Social Welfare Corporation Meiwakai Personal Information Protection Policy

Personal Information Protection Regulations

Chapter 1 General Provisions

(Purpose)
Article 1: The purpose of these regulations is to protect the rights and interests of individuals while ensuring the proper and smooth operation of the business of the social welfare corporation Meiwakai (hereinafter referred to as "the corporation"). This is achieved by prescribing the necessary measures to ensure the proper handling of personal information held by the corporation, based on the principle of respecting individual dignity and personality, and recognizing that personal information must be handled with care.

(Definitions)
Article 2: The definitions of terms used in these regulations shall be as specified in the following provisions.
(1) Personal Information
Personal information refers to information about a living individual that can identify the individual based on the name, date of birth, or other descriptions contained in the information, or through a number, symbol, or other code assigned to the individual. This includes information that, by itself, does not identify the individual but can be easily cross-referenced with other information to identify the individual.
(2) Personal Information Database, etc.
A collection of information, including personal information, that is systematically organized to allow the retrieval of specific personal information using a computer. This also includes collections of personal information processed on paper that are organized or classified according to certain rules, enabling the easy retrieval of specific personal information, even without the use of a computer.
(3) Personal data
Personal data refers to personal information that constitutes a personal information database, etc.
(4) Retained personal data

This refers to personal data that a corporation has the authority to disclose, correct, add, delete, suspend use, erase, and suspend provision to third parties, other than data whose existence or non-existence may be likely to cause harm to the life, body, or property of the individual or a third party, or that may encourage or induce illegal or unjust acts.

(5) Individual:
An individual who is identified or can be identified from personal information.
(6) Employee:
A person who works for a corporation under the direction and orders of the corporation.
(7) Anonymization:

Anonymization means removing any personally identifiable information, such as name, date of birth, or address, from personal information so that it is no longer possible to identify a specific individual.

(Responsibilities of the Corporation)Article 3:
The Corporation shall comply with laws and regulations concerning the protection of personal information and shall endeavor to protect personal information in all of its business activities.

Chapter 2 Identifying the purpose of use of personal information

(Specifying the purpose of use)
Article 4 When handling personal information, the Corporation will specify the purpose of its use (hereinafter referred to as the "purpose of use") as specifically as possible.
2. In the event that the Corporation changes the purpose of use, it shall do so only to the extent that it is reasonably deemed to have a reasonable relevance to the purpose of use prior to the change.
3. If the corporation changes the purpose of use, it will notify the individual or make public the changed purpose of use.
4. The Corporation will determine the type of personal information, the purpose of use, and the method of use/provision, etc., in a format to be specified separately.

(Restrictions on use outside of intended purpose)
Article 5 The Corporation shall not handle personal information beyond the scope necessary to achieve the purposes of use specified in the provisions of the previous article without the prior consent of the individual.
2 Notwithstanding the provisions of the preceding paragraph, in any of the following cases, personal information may be handled beyond the scope of the purposes of use specified in the provisions of the preceding Article without obtaining the prior consent of the individual:
(1) When required by law
(2) When it is necessary for the protection of an individual's life, body, or property and it is difficult to obtain the individual's consent.
(3) When it is particularly necessary for the improvement of public health or the promotion of healthy child development and it is difficult to obtain the consent of the individual.
(4) When it is necessary to cooperate with a national government organ, local government, or a person commissioned by them in carrying out duties prescribed by law, and obtaining the individual's consent is likely to impede the performance of those duties.
3. In the event that the Corporation handles personal information beyond the scope of the purpose of use due to the provisions of the preceding paragraph, the Corporation shall limit the scope of such handling to that which is truly necessary.

Chapter 3 Restrictions on the Acquisition of Personal Information

(Restrictions on Acquisition)
Article 6 When acquiring personal information, the Corporation shall clearly indicate the purpose of use and shall do so in a lawful and appropriate manner.
2. The corporation will not acquire personal information related to thoughts, beliefs, or religion, or personal information that may cause social discrimination.
3. In principle, the Corporation will acquire personal information from the individual, except in the following cases:
(1) When the individual gives consent.
(2) When required by law or regulation.
(3) When it is deemed urgent and unavoidable in order to protect the safety of an individual's life, body, or property.
(4) When it is impossible to obtain the information from the individual due to reasons such as unknown whereabouts or insufficient judgment capacity.
4 When the Corporation acquires personal information from a person other than the individual in accordance with the provisions of paragraph 4 of the preceding article, the Corporation shall endeavor to notify the individual of this fact and the purpose of use of the personal information.

