Mitsubishi UFJ Morgan Stanley Securities Co., Ltd. (Please refer to the“Corporate Data" on our website for our company address and the name of our representative)pays the utmost attention to the handling of customers´ personal information, Individual Number, specific personal information, based on the Personal Information Protection Policy, in order to enable customers to use our services with assurance.
We hereby disclose the following regarding our handling of personal information.
- The proper meaning of each term is as follows.
- “Personal information” means information concerning a living person, and information included in it such as name, date of birth, and any other description from which it would be possible to identify a specific person (including those which can be readily collated with other information and thereby identify a specific individual), or information that include an individual identification code.
- “Individual Identification Codes” apply to any of the following, each is designated separately in government ordinances.
(1) Data about characteristics of a part of the body that has been converted to be able to be processed by computer
(Example) Data for use in recognition of faces, veins, voiceprints, fingerprints, etc.
(2) Official numbers assigned and distributed to users by national and local governments
(Example) Driver’s license numbers, passport numbers, Individual Number, etc. - “Individual Number” is designated in order to identify the person pertaining to the residence certificate on which said residence certificate code is recorded.
- “Specific personal information” is a “Personal Information” including an “Individual Number”.
- 1.Purposes of Use of Personal Information
- 2. Share of Personal Information (excluding individual numbers)
- 3.Appropriate Acquisition of Personal Information
- 4.Cessation of Direct Mail, etc.
- 5.Provision of Personal Information to Third Parties
- 6.Provision of personal data to a Third Party in a Foreign Country
- 7.Implementation of Security Control Measures
- 8.Outsourcing of Handling of Personal Information
- 9.Procedure to Request Disclosure, etc. of Retained Personal Data
- 10.Contacts
- 11.Authorized Personal Information Protection Organization with which we are Affiliated
- 12.Amendments
1.Purposes of Use of Personal Information
If we directly acquire personal information concerning a customer that has been recorded in a written document, etc. from the customer, we will specify the purpose for which it will be used beforehand. If we directly acquire personal information from a customer verbally through another type of method, or if we acquire the personal information indirectly through publicly available information or from a person other than the customer himself/herself, etc. as well, we will notify or disclose the purpose of use.
We will handle customers´ personal information in the case of the businesses mentioned in (1) below within the scope necessary to achieve the purposes of use mentioned in (2) below, and we will not use customers´ information beyond the scope that is necessary to achieve the purposes of use, unless we obtain consent from customers beforehand or it is permitted to do so based on laws or regulations(including ordinances. same as below.).
Furthermore, we shall specifically define the purposes of use so that it will be clear to customers and endeavor to limit the purposes of use according to each situation where personal information is obtained. For example, we will limit the use of the responses to various questionnaires to the collection of data from the responses.
(1)Details of our businesses
- Financial instruments business (securities trading, brokerage of securities trading, securities underwriting, etc.) and operations associated with financial instruments business
- Operations that a financial instruments business operator is permitted to conduct by law, such as insurance solicitation and operations associated with these businesses
- Other operations that a financial instruments business operator is permitted to conduct and operations associated with these (including operations that we will be permitted to handle in the future)
(2)Purposes of use
- To solicit and sell securities and financial instruments and also introduce related services, based on the Financial Instruments and Exchange Act(To analyze customer transaction histories, website browsing histories, and information obtained from group companies, etc., and to distribute advertisements, etc., regarding various products and services that meet customer needs.)
- To solicit and sell financial instruments of us, our affiliated companies or allied companies and also introduce related services(To analyze customer transaction histories, website browsing histories, and information obtained from group companies, etc., and to distribute advertisements, etc., regarding various products and services that meet customer needs.)
- To determine the appropriateness of providing products and services that is in line with the principle of suitability, etc.
- To confirm that the customer is the person himself/herself or the agent of himself/herself
- To report to the customer the results of transactions and deposit balances, etc.
- To carry out clerical work related to transactions with customers
- To carry out research and development for financial instruments and services through the implementation of market research, data analysis and questionnaires, etc.
- If the processing of all or part of the personal information has been consigned by other business operators, etc., to appropriately carry out such consigned operations
- To exercise rights and fulfill obligations based on contracts and laws, etc.
