- Basic Policy on Information Security
As part of its corporate mission to enrich the world through visual communication, and in order to achieve further growth and development of its business, amana group (“Amana Group”) is pushing ahead proactively in the digitalization of its information assets. In today’s digital society, where the Internet has become an essential and indispensable part of our lives, Amana Group recognizes that appropriate handling of information assets to protect them against threats such as information leaks, destruction, or manipulation is a social responsibility. To fulfill that responsibility, Amana Group has established this Basic Policy on Information Security, and pledges to ensure that all Amana Group officers and employees will understand and act in accordance with it.
- 1. The Purpose of Information Security
- By implementing appropriate information security management and seeking to prevent the occurrence of information security incidents, Amana Group aims to be a company that maintains the constant trust and confidence of its customers and all of its other stakeholders. In the unlikely event that an information security incident should occur, Amana Group will endeavor to minimize the extent of any damage incurred, and to prevent reoccurrences by carrying out prompt restoration and recovery work.
- 2. Scope of Applicability
- This policy applies to all corporate officers and employees (including all permanent, contract and part-time employees and resident external contractors) and any important information assets managed by the Amana Group.
- 3. Amana Group Initiatives
Protection of Information Assets
Amana Group will take all necessary management steps and measures, from the standpoints of confidentiality, integrity and availability, in order to protect all important information assets (including personal information) in its possession from all manner of threats.
Observance of Laws and Legal Statutes
Amana Group will comply with all laws, regulations and all separately stipulated rules, regulations and contractual agreements, etc., relating to information security.
Promotion of Information Security Activities
In order to promote its information security activities, Amana Group will create and operate an information security management system. Amana Group will also establish an information security committee and appoint a chief information security management supervisor. The information security management supervisors and committee members from each department shall actively spearhead information security activities, review them periodically and make continuous improvements.
Implementation of Drills and Educational Training
In order to implement organized and continuous information security-related activities, Amana Group will carry out educational training for all of its corporate officers and employees.
Response to Information Security-related Events and Incidents
Amana Group will constantly anticipate the occurrence of information security-related accidents, and, in addition to working to prevent such incidents, make a prompt response and take appropriate management steps and measures in the occurrence of such information security events and/or incidents, in consideration of rectifying such occurrences.
NB: An information security incident is an information security-related accident or incident of the kind that could interfere with business operations.
- Established: December 1, 2007
Last Updated: April 1, 2015
- Protection of Personal Information
- Amana Group pledges to comply with laws and norms relating to the protection of personal information, to pay care and attention to international developments in the field and establish voluntary rules and frameworks, to establish the following Policy on the Protection of Personal Information and to implement and maintain this Policy with regard to the personal information of all customers and other transaction-related companies that Amana Group may use in the course of its business.
In order to fulfill this pledge, Amana Group shall establish a set of Management Rules for the Protection of Personal Information, and shall endeavor to make these rules known to all officers, employees and other affiliates of the Amana Group, and to ensure thorough observance of said rules.
To prevent loss, destruction, manipulation or leaks of personal information or other similar incidents, Amana Group shall establish an information security system and implement appropriate information security countermeasures, including measures to combat unauthorized accesses to information and intrusions by computer viruses.
In order to manage personal information appropriately, Amana Group shall carry out regular checks and other such activities as the company sees fit, and shall endeavor to take appropriate steps promptly in the event of the discovery of parts that should be rectified, and to work towards continuous improvement.
When obtaining personal information, Amana Group shall do so by fair and legal means, and, in addition to not obtaining such information by illicit means, shall either obtain the consent of the relevant individual to whom the personal information belongs with regard to the purpose of use, etc., or shall give notice of the necessary items on the Amana Group’s website.
In cases where personal information is being obtained indirectly, Amana Group shall confirm whether or not the personal information obtained has been obtained by the provider from the individual in question in an appropriate manner, pay any contractually-obligated consideration for such provision(s), and shall give notice of the necessary items regarding the purpose of use, etc., of such personal information on the Amana Group’s website.
Amana Group confirms that the individual in question to whom the relevant personal information belongs owns the right to demand disclosure, correction, discontinuation of use and deletion, etc., of his or her own personal information, and shall respond sincerely and promptly to any such demands from the individual in question. Amana Group shall also establish a Personal Information Inquiries Desk to receive and handle inquiries regarding matters concerning personal information.
Personal Information Inquires Desk: 03-3740-4010
In cases where Amana Group makes shared use of personal information with a third party, or deposits personal information to a third party for the purpose of subcontracting work, Amana Group shall conduct appropriate research on and enter into such contractual agreements as necessary with said third party, and take other such legal steps as deemed necessary.
Amana Group sets forth the following general rules for the specific gathering and handling of personal information.
- General rules regarding the use of personal information:
- The use of personal information shall be limited to within the scope of the purpose for which it was collected, only by persons granted the necessary authority in accordance with the specific work being carried out, and within the scope of that which is necessary in order to carry out the relevant work.
- Prohibited Items
- As a general rule, provision of personal information to a third party is prohibited.
