Basic Policy on Information Security

As part of its corporate mission to enrich the world through visual communication, and in order to achieve further growth and development of its business, amana group (“Amana Group”) is pushing ahead proactively in the digitalization of its information assets. In today’s digital society, where the Internet has become an essential and indispensable part of our lives, Amana Group recognizes that appropriate handling of information assets to protect them against threats such as information leaks, destruction, or manipulation is a social responsibility. To fulfill that responsibility, Amana Group has established this Basic Policy on Information Security, and pledges to ensure that all Amana Group officers and employees will understand and act in accordance with it.

  1. The Purpose of Information Security

By implementing appropriate information security management and seeking to prevent the occurrence of information security incidents, Amana Group aims to be a company that maintains the constant trust and confidence of its customers and all of its other stakeholders.
In the unlikely event that an information security incident should occur, Amana Group will endeavor to minimize the extent of any damage incurred, and to prevent reoccurrences by carrying out prompt restoration and recovery work.

  1. Scope of Applicability

This policy applies to all corporate officers and employees (including all permanent, contract and part-time employees and resident external contractors) and any important information assets managed by the Amana Group.

  1. Amana Group Initiatives

(1) Protection of Information Assets
Amana Group will take all necessary management steps and measures, from the standpoints of confidentiality, integrity and availability, in order to protect all important information assets (including personal information) in its possession from all manner of threats.
(2) Observance of Laws and Legal Statutes
Amana Group will comply with all laws, regulations and all separately stipulated rules, regulations and contractual agreements, etc., relating to information security.
(3) Promotion of Information Security Activities
In order to promote its information security activities, Amana Group will create and operate an information security management system. Amana Group will also establish an information security committee and appoint a chief information security management supervisor. The information security management supervisors and committee members from each department shall actively spearhead information security activities, review them periodically and make continuous improvements.
(4) Implementation of Drills and Educational Training
In order to implement organized and continuous information security-related activities, Amana Group will carry out educational training for all of its corporate officers and employees.
(5) Response to Information Security-related Events and Incidents
Amana Group will constantly anticipate the occurrence of information security-related accidents, and, in addition to working to prevent such incidents, make a prompt response and take appropriate management steps and measures in the occurrence of such information security events and/or incidents, in consideration of rectifying such occurrences.
NB: An information security incident is an information security-related accident or incident of the kind that could interfere with business operations.
Established: December 1, 2007
Last Updated: April 1, 2015
amana inc.
Representative Director
Hironobu Shindo

Policy on the Protection of Personal Information (POPI)
Amana Group pledges to comply with laws and norms relating to the protection of personal information, to pay care and attention to international developments in the field and establish voluntary rules and frameworks, to establish the following Policy on the Protection of Personal Information and to implement and maintain this Policy with regard to the personal information of all customers and other transaction-related companies that Amana Group may use in the course of its business.

  1. In order to fulfill this pledge, Amana Group shall establish a set of Management Rules for the Protection of Personal Information, and shall endeavor to make these rules known to all officers, employees and other affiliates of the Amana Group, and to ensure thorough observance of said rules.
  2. To prevent loss, destruction, manipulation or leaks of personal information or other similar incidents, Amana Group shall establish an information security system and implement appropriate information security countermeasures, including measures to combat unauthorized accesses to information and intrusions by computer viruses.
  3. In order to manage personal information appropriately, Amana Group shall carry out regular checks and other such activities as the company sees fit, and shall endeavor to take appropriate steps promptly in the event of the discovery of parts that should be rectified, and to work towards continuous improvement.
  4. When obtaining personal information, Amana Group shall do so by fair and legal means, and, in addition to not obtaining such information by illicit means, shall either obtain the consent of the relevant individual to whom the personal information belongs with regard to the purpose of use, etc., or shall give notice of the necessary items on the Amana Group’s website.
  5. In cases where personal information is being obtained indirectly, Amana Group shall confirm whether or not the personal information obtained has been obtained by the provider from the individual in question in an appropriate manner, pay any contractually-obligated consideration for such provision(s), and shall give notice of the necessary items regarding the purpose of use, etc., of such personal information on the Amana Group’s website.
  6. Amana Group confirms that the individual in question to whom the relevant personal information belongs owns the right to demand disclosure, correction, discontinuation of use and deletion, etc., of his or her own personal information, and shall respond sincerely and promptly to any such demands from the individual in question. Amana Group shall also establish a Personal Information Inquiries Desk to receive and handle inquiries regarding matters concerning personal information.
    Personal Information Inquires Desk: 03-3740-4010
  7. In cases where Amana Group makes shared use of personal information with a third party, or deposits personal information to a third party for the purpose of subcontracting work, Amana Group shall conduct appropriate research on and enter into such contractual agreements as necessary with said third party, and take other such legal steps as deemed necessary.
  8. Amana Group sets forth the following general rules for the specific gathering and handling of personal information.

