In its aim to provide outstanding logistics services to its customers as a total logistics company, Sumisho Global Logistics Co., Ltd. (SGL) has established a relationship of trust with its customers (customer satisfaction) and compliance with laws and regulations (compliance) as its most important management guidelines.
In practicing these management guidelines, with “earning trust and confidence through the adequate and accurate protection of personal information protection” as our basic policy for personal information protection, we carry out the following initiatives in order to fully implement our personal information protection management system.

• 1. We will acquire, use, and provide personal information appropriately in consideration of business activities (preparation of documents, transport, delivery related to mail order, sorting, storage and other logistics arrangements in contract logistics operations) and business scale.
• 2. In acquiring, using and providing personal information, we will specify the purpose thereof as well as comply with laws, regulations, guidelines set forth by the Japanese government and other norms concerning personal information.
• 3. Upon managing personal information, we will appoint a chief administrator to ensure appropriate management as well as endeavor to prevent leakage to external parties. Additionally, to prevent risks such as unauthorized access by external parties and the loss, damage, falsification and leakage of personal information, we will take every precaution for that prevention, including adequate and reasonable safety measures, and will promptly take corrective actions to address the risk of accidents occurring.
• 4. We will handle personal information only to the extent necessary to achieve the purpose of use and with due consideration so as not to compromise your rights. Additionally, we will take measures required to prevent the handling of personal information for purposes of use other than those specified.
• 5. Except in cases that fall under items specifically provided for in laws, regulations or other norms, we will not disclose or provide personal information to third parties other than work consignees without your consent.
• 6. We will appropriately handle complaints and consultations regarding the handling of personal information.
• 7. We will make continuous improvements to our personal information protection management system in line with future changes in circumstances.
• 8. In cases where a leak, etc. occurs with your personal information, we will endeavor to respond in accordance with laws, regulations and other provisions, including promptly notifying you of the facts.
• 9. We will set forth a retention period for your personal information required for the purpose of use. Once that retention period has elapsed or the purpose of use has been achieved, we will delete your personal information without delay. Please note that this may not apply in cases that fall under items specifically provided for in laws, regulations or other norms.
• 10. We may change the content of this Privacy Policy as necessary. In such cases, we will post the updated content on the SGL website.

Established On: March 1, 2007
Revised On: September 1, 2019
Sumisho Global Logistics Co., Ltd.
Hidemasa Kozawa, Representative Director, President, Executive Officer and CEO

Inquiries regarding our Privacy Policy are accepted at the following contact point.
Sumisho Global Logistics Co., Ltd.
Sumitomo Corporation Takebashi Bldg., 1-2-2 Hitotsubashi, Chiyoda-ku, Tokyo 100-0003, Japan
Tel: 03-6266-6000　
Fax: 03-6266-6100　
E-mail: privacy@sglogi.co.jp
Available Hours: 9:30 AM - 5:45 PM on weekdays (Weekends, national holidays and year-end and New Year holidays excluded)

Handling of Personal Information

This notice explains the acquisition, use, handling, etc. of personal information held and acquired by Sumisho Global Logistics Co., Ltd. (SGL) in accordance with the provisions of the “Act on the Protection of Personal Information.”

1. Our stance on the protection of personal information

In order to respect the principles of the Act on the Protection of Personal Information and secure those principles, we have set forth and implement a “Personal Information Protection Policy” and “Basic Rules on the Protection of Personal Information.”
Additionally, we adequately manage personal information under the management of the personal information protection manager.
We implement strict security measures to prevent leakage, loss or damage with respect to personal information obtained from you or entrusted to us by you.
Also, we administer training and supervision for the protection of personal information to our directors, employees and other related personnel engaged in our operations to strictly manage the personal information in our possession.

