Personal Information Protection

Policy on Personal Information Protection

Japan Securities Depository Center Inc. ("JASDEC") fully recognizes the importance of personal information protection, and given JASDEC's high public profile as a pillar of the securities settlement infrastructure has established a personal information protection policy to ensure high levels of public welfare and reliability. The Personal Information Protection Policy is as follows:

  • 1

    Acquisition of personal information

    JASDEC shall acquire personal information in an appropriate manner.
  • 2

    Publication, etc. of the purpose of use of personal information

    JASDEC shall specify the purpose of use of personal information, and announce or publicize the purpose of use unless otherwise specified in laws. Please refer to "Handling of Personal Information" for the purpose of use of personal information obtained through the business of JASDEC.
  • 3

    Use of personal information

    (1) Use of personal information (except for Individual Number)
    JASDEC shall handle personal information (except for Individual Number) only to the extent necessary to achieve the purpose of use.
    (2) Use of Individual Number
    JASDEC shall handle Individual Number only to the extent specified in laws and necessary to achieve the purpose of use.
  • 4

    Assurance of the correctness of personal information

    JASDEC shall endeavor to keep personal information correct and update only to the extent necessary to achieve the purpose of use.
  • 5

    Supervision, education and training of officers and employees

    JASDEC shall exercise necessary and proper supervision over the officers and employees of JASDEC for the purpose of the secure management of personal information. JASDEC shall also make this Policy and JASDEC's security control measures for the protection of personal information fully known to the officers and employees of JASDEC without exception, conduct proper education and training, and strive to enhance the awareness of the protection of personal information.
  • 6

    Protection of the security of personal information

    JASDEC shall implement proper and continuous security control measures to prevent the leakage, loss, damage or alteration, etc. of personal information. Please refer to the "Handling of Personal Information" for security control actions of retained personal information handled by JASDEC.
  • 7

    Provision of personal information to a third party

    (1) Provision of personal information (except for specific personal information) to a third party
    JASDEC shall neither provide nor divulge personal information (except for specific personal information) to any third party if not approved by the person identified by the information unless otherwise specified in laws. When personal information is provided to a third party based on the approval of the person, JASDEC shall deal with it in conformity with laws.
    (2) Provision of Individual Number and specific personal information to a third party
    JASDEC shall neither provide nor divulge Individual Number and specific personal information to any third party regardless of approval from the person identified by the information unless otherwise specified in laws.
    (3) Provision of personally referable information to a third party
    JASDEC shall neither provide nor disclose personally referable information by which the person can be identified in the location where such information is provided to any third party without the consent of the person identified by the information unless otherwise specified in laws. When personally referable information is provided to a third party based on the approval of the person, JASDEC shall deal with it in conformity with laws.
  • 8

    Joint use of personal information

    (1) Joint use of personal information (except for specific personal information)
    JASDEC may use personal information (except for specific personal information) jointly with a third party only to the extent necessary to achieve the purpose of use. In the event of joint use, JASDEC shall conform to laws.
    (2) Joint use of Individual Number and specific personal information
    JASDEC shall never use Individual Number and specific personal information jointly with a third party.
  • 9

    Supervision of outsourced parties

    JASDEC may outsource the handling of personal information to outside parties only to the extent necessary to achieve the purpose of use. In this event, JASDEC shall properly supervise outsourced parties to ensure that the handling of outsourced personal information is based on JASDEC's security control measures for the protection of personal information.
  • 10

    Disclosure, etc. of personal information

    JASDEC shall respond to a request from the concerned person for the disclosure, correction or the suspension of use, etc. of personal information unless otherwise specified in laws. Please refer to the "Handling of Personal Information" for the specific procedure for such requests.
  • 11

    Response to inquiries

    JASDEC shall respond to inquiries, opinions and complaints about the handling of personal information in JASDEC promptly and with integrity. Please refer to the "Handling of Personal Information" for specific procedures for inquiries.
  • 12

    Framework of personal information protection

    The President and CEO shall serve as the chief executive responsible for the handling of personal information by JASDEC. JASDEC will assign a person to be responsible for the control of personal information in each department which handles personal information. JASDEC shall continuously review and revise internal systems for the protection of personal information and make efforts to improve them.
  • 13

    Observance of laws and ordinances, etc.

