- Emergency Assistance Japan (EAJ)
- Personal Data Protection Policy
Personal Data Protection Policy
Adopted: April 1, 2005
Latest revision: October, 1 2023
Emergency Assistance Japan Co., Ltd.
Kiyoshi Kurata, Representative Director and President
I. Personal Data Protection Policy
Emergency Assistance Japan (We) strives to contribute to comfortable social activities and economic development through the provision of high-quality medical and lifestyle-related assistance services so that our customers can stay safe, secure, and enjoyable while overseas.
The services that we provide have a high degree of social value and public utility, and the starting point of our business is gaining the trust of our customers.
It is from this perspective that protecting personal data is one of the top priorities of our business, and we are aware that properly managing and protecting the personal data that we handle in our operations is a major responsibility.
In order to protect personal data properly, we have adopted a personal data protection policy that includes the following matters, and we are committed to implement, maintain, and improve that policy.
In the meantime, please refer to URL https://emergency.co.jp/company/about/ if you have questions about the information of our company such as office locations
- In order to comply with applicable laws and regulations, policies adopted by the national government, and other standards concerning personal data handled in all business activities as well as the handling of personal data of employees and others, we devote significant resource to properly implement a personal data protection management system that complies with Personal Information Protection Management Systems—Requirements (JIS Q15001).
We will also handle your personal data when we are assisting you overseas in compliance with the laws and regulations concerning the protection of personal information in the respective countries and regions. - We specify the purpose of the use of personal information to the extent necessary for the performance of business and properly acquires, uses, and provides personal information. We shall use the personal data thus collected only to the extent of the purpose to perform its obligation, and we put measures in place to prevent use for any other purpose.
- We do not provide the personal data thus collected to third parties except in cases where the consent of the individual is obtained and in cases where the laws and regulations require to do so.
- In order to properly manage the personal data thus collected, we implement organizational, human oriented, physical, and technological safety countermeasures and put measures in place to prevent breach, loss, and destruction of personal data and strive to improve personal data protection management systems.
- If we receive a complaint or inquiry concerning the handling of personal data, we promptly investigate the facts concerning the content and makes a good-faith response within a reasonable period.
- We continuously review and improve its personal data protection management systems in light of changes in social circumstances and technologies.
II. Handling of Personal Data
Nobuyuki Kudo, Personal Data Protection Manager
1. Collection of personal information
We collect personal data to the extent necessary to know for its operations using lawful and fair means.
In some cases, we may make written or auditory records concerning transactions and inquiries.
2. Purpose and use of personal information
We use the personal data thus collected only for the purposes of use set forth in (2) below, primarily within the extent of its overseas operations set forth in (1) below.
Except when laws and regulations require to do so, we do not use personal information for any purpose other than the intended purposes and put necessary measures in place to ensure this policy.
Further, in the event of any change to the purpose of use, we notify the detail personally to you we are assisting or release public notices by way of our website.
(1) Business activities:
- (1) Provision of the medical referrals, arrangement and confirmation of appointments with medical services providers, assistance in arranging interpreter services, emergency medical evacuations, placing guarantee of payment and paying of expenses related to medical care as agent for the member if a member sustains illness or is involved in disasters or traffic accidents (medical assistance services).
- (2) Provision of information concerning security, support and consulting: other security evacuation (security assistance services)
- (3) Provision of a suite of services, including support in securing medical visas, referrals to medical institutions, medical interpreting and proxy payment of medical expenses, to foreign patients seeking medical treatment in Japan (international medical coordination services)
- (4) Provision of assistance in arranging interpreter services to medical services providers, billing of medical expenses on behalf of medical services providers, placing guarantee of payment and paying of expenses related to medical care on behalf of foreign patients in favor of medical services providers.
- (5) Provision of services including the rescue and transport of disabled vehicles or vehicles damaged in accidents on roadways
- (6) Proxy reservations for transportation, accommodations, restaurants and events and proxy purchasing and telephone reception
- (7) Travel business in accordance with the Travel Agency Act and general consulting pertaining to travel
- (8) Property and casualty insurance agency business
- (9) Telecommunications business filed under the Telecommunications Business Act
- (10) Any other businesses incidental to the information gatherings, support and consulting listed in the above articles.
- (11) Any other businesses incidental to the businesses listed in the above articles.