- To make decisions regarding transactions or to manage those transactions
- In addition, to promote and perform transactions appropriately and smoothly
Notwithstanding the purpose of use in the items above, we will only use individual numbers for “Application and Notification of the Opening of Accounts Related to Financial Instruments Transactions” and “Preparation and Presentation of Statutory Documents Related to Financial Instruments Transactions” according to the Act on Use, etc. in Administrative Procedures of Numbers to Identify Specific Individuals.
However, based on provisions such as Cabinet Office Ordinances relating to the Financial Instruments and Exchange Act, etc., we shall not use or provide to third parties for purposes other than ensuring appropriate operational management and other purposes accepted as necessary any information concerning race, creed, family origin, registered domicile, health care, or past criminal records or any other special private information relating to customers that we become aware of when conducting operations.
Furthermore, for the purpose of accurately comprehending the details of customers´ transactions and inquiries, etc., we may record the phone calls with customers. Please be forewarned of this.
2.Share of Personal Information (excluding individual numbers)
[1] In some cases, we will share personal data relating to the executives, employees or agents (hereinafter referred to as “executives and employees, etc.”) of corporate customers associated with investment banking operations that support the issuance of securities and M&A, etc. with Morgan Stanley (a US corporation) and its consolidated subsidiaries.
(1) Items of personal data shared
Information relating to the executives and employees, etc. of corporate customers such as the name, address, date of birth, phone number, e-mail address, and job positions of executives and employees, etc. of corporate customers.
(2) Range of persons that share the information
We, Morgan Stanley (abovementioned US corporation) and its consolidated subsidiaries
(3) Purposes of use by persons sharing the information
To develop and provide higher quality services to corporate customers and to promote appropriate and smooth transactions by utilizing the comprehensive expertise of us and the Morgan Stanley Group
(4) Persons with responsibility for the management of the personal data concerned
Mitsubishi UFJ Morgan Stanley Securities Co., Ltd.
Please refer to the "Corporate Data" on our website (https://www.sc.mufg.jp/english/company/profile/outline.html) for the address and representative name.
[2] In some cases, we will share personal data relating to the executives, employees or agents (hereinafter referred to as “executives and employees, etc. of corporate customers”) of domestic and foreign corporate customers in support with sales of Japanese stocks for institutional investors, corporate access (IR-related operations), execution operations, and research service, with Morgan Stanley (a US corporation) and its consolidated subsidiaries.
(1) Items of personal data shared
Information relating to the executives and employees, etc. of corporate customers such as the name, address, date of birth, phone number, e-mail address, and job positions of executives and employees, etc. of corporate customers.
(2) Range of persons that share the information
We, Morgan Stanley (abovementioned US corporation) and its consolidated subsidiaries
(3) Purposes of use by persons sharing the information
To develop and provide higher quality services to corporate customers and to promote appropriate and smooth transactions by utilizing the comprehensive expertise of us and the Morgan Stanley Group
(4) Persons with responsibility for the management of the personal data concerned
Mitsubishi UFJ Morgan Stanley Securities Co., Ltd.
Please refer to the "Corporate Data" on our website (https://www.sc.mufg.jp/english/company/profile/outline.html) for the address and representative name.
3.Appropriate Acquisition of Personal Information
We will appropriately acquire personal information from customers.
For example, we may acquire personal information from the following kinds of information sources.
(Examples of information sources for acquisition)
- Information directly entered by customers in applications to open accounts and questionnaires conducted, etc.
- Information contained in publications sold in the market and information publicly disclosed in newspapers and on the Internet
- Information heard from customers through the provision of products and services
- Information obtained through voice recording, image recording, receipt of e-mails, access records and operation records on the website or e-mails sent by the Company, etc.
- Information obtained from a third party such as a database service provider.
4.Cessation of Direct Mail, etc.
As outlined below, with regard to solicitation through the sending of direct mail and phone calls, etc. relating to sales of products and services by us, when we have received a request to cease such activities from customers, we will take measures to stop subsequent use and provision for such purposes without delay.