■ General rules regarding the use of personal information:
The use of personal information shall be limited to within the scope of the purpose for which it was collected, only by persons granted the necessary authority in accordance with the specific work being carried out, and within the scope of that which is necessary in order to carry out the relevant work.
■ Prohibited Items
As a general rule, provision of personal information to a third party is prohibited.
We do not allow the content of personal information obtained in the process of carrying out work to be known to third parties without good reason, or use such personal information for wrongful purposes.
We do not gather, use or provide personal information containing any of the following content:

  1. Items concerning thoughts, beliefs or religious matters
  2. Race, ethnicity, lineage, domicile of origin (excluding information regarding the prefecture of its location), physical or mental disabilities, criminal records or other items that may be the cause of social discrimination
  3. Items concerning the right to organize groups of workers, engage in collective bargaining or other acts of collective action
  4. Items concerning participation in collective industrial action, the exercise of the right to petition or other matters concerning the exercise of political rights
  5. Items concerning health, medical treatment or sexual lifestyle

Established: March 2005
Last Updated: October 2008
amana inc.
Representative Director
Hironobu Shindo

In this Policy, the term “Amana Group” refers to consolidated subsidiaries of Amana Inc.

Regarding the Purpose of the Use of Personal Information
When acquiring customers’ personal information, either directly or indirectly, Amana Group uses such personal information only within the scope of that which is necessary for carrying out the following work and fulfilling the following purposes of use:
■ Work Content
All work relating to the planning, production and sale of visual solutions and other incidental work.

  1. Production of photographs and digital images
  2. Planning and sale of stock photo content
  3. Other work relating to visual solutions
  4. Other work that Amana Group is able to engage in, and other incidental work (including work the handling of which may be approved in the future)

■ Purpose of Use
Amana Group makes use of personal information for the following purposes, in relation to Amana Group products and services. Amana Group also makes joint use of the information listed under “Items of Personal Data” with business partner companies for the purposes detailed in Item 8 below.

  1. To receive applications and consultations concerning Amana Group’s business and services
  2. To make various proposals and introductions/presentations concerning Amana Group’s business and services (including the sending of direct mail and e-mail newsletters)
  3. To confirm the identity of the individual or the individual’s representative, etc.
  4. To subcontract work within the scope necessary to carry out work appropriately when providing Amana Group’s work and services
  5. To carry out commissioned work appropriately, when commissioned by another company or service provider, etc., to process all or part of its personal information
  6. To exercise rights and fulfill obligations pursuant to laws and contractual agreements with customers, etc.
  7. To develop new Amana Group businesses and services and improve or enhance existing businesses and services through the carrying out of market research, data analysis, questionnaire surveys and other such means
  8. To provide the goods and services of partner companies, etc., and to offer various proposals relating to such goods and services
  9. To terminate or cancel various transactions and registered subscriptions to e-mail newsletters, etc., and to carry out necessary processing after such terminations or cancellations
  10. To identify and manage various risks as necessary to run our business
  11. To appropriately and smoothly fulfill other transactional and contractual obligations to customers in the course of Amana Group’s work

■ Items of Personal Data
The items of personal data that Amana Group makes shared use of consist of names, addresses, telephone numbers, e-mail addresses and other general personal information in the possession of Amana Group. Amana Group may sometimes record the content of phone calls in order to accurately understand the opinions and requests of our customers. We erase all recorded personal information within a period of six months.
For inquiries, consultations and complaints, etc., concerning the protection of personal information, please contact us at our Personal Information Inquiries Desk.
Personal Information Inquiries Desk:
2-2-43 Higashi Shinagawa, Tokyo 140-0002
Tel: 03-3740-4010
Established: April 2005
Last Updated: June 2011

Regarding the Shared Use of Personal Information
When acquiring customers’ personal information, either directly or indirectly, Amana Group uses such personal information only within the scope of that which is necessary for carrying out the following work and fulfilling the following purposes of use.

Also, in participating in the T-Point service operated by Culture Convenience Club Co., Ltd., amana inc. and its subsidiary amana images inc. will make use of personal information received from members of for the following joint use:
■ Applicable customers:
T-Point members who are also members of
■ Items of Personal Information:
Names, addresses, telephone numbers, e-mail addresses, user IDs, purchase histories and other information possessed by amana inc.
■ Partner companies with which amana inc. will make joint use of personal information:
Culture Convenience Club Co., Ltd.
■ Purpose of Use
To provide the goods and services of the partner company and offer proposals

■ Shared Use Supervisors
amana inc.
amana images inc.

ISO/IEC27001:2013 Certification
amana inc. has obtained the ISO/IEC27001:2013 international information security management standard certification.

Certification standard

JIS Q 27001:2014(ISO/IEC 27001:2013)

Accreditation body

JIPDEC(Japan Information Processing Development Corporation)

Certifying body

Perry Johnson Holding, Inc.  Perry Johnson Registrars, Inc.

Certificate registration number


Date of initial registration

November 24, 2008

Date of issue

November 24, 2014

Expiry date

November 23, 2017

Scope of registration

Visual communication business (sales of stock content, production of advertising visuals, planning and production of advertisements, photography class and CG production class businesses)

Organization/ department name

amana inc./ acube inc./ amana images inc./ amanadesign inc./ amana digital imaging inc./ amanabi inc./ amana photography inc./ un inc./ needs+ inc.</ hue inc./ wonderactive inc./ MISSILE COMPANY inc./