Basic Policy on Personal Information Protection

1. Introduction

SMBC Nikko Securities Inc. (hereinafter "Company") herein declares its basic policy on the protection of personal information (hereinafter "Basic Policy").

2. Compliance with Laws and Regulations

As a securities company that values and appreciates the importance of a good relationship with customers and the public, the Company cautiously protects its customers' Personal Information and Individual Numbers (hereinafter collectively, "Personal Information etc. ") .

The Company is fully aware of its social responsibility to safeguard its customers' Personal Information etc. when engaging in business activities. Based on this understanding, the Company hereby declares that all of its Employees must comply with the laws and regulations concerning the protection of Personal Information etc., as well as with this Basic Policy. The entire Company is committed to the appropriate handling of Personal Information etc.

3. Purposes of Use of the Personal Information etc.

Personal Information shall be used only when necessary to achieve the purposes of use listed below in connection with the execution of the business activities described below. Personal Information shall not be used for any other purpose. Further, the Company shall not unreasonably modify the purposes of use listed below. Individual Numbers shall be used solely to the extent prescribed by the Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure (the "Number Use Act") and other relevant laws and regulations.

(Business Activities)

  • (1)Financial instrument business activities (including the buying and selling of securities, acting as a broker with respect to the buying and selling of securities, OTC derivative transactions, public offerings and secondary distribution of securities) and related activities.
  • (2)Business activities that a financial instruments business operator may engage in under applicable laws, such as acting as an insurance agent or as a money lender.
  • (3)Other businesses that a financial instruments business operator may engage in, as well as its related activities (including activities that a financial instruments business operator may in the future be authorized to engage in).

(Purposes of Use)

  • (1)To market, distribute, sell and purchase financial instruments (including insurance products for the purposes of this sentence) in accordance with the Financial Instruments and Exchange Act, and to provide services related to and information on such services.
  • (2)To market, distribute, sell and purchase financial instruments and other products of the Company, its subsidiaries and affiliates, and to provide services related to and information on such services.
  • (3)To transfer, settle or manage securities or cash in order to manage transactions on behalf of customers and to manage customer accounts.
  • (4)To pay and handle dividends, distributions, and interest payments and to redeem financial instruments, to pay and handle insurance benefits, benefits, pensions, other benefits, etc.
  • (5)To determine the appropriateness of the marketing, distribution, sales and purchase of financial instruments and services in light of the principle of suitability, etc.
  • (6)To identify customers or their agents.
  • (7)To report and confirm the results of transactions, account balances, investment activity, etc., to customers.
  • (8)To process documentation relating to customer transactions.
  • (9)To conduct research and development on financial instruments and services by utilizing market research, customer satisfaction surveys, data analysis, questionnaires, etc.
  • (10)To properly execute business activities including the handling of Personal Information, when the Company is entrusted by others with the handling of Personal Information, in whole or in part, or other activities.
  • (11)To perform customer transactions properly and efficiently.
  • (12)To reply to inquiries, etc., related to the handling of Personal Information.
  • (13)To manage the business of the Company, including internal controls and administration.
  • (14)Notwithstanding the purposes of use of Personal Information described in the preceding items, Individual Numbers shall be used solely for operations concerning applications and notifications for the opening of accounts for financial instruments transactions, and for operations concerning the preparation and submission of statutorily required documents for financial instruments transactions.

The Company, in compliance with the Cabinet Office Ordinance on Financial Instruments Services and other related regulations, shall not use information on individual customers concerning race, religion, lineage, registered domicile, medical history, criminal records, or any other special information that is not available to the public that is obtained during the course of the Company's business for any purpose other than ensuring proper business operations and for other necessary purposes.

