Basic Policy on Information Security


As part of its corporate mission to enrich the world through visual communication, and in order to achieve further growth and development of its business, amana group (“Amana Group”) is moving forward proactively with the digitalization of its information assets. In today’s digital society, where the Internet has become an essential and indispensable part of our lives, Amana Group recognizes that appropriate handling of information assets to protect them against threats such as information leaks, destruction, or manipulation is a social responsibility. To fulfill that responsibility, Amana Group has established this Basic Policy on Information Security, and pledges to ensure that all Amana Group officers and employees (including all permanent, contract and part-time employees and resident external contractors; hereinafter the same applies) will understand and act in accordance with it.

  1. The Purpose of Information Security
    By implementing appropriate information security management and seeking to prevent the occurrence of information security incidents, Amana Group aims to be a company that maintains the constant trust and confidence of its customers and all other stakeholders.
    In the unlikely event that an information security incident should occur, Amana Group will endeavor to minimize the extent of any damage incurred, and to prevent reoccurrences by carrying out prompt restoration and recovery work.
  2. Scope of Applicability
    This policy applies to all corporate officers and employees and any important information assets managed by the Amana Group.
  3. Amana Group Initiatives
    1. Protection of Information Assets
      Amana Group will take all necessary management steps and measures, from the standpoints of confidentiality, integrity and availability, to protect all important information assets (including specific personal information and personal information) in its possession from all manner of threats.
    2. Observance of Laws and Legal Statutes
      Amana Group will comply with all laws, regulations and all separately stipulated rules, regulations and contractual agreements, etc., relating to information security.
    3. Promotion of Information Security Activities
      To promote its information security activities, Amana Group will create and operate an information security management system. Amana Group will also establish an information security committee and appoint a chief information security management supervisor. The information security management supervisors and committee members from each department shall actively spearhead information security activities, review them periodically and make continuous improvements.
    4. Implementation of Drills and Educational Training
      To implement organized and continuous information security-related activities, Amana Group will carry out educational training for all of its corporate officers and employees.
    5. Response to Information Security-related Events and Incidents
      Amana Group will constantly anticipate the occurrence of information security-related accidents, and, in addition to working to prevent such incidents, make a prompt response and take appropriate management steps and measures in the occurrence of such information security events and/or incidents, in consideration of rectifying such occurrences.
      NB: An information security incident is an information security-related accident or incident of the kind that could interfere with business operations.
Established: December 1, 2007
Last Updated: December 22, 2016
amana inc.
Representative Director
Hironobu Shindo

Policy on the Protection of Personal Information

Amana Group pledges to comply with laws and norms relating to the protection of personal information, to pay care and attention to international developments in the field and establish voluntary rules and frameworks, to establish the following Policy on the Protection of Personal Information and to implement and maintain this Policy with regard to the personal information of all customers and other transaction-related companies that Amana Group may use in the course of its business.

  1. Personal Information Protection Policy
    1. To fulfill this pledge, Amana Group shall establish a set of Management Rules for the Protection of Personal Information, and shall endeavor to make these rules known to all officers, employees and other affiliates of the Amana Group, and to ensure thorough observance of said rules.
    2. To prevent the loss, destruction, manipulation or leakage of personal information or other similar incidents, Amana Group shall establish an information security system and implement appropriate information security countermeasures, including measures to combat unauthorized accesses to information and intrusions by computer viruses.
    3. To manage personal information appropriately, Amana Group shall carry out regular checks and other such activities as the company sees fit, and shall endeavor to take appropriate steps promptly in the event of the discovery of issues that should be rectified, and to work towards continuous improvement.
    4. When obtaining personal information, Amana Group shall do so by fair and legal means, and, in addition to not obtaining such information by illicit means, shall either obtain the consent of the relevant individual to whom the personal information belongs with regard to the purpose of use, etc., or shall give notice of the necessary items on the Amana Group’s website.
    5. In cases where personal information is being obtained indirectly, Amana Group shall confirm whether or not the personal information obtained has been obtained by the provider from the individual in question in an appropriate manner, pay any contractually obligated consideration for such provision(s), and shall give notice of the necessary items regarding the purpose of use, etc., of such personal information on the Amana Group’s website.
    6. Amana Group confirms that the individual in question to whom the relevant personal information belongs owns the right to demand disclosure, correction, discontinuation of use and deletion, etc., of his or her own personal information, and shall respond sincerely and promptly to any such demands from the individual in question. Amana Group shall also establish a Personal Information Inquiries Desk to receive and handle inquiries regarding matters concerning personal information.
    7. In cases where Amana Group makes shared use of personal information with a third party, or deposits personal information to a third party for the purpose of subcontracting work, Amana Group shall conduct appropriate research on and enter into such contractual agreements as necessary with said third party, and take other such legal steps as deemed necessary.
    8. Amana Group sets forth the following general rules for the specific gathering and handling of personal information.
  2. General rules regarding the use of personal information:
    The use of personal information shall be limited to within the scope of the purpose for which it was collected, only by persons granted the necessary authority in accordance with the specific work being carried out, and within the scope of that which is necessary in order to carry out the relevant work.
  3. Prohibited Items
    As a general rule, provision of personal information to a third party is prohibited.
    We do not allow the content of personal information obtained in the process of carrying out work to be known to third parties without good reason, or use such personal information for wrongful purposes.
    We do not gather, use or provide personal information containing any of the following content:
    1. Items concerning thoughts, beliefs or religious matters
    2. Race, ethnicity, lineage, domicile of origin (excluding information regarding the prefecture of its location), physical or mental disabilities, criminal records or other items that may be the cause of social discrimination
    3. Items concerning the right to organize groups of workers, engage in collective bargaining or other acts of collective action
    4. Items concerning participation in collective industrial action, the exercise of the right to petition or other matters concerning the exercise of political rights
    5. Items concerning health, medical treatment or sexual orientation

