Bplus Systems Co., Ltd. (hereinafter referred to as "our company") will protect the privacy of customers from personal information and specific personal information handled in our information processing service business (IT introduction and various system planning and development). We are deeply aware that it is an important element that composes, and we respond to the expectations and trust of our customers by ensuring that all employees comply with laws and regulations regarding the protection of personal information and specific personal information, as well as our internal regulations. I will come.
(1) Acquisition, use and provision of personal information and specific personal information
When acquiring, using, and providing personal information, we specify the purpose of use as much as possible in advance, notify the person in question, obtain consent, and acquire, use, and provide personal information to the extent necessary to achieve the purpose. In addition to providing personal information, we will take measures to prevent the acquisition, use, and provision beyond the scope necessary to achieve the purpose. In addition, we will not acquire personal information by a method that cannot be easily recognized by the person in question, or by deception or other illegal methods.
When acquiring, using, and providing specific personal information, we will verify the identity of the individual, obtain consent, and handle the information only for the purpose of use stipulated by laws and regulations. We will take measures to prevent acquisition, use and provision beyond the scope.
(2) Compliance with laws, national guidelines and other norms
We will comply with the law on the protection of personal information, the law on the use of numbers to identify specific personal information in administrative procedures, the law on the handling of personal information, and the guidelines and other norms established by the government, and thoroughly manage it. .
(3) Prevention and correction of leakage, loss or damage of personal information and specific personal information
The Company fully recognizes and analyzes the risks associated with handling personal information and specific personal information, and takes necessary and rational security control measures to prevent leakage, loss, or damage of personal information and specific personal information. In addition, when we become aware of new risks that may cause leakage, loss or damage of personal information and specific personal information, we will take corrective action without delay.
(4) Responding to inquiries, complaints and consultations regarding the content of the personal information protection policy
Inquiries about the content of the personal information protection policy, or complaints and consultations from the person who acquires personal information and specific personal information are accepted at the following inquiry window.
<Contact point for complaints and consultation regarding the handling of personal information>
a）責任者 ：苦情相談窓口責任者 石井 桂子
b）郵便 ：〒541-0051 大阪府大阪市中央区備後4-1-3 Machi
(5) Continuous improvement of personal information protection management system
Regarding the personal information protection management system formulated with this policy at the top, we will continuously improve it by fully considering the technical trends, the social situation regarding personal information protection, and the contents of opinions and complaints received from inside and outside the company.
(6) Security control measures
(Formulation of basic policy)
In order to ensure the proper handling of personal data, the Company has established basic policies regarding "compliance with relevant laws and regulations, guidelines, etc." and "point of contact for inquiries and complaints."
Contact point for questions and complaints about security control measures
a) Responsible person: Keiko Ishii, person responsible for safety management measures
b) Mail: 4-1-3 Bingo-cho, Chuo-ku, Osaka-shi, Osaka 541-0051
c) Phone number: 06-7709-1091
d) e-mail: firstname.lastname@example.org
(Improvement of Discipline Concerning Handling of Personal Data)
We have established rules for handling personal data for each stage of acquisition, use, storage, provision, deletion, disposal, etc., regarding handling methods and responsible persons.
(Organizational Security Control Measures)
We regularly conduct self-inspections regarding the handling of personal data.
(Personnel Security Control Measures)
a) Regularly train employees on personal data management.
b) Matters concerning the confidentiality of personal data are stated in the employment regulations.
(Physical Security Control Measures)
a) We have implemented measures to restrict access by unauthorized persons and prevent access to personal data in areas where personal data is handled.
b) We do not leave personal data on personal devices for a long period of time, and use anonymized data or dummy data for data used in development and operation verification work.
c) Use a shredder or a document dissolution service to dispose of paper media, and physically destroy hard disks, etc.
(Technical Security Control Measures)
a) We implement access control to limit the scope of the person in charge and the personal information database, etc. handled. b) We have introduced a mechanism to protect information systems that handle personal data from unauthorized external access.
(Understanding the external environment)
We will implement security control measures after understanding the system regarding the protection of personal information in the United States, where some personal data is stored.
Enacted: April 1, 2012
Date of revision: April 1, 2020
Revision date: January 24, 2022
Date of revision: March 31, 2022
Last revision date: July 13, 2022
Representative Director Keiko Ishii
Purpose of use of personal information
Bplus Systems Co., Ltd. (hereinafter referred to as "our company") will clarify the purpose of use and obtain the consent of the person in advance when acquiring personal information. In addition, when using personal information, we will use it appropriately within the scope of the purpose of use for which consent has been obtained in advance.
・Purpose of use of personal information obtained directly
When acquiring personal information directly from the person, we will clarify the purpose of use each time and use it appropriately within the scope of the purpose of use with the consent of the person.
・Purpose of use of personal information acquired by means other than direct writing
When acquiring personal information by means other than direct writing, we will clarify the purpose of use each time and use it appropriately within the scope of the purpose of use for which consent has been obtained. In addition, when we are entrusted with the handling of personal information from a business consignor, we will appropriately use the entrusted personal information within the scope of the purpose of performing the entrusted business in accordance with the contract.
