As an academic institution whose duty is to contribute to the higher education of the country, Hosei University occasionally acquires, uses and manages personal information, which for the purposes of this policy is defined as information on individual persons, information which allows identification of specific individuals or information which can be easily compared or verified with other information in order to identify specific individuals. When acquiring, using or managing personal information as described in the preceding paragraph, the university strictly observes all laws, ordinances and regulations related to the protection of personal information including the "Personal Information Protection Law", and in addition to protecting said information, respects the intentions of the relevant individual to the greatest extent possible, and implements the following measures with the firm belief that the appropriate handling of personal information is a societal obligation.
Protection and Measures for the Safe Management of Personal Information
- The university shall strictly observe all laws, ordinances and regulations related to the protection of personal information including the "Personal Information Protection Law".
- The university shall carry out strict management for the protection and use of personal information.
In addition to implementing audits on personal information protection, the university shall continually promote and plan the reform and improvement of school systems related to the use of personal information. In the event the university charges an external contractor with the handling of personal information, the university shall carry out strict management and supervision of said external contractor.
- The university shall establish a set of personal information protection provisions and other internal regulations on personal information and carry out training and education for university staff to ensure that all university staff thoroughly implements personal information protection measures.
- The university shall maintain continuous awareness of the existence of risks related to the management of any personal information in the university's possession, these risks include but are not limited to illegal access, leakage, destruction, and compromise of personal information and shall implement both human and physical safety measures to protect against these risks.
Handling of Personal Information
Purposes for which Acquired Personal Information may be Used
In the event the university collects personal information when required, the purposes for which said information will be used shall be made explicitly clear, the scope of use of said information shall be limited to that required to fulfill the purpose(s) for which it was collected, and all other appropriate handling measures shall be implemented.
In the event that the purpose for which collected personal information is to be used is changed, such changes shall only be initiated if the new purpose(s) are related to the original purpose(s) within a reasonable scope of variation, and the party to whom the information applies shall be notified of any such changes.
Provision to Third Parties
The university shall not, except in the situations stipulated in items (1) through (6) below, provide personal data (personal information which composes a "personal information database" or other sources) to any third parties without the prior consent of parties to whom the data applies.
In addition, personal information which does not fall under the category of being "personal data" shall still be handled in accordance to the standards used for handling personal data to the greatest extent possible.
- When information is handled according to applicable laws
- When required for the protection of an individual's life, or physical/financial welfare and obtaining the authorization of the individual is difficult or impossible
- When specifically required for the advancement of public health or the healthy upbringing of children and obtaining the authorization of the individual is difficult or impossible
- When required to cooperate with national or municipal entities or contractors consigned by said entities to carry out work or activities stipulated by law and when obtaining the authorization of the relevant individual will hinder the operations of said entities
- When disclosed in accordance with the university's "Personal Information Disclosure Guidelines"
- When the individual has "opted out" as provided for in the Personal Information Protection Law