PRIVACY POLICY

Personal Information our company deals with

Our company strives to safeguard personal information based on the “Personal Information Protection Policy”. We hereby notify you as follows with respect to personal information we collect or retain for our business purposes.

（１）Name and address of the business operator handling the personal data and, if a legal entity, the name of its representative

Sugawara Toshiko
CEO, Heart Organization, Co., Ltd.
5-5-15 Nishi Nakajima, Yodogawa-ku, Osaka-shi, Osaka-fu

（２）Name or title, affiliation and contact details of the data protection manager (or his/her representative)

General Manager, Administration Division
Manager of Personal Information Protection
Email:privacy@heartorg.co.jp
Telephone number: 06-4862-4488

（３）How to collect personal information

Our company will not acquire personal information through improper means. Also, unless prescribed by law, rule or regulation, we will notify or publicize the purposes for using personal information and will use such information within these limits. In addition, we will automatically collect access information acquired with cookie or web beacon technology for the purpose of better customer service and for the purpose of advertisement distribution, promotion, sales, development of new services, etc., which are related to our products. If you disable cookies by modifying your browser, you may not be able to use some of our services.

（４）Purposes for using personal information

The purposes for using personal information our company handles in our business operations are as follows;

① Personal information to be disclosed

Kinds of personal information	Purposes of use
Business partners’ information	Used for business administration, various contacts, billing, payment management, service/service improvement, advertisement/publicity/marketing
Employees’ information	Used for operations related to employee management (Operation, labor, and personnel management, salary operation, welfare operation, etc.)
Job seekers’ information	Used for operations related to recruitment (Providing information on recruitment, screening for hiring and contacting regarding recruiting operation.)
Retirees’ information	Used for corresponding to retirees and responding from retires
Contact person’s information	Used for inquires
Individual or his/her agent’s information (when being requested for disclosure and others)	Used for responding to requests for disclosure and others

② Personal Information to be non-disclosed

Kinds of personal information	Purposes of Use
Personal Information acquired in entrusted business	Used for contracts or communications related to the contracts, performing entrusted operations and aftercare operations, etc.
Information acquired from recruitment websites	Used for decision or notification of success or failure in the recruitment application

③ Purposes based on attributes

Kinds of personal information	Purposes of Use
Personal information of healthcare professionals who will use our services	Creating a service account provided by our company, Contacting healthcare professionals and related medical companies from us, Used for authentication information, etc. when cooperating with other company's services, Organizing and managing academic meetings for universities and research institutions, Collaboration between doctors for educating each other, etc, Other purposes to be needed to provide our company’s services, Purposes for future and next generation-medical education, and the dissemination and development of medical technology in addition to the medical education, or For the system improvement of our company’s service, maintenance operations, planning and designing of new services by statistically compiling and analyzing the trends of use of our service by doctors, For advertisement, publicity, and marketing accompanying new service provision, For the payment management of professional advice and guidance, Purposes that will be individually informed in writing.
Patient's personal information acquired through medical professionals	For the system improvement of our company’s services and maintenance operation, In the services provided by our company, used for doctors and medical professionals who organize and manage conferences, for doctor's case studies, education, learning, etc. in universities, research institutions, etc., For future and next generation-medical education, and for the necessary operations for the dissemination and development of medical technology in addition to medical education, For the system improvement of our company’s service, maintenance operations, planning and designing of new services by statistically compiling and analyzing the trends of use of our service by doctors, For creating a database that can efficiently implement education, dissemination and development of future medical technology, Purposes that will be individually informed in writing.

（５）Contact of inquiry regarding personal information

If you have any complaints, consultation and inquiries regarding personal information including personal information to be disclosed, please contact “Contact for Complaints, Consultation and Inquiries” shown below.
The name of the organization and, offer destination of complaints resolved

（６）Storage period of personal information

In order to protect personal information of our users, we will retain the personal information for 7 years after achieving the purpose of use of personal information, then delete or anonymize the said information according to applicable law.

（７）The name of authorized personal information protection organization, and offer destination of complaints resolved

一PrivacyMark Promotion Center, JIPDEC
Address: 12F, Roppongi First Building, 9-9 Roppongi 1-chome, Minato-ku Tokyo, 106-0032 Japan

（８）Provision of Personal Information

Personal information obtained will not be provided to third parties except as required by law.

