Home > JPCERT Coordination Center Privacy Policy

JPCERT Coordination Center Privacy Policy

Yugen Sekinin Chukan Hojin (Limited Liability Non-Profit Corporation) JPCERT Coordination Center (hereinafter referred to as the “Center”) hereby announces that it has adopted the following policy for appropriate protection and use of Personal Information (hereinafter referred to as the “Privacy Policy”) pursuant to the Law relating to the Protection of Personal Information (Kojin Joho no Hogo ni kansuru Horitsu) (hereinafter referred to as the “Law”).

1. Our Commitment.

The Center will comply with the terms and conditions prescribed in this Privacy Policy as well as the relevant laws, regulations and orders, etc., for attaining the appropriate protection and use of Personal Information, make efforts to ensure that Personal Information will be protected and used appropriately and, in order to fully adapt to the development of information technology in the society at large, strive continuously to improve the system for protection of Personal Information and the practices under such system.

2. Collecting Personal Information.

For the purpose of this Privacy Policy, the term “Personal Information” means information which relates to a living individual and which, by the name, year, month and date of birth and other descriptions of the individual included therein, permits the identification of the specific individual (including information by which an individual may be identified by referencing and cross-checking other readily available information). The Center will collect Personal Information, by means of adequate and lawful process, to the extent necessary to achieve the purposes of use specified in this Privacy Policy.

3. Purposes of Use of Personal Information.

The purpose of use of Personal Information by the Center is as set forth below. If the Center intends to collect Personal Information for any purpose other than those described below, the Center will inform the individual of such specific purpose(s) of use while collecting it and obtain his or her consent.

Retained Personal Data involving an Incident Report: It shall be used for the purpose of operational communication such as confirming, proceeding and terminating the process relating to the Incident Report after receiving the Incident Report from an individual;
Retained Personal Data as defined by the Law for Coordinating Communication of Vulnerability Information: It shall be used for coordinating operational communication in light of disclosure of vulnerability-related information to product developers or vulnerability information response organizations such as CERT/CC., and for publicizing such information;
Retained Personal Data relating to Subscribers of JPCERT/CC Report: It shall be used for managing the mailing list which is operated to distribute the JPCERT/CC Report to the subscribing individuals;
Retained Personal Data of Event Participants: It shall be used for communicating with event participants, providing the relevant information regarding the event, etc. or otherwise conducting surveys or analyzing data on participants;
Retained Personal Data in General: It shall be made available to the contractors of the Center or third parties to the extent necessary for any purpose of use set forth above; or
For other purposes of use if specified and notified on case-by-case basis to the respective individual.

4. Use of Personal Information.

The Center will use Personal Information collected by the Center within the scope of the specified purpose of such collection, unless otherwise specifically provided for in the Law. If the Center intends to use or provide to a third party, etc., Personal Information for any purpose other than prescribed above, the Center shall obtain the consent of the individual in advance.

5. Provision of Personal Information to Third Parties.

Unless the description of the respective types of services provides that Personal Information may be provided to a third party, and excluding the cases enumerated below, the Center will not provide Personal Information to any third party without first obtaining consent of the individual:

If required by laws, regulations or ordinances;
If required to protect human life or bodily safety or property and where it is difficult to obtain consent of the individual;
If required to cooperate with departments of national government or municipal governments or their delegated entities in the course of discharging their business prescribed under the laws, regulations or ordinances and where, if they were to be required to obtain consent of the individual, discharge of their business would be made difficult; and
If convenient to outsource all or any part of processing or handling services of Personal Information, to the extent necessary to achieve the purpose of use stipulated in this Privacy Policy.

6. Security and Control Measures for Personal Information.

The Center will implement appropriate security and control measures to prevent loss, alteration or divulgence, etc. of Personal Information. In addition, the Center will provide training to all officers, staff members and employees who access to Personal Information to enhance their awareness of the importance of protection of Personal Information, and appropriately supervise contractors, if the Center outsources the processing or handling of Personal Information.

7. Inquiry and Correction of Personal Information.

With respect to Personal Information collected by the Center, if a individual wants to make an inquiry or request correction or deletion thereof, and if he/she submits his/her request to the specified contact (as specified below), the Center will respond to such request as expeditiously as reasonably possible, after confirming the identity of the individual.

8. Amendment of this Privacy Policy.

If this Privacy Policy is amended, the amended document will be posted and made public on the website of the Center (http://www.jpcert.or.jp/). The amended Privacy Policy will take effect after thirty (30) days from the posting on website of the Center.

9. Protection of Personal Information at Linked Web Sites.

The Center waives responsibility for the processing or handling of Personal Information carried out at any website operated by an entity or person other than the Center even if links to those sites are provided on the Website of the Center.

10. Procedure for an Individual to Request for the Disclosure, etc. of His/Her Personal Information, etc.

The Center will act responsively in an appropriate and prompt manner with respect to the procedure to the disclosure, etc. of information of an individual when requested by the individual, prescribed in the Law.

11. Priority of Japanese and English Versions of Privacy Policy.

The Website operated by the Center (http://www.jpcert.or.jp/) consists of English pages and Japanese pages and Privacy Policy is posted both in Japanese and English. English version of Privacy Policy is, however, prepared for convenience only by translation of the Japanese version and, in the event of any conflict or inconsistency between the Japanese and English versions of Privacy Policy, the Japanese version shall prevail as a basis of construction thereof.

12. Contact Information.

The Center will respond appropriately and promptly to any comments, requests or complaints, etc. with respect to the collection, use, processing or handling of Personal Information. Comments, requests or complaints, etc., with respect to the collection, use, processing, or handling of Personal Information or security and control measures of Personal Information by the Center should be directed, by e-mail, to the contact of the Center specified below. The Center will respond to such comments, request and complaints, etc. after reviewing their content.

Contact for Personal Information Issues: jpcert-privacy@jpcert.or.jp