Personal Information Protection Policy
GeoTechnologies, Inc. (Address: 2-28-8 Honkomagome, Bunkyo-ku, Tokyo, President & CEO: Hiroshige Sugihara; hereinafter referred to as the “Company”) regards the protection of personal information as a critical social responsibility as well as an essential requirement for carrying out corporate activities with the trust of the public.
The Company gives due attention to the appropriate management and use of personal information and implements the following measures:
The Company will use personal information it acquires from individuals for the following purposes:
•(Information on users of the Company’s products and services) To provide the Company’s products and services, send notices, respond to inquiries and provide after-sales service, implement sales promotion plans and campaigns, get statistical information for improving products and services, conduct market research and other surveys and studies, prepare statistical information, and plan, develop, examine, and provide new products and services of the Company and its affiliates and business partners. •(Information on employees, other workers, and partner sole proprietors) To conduct process related to an individual numbers (including information on family members) under the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures, manage attendance, provide welfare benefits, pay salaries, apply for benefits based on laws and regulations, post profiles on external websites, make liaison and coordination with business partners in business activities, and provide technical backgrounds. •(Information on applicants) To conduct recruiting and selection operations for human resources required by the Company. •(Information on employees of collaborating companies) To use outsourcing and dispatch services for business operations. •(Information on employees of business partners) To provide information on the Company’s products and services, conduct sales activities, respond to inquiries, and implement sales promotion plans and campaigns. •(Personal information stipulated in individual terms of service, etc.) To fulfill purposes defined in individual terms of service, etc.The Company may change the purposes of use of personal information to the extent reasonably recognized that it has reasonable relevance, and in the event of such change, the content of the change will be notified to the individuals concerned in writing and by any other means (including electromagnetic records; the same shall apply hereinafter) in principle or announced on the Company’s website, etc.
3.Use of personal informationThe Company will use personal information only within the scope of the purposes of use.
4.Security control measures for personal dataThe Company will take sufficient security measures, including the development of handling rules, etc. and establishment of a system to implement security control measures, in order to prevent the leakage, loss, or damage of personal data (including specific personal information) it handles or otherwise ensure security control of personal data, and take appropriate measures to maintain personal data accurate and up to date within the scope necessary to achieve the purposes of use. If any problem occurs, the Company will take appropriate corrective measures promptly.
The details of the measures taken by the Company for security control of personal data are mainly as follows. For any inquiries regarding our security control measures, please contact us at the contact point provided below.
(1) Development of basic policies | In order to ensure the proper handling of personal data, the Company has established this Policy providing matters concerning compliance with applicable laws and regulations, guidelines, and other standards, security control measures, the contact point for inquiries, etc., and reviews it as necessary. |
---|---|
(2) Development of handling rules for security control of personal data | The Company has established rules with respect to the handling methods, responsible persons and persons in charge, and their duties for each stage of acquisition, use, storage, provision, deletion, and disposal, and reviews them as necessary. |
(3) Organizational security control measures | -Appointment of a person responsible for the management of personal data -Clarification of employees who handle personal data -Clarification of the scope of personal information that the above-mentioned employees handle -Development of means to check the handling status of personal data -Establishment of a reporting and liaison system from employees to the responsible person, etc. in the event of an information leakage or similar incident |
(4) Human security control measures | -Acquisition of consent from employees for matters concerning confidentiality of personal data -Implementation of regular training for employees on important matters in the operation manual for personal information protection |
(5) Physical security control measures | -Installation of an entry/exit management system using IC cards for entry and exit control -Control of areas where personal data is handled -Prevention of theft, etc., of equipment and electronic media -Prevention of leakage when carrying electronic media, etc. -Deletion of personal data and disposal of equipment and electronic media, etc. |
(6) Technical security control measures | -Control of access to personal data -Control of authorization to access personal data -Measures to prevent leakage and damage to personal data -Verification of the effectiveness of the access control function introduced to the information system handling personal data |
(7) Supervision of subcontractors | When subcontracting the handling of personal data, the Company selects a subcontractor that handles personal data properly and enters into a contract that requires the subcontractor to implement the same level of strict controls over personal information as those implemented by the Company in order to ensure the implementation of security control measures by the subcontractor. |
(8) Understanding of external environment | The Company implements security control measures after understanding the systems for protecting personal information in each country where personal data is handled. |
The Company will not provide or disclose personal information to third parties without obtaining prior consent of the individual, except in the following cases. When personal data is provided to a third party or acquired from a third party (including the case where personal-related information is acquired as personal data), the Company will confirm the background related to the provision or acquisition of personal data, and record and store the personal data, including the recipient(s) of such data, as prescribed by laws and regulations.
