<個人情報の取扱いについて>
1. Items of Personal Information which Capgemini Collects:
As part of the recruitment process, Capgemini collects personal information (as defined in the Act) about you to consider your employment with us. We may have access to your personal information as a result of your voluntary submission of resumes, job applications or other related documents. Capgemini may also collect personal information about you directly from third parties or through other means and channels such as educational institutions, recruiters, and job portals.
During the recruitment and selection process, we may also obtain further information about you through interviews, skill tests or evaluations, referee reports, background verifications and other necessary pre-employment activities.
The various items of personal information that Capgemini may collect from and hold about you are:
Recruitment information, such as information contained in your CVs, application form, notes of interviews, applicant references, qualifications, test results (as applicable);
Personal details such as name, gender, birth date, address, telephone numbers, email address, citizenship, ID (passport, NRIC) details, visa/work permit details, photos, education, career history, criminal history, results of medical examination, medical history, medical certificates, medical disabilities, credit information;
Professional experience information, such as information contained in your professional resume, qualifications, details of projects you have worked on, training records, mobility records; and
Any other personal information necessary for recruitment. Items of your personal information to be collected by Capgemini may include personal information requiring special care (as defined in the Act) such as race, creed, social status, medical history, criminal record, fact of having been a victim of crime. Capgemini will not collect or transfer to a third party personal information requiring special care without your consent (including consent hereby) except when collection or transfer is permitted under the APPI. In addition, Capgemini will not collect or transfer to a third party the following personal information (“Sensitive Information”) without your consent (including consent hereby) except when collection or transfer is necessary for the purposes of fair recruitment and Diversity & Inclusion measures: Capgemini will not collect following personal information (“Sensitive Information”):(a) Matters that are likely to cause social discrimination such as race, ethnicity, social status, family origin, registered domicile, place of birth;(b) Beliefs and creed; and(c) Status of participation in labour unions. By clicking the button “I Agree” by yourself and agreeing to the Consent Form or by your recruitment agent acquiring your clear consent to the Consent Form (“Click”), you consent explicitly to the collection of your personal information including personal information requiring special care and Sensitive Information for recruitment purposes.
2. Purposes of Use:
Capgemini will only use your personal information for the purpose of fulfilling the recruitment purposes and in a manner consistent with the ways described in this notice and in accordance with the APPI.
For the avoidance of doubt, Capgemini may use your personal information to:
Assess your suitability for the positions applied for;
Identify and evaluate you for positions including deployment/assignment to specific client projects;
Maintain you on our recruitment database to match your details with other future job vacancies within Capgemini;
Conduct background verification and credit and security checks (which may include investigation of criminal history and medical history);
Maintain a business relationship where you are a candidate and to contact you and/or answer your queries;
Comply with Capgemini’s legal obligations and regulatory requirements;
Maintain internal records in relation to the hiring process and analyze such process and outcomes;
Carry out purposes necessary for recruitment; and
Provide your personal information to a third party when necessary for the above purposes. Capgemini may conduct pre-employment or pre-deployment screening and background verifications such as education and professional qualifications checks, employment history checks, credit checks and security checks in some cases. These checks will only be conducted where necessary for Capgemini’s business or legal purposes and the extent and nature of information sought is no more than is justified by the particular position being filled. Failure to provide the necessary information may affect the outcome of your application.
3. Disclosure and Transfer:
Disclosure to third party
Capgemini may from time to time disclose and/or transfer your personal information to the following classes of persons located in Japan:
Capgemini’s existing and potential clients who request details of your suitability for a particular project, such as details of qualifications and experience, results for your background verification checks.
Your former employers, educational institutions and other third parties Capgemini needs to contact for the purposes described in Section 2.
Recruitment agents who request Capgemini to provide your information for the purpose of conducting their business for supporting you.
Vendors whom Capgemini appoints to conduct background verification checks for the sake of Capgemini.
