- Emergency Assistance Japan (EAJ)
- Personal Information Protection Policy
Personal Information Protection Policy
Adopted: April 1, 2005
Revised to the latest revision: June 17,2025
Emergency Assistance Japan Co., Ltd.
Hideki Yamamoto, Representative Director and President
I. Personal Information Protection Policy
Emergency Assistance Japan (EAJ) strives to contribute to our customers’ comfortable social activities and economic development through the provision of high-quality medical and lifestyle-related assistance services so that our customers can stay safe, secure, and enjoyable in any part of the world.
The services that we, EAJ provide have a high degree of social value and publicness, and the starting point of our business is gaining the trust of our customers.
It is from this perspective that protecting personal data is one of the top priorities of our business, and we are aware that properly managing and protecting the personal information that we handle in our operations is a major responsibility.
In order to protect personal data properly, we have adopted Personal Information Protection Policy that includes the following matters, and we are committed to implement, maintain, and improve that policy.
In the meantime, please refer to URL https://emergency.co.jp/english/company/about/ if you have questions about the information of our company such as office locations
- We comply with applicable laws and regulations, policies adopted by the national government, and other standards concerning protection of personal information. For that purpose, we properly establish and implement a personal data protection management system that complies with Japanese Industrial Standards “Personal Information Protection Management Systems—Requirements (JIS Q15001)”.
We will also handle personal data of our customers overseas in compliance with the laws and regulations concerning the protection of personal information in the respective countries and regions. - We specify the purpose of the use of personal information to the extent necessary for the performance of business and properly acquire, use, and provide (hereinafter referred to as “handle”) personal information. We shall handle the personal information thus collected only to the extent of the purpose to perform its obligation, and we put measures in place to prevent use for any other purpose.
- In order to properly manage the personal information thus collected, we implement organizational, human oriented, physical, and technological safety countermeasures and put measures in place to prevent breach, loss, and destruction of personal data and strive to improve personal data protection management systems.
- If we receive a complaint or inquiry concerning the handling of personal information, we promptly investigate the facts concerning the content and makes a good-faith response within a reasonable period.
- We continuously review and improve our Personal Information Protection Management Systems in light of changes in social situation and circumstances
II. Handling of Personal Information
1. Department, name and contact information of our Personal Information Protection Manager
General Affairs & HR Department, Yusaku Sakurai
Contact: 03-3811-8226
2. Collection of personal information
We collect personal information to the extent necessary to know for its operations using lawful and fair means.
In some cases, we may make written or auditory records concerning transactions and inquiries.
3. Purpose and use of personal information
We use the personal information thus collected only for the purposes of use set forth in (2) below, primarily within the extent of its operations set forth in (1) below.
Except when laws and regulations require to do so, we do not use personal information for any purpose other than the intended purposes and put necessary measures in place to ensure this policy.
Further, in the event of any change to the purpose of use, we notify the detail personally to the customer we assist or release public notices on our website.
(1) Business activities:
- (1) Provision of the medical referrals, arrangement and confirmation of appointments with medical services providers, assistance in arranging interpreter services, emergency medical evacuations, placing guarantee of payment and paying of expenses related to medical care as agent for the member if a member is affected by an illness or is involved in disasters or traffic accidents (medical assistance services).
- (2) Provision of information concerning security, support, consulting other security evacuation (security assistance services)
- (3) Provision of a suite of services, including support in securing medical visas, referrals to medical institutions, medical interpreting and proxy payment of medical expenses, to foreign patients seeking medical treatment in Japan (international medical coordination services)
- (4) Provision of assistance in arranging interpreter services to medical services providers, billing of medical expenses on behalf of medical services providers, placing guarantee of payment and payment of medical expenses on behalf of patients and provision of information.
- (5) Provision of services including the rescue and transport of disabled vehicles or vehicles damaged in accidents on roadways
- (6) Proxy reservations for transportation, accommodations, restaurants and events and proxy purchasing and telephone reception
- (7) Travel agency business in accordance with the Travel Agency Act.
