As a personal information handling business operator as defined in the Act on the Protection of Personal Information (hereinafter the “Act on the Protection of Personal Information” or the “Act”), each entity of Deloitte Tohmatsu Group (Deloitte Japan) recognizes the need and importance of protection of personal information. To ensure rigorous protection of personal information, each entity of Deloitte Tohmatsu Group complies with the basic policy below concerning protection of personal information, and familiarizes all personnel with this policy.
* Deloitte Tohmatsu Group is a collective term that refers to Deloitte Tohmatsu LLC, which is the Member of Deloitte Asia Pacific Limited and of the Deloitte Network in Japan, and firms affiliated with Deloitte Tohmatsu LLC that include Deloitte Touche Tohmatsu LLC, Deloitte Tohmatsu Consulting LLC, Deloitte Tohmatsu Financial Advisory LLC, Deloitte Tohmatsu Tax Co., DT Legal Japan, and Deloitte Tohmatsu Corporate Solutions LLC. Please click here for the list of entities comprising Deloitte Tohmatsu Group.
- Each entity of Deloitte Tohmatsu Group complies with the Act on the Protection of Personal Information, guidelines issued by relevant authorities, and other laws and regulations concerning proper handling of personal information.
- Each entity of Deloitte Tohmatsu Group acquires personal information in a proper manner, and except as otherwise provided for by law, uses such information within the purpose of utilization of personal information that has been disclosed in advance, was informed or explicitly stated at the time of receipt.
- In order to prevent loss, alteration or leakage of personal information, each entity of Deloitte Tohmatsu Group implements appropriate security controls for handling of personal information including information security.
- Each entity of Deloitte Tohmatsu Group reviews, on a regular basis, its management system and efforts for the protection of personal information to attain continuous improvement.
2．Handling of Personal Information
By posting this policy on this website, each entity of Deloitte Tohmatsu Group discloses in advance the purposes of utilization of personal information and potential joint utilization of personal information.
<1> Purposes of Utilization of Personal Information
- To introduce and/or provide audit and assurance, consulting, financial advisory, risk advisory, tax, legal, and various other services to be offered or rendered by each entity of Deloitte Tohmatsu Group (including procedures to check independence and conflicts of interest, etc.);
- To provide information through publications (including newsletters and other information provided on websites, by email, and by other means) issued by each entity of Deloitte Tohmatsu Group, and to provide information on sales and/or subscriptions of such publications;
- To inform of and operate various seminars and study sessions;
- To select and hire personnel (including partners, directors and any other staff engaged in business within Deloitte Tohmatsu Group, regardless of their titles) and to conduct human resources management after hiring;
- To make proposals, take statistics, conduct researches and respond to requests for advice from public organizations concerning services provided by each entity of Deloitte Tohmatsu Group, and to otherwise engage in contribution to society;
- To respond to various inquiries from you; and
- To implement comprehensive risk management based, inter alia, on the requirements for compliance with laws and regulations and quality control.
<2> Joint Utilization
A． Joint Utilization by Entities of Deloitte Tohmatsu Group
Each entity of Deloitte Tohmatsu Group may jointly utilize the acquired personal data with those entity or entities as specified in “(ii) Scope of joint users” in this section within the scope of any of the above-mentioned purposes.
(1)Items that may be jointly utilized：
·Name (including the place of work, division to which a person belongs, title, and position whereby a specific person’s name can be identified), address, telephone number, facsimile number, email address, and the requests made by the person, etc.
·Matters concerning inquiries
·Matters concerning services provided
Internal Information (Personnel Information)
Name and other information concerning his/her employment and performance evaluations
(2)Scope of joint users:
Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (this includes Deloitte Tohmatsu Group and collectively referred to as the “Deloitte organization”).
Please click here for details regarding the Deloitte organization. Note that entities which constitute the Deloitte organization may sometimes be located in a foreign country (hereinafter a country or region located outside the territory of Japan). A current list of Deloitte Offices around the world is available on global office directory.
(3) Purpose of joint use:：
Within the scope in the “(1) Purposes of Utilization of Personal Information” above, it may be jointly utilized on a need basis
(4) Entity responsible for management of joint utilization: Deloitte Tohmatsu LLC
B．Specific Joint Use by Members of Real Estate Appraisal Associations
If any entity of Deloitte Tohmatsu Group is a member entity of the Japanese Association of Real Estate Appraisal or of any prefectural real estate appraisal association, such entity may, as a matter specific to the relevant entity and apart from the joint utilization described in Paragraph A above, make a joint utilization as described below in relation to the real estate appraisal and valuation services, pursuant to the rules of the relevant real estate appraisal association.
