Basic Policy on Personal Information Protection

1. Introduction

SMBC Nikko Securities Inc. (hereinafter "Company") herein declares its basic policy on the protection of personal information (hereinafter "Basic Policy").

2. Compliance with Laws and Regulations

As a securities company that values and appreciates the importance of a good relationship with customers and the public, the Company cautiously protects its customers' Personal Information and Individual Numbers (hereinafter collectively, "Personal Information etc. ") .

The Company is fully aware of its social responsibility to safeguard its customers' Personal Information etc. when engaging in business activities. Based on this understanding, the Company hereby declares that all of its Employees must comply with the laws and regulations concerning the protection of Personal Information etc., as well as with this Basic Policy. The entire Company is committed to the appropriate handling of Personal Information etc.

3. Purposes of Use of the Personal Information etc.

Personal Information shall be used only when necessary to achieve the purposes of use listed below in connection with the execution of the business activities described below. Personal Information shall not be used for any other purpose. Further, the Company shall not unreasonably modify the purposes of use listed below. Individual Numbers shall be used solely to the extent prescribed by the Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure (the "Number Use Act") and other relevant laws and regulations.

(Business Activities)
  1. (1)Financial instrument business activities (including the buying and selling of securities, acting as a broker with respect to the buying and selling of securities, OTC derivative transactions, public offerings and secondary distribution of securities) and related activities.
  2. (2)Business activities that a financial instruments business operator may engage in under applicable laws, such as acting as an insurance agent or as a money lender.
  3. (3)Other businesses that a financial instruments business operator may engage in, as well as its related activities (including activities that a financial instruments business operator may in the future be authorized to engage in).
(Purposes of Use)
  1. (1)To market, distribute, sell and purchase financial instruments (including insurance products for the purposes of this sentence) in accordance with the Financial Instruments and Exchange Act, and to provide services related to and information on such services.
  2. (2)To market, distribute, sell and purchase financial instruments and other products of the Company, its subsidiaries and affiliates, and to provide services related to and information on such services.
  3. (3)To transfer, settle or manage securities or cash in order to manage transactions on behalf of customers and to manage customer accounts.
  4. (4)To pay and handle dividends, distributions, and interest payments and to redeem financial instruments, to pay and handle insurance benefits, benefits, pensions, other benefits, etc.
  5. (5)To determine the appropriateness of the marketing, distribution, sales and purchase of financial instruments and services in light of the principle of suitability, etc.
  6. (6)To identify customers or their agents.
  7. (7)To report and confirm the results of transactions, account balances, investment activity, etc., to customers.
  8. (8)To process documentation relating to customer transactions.
  9. (9)To conduct research and development on financial instruments and services by utilizing market research, customer satisfaction surveys, data analysis, questionnaires, etc.
  10. (10)To properly execute business activities including the handling of Personal Information, when the Company is entrusted by others with the handling of Personal Information, in whole or in part, or other activities.
  11. (11)To perform customer transactions properly and efficiently.
  12. (12)To reply to inquiries, etc., related to the handling of Personal Information.
  13. (13)To manage the business of the Company, including internal controls and administration.
  14. (14)Notwithstanding the purposes of use of Personal Information described in the preceding items, Individual Numbers shall be used solely for operations concerning applications and notifications for the opening of accounts for financial instruments transactions, and for operations concerning the preparation and submission of statutorily required documents for financial instruments transactions.

The Company, in compliance with the Cabinet Office Ordinance on Financial Instruments Services and other related regulations, shall not use information on individual customers concerning race, religion, lineage, registered domicile, medical history, criminal records, or any other special information that is not available to the public that is obtained during the course of the Company's business for any purpose other than ensuring proper business operations and for other necessary purposes.

4. Sharing of Personal Data

The Company may share and use Personal Data as follows:

4-1. Information Sharing amongst Group Companies

  1. (1)Items of Personal Data that will be Shared and Used (excluding Individual Numbers)
    • Customer information, such as name, address, date of birth, occupation.
    • Information related to customer transactions, such as transaction details, outstanding deposits, etc.
    • Information on customer asset management needs, etc.
  2. (2)Group Companies that Share Information

    The Company may share information with its subsidiaries and affiliated companies, as defined in the Article 8 of the Ordinance on Terminology, Forms and Preparation Methods of Financial Statements, etc. The Company discloses the names of its subsidiaries and affiliated companies on its website. The Company and its subsidiaries and affiliated companies are collectively referred to herein as the "Group Companies".

