SUGI Holdings Co., Ltd. and all other SUGI Pharmacy Group companies (hereinafter collectively referred to as the “Company”) strongly recognize the importance of protection of personal information. When the Company is provided with personal information, the Company’s social responsibility is to carefully handle and properly manage it. In order not to undermine your confidence in us as a community-oriented family pharmacy, the Company protects personal information received from you by complying with laws, regulations, and other norms concerning the protection of personal information and establishing voluntary rules and systems, in accordance with the policy stipulated below.
1
Acquisition, Use, and Provision of Personal Information
The Company will properly acquire and use personal information and will not use personal information in a manner that goes beyond the extent necessary to achieve the purpose of use unless it obtains the consent of its owner. The Company will not provide personal information to a third party (including a third party residing in a foreign state) unless it obtains the consent of the owner or the provision is legitimate under applicable laws, regulations, etc.
2
Compliance with Laws, Regulations, and Norms Concerning the Handling of Personal Information
The Company complies with laws, regulations, and guidelines stipulated by the national government as well as other norms concerning the handling of personal information.
3
Preventing and Remediating Leakage of, Destruction of, or Damage to Personal Information
In order to prevent leakage of, destruction of, or damage to personal information, the Company will develop necessary systems and implement appropriate information security measures, such as measures against unauthorized access and computer viruses.
4
Handling of Complaints and Concerns
Subject to the confirmation of rights to demand disclosure, correction, deletion, suspension of use, etc., of personal information, the Company will promptly take an appropriate action based on its internal procedures.
5
Continual Improvement of Personal Information Protection Management System
The Company will continually review and improve its personal information protection management system in order to maintain it in the best condition.
Established: October 9, 2018
SUGI Holdings Co., Ltd.
Katsunori Sugiura, Representative Director & President
In order not to undermine your confidence in us, SUGI Holdings Co., Ltd. and all other SUGI Pharmacy Group companies (hereinafter collectively referred to as the “Company”) thoroughly protect personal information received from you by complying with laws, regulations, and other norms concerning the protection of personal information and establishing voluntary rules and systems, in accordance with the Personal Information Protection Policy.
The Company handles any personal information held by the Company in the manner stipulated below.
If there are any SUGI Pharmacy Group companies not subject to this Handling of Personal Information, they are disclosed here. In this case, the handling of personal information by such a company is governed by privacy policies established by the company.
The addresses and the representatives of SUGI Pharmacy Group companies are listed here.
The Company will continually revise and improve the Personal Information Protection Policy, the Handling of Personal Information, and other voluntary rules and systems. Revision of these policies and rules will be notified on the website of the Company.
1
Obtaining Personal Information
In principle, the Company publishes the purpose of use of personal information on its website and obtains personal information from its owner only after obtaining the owner’s consent.
2
Purpose of Use of Personal Information
The Company uses personal information held by the Company of its customers, business partners, job applicants, employees and their families, and other related persons, such as ex-employees, for the purposes listed below.
1 Customer information (excluding personal information obtained in the course of pharmacy services unless noted otherwise)
2 Information on customers (patients) who have used pharmacy services
3 Information on Business Partners
4 Information on Job Applicants
5 Information on Employees, Their Families, and Other Related Persons, Such as Ex-employees
3
Cookie and Similar Technologies
The website of the Company uses cookies and other similar technologies (hereinafter collectively referred to as “Cookies”) in order to identify customers and other users of the website of the Company. This is useful for the Company to offer information that meets the needs of customers as they search on and browse the website of the Company. In addition, the Company uses Cookies to improve its website and deliver content and advertisements that meet the needs of customers.
Customers who wish to reject or delete Cookies are advised to refer to help information and other support information on Internet browsers. Customers who have deleted or disabled Cookies may not be able to use some or all of the functions of the website of the Company.
