Information Security

SMBKZ continues to improve and raise awareness of mechanisms, systems and rules in relation to internal information management and security, in accordance with the company's Basic Policy on Information Security and Privacy Policy.

Basic Policy on Information Security

Information security measures

  1. 1.Adequate human, organizational, technical, physical and environmental measures shall be taken to eliminate the risk of the company's information assets being leaked, falsified, lost or damaged, and to protect information assets from third-party interference (unauthorized access, use, etc.), natural disasters and system failures.
  2. 2.In the event of an information security breach in relation to the company's information assets, every effort shall be made to quickly identify the cause of the relevant breach and minimize any damage.

Legal compliance

All executives and employees shall comply with legislation, rules and regulations applicable to information assets.

Information security management structure

The company shall provide all executives and employees with essential training and education to raise awareness of information security.

Privacy Policy

The company recognizes the importance of personal information and shall implement the following initiatives.

  1. 1.The company shall put in place an organizational structure and make every effort to adequately protect information relating to individual customers (hereinafter "personal information") in accordance with internal regulations.
  2. 2.The company shall only obtain personal information insofar as is necessary, and shall always inform the customer of the purpose of obtaining information and provide contact details.
  3. 3.The company shall only use personal information for the stated purpose, and shall use adequate methods to manage personal information. The company shall not disclose or provide personal information to any third party without authorization from the customer, unless required to do so by law or under other exceptional circumstances.
  4. 4.The company shall ensure that personal information is accurate and up to date, and shall take measures to prevent unauthorized access, loss, damage, falsification, leaks or other such activities in relation to personal information.
  5. 5.If outsourcing handling of personal information, the company shall select and adequately manage the relevant service provider, and shall conclude a contract stating that the provider has a duty and responsibility to refrain from leaking or providing personal information.
  6. 6.The company shall provide executives and employees with adequate education in accordance with its Privacy Policy, and make every effort to raise awareness of personal information protection.
  7. 7.The company shall handle personal information in accordance with applicable legislation, guidelines and other regulations, and shall review and improve its policy with regard to the above points as and when necessary.