Personal Information Protection Policy

NH Foods Ltd. (the “Company”, “we”, “our”), recognizes the importance of personal information, strives to ensure the acquisition, appropriate use and management of personal information while complying with laws and regulations, and aims to be a company that can live up to the trust of customers and its social mission.

1. Basic Policy

  • The Company, in relation to the protection of personal information, complies with the “Act on the Protection of Personal Information” and other related laws and regulations, and also based on various guidelines provided by the Personal Information Protection Commission and other generally accepted customary practice regarding handling of personal information, we strive to properly acquire, use and otherwise handle the personal information.
  • The Company will maintain internal rules concerning the handling of personal information and keep all employees including officers and employees informed. In addition, we will take responsibility for management of contractors to which the Company entrusts handling of personal information and will request such contractors to handle personal information appropriately.
  • Regarding the safety management of personal information, the Company will appoint a chief administrator and seek to establish an organizational structure for the safety management measures, educate employees, manage areas handling personal information and manage safety regarding information media and information systems which manage personal data.
  • With respect to any submissions of inquiries or complaints, etc. raised from individuals identified from the personal information (“Principals”), any requests for notifying purpose of use of retained personal data, any requests for disclosure, correction, addition, removal, suspension of use or deletion regarding the retained personal data, any requests for disclosure of records provided to third parties, or any requests for suspension of provisions of retained personal data to third parties, the Company will respond in good faith according to laws and regulations upon receiving such submissions or requests through the prescribed contact point.

2. Purposes of Use etc.

  • The Company will acquire personal information necessary for the execution of our businesses and use it for the following purposes. We will not use personal information for purposes other than the following purposes without prior consent of the Principal, except where permitted by laws and regulations.

    (1) Personal Information of Customers

    • Providing information and services relating to our products and new products
    • Shipping and responding inquiries for our gift products
    • Questionnaire survey and analysis relating to various operations of the Company
    • Sending out invitations or information on campaigns, exhibitions, events and other sales promotion activities relating to our products and new products, and the operations thereof
    • Operating open factories (factory tours) hosted by the Company
    • Operating online shops, mail orders etc. for our products
    • Responding inquiries to our “Customer Communication Dept”
    • Responding inquiries to our “Personal Information Inquiry Desk”
    • Other business operations closely related to the above business operations

    (2) Personal Information of Job Applicants

    • Recruiting activities of our employees
    • Other business operations closely related to the above business operations

    (3) Personal Information of Business Partners

    • Providing information and services relating to our products and new products
    • Implementation and communication on joint development of products and technology
    • Implementation and communication on business negotiations
    • Providing services for entrusted works
    • Providing producer traceability information for the purpose of breeding and fattening livestock
    • Entry and exit control to our facilities
    • Other business operations closely related to the above business operations

    (4) Personal Information of Shareholders or Former Shareholders

    • Information management of shareholders based on various laws and regulations
    • Exercises of rights or performances of obligations by shareholders or the Company
    • Providing services to shareholders and former shareholders
    • Implementation of various communication to shareholders
    • Other business operations closely related to the above business operations

    (5) Personal Information of former employees and retired employees

    • Personnel and labor services (including welfare benefits) for retirees and communication as necessary for social activities, etc.
    • Other business operations closely related to the above business operations

  • The Company may share personal data of a Principal with our group companies. The purpose of use and items of the sharing personal data, the range of the sharing users, and the name of the entity responsible for managing the sharing personal data as well as its address and the name of the representative are as follows.

