![[FREE EBOOK] Strategic IT Outsourcing: Optimizing Cost & Workforce Efficiency](https://vti.com.vn/wp-content/uploads/2023/08/cover-mockup_ebook-it-outsourcing-20230331111004-ynxdn-1.png)
1. Purpose of acquiring personal information | |
| Category of Personal Information | Purpose of Use |
| Personal information of business partners ① * | For the purpose of creating invitation letters for obtaining a Vietnamese visa |
| Personal information of business partners ② * | For the purpose of making reservations for tickets, hotels, etc. |
| Personal information of business partners ③ * | For business-related communication, order processing, and billing/payment |
| Personal information of engineers residing in Vietnam | To create invitation letters for short-term business trips from Vietnam and apply for a Japanese visa |
| Personal information of employees * | For employee management (salary/tax management, health management, pension/insurance management, and communication) |
| Personal information of job applicants * | For providing recruitment information, and for recruitment processes |
| Personal information from inquiries * | For responding to inquiries, etc. |
| Employee information of group companies | For performing entrusted tasks (employee management) |
| Personal information of trainees | For educational purposes, business-related communication, and billing/payment |
2. Entrustment of personal information |
| To the extent necessary to fulfill our stated purposes, we may entrust the handling of personal information to other businesses. |
| When we do so, we will select a contractor with a robust personal information protection system and enter into a formal contract to ensure the secure handling of that data. |
3. Voluntariness of providing personal information |
| Providing personal information to us is voluntary. |
| Please be aware that if you do not provide the necessary information, we may be unable to provide our corresponding services. |
4. Security management measures for personal information |
| 4.1. Organizational security management measures |
| (1) Establishment of an organizational structure |
| Appointment of a chief security officer and operation of a security committee. |
| (2) Establishment and operation of regulations |
| Establishment and operation of a security policy (regulations and detailed rules) based on the information security policy. |
| (3) Maintenance of a personal information handling ledger |
| Management of tasks for which personal information is entrusted and tasks for which personal information is acquired in a ledger. |
| (4) Evaluation, review, and improvement of security management measures |
| Improvements based on self-inspections by handlers, internal audits, and management reviews. |
| (5) Response to information security incidents and violations |
| Establishment of a task force and legal action against violators. |
| 4.2. Human security management measures |
| (1) Confidentiality when handling personal information |
| Collection of written pledges from employees. |
| Conclusion of confidentiality agreements with partner companies and vendors. |
| 4.3. Physical security management measures |
| (1) Implementation of entry/exit management |
| Implementation of entry/exit control using a facial recognition system (electronic lock) with security levels. Proper management of keys for entry/exit points is in place. |
| (2) Measures against theft, etc. |
| Locked storage of confidential documents/media and implementation of a clear desk policy. |
| 4.4. Technical security management measures |
| (1) Identification and authentication of access |
| Personal authentication via IC card and facial recognition. |
| (2) Access control |
| Minimizing the number of people with access and implementing access control. |
| (3) Management of access rights |
| Management of access scope and authority settings according to job duties. |
| (4) Access logs |
| Acquisition and preservation of work records and access logs. |
| (5) Countermeasures against unauthorized software on information systems |
| Regular application of anti-virus definitions and security patches. |
5. Retained personal data held by our company |
| ・Responsible person: Representative Director and President (Personal Information Protection Manager) |
| ・Retained personal data: Personal information with an “*” in the table of Section 1. |
| ・Contact point: PMS Secretariat, Phone: 03-6261-5698 |
| ・Disclosure procedures, etc.: If you contact the contact point, we will provide you with the necessary procedures, such as sending documents via email or FAX. |
| (For non-employees, please prepare a copy of your identity verification document in principle.) |
| ・Fee: Free |
| For complaints and consultations regarding the handling of personal information, please contact: |
| VTI Japan Co., Ltd. |
| Address: Akebonobashi SHK Building 5F, 4-3 Katamachi, Shinjuku-ku, Tokyo 160-0001 |
| Phone: 03-6261-5698 |
| [Personal Information Protection Officer] |