- (8) Property and casualty insurance agency business
- (9) Telecommunications business filed under the Telecommunications Business Act
- (10) The information gatherings, support and consulting business incidental to the businesses listed in the above articles.
- (11) Any other businesses incidental to the businesses listed in the above articles.
(2) Purposes of Use:
Personal information of the following customers who are the subjects of assistance services or operations entrusted by corporations/organizations
|
To properly and smoothly perform assistance services or operations entrusted by a corporation/organization | Personal information provided by the individual or a corporation/organization in connection with providing or performing assistance services or business entrusted by the corporation/organization
|
|
|---|---|---|---|
Personal information of the following customers who are the subjects of the assistance services that we provide under contract with corporations/organizations or schools
|
To provide assistance services under contract with corporations/organizations or schools | Personal information provided by the individual or the contracted corporation/organization or school in connection with providing assistance services based on the contract
|
|
| Personal information of our direct customers |
|
|
|
| Personal information of medical personnel, medical translators/interpreters, and other private business owners to whom we outsource our services |
|
|
|
| Personal information of contact person, person in charge, etc. of business partners |
|
Contact information such as name, organization, telephone number, e-mail address, etc. | |
| Personal information of visitors | To ensure the security of our company, including access control to our facilities |
|
|
| Personal information of applicants for employment |
|
|
|
| Personal information of our employees |
|
|
|
| Personal information of our shareholders and directors |
|
Information such as name, address, telephone number, e-mail address, etc. |
Note: “Retained personal data” is defined in the ‘Personal Information Protection Law’ and refers to personal information that is systematically organized in such a way that specific personal information can be easily retrieved. And for which we have the authority to respond to requests for disclosure, correct, add, delete, stop using, erase, or stop providing to third parties and they are the subject of the procedures for requesting disclosure, etc., as set forth in “III. Procedures for Requests for Disclosure, etc. of Retained Personal Data” below.
4. Provision of personal information to third parties
Except in the following cases, we do not provide personal information to third parties without prior consent:
- (1) In cases pursuant to laws and regulations;
- (2) In cases when necessary to protect the life, body, or property of an individual and obtaining the individual’s consent is unfeasible;
- (3) In cases when necessary to improve public health or for the sound development of children and obtaining the individual’s consent is unfeasible; and
- (4) In cases where it is necessary to cooperate with the performance of duties specified by laws or regulations of a national or local government agency or other body entrusted by a national or local government agency and there is a likelihood that obtaining the individual’s consent would interfere with the performance of those duties.
5. Measures to safeguard retained personal data
We put the following measure to ensure security to prevent breach of retained personal data.
(1) Setting out the basic rules
We implement this Personal Information Protection Policy, and comply with the relevant laws, regulations, guidelines set out by a national or local government agency and establish a point of appropriate response so that our customer can contact us.
(2) Formulating the rule to handle personal data
We formulate Personal Information Protection Policy which stipulates handling of personal data, during each stage of collection, use and provision of personal data, in accordance with Personal Information protection law, guidelines set out by a national or local government agency, Personal Information Protection Management System, etc.
(3) Organizational measures to safeguard personal data
- ① We appoint the competent person responsible for all the matters relating to handling of persona data, and establish reporting system to such competent person in the event of inappropriate handling of personal data and violation of the rights of the individual.
- ② We routinely check and analyse as for the situation of system utilization which processes personal data, as to how the personal data is being used in accordance with inhouse rule related to handling of personal data.
- ③ We keep a record to describe the organization, the competent person and the purpose of use related to personal data with personal information management ledger.
- ④ In the event of personal data breach and similar incident, we are prepared to conduct factual investigation, to find out causal relationship of the incident, and to communicate the individual who may be affected by the incident, to report the incident to the Personal Information Protection Commission, to review problem process and set a course of action to prevent recurrence of incident, and to release the fact of the incident.
- ⑤ We routinely conduct internal audit the state of compliance and operation of personal information protection management system related to handling of personal data.