    JASDEC shall observe laws, ordinances and other standards concerning the protection of personal information.
  • 14

    Revision of the Personal Information Protection Policy

    JASDEC may revise this Policy due to changes in societal circumstances or the amendment of relevant laws and ordinances.

Handling of Personal Information

In this section, based on the "Policy on Personal Information Protection" established by Japan Securities Depository Center Inc. ("JASDEC"), JASDEC explains the details and the purpose of use of personal information to be acquired by JASDEC and the procedure for inquiries about personal information handled by JASDEC.

  • 1

    Details of personal information to be acquired by JASDEC

    Personal information to be acquired by JASDEC will include information such as name, address, telephone number, e-mail address, date of birth, sex, occupation and Individual Number.

    JASDEC automatically collects Online Identifier such as IP address, access information to JASDEC Website. JASDEC uses cookies, which are information transmitted from the JASDEC's server to the user's browser and stored on the user's computer in order to identify users on JASDEC Website. However, JASDEC doesn't collect any information to identify person by using cookies.

  • 2

    Purpose of use of personal information to be acquired by JASDEC

    Personal information to be acquired through the business of JASDEC shall be used only for the following purposes:
    (1) Personal information (except for the following (2) and (3))
    • a
      For the smooth conduct of business approved by the competent minister based on the Act on Book-Entry Transfer of Bonds and Shares, etc.
    • b
      For business communication with related companies such as JASDEC participants.
    • c
      For the conduct of market surveys and market research through the use of questionnaire surveys.
    • d
      For correspondence to persons who applied to attend briefing sessions, etc. sponsored by JASDEC.
    • e
      For the confirmation of the identification of the concerned person or his or her proxy.
    • f
      For response to feedback or inquiries about JASDEC.
    (2) Individual Number and personal information containing the Individual Number (except for the following (3))
    • a
      For the provision of Individual Number to prepare and submit records set down in law by the issuers, etc. for eligible products of Book-Entry Transfer System for Shares, etc.
    • b
      For the management of Participant Information (the name and address, etc. of the participant) under Book-Entry Transfer System for Shares, etc. in a state such that it can be retrieved by the Individual Number of said participant.
    • c
      For the preparation and submission of records set down in law for eligible products of Custody Services for Foreign Stock Certificates, etc.
    • d
      For the preparation and submission of payment record of compensation, etc.
    (3) Online Identifier
    • a
      For security purposes on JASDEC Website.
  • 3

    Security control actions of retained personal information handled by JASDEC

    Security control actions of retained personal information handled by JASDEC are as follows:
    (1) Formulation of the basic policy
    • a
      Formulating the basic policy about compliance with related laws, guidelines, etc., and contact point for inquiries and complaint processing, etc. for ensuring the proper handling of personal data.
    (2) Establishment of discipline about handling of personal data
    • a
      Establishing the handling rules of personal data including the handling method, the responsible party in charge, and their duty, etc. at each stage of acquisition, use, retention, provision, deletion and disposal, etc.
    (3) Institutional security control measures
    • a
      Appointing a person responsible for handling of personal data, clarifying employees handling personal data and the range of personal data handled by such employees, and developing a system for reporting to and communicating with a person responsible in case the fact or the sign is found that the laws or handling rules are violated.
    • b
      Recording of the handling of personal data
    • c
      Implementing regular self-inspections and internal and external audits of the handling status of personal data
    (4) Human security control measures
    • a
      Implementing regular training for the employees about consideration when personal data is handled.
    • b
      Describing the matters about confidentiality of personal data in rules of employment
    (5) Physical security control measures
    • a
      Deleting or disposing of personal data in irretrievable ways
    • b
      Reserving personal data of individual investors domestically in Japan
    (6) Technological security control measures
    • a
      Limiting persons handling personal data and the range of handling personal information database etc. handled by such persons through implementing access control
  • 4

    Inquiries about personal information handled by JASDEC

    Any inquiry about personal information handled by JASDEC, the Policy on Personal Information Protection of JASDEC and overall handling of the protection of personal information by JASDEC should be made to the office in charge of personal information.