(Notification of purpose of use upon acquisition, etc.)
Article 7 When the Corporation acquires personal information, it shall promptly notify the individual of the purpose of use or publicly announce the purpose of use, unless the purpose of use has been publicly announced in advance.
2. Notwithstanding the provisions of the preceding paragraph, when the Corporation acquires personal information of an individual that is written in a contract or other document in conjunction with the conclusion of a contract with the individual, or when the Corporation acquires personal information of an individual that is written in a document directly from the individual, the Corporation shall clearly indicate the purpose of use to the individual in advance, except in cases where there is an urgent need to do so for the protection of a person's life, body, or property.
3 The provisions of the preceding two paragraphs shall not apply in the following cases:
(1) If informing the individual of the purpose of use or making it public would be likely to harm the life, body, property, or other rights and interests of the individual or a third party.
(2) When it is necessary to cooperate with a national government organ, local government, or a person commissioned by them in carrying out duties prescribed by law, and informing the individual of the purpose of use or making it public would be likely to hinder the performance of those duties.

Chapter 4: Appropriate Management of Personal Data

(Appropriate management of personal data)
Article 8 The Corporation will always keep personal data accurate and up-to-date to the extent necessary to achieve the purpose of use.
2. The Corporation shall take necessary and appropriate measures to prevent the leakage, loss, or damage of Personal Data and to ensure the safe management of Personal Data.
3. The Corporation shall provide necessary and appropriate supervision to employees who handle Personal Data in order to ensure the safe management of Personal Data.
4. The Corporation shall promptly and securely destroy or delete any personal data that is no longer required to be stored for the intended purpose.
5. When a corporation entrusts all or part of the handling of personal information to a person other than a corporation, the corporation shall, in principle, clarify in the entrustment contract the measures that the trustee must take to safely manage the personal data and shall provide necessary and appropriate supervision of the trustee.

Chapter 5 Provision of Personal Data to Third Parties

(Provision of Personal Data to Third Parties)
Article 9: Except in the following cases, the corporation shall not provide personal data to a third party without obtaining the prior consent of the individual:
(1) When required by law
(2) When necessary for the protection of the life, body, or property of an individual, and it is difficult to obtain the individual's consent
(3) When it is particularly necessary to improve public health or promote the sound growth of children, and it is difficult to obtain the individual's consent
(4) When it is necessary to cooperate with a national institution, local government, or an individual or entity commissioned by them to carry out duties prescribed by law, and obtaining the individual's consent would likely impede the execution of such duties.

2. In the following cases, the recipient of the personal data shall not be considered a third party with respect to the application of the provisions of the preceding paragraph:
(1) When a corporation entrusts all or part of the handling of personal data within the scope necessary to achieve the purpose of use.
(2) When personal data is provided as a result of business succession due to a merger or other reasons.
(3) When personal data is used jointly with a specific person, and the individual is notified in advance of this fact, or the individual is made easily aware of the items of personal data to be used jointly, the scope of the parties using the data jointly, the purpose of use by the parties, and the name or title of the person responsible for managing the personal data.

3. If a corporation changes the purpose of use of a party or the name or title of the person responsible for managing personal data, as stipulated in item 3 of the preceding paragraph, the corporation shall notify the individual in advance of the changes or make them readily accessible to the individual.

Chapter 6 Disclosure, Correction, Addition, Deletion and Suspension of Use of Retained Personal Data

(Disclosure of Retained Personal Data, etc.)
Article 10 When the Corporation receives a written or verbal request from an individual for disclosure of the personal data held by the individual (including informing the individual when the Corporation does not hold any personal information that can identify the individual; the same applies below), the Corporation shall disclose the data after verifying the individual's identity by showing an identification document, etc. However, if the disclosure falls under any of the following items, the Corporation may refrain from disclosing all or part of the data.
(1) When there is a risk of harm to the life, body, property or other rights and interests of the individual or a third party
(2) When there is a risk of causing significant disruption to the proper conduct of the corporation's business
(3) When it would violate other laws and regulations2 Disclosure shall be made in writing. However, with the consent of the person who requested disclosure, disclosure may be made by means other than in writing.
3. Notification of the decision to disclose or not disclose retained personal data will be given to the individual in writing without delay.

(Request for disclosure)
Article 11 Any person may request the corporation to disclose his/her personal information stored in documents and information storage media.
2. The legal representative of a minor or an adult ward may make a request pursuant to the provisions of the preceding paragraph (hereinafter referred to as a "disclosure request") on behalf of the person in question.