    (1) Purpose of Use and Items of Sharing Personal Data

    • Purpose of use: purposes described in 1. above
    • Items: name, address, telephone number, fax number, e-mail address, affiliation information (company name, department name, position title, etc.), inquired matters, requests, matters concerning purchase of products, matters concerning contracts

    (2) Range of Sharing Users

    Our group companies [70KB / 1 pages]

    (3) Name of Entity Responsible for Managing the Sharing Personal Data, Its Address and Name of Representative

    NH Foods Ltd.
    BREEZE TOWER, 4-9, Umeda 2-chome, Kita-ku, Osaka, Japan
    President and Representative Director, Nobuhisa Ikawa

3. Provision etc. to Third Parties

  • To the extent necessary for achieving the purposes of the use stipulated in 1. of [2] above, the Company may provide personal data to contractors when entrusting all or part of handling the personal data to such contractors. In such case, we will request the contractors to handle the personal data appropriately. In addition, even after selection and entrustment to the contractors, the Company will confirm as necessary whether safety management in relation to personal data is being appropriately carried out by the contractors.

  • The Company will not disclose or provide personal data of a Principal to third parties unless there is a situation which falls into one of the followings:

    • where the consent of the Principal is given regarding disclosure or provision to third parties;
    • where it is based on laws and regulations;
    • when it is necessary for the protection of life, body or property of a person and it is difficult to obtain consent from the Principal;
    • when it is particularly necessary to improve public health or promote the sound growth of children, and it is difficult to obtain consent from the Principal;
    • when it is necessary to cooperate with the government agencies, local governments or contractors entrusted by them in carrying out the affairs prescribed by laws and regulations, and obtaining the consent of the Principal is likely to impede the execution of such affairs; or
    • when such third party is an academic research institution, etc., and it is necessary for such third party to handle said personal data for academic research purposes (including cases where part of the purpose of handling the personal data is for academic research purposes, and excluding cases where there is a risk of unjustly harming the rights and interests of individuals).

4. Management of Pseudonymously Processed Information etc.

  • In creating pseudonymously processed information (meaning information on an individual obtained by processing personal information so that a specific individual cannot be identified unless the information is collated with other information, in accordance with the provisions of the laws and regulations; the same applies hereinafter), the Company will carry out appropriate processing.
  • When the Company created pseudonymously processed information or obtained pseudonymously processed information or deleted information, etc. in relation to such pseudonymously processed information (meaning descriptions, etc. and individual identification codes, etc. which are deleted from personal information used when creating the pseudonymously processed information as well as information on the processing method conducted pursuant to the preceding paragraph; the same applies hereinafter), we will take security control measures of the deleted information, etc. and implement appropriate handlings of the same.
  • The Company will handle the pseudonymously processed information within the scope of the specified purpose of use, unless otherwise permitted under laws and regulations.
    Further, when the Company obtains pseudonymously processed information which is personal information or changes the purpose of use of such pseudonymously processed information, we will publicize the purpose of use of such pseudonymously processed information.
  • When the Company uses the pseudonymously processed information on its own, we will not collate it with other information for the purpose of identifying the person relating to the original personal information.
    Further, the Company will not acquire the deleted information, etc. when the pseudonymously processed information is not personal information.
  • In handling the pseudonymously processed information, the Company will not use the contact information or other information contained in the pseudonymously processed information to make telephone calls, send letters by mail, send telegrams, send by facsimile or electromagnetic means, or visit residences.

  • The Company may share personal data which is pseudonymously processed information with our group companies. The purpose of use and items of the sharing personal data which is pseudonymously processed information, the range of the sharing users, and the name of the entity responsible for managing the sharing personal data as well as its address and name of the representative are as follows.

    (1) Purpose of Use and Items of Sharing Personal Data which is Pseudonymously Processed Information

    • Purpose of use: the purposes described in [2] 1 above and publicized pursuant to [4] 3 above
    • Items: address, telephone number, fax number, e-mail address, affiliation information (company name, department name, name of position, etc.), inquired matters, requests, matters concerning purchase of products, matters concerning contracts (however, in using shared pseudonymously processed information, if it is possible to identify a specific individual by an item itself or by the combination of items, etc., that is to be shared, such information shall not be subject to shared use, and only the items that have been processed so that a specific individual cannot be identified shall be allowed to be shared)

