Group Basic Policy on the Protection of Personal Information, etc.
March 19, 2024
Group Basic Policy on the Protection of Personal Information, etc.
Idemitsu Kosan Co.,Ltd. and its group companies (”Idemitsu Group" or “we”) have established and comply with the following basic policy regarding the handling of personal information (including specific personal information), anonymized personal information, and pseudonymized personal information (“Personal Information”), and will manage all Personal Information handled in a secure and appropriate manner.
1. Compliance with Laws and Regulations.
Idemitsu Group will comply with the Act on the Protection of Personal Information, the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures, and other related laws and ordinances, relevant ministerial ordinances and guidelines.
2. Matters related to Acquisition
Idemitsu Group will acquire Personal Information by appropriate and fair means, and will clearly state or publicly announce the purposes of use to the relevant persons in advance, or notify or publicly announce the purposes of use promptly after acquisition, except when otherwise permitted by law. In addition, when acquiring sensitive personal information, the Company will obtain the consent of the individual in advance, except in cases otherwise permitted by law.
3. Matters related to Use
Idemitsu Group will use Personal Information in an appropriate manner and, except when otherwise permitted by law, within the scope necessary for achieving the purposes of use.
4. Matters related to Provision and Disclosure
Idemitsu Group will not disclose or provide personal information to third parties other than contractors, shared users, and successors in business without the consent of the individual, except when permitted by laws and regulations.
5. Matters related to Safety Management Measures
Idemitsu Group will take necessary and appropriate security management measures to prevent unauthorized access to, or loss, destruction, falsification, or leakage of, Personal Information, and will strive to continuously improve the protection of Personal Information, and the personal information management system, etc. We will designate a responsible person for each organization, and provide necessary and appropriate education, training, and supervision to employees and contractors who handle Personal Information.
We will ensure that Personal Information are kept accurate and up-to-date. and will promptly dispose or delete the Personal Information when the purposes of use have been achieved and the period of retention stipulated by the applicable laws and regulations has elapsed. In the unlikely event of any leakages or breaches, we will promptly implement corrective measures based on the nature of the incident.
6. Matters related to Disclosure, etc. of Personal Information, etc.
Upon receipt of requests for notification of purposes of use, disclosure, correction, suspension of use, etc., or suspension of provision to third parties of retained personal data, or for disclosure of records of provision to third parties, Idemitsu Group will respond to such requests in accordance with the provisions of laws and regulations.