INFORMATION SECURITY POLICY
1. Compliance with Laws and Regulations
The Company shall comply with related laws and regulations, government-stipulated guidelines, internal rules, and other established norms regarding information security.
2. Establishment of an Information Security Management System
The Company has established an Information Security Committee whose purpose is to protect and ensure the appropriate management of all information assets owned by the Company, and has built an information security management system that clarifies information security-related roles and responsibilities, with the president assuming ultimate responsibility.
3. Development of Internal Regulations and Manuals
The Company has developed internal regulations, such as the Information Security Management Regulations, along with other manuals and such documents to disseminate information security-related information throughout the Company.
4. Effective Auditing
The Company conducts periodic audits to verify the state of compliance with laws and regulations and to confirm the appropriateness of its business processes.
5. Appropriate Information Security Control Measures
To prevent incidents such as unauthorized access, leaking, falsification, or theft related to information assets, the Company implements security control measures from the perspective of organizational, physical, technical, and human-oriented safety control management.
6. Information Security Education and Training
The Company conducts information security-related education and training programs on an ongoing basis, seeks to cultivate an awareness of information security, and thoroughly ensures compliance with related laws, regulations, internal regulations, and other requirements.
7. Implementation of Continuous Improvements
By periodically evaluating and reviewing the activities described above, the Company advances and improves its information security management on an ongoing basis.
1. Compliance with Laws, Regulations and Other Requirements
- In the handling of personal information, the Company will comply with the Act on the Protection of Personal Information, other related laws and regulations, guidelines issued by the national government, and its own internal regulations.
2. Acquisition and Use of Personal Information
- The Company acquires personal information using legal and fair means.
- When personal information has been acquired, except for when its purpose of use has been publicly announced in advance, the Company will promptly inform the individual of the purpose of use or publicly announce the purpose of use through its website or elsewhere.
- The Company will only use the acquired personal information within the scope of the purpose of use indicated when the information was acquired.
- Except when required by law, the Company will not acquire personal information requiring special care such as an individual’s race, creed, social status, medical history or criminal record, as set forth in Article 2, Paragraph 3 of the Act on the Protection of Personal Information, without the consent of the individual concerned.
3. Management of Personal Information and Personal Data
- The Company will establish handling regulations to protect personal information and endeavor to manage and maintain personal information and personal data appropriately through a process of continual review and improvement.
- The Company will keep personal data accurate and up to date within the scope required to achieve its purpose of use, and make every effort to erase personal data that is no longer needed without delay.
4. Measures to Ensure the Safe Management of Personal Information
- The Company will take reasonable safety measures to deal with risks related to personal information including the prevention of unauthorized access, loss, destruction, falsification, or leaking of personal information.
5. Restrictions on Provision to Third Parties
- Except when required by law, the Company will not provide personal data to third parties without obtaining the prior consent of the individual concerned.
6. Supervision of Contractors, Officers and Employees
- When the processing or handling of personal information is outsourced, the processing will take place under the strict management of the Company, and the Company will undertake the appropriate supervision duties.
- The Company will take appropriate safety management measures with regard to personnel, such as making efforts to provide education and guidance on the protection of personal information to officers and employees handling personal information.
- When having officers and employees handle personal data, the Company will carry out the necessary and appropriate supervision of those officers and employees to ensure the safe management of the personal data concerned.
7. Response to Inquiries and Complaints
- The Company will respond appropriately and promptly to requests concerning the notification of use, disclosure, amendment, cessation of use or erasure, etc. of personal data in the Company’s possession, and to inquiries and complaints regarding the handling of personal data.