Home > Privacy > The Privacy Policy of Citigroup Japan Holdings Corp.

[ The text begins. ]

The Privacy Policy of Citigroup Japan Holdings Corp.

  1. Introduction

    Citigroup Japan Holdings Corp. (hereinafter "the Company") herein declares its basic policy on the protection of Personal Information (hereinafter "Basic Policy") in order to comply with the requirements of the laws and regulations applicable to the Company.

  2. Compliance with Laws and Regulations

    The Company values and protects Personal Information on its customers, as the holding company of a financial services group that values and appreciates the importance of good standing in its relationships with customers and with society at large.
    The Company is fully aware of its social responsibility to safeguard the Personal Information of customers when engaging in business activities. Based on this understanding, the Company confirms that all of its Employees will comply faithfully with the Law Governing the Protection of Personal Information, other laws and regulations, and the Company's Basic Policy, and that the entire Company is committed to fair and appropriate handling of Personal Information.

  3. The Purposes of Use of Personal Information

    Personal Information will be used within the limits necessary to achieve the purposes of use listed below in executing the business activities described below, and such information shall not be used exceeding the limits necessary to achieve the said purposes. Further, the Company shall not modify the purposes of use exceeding the limits recognized to be fair and rational.

    (Business Activities)

    1. Activities regarding supervision and management of the business activities of companies in which the Company holds shares (hereinafter "Subsidiaries").
    2. Activities regarding data processing for the business and financial affairs of Subsidiaries.
    3. Activities regarding development of computer programs related to the business and financial affairs of Subsidiaries, as well as activities related to computing services.
    4. Activities regarding affairs of compensation, wages, and employee welfare benefits for the directors and Employees of Subsidiaries.
    5. Activities regarding the maintenance and management of brands and trademarks, market research, event planning, and advertising and publicity for Subsidiaries.
    6. Activities regarding consulting for management of Subsidiaries.
    7. Other activities that financial holding companies are authorized to engage in, as well as other supplementary and accompanying activities (including activities authorized in the future).

    (Purposes of Use)

    1. For the purpose of undertaking information services concerning the products and services of the Company, its related companies and affiliates.
    2. For the purpose of conducting research and development of products and services by means of market research, customer satisfaction surveys, data analysis and questionnaire surveys, etc.
    3. For the purpose of correctly executing activities relegated from other business entities, or relegated with handling of Personal Information either in full or in part, etc.
    4. For the purpose of responding to the inquiries from the shareholder(s) of the Company.
    5. For the purpose of handling inquiries, etc., related to Personal Information.
    6. For the purpose of business management and internal control and administration of the Company and Subsidiaries.

  4. Shared Use of Personal Data

    The Company may use and share Personal Data as follows:

    1. Items of Personal Data to be shared and used
      • Information on the customer, such as name, address, date of birth, occupation
      • Information related to transactions of the customer, such as transaction details, outstanding deposits, etc.
      • Information on customer needs, such as in asset management.
    2. The range of parties authorized for shared use
      • The Company, and its consolidated companies and equity method affiliates of the Company entered in the latest annual security report of the Company.
    3. Purposes of use by using parties
      • For the purpose of a full range of research, development, information service and supply of the best and most appropriate products, and services that match the needs of the customers in asset management, etc., through coordination of the entire Citigroup Japan Holdings Corp. led by the Company as the holding company of the entire group.
      • For the purpose of business management and internal control and administration of the group companies led by the Company as a holding company.
    4. Name of the party responsible for the management of Personal Information shared use: The Company (Citigroup Japan Holdings Corp.)

  5. Sensitive Information

    The Company shall not collect, use or provide to third parties information on political views, credo (religion, philosophy, and beliefs), membership of labor unions, race or ethnic group, family origin or permanent domicile, matters related health and medicine, habits related to sexual activity, or criminal record (hereinafter called "Sensitive Information"), except under the conditions described below. If such information is to be collected, used, or provided to third parties under the conditions described below, the information shall be handled with special attention and caution to avoid collection, use, or provision to third parties exceeding the extent of the said conditions.

