Protection of Personal Information

Basic Policy on Protection of Personal Information

In order to fulfill its social responsibilities as a packaging material manufacturer and earn the trust of its customers and other stakeholders, Toin Corporation ("the Company") recognizes that it has a serious responsibility to protect personal information relating to its clients, suppliers, shareholders, executives, employees, and other individuals in an appropriate manner. Accordingly, it has formulated the present policy and strives to protect their personal information based on it.

The Company adheres to the basic policies stipulated below:

  1. The Company shall respect individual privacy and abide by the obligations stipulated in the Act on the Protection of Personal Information, related laws and regulations, and the guidelines published by the Personal Information Protection Commission, 1 as well as the present policy on protection of personal information.

    *1 The Company shall respect individual privacy and abide by the obligations stipulated in the Act on the Protection of Personal Information, related laws and regulations, and the guidelines published by the Personal Information Protection Commission, 1 as well as the present policy on protection of personal information.
    •Monitoring of specific personal information, supervision, mediation of complaints, assessment of specific personal information protection, formulating and promoting basic policies relating to personal information protection, international cooperation, public relations/education, etc.

  2. When obtaining personal information, the Company shall clearly specify the purpose for which it will be used, announce said usage or communicate it to the individual in question, and handle personal information only to the extent required to accomplish the relevant usage purpose solely if advance consent has been received from the individual or in cases where it is required by law.
  3. In order to prevent wrongful access, loss, falsification, leakage, etc. of personal information possessed by the Company, the Company shall manage information appropriately by implementing safety management measures deemed reasonable and necessary in light of technology standards at the present time and make improvements to them as necessary. Furthermore, in the event that a problem arises, the Company shall address it promptly.
  4. In order to earn the trust of customers and other stakeholders, the Company shall perform rigorous management of personal information received from them and strive to maintain accurate, complete, and up-to-date personal information to the extent required to accomplish the usage purpose that was announced or communicated to the individual.
  5. The Company shall establish an internal system for protecting personal information, manage and implement it in a rigorous manner, and make improvements as required.

Formulated April 1, 2005
Revised November 30, 2018
Kimiaki Haru
President & CEO
Toin Corporation

Handling of Personal Information

1. Definition

In the present policy on protection of personal information, based on the Act on the Protection of Personal Information, "personal information" refers to information concerning a living person that makes it possible to identify the specific individual based on the details that are included, such as the name and date of birth, or that includes an individual identification code.*2 All information that cannot identify a specific individual on its own but which could do so if combined with other information shall be treated as personal information.

*2 "Individual identification code" refers to items stipulated in Article 1 of the Cabinet Order to Enforce the Act on the Protection of Personal Information. The following items are included in this definition:
1. a) a base sequence constituting DNA; b) facial structure, skin color, and facial features determined by the position and shape of the eyes, nose, mouth, or other facial elements; c) a linear pattern formed by the undulations on the surface of an iris; d) vibrations of the vocal cords, opening and closing of the glottis, the shape of the vocal tract and changes in it; e) bodily posture, arm movements, stride length, and other physical characteristics while walking; f) the shape of veins determined by the junctions and endpoints of subcutaneous veins on the palms, backs of the hands, or fingers; and g) fingerprints or palm prints.
2. Passport number, basic pension number, driver's license number, resident record code, or individual number
3. Any indicated characters, numbers, symbols, or other codes that differentiate individual recipients of insurance cards issued under the national health insurance plan, the medical insurance system for the elderly aged 75 or over, or long-term care insurance

2. Obtaining Personal Information

When obtaining personal information, the Company shall specify the usage purpose and announce it or communicate it to the individual in question, and it shall also explicitly mention all other cases where the Company deems provision of personal information to be necessary or its provision is mandated by law. Personal information requiring special care,3 such as information about an individual's ethnicity or beliefs, shall not be obtained without the individual's consent. In cases where personal information is obtained from a third party, the Company shall comply with any legal obligations to verify the name of the provider, the manner in which they obtained the information, etc., and to keep records.

*3 "Personal information requiring special care" refers to information stipulated in Article 2-3 of the Act on the Protection of Personal Information and Article 2 of the Cabinet Order to Enforce the Act on the Protection of Personal Information.

3. Usage Purposes

For the purposes stipulated in the items below, the Company may, in the course of executing its operations, receive personal information from customers and other stakeholders, such as their name, email address, phone number, address, occupation, etc., via face-to-face meetings with Company employees, trade shows and other events, the Company website, and so forth. However, the Company may modify said purposes if it may reasonably be deemed that there is a correlation with the purposes stipulated below. In such a case, it shall clearly indicate that it has done so by notifying the individual via a method such as email or by mailing them a written document or making an announcement via an appropriate method, such as posting a notice on its website.
1. To provide various types of information to customers and other stakeholders, including information about products and services offered by the Company, its contractors, etc., and support information
2. To respond to inquiries from customers and other stakeholders
3. To send documents, etc., that have been requested

4. Provision of Information to Contractors

The Company may outsource the handling of personal information either in whole or in part. In such a case, the Company shall provide personal information received from customers to the contracted party to the extent required to accomplish its usage purpose. If providing personal information to a contractor, the Company shall verify beforehand whether said contractor has published a privacy policy relating to the protection of personal information, acquired Privacy Mark certification or the like, and implemented appropriate safety management measures. The Company shall also mandate, by means of a contract or the like, that the contractor who receives the personal information not leak it, provide it to a third party, or handle it in any other inappropriate manner, and the Company shall ensure appropriate supervision, etc.

5. Provision to Third Parties

Except in cases where required by law, the Company shall not provide personal information to a third party without the individual's consent.

6. Enhancement of Internal System and Education

For the purpose of handling personal information appropriately, the Company shall establish internal regulations relating to the protection of personal information and continuously strive to strengthen and improve its internal system by implementing appropriate internal auditing and in-house education of executives and employees.

7. Request

If the Company receives a request regarding the handling of personal information, including its disclosure, revision, deletion, and cessation of use, it shall respect the rights of the individual whom the personal information concerns and, based on the stipulations of the law, respond to the request within a reasonable timeframe via the following contact point.

Page top