Privacy policy
Basic Policies on the Protection of Personal Information
1. We make every effort to comply with laws, norms and regulations regarding protection of information, and thereby protect personal information.
2. We make every effort to, when collecting, using and providing personal information, safely and strictly manage it based on laws and regulations.
3. We make every effort to prevent illegal access to, leakage or loss of, damage to, or tampering with personal information.
4. We shall utilize collected personal information only within the scope of the purpose for its use determined beforehand.
5. We shall continuously review and improve our practices for protecting personal information.
Purpose of Use of Personal Information
IUJ will use acquired personal information within the scope of the following purposes as necessary for the performance of administrative duties. We will not use personal information beyond this scope except when prior consent is obtained from the individual in question or when specified in the Personal Information Protection Act.
Students Student registration, grading, course registration and class management, supervising research and study, awarding degrees, the issuance of various certificates, responses to surveys and submission of reports to organizations such as the Ministry of Education, Culture, Sports, Science and Technology (MEXT), scholarships, international exchange, student exchange, community exchange, the use of facilities, career support, health management, insurances, welfare, consultation support, ceremonies, tuition, IUJ’s public relations, and organizations affiliated with IUJ
Alumni Matters relating to the issuance of various certificates, responses to surveys and submission of reports to organizations such as MEXT, career survey, the use of facilities, the juridical person’s public relations, and organizations affiliated with the juridical person
Applicants Matters relating to admission screening and selection, scholarship allocations and recommendations, pre-enrolment education, admission procedures, IUJ’s public relations, and statistical survey and analysis
Persons requesting admission materials or those participating in events Matters relating to the sending of materials, the operation of events, and the distribution of information from IUJ
Participants to short programs and/or open seminars Matters relating to registration for participation, the operation of lectures, and the distribution of information from IUJ
Officers and Councilors of the Educational Foundation Matters relating to the operation of the Board of Trustees and Board of Councilors, responses to surveys and submission of reports and applications to organizations such as MEXT, Information disclosure according to the laws and regulations, Public relations, Legal Entity Registration (Representative only) and Insurance and limited liability contracts
Job Applicants Matters relating to the selection of applicants and hiring procedures prior to employment
Academic staff Matters relating to educational and research activities, the operation of the juridical person, personnel, salary, welfare system, health management, the use of facilities, inquiries from outside the university, application for subsidies, information disclosure according to the laws and regulations, public relations and responses to surveys and submission of reports and applications to organizations such as MEXT, etc.
Administrative staff Matters relating to the operation of the juridical person, personnel, salary, welfare system, health management, the use of facilities, application for subsidies, and responses to surveys and submission of reports to organizations such as MEXT, etc.
Donors Matters relating to donations (fundraising)
Sponsoring companies and scholarship support organizations Communication for academic support, daily life support, and payment of tuition fees for their students
External groups and individuals Matters relating to the operation of events, and entrusting of administrative duties to contractors
Other purposes (common to all categories above) Self-study and accreditation, surveys and questionnaires to improve the quality of IUJ’’s research and educational and its operations.
Regulations on the Protection of Personal Information
(Purpose)
Article 1-1. In view of the importance of properly protecting personal information based on the philosophy of respecting individuals, the purpose of these regulations is to ensure the proper handling of personal information, and contribute to protecting the privacy, rights, and interests of individuals by defining necessary matters related to the handling of personal information that IUJ possesses.
1-2 Matters regarding the protection of personal information not covered in these regulations shall be referred to the “Act on the Protection of Personal Information” (Act No.57 of 2003) and the “Order for enforcement of the Act on the Protection of Personal Information” (Cabinet Order No. 507 of December 10, 2003), and other related Acts.
(Definitions)
Article 2. Definitions of terms as used in these regulations shall be defined as follows.