    1. In case of applications of laws and regulations.
    2. In case of needs for the protection of human life, health, or property.
    3. In case of special needs for improvements to public health or promotion of sound development of children.
    4. In case of needs for cooperation with a government organization, local government entity or party designated by those for the execution of their affairs designated by law.
    5. In case of collection, use or provision to third parties of Sensitive Information regarding membership of political, religious, or other organization, or labor union of Employees, etc., within the scope necessary for the execution of withholding tax affairs etc.
    6. In case of collection, use, or provision to third parties of Sensitive Information within limits necessary in execution of transfer of rights and obligations, in inheritance administration procedure etc.
    7. In case of collection, use, or provision to third parties of Sensitive Information within the limits necessary in the execution of business with the consent of the Person in Question, due to the need to ensure appropriate proceedings of financial instrument exchange business and other business activities in the financial field.
    8. In case of use of biometric information classified as sensitive information to confirm the identity of a person, with consent of the Person in Question.

  6. Appropriate Collection of Personal Information

    1. The Company shall not collect Personal Information using fraudulent or other unauthorized means.
    2. When Personal Information is collected from third parties, the Company shall not improperly infringe the interests of the Persons in Question. Moreover, the Company shall not collect information from third parties that have employed illegal means to collect Personal Information with the knowledge that such Personal Information in question had been leaked illegally.
    3. The Company may collect Personal Information of customers using the following methods:
      • Collection of Personal Information from third parties, such as database services, etc.
      • Collection through audio recordings, video recordings, reception of e-mail, etc.
      • Collection of information found in government bulletins, newspapers, magazines, Internet, etc.
    4. If Personal Information is not provided as requested by the Company, all or part of the Company's services may not be available.

  7. Notification, Declaration and Explicit Display of Purposes of Use in the Collection of Personal Information

    The Company shall indicate the purposes of use of Personal Information on its Web site and shall indicate the means, responding to inquiries (if any), etc.
    The Company shall notify the person or disclose publicly the purposes of use of Personal Information promptly at the collection of the said information, except when the purposes of use have been disclosed in advance.
    The Company shall explicitly specify the purposes of use of Personal Information in advance, when the Company obtains Personal Information directly from the Person in Question in writing.

  8. Guarantee of Accuracy of Personal Data

    The Company shall make the efforts to guarantee that Personal Data is accurate and up-to-date within the range necessary to achieve the purposes of use.
    The Company shall specify the period of storage of Personal Data depending on the purpose of use, and delete the said data after expiration of the said period, except when the period of storage is designated by laws and regulations.

  9. Measures for Personal Data Security Management

    The Company shall implement measures that are necessary and appropriate for Personal Data security, such as prevention of leakage or loss of, or damage to Personal Data collected, by establishing a basic policy and regulations on security management and the necessary administration pertaining to security management measures.

    Necessary and appropriate measures include the following for collection, use, storage, etc., of Personal Data.

    1. Organized security management measures: The responsibilities and authority of Employees regarding the management of Personal Data security are clearly defined. Regulations related to security management, etc., have been developed and implemented, and inspection and audits are executed to examine the state of implementation.
    2. Human security management measures: Contracts, etc., are concluded with Employees on non-disclosure of Personal Data, and employee training, and other programs are executed for the necessary and appropriate supervision of Employees in ensuring the management of Personal Data security.
    3. Technical security management measures: Technical measures are implemented for the management of Personal Data security, such as access control to Personal Data and information systems handling Personal Data, surveillance of information systems, etc.

  10. Provision of Personal Data to Third Parties

    The Company shall not provide Personal Data to a third party, except under the conditions below:

    1. With the advance consent of the Person in Question.
    2. In case of application of laws and regulations.
    3. In response to inquiry or investigation by taxation office, investigative organization, juridical body and other external organizations, etc.
    4. In case of need for the protection of human life, health, or property, and when the consent of the individual in question is difficult to obtain.
    5. If all or part of Personal Data handling is commissioned to others, within the range necessary for the achievement of the purposes of use.
    6. In case of provision of Personal Data due to consolidation or succession of business by other reasons.
    7. In case of shared use of Personal Data based on Article 4 of this Basic Policy.
    8. In other cases authorized by relevant laws and regulations.

