Revision History

Public interest incorporated foundation, BIWAKO ARTS FOUNDATION Personal Information Protection Regulations

Article 1. Purpose

These Regulations provide for matters necessary to ensure the proper handling of Personal Information held by a public interest incorporated foundation, BIWAKO ARTS FOUNDATION (hereinafter referred to as the “Foundation”) so as to protect rights and interests of individuals associated with the handling of Personal Information.

Article 2. Definitions

1. “Personal Information” as used in these Regulations shall mean information about a living individual, which falls under either of the following.
   1. Information which can identify a specific individual by name, date of birth or other description, etc. (meaning any and all matters (except for Personal Identification Codes) stated or recorded in writing, drawing or electromagnetic records, or expressed in sound or movement, or other means) contained in such information (including such information as will allow easy reference to other information and will thereby enable the identification of a specific individual).
   2. Those containing an Individual Identification Code.
2. “Specific Personal Information” as used in these Regulations shall mean the specific personal information stipulated in the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures” (Act No. 27 of 2013; hereinafter referred to as the “Numbers Use Act”).
3. “Individual Identification Codes” as used in these Regulations shall mean, among characters, numbers, symbols, or other codes falling under any of the following, those set forth below stipulated in the Order for Enforcement of the Act on the Protection of Personal Information (Cabinet Order No. 507 of 2003).
   1. Characters, numbers, symbols, or other codes converting physical feature of a specific individual to be provided for use by computers, which can identify a specific individual
   2. Characters, numbers, symbols or other codes used to identify a specific user, purchaser, or recipient, which are assigned differently for each of them regarding the use of services provided to an individual or the purchase of goods sold to an individual, or which are stated or recorded in an electromagnetic means differently for each of them in a card or other document issued to an individual
   3. Personal Information comprising a Principal’s race, creed, social status, medical history, criminal record, fact of having suffered damage by a crime, or other descriptions etc. stipulated by cabinet order as those of which the handling requires special care so as not to cause unfair discrimination, prejudice or other disadvantages to the Principal. (hereinafter referred to as “Special Care-Required Personal Information”)
4. “Personal Information Database, etc.” as used in these Regulations shall mean a collective body of information comprised by Personal Information as set forth below.
   1. Those systematically organized so as to be searchable for particular Personal Information using a computer.
   2. Besides those set forth in the preceding item, a collective body of information as having been systematically organized so as to be easily searchable for particular Personal Information by putting Personal Information in order in accordance with the certain rules, which has those designed to enable easy search including contents and index.
5. “Personal Data” as used in these Regulations shall mean Personal Information constituting Personal Information Database, etc.
6. “Retained Personal Data” as used in these Regulations shall mean such Personal Data over which the Foundation has the authority to disclose, to correct, add or delete the content, to discontinue its utilization, to erase, and to discontinue its provision to a third party and which is set forth below as harming public interests or other benefits if its existence or non-existence is made clear.
   1. Data which is liable to harm the life, body, or property of the Principal or a third party if its existence or non-existence is made clear.
   2. Data which is liable to foment or induce unlawful or unjust act if its existence or non-existence is made clear.
   3. Data which is liable to hinder prevention, suppression or the investigation of crimes, and other matters concerning upholding public safety and public order if its existence or non-existence is made clear.
7. “Pseudonymized Personal Information” as used in these Regulations shall mean information about an individual to be obtained by processing Personal Information in a way that makes it not possible to identify a specific individual unless collated with other information by taking any of the measures provided for in each item below in accordance with the divisions of Personal Information set forth in those items.
   1. Personal Information falling under Item (1), Paragraph 1: deleting a part of the descriptions, etc. contained in the Personal Information (including replacing with other descriptions, etc. in a way that does not have the regularity enabling to restore a part of such descriptions, etc.)
   2. Personal Information falling under Item (2), Paragraph 1: deleting all Individual Identification Codes contained in the Personal Information (including replacing the Individual Identification Codes with other descriptions, etc. in a way that does not have the regularity enabling to restore a part of such Individual Identification Codes)
8. “Anonymized Personal Information” as used in these Regulations shall mean information about an individual to be obtained by processing Personal Information in a way that makes it not possible to identify a specific individual by taking any of the measures provided for in either item below in accordance with the divisions of Personal Information set forth in those items, which makes the Personal Information not possible to be restored.
   1. Personal Information falling under Item (1), Paragraph 1: deleting a part of the descriptions, etc. contained in the Personal Information (including replacing with other descriptions, etc. in a way that does not have the regularity enabling to restore a part of such descriptions, etc.)
   2. Personal Information falling under Item (2), Paragraph 1: deleting all Individual Identification Codes contained in the Personal Information (including replacing the Individual Identification Codes with other descriptions, etc. in a way that does not have the regularity enabling to restore a part of such Individual Identification Codes)
9. “Information Related to Personal Information” as used in these Regulations shall mean information about an individual which does not fall under any of Personal Information, Pseudonymized Personal Information or Anonymized Personal Information.
10. “Principal” as used in these Regulations shall mean a specific individual identifiable by Personal Information.
11. “Employees” as used in these Regulations shall mean full-time staff, part-time non-regular staff (including those belonging to exclusive vocal ensembles), temporary staff or any other persons, whatever name, who are employed by the Foundation.

