Handling of Personal Information

We, TIS Inc. (hereinafter referred to as “TIS”), established the privacy policy and information security policy and have been conducting activities to protect personal information. Specifically, we are granted the use of Privacy Mark (which is in compliance with JIS Q 15001:2006) as well as the approval for Information Security Management System (which is in compliance with ISO/IEC27001:2013). Also, we are conducting improvement activities to enhance our personal information protection. On this page, we clarify what we are doing to protect personal information with a promise to continue improving our activities. We hope that you will be aware of what efforts are made by TIS and will render further support and advice to TIS.

Jun Ikimune, Managing Executive Officer, Personal Information Protection Manager

Ⅰ.Personal Information, etc. Handled by TIS

TIS will receive the following personal information and anonymously processed information (hereinafter referred to as “personal information, etc.”) from customers, suppliers, and business partners (hereinafter referred to as the “Clients”) and from shareholders.

  • ˜Personal information pertaining to the Clients themselves
  • ˜Personal information about shareholders
  • ˜Personal information received when business is entrusted
  • Anonymously processed information received when business is entrusted

    To ensure the proper handling of anonymously processed information, TIS will implement similar measures as those described below for personal information in Safety Control Measures for Personal Information, etc. (Ⅷ) and Disclosure, Correction, and Deletion, etc. of Personal Information (Ⅸ).

The personal information of TIS and TIS INTEC Group companies (hereinafter referred to as “group companies”) handled by TIS is as follows:

  • ˜Personal information about TIS directors, employees, and their families
  • ˜Personal information about group company directors and employees

Ⅱ.Purpose of Use of Personal Information, etc.

TIS will handle personal information, etc. of the Clients and shareholders within the bounds of the purposes outlined in (Ⅲ-Ⅶ).
When the purpose of use is to be changed, the purpose must be related to that prior to the change and the change must be within reasonable limits.

Ⅲ.Handling of Personal Information pertaining to the Clients

1. Purpose of Use

  • Performance of billing, payment, and other business processes, conduct of contractual relations,
    and communication for business purposes with Clients
  • Response to inquiries and requests from the Clients
  • Guide for products and services of TIS
  • Invitation to seminars, product presentations, and exhibitions held or sponsored by TIS or group companies
  • Distribution of questionnaires for customer satisfaction survey
  • Sending of New Year's greeting cards, notice of office move, and notice of personnel change
  • Other purposes notified to, and agreed by, the Clients in advance

2. Provision to Third Parties
TIS shall not disclose or provide to third parties personal information about the Clients except in the following cases:

  • ˜If the Clients concerned have consented
  • ˜If disclosure or provision is required by law
  • ˜If disclosure or provision is made in a form in which individual Clients cannot be identified, such as in the form of statistical data

3.Entrustment of Personal Information
TIS may entrust personal information about Clients that TIS has received with an outside party to fulfill the purpose of use.
In such case, TIS shall enter an agreement on protection of personal information with the entrustees, exercise proper control in accordance with the law and TIS standards, and recover the personal information about Clients from the entrustees after termination of the entrustment.

4. Sharing of Personal Information in the TIS INTEC Group
TIS may share personal information with group companies if it judges it appropriate to do so in order to have group companies respond to inquiries, etc. from Clients or to provide information on, deliver, or enhance products and services handled by group companies.
For details, please see Sharing of Personal Information in the TIS INTEC Group.

Ⅳ.Handling of Personal Information about Shareholders

1.Purpose of Use

  • ˜Exercise of rights and performance of obligations under the Companies Act
  • ˜Provision of convenience by TIS in accordance with status as shareholders
  • ˜Consideration and implementation of measures to facilitate relations between shareholders and TIS
  • ˜Shareholder management, such as the preparation of shareholder data in accordance with prescribed standards as required by law


2.Provision to Third Parties
TIS shall not disclose or provide to third parties personal information about shareholders except in the following cases:

  • ˜If the shareholder concerned has consented
  • ˜If disclosure or provision is required by law
  • ˜If disclosure or provision is made in a form in which individual shareholders cannot be identified, such as in the form of statistical data


3.Entrustment of Personal Information
TIS may entrust personal information about shareholders received with an outside party to fulfill the purposeof use.
In such case, TIS shall enter an agreement on protection of personal information with the entrustees, exercise proper control in accordance with the law and TIS standards, and recover the personal information about shareholders from the entrustees after termination of the entrustment.


4.Sharing of Personal Information in the TIS INTEC Group
TIS may share personal information about shareholders with group companies if it judges it appropriate to do so in order to have group companies respond to inquiries, etc. from shareholders.
For details, please see Sharing of Personal Information in the TIS INTEC Group.



Ⅴ.Handling of Personal Information, etc. Received When Business Is Entrusted

1.Purpose of Use
TIS shall handle personal information, etc. received from customers to the extent necessary for the purpose of fulfillment of entrusted business, such as data processing.

2.Provision to Third Parties
TIS shall not provide personal information, etc. received from customers to third parties.

3.Entrustment of Personal Information, etc.
TIS may entrust the handling of personal information, etc. received to an outside party in order to fulfill entrusted business.
In such case, TIS shall enter an agreement on protection of personal information with the entrustees, and exercise proper control in accordance with the law and TIS standards After termination of the entrustment, TIS shall recover from the entrustees the personal information, etc. received.

4.Sharing of Personal Information, etc. in the TIS INTEC Group
TIS shall not share personal information, etc. received.