Any other party that you may expressly authorize. Where required to do so by law, we may disclose your personal information to the relevant authorities or to law enforcement agencies upon their requests. Disclosure to third party in foreign countries Capgemini may disclose and/or transfer your personal information to Capgemini’s parent(s) and their affiliates or subsidiaries located in Japan or in any of the countries listed in the Exhibit (collectively, “Capgemini Group Companies”) for the purposes described in Section 2. The information which should be provided under the APPI is listed in the Exhibit. Outsourcing (where Capgemini engages third parties to process the personal information) Capgemini and Capgemini Group Companies may from time to time disclose your personal data to suppliers or vendors in Japan, India or the United States in cases where such suppliers or vendors are engaged by Capgemini or Capgemini Group Companies to assist with our business functions and activities. For example, Capgemini may engage a vendor to assist with the process of background verification checks. In such cases, the vendors are contractually bound to respect the confidentiality of your information and to undertake appropriate security measures to protect your personal information. Disclosure by third party (where Capgemini engages third parties to process the personal information) Capgemini may acquire your personal information from the following parties:
Your former employers, educational institutions and other third parties to be contacted for the purposes described in Section 2;
Recruitment agents whom Capgemini requests to provide such personal information; and
Vendors with whom Capgemini contracts for the purpose of outsourcing the conduct of background verification checks to such vendors. Capgemini will use such personal information for the purposes described in Section 2.
4. Security and Confidentiality:
Capgemini takes reasonable technological and procedural security measures to protect personal information against loss, misuse, unauthorized or accidental access, disclosure, alteration and destruction. Only Capgemini personnel who have a ‘need-to-know’ to consider your eligibility for positions with Capgemini are given access to your relevant personal information.
5. Accuracy:
Capgemini aims to keep all personal information it has collected as reasonably accurate, complete and up-to-date. However, the accuracy of the personal information that we hold about you depends to a large extent on the information you provide. As such, it is important that you update us if there are any changes in your personal information and undertake that the personal information that you provide is accurate, not misleading, updated and complete.
6. Contacting Capgemini:
Subject to the provisions of the APPI, you may request Capgemini to: (a) discloseyour personal information held by Capgemini; (b) correct, add or delete such information; (c) cease to use such information; (d) cease to disclose such information to a third party; (e) erase such information; or (f) disclose records on provision of such information to third parties. If you wish to do so, please send your request to your recruitment contact at Capgemini.
If you have any concerns about how we manage your personal information, you may contact our Data Protection Officer at dpo.jp@capgemini.com and we will try to resolve those concerns within a reasonable time.
Capgemini reserves the right to decline to process any such request if it: (a) jeopardizes or may jeopardize the security and confidentiality of the personal information of others, (b) is impractical or is not made in good faith, or (c) may be refused by Capgemini under the APPI.
7. Queries:
If you have any questions related to this notice or Capgemini’s privacy policies and practices, you may contact our HR department, or our Data Protection Officer at dpo.ph@capgemini.com.
8. Other Matters:
In addition to the provisions in this notice, Capgemini handles job applicants’ personal information in accordance with the Capgemini Binding Corporate Rules (https://www.capgemini.com/resources/capgemini-binding-corporate-rules/) and the Capgemini Data Privacy Policy (https://www.capgemini.com/jp-jp/privacy-policy/) (collectively, the “Policies”). Please read and understand the Policies regarding the treatment of your personal information by Capgemini.
If there is any inconsistency between the Japanese version and English Version of this notice, the English version shall prevail.
Your acknowledgement:
If the Click is conducted by you If you conduct the Click by yourself, you will be deemed to have acknowledged and confirmed that you have reviewed this notice and agreed to the collection, use, cross-border transmission and disclosure by Capgemini of your personal information including personal information requiring special care and Sensitive Information in accordance with this notice and the APPI. Your submission of any personal information to Capgemini shall be deemed consent to the terms of this notice. If you object to the terms of this notice or seek to withhold such consent, you should not submit any information to Capgemini.
If the Click is conducted by an agent on your behalf In the case where an agent conducts the Click on your behalf, the agent must conduct the Click only after letting you know all of the information mentioned in this notice and then acquiring your clear consent. If you object to the terms of this notice or seek to withhold such consent, the agent must not submit any of your information to Capgemini.
Exhibit
Capgemini will provide your personal data to its group companies located in India or the United States. Therefore, as required under the APPI, Capgemini provides the following information to you for you to consider whether to give your consent to the collection and use of your personal information.
Information Capegemini is required to provide to you under the APPI
1. The countries in which the group companies to whom Capgemini will provide personal data are located
India and the United States (New York)
2. Information concerning the system for the protection of personal information
India
Does the country have a system for protection of personal information? There is no comprehensive legislation. The Information Technology Act, 2000, and the Information Technology (reasonable security practices and procedures and sensitive personal data or information) Rules are representative laws and regulations applicable to specific areas. Private business entities are in general subject to this act and these rules which relate to information on (i) natural persons (ii) which such business entities may use together with other information they hold or likely hold, in order to directly or indirectly identify such natural persons.*The Personal Data Protection Bill has been submitted to the Congress in India to establish a comprehensive law on the protection of personal information. This bill contains similar rules to the GDPR.