    Any request for the disclosure, correction or the suspension of use, etc. of personal information handled by JASDEC should be made using the form prescribed by JASDEC. JASDEC will send the form by mail or via e-mail. Please forward the request to the office in charge of personal information. To prevent the leakage of personal information, JASDEC will only make disclosure or correction or suspend use as requested when JASDEC is able to confirm the identification of a person making such a request.

In Charge of Personal Information:

Risk Management Department

7-1 Nihonbashi Kabuto-cho, Chuo-ku, Tokyo 103-0026, Japan

For inquiries about personal information, please use the inquiry form at the bottom of front page.

Policy on Personal Information Protection

JASDEC DVP Clearing Corporation ("JDCC") fully recognizes the importance of personal information protection, and given JDCC's high public profile as a pillar of the securities settlement infrastructure has established a personal information protection policy to ensure high levels of public welfare and reliability. The Personal Information Protection Policy is as follows:

  • 1

    Acquisition of personal information

    JDCC shall acquire personal information in an appropriate manner.
  • 2

    Publication, etc. of the purpose of use of personal information

    JDCC shall specify the purpose of use of personal information, and announce or publicize the purpose of use unless otherwise specified in laws. Please refer to "Handling of Personal Information" for the purpose of use of personal information obtained through the business of JDCC.
  • 3

    Use of personal information

    (1) Use of personal information (except for Individual Number)
    JDCC shall handle personal information (except for Individual Number) only to the extent necessary to achieve the purpose of use.
    (2) Use of Individual Number
    JDCC shall handle Individual Number only to the extent specified in laws and necessary to achieve the purpose of use.
  • 4

    Assurance of the correctness of personal information

    JDCC shall endeavor to keep personal information correct and update only to the extent necessary to achieve the purpose of use.
  • 5

    Supervision, education and training of officers and employees

    JDCC shall exercise necessary and proper supervision over the officers and employees of JDCC for the purpose of the secure management of personal information. JDCC shall also make this Policy and JDCC's security control measures for the protection of personal information fully known to the officers and employees of JDCC without exception, conduct proper education and training, and strive to enhance the awareness of the protection of personal information.
  • 6

    Protection of the security of personal information

    JDCC shall implement proper and continuous security control measures to prevent the leakage, loss, damage or alteration, etc. of personal information. Please refer to the "Handling of Personal Information" for security control actions of retained personal information handled by JDCC.
  • 7

    Provision of personal information to a third party

    (1) Provision of personal information (except for specific personal information) to a third party
    JDCC shall neither provide nor divulge personal information (except for specific personal information) to any third party if not approved by the person identified by the information unless otherwise specified in laws. When personal information is provided to a third party based on the approval of the person, JDCC shall deal with it in conformity with laws.
    (2) Provision of Individual Number and specific personal information to a third party
    JDCC shall neither provide nor divulge Individual Number and specific personal information to any third party regardless of approval from the person identified by the information unless otherwise specified in laws.
    (3) Provision of personally referable information to a third party
    JDCC shall neither provide nor disclose personally referable information by which the person can be identified in the location where such information is provided to any third party without the consent of the person identified by the information unless otherwise specified in laws. When personally referable information is provided to a third party based on the approval of the person, JDCC shall deal with it in conformity with laws.
  • 8

    Joint use of personal information

    (1) Joint use of personal information (except for specific personal information)
    JDCC may use personal information (except for specific personal information) jointly with a third party only to the extent necessary to achieve the purpose of use. In the event of joint use, JDCC shall conform to laws.
    (2) Joint use of Individual Number and specific personal information
    JDCC shall never use Individual Number and specific personal information jointly with a third party.
  • 9

    Supervision of outsourced parties

    JDCC may outsource the handling of personal information to outside parties only to the extent necessary to achieve the purpose of use. In this event, JDCC shall properly supervise outsourced parties to ensure that the handling of outsourced personal information is based on JDCC's security control measures for the protection of personal information.
  • 10

    Disclosure, etc. of personal information

    JDCC shall respond to a request from the concerned person for the disclosure, correction or the suspension of use, etc. of personal information unless otherwise specified in laws. Please refer to the "Handling of Personal Information" for the specific procedure for such requests.
  • 11

    Response to inquiries

    JDCC shall respond to inquiries, opinions and complaints about the handling of personal information in JDCC promptly and with integrity. Please refer to the "Handling of Personal Information" for specific procedures for inquiries.
  • 12

    Framework of personal information protection

    The President and CEO shall serve as the chief executive responsible for the handling of personal information by JDCC. JDCC will assign a person to be responsible for the control of personal information in each department which handles personal information. JDCC shall continuously review and revise internal systems for the protection of personal information and make efforts to improve them.
  • 13

    Observance of laws and ordinances, etc.