The Company uses Google Analytics and Firebase provided by Google. The Company may, based on Cookies set by Google or the Company, collect the browsing history of customers, receive analysis results, and use them to monitor use by customers or in the Company’s services. For the mechanism of information collection and processing in the services of Google and its privacy policy, please visit the following URLs:
Use of collected information by Google
Reference:https://policies.google.com/technologies/partner-sites?hl=en
Google’s privacy policy:
Reference:https://policies.google.com/privacy?hl=en
4
External transmission regulations
In providing its own services, the Company uses services provided by the service providers listed in Appendix (hereinafter referred to as “External Services”). As the Company uses these services, customer information necessary for the use of External Services is transmitted externally to the service providers of these External Services (i.e., transmitting user information from a customer's device to a server of a person other than the customer using cookie or similar technologies). The Company discloses in Appendix certain matters concerning External Services that it is using for external transmission purposes pursuant to the external transmission regulations under the Telecommunications Business Act. For the purpose of use of transmitted customer information by recipients, please refer to the information available for your inspection from the links provided in Appendix.
5
Security Control Measures for Personal Data
The Company has implemented technically and systematically strict security measures in order to prevent the leakage of, destruction of, damage to, and unauthorized access to the personal data held by the Company.
Security control measures for personal data are specifically stipulated by internal regulations, and their main features are described bellows.
Establishment of a Basic Policy
In order to ensure that personal data are handled properly, the Company has established the “Personal Information Protection Policy” and the “Handling of Personal Information” to prescribe compliance with applicable laws, regulations, guidelines, etc., and the contact for accepting inquiries and handling complaints, among other things.
Establishment of Regulations Concerning the Handling of Personal Information
The Company has stipulated handling methods for each stage of processing of personal information, such as acquisition, use, storage, provision, disclosure, suspension of use, and disposal, and has established personal information protection regulations that provide for the assignment and duties of responsible persons, managers, and persons in charge.
Systematic security control measures
The Company has appointed a person responsible for the handling of personal information and clarified the employees who handle personal information and the scope of personal data handled by them. The Company has also established a reporting system to ensure that any violation of laws and regulations or personal information handling regulations or indication of such violation that is detected will be reported to the responsible person and regularly conducts self-checks on the status of handling of personal data.
Human security control measures
The Company regularly provides education to employees on points to be considered in handling personal data. The Company has also prescribed, in its Employment Rules, matters concerning the confidentiality of personal data.
Physical security control measures
The Company has imposed restrictions on equipment to be taken in the areas where personal information is handled and has implemented measures to prevent unauthorized persons from browsing personal data held by the Company.
Technical security control measures
The Company has implemented access control to limit those employees who handle personal information databases, etc. and the scope of personal information handled by them. The Company has introduced a mechanism to protect information systems that handle personal data from unauthorized access or unauthorized software from outside.
Monitoring of the external environment
When handling personal data in a foreign country, the Company takes necessary and appropriate measures to ensure the same management of personal data after understanding, among other things, local requirements of that country concerning the protection of personal information.
6 Provision of Personal Information to Third Parties
1 The Company will not provide any personal data of customers without obtaining their consent except as part of shared use and outsourcing unless the provision of personal data falls under any of the cases listed in 6.(2) above or any of the cases listed below:
2 The Company may provide personal data to other SUGI Pharmacy Group companies, advertisement distributors, or data analysis service providers. The Company may also provide the following personal data on customers that have been provided to the Company and statistical information that is not linked to specific individuals to a third party that is its business alliance partner, subject to the customer’s consent to the “Handling of Personal Information.” However, information on customers who have used pharmacy services is not provided as the following personal data, except in the form of statistical information that is not linked to specific individuals, and may be provided to third parties only to the extent necessary for the achievement of the purpose of use listed in “2. Purpose of Use of Personal Information” “2. Information on customers who have used pharmacy services” above.
A. The items of personal data provided to third parties are limited to the following items (hereinafter referred to as “Provided Data”):
B. The purposes of use by the third-party recipients are as follows:
C. The methods of provision of personal data listed above to third-party recipients are as follows:
D. The Company will implement security control measures, such as the encryption of the method of provision and data access restrictions, for the personal data listed above.
