Epirecipe PHOTO Information Security Basic Policy
1. About Information Security
2. Information Security Basic Policy
3. Personal Information Protection Policy
4. Purpose of Use of Personal Information
5. Basic Policy on the Protection of Specific Personal Information
Information Security Basic Policy
NAVYPOOL Inc. (hereinafter referred to as "NAVYPOOL") recognizes that in today's digital society, where the internet is indispensable, it is our social responsibility to appropriately handle "information assets" in the face of threats such as information leakage, destruction, and tampering. In fulfilling this responsibility, NAVYPOOL has established this Information Security Basic Policy, and declares that all officers and staff of NAVYPOOL (including employees, contract employees, part-time employees, temporary staff, and external contractors working on-site, hereinafter the same) shall understand and act according to this policy.
Information Security Objective
NAVYPOOL aims to be a company that is always trusted by all stakeholders, including our customers, by implementing appropriate information security management and preventing information security incidents. In the event that an information security incident occurs, NAVYPOOL will minimize the damage and strive for prompt recovery, while working to prevent recurrence.
Scope of Application
This policy applies to all officers and staff, as well as to all important information assets managed by NAVYPOOL.
NAVYPOOL’s Commitments
1. Protection of Information Assets
NAVYPOOL will implement necessary management measures from the perspectives of confidentiality, integrity, and availability to protect all important information assets (including confidential information, content, specific personal information, and personal information) from any threats.
2. Compliance with Laws and Regulations
NAVYPOOL will comply with all relevant laws, regulations, internal policies, and contracts related to information security.
3. Promotion of Information Security Activities
NAVYPOOL will establish and operate an information security management system to promote information security activities. Additionally, NAVYPOOL will establish an Information Security Committee and appoint an Information Security General Manager. The Information Security Officers and Promotion Committee Members of each department will promote information security activities, regularly review them, and continuously improve them.
4. Education and Training
To conduct systematic and continuous information security activities, NAVYPOOL will provide education and training to its officers and all staff.
5. Response to Information Security Incidents
NAVYPOOL will always anticipate the occurrence of information security incidents and, in addition to preventive measures, will promptly respond, rectify, and implement appropriate management measures and actions in the event of an information security incident.
※ An information security incident refers to an event that disrupts business operations due to information security breaches or accidents.
Date of Establishment: October 1, 2024
NAVYPOOL Inc.
President and CEO
Yoshiko Aoiike
Personal Information Protection Policy
NAVYPOOL, in its business operations, handles the personal information of NAVYPOOL's customers and business partners (hereinafter referred to as "personal information" in accordance with Article 2, Paragraph 1 of the Act on the Protection of Personal Information, Act No. 57 of 2003, as amended, hereinafter referred to as the "Personal Information Protection Act"). NAVYPOOL complies with the Personal Information Protection Act and other relevant regulations, takes international trends into account, and establishes voluntary rules and systems as stated in the following Personal Information Protection Policy, which NAVYPOOL declares it will implement and maintain.
1. Personal Information Protection Policy
(1) NAVYPOOL will establish a "Personal Information Management Policy" to execute this declaration and ensure that all officers, employees, and other stakeholders are aware of and comply with it.
(2) NAVYPOOL will establish an information security system to prevent the loss, destruction, tampering, and leakage of personal information, and implement appropriate safety measures such as measures against unauthorized access and computer viruses.
(3) To ensure the appropriate management of personal information, NAVYPOOL will regularly or as necessary conduct review activities. If corrections are needed, appropriate measures will be taken promptly to ensure continuous improvement.
(4) NAVYPOOL will acquire personal information through lawful and fair means, and either obtain the consent of the individual concerned regarding the purpose of use or make the purpose publicly available on NAVYPOOL's website.
(5) NAVYPOOL will handle personal information obtained from third parties appropriately, in accordance with the provisions of the Personal Information Protection Act.
(6) NAVYPOOL will confirm that individuals have the right to request disclosure, correction, suspension of use, and deletion of their personal information and will respond sincerely and promptly to such requests. To facilitate such requests and inquiries regarding personal information, NAVYPOOL has established a personal information inquiry desk.
(7) When outsourcing or jointly using personal information within the scope of the purpose of use, NAVYPOOL will investigate the provider and take necessary measures, such as entering into contracts to ensure appropriate handling.
(8) Personal information will only be used by authorized personnel within the scope of the purpose of use necessary for business operations and will not be used in a manner that promotes or induces illegal or improper activities.
(9) In principle, personal information will not be disclosed or provided to third parties and will not be used for improper purposes.
(10) To prevent unfair discrimination, prejudice, or disadvantages, NAVYPOOL will not collect, use, or provide the following types of personal information.
① Matters related to beliefs, creeds, and religion.
② Matters related to race, ethnicity, social status, place of origin (excluding the prefecture of residence), criminal history, or other factors that may cause social discrimination.
③ Matters related to labor union membership, collective bargaining, and other collective actions.
④ Matters related to participation in demonstrations, exercise of petition rights, and other political rights.
⑤ Matters related to sexual life.
Date of Establishment: October 1, 2024
NAVYPOOL Inc.
President and CEO
Yoshiko Aoiike
Purpose of Use of Personal Information
NAVYPOOL will use the personal information entrusted to it through its business activities only within the necessary scope to achieve the following purposes of use.
1. Purpose of Use
(1) Customer Personal Information
① To process applications and inquiries for NAVYPOOL’s services, such as Epirecipe PHOTO, and to deliver products, after-sales services, and provide information on new products and services by using phone numbers, email addresses, addresses, and names.
