Additional Privacy Terms if You are Located in Japan

Last Updated: December 5, 2023

If you are located in Japan, you have certain rights with respect to your personal information. The following is a summary of those rights and additional information applicable to our collection and use of your personal information. For clarity, these Additional Privacy Terms if You are Located in Japan are in addition to, and not in lieu of, the information provided in our Privacy Policy.

Japan’s Act on the Protection of Personal Information (APPI)

We have adopted Japan’s Act on the Protection of Personal Information (APPI), as amended. The APPI governs the way in which we collect, use, disclose, secure and dispose of personal information.

A copy of The APPI may be obtained from The Government of Japan’s Personal Information Protection Commissioner by visiting https://www.ppc.go.jp/en/legal/.

Purposes of Use

We collect, use, disclose, secure and dispose of your personal information for the purposes outlined below.

Type of Personal Information Purpose
A. Information containing a name or other identifier or the equivalent such as contact information, education, professional, and employment information
  • Communicate with you
  • Provide services to you
  • Provide opportunities for you
  • Personalize your experience with us
  • Provide customer service
  • Maintain and secure your account with us
  • Respond to your requests
  • Respond to law enforcement requests or as required by law
  • Identify you, or validate or verify your identity
  • Comply with legal requirements
  • Make payments to you
B. Information containing identifiers obtained during audio recordings
  • Telephone calls to customer service and similar staff may be recorded for training and quality assurance purposes
C. Individual Identification Codes such as characters, letters, or other codes created to identify and distinguish between different users and or Visitors including geolocation data and activity on our Websites
  • Provide services to you
  • Provide services to you
  • Provide customer service
  • Manage your preferences
  • Improve your experience on our Websites
  • Improve our processes
  • Maintain and secure your account with us
  • Identify you, or validate or verify your identity

 

Sensitive Personal Information

Under Japan’s APPI, sensitive personal information includes personal information about identifiable person’s race, creed, social status, medical history, criminal records, and other equivalent identifiers that could lead to discrimination.

If you are an Employee or Contractor and intend to sign a contract with us, we may collect some or all the following sensitive personal information:

Type of Sensitive Personal Information Purpose
A. Criminal Records or Background Check Information
  • Provide services to you
  • Provide opportunities for you
  • Identify you, or validate or verify your identity or information you have provided
  • Comply with legal requirements
  • Comply with your requests to share your information with specific third parties
B.  Medical or Health Insurance Information
  • Provide or administer health, welfare, retirement, or benefits to you
C.  Demographic information such as information about age, gender, gender identity, ethnicity, nation origin, Minority and/or Women Owned Business Enterprise status, Disabled Veteran Owned Business Enterprise status, Socially/Economically Disadvantaged Owned Business Enterprise status, and languages you speak
  • You may provide responses to surveys or questionnaires or otherwise provide us this information voluntarily to enable us to comply with legal and regulatory reporting requirements including reporting to the Equal Employment Opportunity Commission (EEOC) or to conduct other government reporting

 

Restriction Due to Purpose of Use

Unless we have first notified you of an additional purpose of use and obtained additional consent from you, we do not collect, use, disclose, secure, and dispose of personal information beyond the scope necessary to achieve the Purposes of Use described herein, except as permitted and or required by law.

Personal Information and Third Parties

We only share your personal information with third parties as described in our privacy policy when you have given your prior consent and when permitted or required by law.

Personal Information and Third Parties in a Foreign Country Outside Japan

We only share your personal information with third parties outside of Japan as described in our privacy policy when you have given your prior consent and as permitted or required by law. In such case, we share your personal information to third parties in EU/EEA member countries or the United Kingdom which are recognized as having a personal information protection system at the same level as Japan.

We also share your personal information to third parties located in the United States. In this case, we only share personal information to third parties establishing a system conforming to standards prescribed by rules of Japan’s Personal Information Protection Commission. Necessary measures we employ to have these third parties continuously implement equivalent measures include entering into a written agreement imposing on third parties' data protection obligations requiring the same level of protection of personal information and technical and security measures as required and or implemented by us.

Managing Accuracy and Security of Personal Information

We make every effort to keep personal information accurate and up to date, within the scope necessary for achieving the purpose of use, and to promptly delete personal information if it is no longer required, as required by law.

