The Center for Research on Educational Testing (CRET) carries out research together with researchers within and outside Japan under the themes of “assessment and analysis of educational testing,” “development of testing items and content” and the “advancement of testing technology.” Our main activities include planning and conducting joint projects and exchange programs with other organizations within and outside of Japan, organizing seminars and symposiums, publishing research findings in newsletters and peer-reviewed journals, and developing testing materials and technologies. CRET acquires the personal information necessary in order to provide research results and information relating to educational testing that meets the expectations of the people concerned. The personal information necessary for the people concerned and CRET to have confidence in each other and to be able to communicate with each other is appropriately managed with strict attention paid in accordance with the various relevant laws and ordinances on personal information protection (including the Personal Information Protection Act), obligations stipulated in the guidelines of the cabinet minister in charge and this statement.

1．Matters concerning the acquisition, use and provision of personal information

(1) In order to appropriately handle the personal information of the people concerned, CRET shall appoint a Personal Information Officer, position a supervisor who shall supervise the implementation of regulations and conduct staff training.
(2) CRET shall limit the purposes of use of personal information to the scope necessary for research and shall then acquire, use and provide personal information within this scope. Moreover, these purposes of use shall be explicitly stated in advance.
(3) CRET shall not use personal information outside of these purposes and in the event that it is necessary to do so shall obtain the consent of the person in question.
(4) We shall not provide personal data to third parties without the prior consent of the person in question except in cases which should be treated as an exception by law.

2．Matters relating to compliance with laws on to the handling of personal information, guidelines set forth by the government and other standards

(1) CRET shall comply with laws relating to personal information protection, guidelines set forth by the government and other standards. Furthermore, CRET shall create guidelines, a system and a plan for the protection of personal information, as well as building a management system in which implementation, inspections and reviews take place continuously. We shall then manage your personal information in accordance with these. This management system shall aim to carry out appropriate reviews and continuous improvements.
(2) CRET may entrust personal data to another party as long as it is a corporation or company that we have determined can be trusted. We shall sign contracts with contractors so that personal information is not handled inappropriately. We shall periodically monitor and inspect whether these contractors are appropriately using this personal information.

3．Matters relating to the secure management of personal information

(1) In order to protect the personal information of the people concerned that we hold, it is essential to take secure management measures that block external incursions, in addition to appropriately managing personal information inside this Center. In order to protect the personal information of the people concerned, we shall adopt the latest secure technologies.
(2) When a problem arises in our secure management, we shall take corrective action promptly and strive to prevent a reoccurrence.

4．Matters relating to our response to complaints and consultations

(1) A concerned person shall be able to request a disclosure of the information of the person themselves that is held by CRET. In cases such as these, we shall comply with the request for a disclosure from the person concerned themselves in accordance with the law upon following the prescribed procedures in regards to the personal data that we hold.
(2) When there is an error in the personal information that we have disclosed, it is possible for the person concerned to request a correction of this. We promise to correct any errors as soon as possible in order to keep the personal information that we hold to be the most accurate content and the latest content.
(3) We shall quickly and appropriately deal with complaints from the person in question in regards to the personal information we handle and in the event we identify a mistake or violation, we shall take the necessary corrective measures.

5．Matters relating to our personal information protection management system

(1) CRET shall establish a personal information protection management system and shall continuously improve this.