Sony Financial Holdings Inc. understands that customers entrust Sony Financial Group companies with their Personal Information with the expectation that it will be used only for specific purposes. Sony Financial Holdings Inc. respects the customers' expectations and places a high priority on properly protecting such Personal Information and limiting its use to such purposes.
We hereby declare that we do our best to protect Personal Information of our customers, keeping in mind the following policies, which are shared in throughout the Sony Group and its subsidiaries in Japan.
President & CEO, Representative Director
Sony Financial Holdings Inc.
Operation Commencement Date: April 1, 2005
Amendment Date: May 30, 2017
Each company of the Sony Group (collectively, "Sony") is willing to build an environment in which the personal information of customers is safely stored, used and handled in line with the intention of customers, as well as gaining the trust of customers, and hopes to continue to provide numerous services, under this environment, which inspire and fulfil the curiosity of each customer.
Under this policy, and in accordance with Sony's philosophy of being honest and fair, Sony has prescribed the following policy on the handling of personal information, and is working to ensure the proper handling of personal information relating to its customers that it collects.
* This Policy encompasses Sony Group Corporation and its subsidiaries within Japan.
Handling of Personal Information
- Definition of Personal Information
"Personal information" in this Policy refers to information relating to an individual that includes a name, date of birth, or other description, etc., that could be used to identify a specific individual, or that includes a individual identification code*. All obtained information relating to customers that does not contain information in itself by which a specific individual could be identified, but which could be used to identify a specific individual by collating it with other information, shall be regarded as "personal information" within the scope that it can be handled in combination with other information.
- Compliance with Laws
When handling personal information, Sony shall comply with the obligations set forth in the Act on the Protection of Personal Information, various other laws and regulations relating to the protection of personal information, guidelines published by the Personal Information Protection Commission and the competent authorities, as well as to this Policy.
- Use within the Scope of Utilization Purpose
Except where the prior consent of the individual has been obtained, or where it is permitted by law, Sony shall handle personal information only within the scope required to achieve the previously specified purpose of use, and shall take measures to achieve this.
- Acquisition of Personal Information
Sony shall endeavour to obtain personal information after expressing in advance the items, purpose of use, and contact point for inquiries, etc., of the personal information to be handled, and after obtaining the consent of the individual. In the event that special care-required personal information such as race and creed, etc., is included in the personal information, except where permitted by law, Sony shall not acquire such personal information without the consent of the individual. When obtaining personal information from a third party, if a legal obligation to check or create records arises when receiving provision from a third party, Sony shall comply with this.
- Personal Information of Customers Under the Age of 15
Sony shall endeavour to comply with all laws and regulations applicable to the collection, storage, and use of personal information relating to customers under the age of 15. In the event of a child having provided personal information to Sony without the consent of their parent or guardian, we ask that a parent or guardian contacts us at the address specified in this Policy.
- Security Control Action
Sony shall endeavour to keep the content of personal information accurate, complete, and up to date within the scope of the purpose of use, shall take the necessary and appropriate secure management measures in accordance with technological standards at that point in time in order to prevent unauthorised access, leakage, tampering, loss, or damage, etc., and shall make corrections as necessary.
- Supervision of Subcontractor(s)
Sony, within the scope required for the achievement of the purpose of use, may entrust the handling of personal information to another Sony Group company or a third party. In such a case, the appropriate secure management measures shall be taken under the Sony Group common information security policy. In addition, with regard to the contracting of business to a third party, efforts shall be made to ensure that secure management is performed as strictly as possible in relation to the handling of personal information, such as through the execution of a contract. If a third party in a foreign country is contracted to perform business, and a legal obligation to create records arises, Sony shall comply with this.
- Third Party Provision
Except where permitted by law, Sony shall not provide personal information to a third party without obtaining the consent of the individual. If personal information is provided to a third party, and a legal obligation to create records arises at the time of such third party provision, Sony shall comply with this.
- Respond to a Demand etc. for Disclosure etc.
Sony shall respond appropriately to requests for the disclosure, amendment, ceasing of use (for introducing products and services, etc.), and deletion of personal information, as well as other comments and inquiries regarding the handling of personal information, based on the provisions of laws and regulations. Please contact the address of the company to which you provided information for assistance.
- Strengthening of Systems, Training, Etc.
To ensure the appropriate handling of personal information, Sony shall endeavour to continually strengthen and improve internal systems, including reviewing this Policy, by appointing a manager for personal information, establishing internal regulations, training officers and employees, and implementing the appropriate internal audits, etc.