To ensure the proper handling of personal data, our company has formulated a basic policy regarding "compliance with relevant laws and guidelines," "inquiries and complaint handling," and other related matters.
Our company has formulated information management regulations in accordance with the "Guidelines for Personal Information Protection in the Financial Sector" established by the Personal Information Protection Commission and the Financial Services Agency, as well as the rules of self-regulatory organizations to which our company belongs as a financial instruments business operator. These regulations cover handling methods, responsible persons, personnel, and their duties for each stage, including acquisition, use, storage, provision, deletion, and disposal.
(1) We appoint a person responsible for handling personal data, clarify the scope of personal data handled by employees and the employees who handle it, and establish a reporting and communication system to the responsible person in the event of detecting facts or signs of violations of laws or handling regulations.
(2) We conduct regular self-inspections of personal data handling status and also carry out audits by the auditing department or, when necessary, by external parties.
(1) We provide regular training to employees on precautions regarding the handling of personal data.
(2) We stipulate confidentiality matters regarding personal data in our information management regulations, require employees to submit confidentiality agreements to ensure the confidentiality of personal information and prevent its use outside of work, and also define and enforce legal compliance obligations in our employment regulations.
(1) In areas where personal data is handled, we manage employee entry and exit, restrict equipment brought in, and implement measures to prevent unauthorized individuals from viewing personal data.
(2) We take measures to prevent the theft or loss of devices, electronic media, documents, etc., that handle personal data. When transporting such devices, electronic media, etc., including within the office, we implement measures to ensure that personal data cannot be easily identified.
(1) We implement access controls to limit the scope of personnel and the personal information databases they handle.
(2) We have introduced mechanisms to protect information systems that handle personal data from unauthorized external access or malicious software.
In accordance with economic security principles, our company does not store customers' personal information outside of Japan. Should we need to store customers' personal information outside of Japan in the future, after understanding the personal information protection systems in that country, we will implement security measures equivalent to those described in the "Practical Guidelines for Security Management Measures, etc., under the Guidelines for Personal Information Protection in the Financial Sector," and will publicly announce this or notify the individuals concerned.