the person in charge and the personal information database, etc. handled. b) We have introduced a mechanism to protect information systems that handle personal data from unauthorized external access.
(Understanding the external environment)
We will implement security control measures after understanding the system regarding the protection of personal information in the United States, where some personal data is stored.
Enacted: April 1, 2012
Date of revision: April 1, 2020
Revision date: January 24, 2022
Date of revision: March 31, 2022
Last revision date: July 13, 2022
Representative Director Keiko Ishii