Privacy Policy

We at Space BD, Inc. (“the company”) recognize the importance of proper safeguarding of personal information. In our determination to make sure we use personal information in an appropriate manner, we have established this Privacy Policy to govern our organization’s efforts to ensure correct handling of personal information.

Definitions

For the purposes of this policy, “personal information” shall refer to personal information as defined in the Act on the Protection of Personal Information.
“Personal data” shall refer to personal data as defined in the Act on the Protection of Personal Information.

Compliance with Laws, Guidelines, etc.

The company shall comply with the Act on the Protection of Personal Information, as well as other laws and guidelines relating to the handling of personal information.

Purpose

The company obtains and uses personal information only where it is needed to carry out the company’s business. The company’s purposes for using personal information are as follows.

1. To provide products, services, etc.
2. To provide information, make suggestions, and similar regarding products and services.
3. To develop, improve, plan, and research products and services.
4. To respond to inquiries, etc., regarding products and services.
5. To receive job applications, to send notices of application results, and other tasks relating to the hiring process, and to perform post-hiring personnel management tasks.
6. Other tasks incidental to the purposes stated above.

Supplying Personal Information to Third Parties

The company shall implement safeguards necessary and appropriate for the prevention of unauthorized access to personal data, and the prevention of loss, destruction, falsification, or leaking of personal data, and Specific Personal Information.

1. Establishing a Personal Information Protection Policy
   • The company has established a Basic Policy on Information Security and a Basic Policy on Inquiry Response to ensure proper handling of personal information.
2. Rules for Handling Personal Information
   • The company has established Personal Data Handling Regulations that set forth the tasks of those who work with personal data and those who are responsible for personal data at all stages of its handling, including obtaining, use, storage, supply, and deletion or discarding.
3. Organization-wide Security Control Measures
   • In addition to establishing the position of Personal Information Officer, the company has clearly defined which employees can handle personal data and the scope of personal data they can handle, and have established a framework for reporting and contact with the appropriate manager when a breach (or precursor of a breach) of laws or in-house regulations arises.
   • The company conducts regular inspections of personal data handling through self-inspection, and undergoes audits by other departments and outside auditors.
4. Personal Security Control Measures
   • The company holds periodic training for employees on important topics regarding the handling of personal data.
   • The company’s employment regulations include obligations regarding the confidentiality of personal data.
5. Physical Security Control Measures
   • In addition to regulating employee access spaces where personal data is handled and restricting the range of devices that can be brought into such spaces, the company has measures in place to prevent unauthorized people from viewing personal data.
   • The company has measures in place to prevent the theft or loss of equipment, electronic media, and documents used to handle personal data, as well as measures to prevent the easy discovery of personal data when such equipment and media, etc. are carried from place to place, including movement within business sites.
6. Technical Security Control Measures
   • The company has access controls in place to limit those who handle personal information and restrict the scope of access to personal information databases.
   • The company has a framework in place to protect information systems that handle personal data from unauthorized external access and unauthorized software.
7. Ensuring a Secure Environment Overseas
   • If personal data is to be handled overseas, the company implements security control measures having first ascertained the pertinent country’s laws governing privacy and personal information. For measures relating to specific countries, please contact us.

Supplying Personal Information to Third Parties

The company shall not disclose or provide personal data to any third party, except in the following circumstances.

1. The company has the consent of the person to whom the data pertains
2. The company outsources to third parties all or some of its handling of personal data within the extent necessary to achieve the purposes for which the personal information was obtained
3. The company uses personal data jointly with affiliated companies within the extent necessary to achieve the purposes for which the personal information was obtained
4. There is a need to disclose or supply the personal data in order to protect life, physical wellbeing, or property, and it is impossible to obtain the principal’s approval
5. There is a particular need to disclose or supply the information in order to uphold public health or promote the healthy development of children, and it is impossible to obtain the user’s approval
6. When the company is required to cooperate with procedures carried out by a national or local public body, or by a subcontractor thereof, and obtaining principals’ approval to disclose or supply their personal data would hinder the performance of such procedures
7. Other circumstances stipulated by law
   • When providing personal data to contractors, the company shall do so under adequate supervision of data management.

Accuracy of Personal Data

The company shall keep personal data accurate and up to date within the extent necessary to achieve the purposes for which the personal information was obtained.

Requests for Disclosure, etc.

When the company receives a request from an individual for notification of the purpose of use of personal data, disclosure of personal data, or disclosure of record of provision to a third party in accordance with the provisions of the Act on the Protection of Personal Information, the company shall make such notification or disclosure to the individual without delay having first confirmed that the request was made by the individual to whom the data pertains (if the personal data for which disclosure is requested does not exist, or if the records of provision to a third party do not exist, the company shall notify the requestor to that effect). However, the foregoing shall not necessarily apply in cases where the company bears no obligation of notice or disclosure under the Act on the Protection of Personal Information or other laws.
Please note that the company will charge a fee of 1,100 Japanese yen for each request for notification of the purpose of use of personal data and disclosure of personal data.

Requests for Correction, Cessation of Use, etc.

1. If the company receives a request from an individual for
   (1) Correction, addition, or deletion of personal data (hereinafter collectively “correction”) pursuant to the provisions of the Act on the Protection of Personal Information on the grounds that the personal data is not factual,
   (2) Cessation of use or deletion of personal data (hereinafter collectively “cessation of use”) pursuant to the provisions of the Act on the Protection of Personal Information on the grounds that the data is being used in excess of the scope necessary for the published purpose of use, or on the grounds that the data is being used by methods that have the possibility of fomenting or inducing unlawful or unjust acts, or on the grounds that the data was acquired by deception or other wrongful means,
   (3) Cessation of provision of personal data to third parties pursuant to the provisions of the Act on the Protection of Personal Information on the grounds that the data has been provided to a third party in violation of Article 27 Paragraph 1 or Article 28 of the act, or
   (4) Cessation of use of personal data or cessation of provision of personal data to third parties on the grounds that the handling of such data is likely to harm the individual's rights and interests,
   the company shall conduct necessary investigations without delay, having first confirmed that the request was made by the individual to whom the data pertains, and shall respond as necessary in accordance with the results of such investigations, and shall notify the individual thereof.
   If the company determines on reasonable grounds that no action is required, it shall notify the individual to that effect.
2. The previous paragraph shall not apply in cases where the company bears no obligation to take action under the Act on the Protection of Personal Information or other laws.
3. Please note that if the action described in Paragraph 1 above is taken in accordance with these regulations in relation to some or all of your personal data, the company may not be able to provide services or enter into other transactions according to your wishes.

Improvement and Review

The company inspects its handling of personal information, its management framework, and its efforts, and strives for constant improvement and review.

Contact

If you wish to make a request for disclosure, correction, or cessation of use, etc., of personal data, or if you have any other inquiry or complaint regarding the handling of personal information, please contact the company as directed below.