(1) The term “personal information” shall mean information about an individual who has a relationship with IUJ (students, sponsors, trustees, faculty members and staff, alumni, and so on), and which can be used to identify specific individuals by name, date of birth, an individual identification code or other description contained in such information (including information that allows easy reference to other information and will thereby enable the identification of the specific individuals).
(2) The term “personal information database, etc.” shall mean an assembly of information including personal information systematically arranged in such a way that specific personal information can be retrieved by a computer or an assembly of information arranged in accordance with defined rules that enable specific personal information to be easily retrieved with a table of contents, index, etc.
(3) The term “individual identification code” shall mean those able to identify a specific individual that are a character, letter, number, symbol or other codes into which a bodily partial feature of the specific individual has been converted in order to be provided for use by computers or those able to identify a specific individual and those characters, letters, numbers, symbols or other codes that are assigned.
(4) The term “special care-required personal information” shall mean personal information comprising a principal’s race, creed, social status, medical history, and criminal record, fact of having suffered damage by a crime, or other descriptors, and information that reqires special care in handling so as not to cause unfair discrimination, prejudice or other disadvantages to the principal.
(5) The term “anonymously processed information” shall mean information relating to an individual that can be produced by processing personal information so that neither can a specific individual be identified nor can the personal information be restored by deleting a part of descriptions etc. contained in the said personal information (including replacing the said part of descriptions etc. with other descriptions etc. using a method with no regularity that could allow restoration of the said part of descriptions etc.) or by deleting all individual identification codes contained in the said personal information (including replacing the said individual identification codes with other descriptions etc. using a method with no regularity that can restore the said personal identification codes)
(6) The term “personal data” shall mean personal information constituting a personal information database, etc.
(7) The term “retained personal data” shall mean such personal data over which IUJ has the authority to disclose, correct, add or delete content, discontinue use, erase or discontinue its provision to a third party, excluding data that falls into either of the following cases.
- Cases in which the life, body, or property of a person or a third party is likely to be threatened if the presence or absence of the personal data concerned is known.
- Cases in which illegal or unjust acts are likely to be promoted or triggered if its presence or absence of the personal data concerned is known.
- Cases in which national security is likely to be undermined, mutual trust with foreign countries or international organizations is likely to be damaged, or disadvantages in negotiating with other countries or international organizations is likely to be brought about if the presence or absence of the personal data concerned is known.
- Cases in which crime prevention, control, investigation or other maintenance of public safety and order is likely to be impeded if the presence or absence of the personal data concerned is known.
(8) The term “person” shall mean a specific individual identified by personal information.
(Responsibilities)
Article 3-1. IUJ shall recognize that personal information must be handled cautiously under the philosophy of respecting individuals’ personalities, and shall be responsible for taking measures necessary to ensure the proper handling of personal information.
3-2. The faculty and staff, and any other people who are engaged by IUJ shall neither leak personal information obtained in business nor use it for illegitimate objectives. The same shall apply when they are retired.
(Managers)
Article 4-1. IUJ has the following Director and Managers to achieve the objectives in these regulations.
(1)Personal Information Director.
(2)Personal Information Managers.
4-2. The Personal Information Director shall be a Vice President appointed by the President and shall have the primal responsibility and authority for dealing with personal information.
4-3. Personal Information Managers shall be Deans of the Graduate Schools, Directors of the Research Institutes, the Center for Language Education and Research, Secretary General, and the managers of administrative offices, and shall have the responsibility, within their business area, for properly dealing with personal information acquisition, its use, management, and so on.
(Specification of the Purpose of Utilization)
Article 5-1. When handling personal information, IUJ shall specify the purpose of using personal information as much as possible (hereinafter referred to as “Purpose of Utilization”) within a required range for executing work and implementing education and research.
5-2. IUJ shall not change the Purpose of Utilization beyond the scope where the Purpose of Utilization after the change can be reasonably considered to be duly related to that before the change. In this case, the Personal Information Director shall judge whether the change is duly related to the original Purpose of Utilization.
