Personal Information Protection Principles
(Revision on March 27, 2019)
Dentsu Creative X Inc. (hereinafter referred to as the "Company") may receive the "information" of our business partners including advertisers, not only for advertisement production but also for creative content production business that develops by integrating with digital technology. In its business, the Company believes that it is indispensable to balance utilization and protection of "personal information" among "information" handled by the Company.
The Company declares its commitment to managing and protecting personal information through this "Personal Information Protection Principles" in compliance with "Act on the Protection of Personal Information" (Act No. 57 of May 30, 2003), "Guidelines Pertaining to the Act on the Protection of Personal Information" (Personal Information Protection Commission Notification No. 6 to 9 of 2016) , "The General Data Protection Regulation (EU) 2016/679; GDPR"（REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC（General Data Protection Regulation），hereinafter referred to as the " GDPR "）and other applicable laws and regulations.
Handling of Personal Information
- The Company shall obtain personal information specified in Article 2, Paragraph 1 of the Act on the Protection of Personal Information in a fair and appropriate manner for the purposes defined within the range described in Table 1. Should there be any kind of personal information outside the list of "Types of Personal Information" in Table 1, such information will be put to use after the purpose of each use is made known or publicized and upon consent of the relevant individual(s) if necessary.
- Regarding the personal information entrusted to us by our business partners, including the advertiser, in order to carry out the work entrusted to us by the advertiser, the Company must confirm the scope of use and the scope of responsibility and shall handle them properly in accordance with our regulations and request of the business partner.
- The Company shall implement security measures to manage and prevent leakage and other mishandling of personal information by specific actions including maintaining and improving its internal information management system, educating and inspiring its employees, controlling access to office spaces, IT security measures and so forth. Also, personal information that is no longer to be retained shall be destroyed or deleted in a secure and appropriate manner.
- When outsourcing the work related to personal information, the Company will sufficiently examine the eligibility of the outsourced party, conclude a contract with the outsourced party that stipulates the obligations of the outsourced party in handling personal information, require the outsourced party to handle personal information appropriately, and continue to perform the necessary supervision and audits to ensure the safe management of personal information.
- The Company shall not, in principle, disclose and/or provide personal information to any third parties. If any such disclosure and/or provision of personal information should be conducted, it is to be done appropriately and in compliance with the relevant laws.
- The Company may share personal information on occasions such as seminars conducted jointly with a group company(s) of Dentsu Group and/or with other company(s) in a business relationship with the Company. On such an occasion, the Company shall inform and/or publicize the purpose of its use, the kind of personal information to be used, with whom the personal information would be shared, and the person in charge prior to the event. The Company shall also make sure that all participating companies take the strictest of security measures.
- Any request or inquiry regarding the source and method of acquisition of personal information which the Company obtained, as indicated in Table 1, can be addressed to the contact person to whom the relevant personal information was originally given or to the Contact information of the Company. Then, the Company will provide the specific procedure of the request form and the required fee. Upon a formal request, the requester will be asked to present personal identification or proof of representation of the relevant individual. The Company does not currently participate in an authorized personal information protection organization.
- The Company shall strictly abide by any and all applicable laws and regulations, contracts and other policies pertaining to protection of personal information.
- The Company shall continuously evaluate and improve its personal information management system, including this Personal Information Protection Principles, to reflect any changes in the demands of its business partners as well as those of the social environment and thus maintain its standard of excellence in handling and protecting personal information.
Personal Information to Be Obtained Directly by the Company
|Type of Personal
|Purpose of Use||Method of
|Scope of Outsourcing|
|Personal Information of Clients and Business Partners.||Invitation and/or communication of the services including proposals, special offers, seminars, questionnaires, etc.||Obtain directly from individual (via business card, email, etc.).||Yes||Delivery of invitation letters, operation of events and seminars.|
|Delivery of publications, newspapers, seasonal greetings, etc.||Yes||Delivery of documents.|
|Visitors at the Company's Offices.||Notification of arrival of the visitor to the person visited and gatekeeping at office entrances.||Obtain directly from individual.||Yes||Reception and related services.|
|Personal Information of People Who Make Inquiries to the Company.||Handling of inquiries, requests, complaints, etc.||Obtain directly from individual (via telephone, email, fax, letter, etc.).||No||-----|
|Personal Information of Job Applicants for the Company.||Operation and communication of job posting, recruitment and screening. Survey for the purpose of future recruitment activities. Personnel database after enrollment.||Obtain directly from individual.||Yes||Operations of recruitment activities including screening, scheduling, communication and execution/tabulation of survey.|
|Personal Information of Employees of the Company.||Organization of business operations and business development activities (details announced separately internally).||Obtain directly from individual.||Yes||Application differs case by case (announced separately internally).|
Handling of Anonymized Processing Information
The Company shall stipulate the handling of "anonymously processed information" as set forth in the Act on the Protection of Personal Information, as follows:
Compliance with Related Laws
The Company will properly handle the anonymously processed information in compliance with the Act on the Protection of Personal Information, other laws and regulations, the Guidelines Pertaining to the Act on the Protection of Personal Information, and other guidelines.