Is there any indicator applicable to the country’s system for protection of personal information?Adequacy Decision by EU: NoAccession to the CBPR system of APEC: No
If there is no indicator in item ii above, do the data controllers have the obligations and individuals providing personal information have the rights reflecting the Basic Principles of National Application set forth in the OECD Privacy Guidelines in the country?There is no obligation of the data controller that reflects the Accountability Principle of the OECD Privacy Guidelines. In relation to the other principles of the OECD Privacy Guidelines (Collection Limitation Principle, Data Quality Principle, Purpose Specification Principle, Use Limitation Principle, Security Safeguards Principle, Openness Principle, and Individual Participation Principle), the obligations of the data controller are partial. For example, the scope of the obligations is limited to sensitive information.
Does the country have any other system that may have a material impact on the rights and interests of individuals providing personal information?The Indian government and other competent authorities have the power (i) to request provision of certain information for the requirements of national security, diplomacy and public moral and preventive measures and investigation for related crimes under the Information Technology Act, 2000, (ii) to request Intermediaries (as defined in the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules of India) to provide information for preventive measures, detection, investigation and indictment regarding a violation of laws and for other related purposes, and (iii) to request entities granted licenses under the Indian Telegraph Act of 1885 to intercept communications in case of public emergencies and other similar situations.
The United States
i. Does the country have a system for protection of personal information?
There is no comprehensive legislation. The following are some representative laws and regulations which are applicable to specific areas.
Electronic Communications Privacy Act of 1986 (“ECPA”)The public sector (including local governments) which conducts electronic storage of personal data and the private sector are subject to the ECPA in relation to “electronic communication”, any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire or electronic system.
Gramm Leach Bliley Act (“GLBA”)Private financial institutions which are “significantly engaged” in financial services business are subject to the GLBA in relation to “Non-Public Personal Information”, any information which is collected from customers through the provision of financial services.
Health Insurance Portability and Accounting Act (“HIPAA”)The public sector (including local governments) and the private sector are subject to the HIPAA in relation to “Protected Health Information”, information related to health conditions, provision of medical treatment, and payment of medical costs, which may be tied to an individual.
ii. Is there any indicator applicable to the country’s system for protection of personal information?
Adequacy Decision by EU: No
Accession to the CBPR system of APEC: Acceded on 25 July 2012
iii. If there is no indicator in item ii above, do the data controllers have the obligations and individuals providing personal information have the rights reflecting the Basic Principles of National Application set forth in the OECD Privacy Guidelines in the country?
Regarding the private sector, because the United States participates in the CBPR system of APEC, an equal level of protection of personal information will be expected.
Regarding the public sector, there is no equivalent to the Data Quality Principle, Purpose Specification Principle, Openness Principle and Accountability Principle prescribed in any legislation. On the other hand, the Collection Limitation Principle, Security Safeguards Principle and Individual Participation Principle are partly prescribed in the HIPAA, and the Use Limitation Principle is partly prescribed in the ECPA and HIPAA.
iv. Does the country have any other system that may have a material impact on the rights and interests of individuals providing personal information?
There is no other system that may have a material impact on the rights and interests of individuals providing personal information.
For further information, please see the following websites of the Personal Information Protection Commission:
Indiahttps://www.ppc.go.jp/files/pdf/india_report.pdfhttps://www.ppc.go.jp/files/pdf/offshore_DPA_report_R3_12.pdf (Chapter 6: India)
The United Stateshttps://www.ppc.go.jp/files/pdf/USA_report.pdfhttps://www.ppc.go.jp/files/pdf/offshore_DPA_report_R3_12.pdf (Chapter 22: The United States)
3. Information concerning the measures for the protection of personal information taken by the group companies
Capgemini group’s Binding Corporate Rules (“Capgemini BCR”) were approved by the European Data Protection Authorities in 2016. As a result of Capgemini BCR, wherever your personal data are processed in the Capgemini group including Capgemini Group Companies, your personal data will benefit from the same level of protection which is equivalent to the level of protection under the GDPR in the EU. Therefore, our group companies including Capgemini Group Companies are taking all of the actions which are in accordance with the Eight Principles of the OECD Privacy Guidelines.
