1. Home
  2. Privacy Policy

Privacy Policy

We establish the Privacy Rules to ensure personal information is handled appropriately, share the Rules across the Company, and strive to apply the Rules in a legitimate and fair manner.

Privacy Rules

Article 1. (Purpose)
The purpose of the Privacy Rules is to stipulate matters necessary for NEW ART Co., Ltd. (hereinafter the “Company”) to ensure the proper handling of personal information held by the Company in order to protect the rights and interests of individual persons.
Article 2. (Definition of Personal Information)
“Personal information” in the Privacy Rules means information relating to an individual that is recorded in a document, drawing, photograph, film, or electromagnetic record (electronic or magnetic) by which a specific individual can, directly or indirectly, be identified. This, however, excludes information relating to directors of corporate or other organizations that is contained in records related to the relevant organizations.
Article 3. (Structure and Responsibility)
  1. 1.For the purpose of protecting personal information properly based on the Privacy Rules and other applicable rules and regulations, the Company appoints privacy managers to ensure appropriate management.
  2. 2.The president of the Company, as chief executive officer, assumes all of the responsibilities and authority pertaining to protecting personal information.
  3. 3.For the purpose of effectively enforcing the Privacy Rules and other applicable rules and regulations in the Company, the president appoints the General Sales Manager to serve as Chief Privacy Officer (CPO), regarding the capacity of this role as suitable for accurately understanding the content of the Privacy Rules and enforcing the Rules effectively.
Article 4. (Restriction on Collection)
  1. 1.When collecting personal information, the Company will clarify the purposes of the administrative processes for handling personal information, and conduct collection by legitimate and fair methods, keeping the collection to a minimum necessary to achieve the said purposes.
  2. 2.The Company will not collect personal information relating to thought, ideology, or religion nor personal information that may be used to discriminate against an individual, except in cases where either of the following applies:
  1. (1)the Company is required to do so by law; or
  2. (2)it is considered indispensable to do so in order to achieve the purposes of the administrative processes.

  1. 3.When collecting personal information, the Company must do so directly from the person in question (hereinafter the “Person”); however, the Company may collect personal information by other means if any of the following apply:

  1. (1)the Company has obtained the consent of the Person;
  2. (2)the Company is required to do so by law;
  3. (3)the information has become publicly known through publication or other means
  4. (4)it is considered urgent and unavoidable to do so in order to protect the life, body, or property of an individual person or persons; or
  5. (5)none of the above applies but it is considered that there is a reasonable rationale for collecting personal information by means other than obtaining it from the Person.
Article 5. (Restriction on Use and Provision)
  1. 1.The Company will use and provide to third parties personal information only when doing so is necessary for performing administrative processes for handling personal information; however, the Company may use and provide to third parties personal information for purposes other than that stated above if any of the following apply:
  1. (1)the Company has obtained the consent of the Person;
  2. (2)the Company is required to do so by law;
  3. (3)the information has become publicly known through publication or other means
  4. (4)the information has become publicly known through publication or other means
  5. (5)it is considered that it is necessary to do so for the public interest or there is any other reasonable rationale.

  1. 2.When using or providing personal information for reasons described in the preceding paragraph, the Company will ensure that the rights and interests of individuals will not be unfairly infringed.