2. Methods of acquiring personal information and specifying of purpose of use

In cases where we ask you to provide us with personal information, as a general rule, we will specify the purpose of use, notify you of the necessary items and obtain your consent.
We will not handle personal information that we acquire for purposes other than those specified without obtaining your consent.
Additionally, with respect to the provision of personal information requested to you by us, we will not acquire said personal information in cases where you have not granted your consent.
In such cases, services we provide to you may be hindered.

■Personal information acquired directly in writing

In cases where we acquire personal information directly from you in writing or through a website, except in cases where the purpose of use is clear based on the circumstances of that acquisition or where the notification or disclosure of the purpose of use is not required by law, we shall acquire the information for the purposes stated below and handle it within the scope of those purposes.

Personal information acquired directly in writing	Purposes of use
Your personal information	To confirm the nature of inquiries made SGL and to make contact To provide and propose information regarding products and services (including advertisements)
Personal information of prospective employees	To make contact, provide information and perform clerical work pertaining to the recruitment and selection of prospective employees
Personal information of officers and other employees	To conduct personnel affairs/personnel management for officers and other employees of SGL

■Personal information acquired using methods other than directly in writing

When acquiring personal information using methods other than directly in writing, we shall acquire the information for the purposes stated below and handle it within the scope of those purposes.

Personal information acquired using methods other than directly in writing	Purposes of use
Personal information acquired when taking consultations over the phone	SGL will use your personal information to respond to and contact you regarding your inquiries. To provide and propose information regarding products and services
Personal information of temporary staffing partners acquired indirectly from staffing agencies	To conduct personnel affairs/personnel management
Personal information acquired indirectly from customers in connection with contracted services	SGL will use your personal information in operations to deliver customer products to you.
Personal information acquired using surveillance cameras	SGL will use your personal information for crime prevention and security purposes.

3. Joint use of personal information

We do not share personal information with other companies.

4. Consignment of work involving personal information

We may consign work to the extent necessary to achieve the purpose of use of personal information.
In such cases, we make consignees obliged to protect the personal information and strictly manage the information under our adequate supervision.

5. Provision to third parties

We will adequately manage personal information that we acquired and will not provide it to any third party (excluding joint-use companies and work consignees) without obtaining the consent of the concerned person in advance.
However, please note in advance that in cases where it is specifically required as described below, we may provide personal information to third parties only to the extent necessary.

• (1) Cases where the following items are clearly specified and the consent of the concerned person has been obtained in advance
  • a. Name of business operator
  • b. Name or title, affiliation and contact information of personal information protection manager
  • c. Purpose of use
  • d. Items when personal information is scheduled to be provided to a third party
    • ・Purpose of providing the information to a third party
    • ・Items of personal information to be provided
    • ・Means or method of provision
    • ・Party who will receive that personal information or type of organization and attributes of party who will receive that personal information
    • ・Statement citing the existence of agreement regarding handling of personal information, should one exist
• (2) If all or part of the handling of personal information is consigned within the scope required to achieve the specified purpose of use
• (3) Cases under laws or regulations
• (4) If it is necessary for the protection of the life, physical well-being or property of an individual and it is difficult to obtain the consent of concerned person
• (5) If it is especially necessary to improve public health or to promote the sound growth of children and it is difficult to obtain the consent of the concerned person
• (6) If it is necessary to cooperate in the performance of affairs prescribed by laws and regulations with a national agency, a local public body or a party entrusted thereby and obtaining the consent of the concerned person may hinder that performance of affairs

6. Security control measures for personal information

In accordance with laws, regulations, guidelines set forth by the Japanese government and other norms as well as our internal rules, we protect personal information in our possession from leakage, loss, damage, etc. by implementing organizational structure measures such as employee training and the assignment of chief administrators, physical preventive measures against the likes of theft and technical preventive measures such as the prevention of unauthorized access using networks.
The security control measures taken by us are as follows. Note that said measures taken for security control purposes include those taken in order to prevent the leakage, etc. of personal information that the business operator in question has acquired or is attempting to acquire and is planning to handle as retained personal data.

