Toyota Systems Corporation (hereinafter referred to as the “Company”) will comply with the obligations stipulated by relevant law and regulations including Personal Information Protection Law, other related laws and regulations concerning the protection of personal information, and the Guidelines based upon the Protection of Personal Information in Telecommunications Businesses (Public Notice No. 152 of the Ministry of Internal Affairs and Communications in 2017), in order that the Company shall properly protect the personal information provided by customers. In addition to this, the Company shall formulate the following policies and endeavor to properly handle and protect personal information in accordance therewith.
1. Compliance with Laws and Regulations
With respect to the acquisition, use, and any other handling of customer’s personal information, the Company shall comply with the obligations stipulated by relevant law and regulations including Act on the Protection of Personal Information and Telecommunications Business Act relating to protection of secrecy, and by the guideline for the protection of personal information in the telecommunications business (hereinafter referred to as the “Guideline”) and comply with this policy.
2. Identification and Publication of Purpose of Use
The Company shall endeavor as much as possible to identify the purpose of use of customer’s personal information, and make it publication in advance. In addition to this, in the case that the Company directly obtains Customer’s personal information described on documents such as contract and so on, the Company shall clarify the purpose of using it to customer in advance. The purpose of use of information is stipulated on ＜Appendix 1＞
3. Use within the Scope of the Purpose of Use
The Company shall use customer’s personal information only to the necessary to achieve the purpose of use which is identified in advance and published. Provided, however, that, in the case that the use corresponds to the use defined on any one of items of Paragraph 3 of Article 5 (Restriction due to Utilization Purposes) of the Guideline, the Company may use customer’s personal information (excluding information related to communication secrecy) beyond the scope necessary for achieving the purpose of use which is identified and published in advance.
4. Record Period
The Company shall determine the record period of customer’s personal information within the limits necessary to the purpose of use, and after the record period expires or the purpose of use is achieved, the Company shall delete customer’s personal information without delay. However, this does not apply to the case that corresponds to each item of Paragraph 1 of Article 10 (Maintaining Period, etc.) of the Guidelines.
5. Security Control Measures
The Company shall take efforts to keep customer’s personal information in accurate and up-to-date condition, and take the necessary and appropriate security control measures in order to protect customer’s personal information against unauthorized access, tampering, leakage, loss and damage.
6. Supervision of Employees
The Company shall conduct the necessary and appropriate management to its employees in order to ensure customer’s personal information in the safe environment. Further, the Company will conduct the necessary training to its employees so that customer’s personal information can be safely protected.
7. Supervision of Consignee
The Company may consign the handling of all or part of customer’s personal information to a third party within the scope of the purpose of use. In this case, when selecting a consignee, the Company shall confirm that the consignee appropriately handles personal information, and shall specify the items related to the proper handling of personal information in the consignment contract and request the consignee to appropriately handle such personal information. In addition, the contract includes items related to auditing of the handling of personal information, and the Company provides necessary and appropriate supervision to the consignee.
8. Specific Handling of Telecommunications Services, etc.
The Company may, within the scope of the Purpose of Use defined above, obtain personal information from you orally, in writing (including application forms, electromagnetic records, and web screens, etc.), by sound or visual recording, by mechanical or electromagnetic means, or by any other appropriate means, and by legal and fair means. When responding to calls with customers, the Company may record calls in order to accurately understand customer’s comments, requests, inquiries, and other information, and to improve service in the future.
9. Provision to Third Parties
Except for cases listed in each item of Paragraph 1 of Article 15 (Restriction on Personal Information Provision to a Third Party) of the Guidelines, the Company shall not, without the consent of the customer, provide its personal information to any third party.
10. Request for Disclosure, etc.
In the case that customer wishes to notify the purpose of use of personal information or disclose or correct, add, or delete personal information, or discontinue use or provide personal information to a third party, please follow the procedures separately defined by the Company. See ＜Appendix 2＞ as to procedures to request its disclosure etc.
11. Handling of Complaints
The Company shall respond promptly and appropriately to customer’s complaints and other inquiries regarding the handling of personal information. Complaints and other inquiries are accepted at the following group:
Information Security Promotion Committee Secretariat, Toyota Systems Corporation
Phone: +81-52-747-7111 (weekday 9:00 to 17:00)
12. Response to Leakages
In the event of leakage of customer’s personal information, the Company will respond in accordance with Public Notice No. 1 of the Personal Information Protection Committee 2017, including prompt notification of the fact to the customer.
13. Continuous improvement
The Company will continuously improve the handling of personal information within the Company through the development of internal rules concerning the protection of personal information, employee education, and internal audits.
14. Handling of Personal Information on the Company’s Web Site
Customer can use the Company’s website without disclosing customer’s personal information. Customer’s personal information is not collected simply by browsing.
The Company shall not be responsible for protecting customer’s personal information on a third-party website linked to the Company’s website.
15. About Cookies and Web Beacons
On the Company’s website, cookies and web beacons are sometimes used in order to enhance customer’s convenience. With cookies, customer cannot be identified as a specific individual unless customer enters customer’s own personal information on the website, and customer remains anonymous. Customer can also set customer’s browser to refuse to receive cookies. In addition, the Web Beacon is used to count the number of pages visited by a customer and create statistical data. It does not have the function to identify a specific individual.
Established on January 1, 2019
Amended on September 18, 2020
Toyota Systems Corporation
President Hiroaki Kitazawa