Date of enactment: August 1, 2020
Last updated: August 1, 2020
CloudNine Co., Ltd.
CEO Yukinobu Shimamoto
Our company is in the business of developing and marketing health foods, cosmetics, and other products for the purpose of customer satisfaction. We believe that these businesses of our company are built on trust with our stakeholders (customers, business partners, and employees).
In order to handle all personal information entrusted to us in the course of our business activities in the strictest possible manner, we have established this Privacy Policy as a code of conduct to be observed by our directors, officers, and employees, and we will ensure thorough compliance with it.
In addition, the company handles personal information in compliance with the Japanese Industrial Standard JISQ15001:2017 “Personal information protection management systems — Requirements,” as well as laws, national guidelines, and other standards related to the handling of personal information.
The definitions of terms in this Privacy Policy are in accordance with the Japanese Industrial Standard JISQ15001:2017.
The company implements the following to ensure the appropriate handling of personal information.
(1) Appropriately obtain, use, and provide personal information handled in all of our businesses and personal information of our employees. In addition, the company does not handle personal information beyond the scope necessary to achieve the specified purposes of use (i.e., shall not use personal information for purposes other than those specified), and as a measure to this end, maintains internal regulations that stipulate how personal information shall be handled.
(2) Take measures to prevent leakage, loss, or damage of personal information and to correct (improve) the situation.
(3) Appoint a Personal Information Protection Administrator to ensure compliance with laws, national guidelines, other standards, and internal regulations regarding the handling of personal information.
(4) Provide training on the handling of personal information to all employees, including executives, at least once a year.
(5) Conduct an audit and check the internal regulations and the status of compliance with the regulations at least once a year.
(6) Continuously improve the personal information protection management system for personal information protection.
(7) Respond to complaints, consultations, and inquiries without delay.
Personal information protection complaint/consultation reception desk: Complaint Consultation Desk Manager
Address: 1F, 2-2-9 Otemachi, Naka-ku, Hiroshima City, Hiroshima Prefecture
Tel:082-545-5488 / FAX:082-545-5489 / Email:
The company appropriately manages the personal information of customers, business partners, and employees (including applicants for employment) in accordance with the Privacy Policy and strives to protect personal information, and uses personal information in accordance with the following details.
| Type of Personal Information | Purpose of use | Classification of Retained Personal Data |
|---|---|---|
| Customer | ・For information related to sales of health foods, cosmetics, etc., contract/application processing, billing, provision of products and services, quality control, after-sales service, improvement of products and services, and for purposes of use agreed upon at the time of acquisition (member information) ・To provide information to collection agencies for debt protection Retained personal data |
Retained personal data |
| Business Partners (Staff in Charge) | ・For communication and various procedures associated with business execution and contracts Retained personal data | Retained personal data |
| Job Applicants/Employees | ・For recruitment selection ・For personnel management, work management, salary/bonus management, welfare benefits, health management, safety management, and response to business partners Retained personal data |
Retained personal data |
| Persons who have requested disclosure, etc. | ・To respond to requests for disclosure of personal information, etc. Retained personal data | Retained personal data |
| Website | ・To respond to inquiries and provide information on products and services related to the development and sale of health foods, cosmetics, etc. | Retained personal data |
(1) Regarding requests for disclosure, etc. of retained personal data (disclosure, etc. refers to notification of purpose of use, disclosure, correction, addition or deletion of content, suspension of use, erasure, and suspension of provision to third parties)
For requests for disclosure, etc., please attach the required documents to the designated application form and send it to the address below by post. We would also appreciate it if you could write “Enclosed: Documents for request for disclosure, etc.” on the envelope.
〒730-0051
1F, 2-2-9 Otemachi, Naka-ku, Hiroshima City, Hiroshima Prefecture
Customer Manager, Personal Information Protection Administrator, CloudNine Co., Ltd.
(2) Documents (forms) etc. to be submitted when making a “request for disclosure, etc.”
If you would like to make a request for disclosure, etc., please download the application form below, fill out all the required information, enclose documents for identity verification, and send it to the address below by post.
・Application for Disclosure, Correction, or Suspension of Use of Personal Information(Download)
・Documents for identity verification
a) Fill out the required matters in the Application for Disclosure,Correction, or Suspension of Use of Personal Information and affix your registered seal.
b) A copy of a document that verifies your identity (driver’s license, passport, health insurance card, etc.)
c) Seal registration certificate of the applicant
*If the request is made by a representative, the following documents must be submitted in addition to the above.