4. Sharing of Personal Data

The Company may share and use Personal Data as follows:

4-1. Information Sharing amongst Group Companies

  • (1) Items of Personal Data that will be Shared and Used (excluding Individual Numbers)
    • -Customer information, such as name, address, date of birth, occupation.
    • -Information related to customer transactions, such as transaction details, outstanding deposits, etc.
    • -Information on customer asset management needs, etc.
  • (2)Group Companies that Share Information
    The Company may share information with its subsidiaries and affiliated companies, as defined in the Article 8 of the Ordinance on Terminology, Forms and Preparation Methods of Financial Statements, etc. The Company discloses the names of its subsidiaries and affiliated companies on its website. The Company and its subsidiaries and affiliated companies are collectively referred to herein as the "Group Companies".

    Click here for a list of the names of the Group Companies.

  • (3)Purposes of Use
    • -To undertake a full range of research and development, provide information and provide the best and most appropriate products and services that match the asset management needs of customers, etc., through the coordination of all Group Companies.
    • -To manage the business of the Group Companies, including internal controls and administration.
  • (4)Name of the Party Responsible for the Management, Sharing and Use of Personal Information: SMBC Nikko Securities Inc.

4-2. Information Shared with Citigroup Global Markets Japan

  • (1) Items of Personal Data to be Shared and Used (excluding Individual Numbers)
    • -Information on the customer, such as name, address, date of birth and occupation.
  • (2)Parties Authorized to Share and Use Information
    The Company and Citigroup Global Markets Japan
  • (3)Purposes of Use
    • -To undertake a full range of research and development, provide information and provide the best and most appropriate products and services that match the asset management needs of institutional customers, etc., through the coordination of the Company and Citigroup Global Markets Japan in accordance with the contract between the Company and Citigroup Global Markets Japan.
    • -To manage the business of the Company, including internal controls and administration.
  • (4)Name of the Party Responsible for the Management, Sharing and Use of Personal Information: SMBC Nikko Securities Inc.

5. Sensitive Information

The Company shall not collect, use or provide to third parties information on political views, creed (religion, philosophy, and beliefs), membership in labor unions, race, ethnicity, family origin, registered domicile, matters related to health or medicine, habits related to sexual activity, or criminal records (hereinafter "Sensitive Information"), except in the situations described below. If such information is collected, used or provided to third parties for any of the reasons described below, the information shall be handled with special care and caution to limit, to the extent necessary for any of the reasons described below, the collection, use, or provision to third parties of Sensitive Information.

  • (1)Where such collection, use or provision to third parties is in accordance with applicable laws or regulations.
  • (2)Where such collection, use or provision to third parties is required to protect human life, health, or property.
  • (3)Where such collection, use or provision to third parties is indispensable to improve public health or to promote the sound development of children.
  • (4)Where such collection, use or provision to third parties is required to cooperate with a government organization, local government entity or party designated by law to engage in activity on behalf of a government.
  • (5)Where the Company must collect, use or provide third parties with Sensitive Information regarding membership in political, religious, or other organizations, or the membership of Employees in unions, etc., to the extent necessary to comply with withholding tax requirements, etc.
  • (6)Where the Company collects, uses, or provides third parties with Sensitive Information to the extent necessary to transfer rights and obligations in inheritance administration proceedings, etc.
  • (7)Where the Company collects, uses, or provides third parties with Sensitive Information to the extent necessary to engage in business with the consent of the Person in Question, due to the need to ensure compliance with the laws and regulations applicable to the financial instrument exchange business and other business activities in the financial industry.
  • (8)Where biometric information classified as Sensitive Information must be used to confirm the identity of a person, with the consent of the Person in Question.

6. Appropriate Collection of Personal Information etc.

  • (1)The Company shall not collect Personal Information etc. using fraudulent or other unauthorized means.
  • (2)When Personal Information etc. is collected from third parties, the Company shall not improperly infringe the rights of the Persons in Question. Moreover, the Company shall not collect information from third parties that have utilized illegal means to collect Personal Information etc. with the knowledge that such Personal Information etc. had been disclosed illegally.
  • (3)The Company may collect its customers' Personal Information etc. using the following methods:
    • -From the account application form, registration forms, questionnaires, etc. completed by customers in writing or through the internet.
    • -From the customer in the course of the provision of products and services.
    • -From audio recordings, video recordings, reception of e-mails, records of access or operational history etc., of e-mail sent from the Company's homepage or from the Company.
    • -From official gazettes, newspapers, magazines, internet, etc.
    • -From third parties, such as database service providers, etc.