  11. Outsourcing the Handling of Personal Data

    The Company may outsource all or part of its handling of Personal Data within the range necessary for achievement of the purposes of use. In such a case, the Company will execute necessary and appropriate supervision over the contractors to which Personal Data handling is outsourced, in order to ensure Personal Data security.

  12. Procedure for Responding to Requests for Disclosure, etc., of Collected Personal Data

    The Company will accept requests for notification of use purpose, disclosure, revision, addition, deletion, suspension of use, and removal or suspension of provision to third parties related to Collected Personal Data (hereinafter called "Disclosure") in compliance with the application procedure designated by the Company. For further details, please read the Guide to Procedures concerning Applications for Personal Information Disclosure. (PDF:90KB)
    The guide is outlined below:

    1. Contact when requesting Disclosure.
      Requests are accepted by Corporate Affairs Office, Citigroup Japan Holdings Corp.
    2. Forms to be submitted to request Disclosure.
      Please submit the Application for Personal Information Disclosure (PDF:46KB)
    3. Method of confirmation of identity for the applicant or proxy requesting Disclosure.
      Documents for authenticating identity as designated by the Company must be submitted.
    4. Charges and collection of payment
      Charges will be made in accordance with the method designated by the Company in case of notification of the use purposes or disclosure.

  13. Contact for Inquiries, Complaints, etc., regarding Handling of Personal Information

    The Company will properly handle inquiries, complaints, etc., regarding the handling of Personal Information. All inquiries, complaints, etc., should be directed to:

    Corporate Affairs Office, Citigroup Japan Holdings Corp.
    Tel: 6270-9848

  14. Review and Revision of the Basic Policy

    The Company shall review the content of the Basic Policy as needs arise and revise it in response to any revision of relevant laws and regulations, or developments, such as changes in the IT environment, etc.
    The revised Basic Policy will be published on the Company's Web site, and the revised methods to respond inquiries (if any), etc. shall be disclosed.

  15. Terminology

    Specific terms used in the Basic Policy are defined as follows:

    1. "Personal Information" is information concerning a living individual (including the customers, Employees of the Company, and other persons related to business enterprises, etc.), such as name, date of birth, and other descriptions, code or number attached to each individual, and visual and auditory data that can identify the individual (including information that cannot identify the individual by itself but can easily identify the said individual when associated with other information).
    2. "Personal Information Database, etc." is the aggregate of information, including Personal Information, which has been organized systematically for searching into specific Personal Information with computer, etc.
    3. "Personal Data" is Personal Information that makes up the Personal Information Database, etc.
    4. "Collected Personal Data" is Personal Data for which the Company is able to disclose, revise, add, delete, suspend the use, remove and suspend provision to third parties, but excludes information that may infringe public interests and other interests through disclosure of its presence or absence, or information that is expected to be removed within six months (excluding information that is to be updated).
    5. "Person In Question" is the specific individual who can be identified through the Personal Information.
    6. "Employees" are persons who are engaged in the Company's business activities under direct or indirect supervision and management of the Company within its organization, including workers with established employment relationships (executive directors, full-time employees, contractual employees, part-time workers, etc.) and also those without an employment relationship with the Company (directors, executive officers (shikoyaku), auditors and workers assigned from temporary manpower services).

Please kindly note that the original of the Basic Policy [Guide][Application Form] is made in Japanese language and this English version of is a translation for reference purpose only. If there is any discrepancy between any portion of the Japanese version and the English version, the Japanese version shall prevail.

History of revision of the Basic Policy:

  • Published May 1, 2008
  • Updated as of June 30, 2008
  • Updated as of October 1, 2009

Adobe Reader must be installed in your system to view
PDF files. This application can be dowloaded free of
charge by clicking below:
Get Adobe Reader

Get Adobe Reader