1. Our Commitment.
2. Collecting Personal Information.
3. Purposes of Use of Personal Information.
The purpose of use of Personal Information by the Center is as set forth below. If the Center intends to collect Personal Information for any purpose other than those described below, the Center will inform the individual of such specific purpose(s) of use while collecting it and obtain his or her consent.
- Retained Personal Data involving an Incident Report: It shall be used for the purpose of operational communication such as confirming, proceeding and terminating the process relating to the Incident Report after receiving the Incident Report from an individual;
- Retained Personal Data as defined by the Law for Coordinating Communication of Vulnerability Information: It shall be used for coordinating operational communication in light of disclosure of vulnerability-related information to product developers or vulnerability information response organizations such as CERT/CC., and for publicizing such information;
- Retained Personal Data relating to Subscribers of JPCERT/CC Report: It shall be used for managing the mailing list which is operated to distribute the JPCERT/CC Report to the subscribing individuals;
- Retained Personal Data of Event Participants: It shall be used for communicating with event participants, providing the relevant information regarding the event, etc. or otherwise conducting surveys or analyzing data on participants;
- Retained Personal Data in General: It shall be made available to the contractors of the Center or third parties to the extent necessary for any purpose of use set forth above; or
- For other purposes of use if specified and notified on case-by-case basis to the respective individual.
4. Use of Personal Information.
The Center will use Personal Information collected by the Center within the scope of the specified purpose of such collection, unless otherwise specifically provided for in the Law. If the Center intends to use or provide to a third party, etc., Personal Information for any purpose other than prescribed above, the Center shall obtain the consent of the individual in advance.
5. Provision of Personal Information to Third Parties.
Unless the description of the respective types of services provides that Personal Information may be provided to a third party, and excluding the cases enumerated below, the Center will not provide Personal Information to any third party without first obtaining consent of the individual:
- If required by laws, regulations or ordinances;
- If required to protect human life or bodily safety or property and where it is difficult to obtain consent of the individual;
- If required to cooperate with departments of national government or municipal governments or their delegated entities in the course of discharging their business prescribed under the laws, regulations or ordinances and where, if they were to be required to obtain consent of the individual, discharge of their business would be made difficult; and
6. Security and Control Measures for Personal Information.
The Center will implement appropriate security and control measures to prevent loss, alteration or divulgence, etc. of Personal Information. In addition, the Center will provide training to all officers, staff members and employees who access to Personal Information to enhance their awareness of the importance of protection of Personal Information, and appropriately supervise contractors, if the Center outsources the processing or handling of Personal Information.
7. Inquiry and Correction of Personal Information.
With respect to Personal Information collected by the Center, if a individual wants to make an inquiry or request correction or deletion thereof, and if he/she submits his/her request to the specified contact (as specified below), the Center will respond to such request as expeditiously as reasonably possible, after confirming the identity of the individual.
9. Protection of Personal Information at Linked Web Sites.
The Center waives responsibility for the processing or handling of Personal Information carried out at any website operated by an entity or person other than the Center even if links to those sites are provided on the Website of the Center.
10. Procedure for an Individual to Request for the Disclosure, etc. of His/Her Personal Information, etc.
The Center will act responsively in an appropriate and prompt manner with respect to the procedure to the disclosure, etc. of information of an individual when requested by the individual, prescribed in the Law.
12. Contact Information.
The Center will respond appropriately and promptly to any comments, requests or complaints, etc. with respect to the collection, use, processing or handling of Personal Information. Comments, requests or complaints, etc., with respect to the collection, use, processing, or handling of Personal Information or security and control measures of Personal Information by the Center should be directed, by e-mail, to the contact of the Center specified below. The Center will respond to such comments, request and complaints, etc. after reviewing their content.
Contact for Personal Information Issues: email@example.com