    Notwithstanding the foregoing, Individual Numbers shall be collected solely to the extent prescribed by the Number Use Act and other relevant laws and regulations.

  • (4)If Personal Information etc. is not provided as requested by the Company, all or part of the Company's services may not be available to customers.

7. Notification, Declaration and Explicit Display of the Purposes of Use when Personal Information etc. is Collected

The Company shall indicate the purposes of use of the Personal Information etc. on its Web site and shall make the purposes of use available to the public by displaying, posting or retaining copies of the purposes of use at its head office, branch offices, etc.
The Company shall notify each person or publicly disclose the purposes of use of the Personal Information etc. promptly when such information is collected, except when the purposes of use have been disclosed in advance.
The Company shall explicitly specify the purposes of use of the Personal Information etc. in advance when the Company obtains Personal Information etc. directly from the Person in Question in writing. The Company shall strive to obtain the consent of the Person in Question when Personal Information is collected for margin transactions, option transactions, loans secured by securities that are deposited for custodial purposes.

8. Accuracy of Personal Data

The Company shall endeavor to ensure that all Personal Data is accurate and up-to-date to the extent necessary to achieve the purposes of use. The Company shall specify how long Personal Data will be stored depending on the purposes of use and shall delete such Personal Data upon expiration of the storage period, except when the storage period is designated by applicable laws or regulations.

9. Security Control of Personal Data

The Company shall implement measures that are necessary and appropriate for Personal Data security, such as measures to prevent the improper disclosure or loss of Personal Data and measures to prevent damage to Personal Data. Such measures shall be implemented by establishing a basic policy and regulations on security control and implementing an administration system pertaining to security control measures.
Necessary and appropriate measures include measures to prevent the improper disclosure or loss of Individual Numbers and measures to prevent damage to Individual Numbers.

10. Provision of Personal Data to Third Parties

The Company shall not provide Personal Data to third parties, except in the cases described below:

  • (1)Where the Company has obtained the prior consent of the Person in Question to provide the Personal Data to third parties.
  • (2)Where the provision of Personal Data to third parties is in accordance with applicable laws or regulations.
  • (3)Where the provision of Personal Data is required to respond to an inquiry or investigation by a competent tax authority, investigative organization, judicial body, other external organizations, etc.
  • (4)Where the provision of Personal Data is required to protect human life, health, or property and it is difficult to obtain the consent of the Person in Question.
  • (5)Where all or a part of the handling of the Personal Data is entrusted to a third party, to the extent necessary to achieve the purposes of use.
  • (6)Where the provision of Personal Data is necessary due to a consolidation or succession of the business.
  • (7)Where Personal Data is shared based on Article 4 of this Basic Policy.
  • (8)In other cases permitted by relevant laws or regulations.

In accordance with the Number Use Act and other relevant laws and regulations, the Company shall not provide Specific Personal Information to third parties unless otherwise permitted thereunder.

11. Outsourcing the Handling of Personal Data

The Company may outsource all or a part of its handling of Personal Data to the extent necessary to achieve the purposes of use. In such a case, to ensure the security of the Personal Data, the Company shall ensure that there is necessary and appropriate supervision over the contractors to which Personal Data handling is outsourced.
The Company may outsource its handling of Personal Data for the following activities:

  • -Activities related to processing securities transactions (including preserving and storing documents).
  • -Printing and dispatching documents which need to be sent to customers.
  • -Maintenance and management of information technology systems.
  • -Financial Instruments Intermediation.