Article 3. Specifying a Utilization Purpose

1. The Foundation shall specify the purpose of utilization (hereinafter referred to as the “Utilization Purpose”) to the extent possible when handling Personal Information.
2. The Foundation shall not, when altering a Utilization Purpose, do so beyond the scope recognized reasonably relevant to the pre-altered Utilization Purpose.

Article 4. Restriction due to a Utilization Purpose

1. The Foundation shall not handle Personal Information without obtaining in advance a Principal’s consent beyond the scope necessary to achieve a Utilization Purpose specified pursuant to the provisions under the preceding article.
2. The Foundation shall not, in case of having acquired Personal Information accompanied with succeeding a business from another business operator handling Personal Information due to a merger or other reason, handle the Personal Information without obtaining in advance a Principal’s consent beyond the scope necessary to achieve the pre-succession Utilization Purpose of the said Personal Information.
3. The provisions in the preceding two (2) paragraphs shall not apply to the following cases.
   1. Cases based on laws and regulations, or ordinances (hereinafter referred to as “Laws and Regulations, etc.”)
   2. Cases in which there is a need to protect a human life, body, or property, and when it is difficult to obtain a Principal’s consent.
   3. Cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a Principal’s consent.
   4. Cases in which there is a need to cooperate in performing administrative affairs stipulated by Laws and Regulations, etc. by the state organization or a local government, or a person entrusted by them and when there is a possibility that obtaining a Principal’s consent would interfere with the performance of the said affairs.

Article 5. Restriction due to a Utilization Purpose of Specific Personal Information

1. The Foundation shall not handle Specific Personal Information beyond the scope necessary to achieve a Utilization Purpose specified pursuant to the provisions under Article 3.
2. The Foundation shall not, in case of having acquired Specific Personal Information accompanied with succeeding a business from another business operator handling Specific Personal Information due to a merger or other reason, handle Specific Personal Information beyond the scope necessary to achieve the pre-succession Utilization Purpose of the said Specific Personal Information.
3. The provisions in the preceding two (2) paragraphs shall not apply to the following cases.
   1. Cases based on Laws and Regulations, etc.
   2. Cases in which there is a need to protect a human life, body, or property, and when a Principal’s consent has been obtained or when it is difficult to obtain a Principal’s consent

Article 6. Prohibition of Inappropriate Use

The Foundation shall not utilize Personal Information in a way that is possible to foment or induce unlawful or unjust acts.

Article 7. Proper Acquisition, etc.

1. The Foundation shall not acquire Personal Information by deception or other wrongful means.
2. The Foundation shall not acquire Special Care-Required Personal Information; provided, however, that this shall not apply to cases where there are stipulations in Laws and Regulations, etc. or where it is necessary and indispensable to achieve the purpose of administrative affairs handling Personal Information.