(2) Purposes of Use:
| Information of our customer and their business partner necessary to contact (name, telephone number, e-mail address etc.) |
|
Collecting from our customer and their business partner |
|---|---|---|
| Basic Information of our customer (name, telephone number, e-mail address, date of birth, gender, nationality, travel information, passport information etc.) |
|
Collecting from our customer |
| Information on our customer’s illness and/or accident. (information on health conditions, illness, accident, including AIDS/HIV, alcohol and/or drug addiction treatment, behavioral or mental illness, etc.) | To provide services such as medical assistance services, international medical coordination services, medical translation services to medical services providers; | Collecting from our customer, medical services providers and/or medical doctors |
| Information on our customer’s health (information on health examination results, basal metabolism, physical activity level, health risks, diseases etc.) | To provide health care services | Collecting from our customer, medical services providers and/or medical doctors |
| Information of medical doctors (license of medical doctors, photo ID, name, date of birth, gender etc.) | To provide medical assistance services; | Collecting from liaising medical services providers and/or medical doctors |
| Personal data received from our business partner related to an entrustment agreement (health information, illness and accident information, credit card information, bank account information etc.) | To perform properly and expeditiously the services entrusted from our business partner | Collecting from our user (our customer) and/or our business partner who entrusted us the business |
| Personal data of our employee and/or visitors to our offices | To manage entry to and departure from our offices, and to ensure physical security of our facilities | Collecting from our employees and/or visitors |
| Personal data of job applicant | To conduct employment screening | Collecting from job applicants and/or recruitment company |
| Personal data of employee | To conduct human resources management | Collecting from our employees |
| Personal data of shareholder and/or director/officer | To notify shareholders’ meeting and/or to obtain tender qualification as the relevant laws require to disclose certain personal data of shareholder and/or director/officer | Collecting from shareholder and/or director/officer |
3. Provision of personal data to third parties
Except in the following cases, we do not provide personal data to third parties without your consent:
- (1) In cases pursuant to laws and regulations;
- (2) In cases when necessary to protect your life, body, or property and obtaining your consent is unfeasible;
- (3) In cases when necessary to improve public health or for the sound development of children and obtaining your consent is unfeasible; and
- (4) In cases where it is necessary to cooperate with the performance of duties specified by laws or regulations of a national or local government agency or other body entrusted by a national or local government agency and there is a likelihood that obtaining your consent o would interfere with the performance of those duties.
4. Measures to safeguard your personal data
We put the following measure to ensure security to prevent personal data breach.
(1) Setting out the basic rules
We implement this personal data protection policy, and comply with the relevant laws, regulations, guidelines set out by a national or local government agency, and establish a point of appropriate response so that our customer may contact.
(2) Formulating the rule to handle personal data
We formulate personal data protection policy which stipulates handling of personal data, during each stage of collection, use and provision of personal data, in accordance with personal data protection law, guidelines set out by a national or local government agency, personal data protection management system, etc.
(3) Organizational measures to safeguard your personal data
- ① We appoint the competent person responsible for all the matters relating to handling of persona data, and establish reporting system to such competent person in the event of inappropriate handling of personal data and violation of the rights of the individual.
- ② We routinely check and analyze as for the situation of system utilization which processes personal data, as to how the personal data is being used in accordance with inhouse rule related to handling of personal data.
- ③ We keep a record to describe the organization, the competent person and the purpose of use related to personal data with personal data management ledger.
- ④ In the event of personal data breach and similar incident, we are prepared to conduct factual investigation, to find out causal relationship of the incident, and to communicate the individual who may be affected by the incident, to report the incident to the Personal Information Protection Commission, to review problem process and set a course of action to prevent recurrence of incident, and to release the fact of the incident.
- ⑤ We routinely conduct internal audit the state of compliance and operation of personal data protection management system related to handling of personal data. We are routinely checked by independent auditor as to how the personal data is being used in accordance with inhouse rule related to handling of personal data.
(4) Human oriented measures to safeguard your personal data
We routinely conduct organized training to employees on matters which require special attention related to handling of personal data.
(5) Physical measures to safeguard your personal data
- ① We enforce strictly control of entry and exit of employees in the place where personal data is being handled.
- ② We take measures to prevent theft or burglary of documents and data media containing personal data, device handling personal data.
- ③ We take measures to prevent personal data breach if we must carry information device outside the premise of our company.
- ④ We destroy the documents and etc. themselves in an unrecoverable manner if we discard documents and etc. containing personal data. We erase the personal data in a manner so that data cannot be easily restored if we delete personal data from data media containing personal data.
(6) Technical measures to safeguard your personal data
We take the following measures about the system where your personal data is being processed.
- ① We implement secure log-on controls to limit the person who can access our information system.
- ② We implement secure authentication controls to identify as to who has the authority to access our information system.
- ③ We install device and software into our information systems to protect your personal data against unauthorized access from external sources or by way of unauthorized software.
- ④ We implement secure operation control to prevent personal data breach during the use of our information systems.
(7) Compliance with international requirements
We have subsidiary companies in United States of America, Canada, Peoples Republic of China, Thailand and Singapore as well as a branch office in United Kingdom. These offices are handling personal data in providing medical assistance services according to the entrust agreements with us.
We also implement measures to safeguard your personal data across the organization including these offices, comprehending the legal requirements of personal data protection across these countries.
5. Entrustment of personal data to third parties
We sometimes entrust personal information to other businesses to the extent necessary to achieve the purposes of use. In these cases, we rigorously manage the service provider in accordance with the Act on the Protection of Personal Information and the provisions of the personal information protection management system.