(Restriction by the Purpose of Utilization)
Article 6-1. IUJ shall not handle personal information about a person without obtaining the prior consent of the person, beyond the scope necessary for the achievement of the Purpose of Utilization specified pursuant to the provision of the preceding article. The handling of cases where there is doubts as to whether they are within the Purpose of Utilization shall be confirmed with the Personal Information Director.
6-2. The provisions of the preceding paragraph shall not apply to the following cases:
(1) Cases in which the handling of personal information is based on laws and regulations.
(2) Cases in which the handling of personal information is necessary for the protection of the life, body, or property of an individual and in which it is difficult to obtain the consent of the person.
(3) Cases in which the handling of personal information is especially necessary for improving public health or promoting the sound growth of children and in which it is difficult to obtain the consent of the person.
(4) Cases in which the handling of personal information is necessary for cooperating with a state organ, a local government, or an individual or a business operator entrusted by either of the former two in executing the affairs prescribed by laws and regulations and in which obtaining the consent of the person is likely to impede the execution of the affairs concerned.
(Means of Acquisition)
Article 7. Personal information shall be acquired through legal and fair means.
(Restriction of Acquisition)
Article 8-1. Personal information shall not be acquired for the purpose of investigating matters concerning thought, beliefs, religion, or as a cause for social discrimination.
8-2. Special care-required personal information shall, except in those cases set forth in the following, not be acquired without obtaining, in advance, a principal’s consent.
(1) cases based on laws and regulations
(2) cases in which there is a need to protect human life, body or fortune, and when it is difficult to obtain a principal’s consent
(3) cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a principal’s consent.
(4) cases in which there is a need to cooperate with a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal’s consent would interfere with the performance of the said affairs
(5) cases in which the said special care-required personal information is being opened to the public by a principal, a government organization, a local government, or other persons prescribed by other laws and regulations.
(6) other cases prescribed by cabinet order as equivalent to those cases set forth in each preceding item.
(Measures of acquiring personal information from the person)
Article 9-1. When IUJ acquires such personal information on a person as is written in a document directly from the person (This paragraph shall also apply to records made by electronic, magnetic, or any other method not recognizable to human senses.), IUJ shall expressly show the Purpose of Utilization in advance.
9-2. When IUJ acquires such personal information on a person not by means of a document explained in the preceding article, IUJ shall, except in cases in which the Purpose of Utilization has already been publicly announced, promptly notify the person of the Purpose of Utilization or publicly announce the Purpose of Utilization as soon as possible.
9-3. The provisions of the preceding two paragraphs shall not apply to the following cases:
(1) Cases in which notifying the person of the Purpose of Utilization and/ or publicly announcing it are likely to harm the life, body, property, other rights or interests of the person or a third party.
(2) Cases in which notifying the person of the Purpose of Utilization or publicly announcing it are likely to harm the rights or legitimate interests of IUJ.
(3) Cases in which it is necessary to cooperate with a state organ or a local government in executing the affairs prescribed by laws and regulations and in which notifying the person of the Purpose of Utilization or publicly announcing it are likely to impede the execution of the affairs
(4) Cases in which it is considered that the Purpose of Utilization is clear in consideration of the circumstances of the acquisition.
(Measures for indirectly acquiring personal information)
Article 10-1. When IUJ acquires such personal information indirectly from other sources than the person concerned (including acquiring it from disclosed information), IUJ shall, except in cases in which the Purpose of Utilization has already been publicly announced, promptly notify the person of the Purpose of Utilization or publicly announce the Purpose of Utilization.
10-2. The provisions of the preceding paragraph shall not apply to the following cases:
(1) Cases in which IUJ acquires such personal information from a person who obtained his or her consent in advance to provide it to IUJ.
(2) Cases in which the handling of personal data is entrusted to a third party within the scope necessary to achieve the Purpose of Utilization
(3) Cases in which either of the paragraphs in Article 9-3 is applicable.
