Data Protection Policy on Personal Information and Confidential Client Information

View this page in: 日本語

We, Zeirishi-Hojin PricewaterhouseCoopers, PricewaterhouseCoopers Management Co., Ltd., and PricewaterhouseCoopers Labor and Social Security Attorney Office, will comply with Act on the Protection of Personal Information, its Enforcement Order and other relevant regulations including the guideline provided by the Ministry of Finance, and protect personal information or data including business card data or information concerning an individual that is created by the relevant PricewaterhouseCoopers network of firms ("PwC"), e.g., an employee identification number (collectively "Personal Information" *i) at higher level in accordance with the principles mentioned below. Zeirishi-Hojin PricewaterhouseCoopers will also comply with Articles 38 and 54 of Zeirishi-Ho (Tax Accountant Law) and other relevant laws and regulations, and protect confidential client information or data (collectively "Confidential Client Information" *ii ) at higher level in accordance with the principles mentioned below.

1. Principles of collection and use
 
  1. Notice to data subjects* iii
    When Personal Information is collected in writing directly from a data subject, we will specify the purpose of the use and we will provide data subjects with notice about the purpose of the use and the types of information collected. When Personal Information is not collected directly from a data subject, or is not collected from a data subject in writing, a public announcement of the purpose of the use (e.g. via a website) as allowed by relevant laws or regulations, instead of such notice, will suffice.

  2. Purpose and Use
    We will only collect and use Personal Information and Confidential Client Information for legitimate regulatory, client service and PwC business purposes. Subject to any applicable legal or regulatory requirements and professional standards, we will keep Personal Information and Confidential Client Information confidential, and will only disclose this information to personnel in another PwC firm or a third party that needs to have access to the information for any of the appropriate purposes mentioned above. In this case, we see it as our responsibility to obtain the consent of the data subjects or clients concerned as to the information disclosure, and be able and willing, upon request, to explain to our clients, what Confidential Client Information is shared with third parties or with other PwC firms or across county borders, where and with whom, and for what purposes.

  3. Data quality
    We will take appropriate measures to collect only Personal Information and Confidential Client Information that is adequate, relevant, and not excessive for the intended purposes, and to keep Personal Information and Confidential Client Information up-to-date for the intended purposes.

  4. Data retention
    Personal Information and Confidential Client Information should be retained no longer than necessary for the intended purposes, unless a longer retention period is required under any applicable legal or regulatory requirements or relevant PwC document retention policies.
2. Principle of respect of data subjects’ rights of access
  Upon reasonable request, and in accordance with the requirements of any applicable laws and regulations, we will provide data subjects with appropriate information on their Personal Information to confirm that it is accurate and up-to-date, as well as the right to request correction of their Personal Information.
3. Principle of security safeguards
 
  1. Security safeguards
    We will take necessary and appropriate security safeguards measures to secure Personal Information and Confidential Client Information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access and all other unlawful forms of processing.

    For such purposes, we will comply with the PwC Global Information Security Policy ("ISP"), which conforms to the International Organization for Standardization ("ISO") security standards, as well as our ISP.

    We will also conduct proper guidance with regard to the security safeguards of Personal Information and Confidential Client Information to our partners, employees and other staff.

  2. Disclosures of Personal Information and Confidential Client Information
    When disclosing Personal Information or Confidential Client Information to another PwC firm or a third party, we will make certain that recipients agree to comply with the provisions of this Policy and relevant laws, regulations and contract.

  3. Cross-border transfers of Personal Information and Confidential Client Information
    When transferring or receiving Personal Information or Confidential Client Information across country borders, we will comply with any relevant legal, professional or contractual requirements.
4. Principle of continual improvement
  We will make efforts to review and improve regularly the compliance programs for this data protection.
5. Enforcement
  We will adhere to the letter and spirit of this Policy and relevant laws, regulations and professional standards. We will raise questions and concerns in good faith through appropriate PwC channels. Compliance with relevant laws, regulations and professional standards, this Policy and related regulations, PwC Global Data Protection Policy and contracts is the responsibility of every PwC partner, staff member and firm. Those who violate this Policy and related regulations may be subject to disciplinary action, up to and including dismissal.
Effective on and after April 3, 2005
Amended on June 1, 2006
Amended on June 17, 2008
Amended on August 1, 2011

* i "Personal Information" means information or data about a living individual which can identify the specific individual by name, date of birth or other description contained in such information (including such information as will allow easy reference to other information and will thereby enable the identification of the specific individual).

* ii "Confidential Client Information" refers to information or data subject to professional secrecy, confidential and/or proprietary data relating specifically to a client’s business, and other information identified as subject to professional secrecy, confidential and/or proprietary by a client. This information includes, but is not limited to, business procedures, marketing plans, merger and acquisition data, financial information, the names of the clients in certain cases, and descriptions of the work being performed. This information does not include publicly-available information or information in the public domain.

* iii "Data subject” means the specific individual identified or identifiable by “Personal Information".