We use cookies to ensure that we give you the best experience on our website. It will mean you have agreed with we would get cookies when you continue to see this website.

Basic Information Security Policy

intellim Group (hereinafter referred to as ‘the Group’), as your medicine development partner, regards the protection of all intellectual property handled during research and development process and clinical development as important corporate practice, and recognizes the development of appropriate process for information handling and safety management as important social responsibility. As a result, the Group has established “Basic Information Security Policy”. All executives and employees shall comply with this policy and handle, manage and protect information appropriately in accordance to this policy.

1. The Establishment of Information Security Management System
In order to establish the information security management system, a person-in-charge of information security will be appointed. Under the instruction of the person-in-charge of information security, process on maintaining and improving information security will be carried out. In addition, these processes will be audited in regular intervals and improvement system will be established.
2. Implementation of Security Measures
In order to protect information assets, risk assessment will be carried out. Security measures e.g. measures against information leakage, measures against unauthorized access, protection against virus, and quality assurance will be implemented.
3. Review
In light of fast-changing business environment, social environment, laws and regulations, latest trend in information technology as well as newly discovered risk, the relevance of this basic policy will be reviewed timely and improved continuously.
4. Compliance with Laws, National Norms and Contractual requirements
In addition to standards in conducting clinical trials, in order to avoid violation of laws relating information security, national norms, contractual requirements and security requirements, measures to clarify and comply all requirements will be formulated and implemented.
5. Security Measures for Outsourcing Services
With regards to outsourced operation, the Group will assess the suitability of outsourcing companies, review and improve the content of contracts from the viewpoint of confidential information and personal information protection.
6. Security Breach Incident Prevention Measures & Management
The Group works hard to prevent security breach. However, in the event of a security breach incident, appropriate measures including recurrence prevention will be carried out promptly.
7. Education and Training on Information Security
The Group provides regular education and training on information security to all employees handling information assets. The importance of information security, appropriate handling and management of information assets are also made known to all employees.
8. Business Continuity Management
The Group attempts to prevent incidents that could lead to business disruptions e.g. natural disaster, machine failures, negligence and intentional misuse of information assets and ensures business continuity.

Personal Information Protection Policy

The Group’s mission is to respect individuals, strengthen loyalty of customers and employees, and contribute towards creation of world-class human resources. With regards to personal information protection, in addition to complying with related laws and regulations, the Group strives to protect individual information in accordance to the following information protection policy.

1. Appropriate Acquisition, Use and Provision of Personal Information
The Group recognizes the importance of personal information protection. The Group will only collect, use, provide and store personal information to the extent that is necessary for its business activities.
2. Appropriate Management of Personal Information
The Group imposes strict measures on personal information management. In addition, The Group takes appropriate measures to prevent incidences such as unauthorized access, loss, destruction or falsification of personal information.
3. Compliance with Laws, Regulations and Other Rules
The Group will comply with the Personal Information Protection Act, Industry-Related Personal Information Protection Laws and Regulations, National Policies and Other Rules.
4. Handling Complaints and Consultations
With regards to opinions and complaints relating to personal information handling, the Group displays complaint and consultation channel on The Group’s website and will respond to complaints and feedbacks appropriately.
5. Continuous Improvement of Personal Information Protection Management System
The Group reviews and evaluates this ”Personal Information Protection Policy”, relating rules, and the management system. Taking society situation into consideration the Group will continuously improve the management system.

The Purpose of Use of Personal Information

In the event of acquisition and utilization of personal information, The Group will clarify the purpose of use and obtain consent from the person in advance unless exempted by the Personal Information Protection Laws and other regulations. The Group will use the obtained Personal Information for the purposes listed below.

1. Personal Information of Medical Personnel (Medical Doctor, Dentist, Pharmacist, Medical Facility Personnel and Others)
1. For the purpose of clinical trials of drugs and others, post-marketing surveillance, and the request, implementation or support of clinical research
2. To provide, collect and review information in the medical and pharmaceutical fields
3. For the purpose of studies and researches in the medical and pharmaceutical fields
4. To submit documents to relevant ministries and agencies in accordance to Pharmaceutical-related laws and regulations
5. To create an environment that allows smooth exchange of information with medical personnel
2. Personal Information of Client
1. For the purpose of project discussion, communication and management of consulted matters
2. To send notifications to relevant ministries and agencies in accordance to Laws and Regulations
3. Personal Information of Supplier
1. For purpose of discussion and communication to ensure the smooth implementation of outsourced projects
2. For purpose of information security management and record keeping as a member of the Group
4. The Group’s Job Applicants Personal Information
1. For purpose of recruitment-related communication
2. For the purpose of recruitment selection process and personnel management after hiring decision is made
5. The Group website’s User Personal Information
1. For the purpose of communications and answering questions related to the Group
2. For the purpose of the Group’s website maintenance and management and analysis to improve services
6.Personal Information of The Group’s Employees
1.Employees
①For the purposes such as working hours management, salary, payment of various benefits, personnel affairs, ability evaluation, ability development, welfare, health and safety management
②For registration and communication with health insurance association and external welfare related company
③For the purpose of reporting to public offices
④For internal team building activities

