1. Basic Policy
JIG-SAW INC. (hereinafter, the “Company”) will comply with personal information protection laws and guidelines of each country and region including the Act on the Protection of Personal Information (hereinafter, the “APPI”) and the European General Data Protection Regulation (hereinafter “GDPR” collectively “Data Privacy Laws”), the Company Code of Conduct and other internal rules. The Company will strictly manage personal information (as defined by applicable Data Privacy Laws hereinafter “Personal Information”) of customers, business partners, shareholders, officers, employees and other third parties (hereinafter “Data Subjects”) and will not make unauthorized use or disclosure of such Personal Information not only while they are employed, but also after their retirement.
Moreover, the Company will clarify the purpose of use before obtaining Personal Information of Data Subjects and obtain such information by lawful and fair means.
When the Company requires the collection, use, and provision of personal information in the development of business activities, the Company shall comply with the Company’s information security management systems satisfying JIS “Information Security Management Systems — Requirements” (JIS Q 27001：2014) and shall do so under strict control.
2. Method of Collection
The Company may collect Personal Information from the Data Subjects themselves, through publicly available information and through social media and from third parties.
3. Purpose of Use
The Company will use obtained Personal Information for the following purposes:
- （1） to provide JIG-SAW Group’s services;
Personal information regarding client companies or related companies such as outsources and contractors shall be used in the guidance of the Company’s products and services, in the responses to various inquiries and after-sales service, including requests for advice on products and services, in conducting customer satisfaction surveys and other survey, in R&D and improvement of products and services etc. and in communication for the execution of business services.
- （2） to perform the outsourced business services;
In the course of the Company’s business services outsourced by client companies such as Web system/application development, server monitoring/management, Web design services, providing “neqto: ” service, business alliance and joint development, personal information handled based on client companies’ instructions shall be used only for performing the outsourced business services.
- （3） to verify client identification;
- （4） to settle payment and billing of fees of JIG-SAW Group’s services;
- （5） to conduct, cosponsor or participate in prize competitions, seminar, workshop, event campaigns, etc.;
- （6） to send newsletters, notices and other communication via email;
- （7） to provide advertisement for JIG-SAW Group’s services;
- （8） to manage workforce;
Personal Information regarding the Company’s employees and their family shall be used for the business communication and the workforce management, including assignment, payment of salaries, etc., working hours management and health care administration.
- （9） to use for overall activities in relation to applicants for employment;
Personal information regarding applicants for employment by the Company shall be used for overall business activities such as communication regarding employment opportunities and consideration and determination of adoption. For the avoidance of doubt, personal information of adopted persons shall be continuously used as employee information for the purposes of utilization described in the item (8).
- （10）to use for overall activities in relation to retired employees;
Personal information regarding retired employees of the Company shall be used for providing information for and have communication, etc. with retired employees of the Company.
- （11）to take measures toward contracts, communication with government office based on laws; and
- （12）for any other purpose as separately stipulated at the time such Personal Information is collected.
4. Lawful basis for Processing (GDPR)
The lawful basis for processing is as follows;
- (1) the Data Subject has given consent (including consent given under the Company’s term of services) to the processing of his or her personal data for one or more specific purposes;
- (2) processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- (3) processing is necessary for compliance with a legal obligation to which the Company is subject;
- (4) processing is necessary in order to protect the vital interests of the Data Subject or of another natural person;
- (5) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company;
- (6) processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party. Such legitimate interests include management of Personal Information within the Company, and marketing of products and services.
5. Provision to Third Parties
The Company will not provide Personal Information to any third party without the consent of the Data Subject. The Company may provide Personal Information for the following cases with regard to Personal Information of Data Subjects residing in Japan, and may provide Personal Information of Data Subjects residing in the European Union or European Economic Area (hereinafter collectively referred to as “EU”) pursuant to the lawful basis set forth in the preceding section 4.
- (1) Cases of joint use in accordance with the procedures stipulated in the APPI;
- (2) Cases of entrusting the handling of Personal Information;
- (3) Cases of disclosing Personal Information to financial institutions, credit card companies, and other payment agents for payment of usage fees;
- (4) Cases based on laws and regulations;
- (5) Cases in which there is a need to protect a human life, body or assets, and when it is difficult to obtain the consent of the Data Subject;
- (6) Cases in which there is a special need to enhance public hygiene or promote the upbringing of healthy children, and when it is difficult to obtain the consent of the Data Subject; or
- (7) Cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining the consent of the Data Subject would interfere with the performance of the said affairs.
