Personal Information Protection Policy

Personal Information Protection Policy

THERMOS K.K. (hereinafter, the "Company") acknowledges its social responsibility to protect the personal information it acquires from you, and has adopted and implements the following basic policy related to the handling of personal information to properly protect the personal information of our customers, business partners, applicants for job openings, the executives and staff of the Company (hereinafter referred to as “Executives and Staff”), and resignees, etc.

Basic policy

  • The Company shall comply with the Act on the Protection of Personal Information, the Handling of Personal Information given below, related laws and regulations, internal rules, etc., obtain proper personal information, and use and provide personal information within the scope of the purpose of use.
  • By implementing proper security measures, the Company shall endeavor to avoid leakage, loss or damage to the personal information that is handled. If an accident occurs, the Company shall immediately find the cause and implement measures to take the necessary corrective action and avoid recurrence.
  • The Company shall clearly define rules for handling personal information with internal rules, etc., and provide education and training to ensure that Executives and Staff fully know the rules. When the Company provides personal information to a subcontractor, it manages and monitors the subcontractor to ensure that the personal information is handled properly.
  • Regarding the personal information that the Company possesses, it shall receive complaints and requests for consultation, disclosure, correction and the suspension of use, etc. from the information owner at a fixed service counter.
  • The Company shall establish and periodically inspect the management system including personal information protection, and continuously improve the system based on the results.

Enacted : January 1, 2008
Revised : February 1, 2022

THERMOS K.K.
Mita NN Building 4-1-23, Shiba, Minato-ku, Tokyo
Yuji Kataoka, Representative Director and President

Handling of Personal Information

THERMOS K.K. (hereinafter, the "Company") does not use the personal information it gathers beyond the scope required to achieve the purpose of use described below, except where prescribed by laws and regulations or the concerned person agrees.

1. Purpose of use of personal information

(1) Personal Information related to customers

  1. The Company uses personal information obtained from customers for the following purposes.
  • To handle matters related to our products such as sales, repair, support, inquiries and requests for catalogues and information
  • To conduct introductions to our products and services, proposals, and notification and execution of campaigns and events
  • To research products and services through questionnaires, etc, and handle related tasks
  • To provide online services, notify changes/additions/abolishions to services, conduct questionnaire surveys to improve the quality of services, implement advertising, sales promotions, events and special offer programs and process other requests
  1. The Company analyzes and uses information for the following purposes, including information about a customer’s purchase history, survey response, address, date of birth, and family structure, etc.
  • To provide information on products, services, campaigns, etc. according to a customer’s preferences and lifestyle
  • To provide information on stores, services, campaigns, etc. according to the area where a customer resides
  • To conduct additional surveys based on a customer’s survey responses
  1. From a tool operated by a third party, the Company collects the information of advertisements that customers clicked to access our website, such as the date and time of the click, the websites which place the advertisements on, etc.. The Company collates the information with the customers' purchase history and use the information for the following purpose.
  • To measure the effectiveness of advertisements.

(2) Personal information related to our business partners

  • To sell our products, procure materials, etc. and fulfill other contracts
  • To prepare payment records

(3) Personal information related to applicants for job openings

  • To recruit employees

(4) Personal information related to our executives

  • To manage personnel, provide welfare programs, perform social insurance procedures and handle other employment-related matters

(5) Personal information related to resignees

  • To provide information

2. Security control measures

(1) Establishment of the basic policy

  • This policy has been established to ensure the proper handling of personal information and to inform our customers of a point of contact for questions and complaint handling.

(2) Establishment of the rules on the handling of personal information

  • Regulations on the management of personal information have been established to set out the handling methods, responsible persons, relevant personnel, and their duties for the respective phases, including the acquisition, use, storage, provision, deletion, disposal and other handling of personal information.

(3) Organizational security control measures

  • A person responsible for the handling of personal information has been established.
  • Employees who may handle personal information and the scope of personal information handled by such employees have been clarified.
  • A reporting and communication system has been established in preparation for any actual or possible breach of laws or internal rules that may be detected.
  • The status of the handling of personal information at a department is periodically self-inspected and audited by another department.

(4) Personnel security control measures

  • Periodic training is provided to employees on matters to be noted in handling personal information.
  • Matters concerning confidentiality of personal information are specified in the employment rules.

(5) Physical security control measures

  • Measures have been taken in the areas where any personal information is handled to manage entering/exiting employees and prevent personal information from being viewed by any unauthorized person.
  • Measures have been taken to prevent any theft or loss of equipment, electronic media, documents, etc. that handle or contain personal information.
  • Measures have been taken to ensure that personal information is not easily leaked when carrying equipment, electronic media, etc. that handle or contain personal information, including when moving within a company office.

(6) Technical security control measures

  • Access control has been implemented to limit the scope of relevant personnel and the personal information handled.
  • Mechanisms have been introduced to protect information systems that handle personal information from unauthorized access or software from outside sources.

3. Provision of personal information, etc.

(1) Provision of personal information to a third party

The Company will not provide the personal information it has gathered to a third party without the consent from the concerned persons in advance. However, the following cases are exempted.