Items of Personal Information Included in Anonymously Processed Information Prepared by the Company.
The Company has not prepared anonymously processed information at the time of the formulation of "Personal Information Protection Principles". In the future, when the Company creates anonymously processed information, the Company shall announce the items of personal information contained in the anonymously processed information, as provided for in the rules of the Personal Information Protection Committee.
Security Control Measures
In the future, when the Company prepares the anonymously processed information, it will take necessary and appropriate safety control measures to prevent leakage, loss, or damage in accordance with the standards set forth in the Rules of the Personal Information Protection Commission.
Provision to Third Parties
The Company has not provided the anonymously processed information to any third party at the time of the formulation of this "Personal Information Protection Principles". In the future, when the Company provides the anonymously processed information to a third party, in accordance with the Rules of the Personal Information Protection Commission, the items of personal information contained in the anonymously processed information provided to a third party and the method of provision thereof shall be publicized in advance, and the fact that the information pertaining to said provision is anonymously processed information shall be clearly indicated to said third party.
Prohibition of Identifying Acts
When handling anonymously processed information, the Company shall neither (i) acquire the descriptions or individual identification codes deleted from personal information, or information relating to a processing method carried out in the process of producing the anonymously processed information, nor (ii) collate such anonymously processed information with other information in order to identify a principal who could be identified based on the anonymously processed information.
Handling of EU Resident Data
The Company shall stipulate the handling of information that identifies, or could be used to identify, residents in the European Union (hereinafter referred to as "EU resident data") including Iceland, Liechtenstein and Norway (hereinafter referred to as "EU") based on the European Union Member States and the European Economic Area Agreement. Each natural person who is a subject of the EU resident data shall be referred to as an "EU resident data subject", as follows. The provisions of 3 (Security measures), 8 (Compliance with laws and regulations) and 9 (Continuous improvement) of " Handling of Personal Information,” apply to the handling of data of an EU resident.
As "Data Controller"
In the event that the Company handles EU resident data as a "Data Controller" in GDPR, the Company shall clearly indicate to the EU resident data subject the purpose of handling the EU resident data as well as other GDPR matters to be notified, and shall obtain the express consent of the EU resident data subject to the use thereof, unless there is a legal basis for handling such data without consent of the subject. Explanations when obtaining consent shall be stated in a clear and plain language and will be clearly distinguishable from other matters in a form that is easy to understand and easily accessible.
Record of consent
The Company shall retain records to enable consent to the handling of EU resident data obtained from EU resident data subjects, to be presented upon request for proof of their consent.
Requests from EU resident data subject
With respect to the data of EU residents handled by the Company, the Company shall respond in accordance with the provisions of the GDPR when a data subject exercises its rights under GDPR.
As "Data Processor"
If the Company handles the EU resident data as a "Data Processor" in GDPR, the Company shall appropriately handle the relevant EU resident data in accordance with the instructions of Data Controller of the relevant EU resident data.
For requests and inquiries regarding the exercise of rights recognized as a data subject in GDPR, please contact the following address with respect to the EU resident data handled by the Company as a Data Controller in GDPR.
In responding to your request, the Company will confirm that you are the principal or the representative of the principal.
- Data Protection Officer and contact information:
Dentsu Creative X Inc.,
1-2-5 Higashi-Shimbashi, Minato-ku, Tokyo, JAPAN
This site is getting access status.
- Though the Company has acquired logs regarding the access status to this website, the acquired log information does not include information that can identify an individual.
- Though the Company uses the access log for maintenance management of the homepage and statistical analysis of the usage status, the Company does not use it for any other purpose.
March 27, 2019
Dentsu Creative X Inc.
Shunsuke Matsuki, Representative Director