(Personal information that may not be disclosed)
Article 12: The corporation may refuse to disclose all or part of the personal information related to the disclosure request if it falls under any of the following items.
(1) Personal information concerning a person other than the person making the disclosure request, which is normally deemed to be a legitimate desire not to have others know about.
(2) Personal information whose disclosure may be harmful to the protection of an individual's life, body, property, etc., or to the prevention of crime, investigation of crime, or the maintenance of safety and order in civic life.
(3) Any personal information relating to a person or other organization (excluding the state and local governments; hereafter referred to as "corporations, etc." in this section) or information relating to a business run by an individual other than the person who requested the disclosure, which is deemed to clearly harm the competition of an individual or other legitimate interests in the business activities of that individual, except for the following personal information:
A. Personal information deemed necessary to be disclosed in order to protect the life, body, or health of an individual from harm resulting from the business activities of the corporation, etc. or the individual operating the business. B. Personal information deemed necessary to be disclosed in order to protect the life of an individual from harm resulting from illegal or grossly unfair business activities of the corporation, etc. or the individual operating the business.
(4) Personal information that cannot be disclosed under legal provisions.
(5) Personal information in the course of business operations, such as the evaluation, guidance, diagnosis, judgment, and selection of individuals, the disclosure of which may render it impossible to achieve the purpose of the said or similar business operations, or may cause significant hindrance to the fair or smooth execution of such business operations.
(6) Personal information related to the decision-making process, such as consideration, deliberation, consultation, investigation, research, etc., within the organization or between the organization and the national or local government or an equivalent organization (hereinafter referred to as the “National Government, etc.”), the disclosure of which may cause a significant hindrance to the fair formation of decisions.
(7) Personal information relating to examinations, negotiations, bidding, personnel affairs, litigation, or other business operations conducted by the corporation or the state, etc., the disclosure of which may render it impossible to achieve the purpose of the business operations or may cause significant hindrance to the fair and proper execution of the business operations or similar operations.
(8) Personal information held by the corporation in relation to business operations conducted through consultations, cooperation, requests, etc. between the corporation and the State, etc., and the disclosure of which is deemed to significantly damage the cooperative or trusting relationship between the corporation and the State, etc.

(Procedure for disclosure application)
Article 13 Anyone who wishes to request disclosure must submit to the Corporation an application form that includes the following items:
(1) Name and address
(2) Necessary items to identify the personal information related to the disclosure request
(3) In addition to the items listed in the two preceding paragraphs, any other matters stipulated by the Corporation shall be submitted or presented to the Corporation as necessary documents to prove that the person making the disclosure request is the person himself/herself or his/her legal representative, as stipulated by the Corporation.

(Responses to requests for disclosure, etc.)
Article 14 When a request for disclosure as provided for in the preceding Article 1 is made, the Corporation must respond within 15 days from the date of receipt of the request as to whether or not it will disclose the personal information concerned.
2 When making a response as provided for in the preceding paragraph, the Corporation must promptly notify the person who submitted the request (hereinafter referred to as the "Disclosure Requester") of the content of the response in writing.
3 If, due to unavoidable circumstances, the Corporation is unable to respond within the period set forth in paragraph 1, it may extend that period for up to 60 days from the date of receipt of the request. In this case, the Corporation must promptly notify the disclosure requester in writing of the period of extension and the reason for it.
4 In the case of paragraph 2, when the Corporation responds that the personal information will not be disclosed, it must do so in writing, including the reason for the response. In this case, if it is possible to specify in advance the date by which the personal information will no longer fall under the items of Article 12, the date must be included in the written response.
5 If the corporation does not respond as to whether or not it will disclose personal information within the period set forth in paragraph 1 (or within the extended period in the event that said period is extended pursuant to the provisions of paragraph 3), the disclosure requester may assume that the corporation has responded that the personal information will not be disclosed.
6 When the corporation responds as specified in paragraph 1, if the personal information in the response contains information about a third party, the corporation may, if necessary, hear the opinion of the third party in advance.

(Method of disclosure)
Article 15 When the Corporation responds to a request to disclose personal information pursuant to the provisions of the preceding Article 1, it must promptly disclose the personal information to the disclosure applicant.
2. Disclosure of personal information shall be made in accordance with the methods set forth in each of the following items according to the category of personal information.
(1) To inspect or receive copies of personal information recorded in documents and the parts of those documents that relate to such personal information
(2) Personal information recorded on an information recording medium, and the portion of the information recording medium relating to the personal information may be inspected or a copy may be provided using a device capable of reproducing the information by, for example, outputting it using a printing device. 3 Notwithstanding the provisions of the preceding paragraph, when there is a risk that the item on which the personal information is recorded may be defaced or damaged by the methods specified in the preceding paragraph, when partial disclosure is to be made, or when there are other reasonable grounds, the Corporation may inspect or provide a copy of the item on which the personal information is recorded.
4 The provisions of Article 13, paragraph 2 shall apply mutatis mutandis to persons to whom personal information is disclosed.