(Measures for Changing the Purpose of Utilization)
Article 11. When IUJ changes the Purpose of Utilization, IUJ shall notify the person of the modified Purpose of Utilization or publicly announce it. However, this shall not apply to cases that fall into either Article 9-3 or Article 10-2.
(Notification of personal data management)
Article 12. The Personal Information Managers shall report the contents of personal data, the Purpose of Utilization, etc. to the Personal Information Director when they acquire personal information in their business areas and create personal information databases, etc. The same applies when changes are made to the contents reported.
(Appropriate Management)
Article 13-1. The Personal Information Managers shall take necessary measures to prevent leakage, loss, damage, or tampering, and for other security control of the personal data.
13-2 The Personal Information Managers shall exercise necessary and appropriate supervision over the employees who handle personal data to ensure the security control of the personal data.
13-3 The Personal Information Managers shall endeavor to maintain personal data accurately and in its newest condition within the scope necessary for the achievement of the Purpose of Utilization.
13-4 The Personal Information Managers shall discard or delete personal data promptly and with certainty when IUJ no longer needs to possess it.
(Education and Training)
Article 14. IUJ shall conduct required education and training to those employees who handle personal data to have them recognized their importance of the responsibility and to familiarize them with measures for protecting specific personal data.
(Supervision of Contractors)
Article 15-1. When the Personal Information Managers entrust an individual or a business operator with the handling of personal data in whole or in part, they shall exercise necessary and appropriate supervision over the Contractors to ensure the security control of the entrusted personal data.
15-2 In the case of the preceding paragraph, a contract or equivalent agreement entrusting the handling of personal data shall mention the following listed items. Some exceptions may apply if they are considered unnecessary according to the nature of the contract.
(1) Contractors shall not leak or thieve personal information accessible by handling personal data.
(2) When reconsigning the handling of personal data, Contractors shall report it to IUJ in writing.
(3) Contract period.
(4) Contractors shall return, discard or delete personal data in a proper and safe way after achieving the Purpose of Utilization.
(5) Prohibition or restriction of processing (except processing within the contract) and manipulation of the personal data by the Contractors.
(6) Prohibition of making copies (except those within the contract including backups required for security control etc.) of personal data by the Contractors.
(7) Reporting to IUJ in the case of accidents including leakage of personal data by the Contractors.
(8) Responsibility of Contractors in the case of accidents including leakage of personal data by the Contractors.
(Supervision over External Personnel)
Article 16. Article 15 paragraph 1 shall apply as soon as possible when IUJ accepts personnel from outside IUJ to carry out work that includes the handling of personal information.
(Measures in the case of leakage detection)
Article 17-1. Faculty and Staff members of IUJ shall report to the Personal Information Managers as soon as possible when they find leakage, loss, or damage of personal data, or for the sake of security any other problematic or unjustified use of personal data.
17-2 Right after receiving a report, according to the preceding paragraph, Personal Information Managers shall report the leakage to the Personal Information Director, discuss the issue, and take necessary and appropriate measures against it.
17-3 The Personal Information Director shall convene the committee for protection of personal information as needed to deal with issues in the preceding paragraph.
17-4 If the report received pursuant to Paragraph 2 falls under any of the items stipulated in the Rules of the National Personal Information Protection Commission as a case that is highly likely to cause harm to the rights and interests of individuals, the Personal Information Director shall, in accordance with the said Rules, report the content, circumstances, damage status, etc. of the case to the National Personal Information Protection Commission (hereinafter referred to as the “National Commission”) and to the relevant government ministries and agencies.
17-5 The Personal Information Managers shall analyze the cause of the incident and take necessary measures to prevent recurrence, and shall take measures such as notifying the individual concerned of the occurrence of the incident and publicizing the facts and measures to prevent recurrence, after consulting with the Personal Information Director, as provided for in the Rules of the National Commission.
