sbc logo
Company Information
News
Investor Relations
日本語
header hamburgerIcon
corporate overview

PRIVACY POLICY

SBC Medical Group Holdings Inc. has established the "Basic Policy on Personal Information Protection" and "Important Matters for Handling Personal Information" to protect personal information provided by our customers.
Personal information provided by customers will be handled in accordance with the Act on the Protection of Personal Information (hereinafter referred to as "Personal Information Protection Act") and other related laws and regulations, as well as this "Basic Policy on Personal Information Protection" and "Important Matters for Handling of Personal Information.

Basic Policy on Personal Information Protection

The Group acquires and retains customers' personal information for the "Purposes of Use of Personal Information" as described in the Important Matters for Handling of Personal Information. In order to live up to the trust of our customers as a business operator handling personal information, the Group handles the personal information it acquires and retains as follows.
[Basic Policy]
  • We will comply with the Personal Information Protection Law and other related laws and regulations in handling personal information.
  • The purpose of use of personal information shall be specified to the greatest extent possible, and the information shall be handled appropriately within the scope necessary to achieve said purpose.
  • Personal information shall be acquired in a lawful and fair manner. We will not acquire any personal information without obtaining the prior consent of the customer, except as required by law.
  • Personal information will be kept as accurate and up-to-date as possible, and efforts will be made to delete it without delay when it is no longer necessary to use it.
  • Personal information will not be provided to third parties without the consent of the individual, except as required by law.
  • To prevent damage, leakage, or unauthorized acquisition of personal information, we will take necessary and appropriate measures, such as establishing internal rules for the protection of personal information, establishing an appropriate system, and implementing strict security measures.
  • We will establish a consultation service for the protection of personal information and endeavor to respond appropriately to complaints and offers.
  • The Group will periodically review its personal information protection system. If any significant changes are made as a result of the review, we will notify you of such changes by posting them on our website or by other appropriate means.

Important Matters for Handling Personal Information

Purpose of use of personal information

Medical corporations belonging to the Group will use your personal information for the following purposes.
  • Provision of medical services to customers, sales of medical-related products, and various other related matters
  • Collaboration with other medical institutions, laboratories, and research organizations in connection with the provision of medical services to customers
  • Administrative procedures for the provision of medical services
  • Case studies within the Group for the purpose of improving the quality of medical services
  • Sending and receiving questionnaires regarding medical services provided by the Group and medical-related products sold by the Group, and various related responses
  • Providing information to customers via e-mail, SNS, or postal mail regarding medical services provided by the Group and medical-related products sold by the Group
  • To provide and solicit SBC Medical Group Holdings Inc.’s medical services and medical-related products sold by SBC Medical Group Holdings Inc or products and services of third parties in accordance with the interests and concerns of customers based on analysis of their attributes and behavioral history in the media of SBC Medical Group Holdings Inc. or third parties to advertise (including listing advertisements and affiliate advertisements and other marketing)
  • Provision of SBC Point System and other services for SBC Members (MySBC, etc.) SBC Members
  • To respond to inquiries and contact customers

Joint use of personal information within the Group

Domestic medical corporations belonging to the Group may share the personal information listed below for the purposes described in "1. purpose of use of personal information”.
The Group's secretariat will be responsible for the management of personal information in the case of joint use.
  • Name, gender, date of birth, address, occupation, nationality, e-mail address, telephone number and other personal information provided in the medical questionnaire
  • Personal information (including medical records and other medical information) related to medical services provided by the Group to customers
  • Personal information related to medical-related products sold by the Group to customers
  • Personal information related to the SBC Point System, including SBC Members (MySBC, etc.) customer numbers and history of SBC Points awarded, used and outstanding
  • Information registered by the customer on the Group's SNS
  • Other personal information held by the Group as necessary to provide services to customers

Provision of personal information to third parties

The Group may provide the personal information of customers who have agreed to this Privacy Policy to third parties in the following cases, in addition to those stipulated by laws and regulations.
  • When it is necessary to cooperate with other hospitals, clinics, pharmacies, laboratories, research institutions, etc., in order to provide medical services to the customer
  • When responding to a medical inquiry from another medical institution where the customer is receiving treatment
  • When there is a need for administrative processing related to health insurance, medical insurance, etc.

