Privacy Policy

The Non-Profit Organization Shumei Natural Agriculture Network (hereinafter referred to as “the Organization”) hereby establishes and publicly announces its policy for handling personal information and declares its commitment to comply with this policy.

Personal Information

“Personal Information” refers to information defined under the Act on the Protection of Personal Information (Act No. 57 of 2003, hereinafter “the Personal Information Protection Act”) and means information about a living individual that can identify a specific individual by name, date of birth, or other description contained in such information, or that contains a personal identification code.

Purpose of Use

  1. The Organization will use the acquired personal information of its members only within the scope necessary to achieve the following purposes. When collecting personal information during member registration, the purpose of use will be clearly indicated in advance.

    Purpose of Use

    1. To manage membership information and facilitate the Organization’s operations.
    2. To verify member identity.
    3. To contact members as necessary in relation to services and respond to inquiries.
    4. To improve and enhance services.
    5. To conduct research and development of services through market surveys, data analysis, and questionnaires.
  2. If personal information is to be used beyond these purposes, the Organization shall obtain prior consent from the member by appropriate means.

Collected Information and Methods

The Organization shall collect personal information properly within the scope necessary for the above purposes.
The collected information may include:

  • Name
  • Address
  • Telephone number
  • Email address
  • Date of birth
  • Gender

Provision to Third Parties

The Organization shall not provide personal information to third parties without the prior consent of the individual, except in the following cases:

  1. When it is necessary to protect a person’s life, body, or property and obtaining consent is difficult.
  2. When it is particularly necessary for improving public health or promoting the sound growth of children and obtaining consent is difficult.
  3. When cooperation is necessary with national or local government agencies in executing legally mandated affairs, and obtaining consent could interfere with such affairs.
  4. When permitted by law.

Joint Use of Personal Data

The Organization may jointly use members’ personal information within the following scope and purposes:

  1. Scope of joint users: Members of the Organization
  2. Purpose of joint use: For improvement and enhancement of services
  3. Items of personal information shared: Name, address, email address, phone number, date of birth, gender

Outsourcing

The Organization may outsource the handling of personal information to fulfill service-related operations within the scope of intended use. In such cases, the Organization will select contractors recognized to handle personal information appropriately, stipulate terms regarding safety management, confidentiality, and re-outsourcing in contracts, and conduct necessary and appropriate supervision.

Safety Management Measures

The Organization strives to maintain personal information accurate and up to date and will take necessary and appropriate measures to prevent unauthorized access, leakage, loss, or damage.

Disclosure of Personal Information

If a member requests disclosure of their personal information held by the Organization, they may do so through the procedure guided in Article 12. The Organization will promptly respond unless:

  1. It may harm the life, body, property, or other rights of the individual or a third party.
  2. It may significantly interfere with the proper conduct of the Organization’s operations.
  3. It violates other laws or regulations.

Correction, Addition, or Deletion

  1. Members may correct, add to, or delete their personal information via designated fields in the service system.
  2. The Organization may also correct such information upon investigation and will notify the member accordingly.

Suspension of Use, Deletion, or Provision to Third Parties

  1. If a member requests suspension of use, deletion, or cessation of third-party provision under the Personal Information Protection Act, they may do so through the procedures outlined in Article 12.
  2. The Organization will promptly investigate and determine whether such action is necessary, and if so, implement it and notify the member.
  3. If implementation is difficult due to cost or other reasons, alternative measures will be taken to protect the member’s rights and interests.

Compliance with Laws and Regulations

The Organization shall comply with the Personal Information Protection Act, other relevant laws and guidelines, and this Privacy Policy in handling personal information.

