Public Notice

Disclosure based on Act on the Protection of Personal Information

1. Definition of Personal Information

Advantage Risk Management Co. Ltd (hereinafter referred to as "ARM") considers "personal information" as information on individuals (name, birth date, other information that can identify specific individual), information such as e-mail address, user ID and password, credit card information used together with a specific individual, attribute information such as hobby, family composition, age, those are combined with specific individual.

2. ARM's Business Field and the Collection of Personal Information

ARM acquires personal information within the scope necessary to satisfy the following operational objectives.
Personal information will not be acquired by deceit or other improper means.

【Business Field】

  • (1)Mental Health Management
    Comprehensive support program for all of the following purpose, prevention of mental health decline, recovery from mental suffer, and continuous support after reinstatement
    Improvement of customers, business partners Improvement for Operational support, assessment, training, analysis, Education program
    Health management support relating services of occupational health
    Assessment for measurement of EI(Emotional Intelligence Quotient) , and the training program
  • (2)Disability Support Service
    Implementation and operational support for GLTD (Group Long Term Disability) insurance system
    Workplace return programs for long-term absentees
    Operation of the management systems for long-term absentees, establishment of the accident and sickness information database
  • (3)Risk Financing
    Provision of comprehensive services covering various types of insurance

【Acquisition of Personal Information】

ARM acquires personal information in the following means.
We do not use tools such as cookies or web beacons which could not be identified easily.

  • (1)Acquired method by information that site visitors register on our web server.
  • (2)Acquisition method in an interview with the person.
  • (3)Acquisition method by telephone with the person.
  • (4)Method provided based by Outsourcing from Client companies/organizations.
  • (5)Method provided based on an agency consignment contract with an insurance company.
  • (6)Acquisition method by information of business card or e-mail signature.

3.Utilization Purpose of All Personal information

(excluding instances that do not apply to Personal Information Protection Law Article 21 Paragraph 4 Item 1 to 4)

Personal information Utilization Purpose
(1)Personal information subject to disclosure
Mental Health Management
  1. Operational support, assessment, training, analysis, Education program, and consultation(including doctor interview, counseling, etc..) relating services of mental health, skill development, and corporate activation, and Health management support
  2. Preparation of statistical materials and academic research documents, from which specific individuals cannot be identified
  3. Improvement our services relating mental health, skill development, corporate activation, and Health management support
  4. Responding to inquiries and requests
  5. Sending requested materials
  6. Provision of information on various events and seminars
    • Information may be provided to contractors within the scope necessary for completing the preceding objectives.
    • Regarding Advantage EAP (Psychological Health Checkup eMe), information is shared with Tokio Marine Nichido within the scope necessary for the purpose of completing the preceding objectives.
    • Regarding Advantage EAP named "eMe", information may be provided to Tokio Marine & Nichido Medical Service Co.,Ltd.
      within the scope necessary for completing the preceding objectives.
Disability Support Service
  1. Signing and managing contract with insurance companies, collecting insurance fees, and supporting for payment of insurance benefits
  2. Provision of a management system for long-term absentees,
  3. Statistical materials, from which specific individuals cannot be identified
  4. Provision of information on various events and seminars
  5. Responding to inquiries and requests
  6. Sending electronic direct mail
    • Personal information may be shared with our business partners in order to propose information on various insurance companies' products and services.
    • Information may be provided to contractors within the scope necessary for completing the preceding objectives.
Risk Financing
  1. Signing and managing contract with insurance companies, collecting insurance fees, and supporting for payment of insurance benefits
  2. Provision of information on various events and seminars
  3. Responding to inquiries and requests
    • Personal information may be shared with our business partners in order to propose information on various insurance companies' products and services
    • Information may be provided to contractors within the scope necessary for completing the preceding objectives.
(2)Personal information provided based on contracting
(not subject to disclosure)
  1. Executing contracted duties
  2. Executing communication, cooperation, negotiation, and contract agreements of business field stated in section 2
  3. Proposing and provision of other products and services
  4. Responding to inquiries and requests
    • Information may be provided to insurance companies and contractors for completing the preceding objectives
(3)Personal information, as pertained to person in charge and related persons of business partners
  1. Executing communication, cooperation, negotiation, and contract agreements of business field stated in section 2
  2. Proposing and provision of other products and services
  3. Preparing quotations
  4. Responding to inquiries and requests
  5. ending requested materials
  6. Sending electronic direct mail
(4)Personal information, as pertained to shareholders
  1. Exercise of rights and fulfillment of obligations under the Companies Act
  2. Granting shareholder benefits
  3. Executing various measures to ensure a harmonious relationship between shareholders and ARM
  4. Shareholder management such as preparing shareholder data based on various laws
  5. Responding to inquiries and requests
  6. Sending requested materials
(5)Personal information, as pertained to participants that events hosted/co-sponsored/exhibit by us.(This includes survey information.)
  1. Provision of event related information
  2. Provision of information on relevant products and services of business field stated in section 2
  3. Preparing quotations
  4. Responding to inquiries and requests
  5. Sending requested materials
  6. Sending electronic direct mail
    • Information may be provided to contractors for completing the preceding objectives
(6)Personal information, as pertained to individuals looking for employment within ARM
  1. Communication and information, as well as recruitment selection
  2. Updating the ARM corporate website for those interested in employment
(7) Personal information, as pertained to those who made inquiries or visits to the company, other than those listed above
  1. Responding to inquiries and requests
  2. Sending requested materials
  3. Sending electronic direct mail