  3. (3)Purposes of Use
    • To undertake a full range of research and development, provide information and provide the best and most appropriate products and services that match the asset management needs of customers, etc., through the coordination of all Group Companies.
    • To manage the business of the Group Companies, including internal controls and administration.
  4. (4)Name of the Party Responsible for the Management, Sharing and Use of Personal Information: SMBC Nikko Securities Inc.

4-2. Information Shared with Money Design Co., Ltd.

  1. (1)Items of Personal Data that will be Shared and Used (excluding Individual Numbers)
    • Information on the attributes of customers using the discretionary investment management service "THEO", such as name, address, date of birth, occupation, telephone number, email address, investment experience, etc.
    • Information on the attributes of customers using the discretionary investment management service "THEO", such as transaction details and deposit balances.
  2. (2)Parties Authorized to Share and Use Information

    The Company and Money Design Co., Ltd.

  3. (3)Purposes of Use
    • To undertake a full range of research and development, provide information and provide the best and most appropriate products and services that match the asset management needs of customers using the Discretionary Investment Management Service "THEO", through the coordination of the Company and Money Design Co., Ltd. in accordance with the contract between the Company and Money Design Co., Ltd.
    • To manage the business of the Company, including internal controls and administration.
    • For operation and management of discretionary investment management service "THEO".
  4. (4)Name of the Party Responsible for the Management, Sharing and Use of Personal Information: SMBC Nikko Securities Inc.

5. Sensitive Information

The Company shall not collect, use or provide to third parties“Special care-required personal information”as stipulated in Article 2 (3) of the Act on the Protection of Personal Information (hereinafter, “the Act”), and information (except for information disclosed by the person in question, a government organization, a local government entity, an academic research institute etc., or a party who is stipulated by each paragraph of Article 57 (1) of the Act, or by each paragraph of Article 6 of the Ordinance for Enforcement of the Act on the Protection of Personal Information, or information which can be clearly identified from external characteristics obtained by visual observation of the person in question or by taking a picture of such person, hereinafter, referred to as “Sensitive Information”) related to membership in labor unions, family origin, registered domicile, health or medicine, habits related to sexual activity (except for information falling under the Special care-required personal information), except in the situations described below. If such information is collected, used or provided to third parties for any of the reasons described below, the information shall be handled with special care and caution to limit, to the extent necessary for any of the reasons described below, the collection, use, or provision to third parties of Sensitive Information.

  1. (1)Where such collection, use or provision to third parties is in accordance with applicable laws or regulations.
  2. (2)Where such collection, use or provision to third parties is required to protect human life, health, or property.
  3. (3)Where such collection, use or provision to third parties is indispensable to improve public health or to promote the sound development of children.
  4. (4)Where such collection, use or provision to third parties is required to cooperate with a government organization, local government entity or party designated by law to engage in activity on behalf of a government.
  5. (5)Where the Company must collect, use or provide third parties with Sensitive Information regarding membership in political, religious, or other organizations, or the membership of Employees in unions, etc., to the extent necessary to comply with withholding tax requirements, etc.
  6. (6)Where the Company collects, uses, or provides third parties with Sensitive Information to the extent necessary to transfer rights and obligations in inheritance administration proceedings, etc.
  7. (7)Where the Company collects, uses, or provides third parties with Sensitive Information to the extent necessary to engage in business with the consent of the Person in Question, due to the need to ensure compliance with the laws and regulations applicable to the financial instrument exchange business and other business activities in the financial industry.
  8. (8)Where biometric information classified as Sensitive Information must be used to confirm the identity of a person, with the consent of the Person in Question.

6. Appropriate Collection of Personal Information etc.

  1. (1)The Company shall not collect Personal Information etc. using fraudulent or other unauthorized means.
  2. (2)When Personal Information etc. is collected from third parties, the Company shall not improperly infringe the rights of the Persons in Question. Moreover, the Company shall not collect information from third parties that have utilized illegal means to collect Personal Information etc. with the knowledge that such Personal Information etc. had been disclosed illegally.
  3. (3)The Company may collect its customers' Personal Information etc. using the following methods:
    • From the account application form, registration forms, questionnaires, etc. completed by customers in writing or through the internet.
    • From the customer in the course of the provision of products and services.
    • From audio recordings, video recordings, reception of e-mails, records of access or operational history etc., of e-mail sent from the Company's homepage or from the Company.
    • From official gazettes, newspapers, magazines, internet, etc.
    • From third parties, such as database service providers, etc.

