JINS JINS PARK

Information Security and Privacy Protection

Policy

Security/Privacy Policy

In recent years, as information security problems have been increasing worldwide and information management has become stricter due to the Act on the Protection of Personal Information, JINS has been strengthening its information security initiatives. The Information Security Committee, which is in charge of the overall management of information security, has established the “Guidelines for Information Security Management and Operation” in addition to the “Policy on Information Security” and “Information Security Regulations,” and has established and is operating policies and methods for improving the level of information security.

Security Policy

Privacy Policy

Systems

Information Security Systems

JINS has established the Information Security Committee (chairperson: General Manager of the Governance Division; secretariat: IT Governance Section; observers: full-time auditors; permanent members: director or higher of each department excluding those seconded overseas) to implement systematic information security measures. The Committee meets every month to discuss and share information security issues with the aim of understanding the status of information security measures, formulating and reviewing guidelines, and sharing information. The content of these meetings is reported quarterly to the Board of Directors via the Governance Management Committee. The Information Security Committee examines JINS’ information security policies, programs, proposals, and plans and strives to manage information security in accordance with these plans.

In addition, we have established the JINS Security Incident Response Team (JINSIRT), a body that specializes in responding to security incidents. JINSIRT addresses security incidents (e.g., response at the time of incident occurrence, recovery, investigation of the cause, recurrence prevention) that involve the services provided by JINS HOLDINGS Inc. and its subsidiaries, as well as security incidents that occur at the stores.For more information on JINSIRT, click here (in Japanese).

In the unlikely event of incidents, such as information leakage or virus infection, a person in charge according to the level of the incident will investigate the cause, take recovery steps, implement measures to prevent recurrence, among other necessary actions under JINSIRT’s leadership. All incidents are classified and recorded monthly. By analyzing these records, we identify weaknesses and make improvements to overcome them.

Internal Rules for Information Security

JINS has established and is operating the Information Security Regulations in order to enhance corporate value and social trust through the strengthening and thorough implementation of information security. We have also established the Guidelines for Information Security Management and Operation under these Regulations, which were substantially revised in August 2021, and are working to improve the level of information security throughout the company.

Information Security Audit

JINS conducts internal audits of information security measures to prevent information security incidents.Information security internal audits are conducted at least once a year by the manager responsible for information security audits and audit members, based on an annual plan created by the manager, which specifies what to be audited (e.g., department, system), audit items, and the schedule.

Initiatives to Strengthen Information Security

Implementation of Information Security Training

JINS provides information security training to employees on a regular basis. For mid-career employees, the training is conducted each month at the time of joining, and for area directors and store directors, it is conducted annually. For the members of the Information Security Committee, the latest trends and case studies from other companies and overseas, including Japan, are shared every month to raise their awareness of information security.

JINS offers information security training for all employees (optional for associate and part-time employees) to raise their awareness of information security and to keep them continuously informed.

Information security training example

Strengthening Information Security Measures

JINS is working to improve the level of security in order to maintain the confidentiality and safety of our information assets. In order to further strengthen information security, we established the IT Governance Division in 2017, which is now the IT Digital Governance Office, Governance Division, and is responsible for company-wide information security management and various other security-related operations.

In addition, we have established methods for managing and sharing information assets by confidentiality level and have put in place encryption and other measures based on our information protection guidelines.

Restrictions on Information Provision to Third Parties

JINS may provide personal data to third parties in order to provide better services. Except when stipulated by personal information protection regulations and other laws and regulations, JINS may provide personal data to third parties only to the extent necessary to achieve the purpose of its use after obtaining the prior consent of the principal. In cases where personal data is received from a third party, we will store the information for a period of time stipulated by laws and regulations after confirming the circumstances, such as how the third party collected the information.

Appropriate Use of Personal Information

JINS will use personal information only to the extent necessary when it is required for performing its business. When the information becomes no longer necessary, we will erase it swiftly.

Appropriate Management of Contractors

JINS evaluates the information security management systems of any subcontractor to which we outsource work that involves the processing or transfer of internal or highly confidential information assets. The subcontractor is selected based on the evaluation results and approved by the manager responsible for information security management. In addition, we ensure that information security matters are properly stated in the outsourcing contract.