Basic Policy for Information Asset Protection Management
Enacted on September 26, 2018
- １．Basic concept
QOLead, Limited (hereinafter referred to as the “Company”) shall observe the laws and regulations relating to the protection of personal information of customers and shareholders, based on the importance of this information and the social responsibility of the Company as a holder of such information; and shall protect and manage such information assets properly.
- ２．Basic handling of information assets
The Company shall handle information assets as follows:
（１）Collection of information
The Company shall announce or notify customers and shareholders about the purpose of using the information to be collected and collect the information in a proper manner.
（２）Use of information assets
The Company shall use information assets to the extent necessary to achieve the announced purpose of its use and shall not use it for any other purposes.
（３）Assurance of accuracy of information assets
The Company shall work to maintain the accurate and updated content of information assets to the extent necessary to achieve the announced purpose of its use.
- ３．Promotion of information asset protection management （Implementation of safety control measures）
The Company shall take the following necessary and proper measures to obviate the leak, loss, or damage of information assets.
（１）Establishment of system
The Company shall establish a system to promote the protection of information assets, while at the same time work to plan, draft, and promote more effective protection of information assets. It shall also regularly check the conditions of information asset protection so that proper reports and improvements can be made to the relevant persons including the Company’s management.
（２）Establishment of company regulations
The Company shall stipulate a “Personal information protection policy” and the company regulations, manuals, and rules that are needed to promote the protection of other information assets.
（３）Implementation of education/training
The Company shall offer education and training to all employees to promote the protection of information assets.
（４）Information system management
The Company shall set proper access controls on information systems for the management of information assets.
（５）Supervision of contractors
When contracting out the duties of handling information assets, the Company shall exercise the necessary and appropriate supervision over the contractors to ensure safe management of information assets.
（６）Self-inspection of the status of information asset protection management
The Company shall regularly inspect the status of the protection management of information assets to ensure the effective company-wide functioning of such management.