Date of enactment: 2005.4.1
Date of revision: 2017.11.17
AT TOKYO Corporation
President & Chief Executive Officer
AT TOKYO (the Company), as a data center service provider, acknowledges the importance of information management and has placed strict controls on all information in relation with our business as a corporate asset. The Company has achieved certification of Japan Privacy Mark (Personal Information Management System) and ISMS (Information Security Management System).
The Company also complies with the laws, regulations, the National guidelines and rules in connection with the protection of personal information, and hereby sets forth the following principles for proper use and management of personal information:
1. Compliance with laws and regulations
The Company will properly handle personal information acquired, managed and used in its business activities in compliance with applicable laws and regulations, including, but not limited to, the Personal Information Protection Act, and this policy.
The Company will acquire personal information through legitimate means, directly or indirectly, orally, in writing, or by electromagnetic records, sound recording, and video recording, in any manner whatsoever. With regards to telephone calls, the Company may record telephone conversations for the purpose of ensuring accuracy of information received, and confirmation of such conversations, as well as for process quality improvements of the telephone operators.
3. Purpose of Use
The purpose of use of personal information is as follows:
(1)Personal information acquired during business negotiations:
- For business negotiations and related communications, and implementation of the executed agreements.
- To provide information on products or systems newly developed. To provide information on existing products or services supplied by either the Company, or companies collaborating with the Company, that have not been contracted for.
- To gather the requests from users, and develop or improve services or systems of the Company.
(2)Personal information acquired through providing the Company’s data center services:
- To Confirm personal identification of individuals intending to use the Company’s data centers.
- For provision of data center services or subcontracting, and implementation of the executed agreements.
- To gather the requests form users, and develop or improve services or systems of the Company.
- For maintenance of the security of the Company’s facilities.
(3)Personal information of retirees, employees, job applicants, etc.:
- For performing tasks carried out in accordance with related labour laws and regulations, human resource administration, and the welfare programs.
- For work related administrative and/or emergency contacts.
- For providing information on recruitment activities, company briefings, event information, etc, as well as for sending materials and recruitment tasks such as identification confirmation, etc.
(4)Personal information acquired through inquiries, questionnaires, requests, etc. :
- For improvement of business operations and/or website of the Company.
- For delivery of requested materials.
- For delivery of documented information, etc. relating to contract.
- For delivery of other required communications and/or greetings cards.
- For process or record requests from users.
If the Company intends to use the personal information for any other purposes not listed here, the Company will, as expediently as is practicable, inform the relevant individual directly of the purpose, or disclose the purpose to the public.
4. Security Measures
The Company uses reasonable and appropriate measures to ensure the management and safe usage of, and to prevent unauthorized access, loss, destruction, alteration, and leakage of personal information. Within the Company, each department has an assigned Information Officer to ensure the effective management of personal information, to ensure that each department is compliant with company rules relating to personal information, and to ensure that every employee is aware of such rules via regular training programs.
5. Third Party Disclosure
The Company will not disclose or provide any personal information to third parties except in the following cases:
- When the Company has your consent to do so.
- If there is a request for disclosure based on laws or regulations.
- When necessary to protect the life, body or property of a person and attempts to obtain permission have either failed or are not practicable.
- When necessary to improve public health conditions and obtaining permission from the individual themselves is not practicable.
- When required to cooperate with national agencies or local governments to carry out their affairs as required by law, and where obtaining permission may be deemed to be hindering the execution of those affairs.
6.Management of Third-Party Service Providers
The Company may, from time to time, need to outsource services provided to business partners on a full or partial basis, as required by operational needs and the type of services contracted with the business partner. In these cases, the following shall apply:
- That the conclusion of appropriate contracts with service providers that oblige them to be compliant with the laws and regulations relating to the protection of personal information, and to ensure that they have made provisions to ensure adequate supervision to oversee the duty of protection, has been carried out.
- That the Company shall disclose personal information only to the extent necessary, and shall not disclose any personal information that is not required to provide those services.
7.Requests about Private Information
The Company shall endeavor to maintain accurate and up to date records of private information to the extent necessary to achieve the Purpose of Use. If an individual would like to view, correct, delete, etc. (hereinafter referred to as Disclosure Request), their own personal information or have questions relating to personal information, you are politely requested to follow procedures available on request from the contact information listed below (there may be an administration fee applicable in some cases). After contacting the enquiry contact indicated below, please send or present documents or other materials that can be used to prove your identity to us (the Company may need to copy the documents or other materials that prove your identity).
However, please understand that the Company cannot act on such requests in the following circumstances:
- When no reason is provided for the Disclosure Request.
- If disclosure could result in a risk to the life or limbs, assets, or other rights and interests of the individual or any third party.
- If disclosure or correction data would in any way impede the proper implementation of the business of the Company.
- In cases where the request for suspension is beyond the proper scope (where the request is made for either that the reason the personal information is handled for a purpose not disclosed in advance, or where such personal information was acquired by any unlawful means).
- In cases where it is difficult or would cost significant expense in order to suspend usage, and where alternative measures can be implemented to rights and interests of the individual.
- If it is a violation of relevant laws or regulations.
- If you are unable to provide a recognized proof of identification.
8.Voluntary Provision of Data
The Company will not force provision of any personal information, however the Company asks for your understanding that when it is not supplied or withheld, the Company may not be able to provide some or all services, conduct employment screening, or respond to requests for information.
9.Use of Identifiable and Unidentifiable Information
Whereas the Company shall not collect identifiable personal information (name, address, telephone number, e-mail address, etc.) from disclosed information without prior permission, there may be cases where unidentifiable or incomplete personal information will be collected without permission, including, but not limited to website cookies, and online surveys. The purpose of collecting this information includes research into improving our website or other operational matters, and the information is collected on the condition that it shall never be combined with personally identifiable information, and shall remain anonymous.
The Company will construct and maintain its personal information management system, and continue its execution, while ensuring that if any new needs regarding the management of personal information protection are discovered, they will be addressed in a timely manner.
12.Contact for Enquiries Relating to Privacy, or to Speak to the Data Privacy Officer
5-6-36 Toyosu, Koto-ku, Tokyo
AT TOKYO Corporation General Affairs Division
Telephone: 03-6372-3000 (hours of reception: 9:00 to 17:30 on weekdays)
Data Privacy Officer: Director of Corporate Planning Division