USCI Holdings, Inc. (hereinafter "the Company”) enforces compliance with the following internal regulations (taken from general rules) to properly protect personal information.
Article 1 The purpose of these Regulations is to achieve compliance with laws and regulations concerning the protection of personal information and to set forth matters to be observed by employees of the Company (refers to persons provided for in Article 2 (12) of these Regulations) to make sure that personal information is properly protected when employees of the Company handle personal information.
(Definition of Terms)
Article 2 For the purposes of these Regulations, the following terms shall have the following meanings:
- (1) "Personal information” means information about an individual which can identify the specific individual by name, date of birth or other description contained in such information (including such information as will allow easy reference to other information and will thereby enable the identification of the specific individual).
(2) "Personal information database, etc.” means an assembly of information which includes personal information that is:
- (i) systematically arranged in such a way that specific personal information can be easily retrieved by a computer, etc.; or
- (ii) systematically arranged in such a way that specific information can be easily retrieved by organizing the personal information contained therein according to certain rules.
- (3) "Personal data” means the personal information constituting a personal information database, etc.
(4) "Retained personal data” means personal data which the Company is authorized to disclose, to correct, add or delete the content, to discontinue its utilization, to erase or to discontinue providing, excluding:
- (i) personal data that might endanger a person’s life, physical wellbeing or property if its presence or absence is known;
- (ii) personal data that might foster or incite illegal or inappropriate acts or obstruct a criminal investment if its presence or absence is known; and
- (iii) personal data that might harm national security or other national interests or relations with other countries or international organizations if its presence or absence is known; and
- (iv) personal information that will be erased (excludes updating) within a period of no longer than 6 months.
- (5) "Person" means a specific individual identified by personal information.
- (6) “Business associates” collectively refers to contractors and other partners, enterprises, group companies and individuals with which the Company does business.
- (7) “Acquiring” is when the Company acquires personal information from the person directly or when the Company acquires personal information through indirect means such as the consignment of business by business associates, provision by a third party, or provision by parties that share such information.
- (8) “Using” is all instances when the Company handles personal information internally.
- (9) “Providing” is when the Company transfers or loans a paper document or other recording medium containing personal data to a third party (means a party that is neither the Company nor the Person to which the personal information relates, regardless of person, firm or other entity) or otherwise makes personal data available to a third party in whatever form (including allowing access to personal data over a communication line).
(10) “Providing to a third party” means when the Company provides personal data, except in the following cases:
A When entrusting personal data
“Entrusting” is when the Company entrusts personal data in order to outsource some or all of the handling of personal information within the scope necessary for accomplishing the purposes of use.
The Company assumes responsibility for the management of entrusted personal data, and will impose on outsourcees the same obligation of management as is imposed on the Company.
B When providing to a sharing party
“Sharing” is when the Company shares personal data with specified parties within the scope of the purposes of use after notifying the Person of the following matters in advance or using appropriate methods to put the Person in a situation where he or she can easily find the following matters out:
- (i) that the Company will share personal data with specified parties within the scope of the purposes of use;
- (ii) items of personal data shared;
- (iii) scope of sharing parties;
- (iv) purposes of use of sharing parties; and
- (v) name or title of party responsible for management of personal data at sharing parties
- C When providing personal data in connection with succession to business as a result of a merger or other event
- A When entrusting personal data
- (11) “Sensitive information” means information regarding political views, religions (which means religions and religious thoughts and beliefs), participation in trade union, race and ethnicity, family origin and domicile, health, medical care and sexual preference, and criminal record.
- (12) “Employees of the Company” means persons within the Company who are engaged in the business of the Company under the direct or indirect direction or supervision of the Company and includes not only employees in an employment relationship with the Company (regular employees, contract employees, temporary employees, part-time employees and casual employees) but also persons not in an employment relationship with the Company (directors, executive officers, trustees, auditors, supervisors, dispatched employees, etc.).
(Principles of Handling)
Article 3 Employees of the Company shall handle personal information in accordance with the provision of these Regulations.
(Scope of Application)
Article 4 These Regulations shall apply to all personal information handled by the Company and to all employees of the Company.
(Obligations of Party Responsible for Managing Personal Information)
Article 5 The party responsible for managing personal information at the Company shall be the director in charge of the Administration Department.
2. The party in charge of managing personal information shall comply with the Act on the Protection of Personal Information, government ordinances and guidelines on personal information, other matters set forth in these Regulations and regulations of the Company concerning the handling of personal information, and shall be obliged and authorized to oversee the handling of personal data across the Company and all its operations and to provide guidance and training on the handling of personal data to the employees of the Company and to communicate and enforce these Regulations.
(Obligations of Personal Information Managers)
Article 6 The party responsible for managing personal information shall appoint personal information managers in every section. Appointments shall be made based upon nomination or recommendation by the head of each section.
2. Personal information managers shall oversee the handling of personal data within their own sections across all operations, and shall be obliged to provide guidance and training on the handling of personal data to employees of the Company within their own sections and to communicate and enforce these Regulations.
(Obligations of Employees of the Company)
Article 7 Employees of the Company shall be obliged to fully understand the aims of the matters set forth in these Regulations and to handle personal data in accordance herewith.
2. Employees of the Company shall not make known to any third party or use other than the purposes of use personal information that came to their knowledge in the course of their duties (including after they have left the Company).
(1) Please note that the Company may keep an access log that records information about access to this website to enhance levels of service. The Company does not keep an access log for the purpose of collecting personally-identifying information.