アドバンテッジ リスクマネジメント

Public Notice

Disclosure based on Act on the Protection of Personal Information

1. Definition of Personal Information

Advantage Risk Management Co. Ltd. (hereinafter referred to as "ARM") considers "personal information" as information on individuals (name, birth date, and other information that can identify a specific individual), information such as e-mail address, user ID and password, and credit card information linked with a specific individual, and attributes that make up personal information such as hobby, family composition, age, and other personal information.

2. ARM's Business Field and the Collection of Personal Information

ARM acquires personal information within the scope necessary to satisfy the following operational objectives.
Personal information will not be acquired by deceit or other improper means.

【Business Field】

  • (1) Mental Health Management
    Comprehensive support program for all of the following purposes: prevention of mental health decline, recovery from mental suffering, and continuous support after reinstatement
    Assessment, providing Education programs, consulting, and operational support to improve the productivity of Client companies/organizations
    Health management support related to services of occupational health
    Assessment for measurement of EI (Emotional Intelligence Quotient), and training programs
  • (2) Disability Support Service
    Implementation and operational support for GLTD (Group Long Term Disability) insurance system
    Workplace return programs for long-term absentees
    Operation of the management systems for long-term absentees, establishment of the accident and sickness information database
  • (3) Risk Financing
    Provision of comprehensive services covering various types of insurance

【Acquisition of Personal Information】

ARM acquires personal information through the following means.
In addition, information such as attributes and behavior information not specifying individuals acquired through tools such as Cookies or web beacons may be utilized in conjunction with personal information. However, a principal's consent will be obtained in the event of information such as attributes and behavior information not specifying individuals acquired through third parties utilized in conjunction with personal information.
Please refer to section 13 for information on the acquisition and utilization of information such as attributes and behavior information not specifying individuals.

  • (1) Acquired through information that site visitors register on our web server
  • (2) Acquired through interviews with an individual
  • (3) Acquired through telephone calls with an individual
  • (4) Provided through contracting from Client companies/organizations
  • (5) Provided through an agency consignment contract with an insurance company
  • (6) Acquired through information of business cards or e-mail signatures
  • (7) Acquired through videos, etc. of security cameras when visiting ARM (*)
    (*) This includes cases where information is obtained without ARM intending to do so due to reflections in videos.

3. Utilization Purpose of All Personal Information

(excluding instances that do not apply to Personal Information Protection Law Article 21 Paragraph 4 Item 1 to 4)

Personal information Utilization Purpose
(1) Personal information subject to disclosure
Mental Health Management
  1. Operational support, assessment, training, analysis, Education programs, and consultation (including doctor interview, counseling, etc..) relating services of mental health, skill development, and corporate activation, and Health management support
  2. Preparation of statistical materials and academic research documents, from which specific individuals cannot be identified
  3. Improvement our services relating mental health, skill development, corporate activation, and Health management support
  4. Responding to inquiries and requests
  5. Sending requested materials

Disability Support Service
  1. Signing and managing contracts with insurance companies, collecting insurance fees, and supporting for payment of insurance benefits
  2. Provision of a management system for long-term absentees
  3. Statistical materials, from which specific individuals cannot be identified
  4. Provision of information on various events and seminars
  5. Responding to inquiries and requests
  6. Sending electronic direct mail
    • Personal information may be shared with our business partners in order to propose information on various insurance companies' products and services.

Risk Financing
  1. Signing and managing contracts with insurance companies, collecting insurance fees, and supporting for payment of insurance benefits
  2. Provision of information on various events and seminars
  3. Responding to inquiries and requests
    • Personal information may be shared with our business partners in order to propose information on various insurance companies' products and services
(2) Personal information provided based on contracting (not subject to disclosure)