(1)What can be ceased
Marketing information through the sending of our promotional materials and printed matter, etc. However, it is not possible to cease enclosing various kind of information materials or printing in the margins of documents, etc.
(2)Procedure for cessation
Please contact our head office, branch or the contacts mentioned below.
5.Provision of Personal Information to Third Parties
Except for cases based on laws and regulations, cases when we consign personal information within the scope necessary to achieve the purposes of use, etc., and cases permitted by laws and regulations, we will not provide personal information without the consent of the customer to third parties outside us.
However, with regard to individual numbers, we will not supply these to a third party even with the consent of the customer except as permitted by law.
6.Provision of personal data to a Third Party in a Foreign Country
e will take the following measures when providing personal data to third parties in foreign countries.
(1) It may not be possible to identify the third party provider when obtaining the consent. If we are able to identify the third party to whom the personal information is provided after the fact, the customer may request us to provide information on the name of the foreign country, information on the system for protecting personal information in the foreign country, and information on the measures taken by the third party to protect personal information. The following is a list of foreign countries (Issuers of foreign securities handled by the Company, custodian institutions, countries where foreign financial instruments markets are located, etc.) that are expected to provide information to third parties.
USA, Ireland, Italy, India, Indonesia, UK, Australia, Austria, Netherlands, Canada, Korea, Singapore, Switzerland, Sweden, Spain, Thailand, Denmark, Germany, Taiwan, China, New Zealand, Finland, France, Belgium, Poland, Hong Kong, Malaysia, Luxembourg, Russia
(2) We provide personal data to businesses that have implemented systems that conform to our standards.
The customer may request information on the corresponding measures for the relevant entity. The list of foreign countries where the third parties to which we provide personal data are located is as follows.
USA, India, UK, Canada, Singapore, China, Hungary, Hong Kong, Luxembourg
(Information on foreign names will be updated regularly)
7.Implementation of Security Control Measures
We will manage customers’ personal information appropriately by implementing necessary and appropriate organizational, human, technological and physical security control measures to prevent improper access to personal information as well as the loss, alteration or leakage, etc. of personal information.
The measures we have taken for security control measures are as follows.
(Formulation of basic policy)
- To ensure the proper handling of personal data, we will formulate a basic policy regarding "compliance with related laws and regulations and guidelines," "contact point for questions and complaints handling office," etc.
(Maintenance of rules for the handling of personal data)
- We will establish rules for the handling of personal data, including handling methods, responsible persons and persons in charge, and their duties, for each stage of acquisition, use, storage, provision, deletion, disposal, etc.
(Institutional security control measures)
- In addition to establishing a person responsible for the handling of personal data, the Company will clarify the officers and employees who handle personal data and the scope of personal data handled by such officers and employees, and establish a system for reporting to the person responsible in the event that a violation of the Personal Information Protection Law or handling regulations is detected or any sign of such a violation is detected.
- We will conduct periodic self-inspections and audits by other departments on the status of personal data handling.
(Human security control measures)
- Regularly provide training for executives and employees on matters to keep in mind regarding the handling of personal data.
- The confidentiality of personal data will be included in the employment regulations.
(Physical security control measures)
- In areas where personal data is handled, we will implement measures to prevent unauthorized persons from accessing personal data by controlling the access of officers and employees and restricting the equipment, etc. they may bring into the area.
- We will take measures to prevent theft or loss of equipment, electronic media, and documents that handle personal data, and implement measures to prevent personal data from being easily discovered when such equipment, electronic media, etc. are carried, including within the business site.
(Technological security control measures)
- Access control is implemented to limit the scope of persons in charge and the personal information databases handled.
- Implement mechanisms to protect information systems that handle personal data from unauthorized external access or unauthorized software.
(Understanding the external environment)
- The Company implements security control measures based on an understanding of the systems for the protection of personal information in foreign countries where personal data is stored.
8.Outsourcing of Handling of Personal Information
When we outsource all or part of the handling of personal information in association with work delegation, etc., we will select a subcontractor based on our prescribed standards. In addition, we will conduct necessary and appropriate supervision of the subcontractor, by entering a contract concerning the handling of personal information with the subcontractor and other such means, to ensure security control measures that conform to our Personal Information Protection Policy and regulations, etc.
