The Doshisha Home > Privacy Policy > Rules for Protecting Personal Information

Rules for Protecting Personal Information

Established March 26, 2005

Article 1 (Aims)
  1. These rules specify the basic items related to the handling of personal information that is held at The Doshisha and at all the schools within The Doshisha (henceforth referred to as “the Schools”), with the aims of clarifying responsibilities at the Schools regarding the collection, management and use of personal information, and of contributing to the proper protection of personal information.
Article 2 (Definitions)
  1. The “personal information” referred to in these rules is personal information related to university students, high school students, elementary school students and kindergarten students, their guarantors, guardians, family members, relatives or other related persons, and administrators, staff members or other employees, regardless of whether they are currently enrolled or employed, were enrolled or employed in the past, or are being considered for enrollment or employment in the future. This information was obtained or created by the Schools for operational purposes and identifies or may possibly identify specific individuals.
  2. The “information subject” referred to in these rules is the individual who is identified or may be identified from the personal information.
Article 3 (Responsibilities)
  1. The Schools must be aware of the importance of protecting personal information. In addition to taking measures required for protecting personal information, the Schools must make every effort to protect privacy when collecting or using personal information, respecting the basic human rights of the information subject.
  2. Administrators and staff members who are employed by the Schools or who were employed by the Schools in the past must not release any personal information that they accessed during their work or use this information for any improper purpose.
Article 4 (Establishment of Personal Information Protection Committees)
  1. Personal Information Protection Committees shall be established at school Juridical Person Office and at each school to deliberate matters related to protecting personal information.
Article 5 (Appointment of Managers)
  1. The Schools shall appoint personal information managers (henceforth referred to as “managers”) for each area of personal information responsibility, to ensure that the aims of these rules are achieved.
  2. When the managers receive advice, guidance or other feedback from a Personal Information Protection Committee regarding the handling of personal information for which they are responsible, they must promptly take corrective action or any other required measures.
Article 6 (Restrictions and Methods of Collection)
  1. When personal information is collected, the usage objectives and the scope required for purposes of the education, research and operation at the Schools must be clarified, and the scope must be the minimum required to achieve those objectives.
  2. The collection of personal information must be performed directly from the information subject, using correct and fair methods. However, note that if any of the following conditions apply, information may be collected from a third party.
    • (1) Cases in which permission has been given by the information subject
    • (2) Cases in which it is determined that there is an emergency or unavoidable circumstance where action is needed to protect the safety of the person’s life, body, health or property
    • (3) Cases in which action is based on law
    • (4) Cases in which information is collected based on the rules specified by the Schools
    • (5) Other situations where a Personal Information Protection Committee determines that aims cannot be achieved or operations will be impeded if only information collected from the individual is used
  3. When collecting personal information from a third party, great care must be taken not to infringe the information subject’s rights and privacy.
  4. When collecting personal information, with the exception of the items that the Schools specify in documents such as the school code and company rules, in general, the following points must be clarified, and the agreement of the information subject must be obtained.
    • (1) Aim of collection
    • (2) Application
    • (3) Holding period
  5. Regardless of the reason, personal information must not be collected that is related to creed, beliefs or religion, or which may be used as a basis for social discrimination.
Article 7 (Usage and Supply Restrictions)
  1. The collected personal information must not be used other than for the specified usage objectives, and it must not be supplied to a third party. However, note that an exception is made if any of the following conditions apply.
    • (1) When permission has been given by the information subject
    • (2) When it is determined that there is an emergency or unavoidable circumstance where action is needed to protect the safety of the person’s life, body, health or property
    • (3) When action is based on law
    • (4) Other situations where a Personal Information Protection Committee determines a requirement or equivalent reason
Article 8 (Correct Management)
  1. To protect the safety of personal information and maintain trust, managers must take the required measures for preventing the leaking, loss, damage or falsification of the personal information for which they are responsible.
  2. The managers must make every effort to keep the information for which they are responsible correct and up to date, in accordance with the aims of holding that information.
  3. When information for which they are responsible is no longer required, the managers must destroy or erase this information quickly and correctly.
Article 9 (Restrictions on Taking Information Outside Schools)
  1. Personal information must not be taken outside the Schools. However, note that an exception is made if a manager approves or if operations using personal information are delegated to persons outside the school.
  2. If operations are entrusted as described in the preceding clause, an agreement must be made with the party that will perform the entrusted work regarding the items required for protecting personal information.
  3. Note that regardless of the restriction in Clause 1, when documents are required by staff members for administrating classes, such as test papers, dissertations, reports and others, or when documents are legitimately required for administrating educational activities, they are excepted from the restriction of taking information outside the Schools.
  4. In the case of the preceding clause, the staff member who holds the personal information is regarded as the manager of that information.
Article 10 (Disclosure Requests and Disclosure Restrictions)
  1. Information subjects can request that managers disclose the personal information that the Schools hold about the subjects themselves.
  2. In the case of a request as described in the preceding clause, the manager must disclose the corresponding personal information. However, note that if it is determined that there is a legitimate reason not to disclose the personal information, it is possible not to disclose some or all of the information by notifying the subject of the reason in writing.
Article 11 (Corrections or Deletions)
  1. If information subjects determine that there are errors in the personal information related to the subjects themselves, they can request in writing that the manager corrects or deletes the corresponding areas.
  2. In the case of a request as described in the preceding clause, the manager must perform an inspection and check without delay, take the required measures, and then notify the information subject of the results in writing. If the corrections or deletions are not possible, the information subject must be notified of the reasons in writing.
Article 12 (Filing of Complaints)
  1. If information subjects have a complaint about the action taken based on the regulations in Article 10 Clause 2 and Article 11 Clause 2 regarding their own personal information, they can file a complaint in writing to a Personal Information Protection Committee.
  2. When a Personal Information Protection Committee receives a complaint based on the preceding clause, it must promptly deliberate the case and make a decision, and then notify the information subject of the results in writing.
Article 13 (Delegation of Authority)
  1. The specific operation of these rules is specified at each school within The Doshisha.
Article 14 (Reports)
  1. If an error such as the leaking or falsification of information occurs when handling personal information at the Schools, the school principal or head of the corporate administration department must report to Chair of the board of trustees without delay.
Article 15 (Rule Revisions)
  1. Any revisions to these rules will be decided at Board of trustees.
Supplementary Provision

These rules shall take effect from April 1, 2005.

Top