Inquiries, Complaints, and Requests

The Organization will respond promptly and appropriately to inquiries and complaints regarding the handling of personal information.
Please contact:

Shumei Natural Agriculture Network
Email: snn@snn.or.jp
Hours: 9:00–17:00 (excluding Mondays)

Organization Name, Address, Representative, and Privacy Officer

Organization name, address, representative, and privacy officer are as follows:

Name: Shumei Natural Agriculture Network (NPO)
Address: 316 Tashiro, Shigaraki-cho, Koka-shi, Shiga, Japan
Representative: Kazumasa Kobayashi
Privacy Officer: Kazutake Domae

Continuous Improvement

The Organization is committed to the continuous improvement of internal personal information handling through internal rules, staff training, and audits.

Revisions

The Organization may revise this Privacy Policy as needed. Changes will take effect upon notification through appropriate methods or publication on the Organization’s website.

This concludes our Privacy Policy.

Established and Enforced: May 31, 2024

Appendix

Security Control Measures

Formulation of Basic Policy

The Organization shall formulate a basic policy to ensure the proper handling of personal data as an organization. This includes compliance with relevant laws and guidelines, matters related to security control measures, and establishing contact points for inquiries and complaints.

Establishment of Rules Regarding the Handling of Personal Data

To prevent leakage and ensure the security of personal data, the Organization shall establish rules that clearly define handling methods, responsible personnel, staff members, and their duties.

Organizational Security Control Measures

The Organization shall take the following organizational security measures:

  1. Development of Organizational Framework

    A person responsible for implementing security control measures shall be appointed, and their responsibility shall be clearly defined. The scope of personnel handling personal data and their responsibilities shall also be clarified to establish an effective organizational structure.

  2. Operation in Accordance with Established Rules

    Personal data shall be handled in accordance with the pre-established rules. In addition, records shall be kept to verify that the rules are being properly followed.

  3. Development of Verification Methods

    Appropriate systems and tools shall be developed to verify the status of personal data handling.

  4. Development of Incident Response Structure

    A system shall be developed to ensure appropriate and prompt responses in the event of a data breach or signs thereof. If a breach occurs, the Organization shall promptly disclose the facts and preventive measures, taking into account the prevention of secondary damage and recurrence of similar incidents.

  5. Review and Improvement of Security Measures

    The Organization shall regularly assess and revise security control measures based on the status of personal data handling, and implement improvements as necessary.

Personnel Security Control Measures

The Organization shall ensure that all employees handling personal data are thoroughly informed of proper handling procedures, appropriately trained, and adequately supervised.

Physical Security Control Measures

The Organization shall take the following physical security control measures:

  1. Management of Areas Handling Personal Data

    Areas where servers, main computers, and other critical systems are located, as well as areas where personal data is handled, shall be appropriately managed.

  2. Prevention of Theft or Loss of Devices and Media

    Devices, electronic media, and documents containing personal data shall be managed to prevent theft or loss.

  3. Prevention of Data Leakage During Transport

    When transporting electronic media or documents containing personal data, measures shall be taken to ensure that the data cannot be easily identified or accessed.

  4. Deletion and Disposal of Personal Data

    When deleting personal data or disposing of devices and media containing such data, the Organization shall use irreversible methods. Records of deletions and disposals shall be maintained, and in the case of outsourcing, the contractor’s proper execution shall be confirmed with certificates or other means.

Technical Security Control Measures

When using information systems (including computers) to handle personal data, particularly in communication with external systems such as over the Internet, the Organization shall take the following technical security control measures:

  1. Access Control

    Appropriate access control shall be implemented to limit access to personal data and the systems handling such data to authorized personnel only.

  2. User Identification and Authentication

    Systems shall identify and authenticate users to confirm that only authorized personnel have access to personal data.

  3. Prevention of Unauthorized External Access

    Security measures shall be implemented and maintained to protect personal data systems from unauthorized external access and malicious software.

  4. Prevention of Data Leakage via System Usage

    Measures shall be taken to prevent data leakage associated with the use of information systems, and these measures shall be properly maintained.

Understanding External Environments

When handling personal data in foreign countries, the Organization shall assess the personal data protection systems of the relevant countries and implement necessary and appropriate security measures accordingly.

End

  2. Privacy Policy