Policy on the protection of personal information

Educational Foundation of Nippon Sport Science University Group’s Policy on the Protection of Personal Information

 
Educational Foundation of Nippon Sport Science University Group (hereinafter referred to as “NSSU”) stipulates its policy on the protection of personal information as follows, as it recognizes the importance of protecting personal information while considering its utility, complies with the Act on the Protection of Personal Information and all other applicable regulations, establishes its own set of rules and protocols on its own initiative, and strives to protect personal information properly. NSSU will also revise this Policy from time to time to make necessary improvements.
  1. NSSU shall stipulate its own internal Regulation on the Protection of Personal Information in order to ensure proper handling of personal information, disseminate its content to its faculty and staff members as well as other concerned parties, and enforce it.
  2. Concerning its handling of personal information, NSSU shall specify the purpose of its use in each instance, and have persons with proper authorization handle the personal information only to the extent necessary for executing the concerned operational tasks.
  3. Concerning its obtainment of personal information, NSSU shall clearly indicate, notify, or publish the intended use of the information, etc. to the individuals (hereinafter referred to as the “Individual(s)”) from whom the information is obtained, while employing appropriate methods to the extent necessary for NSSU to execute its concerned operational tasks.
  4. Concerning its handling of personal information, NSSU shall implement organizational, human-effort-based, physical, and technical measures for its proper protection and management as needed, and shall prevent instances of unauthorized access to the personal information, its loss, destruction, alteration, leaks, etc.
  5. In principle, NSSU shall not provide any personal information to a third party without obtaining the prior consent of the Individuals; provided, however, that NSSU may provide certain personal information to its affiliated organizations, etc. pursuant to the law as well as other rules separately stipulated by NSSU, etc., in which case, NSSU shall execute an agreement with each such organization, etc. to preclude it from unjustly handling the personal information, to prevent its loss, destruction, alteration, leak, etc., and shall ensure that the personal information is all managed properly.
  6. If NSSU decides to hire an outside contractor to outsource to it the handling of personal information for NSSU’s operational reasons, NSSU shall screen and select such contractor based on appropriate criteria, execute a contract with the contractor to prevent incidents of unjust handling of the personal information, including its loss, destruction, alteration, leaks, etc., and provide necessary and proper supervision to the contractor.
  7. If NSSU receives a request from an Individual to disclose, correct, add to, delete, suspend use of, erase, stop providing any third thirty with, or take any action on the personal information pertaining to the Individual, NSSU shall deal with such request to a reasonable extent without delay.
May 29, 2006
Educational Foundation of Nippon Sport Science University Group
(Corporate name changed effective April 1, 2012)

Educational Foundation of Nippon Sport Science University Group’s Regulation on the Protection of Personal Information

(Enacted by the Board of Directors on May 29, 2006)
(Last revised on March 29, 2012)

TABLE OF CONTENTS

CHAPTER 1  GENERAL PROVISIONS
CHAPTER 2  PERSONAL INFORMATION MANAGEMENT AND SUPERVISION
CHAPTER 3  OBTAINMENT, USE, AND PROVISION OF PERSONAL INFORMATION
CHAPTER 4  DISCLOSURE OF PERSONAL INFORMATION, ETC.
CHAPTER 5  MISCELLANEOUS PROVISIONS
SUPPLEMENTARY PROVISIONS

CHAPTER 1  GENERAL PROVISIONS

ARTICLE 1 PURPOSE
This Regulation stipulates the basic terms for ensuring proper handling of personal information by the secretariat at Educational Foundation of Nippon Sport Science University Group (hereinafter referred to as by “NSSU”) and by each of the schools that are established by NSSU (hereinafter collectively referred to as the “School(s), etc.” pursuant to the Act on the Protection of Personal Information (hereinafter referred to as the “Act”).
 
ARTICLE 2 DEFINITIONS
The following terms used in this Regulation shall have the meaning as specified below.
 
