NHK ENTERPRISES, INC. (“we”, “us” or “our”) engages in the business of production and commercialization of various kinds of content such as broadcast programs of NHK, and organization and management of special events, etc.
For the purposes of carrying out these business activities, we retain a lot of personal information, and properly protect and manage such personal information in accordance with laws and regulations.
Upon formation of advanced information and communications society with rapid digitization recently, we make further efforts to protect rights and interests of individuals, and we have laid down our Basic Policy on the Protection of Personal Information as follows for appropriate and effective utilization of big data.
We make every effort to protect personal information for enhancing our services with our customers’ reliance.
Basic Policy on the Protection of Personal Information
- We shall comply with the laws and regulations regarding personal information including the Act on the Protection of Personal Information (Act No. 57 of 2003) (the “Act”). We shall treat personal information appropriately in accordance with our internal rules as well. Therefore, we shall implement necessary education to all persons who treat personal information in the course of business and employment.
- Upon gathering personal information, we shall (a) specify the purposes of utilizing personal information (the “Utilization Purposes”), (b) appropriately gather personal information to the necessary extent, (c) notify or publicize the Utilization Purposes, and (d) utilize the personal information within the scope of the Utilization Purposes.
- We shall not utilize personal information using a method that has the possibility of fomenting or prompting unlawful or unfair act.
- We shall obtain the information subject’s consent in advance when we utilize the gathered personal information beyond the scope of the Utilization Purposes or provide the personal information to any third party except as otherwise provided in laws and regulations.
- Upon entrusting the gathered personal information to any third party, we shall appoint the party meeting the adequate protection standards, and take appropriate actions necessary for protection of personal information by contract or other means.
- Upon production of pseudonymously processed information and anonymously processed information (as defined in the Act) from personal information in the course of creation of business, we shall take appropriate actions in accordance with the Act and related laws and regulations.
- Upon handling personal information, pseudonymously processed information and anonymously processed information, we shall take necessary and appropriate action for the security control as to the risk of leakage, loss or damage of personal data.
- Upon storage and management of personal information, we shall establish internal rules and make best efforts for security control in order to prevent and correct improper access to, loss of, damage to, or leakage of the personal information.
- We shall make best efforts (a) to properly deal with changes of social environment regarding treatment of personal information, and (b) to suitably review and revise the internal rules regarding security control etc. in order to keep their effectiveness.
- When there is any complaint or consultation regarding our treatment of personal information, or when the information subject requests us to disclose, correct, delete, or cease to utilize personal information, we shall deal with such requests etc. promptly in accordance with the laws and regulations.
- We do not treat personal information and personally referable information (as defined in the Act) processed for the purpose of being provided for use in the press or in writing as set forth in Article 57(1) of the Act. Provided, however, that Section 7 of this Basic Policy shall apply with modifications to such personal information and personally referable information.
Establishment Date: April 1, 2005
Revision Date: April 1, 2022
NHK ENTERPRISES, INC.
President and CEO: Nobuto ARIYOSHI
Treatment of Personal Information
Utilization Purposes of Personal Information
The Utilization Purposes of the personal information we gather are as follows. When respective utilization purposes exist, we publicize such respective utilization purposes at website regarding such business separately.[Production and sales of content]
- Communication and correspondence with production staff and contractors, and making application for using facilities etc.
- Filling in scripts.
- Communication and correspondence with casts of programs, and payment of fees to such casts.
- Communication and correspondence with providers of materials for programs, and payment of fees to such providers.
- Communication and correspondence with persons contributing to production of programs such as right holders and producers regarding original work, scripts, scenario and music, and payment of fees to such persons.
- Shipping products purchased, billing, payment and settlement processing for such products, and after-sales service.
- Payment of fees for cooperation with programs.
- Communication and correspondence with right holders, and payment of fees to such right holders.
- Communication and correspondence with parties concerned such as customer and client.
- Communication and correspondence with licensees etc.
- Analysis of viewing trends of programs with respect to licensees etc.
- Providing information regarding our products such as new products and recommendation etc.
- Analysis of purchase history etc., and display of advertisement regarding products and services according to preference.
[Licensing business]
- Management of history of granting license to licensees etc.
- Grasping licensees’ preference regarding grant of license etc.
- Introduction of status of license to distribution.
- Processing rights regarding programs under development etc.