(i) When it is based on laws and regulations (ii) When it is necessary for protecting a human life, body, or fortune, and when it is difficult to obtain the consent of the individual concerned (iii) When it is specially necessary for enhancing public hygiene or promoting the fostering healthy children, and when it is difficult to obtain the consent of the individual concerned (iv) When it is necessary for cooperating with a central government or a local government, or a person entrusted by them performing the affairs prescribed by laws and regulations, and when there is a possibility that obtaining the consent of the individual concerned would interfere with the performance of the said affairs (v) When the third party is an academic research institution, etc. and such third party needs to use the personal data in academic studies(including cases where part of the purpose of using the personal data is for academic studies, but excluding cases where there is a risk of unjustified infringement on the rights and interests of individuals) 6.Handling of information in foreign countriesWhen subcontracting the handling of personal information or providing personal information to a third party in a foreign country, the Company will take the following security control measures and conclude a contract with such third party which requires it to take measures equivalent to those required under the Act on the Protection of Personal Information for the security control of personal data (hereinafter referred to as the “Equivalent Measures”).
(1) The following items are checked in writing once a year on a regular basis: (i) Status of implementation of the Equivalent Measures by the third party located in a foreign country; and (ii) Existence or otherwise of any system that may affect the implementation of the Equivalent Measures in the foreign country where the third party is located (2) In the event of any hindrance to the implementation of the Equivalent Measures, the Company will request that the situation be remedied. If it becomes difficult to ensure ongoing implementation of the Equivalent Measures, the Company will discontinue the provision of the personal data in question. (3) The contract with the third party located in a foreign country stipulates that personal data must be handled only within the scope of the contract, that necessary and appropriate security control measures must be taken, that necessary and appropriate supervision must be exercised over employees, that prior consent is necessary for subcontracting, and that personal data must not be provided to any third party. 7.Disclosure of personal informationWhen the Company is requested by an individual to disclose his/her personal information, the Company will disclose such information to the individual without delay after confirming that the request is made by the individual concerned and collecting the prescribed charges. However, this does not apply to cases where the Company is not obligated to disclose such information under the Act on the Protection of Personal Information or any other applicable laws and regulations.
8.Correction and discontinuance of the utilization of personal information (1) When the Company is requested by an individual to correct, add, or delete (hereinafter referred to as “Correct” or “Correction”) any personal information that it is contrary to the facts, the Company will conduct an investigation without delay after confirming that the request is made by the individual concerned, Correct the personal information based on the result thereof, and notify the individual to that effect. (2) When the Company is requested by an individual to discontinue the use or delete his/her personal information due to any of the reasons set forth in the following items (hereinafter referred to as “Discontinue the Use” or “Discontinuance of the Use”), the Company will conduct an investigation without delay after confirming that the request is made by the individual concerned, Discontinue the Use of the personal information as necessary based on the result thereof, and notify the individual to that effect. (i) The personal information is being handled beyond the scope of the purposes of use announced in advance. (ii) The personal information was acquired by deceit or other similar means. (3) The provisions of paragraphs 1 and 2 of this Article shall not apply to cases if the Company is not obligated to Correct or Discontinue the Use of personal information under the Act on the Protection of Personal Information or any other applicable laws and regulations. 9.Continuous review and improvementThe Company will comply with laws, regulations, and other rules related to the protection of personal information and will continuously review and improve its personal information protection measures according to changes in the social environment. When the Company makes any changes to this Policy, the Company will notify individuals of the effective date and the content of the revised Policy by placing a notice on its website.
10.Contact for questions and inquiriesFor any questions and inquiries regarding the Personal Information Protection Policy, please contact the following e-mail address.
Contact e-mail address:
*Personal information of children under the age of 16 must be provided with the consent of their parent or guardian.Basic Policy for Specific Personal Information
GeoTechnologies, Inc.
2.Compliance with laws, regulations, and guidelinesThe Company will properly handle specific personal information in compliance with the Act on the Use of Numbers to Identify Specific Individuals in Administrative Procedures (My Number Act), the Act on the Protection of Personal Information, and the Guidelines for the Proper Handling of Specific Personal Information (for Business Operators).
3.Matters concerning security control measuresThe Company defines its security control measures for specific personal information separately in the Specific Personal Information Handling Rules. Specific details are as described in 4. above of the Personal Information Protection Policy.
4.Contact for questions and inquiriesFor any questions and inquiries regarding the Basic Policy for Specific Personal Information, please contact the following e-mail address.
Contact e-mail address:
Road Images and Map Information
The Company conducts driving surveys on roads throughout Japan and captures road images with vehicle-mounted cameras.
The driving images captured may unintentionally contain personal information. The map information acquired by the Company for the purpose of map maintenance may also include personal information.
The Company will use the captured driving images and map information only for the following purposes:
We takes the utmost care to mask technically identifiable people’s faces and license plates in the driving image data. However, if you find any problem, please contact us using the contact information provided in the Personal Information Protection Policy. We will take appropriate action upon confirmation.
Revised on: November 1, 2023