(Restriction of Provision to A Third Party)
Article 18-1. IUJ shall not, except in cases where Article 6-2 applies, provide personal data to a third party without obtaining the prior consent of the person.
18-2. With respect to personal data intended to be provided to a third party, where IUJ agrees to discontinue, at the request of a person, the provision of such personal data as will lead to the identification of the person, and where IUJ, in advance, notifies the person of the matters listed in the following items or put those matters in a readily accessible condition for the person, IUJ may, notwithstanding the provisions of the preceding paragraph, provide such personal data, excluding special care-required personal information, to a third party by sending notification to the Personal Information Protection Commission set up by the nation.(hereinafter called “Opt-out procedure”)
(1) The fact that the provision to a third party is the Purpose of Utilization
(2) The items of the personal data to be provided to a third party
(3) The means or method of provision to a third party
(4) The fact that the provision of such personal data as will lead to the identification of the person to a third party will be discontinued at the request of the person
(5) A method of receiving a principal’s request
18-3. When IUJ changes a matter listed in Article18-1-2 (2) or (3), IUJ shall, in advance, notify the person of the content of the change or put it in a readily accessible condition for the person.
18-4. In the following cases, those receiving such personal data shall not be deemed a third party for the purpose of applying the provisions of the preceding three paragraphs.
(1) Cases in which a section that has acquired personal data uses it within the scope necessary for the achievement of the Purpose of Utilization.
(2) Cases in which IUJ entrusts the handling of personal data in whole or in part within the scope necessary for the achievement of the Purpose of Utilization.
(3) Cases in which personal data is used jointly between IUJ and specific individuals or entities and in which this fact, the items of the personal data used jointly, the scope of the joint users, the purpose for which the personal data is used by them, and the name of the individual or business operator responsible for the management of the personal data is, in advance, notified to the person or put in a readily accessible condition for the person
18-5. When IUJ changes the purpose for which the personal data is used or the name of the individual or business operator responsible for the management of the personal data as provided in Article 18-4 (3), IUJ shall, in advance, notify the person of the content of the change or put it in a readily accessible condition for the person.
18-6. When Personal Information Managers do the Opt procedure based on Article 18-1-2, they must produce those documents that need to be submitted to the Personal Information Protection Commission and submit them to the Personal Information Director.
18-7. When the Personal Information Director has received the documents, he or she must carry out the Opt procedures without delay.
(Confirmation and Keeping a record on necessary information)
Article 18.2-1. When having provided personal data to a third party, the Personal Information Managers shall keep a record of the date of the personal data provision, the name or appellation of the third party, a contact address, items of personal data provided, and other matters and shall have them properly preserved for three years.
18.2-2. When having received personal data from a third party, the Personal Information Managers shall confirm the date of the personal data receiving, the name or appellation of the third party, a contact address, circumstances and ways under which the said personal data was acquired by the said third party, and items of received personal data, and other matters. The Personnel Information Manager, shall make a record of the receipt, and shall properly preserved them for three years.
18.2-3. In those cases set forth in the following, Article 18-2-1 and 18-2-2 shall not apply.
(1) cases based on laws and regulations
(2) cases in which there is a need to protect human life, body or fortune, and when it is difficult to obtain a principal’s consent
(3) cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a principal’s consent.
(4) cases in which there is a need to cooperate with a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal’s consent would interfere with the performance of the said affairs
(5) cases in which personal data is provided accompanied by a personal information handling business operator entrusting a whole or part of the handling of the personal data within the necessary scope to achieve a utilization purpose
(6) cases in which personal data is provided accompanied with business succession caused by a merger or other reason
(7) cases in which personal data to be jointly utilized by a specified person is provided to the specified person, and when a principal has in advance been informed or a state has been in place where a principal can easily know to that effect as well as of the categories of the jointly utilized personal data, the scope of a jointly utilizing person, the utilization purpose for the utilizing person and the name or appellation of a person responsible for controlling the said personal data.
