The Internal Control Department of Tokio Marine Holdings supervises information security for the entire Group as the controlling department while sections in charge of information security have been established at each Group company. In this manner, the Group is working to build an effective management structure for information security.
Initiatives for Information Security
We thoroughly adhere to information security management rules to prevent information leakages. In particular, each Group company is adopting physical and technological safety-control measures that include locking away customers' personal information and confidential documents when not in use, placing restrictions on taking documents and other items outside the company, and using encryptions and setting passwords for electronic information.
In fiscal 2010, Tokio Marine & Nichido introduced thin-client* terminals for its in-house intranet. Thin-client terminals are not equipped with hard disks and information is centrally managed and deployed from a server, which thereby further strengthens information security.
*A method whereby the PC environment (client OS and applications) for each user is consolidated into and operated by the server
Protection of Personal Information
The Tokio Marine Group is committed to the continuous enhancement of corporate value, with customer trust at the base of all its activities. Guided by this corporate philosophy, we, the Tokio Marine Group, shall comply with laws, rules, regulations and guidelines related to the protection of personal information, appropriately manage personal information as described below and implement other appropriate security measures for the protection of personal information of our customers.
- 1. We shall acquire personal information of our customers in a manner that is both legal and fair. Unless prescribed by law, rule or regulation, we shall notify or publicize the purposes for using personal information of our customers and shall use such information within these limits.
- 2. Unless prescribed by law, rule or regulation, we shall not provide personal information of our customers to third parties without prior consent of each such customer.
- 3. We will strive to prevent the divulgence, destruction, impairment and unauthorized access of personal information of our customers. When we contract out the management of personal information of our customers to an outside service provider, we shall supervise the service provider appropriately, as needed.
- 4. Whenever we receive requests from our customers to view or update their personal information we hold, we shall respond promptly in accordance with laws, rules and regulations. We also welcome comments and questions regarding the management of personal information of our customers.
- 5. We shall provide comprehensive supervision, instructions and education to our employees who handle personal information of our customers to ensure that such information is managed appropriately.
- 6. We will continue to revise and aim to improve our internal systems and procedures to protect personal information of our customers.
Adopted on February 7, 2005
Revised on July 1, 2008
The Company will review and improve the contents described below from time to time.
1. Collection of Personal Information
The Company will collect personal (including for shareholders, the same shall apply hereinafter) information in a lawful and proper manner to the extent necessary for its business.
2. Purpose of Use of Personal Information
The Company shall use information received from customers for the purposes (hereinafter referred to as Purpose of Use) of undertaking the following business operations. The Purpose of Use shall be specifically prescribed for clarification for customers and disclosed on our Website as stated below. Moreover, depending on the situation in which the information is obtained, we shall make efforts to limit the Purpose of Use.
- (1) Business administration of Group companies*
- (2) Contacting shareholders, providing them with various information and undertaking shareholder management
- (3) Exercising the Company's rights or fulfilling its obligations in accordance with the Companies Act of Japan and the Enforcement Regulations of the Companies Act of Japan
- (4) Responses to customer inquiries, requests, others
- (5) Undertaking other operations incidental to those stated in the above (1) to (4) as well as operations for ensuring the proper and smooth execution of the Company's business operations
When handling personal information that transcends the scope needed to attain the Purpose of Use, the consent of the relevant person shall be obtained except in the cases stipulated in Article 16-3 of the Act on the Protection of Personal Information.
* For details on the scope of Group Companies, refer to 10. Company List.
3. Provision of Personal Data to Third Parties
With the exception the following cases, the Company shall not provide personal data to third parties without obtaining the consent of the relevant individual.
- In the case this is in accordance with laws and regulations
- In the case data is provided to consignees within the scope necessary for the Company to execute its business activities (refer to the following 4. Consigning the Handling of Personal Data)
- In the case of joint use between the Company's Group companies and business partners (Refer to the following 5. Joint Use with the Company's Group Companies and Business Partners)
4. Consigning the Handling of Personal Data
There are cases in which the Company consigns the handling of personal data to outside parties within the necessary scope for attaining the Purpose of Use. In the event the handling of personal data is consigned to outside parties, the Company shall prescribe standards for selecting a consignee and carry out necessary and appropriate supervision that includes confirming the consignee's information management structure beforehand. The Company consigns the handling of personal data, for example, in cases such as the following.
