CUC Inc., (“we”) recognizes the importance of personal information on individuals who use our services, our business partners, employees of partner companies and organizations, our employees, and all other related parties, and in order to thoroughly protect such personal information, we have established the following personal information protection policy, built a personal information protection system, and we are working on the appropriate handling of personal information. We handle personal information and personal data appropriately in compliance with the Act on the Protection of Personal Information, other laws and regulations, the Personal Information Protection Commission’s guidelines and other guidelines.
Personal Information Management and Security Measures
We strictly manage personal information by taking necessary measures such as establishing internal rules and accountability systems, thoroughly training employees, and maintaining security systems and developing management systems, in order to keep our customers’ personal information accurate and up-to-date, and to prevent unauthorized access, loss, damage, falsification, and leaks, etc. and ensure the safety of personal information and personal data.
Specifically, we take the following measures.
Organizational Security Control Measures
- Develop rules regarding the handling of personal information and personal data We formulate, operate, and update and improve as necessary, rules governing the handling of personal information and personal data systematically, and we continuously respond to risks.
- Appointment, etc. of a personal information protection officer
The above-stated rules stipulate provisions to appoint a personal information protection officer and to establish a framework for reporting in the event that an incident involving the leak, loss, or damage to personal information or personal data occurs or signs of such an incident are detected.
Personnel Security Control Measures
- Education, training, and thorough familiarization with the handling of personal information and personal data We conduct regular training for employees related to the handling of personal information and personal data to ensure our employees are thoroughly aware of the importance of personal information and personal data and appropriately manage and handle information assets.
Physical Security Control Measures
- Managing Room Access
We protect areas where personal information and personal data are managed and handled using appropriate access controls in order to maintain security.
- Handling of devices with built-in storage media
We store all removable devices with built-in storage media under lock and key. Measures are in place to detect loss and remotely erase data.
- Deletion, etc. of personal information and personal data
When disposing of documents and equipment containing personal information and personal data, we use means that render data unrestorable such as incineration, dissolution, appropriate shredding, deleting using specialized data deletion software, or physical destruction.
Technical Security Control Measures
- Access Controls
We implement physical and logical access controls and we implement appropriate controls for each scope of work required for the device, person in charge, and organization.
- Preventing Unauthorized Access by External Parties
We have introduced a system to prevent unauthorized access from outside using physical and logical means.
Purpose of Use of Personal Information
We use personal information (including pseudonymized information, and the same applies hereinafter) we retain for the purposes set forth below and we handle personal information within the scope of such purposes, except as permitted in laws and regulations. Notwithstanding that stated below, we may use the personal information we retain to make notifications or reports in accordance with laws, regulations and other norms, or to send questionnaires, notices, or other communications to the extent necessary to execute our business. We may outsource such handling of personal information to third parties.
- Purpose of use of personal information concerning users of our services
– To send notifications related to our services and other information essential to the provision of our services
– To provide after-sales services
– To distribute advertisements and other information related to our products and services or the products and services of other entities
– To introduce and provide other information on services offered by partners/advertisers, etc.
- Purpose of use of personal information concerning business partners and employees of partner companies and organizations.
– To contact, negotiate, meet with, execute contracts, and respond to inquiries and requests
– To notify and report pursuant to laws, regulations, and other norms
– To provide to third parties to the extent necessary to carry out the preceding items
Purpose of use of personal information on persons who consult with us or contact us via our public relations contact point, customer service contact point, or other external contact point, or directly consult with or contact our officers or employees (including part-time and temporary employees), about our internet site.
– To consider, investigate, and respond to consultations or contact
– To manage information and records associated with access
- Purpose of use of personal information concerning persons seeking employment and personal information obtained through a human resources data provision service
– To review applications, make acceptance or rejection decisions, and contact applicants
- Purpose of use of personal information on officers, employees (including past officers and employees) and their family members
– To appropriately assign personnel, conduct other personnel management, pay salaries and otherwise manage labor at the Company
– To manage employee benefits, health and safety
– For education and training purposes
- Purpose of use of personal information handled in the course of performing entrusted services
– To confirm the execution and state of implementation of entrusted services
– To improve the quality of entrusted services
Prohibition of Disclosure and Provision of Personal Information to Third Parties
We do not, as a rule, provide personal information received from customers to third parties, except in the cases stated below. Neither do we provide pseudonymized information to third parties, except when complying with laws and regulations.
- When providing personal information for the following purposes, we provide information after processing it so that the recipient cannot identify a specific individual from such information alone, such as excluding information such as names and addresses, and processing information into attribute information such as gender and age groups.
– Sales proposals and proposals to improve the effectiveness of our services to our business partners and employees of partner companies and organizations
– Reporting of survey results if we conduct surveys
- We may provide customers’ personal information without their consent in the following situations:
– When disclosure is required based on laws and regulations
– When necessary to protect human life, health or property and when it is difficult to obtain consent from the person concerned.