3 When a customer makes a credit card payment on the Company's website or application, the Company provides the customer's personal information (name, telephone number, email address, IP address of the terminal device used, information on the Internet usage environment, etc.) to the credit card issuer used by the customer for the credit card issuer to conduct detection and prevention of unauthorized use. If the credit card issuer used by the customer is located in a foreign country, the information may be transferred to the country where the issuer is located. As the Company can neither identify the card issuer nor the country in which it is located based on the information the Company obtains from a customer, the Company is unable to provide the name of the country in which the card issuer is located, information on the personal information protection system in that country, or information on the measures the card issuer takes to protect personal information. The website of the Personal Information Protection Commission (https://www.ppc.go.jp/) provides information on personal information protection systems in various countries.
7
Shared Use of Personal Data
The Company may share use of personal data with the shared users listed below.
1 Items of Personal Data Subject to Shared Use
2 Scope of Shared Users
3 Purpose of Use of Shared Users
4 Persons Responsible for Managing the Shared Use of Personal Data
8
Outsourcing of the Handling of Personal Information
The Company may outsource the handling of personal information to a party that has implemented sufficient measures to protect personal information. The Company will execute an agreement on the protection of personal information with such outsourcee and provide necessary and appropriate supervision on it.
9
Handling of Anonymized Personal Information
For the handling of anonymized personal information, please visit here.
10
Procedure for Disclosure of Personal Data
When the Company receives a request at the contact indicated below for the disclosure, correction, addition, deletion, suspension of use, or suspension of provision to third parties of personal data held by the Company or for the disclosure of record of provision of such data to third parties, the Company will respond appropriately based on its internal procedures after confirming that the person who requested such an action is the rightful owner of the personal data.
11
Inquiries about the Handling of Personal Information
Any inquiries about the handling of personal information by the Company are accepted at the contact indicated below.
Inquiries about personal information are accepted at the following:
Customer Support Office, Sugi Pharmacy Co., Ltd.
Telephone: 81-120-921-771
Business hours: 10:00 a.m. to 7:00 p.m.
Such inquiries are recorded and used by the Company to improve its customer services and customer satisfaction. It should be noted that you may be directly contacted by and receive an answer to your inquiry from an external party as requested by the Company depending on the nature of your inquiry if the Company determines that it is appropriate for the inquiry to be answered by such an external party.
Revised: June 1, 2024
Revised: March 1, 2025
SUGI Holdings Co., Ltd.
Katsunori Sugiura, Representative Director & President
Company information is available here.
Service provider/service name | Transmitted customer information | Purpose of use by the Company | Privacy policies of the recipient | SUGIsapo Walk | SUGI Pharmacy app |
---|---|---|---|---|---|
Google LLC/Google Analytics |
|
|
See here for details. | 〇 | 〇 |
Google LLC/Google Tag Manager |
|
|
See here for details. | 〇 | 〇 |
Google LLC/Firebase |
|
|
See here for details. | 〇 | 〇 |
AppsFlyer Ltd./AppsFlyer |
|
|
See here for details. | 〇 | |
Google LLC/Firebase Crashlytics |
|
|
See here for details. | 〇 | 〇 |
Google LLC/Google Advertising |
|
|
See here for details. | 〇 | |
Unerry Inc./Beacon Bank |
|
|
See here for details. | 〇 |
The SUGI Pharmacy Group (an enterprise group led by SUGI Holdings Co., Ltd.) has been engaging in management to contribute to society by effectively utilizing assets and resources borrowed from society (people, things, money, information, etc.) and continuing to provide profits to society. To realize this, the SUGI Pharmacy Group understands that it is its top priority management issue to strengthen the information security of the entire Group by protecting its customers’ personal information and other information assets owned by us from various threats, including unauthorized access and cyberattacks.
Based on this concept, the Group established the following “Information Security Basic Policy.” Going forward, we will endeavor to maintain and improve information security through compliance with and proper handling of this Policy, the separately documented “Handling of Personal Information (Privacy Policy),” and other internal rules by our officers and employees.
1
Purpose
The purpose of this Policy is to protect the information assets of the SUGI Pharmacy Group and its customers from any and all internal and external threats that arise intentionally or accidentally for stable continuation of business activities by prescribing the structure of and measures to develop and operate an information security management system.
