Seven & i Holdings Co., Ltd. and its domestic subsidiaries (hereinafter referred to as " the Group ") are managing customers’ personal information to provide customers with products and services that satisfy its customers through its business activities.
The Group shall establish a structure for protecting personal information, enforce the Basic Policy to its entire Group through education and training for all managements and employees, and strive to ensure the proper management and protection of all of personal information for expectation and trust of its customers.
Revised October 1, 2020
Seven & i Holdings Co., Ltd.
President and Representative Director
1. The scope of the Basic policy
The Basic Policy shall be applied to our Group, its managements and employees.
The Group shall comply with all domestic and foreign laws, regulations and contractual obligations applied to it regarding to the protection of personal information. The Group shall also strive to comply with other standards and guidelines related to the protection of personal information. The Group shall deal strictly with any violations of laws and internal regulations related to personal information.
3. Acquisition and utilization of personal information
The Group shall acquire, utilize and provide personal information only after notifying or announcing the utilization purpose in compliance with laws and regulations, and shall not handle personal information beyond the necessary scope to achieve the utilization purpose. The Group shall, in case of handling personal information beyond the scope of the utilization purpose, unless otherwise specified in laws or regulations, obtain the prior consent of the principal.
4. Security Control Measures
The Group shall strive to prevent the leakage, loss, or damage of personal information and take steps to rectify the situation with taking systematic, human, physical and technical security control measures in order to properly manage the personal information acquired.
5. Provisioning to or joint use with third parties
The Group shall, expect in case where otherwise specified in laws and regulations, not provide personal information acquired to a third party without prior consent of the principal. The Group shall, in case of providing personal information to a third party or acquiring from a third party, confirm, record and maintain the matters about the provision or acquisition prescribed by law and regulations.
The Group shall, in case of jointly utilizing personal information of its customers between Group companies etc., inform the customers of, or disclose to the public on its website, the matters prescribed by laws and regulations.
6. Supervision over a Trustee
The Group shall, in case of outsourcing the handling of personal information, select a trustee which sufficiently meet the level required for protecting personal information, enforce them keep the level by contracts etc., and supervise it appropriately.
7. Anonymously processed Information
The Group shall, in case of providing acquired personal information to a third party as anonymously processed information or generating anonymously processed information by itself, establish processing procedures in accordance with laws and regulations, take the necessary measures, and fulfill its obligation to disclose information when it is created or provided.
8. Response to incidents and accidents
The Group shall, in cases where the leakage or infringement of personal information, or an event that may lead to such an incident or accident, identify the cause of the accident, respond promptly and appropriately to minimize damage and prevent its recurrence and report to the customers, the managements and the relevant authorities.
9. Disclosure, correction and deletion etc.
The Group shall, in cases where a principal or an agent requests disclosure, correction, addition, deletion, cessation of the utilization or cessation of providing to a third party, respond to any requests reasonably and appropriately in accordance with regulations of the law.
10. Inquiry contact
The Group shall establish an inquiry contact at each of the Group companies to respond any complaints of handling personal information, requests of notification of the utilization purpose, disclosure, cessation of the utilization, deletion and any other inquiry of procedures.
11. Handling of informative data (*)
The Group may acquire informative data from websites and social networking sites to make its services more convenient for its customers. The Group shall, in that case, handle the data appropriately.
(*) "Informative data" is the generic name of the various information related to the use of Internet and statistics of the information, that alone cannot identify a specific individual.
12. Inspection and audit
The Group shall conduct inspections and audits on a regular basis or on demand to verify that laws, regulations and relevant rules concerning personal information are complied with and that measures to protect personal information are appropriate and effective. The Group shall also take corrective action when any problems are detected.
13. Continuous improvement
The Group shall review its structure for managing personal information protection and continuously improve personal information protection in light of changes in social conditions and the environments.