    Notwithstanding the foregoing, Individual Numbers shall be collected solely to the extent prescribed by the Number Use Act and other relevant laws and regulations.

  4. (4)If Personal Information etc. is not provided as requested by the Company, all or part of the Company's services may not be available to customers.

7. Notification, Declaration and Explicit Display of the Purposes of Use when Personal Information etc. is Collected

The Company shall indicate the purposes of use of the Personal Information etc. on its Web site and shall make the purposes of use available to the public by displaying, posting or retaining copies of the purposes of use at its head office, branch offices, etc.
The Company shall notify each person or publicly disclose the purposes of use of the Personal Information etc. promptly when such information is collected, except when the purposes of use have been disclosed in advance.
The Company shall explicitly specify the purposes of use of the Personal Information etc. in advance when the Company obtains Personal Information etc. directly from the Person in Question in writing. The Company shall strive to obtain the consent of the Person in Question when Personal Information is collected for margin transactions, loans secured by securities that are deposited for custodial purposes.

8. Accuracy of Personal Data

The Company shall endeavor to ensure that all Personal Data is accurate and up-to-date to the extent necessary to achieve the purposes of use. The Company shall specify how long Personal Data will be stored depending on the purposes of use and shall delete such Personal Data upon expiration of the storage period, except when the storage period is designated by applicable laws or regulations.

9. Security Control of Personal Data

The Company shall implement measures that are necessary and appropriate for Personal Data security, such as measures to prevent the improper disclosure or loss of Personal Data and measures to prevent damage to Personal Data. Such measures shall be implemented by establishing a basic policy and regulations on security control and implementing an administration system pertaining to security control measures.
Necessary and appropriate measures include measures to prevent the improper disclosure or loss of Individual Numbers and measures to prevent damage to Individual Numbers.

  1. (1)Organizational Security Measures: The Company shall clearly define the responsibilities and authority of Employees regarding the management of Personal Data security and shall set forth and implement the regulations related to security management, etc., and investigate and audit the status of the implementation of such measures.
  2. (2)Personnel Security Measures: The Company shall execute contracts, etc., with Employees with regard to the non-disclosure of Personal Data and shall implement employee training programs and supervise Employees to the extent necessary in an appropriate manner to ensure that Personal Data security is managed appropriately.
  3. (3)Physical Security Control Measures : The Company shall implement physical measures for the management of Personal Data security. Such measures shall include entry and exit control for employees in areas handling personal data entry and exit control, prevention of theft, loss, etc. of personal data handling equipment, storage media, documents, etc., and preventing unauthorized persons from viewing or handling personal data.
  4. (4)Technical Security Measures: The Company shall implement technical measures for the management of Personal Data security. Such measures shall include establishing access controls to Personal Data and information systems handling Personal Data, surveillance of information systems, etc.
  5. (5)Understanding of External Environment: The Company shall take safety management measures when storing or handling customer's personal data in a foreign country, and shall understand the system regarding protection of personal information in each country.

The Company shall in accordance with various laws and regulations, disclose the name of the relevant foreign country, information regarding the system for protection of personal information of the relevant country, and information on measures to be taken by the third party for the protection of personal information on the company website in advance.
Also, clients may request for information regarding the name of the relevant country, information regarding the system for protection of personal information of the relevant country, and information on measures to be taken by the third party for the protection of personal information to the Company.

10. Provision of Personal Data to Third Parties

The Company shall not provide Personal Data to third parties, except in the cases described below:

  1. (1)Where the Company has obtained the prior consent of the Person in Question to provide the Personal Data to third parties.
  2. (2)Where the provision of Personal Data to third parties is in accordance with applicable laws or regulations.
  3. (3)Where the provision of Personal Data is required to respond to an inquiry or investigation by a competent tax authority, investigative organization, judicial body, other external organizations, etc.
  4. (4)Where the provision of Personal Data is required to protect human life, health, or property and it is difficult to obtain the consent of the Person in Question.
  5. (5)Where all or a part of the handling of the Personal Data is entrusted to a third party, to the extent necessary to achieve the purposes of use.
  6. (6)Where the provision of Personal Data is necessary due to a consolidation or succession of the business.
  7. (7)Where Personal Data is shared based on Article 4 of this Basic Policy.
  8. (8)In other cases permitted by relevant laws or regulations.

