Photocreate Co., Ltd. (“Photocreate”) operates photography and web-based photo management services and other related services. In the course of performing those services, Photocreate may handle some personal information of customers receiving such services (“Customer(s)”). Photocreate promotes the protection of personal information based on the respect for Customers’ right to privacy and safe control of their personal information. In addition, Photocreate implements adequate security measures to safeguard the personal information of Photocreate’s officers, employees, job applicants, registered photographers, shareholders, and other individuals whose personal information is retained by Photocreate. Customers and Photocreate’s officers, employees, job applicants, registered photographers, shareholders, and other individuals whose personal information is retained by Photocreate are hereinafter individually referred to as a “Person” and collectively referred to as “Persons.”
1. Scope of application
2. Compliance with the laws concerning the protection of personal information, related guidelines established by the national government, and all other relevant rules and regulations
Photocreate complies with the Personal Information Protection Act, prefectural or municipal ordinances enforced at its place of business, guidelines established by the Ministry of Economy, Trade and Industry or other competent ministries or agencies in Japan, JIS Q 15001 (the PrivacyMark accreditation standards), and other rules and regulations pertaining to the protection of personal information (collectively, the “Laws and Regulations”). To enhance compliance with the Laws and Regulations, Photocreate has established this Policy as well as the management system for the protection of personal information and puts them into action.
3. Properly acquiring personal information
Photocreate’s acquisition of any personal information directly from a Person will be subject to the Person’s prior consent to be obtained after explicitly indicating the purpose of use of the personal information and other necessary matters to the Person. If Photocreate acquires any personal information of a Person indirectly from a third party, Photocreate will ascertain whether the third party providing such information has duly acquired the same information from the Person. In this regard, Photocreate announces the purpose of use of the personal information and other necessary matters on its website. Photocreate will not acquire such particular personal information that is sensitive and falls under any of the following categories, except where Photocreate is required to acquire such information under the Laws and Regulations.
- Matters concerning ideology, creed, or religion
- Race, ethnicity, family origin, the registered domicile (excluding the information about the prefecture in which the Person resides), physical or mental disorders, criminal record, or other matters that could contribute to social discrimination
- Matters concerning the right of workers to organize, collective bargaining, or other collective action
- Matters concerning participation in public demonstrations, the exercise of a right of petition, or the exercise of any other political right
- Matters concerning health and medical care or sexual relations
4. Properly using or providing personal information
Photocreate uses personal information solely within the scope of purposes of use made known to the Person or publicly announced in advance. The particular purposes of use of personal information are described in “Announcement Concerning Personal Information.”
Photocreate will not provide any personal information of a Person to a third party without obtaining the Person’s consent, except in the case of providing the personal information in connection with service outsourcing. However, the foregoing does not apply to disclosures required under a warrant or other decision issued by a court or under an order or any applicable law, disclosures in response to inquiries made by a public prosecutors office, police agency or supervisory authority through legitimate procedures and prescribed formalities, and other disclosures made pursuant to the Laws and Regulations. To prevent any personal information from being used or provided for unauthorized purposes, Photocreate carries out daily checking and internal auditing under its personal information protection management systems.
5. Posting photographs on a website
In performing photography and web-based photo management services and other related services, Photocreate may sell photographs, videos or other items (collectively, “Photo(s)”) to Customers. For this purpose, Photos taken by photographers under contract to Photocreate at an event may be posted on the website to be made available for access by the event participants, and those Photos (including their digital data and printed materials) will be sold to Customers who will wish to buy them. On such occasions, those Photo data on the website may be accessed or purchased by any event participants other than the photographic subjects. No personal information about any photographic subject or other information necessary for searching the photographic subject will be posted on a website, except for the image information of the photographic subject appearing in each of those Photos. On the occasion of taking Photos at an event and posting them on a website, Photocreate will make known the foregoing policies in writing to the event participants who may become a photographic subject, with the approval of the event organizer. Those who do not wish their Photos to be posted or who wish to delete their images may ask for discontinuance of posting or deletion via the prescribed form for request for image deletion available on Photocreate’s website.
6. Prevention of leakage, loss or damage to personal information and corrective measures
To prevent leakage, loss or damage to personal information that may be caused by unauthorized access or other security incidents, Photocreate implements the security control measures described as follows. If a deficiency in security control is found, Photocreate will promptly take corrective measures.
- Store the personal information in an information system with appropriate measures for preventing unauthorized access, obtain access logs, and monitor access to the information system
- Keep paper materials and electronic media stating or recording personal information in a locked cabinet or room
- Implement security measures to physically block unauthorized entry into Photocreate’s offices or server rooms
- Verify whether outsourcing partners undertaking the processing or storage of personal information are properly implementing measures to protect personal information, and provide the necessary supervision to those outsourcing partners
Photocreate takes no part in the management of the ID and password of each Customer. If a Customer’s ID or password is used by a third party due to the Customer’s carelessness, the personal information registered by the Customer with Photocreate may be accessed by third parties. Since the responsibility for the use and management of a Customer’s ID and password lies with that Customer, Customers are encouraged to exercise the utmost care so as to prevent mistakenly using their ID or password or allowing a third party’s wrongful use of the ID or password.
8. Ongoing improvement of the personal information protection management systems
Photocreate will periodically review its personal information protection management systems and improve those systems on an ongoing basis in line with the changes in business environment or social conditions, advancement of information security technologies, and enactment or revisions of relevant laws.
9. Inquiries about personal information
- (1) Response to complaints and requests for consultation Photocreate undertakes to respond with sincerity and to the greatest extent possible when receiving a complaint or a request for consultation in connection with personal information.
- (2) Various requests in connection with personal information If a Customer requests notification of the purpose of use of the personal information, its disclosure, correction, addition or deletion, discontinuance of its use, discontinuance of its provision to a third party, or its erasure, Photocreate will take steps to address the request after verifying the identity of the Customer as the Person involving such personal information.
10. Revision of this Policy
- 1. Revision or abolition of this Policy shall be subject to a resolution of the Board of Directors of Photocreate.
- 2.This Policy shall enter into force on October 1, 2005.
Revised on July 13, 2009
Revised on November 25, 2009