Basic Policy on Personal Information Protection (Privacy Policy)

In consideration of the importance of personal information protection and to further enhance our customers’ trust in the insurance industry, we comply with the Personal Information Protection Act (Act on the Protection of Personal Information), the Act on the Use of Numbers for Identifying Individuals in Administrative Procedures　(Number Act), other relevant laws and regulations, guidelines from relevant authorities, and guidelines for the appropriate handling of specific personal information. 

We will thoroughly educate and instruct our employees to ensure that personal information is handled appropriately. We will promptly respond to complaints and inquiries regarding the handling of personal information and will review and improve measures related to our handling of personal information and safety management as necessary.

1. Acquisition and Use of Personal Information :
   We will acquire and use personal information (please refer to section 7 regarding personal numbers and specific personal information) only within the necessary scope for our business and through lawful and fair means.
2. Purpose of Use of Personal Information :
   We will use the acquired personal information (please refer to section 7 regarding personal numbers and specific personal information) within the scope necessary for carrying out the entrusted insurance business from insurance companies. We are engaged with multiple insurance companies and may use the acquired personal information to propose products and services from the insurance companies we do business with. The specific purposes for the use of personal information within our company are as follows, and we will not use it for any other purposes.

Provision of the non-life insurance, life insurance, and related services handled by our company

Any changes to the purposes of use mentioned above will be made within a reasonable scope that is deemed to have sufficient relevance. In the event of such changes, we will notify you of the details in principle via written communication (including electronic records, the same applies hereafter) or publish them on our company website (address). The purposes of use for the insurance companies that delegate insurance operations to us are listed on the websites of those companies.

• AIG General Insurance Company
• Tokio Marine & Nichido Fire Insurance Co., Ltd.
• Mitsui Sumitomo Insurance Co., Ltd.
• Sompo Japan Insurance Inc.
• Aioi Nissay Dowa Insurance Co., Ltd.
• Daido Life Insurance Company
• Nippon Life Insurance Company
• ORIX Life Insurance Corporation
• MetLife Insurance K.K.
• AXA Life Insurance Co., Ltd.
• Aflac Life Insurance Co., Ltd.
• Tokio Marine & Nichido Anshin Life Insurance Co., Ltd.
• Mitsui Sumitomo Aioi Life Insurance Co., Ltd.
• SOMPO Himawari Life Insurance Co., Ltd.
• Hanasaku Life