Outsourcing the handling of personal information

The Group may outsource part or all of its personal information handling operations. The Group appropriately supervises the handling of personal information by the subcontractor.

Use of pseudonymized processed information (*)

The Group may generate and use pseudonymized information based on personal information. The Group's secretariat is responsible for the management of personal information when using such information.*Pseudonymized information is information that has been processed from personal information by deleting or replacing personally identifiable information (such as names) with other information so that a specific individual cannot be identified unless the information is cross-checked with other information.

Request for information disclosure, etc.

Upon receiving a request for reference, correction, suspension of use, deletion, etc., of personal information, the Group will promptly take measures to protect the rights and interests of the person concerned after confirming the identity of the person in accordance with the prescribed procedures.

Measures taken for the secure management of retained personal data

  1. Establishment and publication of rules for personal information protection
    2. Basic rules, standards, guidelines, etc. for personal information have been established for each stage of personal information acquisition, use, storage, deletion, disposal, etc., including handling methods, responsible persons and persons in charge, and their duties. The system for handling complaints has also been included, and is posted in hospitals and offices, as well as on the website, to ensure that patients, users, etc. are fully informed of the rules and regulations.
  2. Organization and other systems to promote the protection of personal data
    3. We have established supervisors and managers for the handling of personal data and clarified the employees who handle personal data and the scope of personal data handled by them. In addition, the Company conducts periodic self-inspections of the status of personal data handling to improve the handling process.
  3. Establishment of reporting and liaison system in case of leakage, etc. of personal data
    1. In case of leakage, etc. of personal data, or when it is judged that there is a high possibility of such an occurrence;
    2. In case of violation of rules, etc. concerning handling of personal data, or when it is judged that there are high indications of such a violation, In addition, the Company has established a system for reporting to and communicating with the person in charge, etc., of the handling of personal data. We are also working to coordinate with the system for responding to complaints.
  4. Establishment of rules and regulations concerning the protection of personal information at the time of employment contracts
    5. In employment contracts and employment regulations, we have established rules and regulations concerning the protection of employees' personal information, such as imposing confidentiality obligations, including after leaving employment, and ensure compliance with such rules and regulations.
  5. Implementation of education and training for employees
    6. We are working to raise employee awareness of the protection of personal information through the implementation of education and training for employees.
  6. Physical Security Control Measures
    7. We defines the areas where personal information is handled and implements access control for employees and restrictions on equipment, etc. that they may bring into the office. Measures are also taken to prevent unauthorized access to personal data.
  7. Technological Security Control Measures
    8. We implement access control to systems that hold personal data, limiting the scope of persons in charge and the databases handled. In addition, we have implemented a system to protect information systems that handle personal data from unauthorized external access and unauthorized software (password settings, encryption, and the latest security software), and have thoroughly implemented vulnerability countermeasures.
  8. Storage of Personal Data
    9. When personal data is stored for a long period of time, it is stored appropriately to prevent loss of personal data by preventing deterioration of the storage media. When storing personal data, we store it in a searchable form so that we can respond quickly when necessary, such as when responding to an inquiry from the person in question.
  9. Disposal and deletion of unneeded personal data
    10. When disposing of unneed personal data or information equipment that handled personal data, we dispose of them in a form that makes them unrecoverable. When these disposal operations are outsourced, the handling of personal data is clearly stipulated in the outsourcing contract.

Inquiries regarding personal information

For inquiries regarding personal information, or requests for disclosure, correction, suspension of use, etc. of personal information, please contact us using the inquiry form below. When making a request for disclosure, we may ask you to provide a copy of an official document such as a driver's license or passport to verify your identity (in the case of a request by a representative, we may ask you to provide documents to verify the identity of the customer and the representative, as well as a letter of attorney, etc.). In addition, when notifying the customer of the purpose of use or disclosing personal information, the customer may be charged for the actual cost of postage and handling fees (please note that the actual cost and handling fees will not be returned even if the request is denied.).
Company InformationNewsInvestor RelationsSEC Filings

Address:200 Spectrum Center Drive Suite 300 Irvine, CA 92618 USA

copyright2023 SBC Medical Group Holdings, Inc. - All rights reserved.