(Bearing of costs)
Article 16. A person who receives a copy of a document, etc. pursuant to the provisions of paragraph 2 or 3 of the preceding Article must bear the costs incurred in making and sending said copy.
2. The amount of expenses prescribed in the preceding paragraph shall be the actual expenses.

(Correction, addition, deletion, suspension of use, etc. of retained personal data)
Article 17 When the Corporation receives a written or verbal request from an individual to whom the Personal Data held by the Corporation has been disclosed to correct, add, delete or suspend the use of the Personal Data concerned, the Corporation shall investigate the request without delay to the extent necessary to achieve the purpose of use and shall notify the individual of the results in writing.
2. If the person who received the notice in the preceding paragraph makes a further application, the corporation shall process the application in the same manner as in the preceding paragraph.

Chapter 7 Organization and Structure

(Personal Information Protection Manager)
Article 18: The Corporation shall appoint a Personal Information Protection Manager to ensure the proper management of personal information, and have him/her take the necessary measures for the proper management of personal information within the Corporation.
２.　The personal information protection manager shall be the director of the facility.
３.　The facility director shall be responsible for implementing appropriate management measures and providing education and business training to employees, etc., in accordance with the instructions of the Chairman of the Board and the provisions of these regulations.
４.　The facility director shall regularly evaluate and review or improve the measures necessary for proper management.
５.　The facility director may delegate some of the measures necessary for the proper management of personal information to employees in charge of each business.

(Handling complaints)

Article 19: The Corporation shall establish the necessary system for handling complaints regarding the handling of personal information (hereinafter referred to as "complaints"), and shall endeavor to respond appropriately and promptly when a complaint is received.
２　The person responsible for handling complaints shall be the facility director.
３　The facility director may delegate the task of handling complaints to an employee. In such cases, the employee shall be designated in advance, and the scope of their duties shall be clearly defined.

(Obligations of Employees)
Article 20: Employees or former employees of the corporation shall not disclose to any third party, nor use for any improper purpose, any personal information acquired in the course of their duties.
２　Employees or former employees of the corporation shall also endeavor to comply strictly with applicable laws and regulations regarding the protection of privacy information.

Chapter 8 Miscellaneous Provisions

(Violation of these regulations)
Article 21 If a violation of these regulations is discovered, the organization will take disciplinary action against the violating employee in accordance with the provisions of the work regulations.

(Coordination with other systems, etc.)
Article 22 The provisions of Chapter 6 do not apply in cases where an individual is entitled to have his/her personal information disclosed or corrected pursuant to the provisions of laws, regulations or other rules.

(Exclusions)
Article 23 These regulations do not apply to personal information related to personnel, salary, and employee benefits of employees or former employees of the corporation, or other personal information determined by the corporation.

(Form)
Article 24: The necessary forms pursuant to these regulations shall be determined separately by the Chairman of the Board of Directors.

Supplementary ProvisionsThis regulation shall come into effect on April 1, 2007.

Privacy Policy

The Meiwakai Social Welfare Corporation (hereinafter referred to as the Corporation) strives to protect personal information in accordance with the following policies.

Based on the principle of respecting the individuality of each individual, the corporation will comply with relevant laws and regulations and handle personal information with care in all of its business operations.
The Corporation will acquire personal information in a lawful and proper manner.
The Corporation will specify the purpose of use of personal information as specifically as possible and will only use personal information within the scope of that purpose.
The Corporation will not provide personal information to external parties without the prior consent of the individual, except within the scope previously specified or as required by laws and regulations.
The Corporation will take appropriate measures to keep personal information accurate and to prevent leakage, loss, damage, etc.
The Company acknowledges that individuals have the right to request the disclosure, correction, addition, deletion, or suspension of use of their personal information, and will respond promptly to any such requests.
If there is a complaint about the handling of personal information, the Company will respond promptly and appropriately.
The Corporation will take appropriate measures to protect personal information and will endeavor to raise awareness of personal information protection among its executives and employees.
In order to implement this policy, the Corporation will establish personal information protection regulations, thoroughly inform all officers and employees of these regulations, and ensure their implementation.