Privacy Policy

Hokkaido Railway Company’s Basic Policy on the Protection of Personal Information

1. Basic Policy

Hokkaido Railway Company (“the Company”) complies with all laws and internal regulations pertaining to the protection of personal information and obtains, uses and manages such information appropriately.

2. Handling of Personal Information

(1) Obtainment of personal information
In obtaining personal information, the Company specifies its purpose of use as clearly as possible and obtains such information within the extent necessary to achieve the purpose of use.

(2) Appropriate use and provision of personal information, and entrustment of its handling
The Company uses personal information within the scope necessary to achieve its purpose of use.
The Company shall not use any personal information other than to achieve its purpose of use or provide personal data to third parties except in cases in which the customer personally gives his/her consent in advance, in cases in which the use or provision of personal information is based on laws, or in cases in which the use or provision of personal information is necessary for the protection of vital interests, such as the life or property of the customer.
When entrusting personal information to contractors, the Company shall provide appropriate guidance and supervision to appropriate parties. The Company shall not disclose personal data to any parties other than the cooperating companies with which it has concluded a non-disclosure agreement.

(3) Appropriate management
The Company conducts appropriate management of personal information by assigning a manager to each business which handles personal information. The Company also develops regulations, manuals and other types of guides pertaining to the protection of personal information and makes all employees thoroughly aware of them.

(4) Disclosure, deletion, correction, etc. (and inquiries, updates, etc.)
When requested by a customer to disclose, delete or correct (or inquire about, update, etc.) his/her personal data in the possession of the Company, the Company shall do so within a reasonable timeframe and scope.

(5) Other In addition to this Privacy Policy, the Company may stipulate rules regarding the handling of personal information for each business if necessary

Information the Company Publicly Announces Based on the Act on the Protection of Personal Information

The Company publicly announces the following information based on the Act on the Protection of Personal Information.

(1) Name, address and representative of the business operator that handles personal information
Hokkaido Railway Company
1-1, Kita 11-jo Nishi 15-chome, Chuo-ku, Sapporo
President Yasuyuki Watanuki

(2) Purposes of use of personal information
Personal information obtained by the Company (including that obtained by contracting out the handling of such information) in the course of operating railway business and other associated businesses (including hotel business; hereinafter referred to as railway business, etc.) is used for the following purposes:

  • To provide products/services of railway business, etc. and to address situations associated with product/service provision
  • To provide information on products/services of railway business, etc. and other business activities of the Company
  • To devise and develop new products/services related to railway business, etc.
  • To charge and collect fares and fees and protect receivables related to products/services of railway business, etc. (including cases of requesting the procedure of payment via credit cards or the like to credit companies or other financial institutions)
  • To ensure safety in railway business, etc.
  • To conclude, execute and maintain/manage contracts that cover the provision of products/services of railway business, etc.
  • To conduct questionnaire surveys, run prize drawings/competitions and other promotions, contact the winners of such drawings/competitions and deliver goods, etc.
  • To receive and respond to opinions and requests from customers and reflect customer feedback to improve services, etc.
  • To enable the Company to contact customers, etc.
  • To maintain facilities, equipment and devices, and to manage their use
  • To study and research the market, etc. and conduct business analysis
  • To manage employment, recruit job seekers, and provide the Company’s job information
  • To execute agency business entrusted by travel agencies, transport service providers, accommodation facilities, other tourist facilities, telecommunications carriers, insurance companies, etc.

○ If the Company separately stipulates purposes of use of personal information for each business, those purposes shall apply.
○ Purposes of use of personal information by JR Sapporo Hospital are posted inside the hospital.

(3) Security management measures implemented by the Company

a. Development of basic policy

  • A basic policy has been developed to ensure proper handling of personal information.

b. Implementation of security management measures as an organization

  • A security manager is appointed for each operation involved in the handling of personal information. Security managers carry out self-inspection of the handling of personal information in their own workplaces on a regular basis. In addition, an audit is conducted by general managers who supervise office work related to personal information handling.

c. Implementation of security management measures from a human resources perspective

  • Training focused on precautions in handling personal information is offered on a regular basis at each workplace.

d. Security management measures from a physical perspective

  • Personal information management ledgers are prepared to understand personal information retained by the Company.
  • Measures are taken to prevent devices that handle personal data and electronic media and documents that contain personal information from being stolen or lost. In addition, data containing personal information are protected with passwords. Thus, measures have been put in place to ensure that personal information cannot be identified easily.

e. Security management measures from a technical perspective

  • Access to the servers that store personal information is limited. Such access is authorized only to staff in charge of the handling of personal information, and the scope of personal information that the staff are authorized to handle is also limited.