Article 1 The purpose of this rule is set forth in basic matters, in relation to personal information which Clap’s Co. Ltd. (hereinafter referred to as the “Company “) holds, under act on the Protection of Personal Information (hereinafter referred to as the” Personal information protection law") or other related laws and regulation, in order to deal with this appropriately and protect individual rights and profits.
Article 2 The meaning of terms in the following items in this rule depends on each of such following items.
Article 3 Company shall deal with personal information properly in considering that personal Information is dealt with under the principles of the personal character respect carefully.
(Scope of application)
Article 4 This rule shall set forth for the dealing of all personal information, personal data and holding personal data (hereinafter referred to as the "Personal Information") which are handled in the Company regardless of whether it is recorded in writing or whether it is deal by personal computer, and this rule shall be applicable to all officers and employees (including permanent-term worker, short-term worker, part-time worker, contract worker as the same as follows.) engaging in our business.
(Specification of purpose of use)
Article 5 Company identifies the purposes of use (hereinafter referred to as the “purpose of use") as much as possible on dealing with personal information.
2 where the purpose of use is modified, Company shall not modify without the scope which is reasonably related in the prior purpose of use.
(Limitation to purpose of use)
Article 6 Company shall not handle personal information about a person, without obtaining the prior consent of the person, beyond the scope necessary for the achievement of the purpose of use specified pursuant to the provision of the foregoing article.
2 When Company handling personal information has acquired personal information as a result of taking over the business of another business operator handling personal information, Company shall not handle the personal information concerned, without obtaining the prior consent of the persons, beyond the scope necessary for the achievement of the Purpose of Use of the personal information concerned before the succession.
Article 7 Company shall not acquire personal information by a deception or other wrongful means.
(Notice of purpose of use about collection)
Article 8 Where Company collects Personal Information, Company will notify or disclose the purpose of use to the person promptly except case in which Company will disclose the purpose of use in advance or cases in which it is considered that the purpose of use is clear in consideration of the circumstances of the acquisition.
2 Notwithstanding the provision of the foregoing paragraph, when Company acquires such personal information on a person as is written in a contract or other document (including a record made by an electronic method, a magnetic method, or any other method not recognizable to human senses. hereinafter the same shall apply in this paragraph.) as a result of concluding a contract with the person or acquires such personal information on a person as is written in a document directly from the person, Company shall expressly show the purpose of use in advance, and then acquire the person’s consent.
3 When Company has changed the purpose of use, Company shall notify a person of the changed purpose of use or publicly announce it.
(Restriction of Provision to A Third Party)
Article 9 Company shall not, except in the following cases, provide personal data to a third party without obtaining the prior consent of the Person:
(1) Cases in the method of the Section 2 of the Article 23 (Opt-out) in the Personal information protection law or the Section 3 of the same Article (Joint use)
(2) Cases to provide or disclose Personal information under any laws and regulations.
(Maintenance of the Accuracy of Data)
Article 10 Company shall endeavor to maintain personal data accurate and up to date within the scope necessary for the achievement of the purpose of use.
(Security Control Measures)
Article 11 Company shall take necessary and proper measures for the prevention of leakage, loss, or damage, and for other security control of the personal data.
(Maintain of policy about document management)
Article 12 Company shall separately establish policy about necessary matters in the light of the point of the foregoing 2 articles about registration, store, and dispose of document, and shall take necessary measure under the policy.
（Direction Supervision of employee）
Article 13 Company sets forth provisions with respect to necessary matters to practice each such matter in each provisions of Section 1 and Section 2 in this Chapter concretely separately, and shall secure all employees observe and comply with this.
2 When Company has an employee handle personal data, it shall exercise appropriate supervision over the employee.
(Supervision of trustees)
Article 14 When Company entrusts any third party with the handling of personal data in whole or in part, in the light of circumstances to protect Personal Information of such party, shall consider appropriateness for the entrust, it provides Personal Information after the entrance with such party about non-disclose agreement, and shall exercise necessary and appropriate supervision over the trustee to ensure the security control of the entrusted personal data.
2 In the judgment of the adequacy of the foregoing paragraph, Company shall make the judgement based on the level of our employee provisions.
(Response to request disclosure from a person)
Article 15 Where Company is requested by a person to disclose such retained personal data under the Article from 25 to 27 in the Personal information protection law, Company fully understand this request based on the such persons’ right about Personal Information, and shall response this within reasonable extent during reasonable period.
(Maintain of policy)
Article 16 Company shall establish provisions with respect to necessary matters to perform such obligations in the provisions of the foregoing article appropriately separately, and shall take a necessary measure.
(Processing of Complaints by Company)
Article 17 Company shall endeavor to appropriately and promptly process complaints about the handling of personal information.
2 Company shall endeavor to establish complaint processing counter and other necessary system for achieving the purpose set forth in the foregoing paragraph.
(Personal information protection administrator)
Article 18 Company shall set Personal information protection administrator.
2 Personal information protection administrator shall have a duty which is to maintain Company policy, promote security measure and education, and training, and inform everyone about protection of Personal Information.
3 Personal Information protection administrator shall comply with terms and conditions in this rule, and make all officers and employees understand to collect, use, provide, and entrust Personal Information.
Article 19 Personal information protection administrator shall make all officers and employees who involved with Company’s business understand importance of protection of personal right about Personal Information, and appoint educator in order to practice protection of Personal Information completely, and endeavor to educates and trains continuously and regularly
Article 20 Personal information protection administrator shall appoint audit officer in order the officer to audit status the management of Personal Information in Company, and audit annually.
2 In respect of the appoint of audit officer, the independence with the audited department shall be considered.
3 Audit officer will make an audit plan and exercise it.
4 Audit officer will make an audit report for the result of audit, and report it to Personal Information protection officer.
5 Where Personal information protection administrator considers there are any improvement points about the management of Personal Information under the foregoing report, and Personal information protection administrator will make a necessary instruction to relevant officer or employee for the improvement.
6 A person who are instructed in the foregoing provision, the person promptly take a necessary measure for the improvement and report the content to Personal information protection administrator.
Established in September 1, 2017