Disclosure based on Act on the Protection of Personal Information
1. Definition of Personal Information
Advantage Risk Management Co. Ltd (hereinafter referred to as "ARM") considers "personal information" as information on individuals (name, birth date, other information that can identify specific individual), information such as e-mail address, user ID and password, credit card information used together with a specific individual, attribute information such as hobby, family composition, age, those are combined with specific individual.
2. ARM's Business Field and the Collection of Personal Information
ARM acquires personal information within the scope necessary to satisfy the following operational objectives.
Personal information will not be acquired by deceit or other improper means.
- （1）Mental Health Management
Comprehensive support program for all of the following purpose, prevention of mental health decline, recovery from mental suffer, and continuous support after reinstatement
Improvement of customers, business partners Improvement for Operational support, assessment, training, analysis, Education program
Health management support relating services of occupational health
Assessment for measurement of EI(Emotional Intelligence Quotient) , and the training program
- （2）Disability Support Service
Implementation and operational support for GLTD (Group Long Term Disability) insurance system
Workplace return programs for long-term absentees
Operation of the management systems for long-term absentees, establishment of the accident and sickness information database
- （3）Risk Financing
Provision of comprehensive services covering various types of insurance
【Acquisition of Personal Information】
ARM acquires personal information in the following means.
We do not use tools such as cookies or web beacons which could not be identified easily.
- （1）Acquired method by information that site visitors register on our web server.
- （2）Acquisition method in an interview with the person.
- （3）Acquisition method by telephone with the person.
- （4）Method provided based by Outsourcing from Client companies/organizations.
- （5）Method provided based on an agency consignment contract with an insurance company.
- （6）Acquisition method by information of business card or e-mail signature.
3.Utilization Purpose of All Personal information
（excluding instances that do not apply to Personal Information Protection Law Article 21 Paragraph 4 Item 1 to 4）
|Personal information||Utilization Purpose|
|（1）Personal information subject to disclosure||
Mental Health Management
Disability Support Service
|（2）Personal information provided based on contracting
(not subject to disclosure)
|（3）Personal information, as pertained to person in charge and related persons of business partners||
|（4）Personal information, as pertained to shareholders||
|（5）Personal information, as pertained to participants that events hosted/co-sponsored/exhibit by us.（This includes survey information.）||
|（6）Personal information, as pertained to individuals looking for employment within ARM||
|（7） Personal information, as pertained to those who made inquiries or visits to the company, other than those listed above||
4．Utilization Purpose of Individual Number and Specific Personal Information
|Type of Specific Personal Information||Utilization Purpose|
|（1）Specific Personal Information as pertained to ARM shareholders||Clerical documents such as statutory reports including payment records of dividends|
|（2）Specific Personal Information as pertained to individual business operator||Clerical documents such as statutory reports including payment records of compensation, fees, and contracted payments to individual business operator (tax accountants, lawyers, training lecturers, etc.)|
5. Restrictions on Utilization Personal Information
ARM does not handle personal information for purposes beyond the necessary scope to achieve a utilization purpose without obtaining in advance a principal's consent. In the event that personal information was acquired because of a merger or other reason, ARM does not handle the personal information for purposes beyond the necessary scope to achieve a utilization purpose. This provision shall not apply to those cases set forth in the following.
- （1）Cases based on laws and regulations
- （2）Cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain a principal's consent
- （3）Cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a principal's consent
- （4）Cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal's consent would interfere with the performance of the said affairs
6. Altering Utilization Purpose of Personal Information
ARM does not alter utilization purpose beyond the scope recognized reasonably relevant to the pre-altered utilization purpose. ARM informs a principal of, or disclose to the public, a post-altered utilization purpose.
7. Security Control of Personal Information ・ Supervision over Employees
ARM will take the following security control measures to ensure the proper handling of personal data.
- （1）Formulation of basic policy
- To ensure the proper handling of personal data as an organization, ARM have established a Personal Data Protection Policy.
- （2）Discipline for the handling of personal data
- ARM will establish rules for the handling of personal data, including handling methods, responsible persons/persons in charge and their duties, for each stage of acquisition/input, use/processing, storage/preservation, transfer/transmission, deletion/disposal, and response to leakage incidents, etc.
- （3）Systematic security control measures
- ARM will appoint a person responsible for the handling of personal data, and clarify the employees who handle personal data and the scope of personal data handled by such employees.
- ARM will establish a system that reporting and communicating to the person in charge when the fact or sign of violation of the law or handling rules is detected, and reporting and communicating to the person in charge in the event that a case or indication of leakage, etc. of personal data is detected.
- ARM will conduct periodic self-inspections of the status of personal information handling, as well as audits by other divisions and external parties.
- （4）Human security control measures
- ARM will provide periodic training to its employees on matters to be considered in the handling of personal data.
- ARM has a confidentiality policy for personal data that is included in its employment regulations.
- （5）Physical security control measures
- In the areas where personal data is handled, ARM will control the access of employees, limit the equipment they bring into the areas, and implement measures to prevent unauthorized persons from accessing personal data.
- ARM will take measures to prevent theft or loss of equipment, electronic media, and documents that handle personal data, and implement measures to prevent personal data from being easily discovered when such equipment, electronic media, etc. are carried, including within the office.
- When documents, equipment, electronic media, etc. containing personal data are disposed of, measures will be taken to ensure that personal data cannot be recovered.
- （6）Technical security control measures
- Access control is implemented to limit the scope of persons in charge and the personal information databases handled.
- ARM have put in place mechanisms to protect information systems that handle personal data from unauthorized external access or unauthorized software.
