Privacy Policy

Benesse Group's Policy on Information Security and Personal Information

April 1, 2015
Benesse Group

1. Corporate Philosophy and Information Security

The Benesse Group empowers people to solve issues for themselves and to enjoy life to the full at every stage by offering them the tools and support they need to create well-being. Our Group's efforts to assure information security are essential in achieving this goal, and demonstrate a vital concern in management and operation of each Group company.
The Benesse Group aims to achieve a first-class global security level, and establishes an information security management system to effectively implement information security management.

2. Protection of Personal and Significant Information

The Benesse Group believes that our customers' personal information, our business partners' information that we maintain on a contract basis, and company trade secrets including such information are particularly significant. When we receive personal information, we respect the customer's intentions and handle this information based on the customer's consent. In order to protect significant information, we establish and implement appropriate management measures governing confidentiality, integrity, and availability. In particular, we build a security structure for the database containing our customers' personal information that includes controls limiting those with access rights, including outsourcers.

3. Compliance and Conforming to Standards

Benesse Group companies comply with laws and regulations regarding information security and privacy protection. In light of business expansion to several overseas countries, we adopt international standards for information security management, and ensure that each company's governing regulations comply with international standards. If a Group employee commits a violation, we investigate the cause to prevent recurrence, and severely punish those involved in the breach.

4. Continuous Improvement

The information security environment has been constantly changing. To address these changes, the Benesse Group perpetually improves information security management practices. In addition, we constantly endeavor to cope with emerging vulnerabilities, understanding that unaddressed vulnerabilities increase risks to information security.

5. Training

The Benesse Group implements training on information security for executives and employees of all Group companies, believing that thorough understanding and participation by everyone in an organization is essential to information security management. In addition, we conduct effective enrichment activities, such as measures to ensure understanding and improve awareness.

Public Statement Regarding Protection of Personal Information

Personal Information Handling Business
Hitoshi Kobayashi
Representative Director and President
Benesse Holdings, Inc.
3-7-17 Minamigata, Kita-ku, Okayama-shi
October 1, 2009
Last Revision: April 1, 2022

Benesse Holdings, Inc. (hereinafter the "Company") hereby announces matters related to the use of personal information and retained personal data obtained by the Company, the provision to third parties of personal data, procedures regarding requests for disclosure etc. of retained personal data, and the reception of complaints regarding the handling of personal information based on the Law Concerning the Protection of Personal Information, Basic Policy Concerning the Protection of Personal Information (Cabinet decision), enforcement regulations for the Law Concerning the Protection of Personal Information and guidelines established by the state minister in charge based on the Law Concerning the Protection of Personal Information.
Personal information related to employment management, such as the personal information of the Company's employees and others, does not fall under the provisions of this public announcement.

PUBLIC STATEMENT ITEMS

I. Purposes of Use for Personal Information and Retained Personal Data

Personal information obtained by the Company is used for the following purposes:

Type of personal informationPurposes of use
Shareholders' personal information
  • (1) To exercise rights and fulfill obligations based on the Companies Act
  • (2) To provide services of benefit commensurate with shareholders' standing
  • (3) To implement policies for promoting smooth relations between the Company and its shareholders from the perspective of both the corporation itself, and its members
  • (4) To maintain the shareholder database, including compiling data prescribed by various laws and regulations
  • (5) Other purposes related to or incidental to the above items
Personal information obtained in the course of managing Company-operated lodging facilities, art museums, and other facilities and in the course of operating business related to education / language study, children / lifestyle support, and personal interests, etc.
  • (1) To provide products and services in response to orders
  • (2) To provide information about Company products and services
  • (3) To provide information about cultural and artistic activities and community revitalization initiatives related to these businesses
  • (4) To prepare questionnaires and surveys as well as statistical and marketing materials
  • (5) To use in planning and development related to the Group's businesses
  • (6) To outsource operations or request feedback from monitors in the various processes, including the planning, development, sales promotion, sales and delivery of the Group's products or services
  • (7) Other purposes related to or incidental to the above items
Personal information of prospective candidates for employment
  • (1) To select and contact prospective candidates
  • (2) Other purposes related to or incidental to the above item

* The purposes of using retained personal data are the same as those described above.

II. Matters regarding Provision of Personal Data to Third Parties

We shall properly control the personal data retained and shall not provide such personal data to third parties without receiving in advance the consent of the principal, with the exception of the following conditions:

  • ・When based on laws or regulations
  • ・When necessary for the preservation of life, limb, or property and when gaining the consent of the principal is difficult
  • ・When necessary in particular for the improvement of public health or promoting the sound development of children and when gaining the consent of the principal is difficult
  • ・When required to cooperate with national or local government institutions or contractors to such institutions in the performance of work prescribed by laws and regulations and when gaining the consent of the principal risks impeding the performance of this work
  • ・When the third party is an academic or research institution and needs to use the personal data for academic research purposes (which must be part of the purposes of handling the personal data and must not be likely to unfairly harm the principal's rights or interests)

III. Appropriate Management of Personal Information

We endeavor to protect personal information at all times by developing rules that set out how personal data should be handled at each stage (including collection, use, retention, provision, deletion, and disposal), who is responsible for handling personal information, and what their duties are, and by property managing personal information as follows:

