Privacy Policy

Personal Information Protection and Privacy Policy

Mitsui & Co. HRD Institute (hereinafter referred to as “the Company”) complies with the Act on the Protection of Personal Information and related laws and regulations, manages personal information properly, and handles the information as follows.

1. Collection and use of personal information
When collecting personal information, the Company shall publicly announce or inform the purpose of use (including issuing a public announcement in accordance with this Personal Information Protection and Privacy Policy [hereinafter referred to as the “Policy”]). In addition, when obtaining personal information directly from the person named in a contract or other documents (including electronic records), the Company shall clearly state the purpose of use in advance and obtain the information in a lawful and fair manner.
The Company shall use personal information appropriately within the scope necessary to achieve the purpose of use.

2. Purpose of use of personal information
The Company shall use personal information for the following purposes.
(1) Personal information related to customers
Purpose of use
• Customer identification and personal authentication
• Distribution of documents, invoices, etc. related to the following operations:
. Planning and implementation of education and training programs, as well as examinations for Mitsui & Co., Ltd. (“Mitsui & Co.”) and its group companies
. Consultation on human resource development and organizational development
. Joint research with universities, joint projects with university seminar members
. Foreign language translation, correction and editing of English-language documents
• Responding to, verifying, and recording customer inquiries, consultations, complaints, and support requests
• Development of training and translation services and other service improvements and enhancements
• Advertisement and provision of information on training, translation services, etc. by invitation letter, e-mail, etc. (*1 and *2)
• Analysis of personal attribute information and viewing history, etc. obtained by the Company to understand customer demand, etc. (*2)
• Provision of the Company’s training and translation services to customers in a secure manner. This includes detecting and notifying users who are violating the Terms of Use, and investigating, identifying, preventing, and responding to fraudulent activities, such as unauthorized access and fraudulent use of the services.
A technology for recording and managing the web-browsing information of customers on their computers and application software is called cookies. The Company uses cookies to provide a better online experience for customers.

*1 The Company analyzes information obtained from customers, such as website browsing history, in order to provide services, etc.
*2 There are cases in which the Company may use customer requests, browsing history, and other information obtained from third parties by linking it to personal information already obtained by the Company about the customer. In such cases, the Company shall obtain prior consent from the customer and use the information within the scope of the purposes of use listed above.
(2) Personal information related to business partners (or their officers and employees in the case of corporate clients)
Purpose of use
• To make necessary business contacts, execute contracts, conduct business negotiations, etc.
• To manage business partner information
(3) Personal information related to shareholders (or their officers and employees in the case of a corporate shareholder)
Purpose of use
• Exercise of rights and performance of obligations under the Companies Act
• Management of shareholders, including preparation of records in accordance with various laws and regulations
• Distribution of company information, etc.
(4) Personal information related to recruitment applicants and other types of applicants
Purpose of use
• Internship and career education planning and management services (including for use in questionnaires, etc. for future reference)
• Employment screening operations (including for use in questionnaires, etc. for reference in future recruitment activities)
• For those who are selected for employment as a result of the selection process, use of the application information as personnel information of the Company after new employees join the Company
• For contacting applicants and providing them with information on future employment opportunities (mid-career hiring, etc.) at the Company
• For providing information on health examinations at the time of hiring, onboarding procedures, etc.
• As reference for the Company’s future recruitment activities and other tasks related to or incidental to employment screening, entry into the Company, etc.
(5) Personal information related to employees
Purpose of use
• Communication with employees regarding business operations
• Payment of compensation (wages, bonuses, benefits, etc.) to employees, performance of personnel and labor management tasks, and provision of benefits
• Health management for employees

3. Sharing of personal information
The Company may share the provided personal information as follows:
(1) Personal information items
Name, address, postal code, telephone number, fax number, e-mail address, etc. of the person concerned
(2) Scope of shared use of personal information
Mitsui & Co. and affiliated companies listed on Mitsui & Co.’s annual securities report
(3) Purpose of use
The information shall be shared within the scope of and the purpose of use described in “Personal information related to customers” in 2(1). above.
(4) The Company’s name, address, representative, etc. responsible for the management of personal data
Mitsui & Co. HRD Institute
Tadashi Sano, President
JA Building 22F, 1-3-1 Otemachi
Chiyoda-ku, Tokyo 100-8631, Japan

4. Provision of personal information to third parties
The Company shall not provide personal information to any third party except in the following cases:
• When prior consent for sharing the information is obtained from the person concerned
• When operations are outsourced within the scope necessary to achieve the purpose of use
• When required by law to provide the information
• When it is necessary to protect the life, well-being, or property of an individual and it is difficult to obtain the consent of the person concerned
• When there is a particular need to improve public health or to promote the sound development of children and it is difficult to obtain the consent of the person concerned
• In cases where it is necessary to cooperate with national or local governments in the execution of their legally prescribed duties, and where obtaining the consent of the person concerned may impede the execution of such duties

5. Matters concerning safety control measures
The Company shall take necessary and appropriate security control measures for the management of personal data (including personal information that has been obtained or is about to be obtained and which the Company intends to handle as personal data), including the prevention of leakage, loss, or damage thereof. In addition, the Company shall exercise necessary and appropriate supervision of employees and contractors (including subcontractors, etc.) who handle personal data. The security control measures for personal data are specifically stipulated in a separate document, “Rules on Personal Information Protection”, the main contents of which are as follows.