    (2) Range of Sharing Users

    Our group companies [70KB / 1 pages]

    (3) The Name of Entity Responsible for Managing the Sharing Personal Data, Its Address and Name of Representative

    NH Foods Ltd.
    BREEZE TOWER, 4-9, Umeda 2-chome, Kita-ku, Osaka, Japan
    President and Representative Director, Nobuhisa Ikawa

5. Management of Anonymously Processed Information etc.

  • In cases where the Company creates anonymously processed information (meaning information on an individual obtained by processing personal information so that a specific individual cannot be identified, in accordance with the provisions of the laws and regulations, and that the personal information is not capable of being restored; the same applies hereinafter), we will carry out appropriate processing. Further, when the Company created anonymously processed information, we will publicize items of information contained in the said information, take measures for safety control measures and complaints handling, etc., and publicize such measures.
  • When the Company created anonymously processed information, we will take security control measures of information such as the processing method and implement appropriate handlings.
  • The Company will continuously provide anonymously processed information (which it receives from a third party) to third parties. Items of information on an individual which is included in anonymously processed information to be provided and method of the provisions are as follows:

    (1) Items of information on an individual which is included in anonymously processed information
    Temporary ID, Gender, Age Group, Residential Address (with omission of the address beyond block number), Occupation, Family Composition, Buying Information and Visit Distance.

    (2) Method of the provisions for anonymously processed information
    Uploading to a server and provision by way of electronic communication method.

  • When the Company uses the anonymously processed information on its own, we will not collate it with other information for the purpose of identifying the person relating to the original personal information.

6. Safety Control Measures Taken for Retained Personal Data

The Company will properly implement the following measures to ensure the safe control of the retained personal data.

  • Formulation of the basic policy
    This policy has been formulated as a basic policy to ensure the appropriate handling of personal data.
  • Development of discipline
    For prevention of personal data leakage, etc. and for other safety control of personal data, we established rules on the management of personal information. And in the rules, it provides the handling methods, responsible persons/persons in charge and their duties, etc. regarding acquisition, use, storage, provision and deletion/abolition, etc.
  • Organizational safety control measures
    Responsible persons for and persons in charge of handling personal information are assigned in each appropriate organizational unit to clarify responsibilities and authorities.
    The Company established a system to report facts of violation of laws or possible violation of laws to relevant departments where such a violation or possible violation is known.
    We conduct periodical self-checks and audits regarding handling of personal data.
  • Human safety control measures
    We prescribed in the rules on the management of personal information that employees shall not leak, lose, or otherwise damage personal information, and have educated and trained the employees as appropriate.
  • Physical and technical safety control measures
    In order to prevent the leakage, etc. and unauthorized use of personal data as well as access, etc. to personal data by unauthorized persons, we manage personal data appropriately and sets up storage locations for recording media.
    We introduced systems to protect against unauthorized access from outside or unauthorized software by way of introducing security measure software or others.
  • Understanding the external environment
    When storing personal data in a foreign country, we will endeavor to implement safety control measures with our understanding of the regulations concerning the protection of personal information in such foreign country.