You can access Capgemini BCR from the following URL: https://www.capgemini.com/wp-content/uploads/2017/06/Capgemini-Binding-Corporate-Rules.pdf
As part of the recruitment process, Capgemini collects personal information (as defined in the Act) about you to consider your employment with us. We may have access to your personal information as a result of your voluntary submission of resumes, job applications or other related documents. Capgemini may also collect personal information about you directly from third parties or through other means and channels such as educational institutions, recruiters, and job portals.
During the recruitment and selection process, we may also obtain further information about you through interviews, skill tests or evaluations, referee reports, background verifications and other necessary pre-employment activities.
The various items of personal information that Capgemini may collect from and hold about you are:
Recruitment information, such as information contained in your CVs, application form, notes of interviews, applicant references, qualifications, test results (as applicable);
Personal details such as name, gender, birth date, address, telephone numbers, email address, citizenship, ID (passport, NRIC) details, visa/work permit details, photos, education, career history, criminal history, results of medical examination, medical history, medical certificates, medical disabilities, credit information;
Professional experience information, such as information contained in your professional resume, qualifications, details of projects you have worked on, training records, mobility records; and
Any other personal information necessary for recruitment. Items of your personal information to be collected by Capgemini may include personal information requiring special care (as defined in the Act) such as race, creed, social status, medical history, criminal record, fact of having been a victim of crime. Capgemini will not collect or transfer to a third party personal information requiring special care without your consent (including consent hereby) except when collection or transfer is permitted under the APPI. In addition, Capgemini will not collect or transfer to a third party the following personal information (“Sensitive Information”) without your consent (including consent hereby) except when collection or transfer is necessary for the purposes of fair recruitment and Diversity & Inclusion measures: Capgemini will not collect following personal information (“Sensitive Information”):(a) Matters that are likely to cause social discrimination such as race, ethnicity, social status, family origin, registered domicile, place of birth;(b) Beliefs and creed; and(c) Status of participation in labour unions. By clicking the button “I Agree” by yourself and agreeing to the Consent Form or by your recruitment agent acquiring your clear consent to the Consent Form (“Click”), you consent explicitly to the collection of your personal information including personal information requiring special care and Sensitive Information for recruitment purposes.
2. Purposes of Use:
Capgemini will only use your personal information for the purpose of fulfilling the recruitment purposes and in a manner consistent with the ways described in this notice and in accordance with the APPI.
For the avoidance of doubt, Capgemini may use your personal information to:
Assess your suitability for the positions applied for;
Identify and evaluate you for positions including deployment/assignment to specific client projects;
Maintain you on our recruitment database to match your details with other future job vacancies within Capgemini;
Conduct background verification and credit and security checks (which may include investigation of criminal history and medical history);
Maintain a business relationship where you are a candidate and to contact you and/or answer your queries;
Comply with Capgemini’s legal obligations and regulatory requirements;
Maintain internal records in relation to the hiring process and analyze such process and outcomes;
Carry out purposes necessary for recruitment; and
Provide your personal information to a third party when necessary for the above purposes. Capgemini may conduct pre-employment or pre-deployment screening and background verifications such as education and professional qualifications checks, employment history checks, credit checks and security checks in some cases. These checks will only be conducted where necessary for Capgemini’s business or legal purposes and the extent and nature of information sought is no more than is justified by the particular position being filled. Failure to provide the necessary information may affect the outcome of your application.
3. Disclosure and Transfer:
Disclosure to third party
Capgemini may from time to time disclose and/or transfer your personal information to the following classes of persons located in Japan:
Capgemini’s existing and potential clients who request details of your suitability for a particular project, such as details of qualifications and experience, results for your background verification checks.
Your former employers, educational institutions and other third parties Capgemini needs to contact for the purposes described in Section 2.
Recruitment agents who request Capgemini to provide your information for the purpose of conducting their business for supporting you.
Vendors whom Capgemini appoints to conduct background verification checks for the sake of Capgemini.
