JINS JINS PARK

Information Security and Privacy

Policy

Security and Privacy Policies

Securing domestic production base

Security policy

Privacy policy

Internal Information Security Regulations

JINS has established and operates the “Information Security Regulations” in order to enhance corporate value and social trust through the strengthening and thorough implementation of information security. We have also established the “Guidelines for Information Security Management and Operation” under these regulations.

Related Data

System

Information Security System

JINS has established the “Information Security Committee” (chairperson: General Manager of the Governance Division; secretariat: IT Governance Section; observers: the Audit and Supervisory Committee; permanent members: Director or higher of each department excluding those seconded overseas) to implement systematic information security measures. The committee meets every month to discuss and share information security issues, with the aim of understanding the status of information security measures, formulating and reviewing guidelines, and sharing information. The details of these meetings are reported quarterly to the Board of Directors via the Governance Management Committee. The Information Security Committee examines JINS’ information security policies, programs, proposals, and plans and strives to manage information security in accordance with these plans. The JINS Security Incident Response Team (JINSIRT) addresses security incidents that involve the services provided by JINS HOLDINGS Inc. and its subsidiaries, as well as security incidents that occur at the stores. JINSIRT works together with the Information Security Committee and related organizations to quickly recover the situation, investigate causes, and prevent recurrence.

Click here for details on JINSIRT

In the unlikely event of incidents, such as an information leak or virus attack, the person in charge (appropriate for the level of the incident) will investigate the cause, take recovery steps, and implement measures to prevent recurrence among other necessary actions under JINSIRT’s leadership. All incidents are classified and recorded monthly. By analyzing these records, we identify weaknesses and make improvements to overcome them.

Initiatives

Implementing Information Security Training

JINS trains employees on information security on a regular basis. For mid-career hires, training is conducted at the time of joining the company, while for area and store directors, it is conducted annually. The latest trends and case studies from other companies, as well as those from overseas and Japan, are shared every month among the members of the Information Security Committee to raise their awareness of information security.

JINS offers information security training for all employees including associate and part-time employees to raise their awareness of information security and to keep them continuously informed.
Please refer to the Sustainability Data Book for details on information security training programs.

Implementing Information Security Audits

At JINS, the IT Governance Section, established under the Governance Division, takes the lead in strengthening information security. The Section builds an internal IT security system and takes measures against unauthorized intrusion and hacking.
Additionally, as part of compliance with the J-SOX law, we rigorously evaluate information security items every year.
This is an effort to prevent information security incidents and ensure that customers can use our services with peace of mind.

In addition, an internal information security audit is conducted at least once a year in principle, in cooperation with the internal audit department, determining the target of the audit (e.g., department or system), the items to be audited, and the audit schedule.
By doing so, we have established a system to continuously review security items to maintain and improve security.

Implementation of Security Assessment

We are also focusing on security measures for online shopping so that customers can enjoy shopping at our website with peace of mind.
In 2024, an external expert organization conducted a risk assessment of JINS ONLINE SHOP (within Japan), concluding that the SHOP has a high security level overall.
Furthermore, improvements to further enhance security were identified, and based on these improvements, we will build a stronger security system. JINS will continue to strengthen its security measures to protect customers' important information assets.

Appropriate Use of Personal Information

JINS collects and uses personal information only to the extent necessary for carrying out its business. When the information is no longer necessary, we immediately erase it.
With respect to personal information, we have established the Privacy Governance Group within the Governance Division dedicated to the protection of personal information, This Group was established to build an internal personal information protection system to ensure thorough compliance with laws and regulations concerning the protection of personal information and to ensure appropriate handling.

Anonymization and Encryption of Personal Information

JINS has established methods for managing and sharing personal information assets by confidentiality level based on information protection guidelines, and has implemented encryption and other security measures.

Appropriate Management of Contractors

JINS evaluates the information security management systems of contractors whenever we outsource work to those contractors involving the processing or transfer of internal or highly confidential information assets. Contractors are selected based on the evaluation results and approved by the manager responsible for information security management. In addition, we ensure that clauses on information security are included as appropriate in outsourcing contracts.

Providing Personal Information to Third Parties

JINS may provide personal data to third parties in order to provide better services. Except when stipulated by law or other personal information protection regulations, JINS may provide personal data to third parties only to the extent necessary to achieve the purpose of its use after obtaining the prior consent of the principal. In cases where personal data is received from a third party, we will store the information for a period of time stipulated by laws and regulations after confirming the circumstances, such as how the third party collected the information.

Protecting Confidential Information

To protect confidential information, JINS takes appropriate measures to ensure the security of communications, including e-mail for all employees of the JINS Group.