Kintetsu Railway Co., Ltd. complies with the Act on the Protection of Personal Information and the laws and regulations relevant to the said Act and handles personal information acquired from customers and other concerned persons properly in accordance with the following policy to achieve reliable protection of the said personal information.1.The Company acquires personal information in an appropriate and fair manner. 2.The Company does not handle personal information, without obtaining in advance the principal's consent, beyond the necessary scope to achieve a specified purpose of use; provided, that the Company may process personal information into a mode in which individuals cannot be identified unless it is cross-checked with other information (i.e., Pseudonymously Processed Information), or in which a specific individual cannot be identified (i.e., information processed into anonymity) and use such information processed into anonymity as statistical materials of the Company or provide such information processed into anonymity to other business operators as utilization/purchase trend research materials or for other purposes. 3.The Company takes various kinds of security countermeasures to prevent unauthorized access to and misappropriation, destruction, alteration and leakage, etc. of personal information in order to keep personal information accurate and control it in a secure manner. 4.The Company does not, except in those cases prescribed in laws and regulations, provide personal information to any third party without obtaining in advance the principal’s consent. 5.The Company may provide personal information acquired from customers and other concerned persons to outsourcing companies for information processing or other purposes within the scope of the purpose of use. In addition, the Company may, pursuant to procedures prescribed in laws and regulations, use personal information jointly with another business operator. When conducting entrustment or joint use in connection with the handling of personal information, the Company strictly researches the candidate outsourcing company or joint user and endeavors to prevent the leakage of information by exercising appropriate supervision and coordination. 6.The Company establishes procedures for requests by the principal or his/her agent for disclosure, correction, cessation of use, etc. for retained personal data as prescribed in laws and regulations and contact that addresses complaints relating to the handling of personal information, and promptly deals with such matters. 7.In order to prevent leakage, loss, or damage of personal data, and to protect the information related to it, The Company has established a system that enables all persons working for the Company to handle personal information properly by appointing the personal information protection officer as the most responsible person for personal information, and a personal information divisional officer and a personal information handling manager in each respective division and by providing sufficient training to employees. 8.The Company endeavors to properly handle personal information acquired from customers and other concerned persons by renewing this Personal Information Protection Policy and the internal control system for the protection of personal information in a timely manner.
*In this Personal Information Protection Policy, personal information means information relating to a living individual which falls under any of the following items:(1)Information containing a name, date of birth, or other descriptions etc. whereby a specific individual can be identified (including information which can be readily collated with other information and thereby identify a specific individual); and (2)Information containing an individual identification code**.
** In this Personal Information Protection Policy, an individual identification code means those listed in each item of Article 1 of the Cabinet Order to Enforce the Act on the Protection of Personal Information, including exemplified items as follows:(1)Data for biometric authentication (i.e., DNA arrangement, face, appearance, iris, vocal print, vein, characteristics of behavior, and fingerprint, etc); and (2)Passport number, basic pension number, driver’s license number, resident register code, individual number (under the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures), health insurance certificate number, residence card number, etc.