The Company will specify the purpose of use as explicitly as possible, and shall handle personal information only within the scope of purpose of use, except in cases where the prior consent of the principal (meaning the specific individual identified by such personal information, and the same shall apply hereinafter) is obtained, or where use of personal information falls within an exception to the applicable laws and regulations.
When acquiring any personal information, the Company shall do so by appropriate means. Except in cases where acquisition of personal information falls within an exception to the applicable laws and regulations, the Company shall publicly announce the purpose of use of personal information in advance, or inform the principal about or publicly announce the purpose of use promptly after acquisition of the relevant personal information. However, if the Company acquires personal information directly from the principal in writing, the Company shall expressly indicate the purpose of use in advance.
The Company shall take necessary and appropriate measures to prevent leakage, loss, or damage of personal data handled by the Company, and to otherwise securely manage the same; will make efforts to keep the content thereof accurate and up to date within the scope of the purpose of use; and shall publicly announce the measures that it has taken to securely manage the retained personal data, except in cases where it falls within an exception under applicable laws and regulations. The Company shall also educate employees and appropriately supervise contractors.
The Company shall not provide personal data to a third party without obtaining the prior consent of the principal, except in cases where the relevant personal data falls within an exception under applicable laws and regulations.
The Company shall respond to any request from the principal regarding disclosure, correction, or suspension of use, etc. concerning retained personal data of the Company, in accordance with laws and regulations.
The Company shall respond promptly and appropriately to any complaints from the principal regarding the personal information handled by the Company, and will make efforts to develop its internal systems for responding to such complaints.
In order to implement this Policy, the Company shall establish a personal information management system with a chief privacy officer (CPO), formulate internal rules, manuals, etc., and disseminate the same to employees.
In addition, the Company shall make efforts to continuously improve this Policy, for example, by conducting appropriate internal audits of the personal information handled by the Company.
Central Japan Railway Company
Revised on April 1, 2022