Privacy Policy

Policy on Gathering Personal Information

1. Purpose of Private Information

Ishimoto Sake Brewery Co., Ltd. ("Company") recognizes the importance of the personal information of our customers, business partners, and all other parties involved in our main business of sake production and sales, as well as of the personal information of our employees. We have established the following privacy policy to handle personal information appropriately and are committed to protecting personal information.

2. Information Gathering

Information gathered is only that which is necessary for a specific purpose. In addition, we will acquire personal information by legal and appropriate means.

3. Use of Information

Personal information obtained by our Company will be managed appropriately and will not be handled (used, provided, etc.) beyond the scope necessary to achieve the specified purposes. We will take measures to ensure that personal information is not used for any other non-specified purposes.

4. Proper Management of Personal Information

We implement security measures and other safety measures to prevent leakage, loss, or damage of personal information to ensure the accuracy and safety of personal information. In addition, when improvements are required due to actual market security incidents or requests from customers, we will promptly take corrective and preventive actions.

5. Compliance with Laws and Regulations

We will comply with laws, regulations, national guidelines, and other norms related to personal information. We will also ensure that our management system always conforms to these laws, regulations, national guidelines, and other norms.

6. Ongoing Improvements

We will continue to improve our management structure and maintain it in the best condition at all times through internal audits and opportunities for personal information protection management system reviews.

7. Response to Complaints and Consultations

We have established an appropriate system for handling complaints and consultations regarding personal information and will respond in accordance with the manual.

Tatsunori Ishimoto, President
Ishimoto Sake Brewery Co., Ltd

Enacted June 1, 2021

Personal Information Contact:
Personal Information Protection Manager
Telephone: 025-276-2028 (Monday-Friday, 8:00am to 5:00pm)

Purposes of Personal Information

The personal information we gather and keep on our customers will be used as follows:

1. Personal information obtained directly from the person in writing (personal information subject to disclosure)

a. Customer information

  • i. Accepting and shipping product orders placed on our e-commerce site.
  • ii. Contacting customer/representative

b. Job applicant information

  • i. Accepting applications for employment
  • ii. Contacting applicants for employment (selection result notification, sending employment-related documents, etc.)
  • iii. Enacting employment decisions

c. Employee information

  • i. Personnel management (transfers, evaluations for salary increase and promotion, employee training)
  • ii. Labor management, payroll management (attendance, salary and bonus payments, withholding tax, year-end adjustments)
  • iii. Benefits (enrollment in and management of: unemployment insurance, health insurance, welfare annuity insurance, etc.)
  • iv. Health management (handling of: periodic health checkup and stress check results, long term absentees, etc.)
  • v. Safety management (theft prevention through access logs)
  • vi. Sales and public relations (for sales and public relations activities such as recruitment)

d. Inquiries

  • To provide information on the Company's products and services and to respond to inquiries regarding service improvements, etc.

2. Personal information obtained from someone other than the person in question

a. Job applicant information obtained from job sites and recruitment websites, etc.

  • To select applicants for employment

Handling Personal Information Data

When someone requests notification of the purpose of use, disclosure, correction, addition, deletion, suspension of use, elimination, or suspension of provision to a third party (hereinafter referred to as "disclosure, etc.") of personal data (personal information subject to disclosure) held by the Company, the Company will handle the request as described in 1 through 7 below.

  • ・"Retained Personal data" here refers to personal data for which the business operator handling the personal information has the authority to perform actions including disclosure, correction, addition, deletion, suspension of use, elimination, or suspension of provision to a third party (hereinafter referred to as "disclosure, etc."). This includes data specified by government ordinance as information for which the disclosure of presence or absence of which would harm public interest or other interests.
  • Records of third parties are included as object to disclosure requests.
  • Requesting individuals can also request suspension of use, elimination, or suspension of provision to third parties in the three following situations:
    • ① When the business operator handling the personal information has no further need to use the retained personal data.
    • ② When there has been a leak of retained personal data.
    • When there is some other risk that the rights or legitimate interests of the individual concerned may be harmed by the handling of retained personal data.

1. Contact for disclosure, complaints and consultation regarding handling of personal information:

Ishimoto Sake Brewery Co., Ltd
Personal Information Protection Manager
Telephone: 025-276-2028(Monday-Friday, 8:00am to 5:00pm)

2. Purpose of all retained personal data

Purposes as stated in "Purposes of Personal Information," 1.

3. Procedures for disclosure, etc.

Please contact as noted above in 1.

We will disclose your personal information in one of the following ways:

  • ① Procedures by mail
    We will send a "Request Form for Disclosure of Personal Information (Personal Application)." Please return it by mail with a copy of proof of ID (*1). We will respond to the request for disclosure after confirmation of identity.
    In the case of a request by proxy, please mail the form along with a copy of proof of ID (*2) for the proxy.
    (When submitting by mail, please be sure to fill out the address field.)
  • ② Procedure in Person
    Please bring proof of ID (*1). Once we confirm your identity, you will be asked to fill out the Request Form for Disclosure of Personal Information (Personal Application) and we will respond as necessary. In the case of a request by proxy, please bring proof of ID (*2) for the proxy.