6. Joint Use
The Company may use provided Personal Information of Data Subjects residing in Japan jointly with group companies of the Company within the extent necessary to achieve the purposes described in the section 3 above. The categories of jointly used Personal Information, the scope of the use and the person responsible for controlling such information are as follows:
- (1) Categories of jointly used Personal Information
Names, company names, affiliation, telephone numbers, email addresses and other contact details and other matters necessary to achieve the purpose of use described above
- (2) Scope of a jointly using person (JIG-SAW Group)
The Company, Mobicomm Inc., JIG-SAW US, INC. (US) and JIG-SAW CA, INC. (Canada)
- (3) Person responsible for controlling information
7. Provision to Persons Overseas
If the Company provides Personal Information for third parties or overseas group companies across national borders including group companies in the United States, it will confirm laws, regulations and rules regarding cross-border transfer of Personal Information and implement such transfer in compliance with those laws, etc.
A member of the Company in the EU shall provide Personal Information to Japan shall be done pursuant to the adequacy recognition.
8. Security Control Actions
In order to handle Personal Information properly, the Company will strive to strengthen and improve internal systems by appointing the Personal Information Protection Manager, complying with laws, regulations and guidelines, developing, operating and formulating internal regulations, developing audit systems, providing training to officers and employees, overseeing the handling of personal data and taking other measures.
In addition, upon entrusting the handling of Personal Information, the Company will select as an entrusted party a person that handles Personal Information properly, stipulate matters necessary to enable the entrusted party to control Personal Information properly and strive to protect Personal Information.
9. Various Procedures for Disclosure, Revision, Cessation of Use, Etc. of Personal Information
The Company will promptly respond to inquiries regarding disclosure, revision, cessation of use, deletion and other handling of Personal Information pursuant to the provisions of laws and regulations.
The Company may ask inquirers about their contact details and other detailed information to confirm that they are the Data Subjects of the relevant Personal Information.
- a) Contact information for requests for disclosure, etc.
Same as the above contact information for the consultation service for protection of personal information.
- b) Forms of documents to be submitted by request for disclosure, etc. and other methods of request for disclosure, etc.
It shall be accepted by receiving by post documents containing a requester’s address, name, and method of contact and documents verifying the identity of the principal or the agent.
- c) Method to verify that a requester for disclosure, etc. is the principal or the agent
It shall be verified by a method to request provision of registration details. A power of attorney shall be required if the requester is an agent.
- d) Method to charge fees (limited to cases where fees are specified) in cases where the purpose of utilization of personal information for disclosure is notified or where personal information for disclosure is disclosed. It shall be free of charge for the time being.
<Contact information for complaints concerning the handling of personal information for disclosure>
- Office to Protect Personal Information of JIG-SAW INC.
- Address: 18th Floor, Otemachi Financial City Grancube, 1-9-2 Otemachi, Chiyoda-ku, Tokyo, Japan 100-0004
10. Rights under the GDPR
Data Subjects in the EU hold the following rights under the GDPR
- (1) The right to access – You have the right to request the Company for copies of your personal data.
- (2) The right to rectification – The Data Subject has the right to request that Company correct any information you believe is inaccurate. The Data Subject has the right to request Company to complete the information you believe is incomplete.
- (3) The right to erasure – The Data Subject has the right to request that Company erase your personal data, under certain conditions.
- (4) The right to restrict processing – The Data Subject has the right to request that Company restrict the processing of your personal data, under certain conditions.
- (5) The right to data portability – The Data Subject has the right to request that Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- (6) The right to object to processing – The Data Subject has the right to object to Company’s processing of your personal data, under certain conditions.
- (7) The right to not be subject to profiling and automated decision making- The Data Subject has the right not be subject to automated decision making such as profiling.
11. The right to file a complaint with the authorities
Data Subjects in the EU have the right to file a complaint with the data authorities in their respective jurisdictions.
JAPAN: Personal Information Protection Commission https://www.ppc.go.jp/
- (1) To improve its website, emails, advertisement, marketing and other services;
- (2) To investigate usage of its website, emails; and
- (3) To customize its website, emails and other services for each of the users.
13. Retention Period of Personal Information
The retention period of Personal Information shall be as permitted under the applicable laws and regulations. Personal Information shall be promptly erased after the retention period, unless necessary for contractual or other purpose of processing.
<On Google Analytics>
Some pages of the Company’s website use Google Analytics, a service provided by Google Inc. in order to understand the status of visits by users to this site.
When Google Analytics is used on our company’s site, Google Inc. collects, records, and analyzes a user’s history of visits to this site by using cookies issued by our company.
Our company receives results of the analysis from Google Inc. to understand the status of visits by users to this site.
User information collected, recorded, and analyzed by Google Analytics does not include any information that can identify a specific individual.
Google Analytics Terms of Service:
Google Analytics Opt-out Browser Add-on: