Personal Information Protection Policy

Our basic policy on the handling of personal information is comprised of the following three points:

１．Clear statement of the purposes of use and prohibition of use for purposes other than the stated purpose

・Collection of personal information

When collecting personal information, we shall obtain the consent of the person concerned by clearly stating the purposes of use, either through being notified to the person concerned or being made publicly available.

　・Use of personal information

　We shall not use personal information for any purpose other than that for which the person concerned has given consent. Furthermore, in the event of a change to the purposes of use, we shall limit use to a scope deemed reasonably related to the purposes of use before the change, and shall notify the persons concerned of the new purposes of use and obtain their consent.

　However, please note that, in accordance with laws and regulations, we may not notify individuals of or publicly disclose the purposes of use of personal information in the following cases:

1. When notifying the individual in question of the purposes of use or making them publicly available could harm the life, body, property, or other rights or interests of the individual in question or a third party
2. When notifying the individual in question of the purposes of use or making them publicly available could harm the rights or legitimate interests of Joshin Denki Co., Ltd. or the Joshin Group
3. When necessary to cooperate with a national agency or local public body in the performance of its duties as prescribed by law, and notifying the individual in question of the purposes of use or making them publicly available could impede the performance of such duties
4. When the purposes of use are deemed obvious in light of the circumstances of acquisition

２．Non-disclosure of personal information to third parties

Personal information collected shall not be disclosed or provided to third parties except in the following cases:

1. When the individual in question has consented
2. When outsourcing business to an external contractor with whom we have concluded a confidentiality agreement in advance, in order to achieve the purposes of use for which consent of the individual in question has been obtained
3. When the individual in question has been notified of the following matters or they have been made publicly available in advance

　  ・The purpose of use is provision to third parties

　  ・Items of the information to be provided to third parties

　  ・The method of provision to third parties

　  ・The provision of information to third parties shall be promptly

        suspended if requested by the individual in question

　4. When required by law

３．Strict and appropriate security control of personal information

　We shall take appropriate security measures to protect the personal information provided to us from loss, damage, unauthorized leakage to external parties, alteration, and unauthorized access. In order to properly supervise employees and contractors who handle personal information, we shall also establish a reasonable security control system, including the establishment of outsourcing contracts and internal regulations. In addition, in the event that a problem or deterioration in safety is found, we shall identify the cause and take corrective measures.

Our basic policy to the handling of specified personal information is as follows

1. Limitations on the purpose of use in accordance with related laws and regulations, clear statement of the purpose of use, and prohibition of use for purposes other than the stated purpose
   ・Collection of specific personal information
   Collection of specific personal information shall be limited to cases stipulated by related laws and regulations. The purpose of use shall be clearly stated, and notified to the person concerned or made publicly available.
   ・Use of specific personal information
   Use of the specific personal information collected shall be limited to the extent necessary to carry out administrative procedures stipulated by related laws and regulations. However, this shall not apply cases where otherwise required by the relevant laws and regulations.
    
2. Non-disclosure of specific personal information to third parties and restrictions on storage, etc.
   ・Provision of specific personal information
   Specific personal information collected shall not be disclosed or provided to third parties except in the following cases:
   1. When outsourcing business to an external contractor with whom we have concluded a confidentiality agreement in advance, in order to achieve the purpose of use
   2. When required by related laws and regulations.
   ・Retention of specific personal information
   Specific personal information shall be retained only when retention thereof is required by related laws and regulations. Individual numbers entered or recorded in documents, or other forms shall be disposed of or deleted promptly upon expiration of the relevant retention period.
    
3. Strict and appropriate security control of specific personal information
   We shall take appropriate security measures to prevent and remedy unauthorized access to, leakage, loss, or damage or the like of, personal information, etc. We shall also take the following security control measures for specific personal information.
   1. Organizational security control measures
   ・We shall establish internal regulations and guidelines to clarify responsibilities in the administrative handling of specific personal information and rules on such handling.
   2. Personnel-based safety control measures
   ・We shall provide employees with regular training on the handling of specific personal information.
   ・We shall appoint personnel to be in charge of the administrative handling of specific personal information, and take necessary measures, such as providing education and training to ensure compliance with the items stipulated in the internal regulations and guidelines, implementing safety measures, and raising awareness across the board.
   3. Physical and technical safety control measures
   ・We shall establish areas for the management and handling of specific personal information, and strictly manage equipment, electronic data, documents and the like that treat specific personal information.

In addition to the above, we shall also abide by related laws, regulations, guidelines and the like. 

Upon receiving any of the following requests regarding personal information held by us from the individual to whom the personal information belongs, we shall respond as necessary within a reasonable scope in accordance with laws and regulations, only when the identity of such individual is verified:

1. Confirmation of the personal information registered by the individual
2. Correction of or addition to the registered personal information
3. Notification of the purpose of use of the registered personal information
4. Suspension of use of the personal information
    

We shall also establish the points of contact necessary to respond to complaints, consultations, and inquiries from individuals regarding the handling of their personal information.

The transmission of personal information is supported by Transport Layer Security (TLS) encryption technology. TLS is a communication protocol that encrypts information sent and received over the internet. The technology prevents data theft and falsification by third parties by encrypting and authenticating data between browsers and WWW servers.
 

• Use of cookies
  Some pages on our website manage communications via sending and receiving cookies. This aims to enhance convenience when using the website.
  Cookies do not violate the privacy of users or adversely affect their computers.
   
• Use of IP addresses
  IP addresses are numbers automatically assigned to computers when using the internet. Our internet server automatically identifies users’ computers from their IP addresses. We may use IP addresses to identify users only when information identifiable via the IP address is required in accordance with the laws of Japan, or when deemed necessary to protect the user or to protect our rights or property.

We shall carry out the following activities to ensure the thorough implementation of our Basic Policy on Personal Information Protection.

We shall implement awareness-raising activities and training for officers and all employees to ensure compliance with laws, regulations, and other rules relating to personal information.

We shall strive to keep the personal information provided by individuals accurate and up-to-date at all times.

We shall make improvements to this Basic Policy, internal rules, and the implementation of personal information protection as needed in response to changes in laws, regulations, and the social environment.

This Basic Policy shall be made publicly available on our website and in our corporate profile and other documents to ensure that it is available to the individuals concerned at all times.
 

Enacted on: September 6, 2003

Revised on: December 1, 2015

Joshin Denki Co., Ltd.

Ryuhei Kanatani, Representative Director, President and Executive Officer

Please contact us as follows depending on where your personal information is registered.

If registered at a store:

If registered online:

Please contact the following number for inquiries concerning specific personal information held by us.

Please contact us as follows for inquiries concerning Personal Information Protection Policy of Joshin Denki Co., Ltd.

Personal information held by us shall be handled appropriately in accordance with the Joshin Group’s Basic Policy on Information Security and Personal Information Protection Policy.

The personal information we collect from customers shall be used for individually determined purposes within the scope set forth below:

1. Sales of products (including intermediary products)
2. Provision of after-sales services, including delivery, installation, repair, and parts sales
3. Purchasing and provision of price estimates of used products 
4. Provision of point services
5. Provision of long-term repair warranty services
6. Provision of benefits for members (Joshin Card members and Joshin Web members)
7. Provision of sales and marketing information, etc. via telephone and email, and sending of advertising materials
8. Issuance of mail services
9. Acceptance of applications for prizes, etc.
10. Sending of gifts and the like
11. Provision of recall information and the like
12. Implementation of various measures to improve services
13. Response to inquiries
14. Footages taken by security cameras (for security measures, crime prevention measures, confirmation of delivery and receipt of money/goods)
15. Voice recordings (security measures, responses to complaints, confirmation of the contents of inquiries, etc.)
16. Provision of information on the use of membership benefits for various services, and responses to inquiries
17. Analyses based on statistical data obtained from purchase logs, etc.
18. Collection under laws, regulations, or due to other legitimate reasons・For the purposes of collection and use of personal information from members, please see the respective membership agreement or Privacy Policy.
    ・Whenever we ask you to provide personal information, either in writing or by directly inputting on our website, we will clearly state the purposes of use and period of retention of such information.
    ・If you are asked to directly fill out an application form for services such as the delivery of products, orders for custom-made products or parts, or repair services, and, due to limitations on space, the form does not specify the purposes of use, the service written on the form shall be the purposes of use, and the information shall be disposed of immediately after the relevant service is completed.
    However, in the event that the repairs, installation work, or deliveries are carried out by Joshin Service Co., Ltd., a consolidated subsidiary of Joshin Denki Co., Ltd., the logs shall be retained for five years for repairs, 10 years for installation work, and one year for deliveries for the purpose of providing after-sales services, and the information shall be disposed of immediately at the end of each of the said period.

1. Basic policy formulation
   ・To ensure the proper handling of personal data, we have established a Personal Information Protection Policy to cover compliance with relevant laws, regulations, guidelines, etc., and inquiries regarding the handling of personal information.
2. Establishment of rules regarding the handling of personal information
   ・We have formulated internal rules regarding handling methods, responsible parties and their roles, etc. for each stage of personal information handling (e.g., acquisition, use, retention, provision, deletion, disposal).
3. Organizational security control measures
   ・We have appointed personnel in charge of personal information protection related to the handling of personal data. We have also clarified employees who may handle personal data as well as the scope of the personal data to be handled by them, and have established a reporting line in the event that any violation of the Personal Information Protection Act or internal rules is detected or suspected.
   ・We shall conduct periodic self-inspections regarding the status of the handling of personal data, and have audits conducted by other departments.
4. Personnel-based safety control measures
   ・We shall provide employees with regular training on the handling of personal data.
   ・Matters relating to the confidentiality of personal data shall be stipulated in the employment regulations.
5. Physical and technical security control measures
   ・We control employees’ access to areas where personal data is handled and restrict the equipment and other items that may be brought in. We also take measures to prevent any unauthorized person from viewing personal data.
   ・We take measures to prevent theft or loss of equipment, electronic media, or the like that contains personal data.
6. Technical security control measures
   ・We implement access control to limit the personnel in charge and the scope of the personal information database, etc. handled.
   ・We take technical measures to protect information systems that handle personal data from unauthorized external access, unauthorized software, and other threats.

To ensure that customers comfortably make use of Joshin stores, Joshin Denki Co., Ltd. and contracted franchisees (hereinafter collectively referred to as “the Joshin Group”) make shared use of the personal information of customers.

Please note that, in accordance with laws and regulations, we may not notify individuals of or disclose the purposes of use of personal data in the following cases:

1.  When notifying the individual in question of the purposes of use or making them publicly available could harm the life, body, property, or other rights or interests of the individual in question or a third party
2. When notifying the individual in question of the purposes of use or making them publicly available could harm the rights or legitimate interests of Joshin Denki Co., Ltd. or the Joshin Group
3. When necessary to cooperate with a national agency or local public body in the performance of its duties as prescribed by law, and notifying the individual in question of the purposes of use or making them publicly available could impede the performance of such duties
4. When the purposes of use are deemed obvious in light of the circumstances of acquisition

Personal information provided by customers shall not be disclosed or provided to third parties except in the following cases.

1. When the individual in question has consented
2. When outsourcing work to external contractors with whom we have concluded a confidentiality agreement in advance for campaigns, prize competitions, events, and so on.
3. When outsourcing work to external contractors with whom we have concluded a confidentiality agreement in advance for incidental installation work, delivery, repair, etc. of products or services
4. When providing necessary information to a financial institution for the payment for goods and services by credit card, etc.
5. When the individual in question has been notified of the following matters or they have been made publicly available in advance
   ・The purpose of use is provision to third parties
   ・Items of the information to be provided to third parties
   ・The method of provision to third parties
   ・The provision of information to third parties shall be promptly suspended if requested by the individual in question
6. When required by law

Upon receiving a request for disclosure, correction, addition, or suspension of use of personal information held by us from the individual to whom the personal information belongs, we shall respond within a reasonable scope in accordance with laws and regulations; only when the identity of such individual is verified:

Please see the following Joshin Card Membership Agreement (PDF format) or the Joshin Web Terms of Service for information on how to request for correction, addition, or suspension of use of personal information

Joshin Web Terms of Service

Joshin Card members

Joshin Web members

Repair, installation, and delivery (However, the only data retained for more than one month following receipt of order is the repair history of Joshin cardholders.)

Documents required for requests for disclosure, etc.

Please enclose the above and mail it to the address indicated. We will reply in writing after the department in charge unseals and verifies the request documents.
Written responses by mail are sent to the address provided by the requester via registered post to be signed by addressee only. When you receive the notice from the nearby post office, please bring the personal identification documents specified by the post office (driver’s license, passport, basic resident register card with photo, etc.) to receive the written response at the post office counter.

Please note that it may take about two weeks after the request documents are received to send the response via registered post.
In addition, if the requested personal information falls under the conditions set forth in item 4 below, we will notify the requester of the fact that we are unable to disclose the requested personal information and the reason therefor.
Please note that, even in such case, the enclosed fee will not be returned.