*1 Proof of ID
Any of the following forms of picture ID are acceptable:
Driver's license, passport, health insurance card, etc.

*2 Proxy proof of ID

  • a. In the case of a legal representative of a minor or an adult ward
    • 1.) Proof of ID for the proxy (as in *1)
    • 2.) (In the case of a minor) One copy of the person in question's family register or (in the case of a ward) a registration certificate as stipulated in Article 10 of the Act on Guardianship Registration, etc.
  • b. In the case of a proxy by power of attorney
    • 1.) Proof of ID for the proxy (as in *1)
    • 2.) Power of attorney form with personal seal (original)

4. Form of disclosure

We will provide documents.
The person making the request for disclosure may specify the method of disclosure by our company, i.e. the business operator handling the personal information, such as by providing electromagnetic records, etc. In principle, our company will disclose the personal information using the method requested.

5. Notice of response to disclosure request

We will notify you in writing, as amended by us, of our response to your request for disclosure.
If provision by electromagnetic record, etc. is specified, we will, in principle, notify the individual in question using the method requested.

6. Measures taken for secure management of personal information

We implement the following security control measures for personal information obtained, handle personal information appropriately, and prevent loss, damage, leakage, and unauthorized access, etc. as appropriate.

(a) Formulation of basic policy
We have formulated a Privacy Policy to ensure the appropriate handling of personal information.

(b) Establishment of rules for handling personal information
Using the basic policy as formulated in (a), we have built a personal information protection management system to appropriately acquire, use, provide, and manage personal information, and have rules and related documents to establish a management system, identify personal information to be handled, analyze risks, implement countermeasures, establish operational procedures, check operational status, and make improvements.

(c) Implementation of organizational security control measures
Based on the regulations and related elements established in (b) above, we have taken the following actions.

    • Establishment of a personal information management system
    • Establishment of operating procedures for handling personal information
    • Establishment of a system and procedures for responding to leaks or other incidents
    • Establishment of procedures for checking the status of personal information handling
    • Implementation of appropriate handling of personal information in accordance with each procedure
    • Review and improvement of operating procedures and security control measures based on the results of confirmation of the status of the handling of personal information.

(d) Implementation of Personnel Security Measures
In accordance with the internal rules and related documents developed under Paragraph (b) above, the Company implements the following measures:

    • Ensuring appropriate supervision of employees to handle personal information properly.
    • Requiring employees that handle personal information to maintain its confidentiality.
    • Providing regular education to employees on the proper handling of personal information and the implementation of the personal information protection management system.

(e) Implementation of physical security control measures
Based on the regulations and related elements established in (b) above, we have taken the following actions.

    • Access control for areas where personal information is managed and handled
    • Locking of personal information handling equipment, electronic media, documents, etc. in safes, etc.
    • Implementation of data encryption or use of traceable transferral services when transferring electronic media or documents containing personal information.
    • Disposal of equipment and electronic media on which personal information is recorded in a manner that makes the personal information unrecoverable

(f) Implementation of technical security control measures
Based on the regulations and related elements established in (b) above, we have taken the following actions.

    • Limiting of access to personal information or use of information systems that handle personal information to the minimum number of authorized employees, and performing identification and authentication.
    • Blocking unauthorized external access
    • Detection and quarantine of malware, etc. in information systems.
    • Fixing vulnerabilities in information systems and equipment when discovered
    • Encryption of communications containing personal information

 (g) Grasping the external environment
When handling acquired personal information in a country other than Japan, we will implement appropriate security control measures based on our understanding of the systems for the protection of personal information in that country.

7. In case of non-disclosure

In the event of any of ① to ⑦ below, we will not respond to the request for disclosure. If we are unable to comply, we will notify you to that effect and the reason in writing.

  • ① If the name and/or address on the Request Form for Disclosure of Personal Information (Personal Application) does not match that on the proof of ID.
  • ② ① If the name and/or address of the proxy on the Request Form for Disclosure of Personal Information (Personal Application) does not match that on the proof of ID.
  • ③ If the information in the request is not included in the category of Personal Information Subject to Disclosure.
  • ④ When there is a risk of harm to the life, body, or property of the individual or a third party if the existence or nonexistence of the personal information requested for disclosure is revealed.
  • ⑤ When there is a risk that revealing the existence or nonexistence of the personal information requested for disclosure could contribute to or cause illegal acts.
  • ⑥ Where is a risk that national security may be impaired or the relationship of trust with other countries or international organizations may be damaged, or negotiations may be disadvantaged, if the existence or nonexistence of the personal information requested for disclosure is revealed.
  • ⑦ There is a risk that the prevention, suppression, or investigation of a crime, or the maintenance of other public safety and order, may be hindered if the existence or nonexistence of the personal information requested for disclosure is revealed.

8. There is no fee for this.

Enacted April 1, 2023