Utilize for the purpose of performing the contracts within the scope of the purpose of utilization stated in the privacy policies of business partners that have contracted with ARM.
(3) Personal information, as pertained to person in charge and related persons of business partners
  1. Executing communication, cooperation, negotiation, and contract agreements of business field stated in section 2
  2. Proposing and provision of other products and services
  3. Preparing quotations
  4. Responding to inquiries and requests
  5. Sending requested materials
  6. Sending electronic direct mail
(4) Personal information, as pertained to shareholders
  1. Exercise of rights and fulfillment of obligations under the Companies Act
  2. Granting shareholder benefits
  3. Executing various measures to ensure a harmonious relationship between shareholders and ARM
  4. Shareholder management such as preparing shareholder data based on various laws
  5. Responding to inquiries and requests
  6. Sending requested materials
(5) Personal information, as pertained to participants that events hosted/co-sponsored/exhibited by ARM. (This includes survey information.)
  1. Provision of event related information
  2. Provision of information on relevant products and services of business field stated in section 2
  3. Preparing quotations
  4. Responding to inquiries and requests
  5. Sending requested materials
  6. Sending electronic direct mail
(6) Personal information, as pertained to job applicants
  1. Registration through paid recruitment agencies
  2. Provision of job application information to recruiters for those who wish to apply through recruitment agencies
  3. Sending electronic direct mail concerning job information
  4. Provision of information to contracting partners with the job applicant's permission through recruitment agencies
  5. Proposals and provision of information on products and services
  6. Responding to inquiries and requests
(7) Personal information, as pertained to individuals looking for employment within ARM
  1. Communication and information, as well as recruitment selection
  2. Updating the ARM corporate website for those interested in employment
(8) Personal information, as pertained to those who made inquiries or visits to ARM, other than those listed above
  1. Responding to inquiries and requests
  2. Sending requested materials
  3. Sending electronic direct mail
  4. Advertising and proposals related to products and services based on data analysis results linked with information such as browsing history and purchase history
  5. Preventing intrusion into facilities, tampering with equipment, theft, and other crimes

4.Utilization Purpose of Individual Number and Specific Personal Information

Type of Specific Personal Information Utilization Purpose
(1) Specific Personal Information as pertained to ARM shareholders Clerical documents such as statutory reports including payment records of dividends
(2) Specific Personal Information as pertained to individual business operator Clerical documents such as statutory reports including payment records of compensation, fees, and contracted payments to individual business operators (tax accountants, lawyers, training lecturers, etc.)

5. Restrictions on Utilization Personal Information

ARM does not handle personal information for purposes beyond the necessary scope to achieve a utilization purpose without obtaining in advance a principal's consent. In the event that personal information was acquired because of a merger or other reason, ARM does not handle the personal information for purposes beyond the necessary scope to achieve a utilization purpose. This provision shall not apply to those cases set forth in the following.

  • (1) Cases based on laws and regulations
  • (2) Cases in which there is a need to protect a human life, body, or fortune, and when it is difficult to obtain a principal's consent's consent
  • (3) Cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a principal's consent
  • (4) Cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal's consent would interfere with the performance of the said affairs
  • (5) Cases in which there is a need to handle personal data for the purpose of academic research with the provision of said personal information to academic research facilities, etc. (Including cases in which said data is handled for the partial purpose of academic research, and excluding cases in which an individual's rights and interests may be harmed.)

6. Altering Utilization Purpose of Personal Information

ARM does not alter utilization purpose beyond the scope recognized reasonably relevant to the pre-altered utilization purpose. ARM informs a principal of, or discloses to the public, a post-altered utilization purpose.

7. Security Control of Personal Information

ARM will take the following security control measures to ensure the proper handling of personal data.

  • (1) Formulation of basic policy
    • To ensure the proper handling of personal data as an organization, ARM has established a Personal Data Protection Policy.
  • (2) Discipline for the handling of personal data
    • ARM will establish rules for the handling of personal data, including handling methods, responsible persons/persons in charge and their duties, for each stage of acquisition/input, use/processing, storage/preservation, transfer/transmission, deletion/disposal, and response to leakage incidents, etc.
  • (3) Systematic security control measures
    • ARM will appoint a person responsible for the handling of personal data, and clarify the employees who handle personal data and the scope of personal data handled by such employees.
    • ARM will establish a system where reporting and communicating to the person in charge when the fact or sign of violation of the law or handling rules is detected, and reporting and communicating to the person in charge in the event that a case or indication of leakage, etc. of personal data is detected.
    • ARM will conduct periodic self-inspections of the status of personal information handling, as well as audits by other divisions and external parties.
  • (4) Human security control measures
    • ARM will provide periodic training to its employees on matters to be considered in the handling of personal data.
    • ARM has a confidentiality policy for personal data that is included in its employment regulations.
  • (5) Physical security control measures
    • In the areas where personal data is handled, ARM will control the access of employees, limit the equipment they bring into the areas, and implement measures to prevent unauthorized persons from accessing personal data.
    • ARM will take measures to prevent theft or loss of equipment, electronic media, and documents that handle personal data, and implement measures to prevent personal data from being easily discovered when such equipment, electronic media, etc. are carried, including within the office.
    • When documents, equipment, electronic media, etc. containing personal data are disposed of, measures will be taken to ensure that personal data cannot be recovered.
  • (6) Technical security control measures
    • Access control is implemented to limit the scope of persons in charge and the personal information databases handled.
    • ARM has put in place mechanisms to protect information systems that handle personal data from unauthorized external access or unauthorized software.
  • (7) Understanding the external environment
    • In the event that it is necessary to provide personal data to a third party in a foreign country, ARM will implement security control measures based on our understanding of the systems for the protection of personal data in the country to which the data will be provided. ARM does not provide personal data to third parties in foreign countries.