4.Utilization Purpose of Individual Number and Specific Personal Information

Type of Specific Personal Information Utilization Purpose
(1)Specific Personal Information as pertained to ARM shareholders Clerical documents such as statutory reports including payment records of dividends
(2)Specific Personal Information as pertained to individual business operator Clerical documents such as statutory reports including payment records of compensation, fees, and contracted payments to individual business operator (tax accountants, lawyers, training lecturers, etc.)

5. Restrictions on Utilization Personal Information

ARM does not handle personal information for purposes beyond the necessary scope to achieve a utilization purpose without obtaining in advance a principal's consent. In the event that personal information was acquired because of a merger or other reason, ARM does not handle the personal information for purposes beyond the necessary scope to achieve a utilization purpose. This provision shall not apply to those cases set forth in the following.

  • (1)Cases based on laws and regulations
  • (2)Cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain a principal's consent
  • (3)Cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a principal's consent
  • (4)Cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal's consent would interfere with the performance of the said affairs

6. Altering Utilization Purpose of Personal Information

ARM does not alter utilization purpose beyond the scope recognized reasonably relevant to the pre-altered utilization purpose. ARM informs a principal of, or disclose to the public, a post-altered utilization purpose.

7. Security Control of Personal Information ・ Supervision over Employees

ARM will take the following security control measures to ensure the proper handling of personal data.

  • (1)Formulation of basic policy
    • To ensure the proper handling of personal data as an organization, ARM have established a Personal Data Protection Policy.
  • (2)Discipline for the handling of personal data
    • ARM will establish rules for the handling of personal data, including handling methods, responsible persons/persons in charge and their duties, for each stage of acquisition/input, use/processing, storage/preservation, transfer/transmission, deletion/disposal, and response to leakage incidents, etc.
  • (3)Systematic security control measures
    • ARM will appoint a person responsible for the handling of personal data, and clarify the employees who handle personal data and the scope of personal data handled by such employees.
    • ARM will establish a system that reporting and communicating to the person in charge when the fact or sign of violation of the law or handling rules is detected, and reporting and communicating to the person in charge in the event that a case or indication of leakage, etc. of personal data is detected.
    • ARM will conduct periodic self-inspections of the status of personal information handling, as well as audits by other divisions and external parties.
  • (4)Human security control measures
    • ARM will provide periodic training to its employees on matters to be considered in the handling of personal data.
    • ARM has a confidentiality policy for personal data that is included in its employment regulations.
  • (5)Physical security control measures
    • In the areas where personal data is handled, ARM will control the access of employees, limit the equipment they bring into the areas, and implement measures to prevent unauthorized persons from accessing personal data.
    • ARM will take measures to prevent theft or loss of equipment, electronic media, and documents that handle personal data, and implement measures to prevent personal data from being easily discovered when such equipment, electronic media, etc. are carried, including within the office.
    • When documents, equipment, electronic media, etc. containing personal data are disposed of, measures will be taken to ensure that personal data cannot be recovered.
  • (6)Technical security control measures
    • Access control is implemented to limit the scope of persons in charge and the personal information databases handled.
    • ARM have put in place mechanisms to protect information systems that handle personal data from unauthorized external access or unauthorized software.
  • (7)Understanding the external environment
    • In the event that it is necessary to provide personal data to a third party in a foreign country, ARM will implement security control measures based on our understanding of the systems for the protection of personal data in the country to which the data will be provided. ARM does not provide personal data to third parties in foreign countries.

8. Supervision over a Trustee

ARM exercises necessary and appropriate supervision over an entrusted person based on the signed non-disclosure agreement so as to seek the security control of the personal information of which the handling has been entrusted, in case of entrusting a whole or part of the handling of personal data.

9. Restriction on Third Party Provision

(1)ARM does not provide personal information to a third party without obtaining in advance a principal's consent, except in those cases set forth in the following.

  • ① Cases based on laws and regulations
  • ② Cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain a principal's consent
  • ③ Cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a principal's consent
  • ④ Cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal's consent would interfere with the performance of the said affairs

(2) In those cases set forth in the following, a person receiving the provision of the personal information shall not fall under a third party in regard to applying the provisions of preceding paragraph.