6. Transfer of personal data to a foreign country
We may transfer your personal date to a foreign country where we have a subsidiary company when our subsidiary company provides medical assistance services on our behalf in accordance with entrust agreement with us. The following matters are the information that we must disseminate our customer when we obtain a consent from our customer before transferring your personal data to a foreign country where we have a subsidiary company. You are requested to confirm.
(1) Name of subsidiary companies located in foreign countries
Please refer to the following URL (https://emergency.co.jp/company/about/)as detail
- United States of America,
- Canada,
- Peoples Republic of China,
- Kingdom of Thailand
- Republic of Singapore
(2) The information of the laws and regulations of personal data protection in the foreign countries where we have subsidiary companies
Please find the survey results published in the website of the personal information protection commission about the laws and regulations of personal data protection in the foreign countries where we have subsidiary companies
URL of the personal information protection commission
https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/#gaikoku
(3) The information of measures taken by our subsidiary companies located in foreign countries to protect your personal data
Our subsidiary companies located in foreign countries take all the measures to respond to 8 Privacy Principles of OECD guidelines (1 Collection Limitation: 2 Data Quality: 3 Purpose Specification: 4 Use Limitation: 5 Security Safeguards: 6 Openness: 7 Individual Participation: 8 Accountability:)
7. Handling of sensitive data
We do not collect, use and transfer the sensitive data such as health information, past medical condition to third party, except stipulated by the laws, regulations and guidelines of personal data protection.
(Remark) The sensitive data shall mean the information defined in the article 5 of the guideline of personal data protection in the financial services.
8. Contact information for inquiries concerning personal data
Please submit complaints and inquiries concerning the Company’s handling of personal data to the contact indicated below.
Contact for Inquiries
Customer Consultation Desk
Emergency Assistance Japan Co., Ltd.
Address: NRK Koishikawa Building, 1-21-14 Koishikawa, Bunkyo-ku, Tokyo, Japan 112-0002
Telephone: 03-3811-8121
Hours: 10:00 a.m. – 4:00 p.m. (excluding Saturdays, Sundays, and holidays)
9. Contact information for authorized personal data protection organization that we belong to regarding complaints and resolutions
Japan Institute for Promotion of Digital Economy and Community (JIPDEC)
Contact: Personal Information Protection Complaints
Address: Roppongi First Building, 9-9 Roppongi 1-chome, Minato-ku Tokyo, 106-0032
Phone: 03-5860-7565, Toll Free: 0120-700-779
*Note: The above contact address is not customer desk dedicated to respond about inquiries regarding our products or services.
III. Procedures for Responding to Requests for Disclosure, Correction, etc. of Retained Personal Data or Records of Provision to a Third Party
We will provide notice of the purposes of use, disclose and correct personal data, and terminate use of personal data (referred to as “Disclosure, etc.”) pursuant to requests from individuals and their representatives in accordance with the following procedures and summary.
[Summary of Procedures for Disclosure, etc. Requests]
1. Where to submit requests for Disclosure, etc.
Please submit inquiries to the Customer Consultation Desk indicated in II. 8 above.
We will send you a Disclosure Application form by e-mail. Please fill in the required items on the printed form and send it to us by mail along with the required documents.
2. Documentation that you are requested to submit
- (1)Disclosure Application with a form specified by us
- (2)Personal identification document
| ①If you are making a request on behalf of yourself | Any of the following documents:
|
|---|---|
| ②If you are making a request on behalf of another person | In addition to the personal identification documents specified in (i) above, documents confirming the agent’s identity and documents confirming that you have authorized the agent to act on your behalf. [Documents confirming the agent’s identity]
【Documents confirming that you have authorized the agent to act on your behalf】
|
3. Fees
Among your requests, you are requested to pay a fee of 800 yen (taxable, but not including consumption tax) any one submission as for the requests for disclosure and the notification relating to purposes of use. Please remit the fee to our bank account that we will advise you. We will respond to your request after our confirmation of your remittance. You are also requested to pay the fees arising out of the remittance.
4. Method of response
After confirming and reviewing the contents of the request, we shall respond you about the information you have requested, according to your preferences such as personal document to be addressed to the requestor and/or e-mail attached with electromagnetic record containing our response to be addressed to the e-mail address described in your request document. (However, if it becomes apparent that the disclosure response by the latter method is difficult for us, we will respond you by the former method with prior advice for you to do so.) Even in the case that your representative requests, we shall response you directly about the information you have requested except in cases where your authentic legal representative requests us.
In cases where responding itself to a request for Disclosure, etc. would endanger the life, body, property, or other rights and interests of you and/or a third party and in cases where responding itself would violate laws or regulations, we cannot respond to requests for Disclosure, etc., If there arise such cases, we shall respond you detailing the reasons.