[Establishment of personal information protection policy]
• To ensure the proper handling of personal data, the Company has established the Policy (Personal Information Protection and Privacy Policy) regarding “Compliance with Related Laws, Regulations, Guidelines, Etc.,” “Contact for Questions and Complaints,” etc.

[Establishment of discipline in the handling of personal data]
• The “Rules on Personal Information Protection” have been established to stipulate handling methods, responsible persons/persons in charge, and their duties for each stage of personal information acquisition, use, storage, provision, deletion/disposal, etc.

[Organizational security management measures]
• In addition to appointing a person responsible for the handling of personal data, the Company specifies the employees who handle personal data and the scope of personal data handled by such employees, and maintains a system for reporting to the person responsible for handling personal data in the event of the discovery of a violation or indication of a violation of the Act on the Protection of Personal Information or “Rules on Personal Information Protection”.
• The status of the Company’s handling of personal data is subjected to third-party audits and periodic self-inspections.

[Human security management measures]
• Regular training is provided to employees on points to bear in mind regarding the handling of personal data.
• Confidentiality issues regarding personal data are included in the employment regulations.

[Physical security management measures]
• In the locations where personal data is handled, access by employees is controlled and restrictions are in place for the equipment they are allowed to bring in, and measures are taken to prevent unauthorized persons from accessing personal data.
• Measures are taken to prevent theft or loss of equipment, electronic media, and documents containing personal data, as well as to ensure that personal data is not easily made known when such equipment, electronic media, etc. are moved, including within the business site.

[Technological security management measures]
• Access control is implemented to limit the scope of persons in charge and the handling of personal information databases.
• The Company has implemented the following security measures and other mechanisms to protect information systems that handle personal data from unauthorized external access or unauthorized software deployment.
(1) SSL security
The Company uses secure socket security (SSL) to encrypt personal information or takes similar security measures for its website to ensure that the personal information provided by customers is not intercepted or stolen by third parties while being sent or received
(2) Use of cookies
To enable the customer to have a better online experience while using the Company’s website, the Company may transmit data known as cookies, which identify the computer a customer is using, and store the cookies on the hard drive of said computer. Note that the cookies used on the Company’s website do not save any personal information of customers, and, furthermore, the Company shall never use cookies for the purpose of obtaining any private information from customers. Customers may choose to refuse cookies by adjusting the settings of the internet browser software they use.

[Understanding the external environment]
• When handling personal data on servers located in foreign countries, the Company always obtains the latest information on the personal information protection systems of those countries and takes security control measures in accordance with the particulars of those systems.

6. Handling of personal information for each product, service, and business
• The Company may stipulate the purpose of use of personal information, provision of personal information to third parties, contact information, etc., for each product, service, or business, and the handling of such personal information on an individual basis.
• In such cases, if there are any provisions that differ from the Policy, or any special provisions, the provisions regarding the handling of personal information stipulated for each product, service, or business concerned shall take precedence.

7. Request for disclosure of personal information
When the Company receives a request for reference, correction, suspension of use, deletion, etc. of personal information, the Company shall promptly respond to the request after confirming the identity of the individual in accordance with the prescribed procedures.

1) For inquiries regarding the disclosure, modification, deletion of the personal information and third-party provision records of said information, or other such request, please first send the Company a postcard or sealed letter by postal mail to the Contact for Inquiries Concerning Personal Information, informing us of the following.
Information to be included on the postcard or in the sealed letter:
. Name of the individual and address to where the “Request Form for Disclosure, Etc.” should be sent
. Please briefly state that you wish to receive a “Request Form for Disclosure, Etc.”
Where to send postcards and sealed letters
. Please send the postcard or sealed letter by postal mail to the Company to the attention of the Contact for Inquiries Concerning Personal Information, at the address provided above.
The Company asks that such inquires be submitted by postcard or sealed letter to ensure that the “Request Form for Disclosure, Etc.” is sent out correctly. Thank you for your understanding.
2) Based on the above communication, the Company shall send to the inquirer the “Request Form for Disclosure, Etc.” and the “Instructions.”
3) Upon receiving the “Request Form for Disclosure, Etc.”, please fill in the necessary items and send it back to the Company by postal mail to the Contact for Inquiries Concerning Personal Information, enclosing documents for identification as specified in the “Instructions”.
4) The Company shall reply after confirming the details of the request.
• A fee may be charged for disclosure, etc., depending on the nature of the request.
• In the case of a request for disclosure, etc., by a proxy, please enclose a written authority signed by the person in question as prescribed in the “Instructions”.

8. Contact for Inquiries Concerning Personal Information

CPO Administrative Office (Contact for Inquiries Concerning Personal Information),
Mitsui & Co. HRD Institute
22F JA Building, 1-3-1 Otemachi
Chiyoda-ku, Tokyo 100-8631, Japan