JPCERT Coordination Center (hereinafter referred to as "JPCERT/CC") hereby announces that it has adopted the following Privacy Policy (hereinafter referred to as "the Policy") for appropriate protection and use of personal information. The definitions of terms on the Policy are based on the "Act on the Protection of Personal Information" (hereinafter referred to as "the Act"). JPCERT/CC recognizes their important responsibility to properly protect personal information of all the individuals involved, such as service users and incident reporters. Pursuant to the Policy, JPCERT/CC strives to protect personal information.
Refer to the following webpage for the details of the Act:
Act on the Protection of Personal Information (Act No. 57 of May 30, 2003)
https://www.japaneselawtranslation.go.jp/en/laws/view/2781
-
The definitions of terms on the Policy are based on the Act.
- JPCERT/CC follows the Policy and the obligations prescribed by laws and regulations related to the protection of personal information.
- JPCERT/CC specifies their purposes of usage of personal information as finely as possible and only to the extent necessary to achieve the purposes, unless specifically exempted in the Act.
- JPCERT/CC collects personal information in a proper way. The purposes of collection shall be disclosed in advance or informed individuals promptly after the collection, unless specifically exempted in the Act. However, when personal information is obtained directly in person through documents (in a hardcopy or electronically), the person shall be informed in advance, unless specifically exempted in the Act.
- JPCERT/CC collects special care-required personal information only when each individual's consent is obtained beforehand, unless specifically exempted in the Act.
- JPCERT/CC makes its best endeavors to keep the collected personal data accurate and updated within the scope of its purpose of usage. JPCERT/CC takes the following security management measures that are necessary and appropriate from the organizational, personal, physical and technical perspectives, and supervises its employees and contractors.
- JPCERT/CC does not provide personal data of any individual to any domestic or foreign third party without obtaining the person's consent beforehand, unless specifically exempted in the Act.
- Based on laws and regulations, JPCERT/CC keeps the specified items of retained personal data accessible to each individual and responds to their requests for disclosure, correction, utilization cease, or deletion. "Accessible" here includes the condition in which JPCERT/CC can respond promptly to individual's request.
- JPCERT/CC makes effort to develop a structure to respond to the complaints from individuals regarding personal information in a prompt and proper manner.
- JPCERT/CC constantly strives to improve the Policy by conducting proper reviews.
- JPCERT/CC's website consists of Japanese and English pages, and the Policy is also available in both languages. In the event of any conflict or inconsistency between the two versions, the Japanese version shall prevail.
Tozan Bldg. 8F,4-4-2
Nihonbashi-honcho, Chuo-ku
Tokyo 103-0023, Japan
[Disclosure based on the Act]
JPCERT/CC "discloses" the following items pursuant to the Act.
- The purpose of use of personal information
The purpose of usage of personal information by JPCERT/CC is limited as set forth below, unless specifically exempted in the Act. If JPCERT/CC intends to collect and/or utilize personal information for any other purposes, JPCERT/CC shall inform the individual of the purpose, and the purpose is also disclosed if needed.
(1) Personal information related to incident reports
JPCERT/CC utilizes personal information in operational communication during handling (confirming, analysis, proceeding, and terminating) the process regarding incident reports.(2) Personal information related to vulnerability information
JPCERT/CC utilizes personal information in operational communication during the process of coordination for distributing and publicizing vulnerability information.(3) Personal information of mailing list subscribers
JPCERT/CC utilizes personal information to distribute products to its subscribers.(4) Personal information related to event participants
JPCERT/CC utilizes personal information to communicate with event participants, to share relevant information regarding the events, and to conduct survey and analysis on the events.(5) Personal information of job applicants
JPCERT/CC utilizes personal information for the purpose of employee selection, training, selection of departments to which employees are assigned, etc.(6) Personal information of persons registered for services provided by JPCERT/CC
JPCERT/CC utilizes personal information for the purpose of contact and distribution of information regarding the provision of services.(7) Personal information on business partners
JPCERT/CC utilizes personal information for the purpose of preparing for or executing contracts.(8) Provided to the contractors of JPCERT/CC and third parties
Personal information shall be made available to the contractors of JPCERT/CC and/or third parties only to the extent necessary to achieve the purposes above. - Contact for personal information related issues
sender's identity and report contents.
Contact for personal information related issues: jpcert-privacy@jpcert.or.jp
[Handling personal information on the websites]
- On the Policy, "history and characteristics information" refers to the search words, date and time of access, IP address, Cookie information, device identification information, etc. of the users of the websites which JPCERT/CC manages (hereinafter referred to as the JPCERT/CC's website's).
- There are cases in which JPCERT/CC automatically collects history and characteristics information when JPCERT/CC's website is used or viewed.
-
Utilizing history and characteristics information
There are cases in which JPCERT/CC utilizes history and characteristics information on JPCERT/CC's website for the following purposes:
(1) To identify the cause of the server failure and other problems and solve them.(2) To improve the website, email contents, etc.(3) To personalize the contents of the website, emails, etc. for each user.(4) To use browsing history, survey results, and other information for marketing on the membership-based services, which require registration with personal information beforehand.(5) To use the information for statistical data in a way that individuals cannot be identified. -
Use of Google Analytics
There are cases when JPCERT/CC uses Google Analytics to obtain JPCERT/CC's website's status of usage. Google Analytics collects access information of JPCERT/CC's website without identifying individuals, using first-party Cookies. The measures to collect and utilize the access information are prescribed by the Terms of Service and Privacy Policy of Google Analytics. - In the case where different rules are otherwise specified in the Terms of Service of JPCERT/CC's website or other documents, the specified rules shall prevail.
Refer to the following webpage for the details of Google Analytics:
Google Analytics
https://marketingplatform.google.com/about/analytics/?hl=en_US
(Google Analytics™ is a trademark of Google Inc.)