・The applicant’s written authorization
(Optional format. However, the signature, registered seal, and address of the applicant as well as the name and address of the representative are mandatory.)
A copy of one of the following
・Copy of family register
・Residence card (with relationships listed)
・Other official documents that can confirm legal power of representation
A copy of one of the following
・Certificate of registered matters regarding guardianship registration, etc.
・Other official documents that can confirm legal power of representation
(3) How we respond to requests for disclosure, etc., its fees, and how we collect them
If you wish to receive a written notice in response to a request for disclosure, etc., please send the above “Application for Notification of Purpose of Use, Disclosure, Correction (Change), or Suspension of Use of Personal Information” to the Personal Information Protection Administrator by post. If the notification or disclosure of the purpose of use is to be made in writing, please enclose 1,000 yen worth of stamps as a fee with the above “Application for Notification of Purpose of Use, Disclosure, Correction (Change), or Suspension of Use of Personal Information,” and send them to the Personal Information Protection Administrator by post.
(4) How we respond in writing to requests for disclosure, etc.
We will respond by post to the address provided on the applicant’s application form.
(5) Purpose of use of personal information obtained in connection with requests for disclosure, etc.
Personal information obtained in response to a request for disclosure, etc. shall be handled only to the extent necessary for the request for disclosure, etc. The submitted documents will be disposed of within six months after the response to the request for disclosure, etc. is completed.
*Regarding reasons for non-disclosure of retained personal data
Information will not be disclosed in the following cases. If we decide not to disclose the information, we will notify you to that effect and explain the reason. In addition, a prescribed fee will be charged even in the case of non-disclosure.
・ When the identity of the person cannot be confirmed, such as when the address written on the application form, the address written on the document for identity verification, and/or the address registered with our company do not match.
・ When the authority of representation cannot be confirmed when applying through a representative
・ When there are any deficiencies in the required application documents.
・ When the information requested for disclosure does not fall under the category of retained personal data
・ When there is a risk of harming the life, body, property, or other rights and interests of the applicant or a third party.
・ When there is a risk of significant hindrance to the appropriate implementation of our business
・ When it would violate other laws and regulations
(6) Measures taken for the safe management of retained personal data
(Formulation of Basic Policies)
・To ensure appropriate handling of personal data, we have established basic policies regarding compliance with relevant laws, guidelines, etc., and inquiries and submitted complaints at the complaints desk, etc.
(Establishment of Rules for the Handling of Personal Data)
・Established rules for handling personal data, including handling methods, managers/staff in charge, and their duties, for each stage of acquisition, use, storage, provision, deletion, disposal, etc.
(Organizational Safety Control Measures)
・In addition to appointing a manager responsible for the handling of personal data, clearly state which employees handle personal data and the scope of personal data handled by such employees, and establish a system for reporting to the manager when an indication or confirmation of violation of the law or handling rules is observed.
・Conduct self-inspections regarding the handling status of personal data, and conduct audits by other departments and external parties.
(Personnel Safety Management Measures)
・Provide regular training to employees on matters to be noted regarding the handling of personal data.
・State all matters related to confidentiality regarding personal data in the work regulations.
(Physical Safety Management Measures)
・Control employee access to areas where personal data is handled, limit the equipment and other items that employees may bring into such areas, and implement measures to prevent unauthorized persons from viewing personal data.
・Take measures to prevent theft or loss of equipment, electronic media, and documents that handle personal data, and implement measures to ensure that personal data is not easily revealed when such equipment, electronic media, etc. are carried, including within the office.
(Technical Safety Management Measures)
・Implement access control to limit the scope of handled personnel and personal information databases, etc.
・Introduce mechanisms to protect information systems that handle personal data from unauthorized external access or unauthorized software
(Identification of the External Environment)
・When providing personal data to a third party in a foreign country, take security control measures after understanding the system for protecting personal information in the country where the personal data is stored.
(1) Opening hours are from 10:00am to 5:30pm on weekdays.
Contact personnel: Customer Manager, Personal Information Protection Administrator
Tel:082-545-5488 FAX:082-545-5489
Email:
(2) The certified personal information protection organizations to which our company belongs are as follows.
・Name of certified personal information protection organization: JIPDEC
Where to submit complaints: Personal Information Protection Complaint Consultation Office
Address: Roppongi First Building, 1-9-9 Roppongi, Minato-ku, Tokyo 106-0032
Tel:0120-700-779, 03-5860-7565
CloudNine Co., Ltd. strictly manages personal information based on the Privacy Mark system.