Article 8. Notification etc. of a Utilization Purpose when Acquiring

1. The Foundation shall, in case of having acquired Personal Information except in cases where a Utilization Purpose has been disclosed in advance to the public, promptly notify a Principal of, or disclose to the public, the Utilization Purpose.
2. Notwithstanding the provision under the preceding paragraph, the Foundation shall, in cases where it acquires, accompanied by concluding a contract with a Principal, the Principal’s Personal Information stated in the contract or other document (including a record made by an electronic method, magnetic method, or any other method not recognizable to human senses; the same shall apply in this paragraph) or where it acquires directly from a Principal his or her Personal Information stated in a document, state a Utilization Purpose explicitly to the Principal in advance; provided, however, that this shall not apply to cases where there is an urgent need to protect a human life, body, or property.
3. The Foundation shall, in case of having altered a Utilization Purpose, notify a Principal of, or disclose to the public, the altered Utilization Purpose.
4. The provisions of the preceding three (3) paragraphs shall not apply to those cases set forth below.
   1. Cases in which there is a possibility that notifying a Principal of, or disclosing to the public, a Utilization Purpose would harm the life, body, property, or other rights and interests of a Principal or a third party
   2. Cases in which there is a possibility that notifying a Principal of, or disclosing to the public, a Utilization Purpose would harm the rights or legitimate interests of the Foundation
   3. Cases in which there is a need to cooperate in performing administrative affairs stipulated by Laws and Regulations, etc. by the state organization or a local government and when there is a possibility that notifying a Principal of, or disclosing to the public, a Utilization Purpose would interfere with the performance of the said affairs
   4. Cases in which it can be recognized, judging from the acquisition circumstances, that a Utilization Purpose is clear

Article 9. Assurance of Accuracy

The Foundation shall strive to keep Personal Data accurate and up to date within the scope necessary to achieve a Utilization Purpose.

Article 10. Organizational Security Management

1. The Foundation shall have a person responsible for the protection of Personal Information (hereinafter referred to as the “Protection Supervisor”) for the proper protection of Personal Data and appoint the secretary general to the post.
2. The Foundation shall have a person responsible for the management of Personal Information (hereinafter referred to as the “Management Supervisor”) to properly manage Personal Data in each affiliation and appoint the corporate general manager and each director who are under the control of the Foundation to the posts.
3. The Protection Supervisor shall supervise operations relating to acquisition of Personal Information and protection of Personal Data in the Foundation, and for implementing measures pursuant to the provisions of these Regulations, such as providing education and trainings, implementing security measures, and disseminating them to the Employees.
4. The Management Supervisor shall be responsible for the management of Personal Information and Personal Data within the scope of operations under his/her control, and for properly processing publication, etc. of Retained Personal Data.
5. Persons who are engaged in administrative affairs handling Personal Data in the Foundation shall proceed the work with paying adequate attention pursuant to these Regulations, Laws and Regulations, etc. relating to the handling of Personal Data, and other rules.

Article 11. Means of Confirming Handling Condition

To confirm the handling condition of Personal Information Database, etc. in the affiliation, the Management Supervisor shall prepare and maintain a personal information handling affairs register which records matters in each item below.

1. Name of Personal Information Database, etc.
2. Utilization Purpose of Personal Data
3. Items of Personal Data

Article 12. Obligation to Report and Investigate, etc.

1. Officers, councilors, or the Employees (hereinafter referred to as the “Officers and Employees”) of the Foundation shall, if they learn of leakage of Personal Information to the outside or become aware of a risk thereof, immediately report to the Management Supervisor.
2. The Management Supervisor shall, when he/she receives a report on leakage of Personal Information to the outside by the Officers and Employees, immediately investigate the matter.