2 Basic Principles
1 The SUGI Pharmacy Group shall properly handle any information received from individuals and organizations in the course of its business to protect their rights and interests.
2 The SUGI Pharmacy Group shall properly handle any trade secrets, technical information, and other valuable information in the course of its business to protect its rights and interests.
3 The SUGI Pharmacy Group shall strive to ensure and improve information security of customers and ultimately to answer the trust of customers and the whole society by conducting studies and human resource development on information security measures.
3
Scope of Application
This Policy applies to all officers and employees of the SUGI Pharmacy Group.
4
Information Security Structure
The SUGI Pharmacy Group shall develop and implement the following information security structure by recognizing various threats to information security as risks in business execution:
1 (1) The SUGI Pharmacy Group shall establish an Information Security Committee to accurately monitor the status of information security and discus information security measures. The Information Security Committee shall develop the capability to promptly implement group-wide information security measures and report their activities to the Sustainability Committee.
2 Information security risk management of the whole SUGI Pharmacy Group shall be overseen by the Risk Committee, which is established within the Sustainability Committee.
3 The SUGI Pharmacy Group shall appoint an Information Security Officer who is responsible for protecting and properly managing the information assets of the whole Group. The Information Security Officer shall chair the Information Security Committee. The Information Security Officer shall have the responsibility and authority over the execution of information security measures in the SUGI Pharmacy Group.
4 For the purpose of preventing and correcting systematic or individual violation of laws and regulations or misconduct, the SUGI Pharmacy Group has established an internal reporting system. This system is operated based on internal regulations. Reporting contacts are established at the Legal Affairs Office of SUGI Holdings Co., Ltd. and at an external law firm. It is also provided for by internal regulations that reporters shall not be treated in an disadvantageous manner.
5 Information Security Measures
1
Continual Improvement of Information Security Measures
The SUGI Pharmacy Group shall formulate an implementation plan for information security measures by taking account of information security risks and shall evaluate whether the plan has been implemented steadily. The Group shall also develop a process for continual improvement (PDCA).
2
Establishment of Regulations and Legal Compliance
The SUGI Pharmacy Group shall establish internal regulations for proper implementation of information security measures and make sure that its officers and employees fully understand them. The SUGI Pharmacy Group shall severely deal with any violation of laws and regulations or internal regulations concerning information security.
3 Securing Resources
1 The SUGI Pharmacy Group shall secure and deploy management resources necessary for the proper implementation of information security measures.
2 The SUGI Pharmacy Group shall systematically and continually develop and secure human resources necessary for the implementation of information security measures.
3 The SUGI Pharmacy Group shall enlighten and educate its officers and employees on information security to make them realize its importance and act accordingly.
4 The SUGI Pharmacy Group shall actively participate in information sharing activities outside the Group and reflect the results of such activities in its information security measures.
4
Sharing of Information Security with Business Partners
The SUGI Pharmacy Group shall inform its business partners, such as customers and suppliers, affiliated companies, and external contractors, of the SUGI Pharmacy Group’s policies and regulations concerning information security and request that they ensure proper information security.
5
Information Disclosure
The SUGI Pharmacy Group shall properly disclose information about its information security initiatives in order to increase the confidence of its stakeholders.
6
External Audits
In order to ascertain that the SUGI Pharmacy Group complies with laws and regulations, norms established by administrative agencies and industrial associations, and internal regulations and rules, etc. concerning information security in the course of its business execution and ascertain that they function effectively, the SUGI Pharmacy Group shall conduct external audits of information security regularly and as necessary. The SUGI Pharmacy Group shall severely deal with any violation in order to manage information properly.
7
Realization of a System that Reflects Information Security Measures
The SUGI Pharmacy Group shall realize a system that reflects information security measures in order to prevent accidents, such as unauthorized access, destruction, leakage, falsification, etc., of information assets.
8
Reinforcement of Cybersecurity Measures
The SUGI Pharmacy Group recognizes the reinforcement of cybersecurity measures as one of its key measures and takes protection measures against the threats to such technologies. The SUGI Pharmacy Group shall, by using the latest digital and information technologies, work to improve cybersecurity measures, such as security review on application systems, security review during design and development processes, vulnerability diagnosis by a third-party organization, monitoring of unauthorized access after the start of operation, and responses to vulnerability.