(1)Items of joint utilization: data items of individual pricing factors, including location, value and square footage of the property, names of transacting parties, width of the road facing the property as well as regional pricing factors, including restrictions under public law and local features;
(2) Scope of joint users: The Japanese Association of Real Estate Appraisal, prefectural real estate appraisal associations, and their respective members;
(3)Purpose of joint utilization: land price publication, land price investigation and other public appraisals, and real estate appraisal and valuation services as set forth in Article 3 of the Act on Real Estate Appraisal; and
(4)Entity responsible for management of joint utilization: The Japanese Association of Real Estate Appraisal.
<3> Provision to Third Parties
As a rule, entities of Deloitte Tohmatsu Group do not provide personal data to any third parties, except where such provision is permitted by applicable laws or regulations, or where the person is deemed to have consented to such provision under the purpose or policy of applicable laws and regulations.
<4> Provision to Third Parties in a Foreign County
When an entity of Deloitte Tohmatsu Group provides personal data to a third party in a foreign country, it provides the personal data only to a person establishing a system conforming to standards prescribed by rules of the Personal Information Protection Commission as necessary for continuously taking action equivalent to the one that it shall take concerning the handling of personal data, or it provides personal data only when a consent on such provision to a third party in a foreign country is obtained in advance from the principal.
3．Management of Personal Information
- Each entity of Deloitte Tohmatsu Group strives to keep personal data accurate and up to date within the scope necessary to achieve a utilization purpose.
- In order to prevent loss, destruction, alteration or leakage of personal information, each entity of Deloitte Tohmatsu Group safely manages personal information and takes appropriate information security measures as follows to prevent unauthorized access, computer viruses.
- a. Establishment of Basic Policy
To ensure appropriate handling of information asset including personal data, each entity of Deloitte Tohmatsu Group establishes an "Information Security Policy" (Information Security Regulations and Regulations for Personal Information Protection, etc.).
- b. Development of Rules Regarding the Handling of Personal Data
Each entity of Deloitte Tohmatsu Group establishes detailed regulations on how to handle personal data obtained in the course of business.
- c. Systematic Security Control Measures
Each entity of Deloitte Tohmatsu Group establishes a Chief Personal Information Manager and clarifies the definition of its role and establishes a system for reporting the leakage of information that is subject to confidentiality obligations. Each entity of Deloitte Tohmatsu Group is also reviewed by internal information security audit and external organizations regarding the maintenance of ISO27001 certification (acquired in 2017).
- Human Security Control Measures
Each entity of Deloitte Tohmatsu Group requires its personnel to submit a letter regarding confidentiality of information, at the time of joining and resigning the Deloitte Tohmatsu Group, to emphasize the importance of information security, as well as continuously providing education on information security.
- e. Physical Security Control Measures
Each entity of Deloitte Tohmatsu Group controls the entry and exit of personal data management areas and take measures to prevent the theft or loss of equipment and documents etc. that handles personal data.
- f. Technical Security Control Measures
Each entity of Deloitte Tohmatsu Group takes measures to manage access to servers and other information devices, and to prevent information leakage due to unauthorized software.
- g. Understanding of the External Environment
Each entity of Deloitte Tohmatsu Group complies with all applicable laws and regulations regarding the handling of information. When handling personal information in a foreign country, each entity of Deloitte Tohmatsu Group shall understand the system, etc. for the protection of personal information in such foreign country and take measures for security control of personal information. In addition, the department in charge of legal affairs provides consultations on various legal issues related to the execution and promotion of business, and also has a mechanism to discuss these issues with relevant parties from time to time.
- a. Establishment of Basic Policy
- Each entity of Deloitte Tohmatsu Group appropriately supervises its personnel and its trustees with respect to the handling of personal information.
4．Procedures to Comply with Requests on Retained Personal Data for Disclosure, Correction, etc.
Upon receiving a request on any personal data retained, such as a request for disclosure, correction and utilization cease, etc. under the Act on the Protection of Personal Information, each entity of Deloitte Tohmatsu Group will appropriately meet such request pursuant to applicable laws and regulations.
- Procedures: Please contact the Help Desk indicated below. Help Desk will inform you of the specific procedures to follow.
- Help Desk of each entity of Deloitte Tohmatsu Group Please click here.
5.Handling of Personally Referable Information
The Deloitte Tohmatsu Group handles personally referable information in accordance with the Act on the Protection of Personal Information and related guidelines etc. published by relevant authorities.
If you have complaints, opinions or questions regarding the handling of personal information by each entity of Deloitte Tohmatsu Group, please contact here.
* Except in the case of joint utilization, management of personal information is implemented by each entity of Deloitte Tohmatsu Group at its own responsibility, and no other entities within Deloitte Tohmatsu Group or no other member firms of DTTL or their related entities will be jointly liable for such management without a basis of individual and specific circumstances.
In order to properly handle personal information and personally referable information that Deloitte Tohmatsu Group acquires through its website,Privacy Statement has been established.
Privacy Statement applies to handling of such personal information and personally referable information for its website-specific characteristics.
Last revised: 1 June 2022