Article 13. Reporting and Countermeasures

1. The Management Supervisor shall, if he/she confirms as a result of the investigation pursuant to the preceding article that Personal Information has leaked to the outside, and if there is a possibility that the rights or legitimate interests of a Principal would be harmed, immediately report to the Principal who would be affected, Personal Information Protection Commission and other related organizations besides the president and the Protection
   Supervisor on the matters set forth in each item below.
   1. Scope of Personal Information leaked
   2. Where Personal Information is leaked
   3. Date and time of leakage
   4. Any other facts found by the investigation
2. The Management Supervisor shall, after consultation with the president, the Protection Supervisor, and related organizations, take concrete measures against leakage, and formulate the recurrence prevention measures.

Article 14. Supervision of Officers and Employees

The Foundation shall, when having the Officers and Employees handle Personal Data, exercise necessary and appropriate supervision over those Officers and Employees so as to ensure the security management of the Personal Data.

Article 15. Supervision of Contractors

The Foundation shall, when entrusting the whole or part of the handling of Personal Data, exercise necessary and appropriate supervision over the contractor it entrusts so as to ensure the security management of the entrusted Personal Data.

Article 16. Obligations of Officers and Employees

The Officers and Employees of the Foundation shall not inform others of Personal Information learned in the course of their duties without due reasons or use it for unjustifiable purposes. The same shall apply to after resigning their positions.

Article 17. Restriction on a Third Party Provision

1. The Foundation shall, except in cases set forth below, not provide Personal Data (excluding Specific Personal Information) to a third party without obtaining in advance a Principal’s consent.
   1. Cases based on Laws and Regulations, etc.
   2. Cases in which there is a need to protect a human life, body, or property, and when it is difficult to obtain a Principal’s consent
   3. Cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a Principal’s consent
   4. Cases in which there is a need to cooperate in performing administrative affairs stipulated by Laws and Regulations, etc. by the state organization or a local government, or a person entrusted by them and when there is a possibility that obtaining a Principal’s consent would interfere with the performance of the said affairs
2. The Foundation may, with respect to Personal Data provided to a third party, in cases where it is set to cease, in response to a Principal’s request, a third-party provision of Personal Data that can identify the Principal and when it has in advance informed a Principal of those matters set forth below or put them into a state where a Principal can easily know, provide the said Personal Data to a third party notwithstanding the provisions of the preceding paragraph.
   1. To set a third-party provision as a Utilization Purpose
   2. Items of Personal Data provided to a third party
   3. A method or means of a third-party provision
   4. To cease, in response to a Principal’s request, a third-party provision of Personal Data that can identify the Principal
3. The Foundation shall, if it changes those matters set forth in item (2) or (3) of the preceding paragraph, notify in advance a Principal of the contents to be changed or put them into a state where a Principal can easily know.
4. In the cases set forth below, a person receiving the provision of the said Personal Data shall not fall under a third party with respect to applying the provisions of the preceding three (3) paragraphs.
   1. Cases in which the Foundation entrusts the whole or part of the handling of the Personal Data within the scope necessary to achieve a Utilization Purpose
   2. Cases in which Personal Data is provided associated with business succession due to a merger or other reason
   3. Cases in which Personal Data is jointly utilized with a specific person, and when a Principal has been informed in advance or a state has been in place where a Principal can easily know to that effect as well as of the items of the jointly utilized Personal Data, the scope of a jointly utilizing person, the Utilization Purpose for the utilizing person and the name or appellation of a person responsible for managing the said Personal Data
5. The Foundation shall, if it changes a Utilization Purpose for a utilizing person or the name or appellation of a person responsible for managing Personal Data provided for in Item (3) of the preceding paragraph, notify in advance a Principal of the contents to be changed or put them into a state where a Principal can easily know.

Article 18. Restriction on Provision to a Third Party in a Foreign Country

The Foundation shall, in case of providing Personal Data to a third party in a foreign country (meaning a country or region located outside the territory of Japan), take measures based on Laws and Regulations, etc. such as obtaining in advance a Principal’s consent to the effect that he or she approves the provision to a third party in a foreign country.