Article 6. (Request to Third Parties for Taking Measures)
When proving personal information to third parties, the Company will, as needed, place restrictions on the purposes, methods, or processes of use of the provided information by the third parties, or request the third parties to take necessary measures to ensure the proper handling of the said information.
Article 7. (Assurance of Accuracy and Security)
  1. 1.The Company will endeavor to maintain the accuracy of the personal information it holds for the purpose of performing administrative processes.
  2. 2.The Company will endeavor to take necessary measures to prevent any leaks, falsification, or loss of, or damage to, the personal information it holds and to ensure proper management of the information.
  3. 3.The Company will, without fail or delay, dispose of or delete the personal information it holds when it is no longer needed, except in cases where it is necessary to store such information for the purpose of archiving.
Article 8. (Measures Related to Outsourcing)
When outsourcing the administrative processes for handling personal information, the Company will take necessary measures to protect the relevant personal information.
Article 9. (Responsibility of Outsourcee)
  1. 1.Third parties employed by the Company to perform outsourced operations must take necessary measures to prevent any leaks, falsification, or loss of, or damage to, the relevant personal information and to ensure proper management of the information.
  2. 2.The third parties described in the preceding paragraph must not leak any secrets related to the personal information that have come to be known by them in the course of performing the outsourced operations. This shall also apply after the operations are completed.
Article 10. (Responsibility of Employees, etc.)
Present and former employees of the Company engaged in handling personal information must not unnecessarily share the personal information that has come to be known by them in the course of performing their duties or use such information for inappropriate purposes.
Article 11. (Statement for Personal Information Handling)
  1. 1.When starting a new administrative process for handling personal information (excluding processes related to present and former employees of the Company), the Company will prepare a Statement for Personal Information Handling (form specified separately).
  2. 2.Upon receiving a request to read the Statement for Personal Information Handling as set forth in the preceding paragraph, the Company will respond to the request appropriately.
Article 12. (Method of Requesting Disclosure)
  1. 1.A request for disclosing personal information held by the Company must be made by submitting to the Company a Request for Disclosing Personal Information (form specified separately).
  2. 2.A request for disclosing personal information held by the Company must be made by the Person or a person acting as their proxy, and documents specified in the Request for Disclosing Personal Information must be submitted or presented to the Company in order to confirm the identity of the requester.
  3. 3.If identifying any formal errors contained in the Request for Disclosing Personal Information submitted, the Company may request the requester of disclosure to correct the errors, specifying the date of resubmission after a reasonable interval. In doing this, the Company must endeavor to provide the requester with reference information for correction.
Article 13. (Disclosure of Personal Information to the Person)
When having received a request for disclosure of the personal information held by the Company from the Person, the Company will endeavor to respond to the request according to the procedures described in the preceding article. However, the Company may choose not to disclose the related personal information, in whole or in part, if any one of the following items applies:
  1. 1.It is considered that the Company is prohibited from disclosing the information by law;
  2. 2.Disclosing the information may result in the infringement of legitimate rights and interests of individuals other than the requester, specifically in cases where the personal information relating to the request contains the personal information of such individuals; or
  3. 3.Disclosing the information may hamper the proper performance of administrative processes of the Company.
Article 14. (Notification in Response to Request for Disclosure)
  1. 1.When having received a request for disclosure of personal information, the Company will notify the requester whether or not the relevant personal information will be disclosed within 14 days from the day following the day the request was received by the Company; however, there may be exceptions to this principle due to unavoidable reasons.
  2. 2.After sending a notification of disclosure, the Company will disclose the relevant personal information without delay.
Article 15. (Bearing of Expenses for Disclosure)
  1. 1.Disclosure of personal information shall be made at the expense of the person to whom the information is disclosed. The amount of the expenses will be specified by the Company separately.
  2. 2.Expenses shall be paid when the personal information is disclosed to the person.
  3. 3.Paid expenses shall not be reimbursed.
  4. 4.The Company may reduce the payment amount of expenses, partially or fully, if it considers that there is a special reason for doing so.
Article 16. (Method of Requesting Modification)
  1. 1.A request for modification of the personal information disclosed must be made by submitting to the Company a Request for Modifying Personal Information Disclosed.
  2. 2.A request for modification of the personal information disclosed must be made by the Person or a person acting as their proxy, and documents specified in the Request for Modifying Personal Information Disclosed must be submitted or presented to the Company in order to confirm the identity of the requester.