2.Employees' Family Members
①For the purpose of emergency contact
②For the purpose of employees’ salary and various benefits payment
③For the purpose of welfare and pension management

3.Ex-Employees
①For the purpose of communication and procedures after leaving job
7. Personal Information that requires Special Considerations (such as Clinical trial Subject Information, Adverse Event Information)
After receiving written consent, personal information that requires special considerations will be used for the purposes within the scope of consent, usually for purposes listed below:
1. Quality Assurance processes in accordance to various laws and regulations of Clinical Trial/ Research/Survey
2. Opinion exchange between medical facilities and Sponsor of Clinical Trial/ Research/ Survey
3. Submission of applications and notifications in accordance to various laws and regulations

Outsourcing

When outsourcing all or part of tasks to an external company, the Group may permit the external company to access personal information necessary for task completion within the scope of use as shown above. In this case, the Group will select an external company that meets security standard established by the Group. In addition, for the purpose of safety management, the Group will sign a contract relating to personal information handling with the external company and perform continuous audits and monitoring.

Information Sharing
The Group shall not share any personal information without individual consent.

Provision of Personal Information to Third Parties

The Group, excluding events below, does not disclose or provide personal information to a third party.

1. To obtain consent for disclosing or providing personal information
2. In accordance to Laws and Regulations
3. When special needs arise for the sake of improving public health or children development and obtaining consent is difficult
4. When special needs arise to protect human life, body or property and obtaining consent is difficult
5. For national agencies or local public entity or individuals who have been commissioned to carry out affairs
prescribed by the law and obtaining consent may hinder the execution of affairs concerned

Basic Policy on Proper Handling of Specific Personal Information

The Group recognizes strict protection of the Group’s and other employees’ personal information as its social responsibility and has established this basic policy to ensure appropriate handling of specific personal information.

1. Specific Personal Information Scope and Management System
The Group specifies the scope of office paperwork that requires MY NUMBER and other specific personal information (MY NUMBER used for office paperwork and other personal information associated with MY NUMBER such as name, date of birth, etc.) and identifies the person responsible for handling the paperwork. In addition, the Group formulates rules and develops management system for handling specific personal information.
2. Safety Management Measures
With regards to specific personal information safety management, the Group takes appropriate measures to manage specific personal information and prevent incidents such as information leakage, loss or damage.
When outsourcing tasks that involve handling of specific personal information, the Group will first obtain permission from advisors, select an outsourcing party with appropriate management system, and provide necessary guidance and supervision.
3. Compliance to Relevant Laws and Guidelines
The Group complies with Laws and Regulations concerning the use of personal information and specific personal information, policies stipulated by the government and guidelines regarding appropriate handling of specific personal information (Company Edition) and other regulations. The Group will handle specific personal information appropriately in accordance to these regulations.
4.Contact for Specific Personal Information
The Group establishes a system to respond speedily and appropriately to any individual complaints or inquiries relating to the handling of said individual’s specific personal information. Please direct your complaints or inquiries relating to specific personal information handling to the contact point below:

This policy is made known to all employees of the Group as well as outside of the Group. In addition, the Group strives to educate all employees to enhance their awareness on specific personal information protection.

The Purpose of Use of Specific Personal information

The Group uses specific personal information held by the Group for the following purposes.

1)For matters related to income tax
2)For matters related to health insurance, welfare and pension
3)For matters related to employment insurances and workers' compensation insurance
4)For preparation of other legal documents

Protection of Personal Information on the Group's Website

The Group's website implements the following security measures to protect everyone's personal information.

Communication Telesecurity (SSL)
In order to ensure secured browsing of websites managed by the Group, personal information is encrypted using SSL. Using SSL, data that has been entered into the computer will be encrypted and then sent to computer to which it is registered to through the network.
Some of the Group's websites use Cookie or Web beacon to record access log.
Cookie is a function to save usage history and input contents that are sent and received between the browser and server when user browses webpage on the computer.
If an user allows browser setting to send and receive cookies, the Group's website can obtain cookie from the user's browser.

These functions will be used for the following purposes. Information collected from the log file is not linked to specific personal information.

1)To analysis and manage site usage trends
2)To collect data on users' trend
3)To resolve problems of the Group's website

Application for Inquiries/ Complaints relating to Personal Information/ Specific Personal Information

Name: intellim Holdings Corporation
Address: 5F, ORIX Ueno 1-chome Bldg., 1-1-10 Ueno, Taito-ku, Tokyo, Japan 110-0005
Tel: 03-6695-0400 (10:00~17:00)
Person-In-charge: Appointed Person In-charge of Personal Information Management
Yasuhiro Inoue Please contact the person above by mail or telephone.