(1) “Personal Information” means any information pertaining to any of the types of individuals as described below, which can be used to determine or possibly determine its identity as the individual that is still alive (including any information that can be easily matched to other information to determine the individual’s identity by combining the multiple pieces of information). Personal Information may exist in the form of oral communication or recorded information in any media format:
 
A. faculty members or staff members (including those that are not full-time employees);
B. students or pupils at higher education, secondary education, primary education, or preschool institutions;
C. individuals that are scheduled to obtain the status as set forth in A. or B. above;
D. parents or guardians of those as set forth in B. or C above; or
E. any other individuals that are otherwise associated with the Schools, etc.
 
(2) “Individual(s)” means the individuals whose identities are determined or could be determined based on their Personal Information.
[Scope of Application]
 
ARTICLE 3 SCOPE OF PERSONAL INFORMATION
This Regulation applies to all Personal Information that is obtained or created by any of the directors, officers, or councilors, or any of the faculty or staff members (hereinafter collectively referred to as the “Faculty and/or Staff Member(s), etc.” including those that are not full-time employees) of any of the Schools, etc. in the course of their operational tasks.
 
ARTICLE 4 DUTIES AND RESPONSIBILITIES
  1. Each of the Schools, etc. shall provide necessary education and training to all its Faculty and Staff Members, etc. whose jobs entail handling of Personal Information in order to ensure that all Personal Information is handled properly.
  2. Each of the Faculty and Staff Members, etc. shall comply with the Act, NSSU’s regulation on the handling of Personal Information and the detailed rules, etc. that are separately stipulated by the Schools, etc., and shall make effort to properly handle all Personal Information.
  3. Each of the Faculty and Staff Members, etc. shall refrain from using any Personal Information that it becomes privy to while performing its operational tasks, etc. for any unintended purpose and from divulging or leaking it to any third party. These provisions shall continue to bind the Faculty and Staff Members, etc. even after they leave employment with the Schools, etc.
 
ARTICLE 5 EXCLUSION FROM APPLICATION
This Regulation shall not apply to such instances where Personal Information is handled by the Faculty Members of the Schools, etc. solely for academic research purposes; provided, however, that even if the Faculty Members in such instances may not be bound by this Regulation, they shall still endeavor to comply with the internal regulation and detailed rules that are stipulated pursuant to paragraph 1 of the preceding ARTICLE and to implement necessary measures for ensuring that the Personal Information is handled properly.

CHAPTER 2 PERSONAL INFORMATION MANAGEMENT AND SUPERVISION

ARTICLE 6 MANAGEMENT OF PERSONAL INFORMATION
  1. Efforts shall be made to keep all Personal Information accurate and up-to-date to the extent necessary for achieving the intended purposes of use of the Personal Information.
  2. The Schools, etc. shall manage the Personal Information in their custody in a safe and reliable manner and shall implement necessary and appropriate measures for preventing any divulgement, loss, or impairment from occurring to the Personal Information.
 
ARTICLE 7 DISPOSAL OF PERSONAL INFORMATION, ETC.
Each instance of Personal Information disposal or deletion shall be executed using a suitable method, depending on the characteristic of the medium on which the Personal Information is stored.
 
ARTICLE 8 PERSONAL INFORMATION PROTECTION COMMITTEE
  1. NSSU shall institute its Personal Information Protection Committee (hereinafter referred to as the “Committee”) in order to fulfill the purpose of this Regulation.
  2. Any matters that must be decided concerning the Committee shall be separately decided by the Chairperson.
 
ARTICLE 9 PERSONAL INFORMATION MANAGER
  1. Each of the Schools, etc. shall appoint an individual as personal information manager (hereinafter referred to as the “Manager(s)”) responsible for protecting and managing all Personal Information, in order to fulfill the purpose of this Regulation.
  2. Each of the Schools, etc. shall appoint an appropriate number of individuals as Managers and report the information to the Chairperson.
  3. The Managers shall implement necessary and appropriate measures for ensuring the safe and proper management of Personal Information in order to protect the Personal Information from any instances of divulgement, loss, alteration, destruction, and other hazards.
  4. If any advice or guidance is provided by the Committee concerning the handling of Personal Information, the Managers shall swiftly implement such measures in accordance with the advice or guidance.
 
