The H&R Group K.K. of companies, consisting of H&R Consultants K.K. Relo Japan K.K., and Staffing Japan K.K., is committed to information security and dedicated to protecting both the personal information of the H&R Group K.K.’s customers and our business. If you have any questions about this Privacy Policy, please contact us at privacy(at)morethanrelo.com.

1.  Purpose

1.1  The H&R Group K.K. is committed to protecting the personal information provided to us by the H&R Group K.K.’s clients, and to adhering to all relevant privacy laws and regulations* regarding same. As a part of this commitment, we want the H&R Group K.K.’s clients to understand how we treat their information.

2.  Privacy Basics

2.1  Personal information for this policy refers to the United States National Institute of Standards and Technology’s definition of “personally identifiable information.” This definition includes any information that can be used to distinguish or trace an individual’s identity, or any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

2.2  The H&R Group K.K. is certified under ISO 27001:2013, an internationally recognized information security management standard that verifies that an organization’s ability to effectively apply a security framework to business processes to identify, manage and reduce risks to information security at all levels, and in all areas of the business. Our information security management system (ISMS) for was certified compliant with ISO 27001 requirements on February 26, 2018 by Intertek, an external independent certification authority.

View certificate here: ISO 27001:2013 Certification

3.  Client Rights

3.1  The H&R Group K.K.’s client’s may request a report of the personal information they have entrusted to us. To request a report of your personal information, please send a request to privacy(at)morethanrelo.com.

3.2  Upon request, H&R Group K.K. will delete a client’s personal information unless it must be retained as described in section 6.3.2. Please note that if services initiated to us by the client have not been completed, this request may result in our inability to complete these services.

3.3  H&R Group K.K. websites will prominently display a link to this Privacy Policy to ensure our clients understand their options, and our commitment to their privacy.

4.  Collection of Personal Information

4.1  Websites

4.1.1      The H&R Group K.K. does not collect personal information from visitors to our website, unless you choose to provide such information to us via a webform.

4.1.2      H&R Group K.K. websites use browser cookies to track usage of our websites. Anonymized data is used by analytics software installed on our sites, including Jetpack and Google Analytics, to give us an idea of how many people are using our sites and how they are using our sites. None of this information is personably identifiable. See the H&R Group Cookie Policy.

4.1.3      The H&R Group K.K. may from time to time provide links to third-party websites, products, and services for informational purposes only. These links do not constitute an official endorsement by the H&R Group K.K., and clients should consider that these third parties have not agreed to abide by our policies when deciding to visit those sites or not.

4.2  General Collection

4.2.1      The H&R Group K.K. collects personal information using the “minimum necessary” principle. Only personal information essential to completing services initiated to us by the client should be collected, used, and maintained.

4.2.2      To complete initiated services, we may require personal information such as, but not limited to:

Names, date of births, passport numbers, physical addresses, email addresses, mailing addresses, phone numbers, bank account information, credit card information, employment contract information, visa information.

4.2.3      The H&R Group K.K. collects information deemed necessary to provide services through Microsoft Office 365 email, which is TLS encrypted and “Send this file,” a file transfer system featuring SSL encryption and the ability to track and monitor how many times a file was downloaded, who downloaded it, and ability to create detailed exportable audit transfer logs.

Other methods of collection may include, but are not limited to: relocation management company portal sites, employer HR representatives, Face to face meetings, Telephone and fax, Interaction with the H&R Group K.K.’s websites and tools

5.  Usage of Personal Information

5.1  The H&R Group K.K. uses personal information under the principal of “minimum necessary.” Only personal information essential to completing services initiated to us by the client should be collected, used, and maintained as a part of those services.

5.2  The H&R Group K.K. may also use personal information for internal purposes such as auditing, data analysis, training, and research to improve the H&R Group K.K.’s products, services, and communications.

5.3  In extreme circumstances, the H&R Group K.K. may use personal information when failing to do so will result in imminent threat to a person’s life or public safety.

5.4  In extreme circumstances, the H&R Group K.K. may use personal information as required to comply with valid requests from law enforcement or to aid internal investigations into unlawful activities.

5.5  Personal information collected by the H&R Group K.K. from the H&R Group K.K.’s clients is for business purposes and activities only. These include, but are not limited to:

  • completing services initiated to us by the client
  • for billing purposes
  • to contact clients about the H&R Group K.K.’s provision of services
  • to maintain account details
  • to provide information on request about the H&R Group K.K.’s products and services
  • to undertake client satisfaction surveys and to tailor H&R Group K.K. information, services or products to improve and enhance those services and products provided to the H&R Group K.K.’s clients
  • To promote brand awareness, provide information to our clients about life in Japan, and make them aware of products and services that may be of interest

6.  Disclosure of Personal Information

6.1  The H&R Group K.K. will not provide the H&R Group K.K.’s client’s personal information to third parties, except where it is necessary to the provision of destination or other services that have been initiated to us by the client.

6.2  The H&R Group K.K., to complete services initiated to us by the client, may need to share personal information with other companies who have signed contracts affirming that they have read, understood, and agree to abide by the H&R Group Privacy Policy and all relevant privacy laws.

6.3  The H&R Group K.K., to complete services initiated to us by the client, may need to share personal information with other companies who do not have signed contracts affirming that they have read, understood, and agree to abide by our Privacy Policy. The H&R Group K.K. will always make best efforts to introduce parties who are compliant with all relevant privacy laws, but we are unable to maintain vendor contracts with all parties whom we may introduce, based on the services requested. The H&R Group K.K. will always make best efforts to confirm that consent has been provided by its clients before the introduction of such parties.