  • ① Cases in which personal information is provided accompanied by ARM entrusting a whole or part of the handling of the personal information within the necessary scope to achieve a utilization purpose
  • ② Cases in which personal information is provided accompanied with business succession caused by a merger or other reason
  • ③ Cases in which personal information to be jointly utilized by a specified person is provided to the specified person, and when a principal has in advance been informed or a state has been in place where a principal can easily know to that effect as well as of the categories of the jointly utilized personal data, the scope of a jointly utilizing person, the utilization purpose for the utilizing person and the name or appellation of a person responsible for controlling the said personal data

(3) ARM in advance informs a principal of the contents to be altered or put them into a state where a principal can easily know, in case of altering a utilization purpose for a utilizing person or the name or appellation of a person responsible for controlling personal information.

10. Joint Utilization

ARM jointly uses personal information provided by customer companies and organizations in the Advantage EAP service as follows.

  • (1)Jointly utilizing person
    Tokio Marine & Nichido Medical Service Co. Ltd
  • (2)Jointly utilized personal information
    Employees' name, date of birth, gender, email address, employee number, department name, and other data needed for analysis.
  • (3)Utilization purpose
    ① Stress checks, counseling etc. as a result of Psychological Health Checkup eMe results
    ② Preparation of statistical materials and academic research documents, improvements to Advantage EAP Service from which specific individuals cannot be identified (not personal information)
  • (4)Person responsible for controlling personal information.
    ADVANTAGE Risk Management Co., Ltd.
    https://www.armg.jp/english/#aboutus

ARM will share the personal information provided by client companies/organizations in the mentality management business as follows.

  • (1)Jointly utilizing person
    National Institute of Occupational Safety and Health, Japan
  • (2)Jointly utilized personal information(Restricted to the personal information of individuals that was gave their consent for participation to our cohort study)
    Results of health check, time and attendance information, health insurance claims data
    Responses for the stress check and results of analysis: Individual responses to questions (stress check) about stress and satisfaction and their analysis results
  • (3)Utilization purpose
    For the purpose of using data in academic researches such as a cohort study and improvement of public health
  • (4)Person responsible for controlling personal information.
    ADVANTAGE Risk Management Co., Ltd.
    https://www.armg.jp/english/#aboutus

11. Disclosure, Correction, Deletion and Cease utilization of Personal Information

In the event that a principal requests to disclose, correct, delete or cease utilization of personal information, ARM will take action without undue delay unless there is a special reason, confirming that the requesting person is the principal. However, ARM will not be able to respond to the request where the request falls under any of each following item. In such instances, the individual will be notified of the reasons without undue delay.

  • (1)Cases in which there is a possibility of harming a principal or third party's life, body, fortune or other rights and interests
  • (2)Cases in which there is a possibility of interfering seriously with ARM implementing its business properly
  • (3)Cases of violating other laws or regulations
  • (4)Cases in which the personal information requested to be disclosed, corrected, deleted or cessation the utilization is not subject to disclosure
    As most of the personal information handled by ARM is sensitive information, in principle, the information is only disclosed to the principal and its family.

【Procedure for Responding to a Demand etc. for Disclosure etc.】

  • (1)Contact Point for Requests
    Please contact the contact point indicated in section 14.
  • (2)Individuals Making Requests
    Requests may only be made by the principal and its family, and proper ID verification will be required.
    An agent of a principal is requested to provide proper documentation (letter of proxy, proof of relationship such as public form of identification. Responses will be sent only to the principal or its family.
  • (3)Responses
    In principle, responses will be sent by mail to the principal or its family.

12. Production of anonymously processed information and provision anonymously processed information to third party

ARM produces anonymously processed information not to be able to identify a specific individual from the information. ARM also plan to continue to produce similar anonymously processed information continuously.
ARM provides anonymously processed information as analyzable data to ARM group companies and third parties for research and improvement our services.

The categories of information concerning an individual contained in anonymously processed information to be provided to a third party are as follows.

  • Company information
  • Gender / Age / Employment information
  • Individual stress checkup result
  • Medical checkup/Attendance information/medical insurance claims/Lifestyle habit/productivity

13.Acquisition and Utilization of Attributes and behavior information not specifying individuals

This website records customer access information via access log. The access log recorded on this website includes pages visited, domain name and IP address, source information, type of browser used, access date and time, and cookies. The access log cannot necessarily be used to identify a specific individual, but may be used as customer information.
Cookies refer to information such as usage records send from the server and saved as files in the users' computers. In certain instances ARM may send cookies in conjunction with tools such as web beacon in order to gain information such as the number of website users and traffic research, but personal information will never be stored in cookies.

※Cookies can be disabled in browser settings. If disabled, contents and services provided by ARM may be partially restricted.

14. Contact

Please contact the following for complaints or inquiries regarding the handling of personal information.

Updated April 1, 2022