8. Supervision Over a Trustee

ARM exercises necessary and appropriate supervision over an entrusted person based on the signed non-disclosure agreement so as to seek the security control of the personal information of which the handling has been entrusted, in case of entrusting a whole or part of the handling of personal data.

9. Restriction on Third Party Provision

(1) ARM does not provide personal information to a third party without obtaining in advance a principal's consent, except in those cases set forth in the following.

  • ① Cases based on laws and regulations
  • ② Cases in which there is a need to protect a human life, body, or fortune, and when it is difficult to obtain a principal's consent
  • ③ Cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a principal's consent
  • ④ Cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal's consent would interfere with the performance of the said affairs
  • ⑤ Cases in which there is a need for a third party to handle personal data for the purpose of academic research with the provision of said personal information to third parties which are academic research facilities, etc. (Including cases in which said data is handled for the partial purpose of academic research, and excluding cases in which an individual's rights and interests may be harmed.)

(2) In those cases set forth in the following, a person receiving the provision of the personal information shall not fall under a third party in regard to applying the provisions of preceding paragraph.

  • ① Cases in which personal information is provided accompanied by ARM entrusting a whole or part of the handling of the personal information within the necessary scope to achieve a utilization purpose
  • ② Cases in which personal information is provided accompanied with business succession caused by a merger or other reason
  • ③ Cases in which personal information to be jointly utilized by a specified person is provided to the specified person, and when a principal has in advance been informed or a state has been in place where a principal can easily know to that effect as well as of the categories of the jointly utilized personal data, the scope of a jointly utilizing person, the utilization purpose for the utilizing person and the name or appellation of a person responsible for controlling the said personal data

(3) ARM in advance informs a principal of the contents to be altered or put them into a state where a principal can easily know, in case of altering a utilization purpose for a utilizing person or the name or appellation of a person responsible for controlling personal information.

10. Joint Utilization

(1) ARM jointly uses personal information provided by customer companies and organizations in the Advantage EAP service as follows.

  • ① Jointly utilizing person
    Tokio Marine & Nichido Medical Service Co. Ltd
  • ② Jointly utilized personal information
    Employees' name, date of birth, gender, email address, employee number, department name, and other data needed for analysis.
  • ③ Utilization purpose
    • Stress checks, counseling etc.
    • Preparation of statistical materials and academic research documents, improvements to Advantage EAP service from which specific individuals cannot be identified (not personal information)
  • ④ Person responsible for controlling personal information
    ADVANTAGE Risk Management Co., Ltd.
    https://www.armg.jp/english/#aboutus

(2) ARM will share the personal information provided by client companies/organizations in the mentality management business as follows.

  • ① Jointly utilizing person
    National Institute of Occupational Safety and Health, Japan
  • ② Jointly utilized personal information (Restricted to the personal information of individuals that gave their consent for participation to our cohort study)
    Results of health check, time and attendance information, and health insurance claims data
    Responses for the stress check and results of analysis: Individual responses to questions (stress check) about stress and satisfaction and their analysis results
  • ③ Utilization purpose
    For the purpose of using data in academic research such as a cohort study and improvement of public health
  • ④ Person responsible for controlling personal information
    ADVANTAGE Risk Management Co., Ltd.
    https://www.armg.jp/english/#aboutus

(3) ARM will share the personal information acquired by COCOMU Co., Ltd. as follows.