    JDCC shall observe laws, ordinances and other standards concerning the protection of personal information.
  • 14

    Revision of the Personal Information Protection Policy

    JDCC may revise this Policy due to changes in societal circumstances or the amendment of relevant laws and ordinances.

Handling of Personal Information

In this section, based on the "Policy on Personal Information Protection" established by JASDEC DVP Clearing Corporation ("JDCC"), JDCC explains the details and the purpose of use of personal information to be acquired by JDCC and the procedure for inquiries about personal information handled by JDCC.

  • 1

    Details of personal information to be acquired by JDCC

    Personal information to be acquired by JDCC will include information such as name, address, telephone number, e-mail address, date of birth, sex, occupation and Individual Number.

    JDCC automatically collects Online Identifier such as IP address, access information to JDCC Website. JDCC uses cookies, which are information transmitted from the JDCC's server to the user's browser and stored on the user's computer in order to identify users on JDCC Website. However, JDCC doesn't collect any information to identify person by using cookies.

  • 2

    Purpose of use of personal information to be acquired by JDCC

    Personal information to be acquired through the business of JDCC shall be used only for the following purposes:
    (1) Personal information (except for the following (2) and (3))
    • a
      For administrative work on qualification of management systems of DVP Participant or qualified applicants (hereinafter called "DVP Participants, etc.")
    • b
      For business communication with DVP Participants, etc. such as Settlement Banks, Commitment Line Banks, and other organizations related to the DVP for Non-Exchange Transaction Deliveries System
    (2) Individual Number and personal information containing the Individual Number (except for the following (3))
    • a
      For the preparation and submission of payment record of compensation, etc.
    (3) Online Identifier
    • a
      For security purposes on JDCC Website.
  • 3

    Security control actions of retained personal information handled by JDCC

    Security control actions of retained personal information handled by JDCC are as follows:
    (1) Formulation of the basic policy
    • a
      Formulating the basic policy about compliance with related laws, guidelines, etc., and contact point for inquiries and complaint processing, etc. for ensuring the proper handling of personal data.
    (2) Establishment of discipline about handling of personal data
    • a
      Establishing the handling rules of personal data including the handling method, the responsible party in charge, and their duty, etc. at each stage of acquisition, use, retention, provision, deletion and disposal, etc.
    (3) Institutional security control measures
    • a
      Appointing a person responsible for handling of personal data, clarifying employees handling personal data and the range of personal data handled by such employees, and developing a system for reporting to and communicating with a person responsible in case the fact or the sign is found that the laws or handling rules are violated.
    • b
      Recording of the handling of personal data
    • c
      Implementing regular self-inspections and internal and external audits of the handling status of personal data
    (4) Human security control measures
    • a
      Implementing regular training for the employees about consideration when personal data is handled.
    • b
      Describing the matters about confidentiality of personal data in rules of employment
    (5) Physical security control measures
    • a
      Deleting or disposing of personal data in irretrievable ways
    (6) Technological security control measures
    • a
      Limiting persons handling personal data and the range of handling personal information database etc. handled by such persons through implementing access control
  • 4

    Inquiries about personal information handled by JDCC

    Any inquiry about personal information handled by JDCC, the Policy on Personal Information Protection of JDCC and overall handling of the protection of personal information by JDCC should be made to the office in charge of personal information.

    Any request for the disclosure, correction or the suspension of use, etc. of personal information handled by JDCC should be made using the form prescribed by JDCC. JDCC will send the form by mail or via e-mail. Please forward the request to the office in charge of personal information. To prevent the leakage of personal information, JDCC will only make disclosure or correction or suspend use as requested when JDCC is able to confirm the identification of a person making such a request.

In Charge of Personal Information:

JASDEC DVP Clearing Corporation Business Administration Department

7-1 Nihonbashi Kabuto-cho, Chuo-ku, Tokyo 103-0026, Japan

For inquiries about personal information, please use the inquiry form at the bottom of front page.

Return to top of page