Code of Conduct
2020-03-31 : lastest ver. 1
Based on multiple risk hedges, high-priority proposals work to maintain a positive position in the market. Rather than resolving issues on a one-on-one basis between customers and our company, we will conduct business that takes into account the impact on the market.
We value new and old value recognition.
We don't trust one-sided numbers or claims, only the statistical correctness from multiple perspectives.
The principle of action to implement services that are correctly reflected in the market. We acquire primary information with high credibility and execute information management that complies with compliance.
2020-01-31 : lastest ver. 1
GDPR compliance statement
In accordance with the provisions of extra-territorial application (Article 3, Paragraph 2), which is attached below, CHOPIN LLC (hereinafter referred to as the "Company") establishes the GDPR compliance policy as follows. However, if there is a difference between the original text and the Japanese translation, the intention of the original text will take precedence.
``` Attached ```
Article 3 geographical scope
1. This rule applies to the processing of personal data in connection with the activities of business establishments of managers or processors in the EU. In this case, it does not matter whether the processing is done within the EU or outside the EU.
2. This rule applies to the processing of personal data of EU-resident data subjects by a controller or processor not located in the EU in relation to (a) or (b) below.
(a) Processing relating to the provision of goods and services to EU-based data subjects.
(b) Processing relating to the monitoring of data subject's behavior within the EU.
3. This rule also applies to the handling of personal data by managers who do not have a base in the EU, but only if they are handled by a manager located in a place where the national law of the Member State applies under international public law.
Declaration of establishment of Data Protection Officer
We will set up a Data Protection Officer to comply with the GDPR. What is a Data Protection Officer? The Company assigns the title of information protection manager and supervises the internal operations to continuously comply with this standard.
As of today, the Chief Information Officer of the Company shall concurrently serve as the Data Protection Officer.
Response to #Right to erasure ('right to be for gotten')
A. Name and common name
B. Place of residence / home domicile
C. Date of birth and gender, whether there is a dating relationship or a marital relationship
D. Presence or absence of support
E. All other information contained in the ID
F. ID body image and face photo
G. Credit card information and purchase history
H. Information and IP address of the terminal used to access our company
I. All the information associated with the above issues
However, the information from A to I is excluded from the information required to be stored for a specified period due to the laws and regulations in Japan, the Hyogo prefectural regulations, or requests from police agencies.
Personal information stored on electronic media and in writing will only be accepted by the parties as long as the identity of the parties can be verified.
The identity verification of the parties is a method in which the person in charge directly verifies the identity of the person with a face photo ID certificate or a certificate (such as a copy of the resident's card) of the address.
Response to #Notification obligation regarding rectification or erasure of personal data or restriction of processing
In addition to the provisions of Article II to be deleted from the database on the service provided by our company, the information of Article III, III-1 stored via the service of a third party (third party) will also be deleted.
Specifically, it is payment information such as Paypal owned by the Company, personal information and transaction information of Hubspot that manages customer information, and information stored from the Social Networking Service used by customers. Information on the infrastructure ( Google Cloud Platform ) that we use is also included in this target.
#Right to restriction of processing Responding to administrator viewing restrictions
As of today, the following are the persons who can view the information of III-1.
A : Company employees involved in projects involving information providers
B : Chief Officer
C : Accountant, Auditor and Director
When a person other than A to C tries to browse information, the person who intends to browse with the Company, after obtaining the approval of the executive officer, concludes a nondisclosure agreement regarding specific confidentiality and permits the browsing.
We have a Basic Confidentiality Agreement with our employees, and in addition to this, we also enter into a Specific Non-Disclosure Agreement. Anyone can request the contract form via firstname.lastname@example.org.
Response to #Right to rectification
Regarding the right to edit personal information, we will determine for customers or users as follows.
The person who provides the Company with the information specified in Article III-1 will at any time authorize the editing of the information if it is justified from a third party perspective.
In this case, the third-party perspective is a lawyer who has a license to the legal counsel of the Company and the individual lawyer of the information provider, etc. in Japan and the domicile of the information provider.
If the Company considers the edit to be unjustified, it will be re-evaluated by sending the Comment of the person in VI-2 or a person considered to be in an equivalent position to the Company.
Response to #Conditions for consent
We will obtain the permission of the provider for the collected information by the method of each of the following items. However, for the purpose of scientific research in which our company is engaged, these information usage methods are not necessarily specified.
Provide a separate check box for each data processing.
Do not check the check box from the beginning.