Article 19. Records on Provision to a Third Party

1. The Foundation shall, if it provides Personal Data to a third party (excluding persons set forth in each item of Paragraph 2, Article 16 of the Act on the Protection of Personal Information (Act No. 57 of 2003; hereinafter referred to as the “Act”); the same shall apply to this article and the next article), prepare records on the matters set forth in each item below in writing or using electromagnetic records; provided, however, that this shall not apply to cases where such Personal Data falls under each item of Paragraph 3, Article 4 or each item of Paragraph 4, Article 17.
   1. Date of providing the Personal Data
   2. To the effect that a Principal’s consent is obtained
   3. The name or appellation of the third party or otherwise matters sufficient to specify the third party (when provided to a large number of unspecified persons, to that effect)
   4. The name of a Principal who will be identified by the Personal Data or any matters sufficient to specify the Principal
   5. Items of the Personal Data
2. The records in the preceding paragraph shall be promptly prepared each time Personal Data is provided to a third party.
3. Notwithstanding the provision of the preceding paragraph, in a case where Personal Data has been provided to a third party continuously or repeatedly, or where the provision is expected to be certain, the records may be prepared in a lump.
4. Notwithstanding the provision of Paragraph 1, in a case where Personal Data pertaining to the Principal is provided to a third party in connection with the provision of goods or service to the Principal, when matters provided for in each item of Paragraph 1 are stated on the contract or other documents prepared in relation to the said provision, the records may be replaced with such documents.
5. Of the matters provided for in each item of Paragraph 1, with respect to those having the same content as the matters recorded in the records prepared by the method stipulated in Paragraph 1 through the preceding paragraph (only when such records are retained), records of the relevant matters may be omitted.
6. The Foundation shall keep the records prepared pursuant to the provisions in Paragraph 1 through the preceding paragraph respectively for the period set forth in each item below from the day when it prepared the records.
   1. When having prepared the records by the method provided for in Item (3); the period until the day when three (3) years elapse from the date when the Foundation last provided Personal Data pertaining to such record
   2. When having prepared the records by the method provided for in Item (4); the period until the day when one (1) year elapses from the date when the Foundation last provided Personal Data pertaining to such record
   3. Cases other than the preceding two (2) items: three (3) years

Article 20. Confirmation and Records when Receiving a Third Party Provision

1. The Foundation shall, when receiving a provision of Personal Data from a third party, confirm respectively according to the matters set forth in each item below by the method provided for in relevant item; provided, however, that this shall not apply to cases where the provision of such Personal Data falls under each item of Paragraph 3, Article 4 or each item of Paragraph 4, Article 17.
   1. The name or appellation of the third party, or in the case of a corporation, the name of the representative (except for those falling under the matters set forth in Item (3)); an appropriate method such as receiving a declaration from a third party who provides the Personal Data
   2. Circumstances under which the Personal Data is acquired by the third party (except for those falling under the matters set forth in the next item); an appropriate method such as receiving presentation from the third party who provides the Personal Data of an agreement or other documents showing the circumstances of acquisition of the Personal Data by the third party
   3. Matters to which confirmation by the method provided for in the preceding two (2) items has already been done when receiving the provision of other Personal Data form the third party (limited to cases where records are prepared and retained by the method provided for in the next Paragraph through Paragraph 7 for the said confirmation); a method of confirming that the content of the said matters and that of the matters set forth in the preceding two (2) items pertaining to the provision is the same
2. The Foundation shall, when having performed confirmation in the preceding paragraph, prepare records respectively according to the categories set forth in each item below on the matters provided for in each applicable item in writing or using electromagnetic record.
   1. When receiving the provision of Personal Data pursuant to the stipulation of Paragraph 2, Article 27 of the Act (Third Party Provision by Opt-Out); matters set forth below
      1. Date of receiving provision of Personal Data
      2. Matters set forth in each item of the preceding paragraph
      3. The name of a Principal who will be identified by the Personal Data, and other matters sufficient to specify the Principal
      4. Items of the Personal Data
      5. To the effect that it is publicly disclosed pursuant to the stipulation of Paragraph 4, Article 27 of the Act
   2. When receiving the provision of Personal Data pursuant to the stipulation of Paragraph 1, Article 27 of the Act (Third Party Provision based on a Principal’s Consent) or Article 28 of the Act (Provision to a Third party in a Foreign Country); matters set forth below.
      1. To the effect that a Principal’s consent is obtained
      2. Matters set forth in a. through e. in the preceding item
   3. When receiving the provision of Personal Data from a third party other than a personal information handling business operator as provided for in Paragraph 2, Article 16 of the Act; matters set forth in Item (1) a. through e.
3. The records in the preceding paragraph shall be promptly prepared each time provision of Personal Data by a third party is received.
4. Notwithstanding the provision of the preceding paragraph, in a case where provision of Personal Data by a third party has been received continuously or repeatedly, or where receiving the provision is expected to be certain, the records may be prepared in a lump.
5. Notwithstanding the provision of Paragraph 2, in a case where provision of Personal Data pertaining to the Principal by a third party is received in connection with the provision of goods or service to the Principal, when items provided for in each item of Paragraph 2 are stated on the contract or other documents prepared in relation to the said provision, the records may be replaced with such documents.
6. Of the matters provided for in each item of Paragraph 2, with respect to those having the same content as the matters recorded in the records prepared by the method stipulated in Paragraph 2 through the preceding paragraph (only when such records are retained), records of the relevant matters may be omitted.
7. The Foundation shall keep the records prepared pursuant to the provisions in Paragraph 2 through the preceding paragraph respectively for the period set forth in each item below from the day when it prepared the records.
   1. When falling under Item (4); the period until the day when three (3) years elapse from the date when the Foundation last received the provision of Personal Data pertaining to such record
   2. When having prepared the records by the method provided for in Item (5); the period until the day when one (1) year elapses from the date when the Foundation last received the provision of Personal Data pertaining to such record
   3. Cases other than the preceding two (2) items; three (3) years from the date when the records were prepared

