1. Purpose of Use

TIS shall use the personal information of the Clients for the purposes stated below.

• Communication to the Clients for business purposes
• Response to inquiries and requests from the Clients
• Guide for products and services of TIS
• Invitation to seminars, product presentations, and exhibitions held or sponsored by TIS
• Distribution of questionnaires for customer satisfaction survey
• Sending of New Year's greeting cards, notice of office move, and notice of personnel change
• Business relating to the selection for recruitment
• Other purposes notified to, and agreed by, the Clients in advance

2. Provision to Third Party

TIS shall not disclose the personal information acquired by it to third party except if agreed in advance by the person identified by such information, provided that, in order to respond to an inquiry or request as soon as possible, TIS may provide a relevant division of IT Holdings Group companies with personal information, which kindly be advised in advance.

3. Deposit of Personal Information

TIS may deposit the personal information acquired by it to any outside party to fulfill the purpose of use.
In this case, TIS shall conduct appropriate personal information control in accordance with the laws and TIS standards and, after termination of deposit, shall collect the personal information from the party with whom it is deposited.

4. Disclosure, Correction, and Deletion of Personal Information

Upon request of a person identified by information, TIS shall promptly disclose, correct, or delete the personal information acquired by it. Please don't hesitate to give your request to the contact below.

TIS will receive personal and other different types of information regarding the design, development, and operation of entrusted business systems.

1. Purpose of Use

TIS shall handle the personal information received within a scope of purpose to fulfill entrusted business.

2. Supply to Third Party

TIS shall not provide any third party with the personal information received.

3. Deposit of Personal Information

For the purpose of fulfilling the entrusted service, TIS may entrust an outside party a service that requires handling of personal information received.
In this case, TIS shall select, and entrust the service to, a company that satisfies a sufficient level of protection of personal information subject to consent of the Clients who entrust the service.
Also, TIS shall ensure that necessary safety control measures will be taken against the entrustee under a contract and shall supervise it appropriately.

4. Disclosure, Correction, and Deletion of Personal Information

TIS shall not meet a request from a person identified by information to disclose, correct, or delete the personal information received from the Clients.

By employment of an information security management system, TIS shall endeavor to keep confidentiality, integrity, and availability of such information.
In accordance with itemized safety control measures under the Guideline for the Act on the Protection of Personal Information developed by the Ministry of Economy, Trade and Industry, the following show what TIS is doing in handling the information.

1. Organizational Safety Control Measures

(1) Development of organizational system

Appointment of the chief manager and operation of the security meeting

(2) Establishment of rules and operation in accordance with the rules

Development and operation of the security policy (i.e., provisions and bylaws) based on the information security policy

(3) Keeping in order records for handling of personal information

Administration of records for businesses for which personal information is deposited and businesses for which personal information is acquired

(4) Evaluation, review, and improvement of safety control measures

Improvement by voluntary inspection by those who handle information, internal audit, and management review

(5) Response to trouble and violation regarding information security

Establishment of a task force and legal measures against violating party

2. Human Safety Control Measures

(1) Written oath at the time of employment and agreement

Collection from employees, cooperative company workers, venders, and all other concerned parties

(2) Education and training of employees

Education to all employees by e-learning

3. Physical Safety Control Measures

(1) Entry and exit control

Control of entry and exit by setting security levels and using IC card

(2) Countermeasures against theft

Locked safekeeping of confidential documents and media, wire lock for portable PCs, and implementation of clear policy

(3) Physical protection of machines and equipment

Implementation of measures against power failure and for disaster prevention and establishment of terminal room exclusive to real business requiring access to confidential information

4. Technical Safety Control Measures

(1) Identification and authentication of access

Personal authentication by IC card and/or fingerprint

(2) Access control

Minimization and control of access

(3) Control of access authority

Controlled setting of scope and authority of access according to type of job

(4) Access record

Acquisition and storage of work records and access log

(5) Measures against malicious software on information system

Automatic application of the virus definition (DAT) and security patch

(6) Measures for transfer and telecommunication

Use of VPN and secure mail in encoding, electronic transmission, and telecommunication of transport media

(7) Measures when checking the information system operation

Prohibition of use of operation data or, if necessary, restricted use by authorized person in monitored area

(8) Monitoring of information system

Monitoring of access log and verification with work record

5. Supervision of Employees and Entrustees

(1) Video monitoring in monitored areas and restriction of access to the Internet

(2) Appointment and periodical education of chief manager of the entrustees and audit of delegated entrusted services