12. Procedure for Responding to Requests for Disclosure, etc., of Retained Personal Data

The Company shall accept requests for notification of the purposes of use, disclosure, revision, addition, deletion, suspension of use or suspension of provision to third parties related to Retained Personal Data (hereinafter "Disclosure") in compliance with the application procedure designated by the Company. For further details, please read the "Guide to Procedures concerning Applications for Personal Information Disclosure" (only in Japanese).
The guide is outlined below:
Guide to Procedures concerning Applications for Personal Information Disclosure:

  • (1)Contact when Requesting Disclosure:
    Requests are accepted by the customer support department. Inquiries regarding disclosure are accepted by our branch offices.
  • (2)Forms to be Submitted to Request Disclosure:
    Please submit the Application for Personal Information Disclosure. This application form is kept at our head and branch offices and can also be obtained from our homepage.
  • (3)Confirmation of the Identity of the Applicant or the Applicant's Proxy:
    Documents designated by the Company from which the identity of the applicant or the applicant's proxy can be confirmed must be submitted.
  • (4)Charges and Method of Payment:
    Notification of the purposes of use or disclosure requires the payment of service charges in accordance with the method designated by the Company.

13. Contact for Inquiries, Complaints, etc., regarding the Handling of Personal Information etc.

The Company shall properly respond to inquiries, complaints, etc., regarding the handling of Personal Information etc. All inquiries, complaints, etc., should be directed to:

Head office: Customer Support
Phone Number: (Head office) +81-3-5644-3111 Please ask operator to connect you to the Customer Support (only in Japanese).
Time: Weekday 9:00 - 17:00 (Closed / Saturday, Sunday, and national holiday)
Inquiries can also be made at our branch offices.

14. Authorized Personal Information Protection Organization.

The Company is a member of the Japan Securities Dealers Association, which is a personal information protection organization authorized by the Financial Services Agency. The Personal Information Consultation Office (contact information has been set forth below) of the Japan Securities Dealers Association handles complaints and consultations with respect to the handling of personal information by its members.
Japan Securities Dealers Association, Personal Information Consultation Office
Telephone Number 03-3667-8427
Website (http://www.jsda.or.jp/)

15. Review and Revision of the Basic Policy

The Company shall review the content of the Basic Policy as needs arise and may revise the Basic Policy in response to any revisions of relevant laws or regulations, or developments, such as changes in the information technology environment, etc.
The Company shall indicate any revisions to this Basic Policy on its Web site and shall make the revisions available to the public by displaying, posting or retaining copies of the revisions at the Company's head office, branch offices, etc.

16. Definitions

The terms used in the Basic Policy are defined as follows:

  • (1)The term "Personal Information" means information about living natural persons (including customers, Employees of the Company, and other persons related to the Company's businesses, etc.,) from which each specific person can be identified by name, date of birth, code or number attached to each individual, or visual or audio data that can identify the individual (including information that can be used to reference other information that would lead to the identification of specific individuals.) .
  • (2)The term "Individual Number" means the number obtained by converting a resident record code pursuant to the Number Use Act in order to identify the person to whom the resident record where said resident record code is stated pertains. An Individual Number may refer to a mark, such as a number or code, that corresponds to the Individual Number, is used in lieu of said Individual Number, and includes a mark other than the resident record code.
  • (3)The term "Specific Personal Information" means Personal Information that includes an Individual Number.
  • (4)The term "Personal Information Database, etc." means a database of information, which includes Personal Information, that has been systematically arranged so that specific personal information can be retrieved by the use of a computer.
  • (5)The term "Personal Data" means Personal Information embedded in a Personal Information Database, etc.
  • (6)The term "Retained Personal Data" means Personal Data over which the Company has the authority to disclose, correct, add or delete the content or to discontinue utilization, erase, or discontinue its provision to a third party. Retained Personal Data shall not include data which may harm the public interest or other interests if its presence or absence is known and shall also not include data to be destroyed within a period of six months (except for renewals).
  • (7)The term "Person in Question" means the specific person who can be identified through the Personal Information.
  • (8)The term "Employee" means a natural person who is engaged in the Company's business activities under the direct or indirect supervision or management of the Company, including workers with established employment relationships (e.g., executive directors, full-time employees, contract employees, part-time workers, etc.) and persons without an established employment relationship with the Company (e.g., directors, auditors and workers assigned from temporary placement services).

October 5, 2015