9
Improving Information Security Literacy
The SUGI Pharmacy Group shall work to improve the information security literacy of its officers and employees by continually conducting education and training for them to properly manage the information assets of the whole Group.
6
Protection of Personal Information of Customers
The SUGI Pharmacy Group shall conduct personal information protection activities for any personal information that it handles in the course of all its business activities based on the “Handling of Personal Information (Privacy Policy)” and implement necessary protection and appropriate security measures.
7
Handling of Information Security Incidents
The SUGI Pharmacy Group shall develop and implement the following structure and response plans in order to be prepared for the materialization of information security risk (hereinafter referred to as “Information Security Incidents”):
1 The SUGI Pharmacy Group shall develop a reporting system and an initial response manual for Information Security Incidents, make persons concerned fully aware of them, and regularly conduct practical training.
2 When a serious Information Security Incident occurs at the SUGI Pharmacy Group, the head of the department that has detected the incident shall promptly report it to the Information Security Officer. The Information Security Officer shall report the Information Security Incident to the Representative Director & President of SUGI Holdings Co., Ltd. as appropriate.
3 When the Representative Director & President of SUGI Holdings Co., Ltd. has received a report of an emergency situation, the Representative Director & President shall promptly establish emergency headquarters as necessary. The emergency headquarters shall strive to resolve the issue as soon as possible through appropriate responses while striving to identify the cause and developing and implementing measures to prevent recurrence.
4 When an Information Security Incident occurs, it shall be reported to competent public authorities and notified to persons concerned appropriately depending on the situation.
8
Amendment/Abolition
The amendment/abolition of this Policy is subject to a resolution of the Board of Directors of SUGI Holdings Co., Ltd.
However, minor amendments, such as a change in the name of an organization, may be implemented at the discretion of the Information Security Officer.
9
Continual Improvement
The SUGI Pharmacy Group regularly evaluates and reviews the initiatives mentioned above in order to continually improve information security management in response to the latest developments in information security inside and outside the Company and changes in information technologies.
Revised: June 1, 2021
SUGI Holdings Co., Ltd.
Information Security Committee
Kazuya Morinaga, Chairperson
1
Compliance with Applicable Laws, Regulations, Guidelines, etc.
In handling Individual Numbers and Specific Personal Information (hereinafter referred to as “Specific Personal Information, etc.”), SUGI Pharmacy Group companies will comply with the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures, the Act on the Protection of Personal Information, and other norms, including guidelines established by the Specific Personal Information Protection Commission or other competent bodies.
2
Purpose of Use
SUGI Pharmacy Group companies use the obtained Specific Personal Information, etc. for the following purposes:
1 Specific Personal Information, etc. on business partners
2 Specific Personal Information, etc. on shareholders
3 Specific Personal Information, etc. on employees and their family dependents
3
Matters Concerning Security Control Measures
SUGI Pharmacy Group companies shall build systems that are necessary to realize proper management of Specific Personal Information, etc. and establish and comply with handling regulations on them.
4
Continual Improvement
SUGI Pharmacy Group companies shall continually improve this Basic Policy and other internal regulations in order to ensure that Specific Personal Information, etc. is properly protected.
SUGI Holdings Co., Ltd. and all other SUGI Pharmacy Group companies (hereinafter collectively referred to as the “Company”) prepare as anonymized personal information the information items of customers listed below that are held by the Company and provide the anonymized personal information to third parties for the purpose of study and analysis for management improvement after implementing appropriate safeguards to prevent the anonymized personal information from being used to identify specific individuals and the personal information used to prepare the anonymized personal information from being restored. The Company also plans to prepare similar anonymized personal information repeatedly on an ongoing basis.
Download by recipients from a secure server of the Company
Any inquiries about the handling of anonymized personal information by the Company are accepted at the contact indicated below.
Inquiries about personal information are accepted at:
Customer Support Office, Sugi Pharmacy Co., Ltd.
Telephone: 81-120-921-771
Business hours: 10:00 a.m. to 7:00 p.m.