Do you wish to leave our website?
Handling of Customer Confidential Information and Personal Information (Basic Information Security Policies)
Information assets are an important management resource, and it is necessary to use them effectively in business activities, but information assets include the confidential information of corporate customers that must be managed rigorously and personal information that must be protected in accordance with law. The Company believes that ensuring information security through the secure and appropriate management of these information assets is one of the Company’s most important social missions.
It is with this understanding that the Company has prepared regulations for ensuring information security, established structures for reinforcing information security, conducts comprehensive employee education and guidance concerning the secure and appropriate management of information assets, and has taken the following actions to ensure proper handling of information assets.
1. Creation of information security management structures
To ensure secure and appropriate management and protection of information assets in the Company’s possession, the Company complies strictly with laws, regulations, and other rules concerning information security and has created advanced information security management structures to carry out its corporate social responsibility of ensuring information security.
2. Appointment of an Information Security Officer and creation of a Information Security Committee
The Company appointed an Information Security Officer to oversee all information security for the Marsh Group in Japan and established a permanent Information Security Committee. As a result, it is possible to understand the current status of information security and to implement a variety of group-wide policies relating to ensuring information security.
3. Adoption of internal regulations concerning information security
The Company has adopted various internal regulations to promote the protection of personal information. In the future, the Company will adopt internal regulations concerning overall information security including the protection of the confidential information of customers, and will adopt clear initiatives concerning management of information assets overall.
4. Creation of audit systems
The Company will create systems that are able to perform periodic audits of compliance with basic policies, regulations, and rules and the implementation status of various policies concerning information security.
5. Reinforcement of management structures of external service providers
When the performance of services is outsourced, the Company performs reviews of the appropriateness of service providers and with respect to information security, requires that service providers maintain at least the same levels of security that the Company maintains. Also, the Company periodically confirms that these security levels are being maintained, performs continuous reviews of service providers, and is bolstering contractual provisions concerning information security.
6. Protection of personal information
In light of the importance of procedures concerning the protection of personal information, the Company complies with the Act on the Protection of Personal Information as well as other applicable laws, regulations, and guidelines, handles personal information properly, and takes appropriate measures concerning security and management.
(1) Acquisition of personal information
The Company acquires personal information to the extent necessary for its business operations through lawful and fair means only.
(2) Use of personal information
The Company engages in the insurance broker business and risk management consulting business.The Company uses personal information received through its transactions with customers for the following purposes and shall provide such information to services providers to the extent necessary to achieve the intended objectives.
- Development, proposal, provision, analysis and management of risk management consulting services, products of insurers with which the Company does business, and ancillary and related services
- Planning, proposal, and implementation of Company events, campaigns, questionnaires, and seminars
- Performance of business operations under consignment
- Performance of contracts and transactions
- Response to inquiries and requests for information
- Business-related communications (including sending greeting cards and congratulation and condolence arrangements)
The Company does not engage in the use of personal information that exceeds the scope of purposes previously notified, announced, or made clear to the individual in question (“Use of Information Beyond the Intended Purposes”). The Company implements measures to prevent the use of information beyond the intended purposes. If the Company changes the intended uses of personal information, it shall announce the content of the changes by written notice to the individuals concerned or by posting on its Web site and other means.
(3) Measures for the secure management of personal information
The Company has adopted adequate security countermeasures including the adoption of regulations concerning security management and the creation of implementation structures to prevent leaks and loss of and damage to personal information handled by the Company and to otherwise securely manage personal information. The Company also takes appropriate measures to ensure the accuracy of and timeliness of information necessary for achieving the objective of its use.
(4) Provision of personal information to third parties
The Company shall not provide personal information to third parties without the consent of the individual concerned except when permitted by law.
(5) Sharing of Personal Information
For the following purposes, the company may share personal information obtained or provided through such as transactions and inquiries, with Marsh and McLennan companies and their group companies doing business in accordance with common corporate policies with us (please refer to http://www.mmc.com/ ), in paper or electric data. The company is responsible for management of the personal information.
1. Purposes of the sharing
For the purposes described in the item(2) and for management of the group
2. Items of the personal information
Personal information provided to or obtained by the company such as name, address, telephone number, e-mail address, sex, date of birth and any other business information
(6) Complaints and consultations concerning the Company’s handling of personal information or personal information management structures
Complaints and consultations concerning the Company’s handling of personal information or personal information management structures can be made by contacting the Company at the address or telephone number indicated below. A response to the complaint or consultation will be made after confirming the individual’s identity.
If you do not wish to receive product and service information through the mail or other means, please contact the Company as indicated below.
【Complaint and Consultation Contact Information and Hours of Operation】
Tatsuya Imanishi, Information Security Manager
Marsh Broker Japan, Inc.
9-7-1, Akasaka, Minato-ku, Tokyo 107-6216
Hours of operation: 9:00 a.m. – 5:00 p.m., Monday through Friday (closed on holidays)
Web site : http://www.marsh-mbj.com/en/home.html
(7) Requests for disclosure of Retained Personal Data pursuant to the Act on the Protection of Personal Information
Requests for notice, disclosure, correction, addition to or removal from, suspension of use, deletion, and suspension of provision to third parties (collectively referred to as “Disclosure”) shall be processed after confirming the requesting party’s identity. Requests relating to Retained Personal Data in the possession of an insurer or other company will be forwarded to that company. If an investigation of Retained Personal Data in the Company’s possession indicates that the information is not correct, the information shall be corrected based on those results. Requests for notice or disclosure concerning the use of Retained Personal Data require the payment of a fee (1,000 yen (including consumption tax) per request). Please use the contact information above to make inquiries concerning procedures and application forms.
Adopted: April 1, 2005
Revised: May 15, 2017
Revised: March14, 2019
Revised: September 1, 2019
Ryuji Sato, Representative Director, Chief Executive Officer
Marsh Broker Japan, Inc.
A cookie is an identification tag (text data) transmitted by a website to the browser you use so that the website can identify access to the website from that browser. By using cookies, the browser can be identified the next time the website is accessed, making it possible to use the website more quickly and easily.
Personal information retained by cookies is limited to the personal information that you provide, and data cannot be read from your computer’s hard drive. Also, the cookies can identify only the browser and cannot identify the individual using the browser.
You can set your browser to reject cookies, but in this case, the functions that you can use may be limited.
The Company uses only first-party cookie issued directly from this website, and we do not use third-party cookies or inappropriate cookies that can read information from sites other than this site.
A web beacon is a small image file embedded in a website. When a particular page on this site with a linked web beacon is viewed, it is possible to statistically determine whether the webpage was visited and how many times it was visited. The Company performs these operations anonymously.