- （7）Understanding the external environment
- In the event that it is necessary to provide personal data to a third party in a foreign country, ARM will implement security control measures based on our understanding of the systems for the protection of personal data in the country to which the data will be provided. ARM does not provide personal data to third parties in foreign countries.
8. Supervision over a Trustee
ARM exercises necessary and appropriate supervision over an entrusted person based on the signed non-disclosure agreement so as to seek the security control of the personal information of which the handling has been entrusted, in case of entrusting a whole or part of the handling of personal data.
9. Restriction on Third Party Provision
（1）ARM does not provide personal information to a third party without obtaining in advance a principal's consent, except in those cases set forth in the following.
- ① Cases based on laws and regulations
- ② Cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain a principal's consent
- ③ Cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a principal's consent
- ④ Cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal's consent would interfere with the performance of the said affairs
（2） In those cases set forth in the following, a person receiving the provision of the personal information shall not fall under a third party in regard to applying the provisions of preceding paragraph.
- ① Cases in which personal information is provided accompanied by ARM entrusting a whole or part of the handling of the personal information within the necessary scope to achieve a utilization purpose
- ② Cases in which personal information is provided accompanied with business succession caused by a merger or other reason
- ③ Cases in which personal information to be jointly utilized by a specified person is provided to the specified person, and when a principal has in advance been informed or a state has been in place where a principal can easily know to that effect as well as of the categories of the jointly utilized personal data, the scope of a jointly utilizing person, the utilization purpose for the utilizing person and the name or appellation of a person responsible for controlling the said personal data
（3） ARM in advance informs a principal of the contents to be altered or put them into a state where a principal can easily know, in case of altering a utilization purpose for a utilizing person or the name or appellation of a person responsible for controlling personal information.
10. Joint Utilization
ARM jointly uses personal information provided by customer companies and organizations in the Advantage EAP service as follows.
- （1）Jointly utilizing person
Tokio Marine & Nichido Medical Service Co. Ltd
- （2）Jointly utilized personal information
Employees' name, date of birth, gender, email address, employee number, department name, and other data needed for analysis.
- （3）Utilization purpose
① Stress checks, counseling etc. as a result of Psychological Health Checkup eMe results
② Preparation of statistical materials and academic research documents, improvements to Advantage EAP Service from which specific individuals cannot be identified (not personal information)
- （4）Person responsible for controlling personal information.
ADVANTAGE Risk Management Co., Ltd.
ARM will share the personal information provided by client companies/organizations in the mentality management business as follows.
- （1）Jointly utilizing person
National Institute of Occupational Safety and Health, Japan
- （2）Jointly utilized personal information（Restricted to the personal information of individuals that was gave their consent for participation to our cohort study）
Results of health check, time and attendance information, health insurance claims data
Responses for the stress check and results of analysis: Individual responses to questions (stress check) about stress and satisfaction and their analysis results
- （3）Utilization purpose
For the purpose of using data in academic researches such as a cohort study and improvement of public health
- （4）Person responsible for controlling personal information.
ADVANTAGE Risk Management Co., Ltd.
11. Disclosure, Correction, Deletion and Cease utilization of Personal Information
In the event that a principal requests to disclose, correct, delete or cease utilization of personal information, ARM will take action without undue delay unless there is a special reason, confirming that the requesting person is the principal. However, ARM will not be able to respond to the request where the request falls under any of each following item. In such instances, the individual will be notified of the reasons without undue delay.
- （1）Cases in which there is a possibility of harming a principal or third party's life, body, fortune or other rights and interests
- （2）Cases in which there is a possibility of interfering seriously with ARM implementing its business properly
- （3）Cases of violating other laws or regulations
- （4）Cases in which the personal information requested to be disclosed, corrected, deleted or cessation the utilization is not subject to disclosure
As most of the personal information handled by ARM is sensitive information, in principle, the information is only disclosed to the principal and its family.
【Procedure for Responding to a Demand etc. for Disclosure etc.】
- （1）Contact Point for Requests
Please contact the contact point indicated in section 14.
- （2）Individuals Making Requests
Requests may only be made by the principal and its family, and proper ID verification will be required.
An agent of a principal is requested to provide proper documentation (letter of proxy, proof of relationship such as public form of identification. Responses will be sent only to the principal or its family.
In principle, responses will be sent by mail to the principal or its family.
12. Production of anonymously processed information and provision anonymously processed information to third party
ARM produces anonymously processed information not to be able to identify a specific individual from the information. ARM also plan to continue to produce similar anonymously processed information continuously.
ARM provides anonymously processed information as analyzable data to ARM group companies and third parties for research and improvement our services.
The categories of information concerning an individual contained in anonymously processed information to be provided to a third party are as follows.
- Company information
- Gender / Age / Employment information
- Individual stress checkup result
- Medical checkup/Attendance information/medical insurance claims/Lifestyle habit/productivity
13.Acquisition and Utilization of Attributes and behavior information not specifying individuals
This website records customer access information via access log. The access log recorded on this website includes pages visited, domain name and IP address, source information, type of browser used, access date and time, and cookies. The access log cannot necessarily be used to identify a specific individual, but may be used as customer information.
Cookies refer to information such as usage records send from the server and saved as files in the users' computers. In certain instances ARM may send cookies in conjunction with tools such as web beacon in order to gain information such as the number of website users and traffic research, but personal information will never be stored in cookies.
※Cookies can be disabled in browser settings. If disabled, contents and services provided by ARM may be partially restricted.
Please contact the following for complaints or inquiries regarding the handling of personal information.
Updated April 1, 2022