Specific personal information will only be used for procedures related to social security, taxes, and disaster countermeasures.
Dissemination of matters concerning retained personal data
BPLUS SYSTEMS (hereinafter referred to as "our company") shall, with respect to the personal information and specific personal information provided by you, notify you of the purpose of use, disclose it, and notify you of the content from the person himself or his agent. If there is a request for correction, addition or deletion, suspension of use, erasure, or suspension of provision to a third party (hereinafter referred to as "disclosure, etc."), we will respond without delay in principle.
Retained personal data means “personal information that constitutes a collection of systematically structured information, and we will disclose, correct, add or delete content, suspend use, erase and delete as requested by the person. We have the authority to respond to all requests for suspension of provision to third parties.” However, if it falls under any of the following a) to d), it does not correspond to retained personal data.
a) Information that may harm the life, body, or property of the person or a third party if the existence or nonexistence of the personal information becomes clear.
b) Items that may promote or induce illegal or unfair acts by revealing the existence or non-existence of the personal information.
c) If the existence or non-existence of the personal information becomes clear, there is a risk that the security of the country will be harmed, a relationship of trust with other countries or international organizations will be damaged, or there will be a disadvantage in negotiations with other countries or international organizations. potentially
d) The disclosure of the existence or non-existence of the personal information may interfere with the prevention, suppression or investigation of crimes, or maintenance of public safety and order.
Personal Information Protection Manager Keiko Ishii
1. Purpose of use of all retained personal data
a) Your personal information
① Various procedures such as applications and contracts related to the use of our services
(2) Communication regarding the use of our services
* In addition, in accordance with the operation rules of our company's personal information protection system, personal information of customers is stored for a specified period for various procedures such as applications and contracts related to the use of our services, and for correspondence regarding use. We will then dispose of it properly.
b) Personal information provided for recruitment selection
① Recruitment selection
(2) If you apply through the Employment Security Bureau, provide the employment security bureau with a “recruitment notification” etc.
(3) Business communication related to (1) to (2) above
*Personal information of unsuccessful applicants will be properly discarded in accordance with the operation rules of our personal information protection system (unless requested by the applicant at the time of interview).
c) Employee personal information
(1) General affairs/employment management (procedures related to employment, education and training, welfare benefits, personnel transfers, and retirement)
(2) Indicate the person in charge or person in charge when necessary for the execution of duties
(3) Business communication related to (1) to (2) above
*Personal information of retirees will be properly discarded after being stored for a specified period for retirement procedures and responding to inquiries in accordance with the operation rules of our personal information protection system.
d) Specific personal information
①Clerical procedures based on laws and regulations (social security, tax, disaster countermeasures)
e) Personal information of those who contact us
(1) We will only use the information to reply to the inquiry.
2. Contact point for complaints regarding the handling of retained personal data
苦情相談対応窓口責任者 _cc781905-5cde-3194-bb3b -136bad5cf58d_: Representative Director Keiko Ishii
_cc781905-5cde-3194 -bb3b-136bad5cf58d_ ：（電子メール） email@example.com .jp
3. Procedures for responding to requests for disclosure, etc.
a) Contact for disclosure, etc.
4-1-3 Bingo-cho, Chuo-ku, Osaka-shi, Osaka 541-0051
Addressed to "Bplus Systems Co., Ltd. Complaint Consultation Desk"
b) Format of documents to be submitted when requesting disclosure, etc. and other methods of disclosure, etc.
Download the "Request Form for Retained Personal Data" from the following link, fill in the necessary information, and
Please enclose a copy of your ID (driver's license, passport, etc.) and postage stamps and mail it to a) above.
c) Method of confirming that the person requesting Disclosure, etc. is the person himself/herself or his/her agent
We will confirm the correspondence between the items stated in the "Invoice for Retained Personal Data" and the relevant retained personal data held by the Company, as well as a copy of the identification card. If the request is made by an agent, please enclose a power of attorney.
d) Fee for notification of purpose of use of retained personal data or disclosure of retained personal data
There is no fee.
Four. Responses to requests for disclosure, etc.
a) We will mail a document describing the response and response to the person.
b) Requests for disclosure, etc. may be refused based on laws and regulations regarding the handling of personal information, guidelines established by the government, and other norms. In that case, we will respond and respond with a notice of refusal and an explanation of the reason. Please be forewarned.
Security of our website
1. Use of SSL when collecting personal information
When acquiring personal information through the website operated by the Company, in order to protect personal information from unauthorized access by third parties, we protect it by SSL (Secure Sockets Layer) encrypted communication and strive to ensure safety.
3. Security measures against cross-site scripting (CSS/XSS) and SQL injection
Our website has undergone appropriate inspections and measures from the time of development, and has taken measures against cross-site scripting (CSS/XSS) and SQL injection.
Four. Other security measures
The servers that host our website are equipped with firewalls and virus countermeasures to prevent access, loss, destruction, falsification, leakage, virus infection, etc. of personal information.