Operation Commencement Date: June 1, 2021
Each company of the Sony Group (collectively, "Sony") is willing to build an environment in which the personal information of customers is safely stored, used and handled in line with the intention of customers, as well as gaining the trust of customers, and hopes to continue to provide numerous services, under this environment, which inspire and fulfil the curiosity of each customer.
Under this policy, and in accordance with Sony's philosophy of being honest and fair, Sony has prescribed the following policy on the handling of personal information, and is working to ensure the proper handling of personal information relating to its customers that it collects.
(*) This Policy encompasses Sony Group Corporation and its subsidiaries within Japan.
Handling of Personal Information
(Definition of Personal Information)
1. "Personal information" in this Policy refers to information relating to an individual that includes a name, date of birth, or other description, etc., that could be used to identify a specific individual, or that includes a individual identification code (*Annotation). All obtained information relating to customers that does not contain information in itself by which a specific individual could be identified, but which could be used to identify a specific individual by collating it with other information, shall be regarded as "personal information" within the scope that it can be handled in combination with other information.
(Compliance with Laws)
2. When handling personal information, Sony shall comply with the obligations set forth in the Act on the Protection of Personal Information, various other laws and regulations relating to the protection of personal information, guidelines published by the Personal Information Protection Commission and the competent authorities, as well as to this Policy.
(Use within the Scope of Utilization Purpose)
3. Except where the prior consent of the individual has been obtained, or where it is permitted by law, Sony shall handle personal information only within the scope required to achieve the previously specified purpose of use, and shall take measures to achieve this.
(Acquisition of Personal Information)
4. Sony shall endeavour to obtain personal information after expressing in advance the items, purpose of use, and contact point for inquiries, etc., of the personal information to be handled, and after obtaining the consent of the individual.In the event that special care-required personal information such as race and creed, etc., is included in the personal information, except where permitted by law, Sony shall not acquire such personal information without the consent of the individual. When obtaining personal information from a third party, if a legal obligation to check or create records arises when receiving provision from a third party, Sony shall comply with this.
(Personal Information of Customers Under the Age of 15)
5. Sony shall endeavour to comply with all laws and regulations applicable to the collection, storage, and use of personal information relating to customers under the age of 15. In the event of a child having provided personal information to Sony without the consent of their parent or guardian, we ask that a parent or guardian contacts us at the address specified in this Policy.
(Security Control Action)
6. Sony shall endeavour to keep the content of personal information accurate, complete, and up to date within the scope of the purpose of use, shall take the necessary and appropriate secure management measures in accordance with technological standards at that point in time in order to prevent unauthorised access, leakage, tampering, loss, or damage, etc., and shall make corrections as necessary.
(Supervision Over a Trustee)
7. Sony, within the scope required for the achievement of the purpose of use, may entrust the handling of personal information to another Sony Group company or a third party. In such a case, the appropriate secure management measures shall be taken under the Sony Group common information security policy. In addition, with regard to the contracting of business to a third party, efforts shall be made to ensure that secure management is performed as strictly as possible in relation to the handling of personal information, such as through the execution of a contract. If a third party in a foreign country is contracted to perform business, and a legal obligation to create records arises, Sony shall comply with this.
(Third Party Provision)
8. Except where permitted by law, Sony shall not provide personal information to a third party without obtaining the consent of the individual. If personal information is provided to a third party, and a legal obligation to create records arises at the time of such third party provision, Sony shall comply with this.
(Respond to a Demand etc. for Disclosure etc.)
9. Sony shall respond appropriately to requests for the disclosure, amendment, ceasing of use (for introducing products and services, etc.), and deletion of personal information, as well as other comments and inquiries regarding the handling of personal information, based on the provisions of laws and regulations. Please contact the address of the company to which you provided information for assistance.
(Strengthening of Systems, Training, Etc.)
10. To ensure the appropriate handling of personal information, Sony shall endeavour to continually strengthen and improve internal systems, including reviewing this Policy, by appointing a manager for personal information, establishing internal regulations, training officers and employees, and implementing the appropriate internal audits, etc.
(i) Those character, letter, number, symbol or other codes produced by having converted any of the following bodily features thereinto so as to be provided for use in computers which conform to standards prescribed by rules of the Personal Information Protection Commission as sufficient to identify a specific individual.
(a) base sequence constituting Deoxyribonucleic Acid (alias DNA) taken from a cell;
(b) appearance decided by facial bone structure and skin color as well as the position and shape of eyes, nose, mouth or other facial elements;
(c) a linear pattern formed by an iris’ surface undulation;
(d) vocal cords’ vibration, glottis’ closing motion as well as the shape of vocal tract and its change when uttering;
(e) bodily posture and both arms’ movements, step size and other physical appearance when walking;
(f) Intravenous shape decided by the junctions and endpoints of veins lying under the skin of the inner or outer surface of hands or fingers;
(g) a finger or palm print.
(ii) Number of passport set forth in Article 6, paragraph (1), item (i) of the Passport Act (Act No. 267 of 1951)
(iii) Basic pension number set forth in Article 14 of the National Pension Act (Act No. 141 of 1959)
(iv) Number of a driver’s license set forth in Article 93, paragraph (1), item (i) of the Road Traffic Act (Act No. 105 of 1960)
(v) Resident record code set forth in Article 7, item (xiii) of the Basic Resident Registration Act (Act No. 81 of 1967)
(vi) Individual number set forth in Article 2, paragraph (5) of the Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure (Act No. 27 of 2013)
(vii) Those character, letter, number, symbol or other codes prescribed by rules of the Personal Information Protection Commission which are stated on a certificate set forth in the following in a way to give each person who receives its issuance a different one.
(a) A health insurance card under Article 9, paragraph (2) of the National Health Insurance Act (Act No. 192 of 1958);
(b) An insured person’s certificate under Article 54, paragraph (3) of the Act on Assurance of Medical Care for Elderly People (Act No. 80 of 1982)
(c) An insured person’s certificate under Article 12, paragraph (3) of the Long-Term Care Insurance Act (Act No. 123 of 1997)
(viii) Any other character, letter, number, symbol or other codes prescribed by rules of the Personal Information Protection Commission as equivalent to each preceding item.