ARTICLE 10 SUPERVISION
  1. Each Manager shall provide necessary and appropriate supervision over the Faculty and Staff Members, etc. that are under its supervision concerning their handling of Personal Information such that the Personal Information remains safe and properly managed.
  2. If the task of handling Personal Information is entirely or partially outsourced to a contractor, the Manager responsible for the Personal Information shall provide necessary and appropriate supervision over the contractor to ensure that the Personal Information remains safe and properly managed in the contractor’s custody.

CHAPTER 3 OBTAINMENT, USE, AND PROVISION OF PERSONAL INFORMATION  

ARTICLE 11 OBTAINMENT OF PERSONAL INFORMATION
  1. For each instance of Personal Information obtainment, the intended purposes of use of the Personal Information shall be clearly specified, and the Personal Information shall be obtained only to the extent that is necessary for achieving the aforementioned purposes of use.
  2. In each instance of Personal Information obtainment, only an appropriate method may be used to obtain the Personal Information.
  3. Each of the Schools, etc. shall separately specify its intended purposes of use of Personal Information as set forth in paragraph 1 above, along with the notification method, the method of obtaining the consent of Individuals, etc.
 
ARTICLE 12 RESTRICTIONS ON PERSONAL INFORMATION OBTAINMENT
No Personal Information that includes any of the following types of information may be obtained except if there is a special need to do so and the express consent of the Individuals is granted:
(1) information that pertains to race, ethnicity, social status, or familial origin;
(2) information that pertains to thought, belief, or religion; and
(3) information that pertains to exercising or non-exercising of political rights.
 
ARTICLE 13 RESTRICTIONS ON USE OF PERSONAL INFORMATION AND PROVISION TO THIRD PARTIES
  1. No Personal Information that has been obtained may be used for any unintended purpose of use or be provided to a third party without obtaining the prior consent of the Individual except in the following instances:
    (1) if it is justifiable under the law;
    (2) if it is necessary to do so in order to protect the life, body, or property of the Individual but it is difficult to obtain the consent of the Individual;
    (3) if it is particularly necessary to do so for improving public health or promoting the sound development of youths but it is difficult to obtain the consent of the Individual; or
    (4) if it is necessary to do so to cooperate with a national government agency or a municipality, or any contractor thereof, to execute an administrative task that is stipulated by law, but obtaining the Individual’s consent could interfere with the successful execution of such administrative task.
  2. For each instance where any Personal Information is provided to a third party, a request shall be made for the third party to implement appropriate measures for ensuring that the Personal Information remains safe and properly managed in the third party’s custody.
  3. Each of the Schools, etc. shall separately specify the scope of the third parties to which it will provide Personal Information, the types of Personal Information that will be provided to them, and the methods of provision and obtainment of consent, etc.
 
ARTICLE 14 JOINT USE OF PERSONAL INFORMATION
If there is an instance where any Personal Information will be jointly used with another entity, sufficient attention shall be paid to secure implementation of appropriate measures for making sure that the Personal Information will remain safe and properly managed in the joint use, including specification of the purposes of such joint use, the types of Personal Information involved in the joint use, and the scope of the parties that will be allowed in the joint use.

CHAPTER 4 DISCLOSURE OF PERSONAL INFORMATION, ETC.

ARTICLE 15 DISCLOSURE OF PERSONAL INFORMATION, ETC.
  1. If an Individual intends to make a request for a disclosure, correction, suspension of use, etc. of its Personal Information, it shall submit a formal request for the Personal Information disclosure, etc. along with a document proving its identity as the Individual.
  2. If an Individual intends to appoint another party as its agent to file such request as set forth in the preceding paragraph for a disclosure, etc. of its Personal Information, it may do so.
  3. Each of the Schools, etc. shall separately specify the procedure for verifying the identities of the Individual and its agent as set forth in the preceding two paragraphs, along with the request form, and the contact point through which such request may be filed.
  4. If a School, etc. receives a request from an Individual to disclose its Personal Information that can be used to determine the Individual’s identity, the School, etc. shall disclose the Personal Information to the Individual without delay; provided, however, that if any of the circumstances as set forth below is present, the School, etc. may refrain from disclosing the Personal Information to the Individual, in whole or in part:
    (1) if it could disrupt any educational or research activity of the School, etc.;
    (2) if it could negatively affect the life, body, right, or interest of the Individual or a third party;
    (3) if it could interfere with the proper execution of operational tasks by the School, etc.; or
    (4) if it would otherwise constitute a violation of law.
  5. If a School, etc. makes such decision not to disclose an Individual’s Personal Information, in whole or in part, despise the Individual’s request to do so, the School, etc. shall report the decision to the Committee and shall also notify the Individual of the reason behind the decision.
 
