Privacy Policy

Handling of Customer Confidential Information and Personal Information (Basic Information Security Policies)

Information assets are an important management resource, and it is necessary to use them effectively in business activities, but information assets include the confidential information of corporate customers that must be managed rigorously and personal information that must be protected in accordance with law. The Company believes that ensuring information security through the secure and appropriate management of these information assets is one of the Company’s most important social missions.

It is with this understanding that the Company has prepared regulations for ensuring information security, established structures for reinforcing information security, conducts comprehensive employee education and guidance concerning the secure and appropriate management of information assets, and has taken the following actions to ensure proper handling of information assets.

1. Creation of information security management structures

To ensure secure and appropriate management and protection of information assets in the Company’s possession, the Company complies strictly with laws, regulations, and other rules concerning information security and has created advanced information security management structures to carry out its corporate social responsibility of ensuring information security.

2. Appointment of an Information Security Officer and creation of a Information Security Committee

The Company appointed an Information Security Officer to oversee all information security for the Marsh Group in Japan and established a permanent Information Security Committee. As a result, it is possible to understand the current status of information security and to implement a variety of group-wide policies relating to ensuring information security.

3. Adoption of internal regulations concerning information security

The Company has adopted various internal regulations to promote the protection of personal information. In the future, the Company will adopt internal regulations concerning overall information security including the protection of the confidential information of customers, and will adopt clear initiatives concerning management of information assets overall.

4. Creation of audit systems

The Company will create systems that are able to perform periodic audits of compliance with basic policies, regulations, and rules and the implementation status of various policies concerning information security.

5. Reinforcement of management structures of external service providers

When the performance of services is outsourced, the Company performs reviews of the appropriateness of service providers and with respect to information security, requires that service providers maintain at least the same levels of security that the Company maintains. Also, the Company periodically confirms that these security levels are being maintained, performs continuous reviews of service providers, and is bolstering contractual provisions concerning information security.

6. Protection of personal information

In light of the importance of procedures concerning the protection of personal information, the Company complies with the Act on the Protection of Personal Information as well as other applicable laws, regulations, and guidelines, handles personal information properly, and takes appropriate measures concerning security and management.

(1) Acquisition of personal information

The Company acquires personal information to the extent necessary for its business operations through lawful and fair means only.

(2) Use of personal information

The Company engages in the insurance broker business and risk management consulting business.The Company uses personal information received through its transactions with customers for the following purposes and shall provide such information to services providers to the extent necessary to achieve the intended objectives.

1. Development, proposal, provision, analysis and management of risk management consulting services, products of insurers with which the Company does business, and ancillary and related services
2. Planning, proposal, and implementation of Company events, campaigns, questionnaires, and seminars
3. Performance of business operations under consignment
4. Performance of contracts and transactions
5. Response to inquiries and requests for information
6. Business-related communications (including sending greeting cards and congratulation and condolence arrangements)

The Company does not engage in the use of personal information that exceeds the scope of purposes previously notified, announced, or made clear to the individual in question (“Use of Information Beyond the Intended Purposes”). The Company implements measures to prevent the use of information beyond the intended purposes. If the Company changes the intended uses of personal information, it shall announce the content of the changes by written notice to the individuals concerned or by posting on its Web site and other means.

(3) Measures for the secure management of personal information

The Company has adopted adequate security countermeasures including the adoption of regulations concerning security management and the creation of implementation structures to prevent leaks and loss of and damage to personal information handled by the Company and to otherwise securely manage personal information. The Company also takes appropriate measures to ensure the accuracy of and timeliness of information necessary for achieving the objective of its use.

(4) Provision of personal information to third parties

The Company shall not provide personal information to third parties without the consent of the individual concerned except when permitted by law.

(5) Sharing of Personal Information

For the following purposes, the company may share personal information obtained or provided through such as transactions and inquiries, with Marsh and McLennan companies and their group companies doing business in accordance with common corporate policies with us (please refer to http://www.mmc.com/ ), in paper or electric data. The company is responsible for management of the personal information.

1. Purposes of the sharing

For the purposes described in the item(2) and for management of the group

www.mmc.com  

2. Items of the personal information

Personal information provided to or obtained by the company such as name, address, telephone number, e-mail address, sex, date of birth and any other business information

(6) Complaints and consultations concerning the Company’s handling of personal information or personal information management structures

Complaints and consultations concerning the Company’s handling of personal information or personal information management structures can be made by contacting the Company at the address or telephone number indicated below. A response to the complaint or consultation will be made after confirming the individual’s identity.

If you do not wish to receive product and service information through the mail or other means, please contact the Company as indicated below.

【Complaint and Consultation Contact Information and Hours of Operation】

Tatsuya Imanishi, Information Security Manager
Marsh Broker Japan, Inc.
9-7-1, Akasaka, Minato-ku, Tokyo 107-6216
Tel: 03-6775-6478

Hours of operation: 9:00 a.m. – 5:00 p.m., Monday through Friday (closed on holidays)

Web site : http://www.marsh-mbj.com/en/home.html

(7) Requests for disclosure of Retained Personal Data pursuant to the Act on the Protection of Personal Information

Requests for notice, disclosure, correction, addition to or removal from, suspension of use, deletion, and suspension of provision to third parties (collectively referred to as “Disclosure”) shall be processed after confirming the requesting party’s identity. Requests relating to Retained Personal Data in the possession of an insurer or other company will be forwarded to that company. If an investigation of Retained Personal Data in the Company’s possession indicates that the information is not correct, the information shall be corrected based on those results. Requests for notice or disclosure concerning the use of Retained Personal Data require the payment of a fee (1,000 yen (including consumption tax) per request). Please use the contact information above to make inquiries concerning procedures and application forms.

Adopted: April 1, 2005
Revised: May 15, 2017
Revised: March14, 2019 
Revised: September 1, 2019

Ryuji Sato, Representative Director, Chief Executive Officer
Marsh Broker Japan, Inc.