11. Disclosure, Correction, Deletion and Cease Utilization of Personal Information

In the event that a principal requests to disclose, correct, delete or cease utilization of personal information, ARM will take action without undue delay unless there is a special reason, confirming that the requesting person is the principal. However, ARM will not be able to respond to the request where the request falls under any of each following item. In such instances, the individual will be notified of the reasons without undue delay.

  • (1) Cases in which there is a possibility of harming a principal or third party's life, body, fortune or other rights and interests
  • (2) Cases in which there is a possibility of interfering seriously with ARM implementing its business properly
  • (3) Cases of violating other laws or regulations
  • (4) Cases in which the personal information requested to be disclosed, corrected, deleted, or cessation of utilization is not subject to disclosure
    As most of the personal information handled by ARM is sensitive information, in principle, the information is only disclosed to the principal and his/her family.

【Procedure for Responding to a Demand etc. for Disclosure etc.】

  • (1) Contact Point for Requests
    Please contact the contact point indicated in section 14.
  • (2) Individuals Making Requests
    Requests may only be made by the principal and his/her family, and proper ID verification will be required.
    An agent of a principal is requested to provide proper documentation (letter of proxy, proof of relationship such as public form of identification). Responses will be sent only to the principal or his/her family.
  • (3) Responses
    In principle, responses will be sent by mail to the principal or his/her family.

12. Production of Anonymously Processed Information and the Provision of Anonymously Processed Information to a Third Party

ARM produces anonymously processed information not to be able to identify a specific individual from the information. ARM also plans to continue to produce similar anonymously processed information continuously.
ARM provides anonymously processed information as analyzable data to ARM group companies and third parties for research and improvement of our services.
The categories of information concerning an individual contained in anonymously processed information to be provided to a third party are as follows.

  • Company information
  • Gender / Age / Employment information
  • Individual stress checkup result
  • Medical checkup/Attendance information/medical insurance claims/Lifestyle habit/productivity
  • Information related to leave of absense/return to work, information related to support for work-life balance
  • Counseling session notes

13. Acquisition and Utilization of Attributes and Behavior Information not Specifying Individuals

【Recording and utilization of access log】

This website records customer access information via access log. The access log recorded on this website includes pages visited, domain name and IP address, source information, type of browser used, access date and time, and Cookies. The access log cannot necessarily be used to identify a specific individual, but may be used as customer information.

【About Cookies】

Cookies refer to information such as usage records sent from the server and saved as files in the users' computers. Cookies include 1st Party Cookies set by ARM and 3rd Party Cookies set by third parties partnered with ARM.