ARTICLE 16 PERSONAL INFORMATION CORRECTION, ETC.
  1. If a School, etc. receives a request from an Individual to correct, add to, or delete the Individual’s Personal Information that can be used to determine its identity, on the ground that the Personal Information is not factual, the School, etc. shall conduct an investigation without delay and correct or take other appropriate action on the Personal Information based on the result of the investigation.
  2. If the School, etc. corrects the Personal Information, in whole or in part, or takes any other action as set forth in the preceding paragraph, it shall notify the Individual of the result. If, however, the School, etc. decides not to make the correction, etc., it shall notify the Individual of the reason behind the decision.
  3. If the School, etc. corrects the Personal Information or takes other action as set forth in the preceding paragraph, but the Personal Information has also been provided to a third party, the School, etc. shall notify the third party of the correction and take any other action as appropriate.
 
ARTICLE 17 SUSPENSION OF USE OF PERSONAL INFORMATION, ETC.
  1. If a School, etc. receives a request from an Individual to suspend its use of the Personal Information or to delete the Personal Information that can be used to determine the Individual’s identity, on the ground that the use or handling of the Personal Information by the School, etc. is in violation of ARTICLE 11, paragraph 2 or ARTICLE 13, paragraph 1 hereof, the School, etc. shall conduct a necessary investigation without delay, and, based on the result of the investigation, may suspend its use of the Personal Information or take any other action.
  2. If the School, etc. suspends its use of the Personal Information, in whole or in part, or takes any other action as set forth in the preceding paragraph, the School, etc. shall notify the Individual of the result. If, however, the School, etc. decides not to suspend its use of the Personal Information or take any other action, it shall notify the Individual of the reason behind such decision.
 
ARTICLE 18 FEES
  1. If an Individual files a request, etc. for a disclosure, etc. of its Personal Information, a fee may be charged to the Individual.
  2. Each of the Schools, etc. shall separately decide on such fee schedule as set forth in the preceding paragraph.
 
ARTICLE 19 FILING OF COMPLAINTS
  1. If an Individual that previously filed a request, etc. for a disclosure, correction, or suspension of use of its Personal Information, etc. is not satisfied with the action taken based on the request, the Individual may file a complaint.
  2. If a School, etc. receives such complaint as set forth in the preceding paragraph, it shall swiftly report it to the Committee and notify the result to the Individual.

CHAPTER 5 MISCELLANEOUS PROVISIONS

ARTICLE 20 DETAILED RULES, ETC.
Each of the Schools, etc. may enact and amend its own detailed rules, etc. pursuant to this Regulation, in which case the approval of the Chairperson shall be obtained on each such instance.
 
ARTICLE 21 AMENDMENT AND REPEAL OF THIS REGULATION
The Chairperson shall have authority over each instance of amendment or repeal of this Regulation.

SUPPLEMENTARY PROVISIONS

[EFFECTIVE DATE]
1. This Regulation shall come into effect starting May 29, 2006.
[TRANSITIONAL MEASURE]
2. If the Schools, etc. are using their own existing individual certification and request forms as of the effective date of this Regulation, they shall be deemed as the proper forms that may be used to request Personal Information disclosure, etc. under this Regulation following its enactment.

SUPPLEMENTARY PROVISION

[EFFECTIVE DATE]
This Regulation shall come into effect starting April 1, 2012.