Purpose of Use of Personal Information

Amana Group (Amana Inc. and its subsidiaries; hereinafter the same applies) uses customers’ personal information received through its business activities, only within the scope of that which is necessary for carrying out the following work and fulfilling the following purposes of use:

  1. 1.Purpose of Use
    1. To receive applications and consultations concerning Amana Group’s business and services
    2. To make various proposals and introductions/presentations concerning Amana Group’s business and services (including the sending of direct mail and e-mail newsletters)
    3. To confirm the identity of the individual or the individual’s representative, etc.
    4. To subcontract work within the scope necessary to carry out work appropriately when providing Amana Group’s work and services
    5. To carry out commissioned work appropriately, when commissioned by another company or service provider, etc., to process all or part of its personal information
    6. To exercise rights and fulfill obligations pursuant to laws and contractual agreements with customers, etc.
    7. To develop new Amana Group businesses and services and improve or enhance existing businesses and services through the carrying out of market research, data analysis, questionnaire surveys and other such means
    8. To provide the goods and services of partner companies, etc., and to offer various proposals relating to such goods and services
    9. To terminate or cancel various transactions and registered subscriptions to e-mail newsletters, etc., and to carry out necessary processing after such terminations or cancellations
    10. To identify and manage various risks as necessary to run its business
    11. To appropriately and smoothly fulfill other transactional and contractual obligations to customers in the course of Amana Group’s work

    Provided, however, that in addition to the aforesaid purposes, in the cases set forth below, Amana Group may provide personal information within a minimum necessary scope without obtaining a principal’s consent.

    1. Cases based on laws and regulations;
    2. Cases in which there is an urgent need to protect a human life, body, property, right, etc., and when it is difficult to obtain a principal’s consent;
    3. Cases in which there is a special need to protect public hygiene or children’s health, and when it is difficult to obtain a principal’s consent;
    4. Cases in which there is a need or an order to cooperate in regard to a central government organization, a local government, etc. performing affairs prescribed by laws and regulations
  2. 2.Regarding the Shared Use of Personal Information
    Amana Group will make use of personal information specified in the “Items of Information” below, jointly with partner companies of Amana Group, for the purpose specified in Item (8) of Paragraph 1 (Purpose of Use) set forth in these Rules.
  3. 3.Items of Personal Information
    The items of personal information that Amana Group makes shared use of consist of names, addresses, telephone numbers, e-mail addresses and other general personal information in the possession of Amana Group. Amana Group may sometimes record the content of a phone calls in order to accurately understand the opinions and requests of its customers.

For inquiries, consultations and complaints, etc., concerning the protection of personal information, please contact us at our Personal Information Inquiries Desk.

Personal Information Inquiries Desk:

Contact:
Information Security Committee, amana inc.
Address:
Higashishinagawa, Shinagawa-ku, Tokyo, Japan 140-0002
Email address:
privacy@amana.jp

Basic Policy on Protection of Specific Personal Information

  1. Name of Business Operator
    Amana Inc.
  2. Compliance with Related Laws, Guidelines, Etc.
    Amana Inc. (hereinafter referred to as the “Company”) will comply with the Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure (“Identification Number Act”) and other laws and regulations of Japan related to specific personal information protection, and the guidelines and other related codes stipulated by the State (hereinafter referred to as “Guidelines”).
  3. Matters Related to Measures for Security Management
    The Company will establish internal rules and take reasonable and appropriate measures to prevent the leakage, loss or damage of specific personal information, etc.
  4. Appropriate Management of Specific Personal Information
    The Company will appoint a person in charge of specific personal information, and will conduct regular inspections of the status of management of specific personal information and endeavor to appropriately manage specific personal information.
  5. Contact Information on Complaint and Consultation
    For complaints, etc. related to the handling of specific personal information by the Company, please contact:
    Contact:
    Information Security Committee, amana inc.
    Address:
    Higashishinagawa, Shinagawa-ku, Tokyo, Japan 140-0002
    Email address:
    privacy@amana.jp

Established: February 1, 2016
Last Updated: January 14, 2021

ISO/IEC27001:2013 Certification

amana inc. has obtained the ISO/IEC27001:2013 international information security management standard certification.

Certification standard

JIS Q 27001:2014(ISO/IEC 27001:2013)

Accreditation body

ISMS-AC (ISMS Accreditation Center)

Certifying body

Perry Johnson Holding, Inc.Perry Johnson Registrars

Certificate registration number

C2023-05415

Date of initial registration

November 24, 2008

Date of issue

November 24, 2023

Expiry date

October 31, 2025

Scope of registration

Visual Communication(Building Strategies and Plans for Communication Areas,Brand Design Activation, Internal Communications, Content Marketing,Production and Editing of Content, Prototyping, Production of Movies,Graphics and Websites as well as Planning of Other Promotions)

Organization/ department name

amana inc. / amana photography inc. / needsplus Inc.