  • (1) Utilization purpose
    In certain instances ARM may send cookies in conjunction with tools such as web beacon in order to gain information such as the number of website users and traffic research. Although personal information will never be stored in cookies, personal information may be linked to information collected, recorded, and analyzed through Cookies.
    However, personal information will not be linked to Cookie information provided by third parties without consent that is not obtained in advance.
  • (2) Analysis tools and services to send ads
    ARM utilizes the following analysis tools and services to send ads. Please see the website of the company that operates each tool for more information.
    • ① Marketing Cloud Account Engagement
      ARM utilizes Marketing Cloud Account Engagement (formerly Pardot) provided by Salesforce for sales activities.
      Marketing Cloud Account Engagement collects, records, and analyses website access information utilizing Cookies. Sales activities such as sending emails and telephone calls that meet the needs of customers are undertaken through identifying and analyzing customers by linking Cookies with customer email addresses and registration information acquired through the inquiry form on ARM's website, exchange of business cards, etc.
      Personal Information Protection Policy of Salesforce: https://www.salesforce.com/jp/company/personalinfo/
    • ② Google Analytics
      ARM's website utilizes Google Analytics in order to understand the usage status of the website.
      Google Analytics collects, records, and analyses website access information utilizing Cookies. The methods to collect and utilize access information through Google are stipulated in the Google Analytics Terms of Use and Privacy Policy.
      It is possible to disable Google Analytics by downloading, installing, and setting the "Google Analytics Opt-out Browser Add-on."
      Google Analytics Terms of Use:https://marketingplatform.google.com/about/analytics/terms/jp/
      Google Privacy Policy: https://policies.google.com/privacy?hl=en
      Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout?hl=en
    • ③ User Insight
      ARM utilizes User Insight provided by User Local.
      Data Collection Policy of Access Analysis Tool: https://info.userlocal.jp/data_policy/
      User Local Privacy Policy: https://www.userlocal.jp/privacy/
    • ④ Google Ads
      ARM utilizes Google Ads.
      For those in the EU, please see the following page. https://ads.google.com/intl/en_us/home/
    • ⑤ Yahoo! Advertising
      ARM utilizes Yahoo! Advertising.
      Yahoo Japan Corporation (hereinafter referred to as "Yahoo") utilizes data provided by applicants (*1) through only said data, or by mixing and matching data collected by Yahoo (*2) and other various data possessed by Yahoo, and adding, complementing, etc. necessary data. However, said utilization is limited to extent necessary for the operation (Including, but not limited to, Yahoo fulfilling the advertising contract with ARM and providing various functionality of Yahoo! Advertising to applicants and other third parties.) of Yahoo! Advertising by Yahoo and to improve Yahoo! Advertising, excluding separate cases in which there is consent between Yahoo and ARM. In addition, Yahoo may provide data provided by applicants (*3) to third parties for these purposes.
      *1 Data possessed by ARM connected to ARM's advertising provided to Yahoo by applicants, regardless of the nature of information, such as transmission information, log information, and Cookie information
      *2 All data (Data including, regardless of the nature of information, transmission information, log information, and Cookie information, and data to fulfill advertising contracts utilizing data provided by applicants) connected with this advertising and collected by this tool by Yahoo (Subject to complying with the basic standards to handle advertising, Yahoo may only use advertising and management interfaces, programs (including, but not limited to, measurement tags, web beacons, etc.), tools, systems, websites, etc. provided by Yahoo for the purposes of an applicant applying for advertising concerning this advertising, as well as setting conditions, management, and verification), excluding data provided by applicants
      *3 Data possessed by ARM connected to ARM's advertising provided to Yahoo by applicants, regardless of the nature of information, such as transmission information, log information, and Cookie information
    • ⑥ Facebook / Instagram Ads
      ARM utilizes Facebook / Instagram Ads. https://business.instagram.com/a/adsmanager
      Personal information that is obtained is utilized to advertise and propose products and services based on data analysis results. In addition, there may be proposals through business providers with information being provided to contractors, sales partners, and other contracting partners.
    • ⑦ Microsoft Advertising
      ARM utilizes Microsoft Advertising.
      Microsoft collects or receives a user's personal information (*) in order to provide Microsoft Advertising in cases in which ARM utilizes Universal Event Tracking (UET) functionality or the Clarity service, or cases in which personal data is shared separately with Microsoft.
      Please see the Microsoft Privacy Statement on the data Microsoft processes, how Microsoft processes it, and for what purposes.
      Microsoft Privacy Statement: https://privacy.microsoft.com/en-us/privacystatement
      * Refers to information on an identified or identifiable natural person, or, if applicable, an identifiable existing corporate body. An identifiable natural person is an individual who can be specified either directly or indirectly, by referring to identifiers such as name, ID number, location data, and online identifiers in particular, or by referring to one or more factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
  • (3) Storage period
    ARM has not determined the storage period for Cookies and information collected, recorded, and analyzed through Cookies.
  • (4) Cookie settings
    Cookies may be set to be accepted or rejected on this site.
    In addition, for the acceptance of Cookies, Cookies, may be accepted, disabled, deleted, etc. through settings on the browser that is used.
    For more details, please refer to the support page, etc. for the browser that is used.
    ・Microsoft Edge
    https://support.microsoft.com/ja-jp/help/4534105/microsoft-edge-configure-your-privacy-settings
    ・Google Chrome
    https://support.google.com/chrome/answer/95647?hl=ja&hlrm=en
    ・Safari
    https://support.apple.com/ja-jp/guide/safari/sfri11471/mac
    If disabled, contents and services provided by ARM may be partially restricted.

14. Contact

Please contact the following for complaints or inquiries regarding the handling of personal information.

Inquiry Regarding Personal Information

Updated January 20, 2025

Inquiry Regarding Personal Information