Statement regarding transactions with external vendors
Regardless of trends in the information we store, we will check the information handling rules of the other party in transactions with external companies (corporations and individuals) including affiliated companies.
As a result of confirmation, if a serious risk is revealed during the transaction with our company, we will support the other party's rule change and system establishment for a fee.
If the content described in the previous item is not fulfilled, we will not start the transaction, or we will start with the consent of the information provider related to the transaction.
Specified Commercial Transaction Law Label ( For Japan )
2018-11-13 : lastest ver. 1
Chief Technical Officer
CHOPIN LLC Tokyo Office / T Company
E : email@example.com
T : +815068734955
Available : MON - THU 12:00 - 15:00
Chopin, 1, Minatojima Nakamchi 6, Chuo Ward KOBE, Hyogo pref., JAPAN 6500046
View on map : /google /apple
Prices, Fees, Orders, Quantity
Price : Presentation for each products and services.
Fees : Delivery fee will be required in addition to commodity fee. [ Shipment handling fee ],[ Individual shipment fee ] Those charges include the Express Mail Service (EMS) or international courier postage and insurance fees, etc.
Orders : Display for each products and services.
Quantity : Display for each products and services.
Detective / Damaged or Returns and Exchanges
Customers are required to contact us within 14 days from the package arrival. We only accept returns or exchanges in the following circumstances.
(1) The merchandise is different from what you ordered (wrong shipment).
(2) The merchandise is defective.
(3) The merchandise is damaged. If you are not satisfied with the items (because they do not fit or you do not like the color or print) you are responsible for all shipping costs incurred.
We will ship your order within approximately 9 days after the order was placed. However, there may be shipment delays depending on or due to the contents of the order, stock status, peak season, New Year holidays of suppliers, Obon holidays etc. There are some item that will be produced or manufactured after order placement. In these cases the waiting time may be from a few days up to a maxiumum of a few months. Should shipment be delayed, customer service will contact you in advance.
Payment methods are as outlined below.
(1) Credit Card ( VISA / Mastercard / AMEX / Diners / Discover / JCB / UnionPay )
(2) Bank Transfer
(3) Cash ( USD / JPY / EUR )
According to the method of payment selected, please process the payment for items and the necessary fees, by the deadline set forth in the following. We are, if customers can not verify the payment in accordance to each scheduled deadline, the order and the contract for the sales and purchases will be cancelled. For customers who choose to pay by credit card: Please process payment in accordance to the method selected at the time of purchase.
Information Security Management System
2018-11-13 : lastest ver. 1
Our company will establish the basic policy of ISMS as follows and strive to improve information security.
Target standard ISO / IEC 27001 JIS Q 27001
Scope of application
Information assets related to projects and creditors related to the Company, all right holders, corporations entrusted for business execution, their employees and individuals, etc. are covered.
Information assets include personal information, information (documents, data, etc.) as management resources such as technology and know-how, information systems, and facilities / equipment related to these.
Major information security initiatives
The major efforts to secure external trust and internal information security are shown below.
Personal information is positioned as the most important information asset, and appropriate protection management measures are taken.
Improve the understanding of threats and vulnerabilities of information assets through proper risk assessment.
Effectively use ISMS and reduce security risks to acceptable levels.
We will comply with the privacy mark system and information security management system (hereinafter referred to as "ISMS") related rules.
Completely erases data on discarded PCs and recording media to prevent information leakage.
Control access from unauthorized persons to prevent tampering and leakage of assets.
Reduces computer virus infections and system troubles, and improves system availability.
We will strive to improve the quality of our debt management system through ISMS activities.
Develop, maintain, and review business continuity plans.
We will provide information security education and training to all employees.
Information Security Committee
Based on this information security policy, the Information Security Committee has Operate. The information protection manager is responsible for the committee. See the GDPR Compliance page for more information about Data Protection Managers. In addition, the committee will be the main body in the event of an incident and will deal with it promptly and accurately.
Operation promotion responsibility
In order to promote information security management smoothly, the ISMS Secretariat establishes and maintains ISMS based on the instructions of the ISMS management representative. The executing department formulates, implements and evaluates information asset protection measures in its own department, and strives for continuous improvement of ISMS.
Obligations of all employees
All employees involved in the use of information are familiar with and comply with this information security policy and ISMS rules. Any violation of these will be subject to disposal and dismissal in accordance with the regulations.
Auditors and information protection managers regularly verify that they comply with the information security policy and information security regulations.