We, SBI Security Solutions Co., Ltd. (hereinafter referred to as the “Company”, “we”, or “our”), are the company focused on “building secure next-generation solutions for clients in the digital domain.” To contribute to the development of the digital asset sector and the interests of our clients and stakeholders through digital technology, we will continue to respond precisely to the expectations in the future.
In order to achieve this, we consider the protection of personal information handled by the Company to be one of the highest management priorities in our business operation and have established the following “Personal Information Protection Policy (Privacy Policy)” as a policy for all officers and employees to handle, manage, and protect personal information in an appropriate manner.
*Note that the term, “Personal Information” in this policy includes, in addition to “personal information”, “retained personal data”, “anonymized personal information”, “pseudonymized personal information”, and “Specific Personal Information”, and so on.
Article 1. Purpose of Personal Information Protection
The Company will ensure the “confidentiality,” “integrity,” and “availability” of the stored data concerning Personal Information held by the Company, and may delete or correct (hereinafter referred to as “Retained Personal Data”), and protect it from various threats (hereinafter referred to as “Personal Information Protection”). For this purpose, we will not only comply with laws and regulations, but also ensure a high level of security in order to contribute to the interests of our customers and stakeholders, taking into consideration ethical and social requirements and the latest trends in the handling of such information.
Article 2. Initiatives by the Board of Directors and Management
Under the supervision of the board of directors, and under the initiative of the management, the Company will systematically and continuously implement measures for Personal Information Protection and strive to improve and enhance such measures.
Article 3. Establishment of a Personal Information Protection System
The Company has established a Personal Information Protection system by appointing a person responsible for handling Personal Information (hereinafter referred to as the “Manager Responsible for Personal Information Protection”). We have clarified the Personal Information to be handled, and put in place a system for reporting to the Manager Responsible for Personal Information Protection when any fact or sign of violation of laws, regulations, or internal rules is detected. In addition, in order to protect and appropriately manage Personal Information, the Manager Responsible for Personal Information Protection has developed the “Proper Handling of Personal Information” as an integral part of this basic policy. Furthermore, managing system for the personal information protection (Personal Information Protection Management System) will be applied to all of the Company’s operation in order to sustain our efforts at Personal Information Protection and to respond to changes in the internal and external environment, such as the business environment and social conditions.
Article 4. Compliance with Legal Requirements
The Company will comply with the “Act on the Protection of Personal Information” and relevant laws and regulations, the “Guidelines for Protection of Personal Information (For Businesses),” JISQ15001, relevant domestic and international standards and specifications, and articles regarding the Personal Information Protection under contracts. In addition, we will strictly manage the Individual Number and Personal Information including Individual Number (hereinafter referred to as the “Specific Personal Information, etc.”) based on the “Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures,” (Act No. 27 of 2013, hereinafter referred to as the “My Number Act”) etc. As of the “Basic Policy on the Proper Handling of Specific Personal Information, etc.,” it may be changed without a prior notice in response to the revision of relevant laws and regulations, etc. or the change of the Company’s policy.
Article 5. Maintenance of Internal Rules, Etc.
In order to protect and appropriately manage Personal Information, the Company has established regulations and standards, etc. regarding the Personal Information Protection based on the preceding articles and relevant domestic and international standards and criteria, technical trends, and stakeholders’ requests, etc., and will ensure that all the persons engaged in our business will be fully aware of and will comply with them. Moreover, we have separately established “Specific Personal Information Handling Rules” for the handling of Specific Personal Information, etc.
Article 6. Specification of Purpose of Use
When acquiring Personal Information, the Company will limit the scope of use to the extent necessary for business activities, specify the purpose of its use as much as possible, acquire the information appropriately through legal and fair means to the extent necessary to achieve the purpose, and will not use it for any purpose other than the purpose of use (hereinafter referred to as the “Unauthorized Use”) in addition to taking necessary measures to ensure that the information will not be used for unintended purpose. Furthermore, except as otherwise provided by law or regulation, the Company will not handle Personal Information or provide such information to any third party beyond the scope necessary to achieve the specified purpose of use without obtaining the prior consent of the person who provided such information.
*For details about “Purpose of Use”, “Method of Acquisition”, and “Provision and Disclosure to Third Parties”, please refer to “Proper Handling of Personal Information”.
Article 7. Responding to Incidents
The Company will choose and conduct the proper response that will contribute to prevent and correct the unauthorized access to, or loss, destruction, falsification, or leakage, etc. of Personal Information.
Article 8. Implementation of Outsourced Contractor Management
When the Company outsources the handling of Personal Information to our partner company, we will single out a partner company that meets our prescribed standards for selecting outsourced contractors and will minimize the necessary amount of Personal Information to be outsourced to achieve the purpose of use, ensuring that such information will be managed appropriately.
Article 9. Implementation of Safety Control Measures
In order to prevent leakage, loss, or damage of Personal Information and to properly manage Personal Information, the Company will take safety management measures such as clarification of employee responsibilities, development of internal rules, education and training of employees, and physical and technical measures to prevent information leakage and other accidents. We implement access control in accordance with the “Need to Know” principle, and limit the number of people in charge and the scope of Personal Information they handle. In addition, we may use pseudonymised personal information, and anonymised personal information as test data when testing during development. In such cases, we will implement appropriate management in accordance with predefined rules and regulations.
Article 10. Responding to the Exercise of the Right as a Person Concerned
The Company has established a point of contact for complaints, consultation, disclosure, correction, addition, deletion, etc., regarding the Personal Information of the person concerned, and will respond to any such inquiries without delay.
*For details, please refer to “Proper Handling of Personal Information”.
Article 11. Regular Review and Continuous Improvement
In order to sustain our efforts at Personal Information Protection and to respond to changes in the internal and external environment, such as the business environment and social conditions, the Company strives to continuously improve by regularly reviewing the content and implementation status, etc. of management measures, including the management system and internal rules, etc. regarding the Personal Information Protection.
Fernando Luis Vázquez Cao, Representative Director and CEO
SBI Security Solutions Co., Ltd.
1-6-1 Roppongi, Minato-ku, Tokyo 106-6019, Japan
Enacted on: April 1, 2020
Last revised on: April 1, 2023
For any inquiry regarding our Privacy Policy,
please e-mail to: privacy@sbisecsol.com