Privacy Policy
Basic Policy on Personal Information Protection of SUNNY SIDE UP GROUP Inc.
SUNNY SIDE UP GROUP Inc. (hereinafter referred to as “the Company”) recognizes that it is our social responsibility to appropriately protect and manage personal information. We have established the following basic policy regarding the handling of personal information and will further strive to protect personal information. In addition, we have formulated a “Risk Compliance Program” that clarifies our basic stance on personal information protection and its handling standards, and all officers and employees will comply with this program to meet the trust placed in the Company.
- The Company formulates and complies with a compliance program based on the Japanese Industrial Standard “Requirements for Compliance Program Concerning Protection of Personal Information” (JIS Q15001), and protects personal information under strict management.
- Personal information will be appropriately collected, used, and provided only to the extent necessary for our business activities.
- Collected personal information will be used only within the scope of the consent obtained from the individual.
- Collected personal information will be strictly managed and safely stored under strict control, and necessary corrective measures will be taken to prevent and correct unauthorized access, loss, destruction, alteration, and leakage.
- We will also comply with laws and other regulations regarding personal information protection.
- Our compliance program regarding personal information protection will be continuously reviewed and improved.
Handling of Personal Information in Services Operated by SUNNY SIDE UP GROUP Inc.
The handling of personal information collected in the services we operate is defined as follows.
1.Definition of Personal Information
In the Company, “personal information” refers to information about a living individual as defined in the Personal Information Protection Act, which can identify a specific individual by name, address, telephone number, email address, and other descriptions included in the information (including those that can be easily collated with other information and thereby identify a specific individual).
2.Collection of Personal Information
⑴ The Company shall acquire personal information by legal and fair means, and shall not acquire it illegally against the customer’s will.
⑵ When the Company collects personal information, it shall notify or announce the purpose of use in advance.
3.Use of Personal Information
⑴ Purpose of Use
The Company will use the acquired personal information within the scope necessary to achieve the following purposes.
① To exercise rights and fulfill obligations based on contracts and laws related to our business
② To appropriately and smoothly carry out our business
③ To appropriately and smoothly carry out the entrusted business in cases where the processing of all or part of personal information is entrusted by other businesses, etc.
④ For smooth business execution with customers, such as business communication, sending greetings, and direct mail
⑤ For guidance and communication related to the implementation of events, seminars, questionnaires, and other business activities
⑥ To provide information on, propose, develop, and improve our products and services
⑦ To ensure our security, such as the use of information systems and entry/exit management to facilities
⑧ For the management and operation of SUNNY SIDE UP GROUP
⑨ To exercise the rights and fulfill the obligations of shareholders, provide necessary information to shareholders, manage shareholders, and perform other stock-related operations
⑩ To conduct recruitment selection
⑪ To manage the employment of employees
⑫ To respond to inquiries and opinions from customers (including investigations, etc.)
⑬ In addition to the above, to achieve the purpose of use when the purpose of use is specified individually
⑵ Disclosure and Provision of Personal Information to Third Parties
Personal information provided by customers will not be disclosed or provided to third parties, except in the following cases.
① When customer consent is obtained
② When it is necessary to protect human life, body, or property, and it is difficult to obtain customer consent
③ When it is necessary to present information to financial institutions for credit card payments, etc., in payment for products and services
④ When disclosure of personal information is required by legal order, etc.
⑤ When personal information is provided due to business succession due to merger or other reasons
⑥ Other cases permitted by laws and regulations including the Personal Information Protection Act
⑶ Entrustment of Personal Information
The Company may entrust personal information to other businesses within the scope necessary to achieve the purpose of use. In that case, we will select a contractor with a well-established personal information protection system and conclude a contract regarding personal information protection.
⑷ Joint Use of Personal Information
Personal information acquired from customers by each company in our group may be jointly used within our group (excluding group companies located outside Japan) for the same purpose of use as in “3. Use of Personal Information ⑴ Purpose of Use”.
Items of personal information to be jointly used: Address, name, telephone number, email address, affiliation information, title, account information
Person responsible for joint use: SUNNY SIDE UP GROUP Inc. Corporate Headquarters
⑸ Safety Management Measures
Based on the Personal Information Protection Act, related guidelines, etc., the Company takes the following safety management measures for personal information.
(Formulation of Basic Policy)
We have formulated a basic policy regarding compliance with related laws and guidelines, and contact points for questions and complaints, in order to ensure the proper handling of personal information.
(Development of Regulations Regarding the Handling of Personal Information)
The Company has established regulations regarding information security, including the acquisition of ISMS certification, in order to appropriately secure information assets and information security.