② To propose and introduce NAVYPOOL’s services, such as Epirecipe PHOTO, based on customer interests derived from behavioral history, using phone numbers, email addresses, addresses, names, etc., for delivering products, after-sales services, and information on new products and services.
③ To verify the identity of the customer or their representative using names, contact information, IDs, and passwords.
④ To appropriately execute tasks entrusted by customers related to NAVYPOOL services by using phone numbers, email addresses, addresses, and names for delivering products, after-sales services, and information on new products and services.
⑤ To exercise rights and fulfill obligations related to transactions or legal matters with customers, including using contact information, membership details, bank account information, or credit card information.
⑥ To improve or develop new services by analyzing customer needs based on survey results or behavioral history.
⑦ To handle administrative tasks related to the suspension, cancellation, or termination of applied services or email subscriptions by using phone numbers, email addresses, addresses, and names.
⑧ To monitor and manage various risks related to NAVYPOOL services, such as Epirecipe PHOTO, by using phone numbers, email addresses, addresses, and names for delivering products, after-sales services, and information on new products and services.
⑨ To ensure smooth and appropriate transactions with customers in NAVYPOOL’s business, by using phone numbers, email addresses, addresses, and names for delivering products, after-sales services, and information on new products and services.
(2) Business Partner Personal Information
① To communicate and conduct business discussions related to services provided by NAVYPOOL, using phone numbers, email addresses, addresses, and names for delivering products, after-sales services, and information on new products and services.
② To propose and introduce services provided by NAVYPOOL, such as Epirecipe PHOTO, using phone numbers, email addresses, addresses, and names.
③ To handle payments related to services provided by NAVYPOOL by using phone numbers, email addresses, addresses, names, and financial account information.
(3) Shareholder Personal Information
① To contact shareholders, provide various information, handle dividend payments, send shareholder benefits, and manage shareholder matters as required by corporate laws, using phone numbers, email addresses, addresses, names, and bank account information.
(4) Visitor Personal Information
① To manage entry and exit and relay messages to the appropriate contacts by using phone numbers, email addresses, addresses, names, and surveillance camera footage.
(5) Job Applicant Personal Information
① To communicate with applicants, handle recruitment, selection, and administrative tasks related to employment, using phone numbers, email addresses, addresses, names, resumes, qualifications, birth dates, and family information.
② To improve future recruitment activities by utilizing survey results.
(6) Employee Personal Information
① To communicate with employees regarding work-related matters by using phone numbers, email addresses, addresses, and names.
② To manage employment matters, such as salary payments, social insurance, legal procedures, and document preparation for organizational purposes, as well as for retirement procedures, by using phone numbers, email addresses, addresses, names, photos, work information, personnel information, family information, health information, and bank account information.
(7) Personal Information in Images, Videos, and Audio
① To provide NAVYPOOL services (including stock photos, and materials for AI and machine learning) to customers by using images, videos, and audio.
② To promote NAVYPOOL services by using images, videos, and audio.
③ To improve NAVYPOOL services by using images, videos, and audio.
(8) Specific Personal Information
① To submit documents to administrative agencies or health insurance associations in accordance with laws regarding the use of specific personal information for administrative procedures, using individual numbers and other specific personal information.
(9) Third-Party Provision
Specific personal information is excluded, but NAVYPOOL may provide personal information to third parties without the individual's consent in the following cases.
(1) When required by law.
(2) In emergencies where it is necessary to protect an individual's life, health, property, or rights, and obtaining consent is difficult.
(3) To improve public health or promote the sound development of children, and obtaining consent is difficult.
(4) When a national or local government body requests cooperation to execute legal duties.
(5) When outsourcing the handling of personal information within the scope necessary to achieve the purposes specified in this policy.
2. Joint Use of Personal Information
NAVYPOOL may jointly use personal information with partner companies.
(1) Items and Purpose of Joint Use
NAVYPOOL may jointly use personal information such as names, addresses, phone numbers, email addresses, and other legally held information, within the scope of the purposes outlined in the Personal Information Usage Purposes.
(2) Entities Sharing Joint Use
・NAVYPOOL Inc.
・Companies affiliated with NAVYPOOL (including academic institutions using data for research purposes).
(3) Entity Responsible for Managing Joint Use of Personal Information
NAVYPOOL Inc.
Makino Building 5F, 2-8-1 Hatchobori, Chuo-ku, Tokyo, 104-0032, Japan.
For inquiries, complaints, requests for disclosure, or other matters related to personal information, please contact the following
【Personal Information Inquiry Desk】
NAVYPOOL Inc. Information Security Committee
Makino Building 5F, 2-8-1 Hatchobori, Chuo-ku, Tokyo, 104-0032, Japan.
Contact Form
Date of Establishment: October 1, 2024.
Specific Personal Information Protection Basic Policy
Business Name
NAVYPOOL Inc.
Compliance with Relevant Laws and Guidelines
NAVYPOOL complies with Japanese laws, including the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures (Act No. 27 of 2013, as amended), and other relevant guidelines.
Security Measures
NAVYPOOL takes reasonable and appropriate security measures to prevent leakage, loss, or damage of specific personal information.
Appropriate Management of Specific Personal Information
NAVYPOOL appoints a responsible person for managing specific personal information and regularly reviews its management.
Inquiries and Complaints
For complaints or inquiries regarding the handling of specific personal information, please contact.
NAVYPOOL Inc. Information Security Committee
Makino Building 5F, 2-8-1 Hatchobori, Chuo-ku, Tokyo, 104-0032, Japan.
Contact Form
Date of Establishment: October 1, 2024.