Ⅵ.Handling of Personal Information about TIS Directors, Employees, and Their Families

TIS shall handle personal information about TIS directors and employees (permanent employees, senior employees, contract employees, temporary employees, seconded employees and dispatched employees), applicants for positions at TIS, and former employees of TIS (hereinafter referred to collectively as “Employees, etc.”) as follows.

1.Purpose of Use

  • ˜Activities related to employment screening (for job applicants) and procedures for entering the company once offered a position
  • ˜Employment management, work management, salary administration
  • ˜Preparation and filing of notifications, reports, and other materials as required by law
  • ˜Employee welfare and management of health and safety
  • ˜Education and training
  • ˜Communication in emergencies


2.Provision and Entrustment to Third Parties
TIS may provide to or entrust with a third party, in written or electronic format, personal information about Employees, etc. if necessary to fulfill the purpose of use.
A record will be created if information is provided to a third party.
In such case, TIS shall enter a non-disclosure agreement on the handling of personal information with the third party.


3.Sharing of Personal Information in the TIS INTEC Group
TIS may share personal information about Employees, etc. with group companies if necessary to fulfill the purpose of use.
For details, please see Sharing of Personal Information in the TIS INTEC Group.
In such case, TIS shall enter a non-disclosure agreement on the handling of personal information with the parties with which personal information is shared.

Ⅶ.Handling of Personal Information regarding Group Company Directors and Employees

1.Purpose of Use

  • ˜Activities necessary to the group’s management, including personnel management and education/training
  • ˜Communications necessary to the group’s management and administration


2.Provision and Entrustment to Third Parties
TIS may provide to or entrust with a third party, in written or electronic format, personal information about group company directors and employees if necessary to fulfill the purpose of use.
In such case, TIS shall enter a non-disclosure agreement on the handling of personal information with the third party.

3.Sharing of Personal Information in the TIS INTEC Group

TIS may share personal information about group company directors and employees with group companies if necessary to fulfill the purpose of use.
For details, please see Sharing of Personal Information in the TIS INTEC Group.
In such case, TIS shall enter a non-disclosure agreement on the handling of personal information with the parties with which personal information is shared.


Ⅷ.Safety Control Measures for Personal Information, etc.

TIS shall manage all information, including personal information, etc., in accordance with the requirements for the Privacy Mark and information security management systems.
TIS shall explain its handling of personal information, etc. in conformance with the section on security control measures in the Guidelines on the Act on the Protection of Personal Information issued by the Ministry of Economy, Trade and Industry of Japan.

1.Organizational Safety Control Measures

  1. Development of organizational system
    Appointment of the chief manager and operation of the security meeting
  2. Establishment of rules and operation in accordance with the rules
    Development and operation of the security policy (i.e., provisions and bylaws) based on the information security policy
  3. Keeping in order records for handling of personal information
    Administration of records for businesses for which personal information is entrusted and businesses for which personal information is acquired
  4. Evaluation, review, and improvement of safety control measures
    Improvement by voluntary inspection by those who handle information, internal audit, and management review
  5. Response to trouble and violation regarding information security
    Establishment of a task force and legal measures against violating party


2.Human Safety Control Measures

  1. Agreement with employees or entrustees about handling of personal information.
    Collecting written oath from employees or entering into contract with entrustees.

  2. Education and training of employees
    Education to all employees by e-learning


3.Physical Safety Control Measures

  1. Entry and exit control
    Control of entry and exit by setting security levels and using IC card
  2. Countermeasures against theft
    Locked safekeeping of confidential documents and media, wire lock for portable PCs, and implementation of clear policy
  3. Physical protection of machines and equipment
    Implementation of measures against power failure and for disaster prevention and establishment of terminal room exclusive to real business requiring access to confidential information


4.Technical Safety Control Measures

  1. Identification and authentication of access
    Personal authentication by IC card and/or fingerprint
  2. Access control
    Minimization and control of access
  3. Control of access authority
    Controlled setting of scope and authority of access according to type of job
  4. Access record
    Acquisition and storage of work records and access log
  5. Measures against malicious software on information system
    Automatic application of the virus definition (DAT) and security patch
  6. Measures for transfer and telecommunication
    Use of VPN and secure mail in encoding, electronic transmission, and telecommunication of transport media
  7. Measures when checking the information system operation
    Prohibition of use of operation data or, if necessary, restricted use by authorized person in monitored area
  8. Monitoring of information system
    Monitoring of access log and verification with work record


5.Supervision of Employees and Entrustees

  1. Video monitoring in monitored areas and restriction of access to the Internet
  2. Appointment and periodical education of chief manager of the entrustees and audit of delegated entrusted services

Ⅸ.Disclosure, Correction, and Deletion, etc. of Personal Information

TIS shall promptly disclose, correct, delete, or take other such action in respect of personal information about Clients (excluding personal information received when business is entrusted) received by TIS upon request by the individual concerned. Please address requests to the point of contact for inquiries shown below.

TIS shall meet requests for disclosure, correction and other such action, and complaints and requests for advice made by the individuals concerned in respect of personal information about Employees and the personal information of the Directors and Employees of Group companies held by TIS, insofar as this would not significantly impede the proper conduct of business.

Contact for Handling of Personal Information

Compliance Management Dept., Corporate Management SBU., TIS Inc.

Update : November 1, 2017, 16:58

PAGE TOP

Contact Us
Contact Us page is here.