JNSA Privacy Policy

date of enactment: DEC 15, 2022
Japan Network Security Association
Masahiro Shimomura, Secretary-General/
Personal Information Management Officer

  Japan Network Security Association (a specified nonprofit organization, hereinafter referred to as "the Association") recognizes its important responsibility to comply with relevant laws, national guidelines and other norms in Japan regarding the handling of personal information, and to appropriately manage and ensure the confidentiality and accuracy of personal information received/used in relation to the provision of the Association’s service. The Association has established the following Privacy Policy which the Association endeavors to comply with in order to handle the personal information appropriately.

1.Acquisition and Handling of Personal Information
When the Association acquires your personal information, the Association will notify you in person the purposes of use or publicly announce the purposes (*1) before receiving your personal information. The Association will use your personal information in an appropriate manner based on the purport of the legal system and handle it within the scope of the purposes of use.

2.The Purposes of Use of Personal Information
The Association’s purposes of use of personal information are as follows:
- To contact regarding events, etc. which the Association hosts or jointly hosts with other entities;
- To disseminate newsletters, e-mail newsletter, etc. which the Association issues;
- To contact the members, special members, etc. of the Association;
- To contact persons in charge of other organizations which coordinates with the Association;
- To contact concerned parties (such as experts, those who help with speech/writing for the Association, etc.)
who are associated with the activities of the Association;
- To respond to inquiries made to the Association; and
- To contact concerned parties to whom the Association is operationally required to make.

3.Security Control Action of Personal Data
The Association will take reasonable security control actions in order to prevent leakage, loss, or damage of personal data provided to the Association.
(1) Organizational Security Control Action
The Association establish and operate rules regarding security control and implements checking and monitoring regarding the status of implementation of rules.
(2) Personal Security Control Action
The Association educates appropriate handling of personal data.
(3) Physical Security Control Action
The Association takes measures to manage section of handling personal data and to prevent theft or loss of device which handles personal data.
(4) Technical Security Control Action
The Association takes measures to control access to personal data and informational system which handles personal data, to identify and authorize those who have access, and to prevent unauthorized access from outside and leakage of personal data with the use of informational system.

The Association may entrust an individual or a business operator with any or all of the processes of obtaining, inputting, transferring, transmitting, using, processing, storing, deleting, and disposing of personal information, but the Association will sign a contract with the trustees requiring appropriate handling, and the Association shall exercise necessary and appropriate supervision over the trustee to ensure the security control of the entrusted personal information.

5.Provision and Disclosure of Personal Information to Third Parties
The Association will not provide or disclose the personal information of which the Association receives to any third party. However, this excludes the following cases:
- When consent (*2) has been obtained from the person in question;
- When required by law and regulations;
- When the provision of personal information is necessary for the protection of the life, body, or property of individual, and it is difficult to obtain the consent of the person in question;
- When the provision of personal information is especially necessary for improvement of public health or promotion of sound development of children, and it is difficult to obtain the consent of the person in question; and
- When the provision of personal information is necessary for cooperating with a state organ, a local government, or an individual or a business operator entrusted by one in executing the affairs prescribed by laws and regulations, and in which requesting the consent of the person would impede the execution of the affairs.

6.Disclosure, Correction, Suspension of Use, and Deletion of Personal Information
Any individual or a representative of the person may request the Association by application for disclosure, correction, suspension of use, or deletion of personal information obtained by the Association. In this case, please contact the following support desk.

7. Consultation and Complaints Regarding Personal Information
If you have any questions regarding the disclosure, correction, suspension of use, or deletion of your personal information, or if you have any complaints regarding the handling of your personal information, please contact the Association at the address below:
【Personal Information Support Desk】
 Secretariat of Japan Network Security Association
 TEL: 03-6435-6540 (Only available in Japanese)
 FAX: 03-6435-6543

(*1) Notification or publication
The notice shall be given by one of the following methods.
- Verbal notification
- Notification in writing
- Notification by e-mail
The public announcement shall be made by one of the following methods.
- Announcements on the Association's website
- Inclusion in catalogs and brochures
- Inclusion in periodicals
- Display at the reception of exhibitions and seminars

(*2) Consent from the individual
Consent may be given by any of the following methods.
- Verbal consent
- Written consent
- Consent by email
- Consent using checkboxes and buttons on the web