Article 21. Request for Measures to a Person who Receives Information Related to Personal Information

The Foundation shall, when finding it necessary in providing Information Related to Personal Information to a third party (limited to cases where it is assumed that the third party will acquire the Information Related to Personal Information as Personal Information) impose restrictions, if deemed necessary, of the purpose or method of utilization or any other restrictions with respect to Information Related to Personal Information pertaining to the provision on the third party, or request the person take necessary measures to prevent leakage of and for the proper management of Information Related to Personal Information.

Article 22. Publication, etc. of Matters relating to Retained Personal Data

1. The Foundation shall, with respect to Retained Personal Data, make matters set forth below accessible by a Principal (including providing answers without delay at a Principal’s request).
   1. The name of the Foundation
   2. The Utilization Purpose of Retained Personal Data (excluding cases that falls under Item (1) through Item (3), Paragraph 4, Article 8)
   3. The procedures to respond to the requests stipulated in Paragraph 2 of the next article, Paragraph 2, Article 24, or Paragraph 2 or Paragraph 3 of Article 25
   4. Measures taken for security management of Retained Personal Data (excluding cases where making it accessible by a Principal (including providing answers without delay at a Principal’s request) is liable to interfere with the security management of the Retained Personal Data)
   5. The party to whom complaints about the handling of Retained Personal Data by the Foundation are submitted
2. The Foundation shall, if requested by a Principal to provide a notice on the Utilization Purpose of Retained Personal Data that can identify the Principal, do no without delay, except in cases falling under any of the following items.
   1. When the Utilization Purpose of Retained Personal Data that can identify the Principal has been made clear
   2. When falling under Item (1) through Item (3), Paragraph 4, Article 8
3. The Foundation shall, if it decides not to notify the Utilization Purpose of Retained Personal Data so requested under the provision of the preceding paragraph, notify the Principal to that effect without delay.