- Introduction of new license to licensees.
- Processing rights upon grant of license.
[Material provision business]
Grasping relationship of rights upon provision of materials retained by us such as motion video, voice and pictures, and providing such materials for persons who requests to use and billing for such use.[Archive business]
Processing and obtaining rights necessary for broadcast and secondary use (such as transmission and Internet streaming) of NHK’s program.[Rights business]
- Processing and obtaining rights necessary for broadcast and secondary use (such as transmission and Internet streaming) of NHK’s program.
- Processing rights necessary for transmission and Internet streaming of NHK’s program.
- Processing rights necessary for providing NHK’s program for outside parties.
[Digital content production business]
- Establishing and creating webpages.
- Utilizing personal data effectively.
- Provision of information, communication and correspondence in social media such as Twitter and Instagram.
[Event planning and production business]
- Introduction of profile of event participants.
- Reception of application of event participants.
- Reception of visitors to events, and communication, correspondence and introduction to such visitors.
- Grasping preference of visitors to events.
- Payment of fees to event participants.
- Describing in operation manuals.
- Introduction of events sponsored or cosponsored by us.
- Sales of products related to events.
[Transmission and Internet streaming business]
- Sales of products ordered by customers, and introduction of services associated with such sales via e-mail etc.
- Introduction of our products etc. via e-mail etc.
- User support of our products and services.
- Provision of any other service and content related to or associated with the above on websites.
- Implementation of research regarding status and circumstance of utilization, and creation of statistical data for the purpose of grasping customer satisfaction objectively.
- Improving and enhancing services, and examining new services.
- Promotional activities regarding related facilities and show business.
[Personal Information of our partner companies]
- Implementation of meetings for works etc.
- Provision of information, communication and correspondence.
- Implementation of works entrusted by our partner companies.
[Personal Information of individuals involved in business management]
- Communication and correspondence with shareholders, and management of shares.
- Exercise of our rights and performance of our obligations.
- Creation and storage of documents, records and data in accordance with laws and regulations.
[Personal Information of job applicants to us]
- Our recruiting activities, safety and personnel management after employment, and other related works.
[Personal Information of our officers, employees and other staff members]
- Calculation and payment of salary and remuneration.
- Safety and personnel management of our personnel and related works.
[Contact regarding inquiry]
- Replying to inquired matters.
Provision to Third Party
We shall obtain the information subject’s consent in advance when we provide the personal information to any third party except for the following cases.- Cases based on laws and regulations.
- Cases where there is a need to protect human life, body or property.
- Cases where there is a special need to enhance public hygiene or promote fostering healthy children.
- Cases where there is a need to cooperate with central government organization, local government, or a person entrusted by them performing affairs stipulated by laws and regulations.
When we cannot obtain consent of the information subject in the course of our business, in order to enable to stop such provision upon request of such information subject, we shall notify such information subject in advance and put such information subject into a state where such information subject can easily know, and we shall implement such provision by means of “opt-out” procedure submitting to the Personal Information Protection Commission.
When we provide personal information to any third party in the foreign countries (as set forth in the Act), we shall basically obtain consent of the information subject in advance and then implement such provision except for the above-mentioned cases.
Entrustment to Third Party
When we utilize personal information by entrusting to any third party, we shall examine whether such entrustment is appropriate considering the safety management status of such third party, and shall make every effort to implement management and supervision over such third party by executing entrustment contract stipulating provisions necessary for implementing appropriate supervision including confidential duties or other means.Ensuring Traceability of Personal Information upon Provision to Third Party
We shall store the recipient’s record such as recipient’s name during a fixed period in order to protect privacy upon provision of personal information to any third party. When we receive personal information from any third party, we shall confirm such third party’s name and circumstances where such third party has acquired the personal information etc. and store such record during a fixed period.Effective Utilization of Personal Data
We gather personally referable information, produce pseudonymously processed information and anonymously processed information, and utilize such information in order to create and establish our new business.[Personally Referable Information]
We utilize various personally referable information obtained through identifier stored and gathered by Cookies etc.
“Personally referable information” means information relating to a living individual which does not fall under personal information, pseudonymously processed information or anonymously processed information.
Example of personally referable information is as follows:
- Browsing history of websites with respect to certain individual gathered through terminal identifier such as Cookies.
- Age, gender and family structure etc. with respect to certain individual linked to e-mail address.