- Consigning the management of the shareholders' register
5. Joint Use with the Company's Group Companies and Business Partners
To attain the Purpose of Use shown above in 2. (1) - (5), personal data is used jointly among the Company, Group companies and business partners* as described below.
- (1) Personal Data Items
a. Data on shareholders (Address, name, situation regarding holding of Company stock, etc.)
b. Personal data held by Group companies (information related to transactions such as details of accident notices and details of contracts listed on application forms that include address, name, telephone number, gender, date of birth and other items)
c. Personal data from persons making inquiries and requests of the Company (name, contact information, details of inquiry/request, etc.)
- (2) Party responsible for managing personal data: Tokio Marine Holdings Co., Ltd.
*For details on the scope of Group Companies, refer to 10. Company List.
At present, there is no joint use of personal data with business partners.
6. Handling of Sensitive Information
The Company will not collect, use or provide to a third party Sensitive Information, including, but not limited to information regarding healthcare or case history, except for cases provided by the Act on the Protection of Personal Information, other relevant laws, ordinances and guidelines.
Note: "Sensitive Information" refers to sensitive information set forth in Article 6 of the Guidelines for Personal Information Protection in the Financial Field.
7. Notice of Matters, Disclosure, Amendment or Suspension of Use of Personal Data Held by the Company under the Act on the Protection of Personal Information
In accordance with the Act on the Protection of Personal Information, the Company makes efforts to respond appropriately and promptly to requests concerning notice of matters, disclosure, amendment or suspension of use of personal data.
For details on specific requests, please direct requests as shown below in 9. Contact Information. While confirming that the person making the request is the actual relevant person, procedures will be undertaken after filling out the Company's designated forms and, in principle, the Company will respond in writing at a later date. The Company shall receive its self-prescribed service fee for responding to disclosure requests.
Procedures for requesting disclosure, etc. (in Japanese)
8. Management of Personal Data
To prevent divulgence, loss or damage of personal data and ensure safety management of other personal data, the Company implements adequate security measures while working to assure the accuracy and recentness of data needed to attain the Purpose of Use.
9. Contact Information
The Company responds appropriately and quickly to complaints and consultations regarding the handling of personal information. For referrals and consultations concerning the Company's handling of personal information or personal data, please make inquiries as follows.
Point of contact: Tokio Marine Holdings Internal Control Department
Business hours: 9am - 5pm, excluding Saturdays, Sundays, holidays and year-end and new year holidays
10. Company List
The Company's Group companies and business partners mentioned in 2. Purpose of Use of Personal Information and in 5. Joint Use with the Company's Group Company's and Business Partners are indicated below.
- (1) Group Companies: Tokio Marine Group
- (2) Business partners: There are no business partners to which the Company provides personal data.
Note: Personal information of employees of the Company shall not necessarily be treated in accordance with this policy.
Adopted on March 7, 2005
Revised on August 11, 2011
Acquisition of External Certification
The Tokio Marine Group has acquired external certification for information security that includes the Privacy Mark and Information Security Management System (ISMS) certifications. These achievements recognize the initiatives taken within the Group to protect personal information. The Group intends to make continuous improvements and to strengthen further its information security management structure.
|Group member company||Certification date||Certification|
|Tokio Marine & Nichido Communications||Mar. 2006||ISMS|
|Tokio Marine & Nichido Systems||Aug. 2006
|Tokio Marine & Nichido Risk Consulting||Jun. 2007||Privacy Mark|
|Millea Mondial||Aug. 2007||Privacy Mark|
|Tokio Marine & Nichido Medical Service
(Health Promotion Dept.)
*Third-party certification system on operational management of IT services (ISO/IEC 20000)