– When particularly necessary to improve public health or to promote the sound development of children and when it is difficult to obtain consent from the person concerned
– When required to cooperate with national or local government organizations or persons entrusted by them to perform work set forth in laws and regulations, and when we determine that the performance of such work is likely to be hindered if consent is obtained from the person concerned
– When the third party is an academic research institution, etc., and the third party needs to handle our customers’ personal information for academic research purposes (including cases in which part of the purpose of handling of such personal information is for academic research purposes, but excluding cases in which there is a risk that customers’ rights and interests will be unfairly infringed)
– When personal information is provided, in whole or in part, in association with the outsourcing of the handling of customers’ personal information to the extent necessary to achieve the purpose of use
– When personal information is provided in association with business succession caused by a merger or other reason
– When personal information is provided to those listed in the scope of shared user
Shared Use of Personal Information
We share the use of personal information with our group companies (consolidated subsidiaries) and M3 group companies (M3, Inc.’s consolidated subsidiaries) as outlined below.
|Items Shared||Purpose of Use by Shared Users||Scope of Shared Users||Person Responsible For Management|
|Business partners’, and employees of partner companies and organizations’ names, company (organization) names, job titles, telephone numbers, e-mail addresses, and other information listed on business cards||To introduce and provide other information on services offered by CUC Group companies, to contact, negotiate, meet with, execute contracts, and respond to inquiries and requests||CUC group companies||CUC, Inc.
15F Tamachi Station Tower N, 3-1-21 Shibaura, Minato-ku, Tokyo 108-0023
Representative Director: Keita Higuchi
|Business partners’, and employees of partner companies and organizations’ names, company (organization) names, job titles, telephone numbers, e-mail addresses, and other information listed on business cards||To introduce and provide other information on services offered by M3 Group companies, to contact, negotiate, meet with, execute contracts, and respond to inquiries and requests||M3 group companies||M3, Inc.
1-11-44 Akasaka, Minato-ku, Tokyo, 107-0052
Representative: Itaru Tanimura
|Information on relationships with the M3 Group, such as the names of members of m3.com, which is operated by M3, Inc., their employers, and their history of participation in businesses implemented by M3 Group companies||To respond appropriately and provide information when implementing businesses at M3 Group companies by visualizing the relationship between m3.com members and M3 Group companies within the Group||M3 group companies||As above|
Handling of Personal Information in Recruitment Activities
We provide personal information in connection with recruitment activities to our group companies (consolidated subsidiaries) and M3 group companies as outlined below.
- Scope of recipients
CUC group companies and M3 group companies (M3, Inc.’s consolidated subsidiaries)
- Purpose of use by recipients
To recruit and select employees and provide information on recruitment
- Items of personal information provided
Names, addresses, telephone numbers, e-mail addresses, and other items to the extent necessary for the above-stated purpose of use
Inquiries by Personal Information Subjects
If a customer wishes to be notified of the purpose of use of his or her personal information, or requests disclosure of its contents, correction/addition/deletion, suspension of use, erasure, suspension of provision to a third party, or disclosure of records of provision to a third party, we respond after verifying the identity of the customer.
Compliance with Laws, Regulations and Norms and Policy Reviews
We comply with the Act on the Protection of Personal Information and other related laws, regulations, guidelines and other social norms, and seek to protect personal information. We will review and seek to make improvements to this Policy from time to time.
15F Tamachi Station Tower N, 3-1-21 Shibaura, Minato-ku, Tokyo 108-0023
Representative Director: Keita Higuchi
Click here to inquire about our handling of personal information
Personal Information Protection Officer: Tomomi Oketani
Cookies are a mechanism that stores usage history, input data, and other information exchanged between browsers and servers, on the user’s computer, when a user visits a web page. When a user returns to the page, the information in the cookie can be used by the page operator to customize the information displayed for each user.
If a user sets their browser to allow cookies to be transmitted, websites can retrieve cookies from the user’s browser. To protect privacy, the user’s browser only sends cookies exchanged by that website’s server. Users can change their settings to disable Cookies, but please be aware that this may result in being unable to use some services.
2. Cookie Settings
Users can set their browser to accept all cookies, block all cookies or to receive notifications each time a cookie is received. The way in which settings can be changed varies between browsers. Please use the help menu in your browser to find out how to change your settings.
Please note that blocking cookies may prevent you from using some internet services such as services that require authentication.
- To enable us to provide a service customized for each user by referencing stored user registration information when a user logs in to the authentication service.
- To display the most appropriate advertisements on other companies’ websites based on users’ interests and use of our website.
- To investigate the number of users and traffic to our site.
- To improve our services.
4. Use of Services Relating to Display Advertising Provided by Google