- Purchase history of products and usage history of services with respect to certain individual.
- Location information with respect to certain individual.
- Information indicating preference and interest with respect to certain individual.
When we receive personally referable information, we shall obtain consent of the information subject for our receipt.
[Pseudonymously Processed Information]
We produce and utilize pseudonymously processed information.
“Pseudonymously processed information” means information relating to an individual that can be produced from processing personal information so as not to be able to identify a specific individual unless collated with other information.
We shall process personal information in accordance with the following regulations of Personal Information Protection Commission of Japan.
- Deleting all or part of descriptions etc. contained in personal information by which a specific individual can be identified.
- [Example] When we process personal information containing name, address and date of birth:
- we delete the name.
- we delete the address, or replace the address for “XXX Prefecture, YYY City.”
- we delete the date of birth, or replace the date of birth for the year of birth.
- [Example] When we process personal information containing name, address and date of birth:
- Deleting or replacing all individual identification codes contained in personal information.
- Deleting credit card number which may lead to monetary damages to the information subject, and log-in ID and password as to Internet services with function of remittance and settlement.
Except as permitted or required by laws and regulations, we shall utilize pseudonymously processed information for internal purposes only, and shall not provide pseudonymously processed information to any third party.
Upon utilization, we shall not collate pseudonymously processed information with personal information used for producing such pseudonymously processed information, or shall not contact the information subject by utilizing pseudonymously processed information.
We shall take actions for security control in order to prevent leakage etc. of deleted information used for producing pseudonymously processed information.
[Anonymously Processed Information]
We produce, provide and utilize anonymously processed information.
“Anonymously processed information” means information relating to an individual that can be produced from processing personal information so as neither to be able to identify a specific individual nor to be able to restore the personal information. We shall process personal information in accordance with the following regulations of Personal Information Protection Commission of Japan.- Deleting all or part of descriptions etc. by which a specific individual can be identified.
- Deleting all individual identification codes.
- Deleting connecting codes such as membership number of our Family Club.
- Deleting unique descriptions etc. identifying the information subject.
- Taking actions for ensuring that the information subject cannot de identified considering the nature of personal information database.
Upon processing, we shall take actions for security control of information regarding method of processing etc.
We shall publicize the categories of information relating to individuals at websites regarding relevant business.
When we provide anonymously processed information produced by us to any third party, we shall in advance publicize the categories of information concerning an individual contained in anonymously processed information to be provided and its providing method.
Action taken for security control of personal data
Considering severity of infringement of rights and interests of the information subject in case of leakage etc. of personal data, we take necessary and appropriate actions for security control according to the risks arising from size and nature of business, status of treatment of personal data, and nature of media recording personal data etc. as follows.
When we utilize pseudonymously processed information and anonymously processed information, we take actions for security control to prevent leakage of deleted information etc. regarding processed information.
[Establishment of basic privacy policy]
- We establish our basic privacy policy regarding compliance with relevant laws, regulations and guidelines etc., the contact information regarding inquiry and dealing with complaint etc. in order to ensure proper treatment of personal data.
[Establishment of rules regarding treatment of personal data]
- We establish rules regarding treatment of personal data as to treatment method, responsible persons, persons in charge, and their responsibilities etc. according to the stage of gathering, input, transfer, sending, utilization, processing, storage, back-up, deletion, destruction of personal information.
[Organizational actions for security control]
- We appoint responsible persons for treatment of personal data, clarify the scope of personal data which persons in charge of treatment of personal data treat, and establish our contact and report system to responsible persons in case violation of laws and regulations and the treatment rules or indication thereof is being aware.
- Based on the provisions of treatment of personal data, we implement self-inspection on a regular basis, and carry out audits by other departments.
- In order to maintain the ISMS (Information Security Management System) accreditation, we have been subject to accreditation examination (audits) by JSA Solutions Co., Ltd.
[Actions for security control with respect to personnel]
- We hold workshops for our personnel regarding points of concern as to treatment of personal data on a regular basis.
[Actions for security control on physical aspect]
- We manage entry and exiting of our personnel to and from areas where personal data is treated, restrict devices etc. to be brought in and taken out, and take necessary actions for preventing unauthorized access to data.