We take necessary and appropriate measures for managing the security of personal information including measures to help prevent leak, loss or damage of personal information. These include:

  • Information Security Program. We maintain a program that provides for the protection of data confidentiality, integrity, availability, possession, utility, and authenticity, including processes and procedures to respond to security incidents. This program complies with all applicable state, federal, and/or regulatory data protection requirements.
  • Data Encryption. We encrypt personal information using valid encryption processes.
  • Malware and Virus Detection and Prevention. We use and maintain commercially reasonable malware and virus detection and prevention mechanisms to protect personal information in our systems.
  • Application Security Testing. We regularly perform commercially reasonable tests for security vulnerabilities of applications developed or used by us that process personal information.
  • Intrusion Detection. We monitor for unauthorized access attempts to our systems and services using commercially reasonable tools and practices.
  • Security Logs and Audit Trail. We log information for our systems, including firewalls, routers, network switches, and operating systems, to our respective system log facility and/or a centralized log server (for network systems). We monitor logs to identify unauthorized activity to facilitate incident response.
  • Change Management. We maintain a change management program that ensures all system, application, and service changes have been appropriately reviewed, tested, and approved prior to deployment into our production environment.
  • Network Protection. We restrict and control access between our network and other networks, including the Internet, using firewalls and other commercially reasonable control mechanisms.
  • Incident Management. We maintain security incident management policies and procedures, including detailed security incident escalation procedures. We promptly investigate and notify users and Visitors of our Websites in the event we become aware of an actual or reasonably suspected unauthorized leakage or disclosure of personal information.
  • Physical Security. We provide physical security to production data using commercially reasonable controls and restricting access to only authorized personnel that have a verifiable need to access the security areas.
  • Business Continuity Management. We maintain a business continuity plan and perform tests of the business continuity plan at least annually. If we experience a material business continuity disruption event that impacts or may impact services, we provide regular updates, at an appropriate frequency, including a summary description of the event, the impact, and an estimate when services will return to normal operations.
  • Disaster Recovery. We maintain disaster recovery plans and perform disaster recovery testing at least annually.
  • Reliability and Backup. We provide appropriate levels of system and data reliability and backup to meet applicable legal obligations.

Rights Under Japan’s Act on the Protection of Personal Information (APPI)

If you are located in Japan, you have the following rights in respect of your personal information that we hold:

  • Right of access and disclosure. You have the right to request we disclose the personal information we hold about you and to make the personal information we hold accessible to you by replying to your requests.
  • Right to correction. You have the right to request we make corrections, additions, or deletions to your personal information in the event it is not accurate.
  • Right to deletion and cease of use. You have the right to request we delete or cease using the personal information we hold about you including ceasing to provide your personal information to a third party in the event that (i) we or the third party violates the APPI or other applicable laws, (ii) it is no longer necessary for us to use your personal information or the purposes of use no longer apply, or (iii) deleting or ceasing use is necessary to protect or prevent an infringement or harm to your rights and interests.

If you wish to exercise one of these rights, submit your request by completing the Individual Data Request Form. We will use reasonable efforts to respond to an inquiry without excessive delay.

In order to respond to your request, we may request you to provide:

  • Sufficient information to allow us to confirm your identity;
  • Your reasons for making the request to allow us to locate responsive information; and
  • Information about the employees or services you interacted with and the nature of the personal information you were requested to provide.

If we determine that we are unable to accept your request, we will provide you with an explanation with reasons for our rejection.

Contact Details and Complaints

For any questions, concerns, or complaints regarding a possible breach of your privacy by us, or for general questions, concerns, or complaints regarding our handling of your personal information, please contact our Data Protection Officer as follows:

  • By completing the Individual Data Request Form
  • By phone at 0011+1+703 793 6000
  • By mail to MBO Partners, Inc, Attention Data Protection Officer, 20370 Exchange Street, Suite 250, Ashburn VA 20147

We will treat each complaint confidentially. We will investigate each complaint and will contact the individual that submitted the complaint within a reasonable time period once the complaint is resolved (and in any event within any applicable time periods required by the Privacy Act).

Changes to These Additional Privacy Terms if You are Located in Japan

We may update these Additional Privacy Terms if You are Located in Japan from time to time. When we do update them, we will post a notice on our Websites, make the updated version of these Additional Privacy Terms if You are Located in Japan available on this page, and indicate the date it was last updated above. For clarity, any updates will apply from the date they are posted. Please check back periodically to see if these Additional Privacy Terms if You are Located in Japan have been updated.