Article 23. Disclosure

1. Any person may, pursuant to the provisions of these Regulations, demand that the Foundation disclose (including notifying the Principal, if there is no Retained Personal Data that can identify the Principal, to that effect; the same shall apply hereinafter) Retained Personal Data in which the person making a request is a Principal.
2. The Foundation shall, when requested to make disclosure by a Principal, disclose it to the Principal; provided, however, that the Foundation may not, if the disclosure falls under any of the items below, disclose all or a part of it:
   1. Cases in which there is a possibility that the life, body, property or other rights and interests of a Principal or third party would be harmed
   2. Cases in which there is a possibility of interfering seriously with proper implementation of the Foundation’s operation
   3. Cases in which disclosure would violate Laws and Regulations, etc.
3. The Foundation shall, if it decides not to disclose the whole or part of Retained Personal Data so requested under the provision of the preceding paragraph, notify the Principal to that effect without delay.
4. Disclosure shall be made without delay by the following methods requested by the Principal; provided, however, that the Foundation may do so with copies, etc. if it deems the disclosure would impair retention of the Retained Personal Data or otherwise if there are due reasons.
   1. Documents, drawings or photographs; browsing or delivery of copies
   2. Electromagnetic records; methods according to the type of electromagnetic records set forth below; provided, however, that if such method is difficult, disclosure shall be made by the method deemed appropriate by the Foundation.
      1. Recording tape or recording disk; listening of the recorded tape or recorded disk played back by an equipment possessed by the Foundation, or delivery of those copied to the recording cassette tape
      2. Video tape or video disk; listening of the video tape or video disk played back by an equipment possessed by the Foundation, or delivery of those copied to the video cassette tape
      3. Other electromagnetic records; those that can be disclosed by an equipment or programs (meaning an order to a computer, which is combined to be able to obtain one (1) result) possessed by the Foundation by the following methods
         1. Browsing or delivery of copies of an output of the electromagnetic records on papers
         2. Browsing or listening of the electromagnetic records played back, or delivery of copies
5. In a case where it is stipulated by Laws and Regulations, etc. that the whole or part of Retained Personal Data that identifies a Principal shall be disclosed to the Principal by the methods equivalent to the methods provided for in the preceding paragraph, the provisions of the text of Paragraph 2 shall not apply to the said whole or part of Retained Personal Data.
6. The provisions in Paragraph 1 through Paragraph 4 shall apply mutatis mutandis to the records set forth in Paragraph 1, Article 19 pertaining to Personal Data that can identify the Principal, and records in Paragraph 2, Article 20 (excluding those stipulated by Laws and Regulations, etc. as harming public interests or other benefits by clarifying its existence or non-existence).

Article 24. Correction, etc.

1. Any person may, if he/she recognizes that contents of Retained Personal Data in which the person is a Principal are not factual, demand that the Foundation make a correction, addition or deletion (hereinafter referred to as a “Correction, etc.” in this Article) pursuant to the provisions of these Regulations.
2. The Foundation shall, in case of having received a demand pursuant to the provision of the preceding paragraph except in cases where special procedure concerning a Correction, etc. of the contents is stipulated by the provisions of Laws and Regulations, etc., conduct a necessary investigation without delay to the extent necessary to achieve a Utilization Purpose and, based on the result thereof, make a Correction, etc. of the contents of the Retained Personal Data.
3. The Foundation shall, when having made a Correction, etc. on the whole or part of the contents of the Retained Personal Data demanded pursuant to the provisions of the preceding paragraph or when having decided not to make a Correction, etc., notify a Principal without delay to that effect (including, when having made a Correction, etc., the contents thereof).

Article 25. Utilization Cease, etc.