- We take necessary actions for preventing theft or loss etc. of devices, electronic media and documents etc. used for treatment of personal data. In addition, we take necessary actions for ensuring that content of data does not easily become known when our personnel bring such devices etc. regardless of outside or inside of the offices.
[Technical actions for security control]
- We implement access control to limit the persons treating personal data and the scope of personal information database treated etc.
- We establish protection mechanism for information system used for treatment of personal data against illegal access from the outside and illegal software.
[Grasping external circumstances]
- We specify countries where personal data is stored, grasp the personal information protection system of such countries, and take actions for security control.
- We clarify the countries where personal data is stored in our respective business.
- Please refer to the personal information protection system to be publicized by Personal Information Protection Commission of Japan.
Personal Information of Customer under 15 years of age
We would like our customers under fifteen (15) years of age to provide their personal information with consent of their parents and/or guardians.Request for disclosure, correction, addition, deletion or cease of utilization, erasure of Personal Information and Complaint Processing
When we are requested to disclose personal information which we retain, we will confirm whether the requestor is the information subject of such personal information, and if confirmed so, we will disclose such personal information to such information subject.
The information subject may request us to correct, add, delete, cease to utilize, and erase the personal information of such information subject retained by us by means designated by us.
Provided, however, that we may not comply with all or part of such request in cases where (a) there is a possibility of harming such information subject’s or any third party’s life, body or property etc., (b) there is a possibility of interfering seriously with implementation of our business properly, or (c) it will result in violation of other laws and regulations.
We shall make best efforts to deal with complaint regarding treatment of personal information appropriately and promptly.
The contact information regarding request for disclosure etc. and complaint processing is as follows.
Attention: Risk Management Office of NHK ENTERPRISES, INC.
Address: 4-14 Kamiyama-cho, Shibuya-ku, Tokyo 150-0047, Japan
Telephone Number: +81 (0)3.3481.7901
Support Hours: 10:00 am to 6:00 pm Japan Standard Time (excluding Saturday, Sunday and national holidays)
Fees: You will be charged fees for the procedure of request for disclosure etc.
Use of Cookies
“Cookies” are small-sized files which our web server sends to your browser based on industry standard technology called “Cookies”, and may be saved on your hard disc. By using “Cookies”, we can analyze which website our customers browse, and utilize the Internet efficiently, but we cannot identify the individual customer.
Websites operated by NHK ENTERPRISES use “Cookies” for the following purposes.
- To obtain statistical data regarding access.
- To customize our websites according to our customers’ use.
You may refuse to receive “Cookies” by setting their browser. In this case, you may browse websites operated by NHK ENTERPRISES.
Use of Web Beacons
Our website uses “Web Beacons” (also known as “Clear GIFs”) in order to display images suitably, to count the number of browsers viewing contents, and to measure the access status etc.
Some of images displayed on our website use third party’s distribution servers. Third party’s servers for measurement are used to measure the access status as well. These third parties also use “Web Beacons” in order to distribute images efficiently and to measure the access status. However, these “Web Beacons” cannot identify the individual customers.
GDPR
“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). We shall comply with necessary requirements under GDPR if and when GDPR is applicable to our processing of personal data.Basic Policy on the Protection of Individual Number and Specific Personal Information
As to personal information which includes Individual Number (“Specific Personal Information”), stricter protection is stipulated in the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures (Act No. 27 of 2013) (the “Number Act”) as special act regarding the Act. We shall comply with the Number Act and related laws and regulations upon implementation of works treating Specific Personal Information based on the Number Act.- We shall appropriately gather, utilize, provide, store, delete and destroy Specific Personal Information, and establish and comply with internal rules etc. regarding these matters.
- We shall take necessary actions for security control in order to prevent leakage of, loss of or damage to Specific Personal Information. When such leakage etc. occurs, we shall take necessary actions for correction promptly according to the individual incident.
- We shall deal with complaint and consultation of the information subject regarding our Specific Personal Information etc. appropriately and promptly. The contact information regarding inquiry from the information subject is as follows.
Attention: Risk Management Office of NHK ENTERPRISES, INC.
Address: 4-14 Kamiyama-cho, Shibuya-ku, Tokyo 150-0047, Japan
Telephone Number: +81 (0)3.3481.7901
Establishment Date: June 28, 2016
Revision Date: April 1,2022
NHK ENTERPRISES, INC.
President and CEO: Nobuto ARIYOSHI