(4) Human oriented measures to safeguard personal data
We routinely conduct organized training to employees on matters which require special attention related to handling of personal data.
(5) Physical measures to safeguard personal data
- ① We enforce strictly control of entry and exit of employees in the place where personal data is being handled.
- ② We take measures to prevent theft or burglary of documents and data media containing personal data and device handling personal data.
- ③ We take measures to prevent personal data breach if we must carry information device outside the premise of our company.
- ④ WWe destroy the documents, etc. themselves in an unrecoverable manner if we discard documents, etc. containing personal data. We erase the personal data in a manner so that data cannot be easily restored if we delete personal data from data media containing personal data.
(6) Technical measures to safeguard personal data
We take the following measures about the system where personal data is being processed.
- ① We implement secure access controls to limit the scope of information system users.
- ② We implement secure authentication controls to identify and authenticate information system users.
- ③ We install device and software into our information systems to protect personal data against unauthorized access from external sources or by way of unauthorized software.
- ④ We implement secure operation control to prevent personal data breach during the use of our information systems.
(7) Compliance with international requirements
We have subsidiary companies in United States of America, Canada, Peoples Republic of China, Thailand and Singapore as well as a branch office in United Kingdom. These subsidiaries and offices are handling personal data in providing medical assistance services according to the entrust agreements with us.
We also implement measures to safeguard personal data across the organization including these subsidiaries and offices, comprehending the legal requirements of personal data protection across these countries.
6. Outsourcing of handling personal information to third parties
We may outsource part or all of the handling of personal information to other business entities to the extent necessary to achieve the purposes of use. In the event of outsourcing, we will evaluate and select the entity to ensure that it implements safety management for the protection of personal information and ensure accordingly by contract, and we will strictly manage those, as well.
7. Transfer of personal data out of the country
We may transfer personal data to a foreign country where we have a subsidiary company when our subsidiary company provides medical assistance services on our behalf in accordance with entrust agreement with us. Please note that the following information must be provided to the customer in advance when obtaining the customer’s consent to allow the provision of personal data to our subsidiaries in foreign countries.
(1) Name of the foreign country in which the subsidiary company is located
For more information, visit following site: (https://emergency.co.jp/company/about/)
- United States of America,
- Canada,
- Peoples Republic of China,
- Thailand
- Singapore
(2)The information of the laws and regulations of personal information protection in the foreign countries where we have subsidiary companies
For information on the personal information protection systems of foreign countries where the subsidiary is located, see the survey reports published on the website of the Personal Information Protection Commission
URL of the Personal Information Protection Commission
(3) The information of measures taken by our subsidiary companies located in foreign countries to protect personal information
Our subsidiary companies located in foreign countries take all the measures corresponding to 8 Privacy Principles of OECD Privacy Guidelines (1 Collection Limitation, 2 Data Quality, 3 Clarity of Purpose, 4 Limitation of Use, 5 Security Safeguards: 6 Disclosure, 7 Individual Participation: 8 Responsibility)
8. Voluntary nature of personal information
The provision of personal information to us is voluntary.
Please be aware that failure to provide such information may impede our business operations related to the purposes of use listed above in “3 Purpose and use of personal information”, and you may be disadvantaged as a result.
9. Acquisition of personal information in a manner that cannot be easily recognized by the individual
Our website uses cookies to collect anonymous statistical data. The collected anonymous statistical data is used only to improve our website and our services. You can disable cookies by changing your settings. However, please note that if you disable cookies, you may not be able to use some of our services.
10. Handling of sensitive data
We do not collect, use or transfer the sensitive information such as health information, past medical condition to third parties, except as stipulated in the Personal Data Protection Act and other laws, regulations and guidelines.
Note: Sensitive information refers to sensitive information as defined in Article 5 of the Guidelines for the Protection of Personal Data in the
Financial Sector.
11. Contact information for inquiries concerning personal data
Complaints and consultations regarding the handling of personal data by the Company should be addressed to the ‘Customer consultation Desk’ below
Contact for Inquiries
Customer Consultation Desk
Emergency Assistance Japan Co., Ltd.