Any other party that you may expressly authorize. Where required to do so by law, we may disclose your personal information to the relevant authorities or to law enforcement agencies upon their requests. Disclosure to third party in foreign countries Capgemini may disclose and/or transfer your personal information to Capgemini’s parent(s) and their affiliates or subsidiaries located in Japan or in any of the countries listed in the Exhibit (collectively, “Capgemini Group Companies”) for the purposes described in Section 2. The information which should be provided under the APPI is listed in the Exhibit. Outsourcing (where Capgemini engages third parties to process the personal information) Capgemini and Capgemini Group Companies may from time to time disclose your personal data to suppliers or vendors in Japan, India or the United States in cases where such suppliers or vendors are engaged by Capgemini or Capgemini Group Companies to assist with our business functions and activities. For example, Capgemini may engage a vendor to assist with the process of background verification checks. In such cases, the vendors are contractually bound to respect the confidentiality of your information and to undertake appropriate security measures to protect your personal information. Disclosure by third party (where Capgemini engages third parties to process the personal information) Capgemini may acquire your personal information from the following parties:
Your former employers, educational institutions and other third parties to be contacted for the purposes described in Section 2;
Recruitment agents whom Capgemini requests to provide such personal information; and
Vendors with whom Capgemini contracts for the purpose of outsourcing the conduct of background verification checks to such vendors. Capgemini will use such personal information for the purposes described in Section 2.
4. Security and Confidentiality:
Capgemini takes reasonable technological and procedural security measures to protect personal information against loss, misuse, unauthorized or accidental access, disclosure, alteration and destruction. Only Capgemini personnel who have a ‘need-to-know’ to consider your eligibility for positions with Capgemini are given access to your relevant personal information.
5. Accuracy:
Capgemini aims to keep all personal information it has collected as reasonably accurate, complete and up-to-date. However, the accuracy of the personal information that we hold about you depends to a large extent on the information you provide. As such, it is important that you update us if there are any changes in your personal information and undertake that the personal information that you provide is accurate, not misleading, updated and complete.
6. Contacting Capgemini:
Subject to the provisions of the APPI, you may request Capgemini to: (a) discloseyour personal information held by Capgemini; (b) correct, add or delete such information; (c) cease to use such information; (d) cease to disclose such information to a third party; (e) erase such information; or (f) disclose records on provision of such information to third parties. If you wish to do so, please send your request to your recruitment contact at Capgemini.
If you have any concerns about how we manage your personal information, you may contact our Data Protection Officer at dpo.jp@capgemini.com and we will try to resolve those concerns within a reasonable time.
Capgemini reserves the right to decline to process any such request if it: (a) jeopardizes or may jeopardize the security and confidentiality of the personal information of others, (b) is impractical or is not made in good faith, or (c) may be refused by Capgemini under the APPI.
7. Queries:
If you have any questions related to this notice or Capgemini’s privacy policies and practices, you may contact our HR department, or our Data Protection Officer at dpo.ph@capgemini.com.
8. Other Matters:
In addition to the provisions in this notice, Capgemini handles job applicants’ personal information in accordance with the Capgemini Binding Corporate Rules (https://www.capgemini.com/resources/capgemini-binding-corporate-rules/) and the Capgemini Data Privacy Policy (https://www.capgemini.com/jp-jp/privacy-policy/) (collectively, the “Policies”). Please read and understand the Policies regarding the treatment of your personal information by Capgemini.
If there is any inconsistency between the Japanese version and English Version of this notice, the English version shall prevail.
Your acknowledgement:
If the Click is conducted by you If you conduct the Click by yourself, you will be deemed to have acknowledged and confirmed that you have reviewed this notice and agreed to the collection, use, cross-border transmission and disclosure by Capgemini of your personal information including personal information requiring special care and Sensitive Information in accordance with this notice and the APPI. Your submission of any personal information to Capgemini shall be deemed consent to the terms of this notice. If you object to the terms of this notice or seek to withhold such consent, you should not submit any information to Capgemini.
If the Click is conducted by an agent on your behalf In the case where an agent conducts the Click on your behalf, the agent must conduct the Click only after letting you know all of the information mentioned in this notice and then acquiring your clear consent. If you object to the terms of this notice or seek to withhold such consent, the agent must not submit any of your information to Capgemini.
Exhibit
Capgemini will provide your personal data to its group companies located in India or the United States. Therefore, as required under the APPI, Capgemini provides the following information to you for you to consider whether to give your consent to the collection and use of your personal information.
Information Capegemini is required to provide to you under the APPI
1. The countries in which the group companies to whom Capgemini will provide personal data are located
India and the United States (New York)
2. Information concerning the system for the protection of personal information
India
Does the country have a system for protection of personal information? There is no comprehensive legislation. The Information Technology Act, 2000, and the Information Technology (reasonable security practices and procedures and sensitive personal data or information) Rules are representative laws and regulations applicable to specific areas. Private business entities are in general subject to this act and these rules which relate to information on (i) natural persons (ii) which such business entities may use together with other information they hold or likely hold, in order to directly or indirectly identify such natural persons.*The Personal Data Protection Bill has been submitted to the Congress in India to establish a comprehensive law on the protection of personal information. This bill contains similar rules to the GDPR.