In accordance with the Number Use Act and other relevant laws and regulations, the Company shall not provide Specific Personal Information to third parties unless otherwise permitted thereunder.

11. Outsourcing the Handling of Personal Data

The Company may outsource all or a part of its handling of Personal Data to the extent necessary to achieve the purposes of use. In such a case, to ensure the security of the Personal Data, the Company shall ensure that there is necessary and appropriate supervision over the contractors to which Personal Data handling is outsourced.
The Company may outsource its handling of Personal Data for the following activities:

  • Activities related to processing securities transactions (including preserving and storing documents).
  • Printing and dispatching documents which need to be sent to customers.
  • Maintenance and management of information technology systems.
  • Financial Instruments Intermediation.

12. Provision of Personal Data to a Third Party in a Foreign Country

In case the Company needs to provide personal data to a third party in a foreign country (including handling by an overseas office or transfer by outsourcing), the Company shall in accordance with various laws and regulations, disclose the name of the relevant foreign country, information regarding the system for protection of personal information of the relevant country, and information on measures to be taken by the third party for the protection of personal information on the company website in advance. If at the time of obtaining consent, the foreign country to which the customer's personal data is provided cannot be identified, it will be disclosed on the company website at the time of identification. Also, clients may request for the above information to the Company.

13. Procedure for Responding to Requests for Disclosure, etc., of Retained Personal Data

The Company shall accept requests for notification of the purposes of use, disclosure, revision, addition, deletion, suspension of use or suspension of provision to third parties related to Retained Personal Data (hereinafter "Disclosure") in compliance with the application procedure designated by the Company. For further details, please read the "Guide to Procedures concerning Applications for Personal Information Disclosure" (only in Japanese).
The guide is outlined below:
Guide to Procedures concerning Applications for Personal Information Disclosure:

  1. (1)Contact when Requesting Disclosure:

    Requests are accepted by the customer support department. Inquiries regarding disclosure are accepted by our branch offices.

  2. (2)Forms to be Submitted to Request Disclosure:

    Please submit the Application for Personal Information Disclosure. This application form is kept at our head and branch offices and can also be obtained from our homepage.

  3. (3)Confirmation of the Identity of the Applicant or the Applicant's Proxy:

    Documents designated by the Company from which the identity of the applicant or the applicant's proxy can be confirmed must be submitted.

14. Contact for Inquiries, Complaints, etc., regarding the Handling of Personal Information etc.

The Company shall properly respond to inquiries, complaints, etc., regarding the handling of Personal Information etc. All inquiries, complaints, etc., should be directed to:

Head office: Customer Support
Phone Number: (Head office) +81-3-5644-3111 Please ask operator to connect you to the Customer Support (only in Japanese).
Time: Weekday 9:00 - 17:00 (Closed / Saturday, Sunday, and national holiday)
Inquiries can also be made at our branch offices.

15. Authorized Personal Information Protection Organization.

The Company is a member of the Japan Securities Dealers Association, which is a personal information protection organization authorized by the Financial Services Agency. The Personal Information Consultation Office (contact information has been set forth below) of the Japan Securities Dealers Association handles complaints and consultations with respect to the handling of personal information, pseudonymized personal Information, and anonymized personal Information by its members.
Japan Securities Dealers Association, Personal Information Consultation Office
Telephone Number 03-6665-6784
Website (http://www.jsda.or.jp/)

16. Review and Revision of the Basic Policy

The Company shall review the content of the Basic Policy as needs arise and may revise the Basic Policy in response to any revisions of relevant laws or regulations, or developments, such as changes in the information technology environment, etc.
The Company shall indicate any revisions to this Basic Policy on its Web site and shall make the revisions available to the public by displaying, posting or retaining copies of the revisions at the Company's head office, branch offices, etc.

April 1,2024

  1. Home
  2. Basic Policy on Personal Information Protection