<Formulation of basic policy>

To ensure the proper handling of personal data, we have formulated a basic policy regarding the likes of “compliance with relevant laws, regulations, guidelines, etc.” and “contact points for processing questions and complaints.”

<Establishment of disciplinary rules for the handling of personal data>

We have formulated rules for handling personal data that cover the likes of handling methods, supervisors/personnel in charge and their duties at each stage, including acquisition, use, storage, provision and deletion/disposal.

<Organizational security control measures>

(1) In addition to appointing supervisors for the handling of personal data, we clarify the scope of employees who handle personal data and the personal data they handle and establish a system for reporting to and liaising with supervisors in cases where it has been ascertained that a violation of the law or handling regulations has taken place or that signs of such a violation are present.

(2) We regularly implement self-inspections on the status of personal data handling as well as associated internal audits.

<Human safety control measures>

(1) We administer regular training to employees on items to bear in mind regarding the handling of personal data.

(2) We state matters concerning confidentiality of personal data in our work regulations.

<Physical safety control measures>

(1) We implement measures to prevent unauthorized persons from accessing personal data.

(2) In addition to measures to prevent the theft, loss, etc. of the likes of equipment, electronic media and documents used to handle personal data, we implement measures to keep personal data from being easily discovered when said equipment, electronic media, etc. are transported, including their relocation within the same business establishment.

<Technical safety control measures>

(1) We implement access control to limit the scope of personnel in charge, personal information databases handled, and so forth.

(2) We have introduced mechanisms to protect information systems used to handle personal data from unauthorized access by external parties or unauthorized software.

7. Procedures for notification of purposes of use, disclosure of personal information, etc.

Should you wish to request notification of purposes of use, the disclosure of your personal information (including disclosure of records of provision to third parties), the correction, addition or deletion of its content, the suspension of its use, its deletion or the suspension of its provision to third parties, please contact SGL’s “Personal Information Protection Consultation Counter.”
However, this is limited only to personal information belonging to the concerned person among the personal data held by SGL.
Additionally, please note that this is limited to personal data excluding information for which SGL does not have the authority to directly implement these measures, such as information that has been entrusted to the company.
In the event that we have a reasonable reason for being unable to accommodate your request, we will provide an appropriate explanation to that effect.

Please note that upon your request, you will be required to complete a SGL-designated form, cooperate with procedures to confirm that the request is being made by the concerned person or a proxy thereof (attach a driver's license with the permanent domicile blocked out or another document) and attach verification documents (letter of proxy, etc.) that can be used to identify that proxy if one is being used to make the request, and that it will take a certain number of days to extract the retained personal data and prepare an appropriate accompanying explanation.
SGL personnel in charge of the Personal Information Protection Consultation Counter will respond to you at a later date after confirming your identity over the phone.
Documents used to verify your identity will be destroyed in accordance with our regulations within six months of the response provided to you. Note that no fees will be charged for the handling of such requests in principle.

For any other inquiries regarding the handling of personal information by SGL, please contact the personnel in charge of SGL’s Personal Information Protection Consultation Counter below in writing.
Please note that we cannot accept requests or inquiries in person. We apologize for any inconvenience.

8. Use of cookies

We may use cookies by acquiring the ones stored on your computer and linking the behavioral history collected to personal information.

9. Use of your access history (log)

Information on customers who used SGL’s website, such as when and from where you accessed it, is stored in an access history (log) on our Web server.
Note that we may use said data for the following purposes.

(1) To clarify the cause of any problems encountered by the server and resolve them.

(2) To analyze the administration and status of use of the SGL website.

About our accredited personal information protection organization

We are a business operator covered by the Japan Institute for Promotion of Digital Economy and Community (JIPDEC), an accredited personal information protection organization.
SGL has established a counter for “inquiries regarding personal information” through which it fields associated inquiries and complaints from customers. However, inquiries, complaints, etc. regarding personal information at SGL are also fielded by the below “accredited personal information protection organization secretariat” under JIPDEC.