Is there any indicator applicable to the country’s system for protection of personal information?Adequacy Decision by EU: NoAccession to the CBPR system of APEC: No
If there is no indicator in item ii above, do the data controllers have the obligations and individuals providing personal information have the rights reflecting the Basic Principles of National Application set forth in the OECD Privacy Guidelines in the country?There is no obligation of the data controller that reflects the Accountability Principle of the OECD Privacy Guidelines. In relation to the other principles of the OECD Privacy Guidelines (Collection Limitation Principle, Data Quality Principle, Purpose Specification Principle, Use Limitation Principle, Security Safeguards Principle, Openness Principle, and Individual Participation Principle), the obligations of the data controller are partial. For example, the scope of the obligations is limited to sensitive information.
Does the country have any other system that may have a material impact on the rights and interests of individuals providing personal information?The Indian government and other competent authorities have the power (i) to request provision of certain information for the requirements of national security, diplomacy and public moral and preventive measures and investigation for related crimes under the Information Technology Act, 2000, (ii) to request Intermediaries (as defined in the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules of India) to provide information for preventive measures, detection, investigation and indictment regarding a violation of laws and for other related purposes, and (iii) to request entities granted licenses under the Indian Telegraph Act of 1885 to intercept communications in case of public emergencies and other similar situations.
The United States
i. Does the country have a system for protection of personal information?
There is no comprehensive legislation. The following are some representative laws and regulations which are applicable to specific areas.
Electronic Communications Privacy Act of 1986 (“ECPA”)The public sector (including local governments) which conducts electronic storage of personal data and the private sector are subject to the ECPA in relation to “electronic communication”, any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire or electronic system.
Gramm Leach Bliley Act (“GLBA”)Private financial institutions which are “significantly engaged” in financial services business are subject to the GLBA in relation to “Non-Public Personal Information”, any information which is collected from customers through the provision of financial services.
Health Insurance Portability and Accounting Act (“HIPAA”)The public sector (including local governments) and the private sector are subject to the HIPAA in relation to “Protected Health Information”, information related to health conditions, provision of medical treatment, and payment of medical costs, which may be tied to an individual.
ii. Is there any indicator applicable to the country’s system for protection of personal information?
Adequacy Decision by EU: No
Accession to the CBPR system of APEC: Acceded on 25 July 2012
iii. If there is no indicator in item ii above, do the data controllers have the obligations and individuals providing personal information have the rights reflecting the Basic Principles of National Application set forth in the OECD Privacy Guidelines in the country?
Regarding the private sector, because the United States participates in the CBPR system of APEC, an equal level of protection of personal information will be expected.
Regarding the public sector, there is no equivalent to the Data Quality Principle, Purpose Specification Principle, Openness Principle and Accountability Principle prescribed in any legislation. On the other hand, the Collection Limitation Principle, Security Safeguards Principle and Individual Participation Principle are partly prescribed in the HIPAA, and the Use Limitation Principle is partly prescribed in the ECPA and HIPAA.
iv. Does the country have any other system that may have a material impact on the rights and interests of individuals providing personal information?
There is no other system that may have a material impact on the rights and interests of individuals providing personal information.
For further information, please see the following websites of the Personal Information Protection Commission:
Indiahttps://www.ppc.go.jp/files/pdf/india_report.pdfhttps://www.ppc.go.jp/files/pdf/offshore_DPA_report_R3_12.pdf (Chapter 6: India)
The United Stateshttps://www.ppc.go.jp/files/pdf/USA_report.pdfhttps://www.ppc.go.jp/files/pdf/offshore_DPA_report_R3_12.pdf (Chapter 22: The United States)
3. Information concerning the measures for the protection of personal information taken by the group companies
Capgemini group’s Binding Corporate Rules (“Capgemini BCR”) were approved by the European Data Protection Authorities in 2016. As a result of Capgemini BCR, wherever your personal data are processed in the Capgemini group including Capgemini Group Companies, your personal data will benefit from the same level of protection which is equivalent to the level of protection under the GDPR in the EU. Therefore, our group companies including Capgemini Group Companies are taking all of the actions which are in accordance with the Eight Principles of the OECD Privacy Guidelines.
You can access Capgemini BCR from the following URL: https://www.capgemini.com/wp-content/uploads/2017/06/Capgemini-Binding-Corporate-Rules.pdf