We do not allow the content of personal information obtained in the process of carrying out work to be known to third parties without good reason, or use such personal information for wrongful purposes.
We do not gather, use or provide personal information containing any of the following content:
Items concerning thoughts, beliefs or religious matters
Race, ethnicity, lineage, domicile of origin (excluding information regarding the prefecture of its location), physical or mental disabilities, criminal records or other items that may be the cause of social discrimination
Items concerning the right to organize groups of workers, engage in collective bargaining or other acts of collective action
Items concerning participation in collective industrial action, the exercise of the right to petition or other matters concerning the exercise of political rights
Items concerning health, medical treatment or sexual lifestyle
- Established: March 2005
Last Updated: October 2008
- Purpose of the Use of Personal Information
- When acquiring customers’ personal information, either directly or indirectly, Amana Group uses such personal information only within the scope of that which is necessary for carrying out the following work and fulfilling the following purposes of use:
- Work Content
- All work relating to the planning, production and sale of visual solutions and other incidental work.
Production of photographs and digital images
Planning and sale of stock photo content
Other work relating to visual solutions
Other work that Amana Group is able to engage in, and other incidental work (including work the handling of which may be approved in the future)
- Purpose of Use
Amana Group makes use of personal information for the following purposes, in relation to Amana Group products and services. Amana Group also makes joint use of the information listed under “Items of Personal Data” with business partner companies for the purposes detailed in Item 8 below.
To receive applications and consultations concerning Amana Group’s business and services
To make various proposals and introductions/presentations concerning Amana Group’s business and services (including the sending of direct mail and e-mail newsletters)
To confirm the identity of the individual or the individual’s representative, etc.
To subcontract work within the scope necessary to carry out work appropriately when providing Amana Group’s work and services
To carry out commissioned work appropriately, when commissioned by another company or service provider, etc., to process all or part of its personal information
To exercise rights and fulfill obligations pursuant to laws and contractual agreements with customers, etc.
To develop new Amana Group businesses and services and improve or enhance existing businesses and services through the carrying out of market research, data analysis, questionnaire surveys and other such means
To provide the goods and services of partner companies, etc., and to offer various proposals relating to such goods and services
To terminate or cancel various transactions and registered subscriptions to e-mail newsletters, etc., and to carry out necessary processing after such terminations or cancellations
To identify and manage various risks as necessary to run our business
To appropriately and smoothly fulfill other transactional and contractual obligations to customers in the course of Amana Group’s work
- Items of Personal Data
- The items of personal data that Amana Group makes shared use of consist of names, addresses, telephone numbers, e-mail addresses and other general personal information in the possession of Amana Group. Amana Group may sometimes record the content of phone calls in order to accurately understand the opinions and requests of our customers. We erase all recorded personal information within a period of six months.
For inquiries, consultations and complaints, etc., concerning the protection of personal information, please contact us at our Personal Information Inquiries Desk.
Personal Information Inquiries Desk:
2-2-43 Higashi Shinagawa, Tokyo 140-0002
- Established: April 2005
Last Updated: June 2011
When acquiring customers’ personal information, either directly or indirectly, Amana Group uses such personal information only within the scope of that which is necessary for carrying out the following work and fulfilling the following purposes of use.
Also, in participating in the T-Point service operated by Culture Convenience Club Co., Ltd., amana inc. and its subsidiary amana images inc. will make use of personal information received from members of amanaimages.com and tagstock.com for the following joint use:
- Applicable customers:
- T-Point members who are also members of amanaimages.com and/or tagstock.com
- Items of Personal Information:
- Names, addresses, telephone numbers, e-mail addresses, user IDs, purchase histories and other information possessed by amana inc.
- Applicable customers:
- -Point members who are also members of amanaimages.com and/or tagstock.com
- Partner companies with which amana inc. will make joint use of personal information:
- Culture Convenience Club Co., Ltd.
- Purpose of Use
- To provide the goods and services of the partner company and offer proposals
- Shared Use Supervisors
- amana inc.
amana images inc.
- ISO/IEC27001:2013 Certification
- amana inc. has obtained the ISO/IEC27001:2013 international information security management standard certification.
- Certification standard
- JIS Q 27001:2014(ISO/IEC 27001:2013)
- Accreditation body
- JIPDEC(Japan Information Processing Development Corporation)
- Certifying body
- Perry Johnson Holding, Inc. Perry Johnson Registrars, Inc.
- Certificate registration number
- Date of initial registration
- November 24, 2008
- Date of issue
- November 24, 2014
- Expiry date
- November 23, 2017
- Scope of registration
- Visual communication business (sales of stock content, production of advertising visuals, planning and production of advertisements, photography class and CG production class businesses)
- Organization/ department name
- amana inc.／amana west inc.／acube inc.／amana images inc.／amana salto inc.／amana cgi inc.／amanadesign inc.／un inc.／studio amana inc.／needs plus inc.／Hydroid inc.／parade inc.／hue inc.／RIZING inc.／wonderactive inc.／MISSILE COMPANY INC.／amanabi inc.