(Organizational Safety Management Measures)
The Company has established an information security organization system with top management as the highest responsible person for the organization. The “ISMS Management Representative” appointed by top management strives to ensure information security as the de facto highest responsible person for ISMS activities. In addition, the “Department Manager” appointed by the “ISMS Management Representative” is responsible for managing all employees in the department to ensure that ISMS is implemented reliably, managing the appropriate security of information within the department, handling information assets, and providing appropriate advice and guidance to employees, etc.
In the event of an information security incident, a system is in place to report it to the “Department Manager” promptly.
(Physical Safety Management Measures)
Areas where security should be maintained for handling personal information in offices, work rooms, and facilities are managed so that only authorized employees, etc., can enter and exit. In addition, measures are taken to prevent theft of equipment, electronic media, documents, etc., that handle personal information.
(Technical Safety Management Measures)
Access to information including personal information is controlled by setting access controls for each file to prevent unnecessary access.
(Personnel Safety Management Measures)
The “ISMS Education Manager” appointed by the “ISMS Management Representative” conducts training on information security including the handling of personal information. In addition, matters regarding confidentiality are described in the “Work Regulations” and the “Pledge” that is required to be submitted upon joining and leaving the company.
(Understanding the External Environment)
The Company stores personal information using cloud services, and when handling personal information in foreign countries, we may provide separate guidance within the relevant service.
The services for which the country name of the data center cannot be specified are as follows.
| Services used by our company | Google Workspace (Google Drive, Gmail, etc.) |
|---|---|
| Reason why the name of the foreign country cannot be specified | For disaster countermeasures, it is not disclosed or data is distributed around the world |
| Information on the system regarding the protection of personal information in foreign countries | Since the name of the foreign country cannot be specified, the system regarding the protection of personal information cannot be specified |
| Information on measures taken by the third party to protect personal information | Google is certified with ISO/IEC27001, ISO/IEC 27017, and ISO/IEC 27018 |
⑹ Disclosure and Correction of Personal Information
If a customer wishes to disclose, correct, etc., their personal information, we will respond promptly within the scope stipulated by the Personal Information Protection Act. If you wish to do so, please contact our inquiry desk below.
⑺ Other Matters
If you do not wish to provide personal information to the Company, you can choose not to provide personal information at your own discretion. However, if personal information is essential for the provision of services, the provision of the service may not be possible.
The Company may revise this policy and internal regulations for better protection of personal information or in accordance with changes in laws and regulations.
Enactment date: January 24, 2005
Revision date: March 1, 2023
SUNNY SIDE UP GROUP Inc.
President and Representative Director: Etsuko Tsugihara
Contact for inquiries regarding personal information
SUNNY SIDE UP GROUP Inc. Corporate Headquarters
Telephone number: 03-6894-3233
Basic Information Security Policy
Basic Stance
Information assets are the most important assets for our company. In order to reliably protect the information assets managed by our company from the threats surrounding them, it is necessary to establish sufficient and well-balanced information security management measures. Information assets can further increase their value through preservation and commonization, and are indispensable for the continuation, maintenance, and development of business. By proactively building, introducing, operating, monitoring, reviewing, maintaining, and improving information security management measures, the sense of solidarity within the company organization will be strengthened, and by complying with laws and regulations surrounding companies, including the Personal Information Protection Act, we will be able to receive strong trust externally. The purpose of continuing to manage information security is to further enhance the overall competitiveness of our company externally.
- By implementing information security measures, we will further enhance customers’ peace of mind and trust in our company.
- We will also strive to raise awareness and understanding of our basic policies and stances among our partner companies, and work together to improve information security.
- We will conduct educational activities by providing education, training, and briefings to all employees and our partner companies to improve information security.
Code of Conduct
(1) In daily operations, for information assets entrusted to us by customers, each employee clearly evaluates and understands the importance of the information asset value of information assets that are currently being presented or are in the process of production (unpublished information assets), and the high risk value of situations such as loss or leakage of such information assets causing damage to the company and business operations, and implements clearly identifiable information security safety management measures for such unpublished information assets. At the same time, our partner companies will also implement our information security safety management measures and work together on operations.
(2) If any improvements are required in daily operations, we will create and implement business management regulations that describe the countermeasures and rules.
(3) Furthermore, we will conduct regular and ad hoc education and awareness activities to ensure that employees and partner companies comply with information security and related laws, regulations, and contractual matters surrounding the advertising industry.
November 1, 2007
SUNNY SIDE UP GROUP Inc.
President and Representative Director: Etsuko Tsugihara