Handling of Customer Confidential Information and Personal Information (Basic Information Security Policies)
Information assets are an important management resource, and it is necessary to use them effectively in business activities, but information assets include the confidential information of corporate customers that must be managed rigorously and personal information that must be protected in accordance with law. The Company believes that ensuring information security through the secure and appropriate management of these information assets is one of the Company’s most important social missions.
It is with this understanding that the Company has prepared regulations for ensuring information security, established structures for reinforcing information security, conducts comprehensive employee education and guidance concerning the secure and appropriate management of information assets, and has taken the following actions to ensure proper handling of information assets.
In light of the importance of procedures concerning the protection of personal information, the Company complies with the Act on the Protection of Personal Information as well as other applicable laws, regulations, and guidelines, handles personal information properly, and takes appropriate measures concerning security and management.
1. Acquisition of personal information
The Company acquires personal information to the extent necessary for its business operations through lawful and fair means only.
2. Use of personal information
The Company engages in the insurance broker business and risk management consulting business. The Company uses personal information received through its transactions with customers for the following purposes and shall provide such information to services providers to the extent necessary to achieve the intended objectives.
- Development, proposal, provision, analysis and management of risk management consulting services, products of insurers with which the Company does business, and ancillary and related services
- Planning, proposal, and implementation of Company events, campaigns, questionnaires, and seminars
- Performance of business operations under consignment
- Performance of contracts and transactions
- Response to inquiries and requests for information
- Business-related communications (including sending greeting cards and congratulation and condolence arrangements)
The Company does not engage in the use of personal information that exceeds the scope of purposes previously notified, announced, or made clear to the individual in question (“Use of Information Beyond the Intended Purposes”). The Company implements measures to prevent the use of information beyond the intended purposes. If the Company changes the intended uses of personal information, it shall announce the content of the changes by written notice to the individuals concerned or by posting on its Web site and other means.
3. Measures for the secure management of personal information
The Company has adopted adequate security countermeasures including the adoption of regulations concerning security management and the creation of implementation structures to prevent leaks and loss of and damage to personal information handled by the Company and to otherwise securely manage personal information. The Company also takes appropriate measures to ensure the accuracy of and timeliness of information necessary for achieving the objective of its use.
4. Provision of personal information to third parties
The Company shall not provide personal information to third parties without the consent of the individual concerned except when permitted by law.
5. Sharing of Personal Information
For the following purposes, the company may share personal information obtained or provided through such as transactions and inquiries, with Marsh McLennan and its group companies doing business in accordance with common corporate policies with us (please refer to https://www.marshmclennan.com/ ), in paper or electric data. The company is responsible for management of the personal information.
- Purposes of the sharing
- For the purposes described in the item(2) and for management of the group www.mmc.com
- Items of the personal information
- Personal information provided to or obtained by the company such as name, address, telephone number, e-mail address, sex, date of birth and any other business information
6. Complaints and consultations concerning the Company’s handling of personal information or personal information management structures
Complaints and consultations concerning the Company’s handling of personal information or personal information management structures can be made by contacting the Company at the address or telephone number indicated below. A response to the complaint or consultation will be made after confirming the individual’s identity.
If you do not wish to receive product and service information through the mail or other means, please contact the Company as indicated below.
Complaint and Consultation Contact Information and Hours of Operation
Compliance Team
Marsh Broker Japan, Inc.
9-7-1, Akasaka, Minato-ku, Tokyo 107-6216
Tel: 03-6775-6478
Hours of operation: 9:00 a.m. – 5:00 p.m., Monday through Friday (closed on holidays)
7. Retained Personal Data pursuant to the Act on the Protection of Personal Information
- Requests for disclosure
- Requests for notice, disclosure, correction, addition to or removal from, suspension of use, deletion, suspension of provision to third parties and record of provision to third parties (collectively referred to as “Disclosure”) shall be processed after confirming the requesting party’s identity. Requests relating to Retained Personal Data in the possession of an insurer or other company will be forwarded to that company. If an investigation of Retained Personal Data in the Company’s possession indicates that the information is not correct, the information shall be corrected based on those results. Requests for notice or disclosure concerning the use of Retained Personal Data require the payment of a fee (1,000 yen (including consumption tax) per request). Please use the contact information above to make inquiries concerning procedures and application forms.
- Measures for Protection of Personal Data
- The Company takes security control measures to prevent leakage, loss, or damage of Personal Data. In addition, we provide necessary and appropriate supervision of employees and vendors who handle personal data.