3. Measures for the Security Management of Personal Data :
   We take sufficient security measures to prevent the leakage, loss, or damage of personal data (including personal identification numbers and specific personal information as mentioned in item 7 below) handled by us and for the safe management of personal data. This includes the establishment and implementation of security management regulations and systems, as well as appropriate measures to ensure the accuracy and timeliness necessary for achieving the intended use. In the unlikely event of a problem, we will promptly take appropriate corrective actions.We have established internal regulations regarding the safety management measures of personal data, and the specific contents are mainly as follows. For inquiries regarding safety management measures, please contact us.
   • Establishment of Basic Policy :
     To ensure the proper handling of personal data, we have developed a basic policy concerning “compliance with relevant laws, guidelines, etc.,” “matters concerning safety management measures,” and “inquiries and complaint handling.” This policy is reviewed as necessary.
   • Establishment of Regulations Related to the Safety Management of Personal Data :
     Regulations concerning methods of handling, responsible individuals, and their duties at each stage such as acquisition, use, storage, provision, and deletion/disposal are established and reviewed as necessary.
   • Organizational Safety Management Measures :
     • Appointment of those responsible for managing personal data
     • Establishment of safety management measures in employment rules, etc.
     • Operation in accordance with regulations related to the safety management of personal data
     • Establishment of means to verify the handling status of personal data
     • Establishment and implementation of inspection and audit systems regarding the handling status of personal data
     • Establishment of a system to respond to incidents of leakage, etc.
   • Human Safety Management Measures
     • Signing non-disclosure agreements regarding personal data with employees
     • Clarification of roles and responsibilities of employees
     • Thorough dissemination, education, and training regarding safety management measures to employees
     • Confirmation of compliance status with personal data management procedures by employees
   • Physical Safety Management Measures
     • Management of areas handling personal data
     • Prevention of theft of equipment and electronic media, etc.
     • Prevention of leakage, etc., when transporting electronic media, etc.
     • Deletion of personal data and disposal of equipment and electronic media, etc.
   • Technical Safety Management Measures
     • Identification and authentication of users of personal data
     • Setting of management categories for personal data and access control
     • Management of access permissions for personal data
     • Measures to prevent leakage or damage, etc., of personal data
     • Recording and analysis of access to personal data
     • Recording and analysis of the operational status of information systems handling personal data
     • Monitoring of information systems handling personal data. …
   • Supervision of contractors :
     When outsourcing the handling of personal data, we select those who handle personal data appropriately, ensure the implementation of safety management measures at the contractor, establish regulations regarding the handling of outsourcing, and review them regularly.
   • Understanding of external environment :
     Safety management measures are implemented after understanding the system concerning the protection of personal information in the country handling personal data.
4. Provision of Personal Data to Third Parties and Acquisition from Third Parties :
   Except in the following cases, we will not provide personal data (for information regarding personal numbers and specific personal information, please refer to section 7 below) to third parties without the prior consent of the individual concerned.
   • When required by law
   • When it is necessary to protect a person’s life, body, or property, and it is difficult to obtain consent from the individual concerned.
   • When it is especially necessary for the improvement of public health or the promotion of the sound development of children, and it is difficult to obtain consent from the individual concerned.
   • When it is necessary to cooperate with a national agency or local government, or persons entrusted by them to perform duties prescribed by law, and obtaining consent from the individual concerned would likely impede the execution of those duties.
   • When the third party is an academic research institution, and it is necessary for the third party to handle the personal data for academic research purposes (including cases where part of the purpose of handling the personal data is for academic research, except where there is a risk of unduly infringing upon the rights and interests of the individual).
   • When personal data is provided to or acquired from a third party (including cases where personal-related information is obtained as personal data), we will confirm the circumstances of the provision or acquisition and record and store the name of the provider or recipient and other items prescribed by law.
5. Provision of Personal Related Information to Third Parties :
   • We, except as provided by law, will not provide personal related information to a third party without confirming that the third party has obtained consent from the individual concerning the acquisition of such personal related information as personal data if such acquisition is anticipated.
   • Our company, except as provided by law, will confirm and record matters related to the provision of personal related information to a third party based on the confirmation in the previous item (e.g., when, to whom, what kind of personal related information was provided, and how the third party obtained consent from the individual, etc.).
6. Handling of Sensitive Information :
   Our company, in principle, does not acquire, use, or provide sensitive information (which includes personal information requiring special consideration, such as race, beliefs, social status, medical history, criminal record or information about being a victim of a crime, etc.) and information related to membership in labor unions, ancestry, and registered domicile, health care, and private life (excluding those that correspond to sensitive personal information), except in the following cases:
   • When required by laws and regulations
   • When necessary for the protection of a person’s life, body, or property
   • When particularly necessary for the improvement of public health or the promotion of the healthy development of children
   • When there is a need to cooperate with national agencies, local public entities, or persons commissioned to perform duties as stipulated by law
   • When it is necessary to acquire, use, or provide sensitive information about employees related to their affiliation with or membership in political, religious, or other organizations, within the scope necessary for the execution of insurance premium collection operations, etc.
   • When acquiring, using, or providing sensitive information is necessary for the execution of tasks related to insurance payment proceedings that involve inheritance procedures
   • When it is necessary to acquire, use, or provide sensitive information within the scope necessary for business operations based on the consent of the individual, to ensure the appropriate business operation of the insurance industry.
7. Handling of Personal Numbers and Specific Personal Information :
   We will not acquire or use personal numbers and specific personal information for purposes other than those explicitly specified by law. Additionally, except in cases explicitly stated by the Number Law, we will not provide personal numbers and specific personal information to third parties.
8. Procedures for Requests Regarding Personal Data Held by Our Company :
   In the event that requests for disclosure, correction, or suspension of use of personal data concerning the individual are received, we will verify the identity of the individual and respond appropriately. For details on the request procedure, please contact us at the inquiry information below.
9. Contact Information :
   The contact for inquiries is below. For inquiries regarding insurance accidents, you may also contact the accident consultation window of the insurance company listed on your insurance policy, in addition to the inquiry window below. 

Please note that we will only respond after verifying that the inquirer is the individual in question, so we appreciate your understanding in advance.　

Success Insurance Group Co., Ltd.
president Naohmi Kishioka

【contact】　
Address: J Pro Port Side Building 301, 10-35 Sakaecho, Kanagawa Ward, Yokohama City, Kanagawa 221-0052, 
Phone Number: 045-450-7167 
Fax Number: 045-450-7168
Email Address: info@success-ig.com 
URL: https://success-ig.com/