The Bank shall obtain and use necessary personal information of our customers to conduct accurate transactions with you and to inform you about improved products and services. The Bank handles Individual Numbers solely within the scope stipulated by applicable law.

The Bank shall not use personal information received from our customers beyond the scope necessary to achieve the purposes of use described above. Furthermore, the Bank shall clearly express the purposes of use of our customers’ personal information. For example, with regard to customers’ responses to survey questions, the Bank shall indicate that they would be used for data collection. In this manner, the Bank shall make efforts to limit the use of customers’ personal information for the specific purpose for which it was obtained.

The information that the Bank receives from our customers includes names, addresses, telephone numbers and email addresses, as well as (i) identification numbers that are assigned to applicable individuals under certain documents or for the use of certain services, such as Individual Numbers and license numbers, and (ii) parts of an individual’s physical features such as DNA, fingerprints, and voiceprints that have been digitized for use on electronic devices, either of which may be used to identify an individual (collectively, “Individual Identification Codes”). The Bank may retain records related to customer transactions and inquiries in the form of writing, or voice, video or electronic recording.

The Bank shall not use customers’ personal information in a manner not recognized as appropriate according to social norms or that violate the intent of applicable laws and regulations or social standards.

The Bank shall obtain our customers’ personal information in a proper and lawful manner and to the extent necessary to perform our services, in which case the Bank shall specify and accurately inform our customers of the purposes of use of such personal information, and shall not obtain such personal information through deception or other wrongful means. Furthermore, the Bank shall obtain Individual Numbers solely within the scope stipulated by applicable law. Regarding our customers who apply for loans, please note that the Bank may contact the personal credit information agencies to obtain relevant information thereof.

The Bank shall endeavor to keep the details of personal information accurate and up-to-date to the extent necessary for achieving the purposes of use, and requests your cooperation in this regard. If there have been any changes to your personal information requiring notice to the Bank, please submit a written notice to our branches. When personal data related to our customers’ personal information are no longer needed for use, or are retained beyond a certain period of time under applicable law, the Bank shall make efforts to delete such data without delay. When deleting personal data or discarding any device, electronic media, or the like that contains personal data, such shall be done in an unrecoverable manner. Moreover, a record of the deletion or disposal shall be retained.

The Bank shall take necessary and appropriate measures (including “organizational security management measures”, “personal security management measures”, “physical security management measures”, “technical security management measures”, and “ascertainment of the external environment”) in order to prevent any illegal access to, or leakage, loss, damage, or falsification of, personal information received from our customers and to otherwise protect personal data, such as by establishing the basic policies/operating standards related to security management as well as the structure related to the execution of security management measures.

With respect to all of our officers and employees who handle our customers’ personal information, the Bank shall establish a proper internal control structure that ensures the security of personal data, clarifies roles and responsibilities thereunder, disseminates information regarding security obligations, and provides necessary education/training and appropriate supervision.

The Bank shall rigorously manage our service providers, who we engage to handle our customers’ personal information, such as by entering into an agreement therewith regarding the protection of personal information and/or by supervising such service providers as needed or appropriate, in order to ensure the security of such personal information. Even in cases where such service providers outsource their services to a subcontractor, the Bank shall have such service providers rigorously manage such subcontractor in the handling of personal information in the same manner as when the Bank outsources our services to such service providers.

In order to make all of our officers and employees aware of the importance of protecting personal information and to ensure the proper protection and use of personal information, the Bank shall establish, implement, and make ongoing improvements to the compliance programs related to the protection of personal information in conformance with the Personal Information Protection Act, the My Number Act, and other applicable law regarding the protection of personal information.

The Bank shall not, without your consent, provide your personal information to any third party other than as set forth in the Personal Information Protection Act. If the customer is a minor, adult ward, conservatee, or person subject to limited guardianship, who does not have the ability to determine the consequences of consenting to certain handling of personal information, the Bank shall obtain consent from such customer’s guardian, legal representative, or the like; provided, however, that the Bank may provide your personal information to a third party without your consent in the following cases: consent is required to protect your life, body, or property and obtaining your consent is determined to be difficult; the handling of personal information is outsourced to the extent necessary to achieve the purposes of use; or in the case of business succession or joint use of such personal information with a separately specified person. Specific Personal Information shall not be provided to any third party notwithstanding the customer’s consent/refusal unless as otherwise provided in the My Number Act.

The Bank shall publicly announce in advance the purposes of use of personal information received from our customers. If we subsequently change such purposes of use, we will promptly provide notice or publicly announce the amended purposes of use.

If you request for notice regarding the purposes of use, or for disclosure, correction, addition, omission, suspension of use or deletion, or for suspension of provision to third parties, of retained personal data related to your personal information or of information related to records of provision to third parties, the Bank shall, after asking about the circumstances of such request, notify you of the required procedures. Upon completion of such procedures, the Bank shall promptly provide notice regarding the purposes of use, disclose, correct, add, omit, suspend the use or delete, or suspend the provision to third parties, of such retained personal data (the “Requested Act”); provided, however, that the Bank may not be able to perform the Requested Act based on the Personal Information Protection Act or other reason. If it is deemed that it would be difficult to perform the Requested Act in whole or in part, or to implement a disclosure via methods requested by you, the Bank shall promptly notify you of such. If a Request for Action is made with respect to the Individual Number, the Bank’s reply shall be limited to whether or not such information is in our possession.