（９）Outsourcing the Handling of Personal Information

We will not outsource all or part of the handling of acquired personal information.

（１０）Consequences for not giving personal information

Giving us your personal information is voluntary. If you do not provide some of your personal information, we may not be able to respond to your inquiry.

（１１）Procedure for requests for disclosure and others

Our company will promptly respond to requests for disclosure (notification of purpose of use, disclosure, correction, addition or deletion of content, cessation of use, erasure and cessation of provision to third parties, disclosure of records of provision to third parties) by the person concerned with regard to personal information subject to disclosure. If requested, we will respond within a reasonable period of time and to a reasonable extent after confirming that the person making the request is the person in question or their representative.

（１２）Method and Contact for requests for disclosure and others

Please contact the reception desk below to make a request for disclosure of personal information subject to disclosure. Please fill in the form, enclose the required documents and send it by post or email. （Please fill in the form, enclose the required documents and send it by post or email (the cost of sending the form will be borne by the person making the request). After confirming your identity (or that of your representative), we will reply to you by the disclosure method you have requested. Please note that we may not be able to respond to requests for disclosure that do not comply with this method.

（１３）Measures taken to ensure the security of personal data

In order to handle personal information in the strictest possible manner, the company has formulated rules and regulations concerning personal information and operates a personal information protection management system based on a personal information protection policy in accordance with JIS Q 15001. To ensure the proper handling of personal information, safety management measures are implemented from four perspectives: organisational, human, physical and technical.

（１４）Information provision for EU users

When processing personal information of "EU users" who are living within the European Union and using our company’s services, EU General Data Protection Regulation ("GDPR") will be applied. We are providing information on the rights of EU users and our responsibilities based on the said regulations as follows.

1.Rights of EU users

EU users will have the following rights regarding the handling of their personal information conducted by our company. For the exercise of these rights, please see the contact below.
Users outside the EU can also request explanations, corrections, deletions or delivery of copies regarding their own personal information.

a. Explanations and delivery of copies regarding personal information of users (EU users and users outside EU)

The user reserves the right to request an explanation regarding the user’s personal information possessed by our company and an explanation regarding how to use the said information. In addition to the mentioned above, when we collect the users’ personal information based on their consent, or we collect the personal information, which is necessary to provide services requested by the users, the users shall reserve the right to receive copies of the said information that we collected regarding the users.

b. Correction

When the user believes the user’s personal information possessed by our company is inaccurate, the user reserves the right to request a correction of his/her personal information. The user can make the following requests by inquiring to the contact mentioned below.
・Description request of personal information collected by our company and how our company use the personal information.
・Delivery request of copies of personal information collected by our company.
・When the user’s personal information possessed by our company is inaccurate, he/she can request a correction of the information.

c. Deletion

Our company will retain that information as long as users maintain their accounts. In addition, users can request deletion of their accounts at any time. Please see the contact below for the inquiry.

d. Allegation for appeals and complaints

The EU users reserve the right to appeal regarding their personal information processing conducted by our company. Even if the appeal has been filed, our company shall continue to process the user’s information to the extent permitted by the general data protection regulation (GDPR).
In addition to the mentioned above, the EU users reserve the right to file their appeals to the Data Protection Agencyregarding the said information processing conducted by our company.

2.Basis of processing

GDPR requires companies that process personal information of EU users to process it based on specific legal basis. Our company will process the information of EU users based on the basis that are established under GDPR. The users can revoke the consent at any time. If an EU user cancels the consent, the user will be unable to use the service (or function).
In addition to the mentioned above, we may collect personal information of users through arbitrary questionnaires. The user's response to such a questionnaire will be collected based on consent and will be deleted when it is no longer needed for the collected purpose.

【Contact for Inquiry】

Name of contact	Contact of inquiry regarding personal information
Contact	Manager of Personal Information Protection:General Manager Administration Division Address: 5-5-15 Nishi Nakajima, Yodogawa-ku, Osaka-shi, Osaka-fu Email: privacy@heartorg.co.jp