Hokkaido University Privacy Policy

April 1, 2023
Hokkaido University

National University Corporation Hokkaido University (hereinafter referred to as “the University”) has complied with the Act on the Protection of Personal Information and other related laws, regulations, and guidelines (hereinafter collectively referred to as “the Act”). Since the enforcement of the Act on April 1, 2005, the University has established internal rules and regulations for the proper management and protection of personal information.

In accordance with the enforcement of the amendment to the Act on the Protection of Personal Information as of April 1, 2022, the University has established the Hokkaido University Privacy Policy (hereinafter referred to as “the Policy”) to enhance recognition of the importance of protecting personal information and to implement and maintain proper management and protection of such information.

1. Compliance with the Act and maintenance of internal rules and regulations

In compliance with the Act, the University shall establish and publish the Personal Information Management Regulations and Regulations Concerning Disclosure of Personal Information at the University, and ensure that all persons involved in education, research, medical treatment, childcare, and other administrative operations of the University are fully aware of these regulations.

2. Organizational structure development

The University has appointed a Personal Information Protection Director to oversee the management of personal information, a Personal Information Protection Director and a Personal Information Protection Manager to ensure the proper management of personal information, and a Personal Information Protection Auditor to audit the status of personal information management.

In addition, the University shall establish a Personal Information Management Committee to discuss important matters related to the management of personal information, and an Information Disclosure and Personal Information Protection Review Committee to discuss matters related to the protection of personal information. These include the disclosure, correction, and suspension of use of retained personal information.

3. Acquisition and use of personal information

When acquiring and using personal information, the University shall clarify the purpose of use in advance and shall use proper and fair means to the extent necessary to achieve that purpose.

4. Management of personal information

The University shall take measures to ensure the management of personal information in accordance with regulations (Organizational Security Control Measures), supervision and training (Personnel Security Control Measures), prevention of equipment theft (Physical Security Control Measures), leakage prevention (Technical Security Control Measures), and, when handling personal information in a foreign country, understand the relevant national system and take appropriate measures (understanding the external environment) to ensure the security control of personal information. And, in addition to appropriately managing personal information to prevent unauthorized use, loss, destruction, falsification, and leakage, the University shall also properly handle pseudonymously processed information and anonymously processed information in accordance with the Act.

5. Outsourcing of personal data-related operations

When outsourcing work related to personal data, the University shall select a contractor after confirming in advance the contractor’s ability to take measures equivalent to the security control measures that the University is required to take in accordance with the Act. The University shall also provide necessary and appropriate supervision to the contractor to prevent unauthorized use, leakage, and other issues.

6. Provision of personal data to third parties

The University shall not provide personal data to third parties without the prior consent of the principal, except as prescribed by the Act.

7. Preparation and publication of a personal information file register

The University prepares and publicly announces information on personal information files of a certain size based on the Act. These include the name of the file, the purpose of use, and the items recorded.

8. Disclosure, correction, and suspension of use of retained personal information

When there is a request for disclosure, correction, or suspension of use of retained personal information, the University shall respond appropriately to the request in accordance with the Act and internal rules.

9. Exemptions and responsibilities for academic research purposes

Even in cases that are exempt from regulations* for academic research purposes based on the Act, the University shall appropriately manage personal information through the implementation of Organizational Security Control Measures, Personnel Security Control Measures, Physical Security Control Measures, and Technical Security Control Measures, and by understanding the external environment.

* In cases where it is necessary for academic research institutions to handle personal information for academic research purposes—such as the discovery of new laws and principles, the establishment of analysis and methodology, the systematization of new knowledge and its application, and the development of advanced academic fields—and where there is no risk of unreasonable infringement on individual rights and interests, exemptions may be granted from regulations concerning Restriction on Changes in Purpose of Use, Restriction on Acquisition of Personal Information Requiring Special Consideration, and Restriction on Provision of Information to Third Parties.

10. Review of privacy policy

The University shall continue to review and improve its measures for the proper management and protection of personal information, including the content of this policy.

---

Announcement of statutory and other matters as a personal information handling business operator

1) Name, address, and corporate representative of the company

National University Corporation Hokkaido University
Kita 8, Nishi 5, Kita-ku, Sapporo, Hokkaido
President: Kiyohiro Houkin

2) List of purposes of use of personal information

With the objective of carrying out education, research, medical treatment, childcare, and other administrative operations, the University shall specify the intended purpose of use of personal information to the extent possible and acquire the information fairly and appropriately in support of the smooth performance of its operations.

1. Student registration, course management, academic record management, academic support services for students
2. Student life counseling, tuition information management, scholarship management, health and hygiene management, student life support
3. Future/career path guidance, job search activities, management of career information, student career support
4. Alumni information management and collaboration services
5. Management of participants in public lectures and training courses, lending of communication equipment, etc.
6. Public relations related to entrance examinations, acceptance of applications, determination of success or failure in entrance examinations, management of entrance procedures, entrance examination-related operations, collection of entrance fees
7. Work related to academic research improvement and promotion, intellectual property, industry-academia collaboration
8. Nursery school management and operation
9. Human resource management, labor management
10. Various surveys, accreditation evaluations, and other surveys by the government, administrative agencies, and other organizations
11. Issuance of various certificates
12. Use of photographs and their data for identification purposes in various on-campus procedures and web services
13. Procedures for using the University’s facilities, facility use management, and video information management through the installation of security cameras
14. Library user information management
15. Creation and mailing of public relations magazines, videos, and more related to the University’s public relations activities
16. Sending of event information and donation solicitation
17. Providing necessary information to the Hokkaido University Alumni Association ELM (administrator: Hokkaido University)
18. Providing necessary information to partner institutions for academic exchange
19. Notification and other related services for organizations recognized by the University, such as scholarship organizations, those comprising students and parents, and those comprising graduates (alumni)
20. Providing necessary information to academic organizations comprising students, staff, etc. in the department (administrator: head of respective department)
21. Other necessary tasks related to the administration and management of the University

* For information concerning the purpose of use of personal information regarding Hokkaido University Hospital, please refer to the hospital’s privacy policy.

3) Joint use of personal data

Currently not in effect.

4) Opt-out provision of personal data to third parties

Currently not in effect.

5) Contact for handling personal information

General Affairs Planning Section, ICT Planning Division, General Affairs and Planning Department, Hokkaido University

Address: Hokkaido University Information Initiative Center North Building 2F, Kita 11
Nishi 5, Kita-ku, Sapporo-shi 060-0811, Japan
Phone: 011-706-2923
Email: soumu(at)oicte.hokudai.ac.jp (remember to replace “at” with @)
Hours of operation: Mon.― Fri. 9:30―17:00
Holidays: Saturdays, Sundays, national holidays, year-end and New Year’s holidays

6) Contact for disclosure, correction, and suspension of use of retained personal information

Hokkaido University Information Disclosure Office

Address: 〒060-0808 Kita 8, Nishi 5, Kita, Sapporo Hokkaido University Administrative
Bureau Building 1F
Phone: 011-706-2090
Email: bunsho(at)general.hokudai.ac.jp (remember to replace “at” with @)
Hours of operation: Mon.― Fri. 9:30―17:00
Holidays: Saturdays, Sundays, national holidays, year-end and New Year’s holidays