18.3. IUJ shall, if providing personal data to a third party in a foreign country (meaning a country or region located outside the territory of Japan; hereinafter the same) in advance obtain a principal’s consent to the effect that he or she approves the provision to a third party in a foreign country. This, however, shall not apply in cases that fall under Article 6-2 or under either of the following items.
(1) cases in which a third party in a foreign country establishes a personal information protection system recognized to have equivalent standards to that in Japan in regard to the protection of an individual’s rights and interests.
(2) cases in which a third party establishes a system conforming to standards as necessary for continuously taking action equivalent to those that a personal information handling business operator would take concerning the handling of personal data.
(Public Announcement of Matters Concerning Retained Personal Data, etc.)
Article 19. With respect to retained personal data, IUJ shall put the matters listed in the following items in an accessible condition for the person (including cases in which a response is made without delay at the request of the person)
(1) The name of the Educational Corporation, address and the name of the representative of the corporation.
(2) The Purpose of Utilization of all retained personal data (except in cases falling under any of items (1) to (3) of Article 9-3.
(3) Procedures for meeting requests made pursuant to the provisions of the Article19-2, paragraph 1 of the next article, paragraph 1 of Article 21, or paragraph 1 or paragraph 2 of Article 22.
(4) Measures taken for the secure management of retained personal data in accordance with Article 13 (excluding measures that may hinder the secure management of said retained personal data by placing it in a condition known to the Individual Concerned (including cases in which a response is made without delay in response to a request by the Individual Concerned)).
The section receiving consultation requests related to handling of retained personal information
19-2. When IUJ is requested by a person to notify him or her of the Purpose of Utilization of such retained personal data that lead to the identification of the person concerned, IUJ shall meet the request without delay. However, this provision shall not be applied to cases falling under either of the following items:
(1) Cases in which the Purpose of Utilization of such retained personal data that leads to the identification of the person concerned is clear pursuant to the provision of the preceding paragraph.
(2) Cases falling under any of items (1) to (3) of paragraph 3 of Article 9
19-3. When IUJ has decided not to notify a person about the Purpose of Utilization of such retained personal data, IUJ shall notify the person of that decision in writing without delay.
(Disclosure)
Article 20. When IUJ is requested by a person to disclose such retained personal data as may lead to the identification of the person (Such disclosure includes notifying the person that IUJ has no such retained personal data as may lead to the identification of the person concerned. This shall apply hereinafter.), IUJ shall disclose the retained personal data without delay by a method prescribed by a Cabinet Order. However, if any of the following items apply, IUJ may keep all or part of the retained personal data undisclosed:
(1) Cases in which disclosure is likely to harm the life, body, property, other rights or interests of the person or a third party
(2) Cases in which disclosure is likely to seriously impede the proper execution of the business of IUJ.
(3) Cases in which disclosure violates other laws and regulations.
20-2 The disclosure shall be made in writing (or by a method agreed upon with the Requester).
20-3. When IUJ has decided not to disclose all or part of such retained personal data as is requested pursuant to the provision of the Article 20-2, IUJ shall notify the person of that effect without delay in writing.
(Correction, etc.)
Article 21. When IUJ is requested by a person to correct, add, or delete such retained personal data as may lead to the identification of the person on the grounds that the retained personal data is contrary to facts, IUJ shall make the necessary investigation without delay, correct, add, or delete the retained personal data on the basis of the results.
21-2. When IUJ has corrected, added, or deleted all or part of the retained personal data or has decided not to make such correction, addition, or deletion, IUJ shall notify the person to that effect (including the content of the correction, addition, or deletion if performed) without delay.
(Discontinuance of Utilization, etc.)
