Personal information provided by customers will be handled in accordance with the Act on the Protection of Personal Information (hereinafter referred to as "Personal Information Protection Act") and other related laws and regulations, as well as this "Basic Policy on Personal Information Protection" and "Important Matters for Handling of Personal Information.
The Group acquires and retains customers' personal information for the "Purposes of Use of Personal Information" as described in the Important Matters for Handling of Personal Information. In order to live up to the trust of our customers as a business operator handling personal information, the Group handles the personal information it acquires and retains as follows.
Purpose of use of personal information
Medical corporations belonging to the Group will use your personal information for the following purposes.- Provision of medical services to customers, sales of medical-related products, and various other related matters
- Collaboration with other medical institutions, laboratories, and research organizations in connection with the provision of medical services to customers
- Administrative procedures for the provision of medical services
- Case studies within the Group for the purpose of improving the quality of medical services
- Sending and receiving questionnaires regarding medical services provided by the Group and medical-related products sold by the Group, and various related responses
- Providing information to customers via e-mail, SNS, or postal mail regarding medical services provided by the Group and medical-related products sold by the Group
- To provide and solicit SBC Medical Group Holdings Inc.’s medical services and medical-related products sold by SBC Medical Group Holdings Inc or products and services of third parties in accordance with the interests and concerns of customers based on analysis of their attributes and behavioral history in the media of SBC Medical Group Holdings Inc. or third parties to advertise (including listing advertisements and affiliate advertisements and other marketing)
- Provision of SBC Point System and other services for SBC Members (MySBC, etc.) SBC Members
- To respond to inquiries and contact customers
Joint use of personal information within the Group
Domestic medical corporations belonging to the Group may share the personal information listed below for the purposes described in "1. purpose of use of personal information”.The Group's secretariat will be responsible for the management of personal information in the case of joint use.- Name, gender, date of birth, address, occupation, nationality, e-mail address, telephone number and other personal information provided in the medical questionnaire
- Personal information (including medical records and other medical information) related to medical services provided by the Group to customers
- Personal information related to medical-related products sold by the Group to customers
- Personal information related to the SBC Point System, including SBC Members (MySBC, etc.) customer numbers and history of SBC Points awarded, used and outstanding
- Information registered by the customer on the Group's SNS
- Other personal information held by the Group as necessary to provide services to customers
Provision of personal information to third parties
The Group may provide the personal information of customers who have agreed to this Privacy Policy to third parties in the following cases, in addition to those stipulated by laws and regulations.- When it is necessary to cooperate with other hospitals, clinics, pharmacies, laboratories, research institutions, etc., in order to provide medical services to the customer
- When responding to a medical inquiry from another medical institution where the customer is receiving treatment
- When there is a need for administrative processing related to health insurance, medical insurance, etc.
Outsourcing the handling of personal information
The Group may outsource part or all of its personal information handling operations. The Group appropriately supervises the handling of personal information by the subcontractor.Use of pseudonymized processed information (*)
The Group may generate and use pseudonymized information based on personal information. The Group's secretariat is responsible for the management of personal information when using such information.*Pseudonymized information is information that has been processed from personal information by deleting or replacing personally identifiable information (such as names) with other information so that a specific individual cannot be identified unless the information is cross-checked with other information.Request for information disclosure, etc.
Upon receiving a request for reference, correction, suspension of use, deletion, etc., of personal information, the Group will promptly take measures to protect the rights and interests of the person concerned after confirming the identity of the person in accordance with the prescribed procedures.Measures taken for the secure management of retained personal data
- Establishment and publication of rules for personal information protection
Basic rules, standards, guidelines, etc. for personal information have been established for each stage of personal information acquisition, use, storage, deletion, disposal, etc., including handling methods, responsible persons and persons in charge, and their duties. The system for handling complaints has also been included, and is posted in hospitals and offices, as well as on the website, to ensure that patients, users, etc. are fully informed of the rules and regulations.- Organization and other systems to promote the protection of personal data
We have established supervisors and managers for the handling of personal data and clarified the employees who handle personal data and the scope of personal data handled by them. In addition, the Company conducts periodic self-inspections of the status of personal data handling to improve the handling process.- Establishment of reporting and liaison system in case of leakage, etc. of personal data
- In case of leakage, etc. of personal data, or when it is judged that there is a high possibility of such an occurrence;
- In case of violation of rules, etc. concerning handling of personal data, or when it is judged that there are high indications of such a violation, In addition, the Company has established a system for reporting to and communicating with the person in charge, etc., of the handling of personal data. We are also working to coordinate with the system for responding to complaints.
- Establishment of rules and regulations concerning the protection of personal information at the time of employment contracts
In employment contracts and employment regulations, we have established rules and regulations concerning the protection of employees' personal information, such as imposing confidentiality obligations, including after leaving employment, and ensure compliance with such rules and regulations.- Implementation of education and training for employees
We are working to raise employee awareness of the protection of personal information through the implementation of education and training for employees.- Physical Security Control Measures
We defines the areas where personal information is handled and implements access control for employees and restrictions on equipment, etc. that they may bring into the office. Measures are also taken to prevent unauthorized access to personal data.- Technological Security Control Measures
We implement access control to systems that hold personal data, limiting the scope of persons in charge and the databases handled. In addition, we have implemented a system to protect information systems that handle personal data from unauthorized external access and unauthorized software (password settings, encryption, and the latest security software), and have thoroughly implemented vulnerability countermeasures.- Storage of Personal Data
When personal data is stored for a long period of time, it is stored appropriately to prevent loss of personal data by preventing deterioration of the storage media. When storing personal data, we store it in a searchable form so that we can respond quickly when necessary, such as when responding to an inquiry from the person in question.- Disposal and deletion of unneeded personal data
When disposing of unneed personal data or information equipment that handled personal data, we dispose of them in a form that makes them unrecoverable. When these disposal operations are outsourced, the handling of personal data is clearly stipulated in the outsourcing contract.
Inquiries regarding personal information
For inquiries regarding personal information, or requests for disclosure, correction, suspension of use, etc. of personal information, please contact us using the inquiry form below. When making a request for disclosure, we may ask you to provide a copy of an official document such as a driver's license or passport to verify your identity (in the case of a request by a representative, we may ask you to provide documents to verify the identity of the customer and the representative, as well as a letter of attorney, etc.). In addition, when notifying the customer of the purpose of use or disclosing personal information, the customer may be charged for the actual cost of postage and handling fees (please note that the actual cost and handling fees will not be returned even if the request is denied.).