1. Any person may, in cases where Retained Personal Data in which the person is a Principal is being handled in breach of the provisions of Article 4, Article 5 or Article 6, or where he/she recognizes that it has been acquired in breach of the provisions of Article 7 and when there is a possibility that the Principal’s rights or legitimate interests may be harmed, demand that the Foundation cease to utilize or delete the Retained Personal Data (hereinafter referred to as “Utilization Cease, etc.” in this article) pursuant to the provisions of these Regulations.
2. The Foundation shall, in a case where it has received a demand of Utilization Cease, etc. from a Principal and when it has become clear that there is a reason in the demand, fulfill Utilization Cease, etc. of the Retained Personal Data to the extent necessary to correct the breach without delay; provided, however, that this shall not apply to cases where a Utilization Cease, etc. of the Retained Personal Data requires a large amount of expenses or where it is difficult to fulfil Utilization Cease, etc. and when necessary alternative action is taken to protect a Principal’s rights and interests.
3. The Foundation shall, in a case where it has received a demand from a Principal to cease the provisions to a third party of the Retained Personal Data on the grounds that Retained Personal Data that can identify the Principal has been provided to the third party in breach of the provision of Paragraph 1, Article 17 and when it has become clear that there is a reason in the demand, cease to provide the Retained Personal Data to the third party without delay; provided, however, that this shall not apply to cases where the cease of provisions to a third party requires a large amount of expenses or where it is difficult to cease the provision to a third party and when necessary alternative action is taken to protect a Principal’s rights and interests.
4. The Foundation shall, when having fulfilled Utilization Cease, etc. on the whole or part of Retained Personal Data demanded pursuant to the provisions of Paragraph 2, or when having decided not to fulfill Utilization Cease, etc., or when having ceased to provide the whole or part of Retained Personal Data to a third party as demanded pursuant to the provision of the preceding paragraph, or when having decided not to cease to provide to a third party, notify the Principal without delay to that effect.

Article 26 Explanation of Reasons

The Foundation shall, if it notifies a Principal that it will not take the whole or part of measures that the Principal has demanded or that it will take different measures pursuant to the provisions of Paragraph 3, Article 22, Paragraph 3, Article 23, Paragraph 3, Article 24, or Paragraph 4 of the preceding article, clarify the reasons and notify the Principal thereof.

Article 27. Procedures to Respond to Demand of Disclosure, etc.

1. The Foundation separately provides for the matters set forth below as the method for receiving the demands under Paragraph 2, Article 22, Paragraph 2, Article 23, Paragraph 2, Article 24, or Paragraph 2 or Paragraph 3, Article 25 (hereinafter referred to as “Demand for Disclosure, etc.” in this article”).
   1. The party to whom Demand for Disclosure, etc. is submitted
   2. The form of documents (including electromagnetic records) that should be submitted at the time of Demand for Disclosure, etc. or other methods for Demand for Disclosure, etc.
   3. The method for identifying that the person making Demand for Disclosure, etc. is a Principal or an agent provided for in Paragraph 3
2. The Foundation may request a Principal, in relation to Demand for Disclosure, etc., to present matters sufficient to specify the Retained Personal Data that would be subject to disclosure. In this case, the Foundation shall take appropriate measures in consideration of a Principal’s convenience such as providing information conducive to specify the Retained Personal Data so that the Principal would be able to easily and precisely make a Demand for Disclosure, etc.
3. Demand for Disclosure, etc. may be made by an agent set forth below.
   1. A statutory agent of a minor or an adult ward
   2. An agent entrusted by a Principal as to making Demand for Disclosure, etc.

Article 28. Burden of Expenses

Persons who receive delivery of copies, etc. of Retained Personal Data pursuant to the provisions of Paragraph 4, Article 23 shall bear the expenses required for creating such copies, etc. pursuant to the rules separately provided for. In this case, persons desiring to ship the copies, etc. shall bear also the actual cost required for posting.

Article 29. Handling of Specific Personal Information

The Foundation shall separately stipulate the matters necessary for securing the proper handling of Specific Personal Information.

Article 30. Handling of Complaints

The Foundation shall appropriately and promptly deal with any complaints regarding the handling of Personal Information.

Article 31. Creation, etc. of Pseudonymized Personal Information, etc.

The president separately stipulates matters relating to the creation and other handling of Pseudonymized Personal Information and Anonymized Personal Information.

The provisions of Paragraph 2, Article 3, Article 13, and Articles 22 through 28 shall not apply to Pseudonymized Personal Information, Personal Data which is Pseudonymized Personal Information, and Retained Personal Data which is Pseudonymized Personal Information.

Article 32. Delegation

Besides those provided for in these Regulations, matters necessary in relation to enforcement of these Regulations shall be stipulated by the president.