Address: NRK Koishikawa Building, 1-21-14 Koishikawa, Bunkyo-ku, Tokyo, 112-0002
Telephone: 03-3811-8121
Hours: 10:00 a.m. – 4:00 p.m. (excluding Saturdays, Sundays, and holidays)
12. Contact information for Accredited Personal Information Protection Organisation to which the company belongs and the third-party organisation that accepts complaints
*Note: The below contact address only accepts complaints about the handling of personal information, and is not a customer desk for inquiries regarding our products and services.
Japan Institute for Promotion of Digital Economy and Community (JIPDEC)
Contact: Personal Information Protection Consultation Service Office
Address: Roppongi First Building, 9-9 Roppongi 1-chome, Minato-ku Tokyo, 106-0032
Telephone: 03-5860-7565, Toll Free: 0120-700-779
III. Procedures for Responding to Requests for Disclosure, Correction, etc. of Retained Personal Data
We will respond to the requests for notification of the purposes of use, disclosure, correction, addition or deletion, stop of using, erasure or stop of providing to a third party, and disclosure of records of providing to a third party of retained personal data (hereinafter referred to as “disclosure, etc.”) pursuant to requests from the person concerned or their representatives in accordance with the following summary of the procedure.
1. Where to submit requests for Disclosure, etc.
Please submit inquiries to the Customer Consultation Desk indicated in II. 11 above
We will send you a Disclosure Application form by e-mail. Please fill in the required items on the printed form and send it to us by mail along with the required documents.
2. Documentation that you are requested to submit
- (1)Disclosure Application with a form specified by us
- (2)Document for personal identification etc.
| (i) If you are making a request for yourself | Any of the following documents:
In case you do not have above documents, both of following documents
|
|---|---|
| (ii) If you are making a request on behalf of another person | In addition to the personal identification documents of the person himself/herself as in (i) above, the following “Identification documents of the representative” and “Documents confirming the power of attorney”. 【Identification documents of the representative】
In case you do not have above documents, both of following documents:
【Documents confirming the power of attorney】 Any of the following documents - Certified copy of resident register, family register, or an extract of the family register that confirms the relationship between the representative and the person himself/herself (if the representative is a person with parental authority) - Certified copy of family register (if the representative is a guardian of a minor) - Original certificate of registered matters concerning guardianship registration, etc. (if the representative is a guardian of an adult) [In the case of representation by entrustment] Both of following documents: - Power of attorney (with officially registered seal of the person himself/herself affixed) - Original certificate of seal registration for the above affixed seal |
Note: – For My Number Card (copy), please submit a copy for the front page of the card only.
- For a certified copy of resident register, please submit a certified copy which does not include the applicant's My Number.
- When you submit various documents, please provide information of your legal domicile only up to the prefecture name and paint information thereafter in black.
- For an original certificate of seal registration, please submit the certificate which shows your current address and was issued within the last three months.
3. Fees
Among your requests, for the requests for notification of purposes of use, disclosure, and disclosure of records of providing to a third party of retained personal data. you are requested to pay a fee of 800 yen (excluding consumption tax) per request Please transfer the fee to our bank account which we will advise you or enclose a postage stamp of the equivalent amount when mailing the request form to us. We will respond to your request after confirming the payment. You are also requested to pay the bank transfer fee.
4. Method of response
After confirming and investigating the contents of the request, we will respond to the request for disclosure in writing or by sending an electromagnetic record attached to an email to the email address stated on the request form, in accordance with the applicant's wishes. (However, if disclosure by the latter method is difficult, we will reply by the former method with a notice to that effect.) For requests other than disclosure, we will reply in writing to the person concerned. In the case of a request by a representative, we will reply to the person in question, except in the case of a request by a legal representative.
There may be cases where we are unable to comply with the request, for example, where compliance with the request may harm the life, body, property or other rights or interests of the person concerned or a third party, or where it would violate other laws or regulations.
In such cases, a response will be provided with the reason(s).