Policy on the Protection of Personal Information

Home | Policy on the Protection of Personal Information

Privacy Policy Policy on the Protection of Personal Information

Philosophy on the Protection of Personal Information

ELAN Corporation (hereinafter, the “Company”) conducts business activities centered on daily necessities rental services for hospitalization and residential care, based on our principle of pursuing the best products and services that satisfy our customers and contributing to the realization of an enriching living environment through our passionate actions.

We recognize personal information obtained from customers and employees through our business activities (including specific personal information; hereinafter, “personal information”) as extremely important information assets, and see it as our Company’s social responsibility to securely protect such personal information.

Therefore, we handle personal information obtained through our business activities in accordance with the following policies to provide peace of mind to our customers and employees and to fulfill our social responsibility with regard to the protection of personal information.

Policy

Acquisition, use, and provision of personal information

We will acquire personal information in a lawful and fair manner.
We will use personal information only to the extent necessary to achieve the specified purposes of use.
We will obtain the prior consent of the individual when providing personal information to a third party.
We will not use personal information for any other purpose than the purposes specified, and will take measures to ensure that this is the case.
If it becomes necessary to use personal information for purposes other than those specified, we will once again obtain the consent of the individual prior to using the information.

Regarding laws, national guidelines, and other standards (hereinafter, “laws and regulations”)

We will strive to keep abreast of laws and regulations related to the business of handling personal information, and will ensure that all employees engaged in our business (hereinafter, “employees”) and business partners are aware of and comply with such laws and regulations.

Security management related to personal information

We will implement appropriate measures for computers, networks, facilities, and equipment to prevent leakage of personal information.
To ensure the prevention of loss or damage, we will prepare for disasters, failures, and similar events. We will also back up information in preparation for any of these.
We will conduct inspections and promptly correct any violations, incidents, or accidents that are discovered, and implement preventive measures to shore up weak points.
We will provide thorough security training to all employees and business partners.

Complaints and inquiries

In order to deal with complaints and inquiries regarding the handling of personal information, we will establish the Personal Information Inquiry Desk and arrangements to respond promptly, and deal with them in good faith.

Continuous improvement

To realize our policy on the protection of personal information, we will monitor and audit our personal information protection management system for compliance with internal rules to detect violations, incidents, accidents, and weak points, and will have management review the results. We will reflect our findings in management measures and internal rules, and strive to continuously improve our personal information protection management system.
In making improvements, we will comply with laws, regulations, and JIS Q 15001.

Date of enactment: January 1, 2008

Revised: March 1, 2008

Revised: October 1, 2008

Revised: January 1, 2016

Revised: April 1, 2022

Revised: June 22, 2022

ELAN Corporation

Tomohiro Minezaki, Representative Director

For inquiries about personal information protection policy
Personal Information Inquiry Desk
15-12 Idegawamachi, Matsumoto, Nagano Prefecture 390-0826 Japan
TEL: 0120-919-821 (Weekdays 9:00-17:00)
For inquiries
ELAN Corporation PMS Office

Notice Handling of Personal Information

Purposes of Use of Personal Data in Possession

Type of personal information	Purpose of use	Disclosable
Customer information	To respond to inquiries To provide services at hospitals and facilities To bill and collect payment of usage fees, and to contact the customer regarding these matters To contact the customer to confirm contract details To introduce and provide various products and services including those of our affiliated and partner companies To conduct surveys To make payments for the customer for medical or nursing care expenses through affiliated companies, and to bill for such payments To provide services and to ship products	Y
Business partner information	To communicate regarding orders received, billing, and payments To communicate as needed for sales and business activities	Y
Interview applicant information	To contact applicants and consider them for employment When submitting your application, please download the “Agreement on the Handling of Personal Information,” agree to the contents, and enclose a signed copy. Agreement on the Handling of Personal Information (for applicants for employment)	Y
Employee information	To manage employment, including for personnel management, social and labor insurance, health condition management, and employee benefits services.	Y
Emergency contact information	To contact emergency situations,when suddenly become unwell or in the event of a disaster.	Y
Entrusted personal information	To carry out entrusted business	N
Personal information acquired via telephone	To respond to inquiries	N

Measures to Manage Security of Personal Information in Possession

Establishment of policy

The Company’s policy on the protection of personal information is published on our website.

Rule setting

We have established rules concerning handling methods and persons in charge and their duties for each stage including acquisition, use, provision, and disposal of personal information, and we regularly review these rules.

Organizational security management measures

We regularly conduct self-inspections, internal audits, and external audits.

Personal security management measures

We obtain nondisclosure agreements from employees and provide regular training to employees.

Physical security management measures

We manage areas where personal information is handled and has measures in place to prevent the theft of equipment and electronic media.

Technological security management measures

We have taken measures to protect against unauthorized external access.

Understanding the external environment

We use cloud services to store personal information.
The data centers that host these cloud services are located in Japan, the United States of America, and the Republic of Singapore, except for cloud services for which the country of data center location cannot be identified (see below).
After confirming that the relevant cloud services are equipped with appropriate access controls, we work to understand personal information protection systems in the relevant countries and regions, when the data center location can be identified.
Cloud services for which the country of data center location cannot be identified are as follows.

