To provide society with useful products and services and to ensure continued development of the business, it is natural that companies need to win the trust of customers by conducting business activities that take the protection of personal information into account. Based on the above understanding, KMT declares that it institutes the policies for protection of personal information as follows and will implement these policies to comply with laws, regulations, and guidelines regarding personal information.
Policy 1 Proper Handling of Personal Information
When handling personal information, KMT specifies the purpose of use of personal information as much as possible. Further, KMT does not handle personal information about a customer without obtaining the prior consent of the customer, or unless permitted by laws or regulations, beyond the scope necessary for the achievement of the purpose of use.
In addition, KMT acquires personal information in a proper manner. When acquiring personal information, KMT publicly announces the purpose of use in advance or notifies or publicly announces on a website the purpose of use immediately after the acquisition. Further, when receiving such personal information as is written in documents (including electronic data and magnetic data) directly from a customer, KMT expressly shows the purpose of use in advance. However, this provision shall not apply if permitted by laws or regulations.
Policy 2 Security Control Measures
KMT takes necessary and proper measures including countermeasures against unauthorized access and computer viruses for the prevention of loss, destruction, falsification, leakage, or other problems of personal data. Further, KMT exercises necessary and appropriate supervision over its employees, trustees, and other related parties to ensure the control of security of the personal data.
Policy 3 Proper Provision to Third Parties
When using personal data jointly with a third party or providing a third party with personal information, KMT takes the measures necessary under laws and regulations including the execution of contracts and making of arrangements with such third party. KMT will not provide a third party with personal information unless KMT obtains the consent of the customer or such provision is permitted under laws or regulations.
Policy 4 Responses to Requests for Disclosure, Correction, and Other Processing
KMT responds to customers' requests for notifying, disclosing, or correcting the purpose of use of, or stopping the use of, or other requests with respect to the retained personal data in accordance with related laws and regulations. If you have any such request, please contact the customer service separately described. The customer service will immediately respond to your request in good faith within a reasonable extent under laws and regulations.
Policy 5 Continued Maintenance and Improvement of System
To implement this declaration, KMT keeps its employees informed about the details of this declaration by establishing necessary internal regulations and conducting education and training, and ensures that the employees continue to implement this declaration.
Explanation of terms used in these policies
"Personal information" means information about a living individual which can identify the specific individual. In addition, information that enables a specific individual to be identified by easily referring to other information is also personal information.
"Personal data" means personal information constituting a personal information database, etc., and "a personal information database, etc." means a set of information including personal information that is designated by a Cabinet order as being systematically arranged in such a way that specific personal information can be easily retrieved, such as electronic databases, registers, or books.
"Retained personal data" means such personal data over which KMT has the authority to disclose or correct the content, excluding the data which is specified by a Cabinet order as harming public or other interests if its presence or absence is known and data which will be erased within six (6) months.