Personal Data Guidelines

  • "Personal data" is the collective term used to refer to three types of information: "personal information", "non-personal information", and "privacy-related information".
  • The Personal Data Guidelines codify our basic principles in terms of a wide range of personal data.
  • First of all, we respect the will and choices of our customers and aim to give them peace of mind. The guidelines determine our basic stance in the digital society to contribute to our customers and society by utilizing data while ensuring that data is kept secure and privacy is protected.
  • It also stipulates that data collection and retention must be minimized, that requests from customers (including for the disclosure, correction and deletion of data) must be properly addressed, and that anyone has a right to be forgotten.
  • We are the first "B" on the left of what is called the "B-to-B-to-C" model. Our position is as a supplier (agent) of customer service functions. Our customers are client companies in the next "B." We have direct contact with the final "C" who are the end users (consumers) to provide customer service functions. However, our client companies own all the information we obtain in that process. We do not have any rights to that information. We handle all that information according to the will and instructions of our client companies.
  • We constantly monitor and control all access to information by our employees outside of the provision of customer service functions.
  • We automatically delete all the information we inevitably collect in the provision of customer service functions 92 days after collecting it. The only exception to that is when we have entered into a contract to extend the storage period with a client company for special purposes such as maintaining quality and complying with laws/ordinances.
  • We do not collect any personal data such as personal information from third parties except as stipulated by laws/ordinances. In addition, we do not lend, sell or provide third parties with personal data for purposes other than completing transactions and providing services.
  • The Information Security Promotion Group, a permanent dedicated division under the Chief Information Security Officer (CISO) has put into place a rapid response organization to deal with information leaks and to respond to incidents. At the same time, the Computer Security Incident Response Team (CSIRT), a permanent dedicated division under the Chief Information Officer (CIO), has put into place a rapid response organization from the aspect of cybersecurity. We have also established the Security Operation Center (SOC) as an organization to monitor cybersecurity 24 hours a day. We have built a high security organization for all kinds of information including in terms of privacy by establishing such strict organizations and processes.
  • We have introduced a company-wide enterprise risk management (ERM) system. The Board of Directors has established a Risk Management Committee under its direct control and also appointed a Chief Risk Officer (CRO) to build an advanced organization which comprehensively manages company-wide risks including in terms of privacy and information security. The CISO and CIO report to the CRO. The CRO chairs the Risk Management Committee and reports directly to the Board of Directors through that committee.
  • We provide education on procedures and risks relating to information security and privacy as mandatory training to all our officers and employees (including contract employees and temporary employees).
  • Our group's Personal Data Guidelines, Privacy Policy and Handling of Personal Information and Specific Personal Information cover all our businesses and subsidiaries.
Personal Data Guidelines

Personal Data Guidelines

As the importance of data utilization has been increasing in society, we believe that it is necessary to operate our business with a higher ethical standards to protect personal privacy. We comply with the Personal Information Protection Law, respect global data protection regulations and codes of ethics, and constantly pursue the application of higher standards.

We respect the right to self-determination regarding the control of personal data and build a individual-centered environment. In order to achieve this, we aim to minimize the collection and the retention of personal data and to raise our level of operation in terms of the protection and the deletion of data, and the right to be forgotten.

We operate our business based on the following guidelines in order to contribute to our customers and society by utilizing data and to optimize protection of personal data for each customer.

The guidelines are not intended to change the existing three policies of "Information Security Policy", "Personal Information Protection Policy", and "Handling of Personal Information and Specific Personal Information".

1. Respect will of individual

  • We respect the will of the individual in terms of handling personal data.
  • We also handle personal data appropriately based on our business models and relationships with individuals, companies, and other stakeholders.

2. Privacy protection

  • We comply with laws and regulations and ensure privacy protection.
  • We continue to provide mandatory education and training programs in order to ensure thorough privacy protection.

3. Security

  • We use organizational, human, physical and technical means to ensure security to prevent incidents about our customers' personal data.
  • We evaluate information security regularly, identify issues, implement risk mitigation measures, for continuous improvement.

4. Contribution to customers and society

  • We contribute to our customers and society by creating new value based on the knowledge obtained from utilization of data.​
  • We always prioritize the interests of our customers and the contribution to society, and support to realize a sustainable and prosperous digital society.​

5. Transparency of data usage

  • We ensure transparency in the handling of data by mapping out how data is collected and retained.
  • We appropriately disclose information in response to customer inquiries and requests.

6. Communication

  • Through the dialogue, which is one of our strengths, we resolve customers' anxieties and doubts and establish an easy-to-understand communication system that gives them peace of mind.
  • We will sincerely listen to the voice of our customers and always aim to raise the level of our services.

Established on April 1, 2022
BELLSYSTEM24 Holdings, Inc.​
Chief Information Security Officer, Executive Vice President​​
Noriyuki Hayata

BELLSYSTEM24 Holdings, Inc.​
Chief Information Officer
Shinsuke Kageyama

Training Organization

We conducts annual mandatory training on information security, privacy, and overall compliance for all employees, including contract employees and temporary employees.

Company-wide Education Program

Company-wide Education Program
  • *1: Supervisors are responsible for the management and supervision of contact centers to improve their performance. They manage and monitor the progress of business, give guidance to communicators*4, escalate the response and develop the environment.
  • *2: Leaders are responsible for supporting communicators based on the instructions of supervisors. Specifically, they are responsible for Q&A sessions, new business training lecturers and some OJT.
  • *3: Operations management is our own contact center management system. The basic operations management training allows participants to acquire basic knowledge and skills of operations management.
  • *4: The role of communicators is to provide support to end users through the telephone and e-mails in contact centers.
  • *5: The telecommunications training is for communicators who provide support by telephone.
  • *6: The e-mail communicator training is for communicators who provide support by e-mail.
  • *7: We give the details of the elective business course skills, career development, thematic and job-specific training separately in the "Elective Training" item.
  • *8: We developed the new division manager training and environment training and human rights training with external professional educational and training bodies.
  • *9: Including contract employees and temporary employees

Other Group Companies