7. Responding Desk to Requests from Principals

  • With respect to handling of the personal information by the Company, any inquiries from a Principal, any requests for notifying purpose of use of retained personal data, any requests for disclosure, correction, addition, removal, suspension of use or deletion regarding the retained personal data, any requests for disclosure of records provided to third parties or any requests for suspension of provisions of retained personal data to third parties, or any other requests will be received at “Personal Information Inquiry Desk” described below.
  • Requests for notifying the purpose of use of retained personal data will be responded within a reasonable period and to the extent reasonable in accordance with the prescribed procedure. However, please understand that we may not be able to fulfill your requests for disclosure due to laws and regulations, etc.
  • Disclosure requests for retained personal data or records provided to third parties will be responded within a reasonable period and to the extent reasonable in accordance with the prescribed procedure. However, please understand that we may not be able to fulfill your requests for disclosure due to laws and regulations, etc.
  • When a request for correction, addition or removal of retained personal data is raised, we will investigate and confirm in accordance with the prescribed procedure, and if the content of the said retained personal data is factually inaccurate, such retained personal data will be corrected, added or removed within a reasonable period and to the extent reasonable.
  • When a request for suspension of use or deletion of retained personal data is raised, we will investigate and confirm in accordance with the prescribed procedure, and if it meets the requirements prescribed under laws and regulations, such retained personal data will be suspended from use or deleted within a reasonable period and to the extent reasonable.
    Please be advised that by suspending use or deleting, we may not be able to provide services as per your request.
  • When a request for suspension of third party provision of retained personal data is raised, we will investigate and confirm in accordance with the prescribed procedure, and if the requirements prescribed by laws and regulations are satisfied, such retained personal data will be suspended from any third party-provision within a reasonable period and to the extent reasonable.

  • How requests are to be received
    The Company will receive requests described in paragraphs 2 through 6 by the following method. Please be advised that we may not be able to fulfill your requests which are not submitted pursuant to the following method.

    <How Requests Are to Be Received>

    Please submit a written request addressed to the “Personal Information Inquiry Desk” in accordance with the following method. Please understand that we may ask about your personal information to the extent necessary to search your personal information when we receive your request. Also, please note that documents submitted at the time of your request and documents for identity verification that you are the Principal, etc. will not be returned.
    After an internal investigation for a certain period of time, we will respond to your request either by providing an electromagnetic record or by delivering a document, whichever means you requests. Please note that if it is difficult to disclose in the means you requested, we will contact you and respond in writing.

    <How to Request>

    Documents, etc. to be submitted at the time of requests described in paragraphs 2 to 6 above:

    • Written requests concerning disclosure, correction, suspension of use of retained personal data, etc. [200KB / 1 pages]

    • Documents for identity verification of a Principal
      (In either of the below cases, please send us a copy of a document which shows the name and address of the Principal.)
      • (A) Please submit one of the followings (if they are with your photo):
        1) Driver's license, 2) Passport, 3) Basic Resident Registration Card with your photo, 4) Physical Disability Handbook with its certificate, 5) Residence card, or 6) Special Permanent Resident Certificate
      • (B) Please submit two of the followings (if they are without your photo):
        1) Health Insurance Certificate for the insured persons, 2) various pension handbooks with their certificates, 3) Certified copy or extract of Family Register
    • If the requesting person is not the Principal but an agent, in addition to (A) or (B) of ② above, the following documents shall be submitted by the agent:
      • (C) Documents for identity verification of the agent ((A) or (B) of 2 above)

      <Where delegated>

      • (D) A power of attorney in a form designated by the Company which is stamped with the registered seal of the subject person (Principal) of the disclosure
      • (E) Seal Registration Certificate of the subject person (Principal) of the disclosure

      <Where the Principal is a minor or a ward>

      • (F) Documents that prove that the agent is the statutory representative of the Principal (a certified copy or extract of the Family Register of the Principal, a judgment regarding commencement of wardship, etc.)

[Inquiry Desk for Personal Information]
Think Park Tower, 2-1-1 Osaki, Shinagawa-ku, Tokyo 141-6014
Personal Information Inquiry Desk, Legal Affairs Department,
NH Foods Ltd.
TEL: +81-3-4555-8017

Note: Inquiries over phone can be received Monday through Friday (except public holidays) from 10:00AM to noon and from 1:00 PM to 4:00 PM (except for the Company’s Year-end and New Year Holidays as well as Bon Holiday Break).

8. Others

This Personal Information Protection Policy may be subject to renewal or revision without prior notice. Thank you for your understanding.

Revised as of September 9, 2022
NH Foods Group
NH Foods Ltd.
President and Representative Director
Nobuhisa Ikawa