For example, we outsource the handling of personal data in the kinds of cases mentioned below.
(Examples of outsourced clerical work)
- Work involving the printing or dispatch of documents to be sent to customers
- Work related to the operation and maintenance of information systems
9.Procedure to Request Disclosure, etc. of Retained Personal Data, etc.
If we receive a request from a customer for notification of the purposes of use, disclosure(Includes disclosure of third-party records), or amendment, or the cessation of use, etc. (hereinafter referred to as “Disclosure, etc.”) in relation to personal data, etc. concerning the customer that we retain, based on the Act on the Protection of Personal Information, we will respond to this request in accordance with the following procedure, except in the case when disclosure, etc. is not required by laws and/or regulations.
【1】Persons permitted to carry out procedure to request disclosure, etc.
- The customer himself/herself
- The legal representative of the customer if the customer is a minor or an adult ward
- A person who has been entrusted by the customer himself/herself and has carried out our prescribed procedure (appointed representative)
【2】Procedure to request disclosure, etc.
(1)If the customer himself/herself visits a branch
Please fill in the necessary items in our prescribed request form for disclosure, etc., and visit the branch where the customer himself/herself has an account during branch business hours with your seal (registered seal) and the personal verification documents that are prescribed in our procedure.
(2) If the customer himself/herself carries out the procedure by mail
If it is difficult to visit a branch, please contact and consult the branch where the customer himself/herself has an account.
(3) If a legal representative or an appointed representative requests for the procedure of disclosure, etc.
Please visit the branch where the customer himself/herself has an account during branch business hours with our prescribed request form for disclosure, etc., the representative's seal (officially registered seal), the personal verification documents prescribed in our procedure for the customer himself/herself to whom disclosure, etc. applies, the personal verification documents and the documents that prove the right of representation prescribed in our procedure for representatives. In order to protect the customer's personal information, the written notification of the contents of disclosure, etc. will be mailed or sent directly to the customer.
【3】Fees for disclosure procedure
With regard to the disclosure procedure, the following fees will be charged in advance. In cases when we cannot respond to a request for disclosure based on laws and regulations as well, we may receive prescribed fees.
(1) In the case of a request for disclosure concerning basic items such as name and address
1,000 yen plus consumption tax equivalent
(2) In the case of a request for disclosure concerning items other than those above, we will charge a fee corresponding to the details of the request.
【4】Method and time of responses to requests for disclosure, etc.
If we receive a request for disclosure, etc., we will respond within a reasonable period of time by mailing written documents or sending by e-mail. However, please be forewarned that a response may take considerable time depending on the details of the request.
10.Contacts
When a customer requests the disclosure, etc. of personal data held, etc., or when making an inquiry, complaint, or seeking consultation, etc. with regard to our security control measures for personal information or other handling of personal information, please contact the following.
- Inquiries concerning the handling of personal information and the disclosure of personal data held, etc.: the nearest branch
- Other inquiries: head office representative (Customer Service Division)
Main number 03-6213-8500
Office hours: 9:00~17:00 (Excluding December 31 to January 3, weekends, and public holidays)
11.Authorized Personal Information Protection Organization with which we are Affiliated
We are an Association Member of the Japan Securities Dealers Association, an authorized personal information protection organization authorized by the Personal Information Protection Commission. The Association’s Personal Information Office handles complaints and requests for advice concerning the handling of personal information, pseudonymized processed information and anonymously processed information by Association Members.
Japan Securities Dealers Association Personal Information Office
TEL: 03-6665-6784 (http://www.jsda.or.jp/)
Office hours: 9:00~17:00(Excluding December 31 to January 3, weekends, and public holidays)
12.Amendments
These handling provisions will take effect on January 1st, 2024.
To ensure even greater protection of customers´ personal information or owing to changes in laws and regulations, etc., we may amend our Personal Information Protection Policy and the Handling of Personal Information. In particular, as we will post important changes on our corporate website and publicly disclose them by displaying them at the head office and branches, you are kindly requested to check regularly for such changes.
End of Document