SAKURA international clinic Asakusa

Online Reservation

Personal Information Protection Policy

Personal Information Protection Policy

Last updated: March 2026

SAKURA international clinic Asakusa (“the Clinic”) recognizes the importance of protecting personal information and is committed to handling all personal data in compliance with Japan’s Act on the Protection of Personal Information (個人情報保護法, “APPI”) and the guidelines issued by the Personal Information Protection Commission. This policy sets forth how we collect, use, manage, and protect the personal information of our patients and other individuals.

1. Definition of Personal Information

Personal information refers to any information that can identify a specific individual, including but not limited to: name, date of birth, address, telephone number, email address, passport number, medical records, health data, and payment information. This also includes “Special Care-Required Personal Information” (要配慮個人情報) such as medical history, examination results, diagnoses, and treatment records, which receive enhanced protection under the APPI.

2. Types of Personal Information We Collect

In the course of providing medical services, we may collect the following categories of personal information:

2.1 Patient Identification

  • Full name, date of birth, gender, nationality
  • Address (in Japan or country of residence)
  • Phone number, email address
  • Passport or government-issued identification (for identity verification)
  • Emergency contact information

2.2 Medical and Health Information

  • Medical history, current symptoms, and chief complaints
  • Examination and test results (blood tests, imaging, etc.)
  • Diagnoses, treatment plans, and prescribed medications
  • Allergy information
  • Vaccination records
  • Records of telemedicine consultations (video/audio recordings, if applicable)

2.3 Payment Information

  • Credit card or debit card details (processed through secure third-party payment processors)
  • Billing records and payment history

3. Purpose of Use

We use personal information strictly within the scope of the following purposes. We will not use personal information beyond these stated purposes without obtaining prior consent, except where permitted by law.

3.1 Provision of Medical Services

  • Diagnosis, treatment, and medical care (including in-person and telemedicine consultations)
  • Prescription of medications and medical devices
  • Referrals to other medical institutions when clinically necessary
  • Outsourcing of laboratory tests and examinations to external testing facilities
  • Providing medical certificates, diagnostic reports, and other documentation

3.2 Administrative and Operational Purposes

  • Billing, payment processing, and financial record-keeping
  • Appointment scheduling and reminders
  • Communication regarding your care (follow-up, test results notification)
  • Internal quality improvement, clinical audits, and staff training
  • Compliance with legal and regulatory obligations

3.3 Public Health and Legal Obligations

  • Reporting to public health authorities as required by law (e.g., infectious disease reporting)
  • Cooperation with judicial or administrative proceedings when legally mandated
  • Anonymized or statistical analysis for medical research (individual identification is not possible)

4. Sharing and Disclosure of Personal Information

We do not sell or rent personal information to any third party. We may share personal information only in the following circumstances:

4.1 With Your Consent

  • Referrals to other medical institutions (with your written or verbal consent)
  • Sharing medical records with your designated healthcare provider
  • Provision of medical information to family members or accompanying persons (with your consent)

4.2 Outsourced Service Providers

  • External laboratory testing facilities: When clinical examinations (such as blood tests or pathology) are outsourced, the minimum necessary patient information is provided under strict confidentiality agreements
  • Payment processors: Credit card and debit card transactions are handled by PCI DSS-compliant third-party payment processors. We do not store full card numbers on our systems
  • IT service providers: System maintenance and data hosting providers who are contractually bound to protect personal information

4.3 Legal Requirements

  • When required by Japanese law, regulations, or court order
  • When necessary to protect the life, body, or property of an individual and obtaining consent is difficult
  • When required for public health purposes (e.g., infectious disease notification under the Infectious Diseases Control Act)

5. Cross-Border Transfer of Personal Information

As an international clinic serving patients from various countries, situations may arise where personal information needs to be transferred outside of Japan, such as:

  • Providing medical records to a patient’s healthcare provider in their home country at the patient’s request
  • Referral to overseas medical institutions for continued care

In such cases, we will:

  1. Obtain your explicit consent before transferring data outside Japan
  2. Inform you of the destination country and any relevant differences in data protection standards
  3. Take reasonable measures to ensure the recipient provides an equivalent level of protection as required by the APPI
  4. Transfer only the minimum information necessary for the stated purpose

6. Telemedicine

We offer online consultation services (telemedicine). When using telemedicine services, please be aware of the following:

  • Video and audio consultations are conducted through secure, encrypted platforms
  • Consultation records (including session logs and any shared documents) are treated with the same confidentiality as in-person medical records
  • Screen captures, recordings, or unauthorized sharing of telemedicine sessions by patients is prohibited
  • We take reasonable steps to verify patient identity before each telemedicine session

7. Security Measures

We implement comprehensive security measures to protect personal information from unauthorized access, loss, destruction, falsification, and leakage, including:

  • Technical measures: Encryption of data in transit and at rest, firewalls, intrusion detection systems, and regular security assessments
  • Organizational measures: Staff training on personal information protection, access controls based on the principle of least privilege, and designated information management personnel
  • Physical measures: Secure storage of paper records, restricted access to server rooms and areas where personal information is processed

8. Data Retention

We retain personal information in accordance with the following guidelines:

Data CategoryRetention PeriodLegal Basis
Medical recordsMinimum 5 years from last visitMedical Practitioners Act (医師法)
Prescription recordsMinimum 3 yearsMedical Practitioners Act
Billing and payment records7 yearsTax regulations
Website inquiry dataUp to 3 yearsBusiness necessity
Telemedicine session logsMinimum 5 years from session dateMedical record retention standards

After the retention period expires, personal information is securely deleted or anonymized.

9. Your Rights

Under the APPI and our internal policies, you have the following rights regarding your personal information:

  • Right to disclosure: You may request disclosure of the personal information we hold about you
  • Right to correction: If your personal information is inaccurate or incomplete, you may request correction, addition, or deletion
  • Right to cease use: You may request that we stop using or delete your personal information if it was collected or used beyond the stated purposes or through improper means
  • Right to cease third-party provision: You may request that we stop providing your personal information to third parties
  • Right to receive records: You may request records of third-party data provisions we have made

To exercise any of these rights, please submit your request in person at our reception desk or in writing to the contact address below. We may need to verify your identity before processing your request. Requests will be responded to without delay and within the timeframes prescribed by law.

Please note that certain requests may be declined where permitted by law, such as when disclosure could endanger the life, body, or property of the individual or a third party, or when retention is required by law.

10. Staff Obligations

All staff members, including physicians, nurses, administrative personnel, and contracted service providers, are bound by confidentiality obligations. This includes the duty of medical confidentiality under the Medical Practitioners Act (医師法) and the duty of confidentiality under employment contracts. Violations are subject to disciplinary action and legal consequences.

11. Changes to This Policy

We may revise this Personal Information Protection Policy as necessary to reflect changes in laws, regulations, or our operational practices. Material changes will be announced on our Website. The latest version of this policy is always available on this page.

12. Complaints and Inquiries

If you have any questions, concerns, or complaints regarding our handling of personal information, please contact:

Personal Information Inquiry Desk
SAKURA international clinic Asakusa
Asakusa Tosei Building 7F, 1-27-2 Asakusa, Taito-ku, Tokyo 111-0032, Japan
Email: Coming Soon

If you are not satisfied with our response, you may also file a complaint with the Personal Information Protection Commission of Japan (個人情報保護委員会) at www.ppc.go.jp.

Medical Disclaimer: The information provided on this website is for general educational purposes only and is not intended as a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of your physician or other qualified health provider. In case of emergency, call 119 (Japan).