The Bank shall comply with the applicable laws, guidelines, and the like related to the Protection of Personal Information Act, My Number Act, and other personal information protections in relation to the personal information you provide to us.

The Bank may use cookie technology to improve our customer service; provided, however, that the Bank shall not retain any privacy related information of our customers such as their names or contact details. A cookie is technology that enables a web server to identify the user from his/her prior visit by storing a certain file in the user’s personal computer (terminal) when the use accesses a website on the web server. The Bank’s cookies are readable only by our website, and do not contain any information through which a third party can contact the user by his/her telephone number, email, postal address, or the like. A user can delete the cookies stored in his/her computer and avoid storing cookies by changing the browser settings thereof.

If you have any questions, comments, or requests concerning the Bank’s handling of personal information, please contact us at the call center or our branches, who will respond to you in a prompt and proper manner.

The Bank has a point of contact for receiving complaints concerning the Bank’s handling of personal information.

The Bank is a member of the following personal information protection organizations that were accredited under the Personal Information Protection Act.
The following organizations manage complaints and provide consultation services concerning their member entity’s handling of personal information.

If there is a personal information leakage incident or the like, the Bank shall immediately report to the relevant competent authority. Furthermore, in order to prevent the occurrence of any secondary damage or similar incident, the Bank shall promptly notify our customers involved in such incident regarding the relevant facts, recurrence prevention measures, and the like.

The Bank is licensed to provide banking services under the Banking Act. The banking services include the following:

The Bank shall obtain our customers’ personal information in a proper and lawful manner to the extent necessary to provide our services. The personal information that may be obtained includes the items listed below. In order to ensure the proper operation of our businesses in the financial sector, the Bank may, with the customer’s consent, obtain sensitive information as set forth in the Guidelines Regarding the Protection of Personal Information in the Financial Sector (issued by the Personal Information Protection Commission and the FSA) (which means “special care-required personal information” as set forth under the Personal Information Protection Act and information related to one’s membership in a labor union, lineage, domicile, healthcare, and sexual activity (but excludes special care-required information for these items); provided, however, that “sensitive information” excludes information that has been disclosed to the public by the person in question, a national or local authority, media organizations such as broadcasting organizations, newspapers, or news agencies (including foreign media organizations), foreign governments, government agencies, local government, or international organizations, or information that is externally apparent and can be obtained through looking at/filming the person in question) to the extent necessary to perform our services; provided, however, that the Bank shall not obtain, use, or provide to third parties such information unless required under applicable law. Notwithstanding the customer’s consent/refusal, the handling of Individual Numbers shall be limited to the scope as set forth under applicable law.

The Bank shall use personal information for the following purposes to the extent permitted by applicable law:

As noted in Paragraph (4) of Section 3 (Use of and Information Registration with Personal Credit Information Agencies (Not Applicable to Specific Personal Information))

If bills/checks become dishonored, the bearers and their banks or the like will suffer considerable damage. Therefore, the Bank takes actions such as refraining from transactions for a certain period of time if there is an order for suspension of business due to the dishonored bills/checks. Such being the case, the personal data of (i) customers who are the drawers or the underwriters of the dishonored bills/checks and (ii) customers who have consulted with the Bank regarding the opening of a checking account will be provided to the electronic clearing houses or the like and will be used jointly as follows:

Such requests shall be accepted at the call center or our branches. If you are making such request in person, please bring your registered seal.

If you yourself are making a Request for Action in person at our branches, please bring your identification document(s) and seal (or registered seal if you have an account with us). You will fill out the necessary items in the “Personal Information: Request for Action Form” at the reception desk.
While such form is available at our branches, it can also be delivered to you by post by contacting the call center or our branches.

Any Request for Action shall be accepted at our branches or by post. If requesting by post, please enclose the Personal Information: Request for Action Form (or, if the requester is your agent, the Personal Information: Request for Action Form (for Agent) and the Power of Attorney), copy of identification document(s) (as stipulated in Section 8(4)), and service fee (as stipulated in Section 8(7)) and send them to the following address.

Retained personal data that may be disclosed are as follows:
Branch code, Name, Address, Gender, Birthdate, Home telephone number, Email address, Alternative telephone number, Type of work, Employer’s name, Work telephone number, Type of deposit account, Date of opening of deposit account, Type of loan transaction, Loan commencement date, Name of outsourced agency providing lending related services (e.g., Japan Housing Finance Agency)

Please specify in detail any information requested under the Request for Action that is not listed above. However, please note that the Bank may not be able to accommodate your request in some cases. If a Request for Action is made with respect to the Individual Number, the Bank’s reply shall be limited to whether or not such information is in our possession.

The Bank shall accept requests for suspension of use or deletion of retained personal data only if the Bank has obtained or handled such data in an inappropriate manner.

The Bank will charge a specified service fee in connection with your request for notice regarding the purposes of use or for disclosure of retained personal data. Such fee shall be paid upon submission of the Personal Information: Request for Action Form at the Bank’s reception desk. If you have an account with us, you may pay such fee through a bank transfer. Please note that if requesting by post, we do not accept payment by cash. Please visit our homepage or our branches for details regarding the service fee.

We will respond to your Request for Action by sending it to you via a method of your choosing. Please note that our response to any such request made by your agent will also be sent to you. Please also note that we may not be able to accommodate your Request for Action pursuant to the Personal Information Protection Act or the like, in which case we will notify you to that effect. Even in such a case, please note that we will not be able to refund service fees that were already paid.