  3. 3.If identifying any formal errors contained in the Request for Modifying Personal Information Disclosed submitted, the Company may request the requester of modification to correct the errors, specifying the date of resubmission after a reasonable interval. In doing this, the Company must endeavor to provide the requester with reference information for correction.
Article 17. (Modification of Personal Information by the Person)
When having received a request for modification of the personal information held by the Company and disclosed to the Person, the Company, when recognizing factual inaccuracies contained in the said personal information, will respond to the request according to the procedures described in the preceding article.
Article 18. (Notification in Response to Request for Modification)
When having received a request for modification of personal information, the Company will notify the requester whether or not modification to the relevant personal information will be made within 14 days from the day following the day the request was received by the Company; however, there may be exceptions to this principle due to unavoidable reasons.
Article 19. (Bearing of Expenses for Modification)
  1. 1.Modification of the personal information disclosed shall be made at the expense of the person seeking the relevant modification. The amount of the expenses will be specified by the Company separately.
  2. 2.Expenses shall be paid when modification of the personal information is performed.
  3. 3.Paid expenses shall not be reimbursed.
  4. 4.The Company may reduce the payment amount of expenses, partially or fully, if it considers that there is a special reason for doing so.
Article 20. (Response to Complaints, Grievances, Incidents, and Accidents)
Upon receiving a complaint or grievance and having identified an incident or accident related to the handling of the personal information held by the Company, the Company will endeavor to respond to the situation properly and promptly, taking the steps described below:
  1. 1.For the purpose of protecting personal information, the Company receives and responds to complaints and grievances from the Person related to the personal information held by the Company. Upon receiving such complaints and grievances, employees record details about the complaints and grievances using the Internal Note (form specified separately) and then submit the Internal Note to the CPO.
  2. 2.In response to incidents and accidents identified, the Company follows the procedures described below:
  1. (1) Upon having identified an incident or accident, employees report such fact to the president and CPO immediately.
  2. (2) The employee records details about the reported incident or accident using the Internal Note, and submits it to the CPO.
  3. (3) The CPO, together with the president, formulates and decides on measures to be taken in response to the reported incident or accident.
  4. (4) The CPO shares the formulated measures with responsible persons and implements the measures.
  5. (5) The CPO prepares notices to customers, the relevant authorities, and personal information handling business operators, and sends them after obtaining the approval of the president.
  6. (6) The CPO plans recurrence prevention measures, for which approval of the president is obtained before finalization. To implement the measures effectively, related rules and regulations are revised and the related details are shared across the Company through morning meetings, training sessions, or other opportunities.
Article 21. (Internal Rules)
In order to protect personal information, the Company formulates and maintains the following internal rules:
  1. 1.Privacy Rules (this document)
  2. 2.Personal Information Handling Manual
  3. 3.Personal Information System Operation Management and User Manual
Article 22. (Education)
In order to protect personal information appropriately when doing business, the Company provides all employees engaged in handling personal information with education regarding the items listed below, with the aim of enhancing their understanding of the importance of protecting personal information and ensuring compliance with the Privacy Rules and other applicable rules and regulations.
  1. 1.Details of the Privacy Rules of the Company
  2. 2.Importance of complying with the Privacy Rules, applicable laws and regulations, and other relevant norms
  3. 3.Roles and responsibilities set forth by the Privacy Rules
  4. 4.Scenario-based examination of violations of the Privacy Rules and applicable laws and regulations
Article 23. (Audit)
The Company conducts internal audits to appropriately monitor the proper application of the Privacy Rules and other applicable rules and regulations and confirm that they are properly maintained at each division that is subject to them. Methods and procedures for conducting internal audits are specified in the Internal Audit Rules of the Company.
Article 24. (Relationship with Other Legal Systems, etc.)
For performing procedures pertaining to disclosure, modification, or deletion of personal information, if relevant procedures are stipulated by state or municipal laws and regulations, such laws and regulations shall take precedence over these Privacy Rules.
Article 25. (Disciplinary Action)
Violators of laws and regulations related to privacy, the privacy pledge submitted as new employees, or privacy-related internal rules will face disciplinary action depending on the degree of violation, according to the work regulations.
Article 26. (Review of the Rules)
In order to maintain appropriate management for protecting personal information, the president is required to review the Privacy Rules and other applicable rules and regulations in light of periodic reporting from the CPO on the application status of these rules, changes in the business environment, and other factors.
ページトップへ戻る