  • ・We take strict security measures to prevent the leak, loss, corruption, modification, or misuse of, or unauthorized access to personal information (human-based, physical, and technical security measures).
  • ・We appoint a Chief Privacy Officer who is responsible for supervising the enforcement of our handling rules, and continue to improve our corrective measures for the implementation and optimization of security measures, as well as the system to protect and manage personal information (organizational security measures).
  • ・We restrict access to the personal information database to ensure personal information is managed in a secure environment (technical security measures).
  • ・We ensure personal information protection training is conducted for our staff (human-based security measures).
  • ・We develop a system to report any actual or potential leak, loss, corruption, modification, or misuse of, or unauthorized access to personal information that has been detected and to respond to emergencies. We investigate the cause of such actual or potential incidents and take improvement and corrective measures to prevent recurrence (organizational security measures).
  • ・If we outsource the handling of personal information to a third party to achieve the purpose of use of the personal information, we perform appropriate control and oversight of the outsourcee (organizational security measures).
  • ・If we outsource the handling of personal information to a third party located in a foreign country or use a cloud service provided in a foreign country, we check the name of the country and the personal information protection regime of that country (grasping of external environment factors).
    Relevant country : USA

IV. Procedures for the Disclosure, Correction, Addition, or Deletion of Retained Personal Data and the Disclosure of Records of Providing Retained Personal Data to Third Parties

Based on the Law Concerning the Protection of Personal Information, we shall respond to requests by a principal or his or her agent for the disclosure, correction, addition, or deletion (hereinafter, "requests for disclosure, etc.") of retained personal data and requests for the disclosure of records of providing retained personal data to third parties. However, related laws and regulations sometimes prevent us from responding to such requests.

  1. Specification of Items of Retained Personal Data That Are Subject to Requests for Disclosure, Etc.
    The principal or his or her representative making requests for disclosure, etc. should specify the information for disclosure, correction, addition, or deletion using the retained personal data items listed in the designated request form.
  2. Submission of Requests for Disclosure, Etc.
    Please phone the contact point listed in IV. below to receive by mail the required forms for making requests for disclosure, etc.
  3. Forms (Format) to Be Submitted at Time of Request for Disclosure, Etc.
    When making requests for disclosure, etc., the designated request form we will send you by mail should be filled out in full and returned by mail with a document identifying the principal. Documents to be returned by mail are a) and b) below.
    1. One designated request form
    2. Identification document
      • ・In the case of a driver's license, health insurance card, or other official document stating the principal's current address, one copy of the document should be enclosed with the request form.
      • ・In the case of a passport or other official document not stating the principal's current address, one copy of the document and one copy of the principal's certificate of residence should be enclosed with the request form.
  4. Requests for Disclosure, Etc. Made by a Representative
    If the person making requests for disclosure, etc. is a legal representative of a minor or an adult ward or a proxy authorized by the principal to make requests for disclosure, etc., in addition to the request form specified in a) above, the documents listed in a) or b) below must also be enclosed.
    1. In the Case of a Legal Representative
      1. (1) Document verifying the power of attorney of the legal representative
        • ・A family register or, in the case of a person with parental authority over a minor, one copy of a health insurance card on which are written the names of family dependents
      2. (2) Document verifying the identity of the legal representative
        • ・In the case of a driver's license or other official document stating the legal representative's current address, one copy of the document should be enclosed
        • ・In the case of a passport or other official document not stating the legal representative's current address, one copy of the document and one copy of the legal representative's certificate of residence should be enclosed
    2. In the Case of an Authorized Proxy
      1. (1) One copy of a letter of attorney specified by the Company
      2. (2) One copy of the principal's certificate of seal impression
      3. (3) Document verifying the identity of the authorized proxy
        • ・In the case of a driver's license or other official document stating the authorized proxy's current address, one copy of the document should be enclosed
        • ・In the case of a passport or other official document not stating the authorized proxy's current address, one copy of the document and one copy of the authorized proxy's certificate of residence should be enclosed
    • Note: The copy of the certificate of residence and certificate of seal impression must have been issued within three months of the request date.
  5. Processing Fee and Method of Fee Collection
    Requests for disclosure are subject to the following processing fee.
    (No processing fee is charged for requests for corrections, additions, or deletions.)
    Processing fee: ¥970 (including consumption tax, etc.) per request
    The processing fee should be paid through a financial institution designated by the Company. The handling fee of the financial institution is to be covered by the principal or representative requesting disclosure.
  6. Method of Responding to Requests for Disclosure, Etc.
    We will respond based on the details indicated in the request form by mailing the document or by providing an electromagnetic record in our specified format, whichever you prefer.
  7. Purposes of Use for Personal Information Obtained via Requests for Disclosure, Etc.
    The personal information obtained via requests for disclosure, etc. shall be used only to process the relevant request. Documents submitted shall not be returned. Documents shall be retained for two years from the date of response to the request for disclosure, etc., and then destroyed.
  8. Notes
    1. We will contact you should the conditions below arise. Please note that if we do not receive an appropriate response within a certain period, we will conclude that a valid request for disclosure, etc. was not received. In such case, any fee already paid will be refunded.
      • ・When the designated documents are incomplete
      • ・When the principal cannot be verified, such as when the address recorded in the request form, the address recorded in the identification document, and the address in our records do not agree
      • ・When power of attorney cannot be verified regarding the request made by the representative
      • ・When the processing fee is not paid, or is not paid in full
    2. If a request for disclosure, etc. falls under one of the following, the information shall not be disclosed. In the event of nondisclosure, we shall notify the principal or his or her representative of the same in writing and state the reason why compliance with such a request is not possible. The processing fee will be refunded.
      • ・When disclosure risks injuring the life, limb, property, or other rights or interests of the principal or a third party
      • ・When disclosure risks seriously impeding the appropriate execution of the Company's business
      • ・When in violation of other laws or regulations

V. Personal Information Inquiry Desk

  • 1. No request made in person directly at the Company's offices shall be accepted.

Last updated : 2022/05/12