Information Security Policy
WellGo, Inc. (the “we”, “our” or “us”) conducts business with our philosophy “Now people live one hundred years. WellGo strongly supports a healthy lifespan, the asset of the new era”.
To maintain our business, essential components include our customer information and other information assets.
This policy is respected by users of information assets, including our officers and employees who recognize the importance of protecting the assets from data leakage, damage, loss, and any other risks. We practice activities for information security such as confidentiality, integrity, and availability.
- We acquire personal information, clarifying the purposes of utilizing it, and handle it only to the extent necessary for fair business activities.
- When personal information is obtained directly in writing, after informing the name of our company, the name and contact information of the personal information protection manager, and the purpose of use.
- We shall implement measures to prevent the handling of private information outside the necessary scope for achieving the specified usage purpose.
- We, except as required by law, neither disclose nor provide personal information to any third party without obtaining consent from the personal information provider.
- To ensure the safety and accuracy of personal information, we will take appropriate security measures to prevent unauthorized access, leaks, loss or damage of personal information.
- When outsourcing the processing of personal information, we will require by contract that the information will not be leaked or provided to a third party, and we will implement appropriate management of the outsourced company.
- We established a point of contact for customer complaints and inquiries on the handling of personal information to meet requests from the personal information provider.
- We comply with laws and regulations on the handling of personal information, government guidelines and other norms.
- We establish an information security management system and implement this system while also reviewing, revising, and improving it on a regular basis.
Enacted on November 1, 2022
- In order to protect information assets, we will develop and follow an information security policy and related rules to operate our business. we will also follow related regulations/norms and contract with our customers.
- We will clarify the criteria for analysis and evaluation of the risks, including leakage, damage, and loss in information assets, to establish a systematic risk assessment strategy and conduct the risk assessment on a regular basis. Based on the results, we will implement necessary and appropriate security measures.
- We will establish an officer-centered information security system and clarify the related authority and responsibilities. We will also educate, train, and cultivate all employees on a regular basis so that they recognize the importance of information security to ensure the proper handling of information assets.
- We will inspect and audit the compliance with the information security policy and the handling of information assets on a regular basis to promptly take corrective action for any deficiencies or improvements.
- We will take appropriate measures against information security events/incidents. In case they occur, we will proactively establish a response procedure to minimize damage, In an emergency, we will respond promptly and take appropriate corrective actions. For incidents related to business interruption, we will establish and regularly review a management framework to ensure the continuity of our business.
- We will establish and implement an information security management system with goals to realize our basic principle. We will also continue to review and improve the system.
Enacted on December 1, 2019
The “Cloud Security Basic Policy” is a subordinate policy of the “Information Security Basic Policy”.
- We design and implement cloud services that take into consideration an established basic policy as well as information security requirements from customers.
- We evaluate information security risks related to cloud services and conduct risk assessments on a regular basis. In addition, based on the results, we will implement appropriate information security measures.
- Our cloud services are provided in a logically isolated environment provided by the cloud service provider.
- We appropriately manage the information including cloud service customer data stored on the cloud services we use and their related assets as information assets.
- We will regularly provide education and training to our cloud service operators to address information security risks.
- We notice any information on changes related to our cloud services via our homepage.
- It is the customer’s responsibility to create and manage their account appropriately.
- We will disclose the contact system in the event of a cloud service incident to cloud service customers. In addition, if an incident occurs, we will take prompt action and take corrective action.
Enacted on March 1, 2022