Supplemental Privacy Policy for Japan
If you are located in Japan, you have certain rights with respect to your personal information. The following is a summary of those rights and additional information applicable to our collection and use of your personal information. For clarity, this Supplemental Privacy Policy for Japan is in addition to, and not in lieu of, the information provided in our Privacy Policy.
Japan’s Act on the Protection of Personal Information (APPI)
We have adopted Japan’s Act on the Protection of Personal Information (APPI), as amended. The APPI governs the way in which we collect, use, disclose, secure and dispose of personal information.
A copy of The APPI may be obtained from The Government of Japan’s Personal Information Protection Commissioner.
Purposes of Use
We collect, use, disclose, secure and dispose of your personal information for the purposes outlined below.
Type of Personal Information | Purpose |
---|---|
A. Information containing a name or other identifier or the equivalent such as contact information, education, professional, and employment information |
|
B. Information containing identifiers obtained during audio recordings |
|
C. Individual Identification Codes such as characters, letters, or other codes created to identify and distinguish between different users and or Visitors including geolocation data and activity on our Websites |
|
Sensitive Personal Information
Under Japan’s APPI, sensitive personal information includes personal information about identifiable person’s race, creed, social status, medical history, criminal records, and other equivalent identifiers that could lead to discrimination.
If you are an Employee or Contractor and intend to sign a contract with us, we may collect some or all the following sensitive personal information:
Type of Sensitive Personal Information | Purpose |
---|---|
A. Criminal Records or Background Check Information |
|
B. Medical or Health Insurance Information |
|
C. Demographic information such as information about age, gender, gender identity, ethnicity, nation origin, Minority and/or Women Owned Business Enterprise status, Disabled Veteran Owned Business Enterprise status, Socially/Economically Disadvantaged Owned Business Enterprise status, and languages you speak |
|
Restriction Due to Purpose of Use
Unless we have first notified you of an additional purpose of use and obtained additional consent from you, we do not collect, use, disclose, secure, and dispose of personal information beyond the scope necessary to achieve the Purposes of Use described herein, except as permitted and or required by law.
Personal Information and Third Parties
We only share your personal information with third parties as described in our Privacy Policy when you have given your prior consent and when permitted or required by law.
Personal Information and Third Parties in a Foreign Country Outside Japan
We only share your personal information with third parties outside of Japan as described in our Privacy Policy when you have given your prior consent and as permitted or required by law. In such case, we share your personal information to third parties in EU/EEA member countries or the United Kingdom which are recognized as having a personal information protection system at the same level as Japan.
We also share your personal information to third parties located in the United States. In this case, we only share personal information to third parties establishing a system conforming to standards prescribed by rules of Japan’s Personal Information Protection Commission. Necessary measures we employ to have these third parties continuously implement equivalent measures include entering into a written agreement imposing on third parties’ data protection obligations requiring the same level of protection of personal information and technical and security measures as required and or implemented by us.
Managing Accuracy and Security of Personal Information
We make every effort to keep personal information accurate and up to date, within the scope necessary for achieving the purpose of use, and to promptly delete personal information if it is no longer required, as required by law.
We take necessary and appropriate measures for managing the security of personal information including measures to help prevent leak, loss or damage of personal information. These include:
- Information Security Program. We maintain a program that provides for the protection of data confidentiality, integrity, availability, possession, utility, and authenticity, including processes and procedures to respond to security incidents. This program complies with all applicable state, federal, and/or regulatory data protection requirements.
- Data Encryption. We encrypt personal information using valid encryption processes.
- Malware and Virus Detection and Prevention. We use and maintain commercially reasonable malware and virus detection and prevention mechanisms to protect personal information in our systems.
- Application Security Testing. We regularly perform commercially reasonable tests for security vulnerabilities of applications developed or used by us that process personal information.
- Intrusion Detection. We monitor for unauthorized access attempts to our systems and services using commercially reasonable tools and practices.
- Security Logs and Audit Trail. We log information for our systems, including firewalls, routers, network switches, and operating systems, to our respective system log facility and/or a centralized log server (for network systems). We monitor logs to identify unauthorized activity to facilitate incident response.
- Change Management. We maintain a change management program that ensures all system, application, and service changes have been appropriately reviewed, tested, and approved prior to deployment into our production environment.
- Network Protection. We restrict and control access between our network and other networks, including the Internet, using firewalls and other commercially reasonable control mechanisms.
- Incident Management. We maintain security incident management policies and procedures, including detailed security incident escalation procedures. We promptly investigate and notify users and Visitors of our Websites in the event we become aware of an actual or reasonably suspected unauthorized leakage or disclosure of personal information.
- Physical Security. We provide physical security to production data using commercially reasonable controls and restricting access to only authorized personnel that have a verifiable need to access the security areas.
- Business Continuity Management. We maintain a business continuity plan and perform tests of the business continuity plan at least annually. If we experience a material business continuity disruption event that impacts or may impact services, we provide regular updates, at an appropriate frequency, including a summary description of the event, the impact, and an estimate when services will return to normal operations.
- Disaster Recovery. We maintain disaster recovery plans and perform disaster recovery testing at least annually.
- Reliability and Backup. We provide appropriate levels of system and data reliability and backup to meet applicable legal obligations.
Rights Under Japan’s Act on the Protection of Personal Information (APPI)
If you are located in Japan, you have the following rights in respect of your personal information that we hold:
- Right of access and disclosure. You have the right to request we disclose the personal information we hold about you and to make the personal information we hold accessible to you by replying to your requests.
- Right to correction. You have the right to request we make corrections, additions, or deletions to your personal information in the event it is not accurate.
- Right to deletion and cease of use. You have the right to request we delete or cease using the personal information we hold about you including ceasing to provide your personal information to a third party in the event that (i) we or the third party violates the APPI or other applicable laws, (ii) it is no longer necessary for us to use your personal information or the purposes of use no longer apply, or (iii) deleting or ceasing use is necessary to protect or prevent an infringement or harm to your rights and interests.
If you wish to exercise one of these rights, submit your request by completing the Individual Data Request Form. We will use reasonable efforts to respond to an inquiry without excessive delay.
In order to respond to your request, we may request you to provide:
- Sufficient information to allow us to confirm your identity;
- Your reasons for making the request to allow us to locate responsive information; and
- Information about the employees or services you interacted with and the nature of the personal information you were requested to provide.
If we determine that we are unable to accept your request, we will provide you with an explanation with reasons for our rejection.
Contact Details and Complaints
For any questions, concerns, or complaints regarding a possible breach of your privacy by us, or for general questions, concerns, or complaints regarding our handling of your personal information, please contact our Data Protection Officer as follows:
- By completing the Individual Data Request Form
- By phone at 0011+1+703 793 6000
- By mail to MBO Partners, Inc, Attention Data Protection Officer, 20405 Exchange Street, Suite 301, Ashburn VA 20147
We will treat each complaint confidentially. We will investigate each complaint and will contact the individual that submitted the complaint within a reasonable time period once the complaint is resolved (and in any event within any applicable time periods required by the Privacy Act).
Changes to This Supplemental Privacy Policy for Japan
We may update this Supplemental Privacy Policy for Japan from time to time. When we do update them, we will post a notice on our Websites, make the updated version of this Supplemental Privacy Policy for Japan available on this page, and indicate the date it was last updated above. For clarity, any updates will apply from the date they are posted. Please check back periodically to see if this Supplemental Privacy Policy for Japan has been updated.