ORTHOMEDICO Inc. (hereinafter referred to as “our company”): In conducting monitor trials for pharmaceuticals, quasi-drugs, foods, and other products, and in performing clinical trials involving human clinical trials (hereinafter referred to as “clinical trials”), our company will handle all personally identifiable data (names, dates of birth, addresses, telephone numbers, email addresses, bank account numbers, photographs, and any other information that can readily be cross-referenced to identify an individual) provided by individuals who have given consent for the conduct of clinical trials as personal information and handle it appropriately as described below.

Our company appoints a Personal Information Protection Manager to oversee the protection of personal information, complies with the Act on the Protection of Personal Information and other relevant laws and regulations, and manages personal information appropriately.

Our company will collect and use personal information in the following cases.

• (ⅰ) Regarding the personal information of participants in the monitor test

  • ① Website operation and management (including email newsletter distribution and target audience extraction)

  • ② Recruitment and management of participants for new monitor trials

  • ③ Confirmation of conditions and communication with monitor trial participants

  • ④ Payment of reward to monitor trial participants

  • ⑤ Handling inquiries and requests from monitors

  • ⑥ Survey via questionnaire

  • ⑦ Statistical aggregation and analysis, consideration and proposal of new services (We will take care to ensure individuals cannot be identified when publishing data)

• (ⅱ) Regarding the personal information we obtain from individuals who belong to companies, facilities, organizations, etc. that conduct business or form partnerships with us, through our website, business card exchanges (including online), events we host, or other procedures designated by our company

  • ① Website operation and management (including email newsletter distribution and target audience extraction)

  • ② Handling various inquiries and requests

  • ③ Business negotiations, meetings, and contract fulfillment

  • ④ Handling the work entrusted to our company

  • ⑤ Providing information and communicating to business partners

• (ⅲ) Regarding the personal information provided by employees, executives (including former employees and executives), or their family members through our prescribed procedures, and the personal information provided by job applicants through the recruitment process or talent data provision services

  • ① Review, decision, and announcement of hiring status; onboarding and employment procedures at the time of hiring

  • ② Human resources management tasks including hiring and resignation procedures, and labor management tasks including payroll processing

  • ③ Employee benefits, training and development, occupational health and safety management

  Our company will not use the obtained personal information for any purposes other than those stated above, and will take measures to ensure this.

Our company implements the following measures for the security management of retained personal data in accordance with the Act on the Protection of Personal Information.

(ⅰ) Establishment of the Personal Information Protection Policy

To ensure the proper handling of personal information, we have established the Personal Information Protection Policy covering matters such as “compliance with relevant laws and regulations,” “acquisition, use, and provision of personal information,” “sources of personal information we acquire,” and “contact point for inquiries and complaints.”

(ⅱ) Establishment of the Personal Data Handling Policy

We have established regulations for handling personal data at each stage—acquisition and input, use and processing, storage and preservation, transfer and transmission, deletion and disposal—covering handling methods, who are administrators and handlers, and their duties. We have also established regulations concerning the security management of personal data, inspections and audits of handling status, and outsourcing.

(ⅲ) Organizational Security Management Measures

We have appointed a person in charge and a manager for the handling of personal data; clarified which employees and executives handle personal data and the scope of personal data handled by each of them; and established a reporting and communication system to the person in charge when facts or signs of violations of laws or handling regulations are identified. Furthermore, we have established handling regulations concerning the security management of personal data in our work rules and other documents, and measures to verify the status of personal data handling, and conduct regular inspections and audits of personal data handling practices.

(ⅳ) Human security management measures

We thoroughly inform our employees and executives about handling of personal data, and provide regular education and training. We also clarify the roles and responsibilities of administrators and handlers, and regularly check how we comply with personal data management procedures.

(ⅴ) Physical security measures

In the place where important equipment dealing with personal data is set, we limit the access of employees, executives, and equipment to bring in. In addition, we carry out measures to prevent personal data from being read by persons who do not have authority.

(ⅵ) Technical safety management measures

We carry out access control and limit who are authorized to handle personal data, which part of the personal information database they are authorized to handle, etc. In addition, we take measures to prevent problems such as leaks against personal data from occurring, and we record, monitor, and audit how the information system to deal with personal data is operated.

Personal information is provided voluntarily at the user's discretion.
However, please be aware that it may hinder procedures, communications, or services if you cannot provide a certain part of information.

Upon receiving a request for disclosure, correction, addition, or deletion of retained personal data and records of third-party provision; a notification of the purpose of use; or a refusal of use or provision, we will promptly respond in accordance with our procedures. Should disclosure or other action be necessary, please contact us and our staff in charge will handle the matter.

For inquiries regarding our company's handling of personal information, consultations, complaints, or requests for disclosure, please contact the following office.

1. Date Enacted：April 2, 2018

2. Date of Last Revision：March 2, 2023