Article 22. When IUJ is requested by a person to discontinue using or to erase such retained personal data as may lead to the identification of the person on the ground that the retained personal data is being handled in violation of Article 6 or Article 7, and the violation is confirmed, IUJ shall discontinue using or erase the retained personal data concerned without delay to the extent necessary for redressing the violation. However, this provision shall not be applied to cases in which it costs a large amount or is otherwise difficult to discontinue using or to erase the retained personal data and in which the IUJ takes necessary alternative measures to protect the rights and interests of the person.
22-2 When IUJ is requested by a person to discontinue providing to a third party such retained personal data as may lead to the identification of the person on the ground that the retained personal data is being provided to a third party in violation of paragraph 1 of Article 18, and where the violation is confirmed, IUJ shall discontinue providing the retained personal data to a third party without delay. However, this provision shall not be applied to cases in which it costs large amount or otherwise difficult to discontinue providing the retained personal data concerned to a third party and in which IUJ takes necessary alternative measures to protect the rights and interests of the person.
22-3 Where a request for suspension of use or suspension of provision to a third party of retained personal data that identifies the Individual Concerned is made because the rights or legitimate interests of the Individual Concerned are likely to be impaired by the handling of the retained personal data, and it is found that there is a reason for such request, the Educational Corporation shall, to an extent necessary to prevent the infringement of the rights and interests of the Individual Concerned, without delay, suspend use of the retained personal data concerned or suspend provision to a third party of the retained personal data. However, this shall not apply where the suspension of use or suspension of provision to a third party of said retained personal data would require a large amount of cost, or where it is difficult to carry out the suspension of use, or suspension of provision to a third party and alternative measures necessary to protect the rights and interests of the Individual Concerned are taken.
22-4 IUJ has discontinued using or has erased all or part of the retained personal data or has decided not to discontinue using or not to erase the retained personal data or when IUJ has discontinued providing all or part of the retained personal data to a third party as requested under the provision of the preceding paragraph or has decided not to discontinue providing the retained personal data to a third party, IUJ shall notify the person of that effect without delay.
(Procedure of disclosure, etc.)
Article 23 When making a request as per Article 19-2, Article 20-1, Article 21-1 or Article 22-1 or 2 (hereinafter referred to as “Request for disclosure”), a person shall provide his or her identification, fill out required items in a designated application form and submit it to the Personal Information Managers
23-2 The Personal Information Managers may request that the person present sufficient items to identify the retained personal data in question.
23-3 A person may make requests for disclosure and other matters through a representative.
(Establishment of IUJ personal information protection committee)
Article 24 For the purpose of deliberating important matters concerning protection of personal information by IUJ, an IUJ Committee for personal information protection (hereinafter referred to as the “Committee”) shall be established.
(Matters for Deliberation by the personal information protection committee)
Article 25 The Committee shall deliberate the following matters.
(1) Matters related to university-wide policies concerning protection of personal information.
(2) Matters raised by Personal Information Managers as to acquisition, usage, offers, disclosure, correction, discontinuance of use, etc. of personal information
(3) Other important matters regarding personal information protection
(Organization)
Article 26 The Committee shall be composed of the following members.
(1) Personal Information Director
(2) Executive Trustee
(3) The Deans, the Director of the IUJ Research Institute, the Director of the IUJ Center for Language Education and Research, the Director of the Matsushita Library and Information Center, the Director of the IUJ Global Communication Center.
(4) Secretary General, Manager of the office of General Affairs.
(Chairperson and vice-chairperson)
Article 27 The Committee shall have a chairperson and a vice-chairperson.
27-2 The role of chairperson is assumed by the Personal Information Director, and the vice-chairperson is elected from among the committee members.
27-3 The chairperson shall preside over the affairs of the Committee.
27-4 The vice-chairperson shall support the chairperson, act on behalf of the chairperson in emergencies, and conduct the duties of the chairperson when appropriate.
(Meetings)
Article 28 The Committee meetings shall be convened by the chairperson.
28-2 The Committee meetings may not be held or make any decisions unless the majority of the committee members are present.