Name of services the Company uses	Google Workspace (Google Drive, Gmail etc.) Slack
Name of overseas countries	Countries where data stored cannot be specified
Reason country names cannot be identified	Not disclosed because data is distributed worldwide as a disaster mitigation measure
Information on systems to protect personal information in foreign countries	Names of foreign countries cannot be identified, so it is not possible to identify systems to protect personal information
Measures taken by relevant third parties to protect personal information	Google is ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018 compliant

Anonymized Information

Creation of anonymized information

For the purpose of maintenance and operation of our services, sales promotion, functional improvement, and planning and development, we will take appropriate measures to anonymize information on an ongoing basis to ensure that specific individuals cannot be identified and that their personal information cannot be restored.
Information items to be anonymized
- Information obtained in connection with services provided by the Company
  Age (date of birth), gender, address (up to city/ward), value of services used, location where services provided, type of services provided, timing (period) of service provision, and number of contracts
Provision of anonymized information to third parties

We will provide anonymized information created or held by the Company to third parties on an ongoing basis after clearly indicating that the information is anonymized.
- Information items on individuals included in the anonymized information to be provided to third parties
  The same items as in “Information items to be anonymized” above
- Method of provision to third parties
  Sending of password-protected electronic files by electronic communication or cloud services with high-level security protection
Security management

We will ensure an appropriate level of security by means such as encrypting data files as necessary.
Inquiries

If you have any inquiries or complaints about the handling of anonymized data, please contact the Personal Information Inquiry Desk.

Disclosure Request Procedures

Regarding personal data held by the Company, we ask that the person concerned or his/her representative follows the procedures below when making a request regarding notification of purpose of use, disclosure, correction, addition or deletion of content, suspension of use, erasure, suspension of provision to third parties, or request to record provision to third parties (hereinafter, “Requests for Disclosure, etc.”).

Contact for Requests for Disclosure, etc.

To make a Request for Disclosure, etc., after attaching necessary documents to the Personal Information Disclosure Request Form, please submit it as an email attachment, by fax, or by postal delivery.
In case of postal delivery, please use a method that allows confirmation of delivery such as registered or simplified registered mail.
Please write “Request for disclosure of personal information enclosed” in red ink on the envelope.
Documents to be submitted with Requests for Disclosure, etc.

When making a Request for Disclosure, etc., please fill in all the items prescribed in the Personal Information Disclosure Request Form.
Verification of identity

We will verify the identity of the person making the Request for Disclosure, etc. by telephone.

However, if we are unable to verify the identity of the person making the request by telephone, we may ask the person to present a copy of his/her driver’s license, certificate of residence, health insurance card, or the like.
Requests for Disclosure, etc. by proxy

If you wish to authorize a representative to make a Request for Disclosure, etc., please enclose the following documents in addition to the Personal Information Disclosure Request Form.
- (1)A document verifying the identity of the proxy (copy)
  
  One of the following: driver’s license, copy of certificate of residence, or health insurance card.
  *Please prepare a copy with the registered domicile blotted out.
- (2)Power of attorney
  
  Please have the principal stamp the power of attorney with their seal, and attach proof of their personal seal registration.
  If the proxy is a legal representative such as a legal guardian, a document showing the relationship with the principal may be submitted in place of the power of attorney.
Fees for requests for disclosure and notifications of purpose of use

A handling fee of 500 yen (tax inclusive) will be charged for each request for disclosure of personal information or notification of purpose of use.
To pay the fee, please remit 500 yen (tax inclusive) by bank transfer.
* We will provide you with bank account information for the transfer when we verify your identity.
* Bank transfer fees are the responsibility of the person making the request.
Please note that we will be unable to disclose information or notify you of the purpose of use if the fee is insufficient or the bank transfer cannot be confirmed.
Method of response to Requests for Disclosure, etc.

We will respond to the request by the method specified by the person making the request (email, fax, or by post).
Name of authorized personal information protection organization and contact for resolution of complaints

If you believe that the Company’s management of personal information is not appropriate, we ask that you first file a complaint with us. If you are not satisfied with our response, you may file a complaint with the authorized personal information protection organization below.

Japan Institute for Promotion of Digital Economy and Community (JIPDEC), Personal Information Protection Complaint and Consultation Office
Roppongi First Building 12F, 1-9-9 Roppongi, Minato-ku, Tokyo 106-0032 Japan
TEL: +81-3-5860-7565

Please note that the above is not the contact information for inquiries about our products and services.

If you believe that the Company’s management of your personal information is not appropriate, we ask that you first file a complaint with us. If you are not satisfied with our response, you may file a complaint with the above authorized personal information protection organization.

Please contact us at the following address with any questions, complaints, or inquiries.

ELAN Corporation: Personal Information Inquiry Desk
15-12 Idegawamachi, Matsumoto, Nagano Prefecture 390-0826 Japan
TEL: 0120-919-821 (Weekdays 9:00-17:00)
For inquiries
ELAN Corporation PMS Office
Person responsible for personal information: General Manager in Charge of Personal Information Protection Management

Date of enactment: January 1, 2008

Revised: June 22, 2022