  • When based on laws and regulations
  • When necessary to protect someone’s life, health or property, and it is difficult to obtain the consent of the person
  • When particularly required to improve public health or promote healthy growth of children, and it is difficult to obtain the consent of the person
  • When cooperation with an agency of the central or local government or a party assigned by such an agency to process a task defined in laws and regulations is required, and obtaining the person’s consent would incur the risk of hindering the execution of the task.

(2) Outsourcing

To achieve the purpose of use, the Company may disclose and provide personal information within the necessary scope to our subcontractor. In this case, the Company enters into a non-disclosure agreement with the subcontractor, and conducts tough control of the subcontractor so that personal information is managed properly.

  • Outsourcing of tasks related to our products such as repair, support and inquiry handling
  • Outsourcing of the implementation of campaigns, events, etc.
  • Outsourcing of questionnaire surveys, compilation, etc.
  • Outsourcing of mailing

4. Procedures for fulfilling a request for the disclosure, etc. of personal information

Regarding personal information held by the Company, if you have a request regarding notification of the purpose of use, disclosure, correction/addition/deletion of the content, or suspension of the provision of the information to a third party (hereinafter referred to as “Disclosure, etc.”), please submit a request to us according to the following procedures. Personal information that may be covered by a request is limited to personal data held by the Company for which the Company has the authority to perform Disclosure, etc

(1) How to request Disclosure, etc.

If you would like to request Disclosure, etc., please send us the necessary documents as listed in item ① through item ④ below by postal mail.

  1. Disclosure, etc. Request Form

You should first obtain a “Disclosure, etc. Request Form” from the Personal Information Service Counter listed below and fill out the form with the necessary information.

  1. Identity verification documents

Please submit one of the following documents to allow us to confirm your identity.

  • A copy of your driver's license
  • A copy of your passport
  • A copy of your health insurance card
  • A copy of your My Number card (front side only)
  • A copy of your alien registration card
  • A copy of your resident card
  • A copy of your special permanent resident certificate
  • A copy of your physical disability certificate
  • Your certificate of residence (not older than three months from the preparation date)
  • A copy or extract of your family register (not older than three months from the preparation date)
  1. Proxy verification documents

When a “Disclosure, etc. Request Form” is submitted by proxy, the form must be accompanied by all the following documents:

  • One of your identity verification documents as listed in item ②
  • One of your proxy’s identity verification documents as listed in item ②
  • Your proxy statement (If your proxy is a legal representative such as a person with parental authority, your proxy statement may be substituted by a copy or extract of the family register or a certificate of adult guardianship registration that shows the relationship between you and your proxy, which must be not older than three months from the preparation date.)
  1. Fee

When you submit a “Disclosure, etc. Request Form” for notification of the purpose of use or disclosure, please enclose stamps or a fixed amount postal money order worth 1,000 yen (including consumption tax) as the fee per request.

(2) Cases where the Company may not accept a Disclosure, etc. request

  1. There is a possibility that the Disclosure, etc. would harm the principal’s or third party's life, body, fortune or other rights and interests.
  2. There is a possibility that Disclosure, etc. would encourage or induce an illegal or unjust act.
  3. Disclosure, etc. is likely to undermine national security, damage a relationship of confidence with a foreign country or international organization, or put the country at a disadvantage in negotiations with another country or with an international organization.
  4. Disclosure, etc. is likely to seriously interfere with the proper implementation of the business of the Company.
  5. Disclosure, etc. would violate a law or regulation.
  6. There is a need to cooperate in regard to a central government organization or a local government performing affairs prescribed by laws and regulations, and when there is a possibility that informing a principal of, or disclosing to the public, a utilization purpose would interfere with the performance of the said affairs.

(3) Notification of our response

The Company will make Disclosure, etc. to the extent that we can confirm that the requested personal information is that of you based on the Disclosure, etc. Request Form and identity verification document submitted by you. How Disclosure, etc. turns out (if applicable, our unacceptability of Disclosure, etc.) will be sent to you in writing by postal mail or as an electromagnetic record by e-mail according to your request. However, if it is difficult to provide an electromagnetic record, the Company will notify you of that effect and instead deliver you a written document. It will take around 10 business days for us to send our response to you.

(4) Others

After your Disclosure, etc. Request Form reaches the Company, we will check the information stated in the form against your record held by us and may contact you by email or phone to verify your identity. Personal information stated in the Disclosure, etc. Request Form and identity verification document submitted by you will be used only to the extent necessary to make Disclosure, etc. Please note in advance that you may not have the documents sent back to you once they are submitted to the Company.

(5) Mailing address for submitting documents

Personal Information Service Counter, THERMOS K.K.
Mita NN Building 4-1-23, Shiba, Minato-ku, Tokyo
108-8405

5. Contact details for inquiries related to the handling of personal information

For complaints or consultation regarding our handling of personal information, please contact the following service counter.

Personal Information Service Counter, THERMOS K.K.
Mita NN Building 4-1-23, Shiba, Minato-ku, Tokyo
108-8405
Phone: 03-5730-0130
Business hours: 9:00 to 17:00, Monday through Friday excluding
public holidays and Company holidays

Enacted : January 1, 2008
Revised : April 1, 2022