6.4  As a user of cloud services, the H&R Group K.K. retains personal information on servers located in Japan, and Hong Kong. The H&R Group K.K. will take all reasonable steps to ensure that no person or entity breaches our policies or relevant laws in regard to this data.

6.5  In the rare event that H&R Group K.K. is required to disclose personal information to law enforcement agencies, government agencies or external advisers. H&R Group K.K. will only do so in accordance with the applicable laws and regulations.

7.  Staff Training

7.1  The H&R Group K.K. will ensure that staff understand and follow procedures when handling personal information that adhere to regulatory standards and our privacy policy, including:

  1. Regular training to ensure all staff are familiar with the requirements of our Information Security Management Systems (ISMS), which are based on ISO/IEC 27001:2013 and systemically protect both client and company information assets.
  2. Regular training on encryption best practices.
  3. Regular training on password and password management system best practices outlined in the H&R Group Password Policy.

8.  Data Integrity

8.1  The H&R Group K.K. must have accurate data to complete services initiated to us by the client, and we use all reasonable measures to ensure that the personal information entrusted to us is accurate.

8.2  If a client believes their personal information entrusted to us is inaccurate in anyway, they should contact their consultant, or email us at privacy(at)morethanrelo.com.

9.  Data Security, Retention, and Disposal

9.1  Data Security

9.1.1  The H&R Group is committed to information security, and industry best practices are used at operational, procedural, and policy levels to systemically protect personal information entrusted to us from loss or unauthorized access, destruction, use, modification or disclosure.

9.1.2      Data is kept either within the H&R Group K.K.’s dedicated server hosted in Japan, or in the H&R Group K.K.’s client database which is hosted in Hong Kong. We limit access to personal information in several ways,

9.1.3      Within the H&R Group K.K.’s dedicated server we pool personal information into a specific location and maintain strict access control over same via active directory permissions using principals of access enforcement, separation of duties, and least privilege. This dedicated server is accessible only through an encrypted network VPN, which is locked by IP address to the H&R Group K.K.’s physical offices. Authorized users may be given access outside of the physical offices, if required, via VPN client.

9.1.4       The H&R Group K.K.’s cloud server hosting the client database is also locked by IP address to the H&R Group K.K.’s physical offices and strict access is control is maintained via login and user permissions, established using principals of access enforcement, separation of duties, and least privilege, are assigned through the application. The application was built to conform to the best practices outlined by OWASP and data is SSL encrypted. Authorized users may be given access outside of the H&R Group K.K.’s physical offices, if required, via VPN client.

9.1.5      H&R Group K.K staff are required to use strong passwords on all logins, as mandated by the H&R Group Password Policy. The weakest password format allowed is 15 random characters: including uppercase, lowercase, numbers, and special characters. The strongest are 20 character, random “mnemonic passwords.”

9.1.6      All H&R Group K.K. computers are secured via an enterprise IT management tool, “Sky Sea Client View,” which allows us to monitor events that could affect the confidentiality of Private Information.

9.1.7     If the H&R Group K.K. experiences a security breach involving the loss of private information, we will:

  1. Notify impacted clients in writing.
  2. Assist impacted clients in preventing or limiting negative impacts of the breach.
  3. Outline what steps have been taken to remedy the problem which lead to the breach.

9.2 Data Retention

9.2.1      The H&R Group K.K. retains personal information using the “minimum necessary” principle. Only personal information essential to completing services initiated to us by the client should be collected, used, and maintained.

9.2.2      The following circumstances will require us to keep a client’s data after their services are completed.

  1. The data is required for compliance with a legal obligation to which the H&R Group K.K. is subject.
  2. If the client opts not to unsubscribe from the H&R Group Newsletter, their information will be retained in the mailing list.

9.4  Data Disposal

9.4.1      The H&R Group K.K. will dispose of personal information that is no longer required to complete services initiated to us by the client on a standard schedule, unless it must be retained as described in 6.3.2 above (for example, invoices must by law be retained for a minimum of 7 years in Japan).

10.         Insurance Business Specific

10.1          Group company H&R Consultants operates as both an insurance agency and a real estate agency. Personal information collected while completing real estate services will be shared to process insurance applications only if that service is initiated to us by the client.

10.2          Personal information shared with our respective insurance company partners is used in diverse ways to provide services. Their individual policies are available on their respective websites.

10.2.1    H&R conducts business with, and may share information as described above, with these companies:

  1. Sompo Japan Insurance Inc. (www.sjnk.co.jp)
  2. Chubb Insurance Japan (www2.chubb.com/jp-en)
  3. Tokio Marine & Nichido Fire Insurance Co., Ltd. (www.tokiomarine-nichido.co.jp/en)
  4. Jutaku Hosyo Kyosaikai (www.kyousaikai.co.jp)

11.         Changes to this Policy

11.1          This policy may be reviewed and amended from time to time without notice to reflect current law and continual improvements to the H&R Group K.K.’s ability to protect personal information. These changes will be displayed publicly on this page, which represents the official privacy policy of the H&R Group

12.         Questions or Inquiries

12.1          If client have any questions or inquiries about the H&R Group K.K.’s personal information practices or about this Privacy Policy, please feel free to send an e-mail to privacy(at)morethanrelo.com.

 

*Japan’s Act on the Protection of Personal Information (Act No. 57 of 2003, amended 2015).

Updated 20180618

Contact Us
Contact Us Page
Japan Time is now
Tokyo : +81-(0)3-5449-7220
Nagoya : +81-(0)52-973-3973
Kobe (Osaka) : +81-(0)78-325-3650