28-3 Decisions of the Committee shall be made by a majority of those present, and in case of a tie vote, the chairperson shall make the final decision.
28-4 When the Committee finds it necessary, the Committee may ask an opinion of a person who is not a committee member.
(Division in Charge)
Article 29 The Office of General Affairs shall be in charge of the Committee.
(Petition of objection)
Article 30 Any person, who is dissatisfied with a decision made by IUJ pursuant to the provisions of Article 19-3, Article 20-2, Article 21 paragraph-2, or Article 22-3, may apply for a petition to the Committee.
30-2 When filing a petition made pursuant to the provisions of the preceding paragraph, the person shall provide his or her identification and submit a document, which contains information required for the petition, to the Committee via the Personal Information Manager of the section that possesses and manages the personal information concerned.
30-3 When a petition is made under the preceding paragraph, the Committee shall promptly organize an Appeal Examination Board (hereinafter referred to as “The Board”) and conduct the necessary investigation. When necessary, the Board may ask a petitioner, faculty, staff or other relevant members of sections concerned to attend the Board meeting, and listen to their opinions or explanations.
30-4 After finishing the investigation, the Board shall notify the petitioner in writing of the results (including any corrective measures IUJ will take in response to the petition.
30-5 The Board shall report the results of the preceding investigation to the Committee.
30-6 Other necessary matters concerning the Board shall be decided by the Committee.
(Indemnity)
Article 31 In accordance with IUJ working regulations, IUJ may punish those who cause damages to IUJ by violating those regulations, leakage of personal information and/or using personal information for illegitimate objectives, and may claim compensation.
(Interpretation of this regulation)
Article 32 when questions arise how to interpret these regulations, the Committee shall decide them.
(Production of Anonymously Processed Information)
Article 33 IUJ shall process personal information, when producing anonymously processed information, to make it impossible to identify a specific individual and restore the personal information used for the production.
33-2 IUJ shall take action for the security control of such information, when having produced anonymously processed information, to prevent the leakage of information relating to those descriptions etc. and individual identification codes deleted from personal information used to produce the anonymously processed information, and information relating to the processing method carried out pursuant to the provisions of the preceding paragraph.
33-3 IUJ shall disclose to the public the categories of information relating to an individual contained in the anonymously processed information when having produced anonymously processed information.
(Provision of Anonymously Processed Information)
Article 34 When providing anonymously processed information to a third party, IUJ shall, in advance, disclose to the public the categories of personal information contained in anonymously processed information to be provided to a third party and state to the third party explicitly that the provided information is anonymously processed information.
(Prohibition against the Act of Identifying)
Article 35 In handling anonymously processed information, IUJ shall neither acquire information relating to those descriptions, individual identification codes deleted from the personal information and information relating to a processing method carried out pursuant to the provisions of Article 33, nor collate the said anonymously processed information with other information in order to identify a principal concerned with personal information used to produce the anonymously processed information.
(Security Control Action etc.)
Article 36 IUJ shall strive to take necessary and appropriate action for the security control and proper handling of anonymously processed information such as dealing with a complaint about the handling of anonymously processed information, and shall strive to disclose to the public the contents of such action taken.
ADDITIONAL REGULATIONS
These regulations shall be made effective from January 7, 2015.
ADDITIONAL REGULATIONS
These regulations shall be revised on May 31, 2018 and be made effective retroactively from May 30, 2017.
(Changes pursuant to revised Act on the Protection of Personal Information to add related provisions)
ADDITIONAL REGULATIONS
These regulations shall be revised on May 19, 2023.
(Changes pursuant to revised Act on the Protection of Personal Information to add or modify related provisions)
Contact
Questions regarding protection of personal information at IUJ, please contact:
Office of General Affairs
e-mail:oga@iuj.ac.jp
Tel: +81 (25) 779-1111
Fax: +81 (25) 779-4441