[When requesting disclosure of content or method other than the above]

Please contact us as follows:

We will only respond (via a method agreed upon by the customer, such as orally, by telephone, via the webpage (TLS-supported and with identity verification), or by mail) to your request only when your identity has been verified as the individual concerned via the method of identification set forth in our Membership Agreement.
Please note that, depending on content, it may take about two weeks to reply.

Personal information obtained in connection with a request for disclosure, etc. will be used only to the extent necessary to respond to the individual’s request for disclosure, etc.

Any documents submitted will be retained for six months after completion of the response to the request for disclosure, etc. The documents will be disposed of at the end of this period.

Information will not be disclosed in the following cases:
If we decide not to disclose the information, we will notify the requester of the fact and the reason therefor.

• When we are unable to confirm the identity of the individual via the method of identification set forth in our Membership Agreement or via registered post to be signed by addressee only
• When there is a insufficiency or false entry in the prescribed request documents
• When the right of representation is not confirmed if the request is made by a proxy
• When the subject of the request for disclosure does not fall under the category of “personal information held by us”
• When there is a risk that the requested disclosure, etc. could harm to the life, body, property, or other rights or interests of the individual in question or a third party
• When there is a risk that the requested disclosure, etc. could significantly impede the proper execution of our business
• When the requested disclosure, etc. would violate other laws or ordinances

For comments, complaints or other matters regarding personal information, please contact us as follows:

・The personal information of employees shall be used for the following purposes:

1. For the general management of personnel as stipulated in the employment regulations, etc., as well as attendance management, performance appraisal, education and the like
2. To provide welfare benefits, to implement labor policies including taxation, social insurance, and health insurance procedures, and to conduct labor management
3. To conduct statutory health examinations, and to implement measures aimed at maintaining and improving safe working conditions
4. To perform payroll and pension benefit administration procedures
5. To establish the environment for the use of the internal LAN system, etc.
6. To communicate with employees in the event of a disaster or emergency
7. To ensure the necessary communication with employees’ families, retired employees, etc.

・Provision to third parties and purpose thereof, personal information items subject to provision, means or method of provision

1. Third parties to which personal information is provided: Group companies are to provide the personal information of their employees to Joshin Denki Co., Ltd.
2. Purposes of provision: Personnel management, welfare benefits, safety management, payroll operations, emergency response, etc.
3. Personal information items: The items set forth in “Personal information of employees subject to provision” below
4. Means or method: Transmission of encrypted or password-protected data or direct delivery of documents

・Personal information of employees subject to this Basic Policy

1. Basic personnel information: Name, employee code, photo, date of birth, sex, educational background, department, position, job grade, job type, home address, home telephone number, family composition, basic monthly income, annual income, work experience, information on physical and mental disabilities necessary for income tax withholding and employment promotion, internal LAN system password, email address, etc.
2. Personnel management information: Information on personnel transfer orders, evaluations, commendations and disciplinary actions, entries on personnel system-related forms, training attendance history, qualifications, licenses, labor union membership, etc.
3. Attendance management information: Attendance record, leave record, record of return-to-work after leave, etc.
4. Salary and bonus information: Salary and bonus history, information on allowances and salary deductions, commuting route, names and relationships of family members, dependents, bank account for salary and bonus payment, bank account for commuting allowance payment, retirement allowances, etc.
5. Welfare benefit information: Information on health insurance, pension, corporate pension, employees’ savings scheme, stock ownership, housing loans, insurance subscription, usage of dormitory and company housing, etc.
6. Health management information: Information on regular health examinations and other statutory health examinations, use of comprehensive medical checkups, etc.
7. Security control information: Entry/exit records, video records of entry/exit, etc.
8. Operational management information: Audio (video) records of meetings, communication records, behavioral records including going out on business, information system usage logs, etc.

・Operations involving the personal information of employees subject to outsourcing

1. Payroll services: Salary and bonus remittance to designated bank accounts, services related to employees’ savings scheme, insurance plan and the like, and electronic issuance of salary and bonus payment statements
2. Welfare benefit services: Services related to employees’ savings scheme with designated financial institutions, insurance plan, and employee ID cards 
3. Health management services: Services related to health examinations at designated medical institutions, use of comprehensive medical checkups, etc.

We are also a member of an authorized personal information protection organization as defined under the Personal Information Protection Act.
The name of the authorized organization to which we belong and the contact information for complaint resolution are as follows.

Note: This is not for inquiries concerning our products or services.