Personal information management policy and security control measures for handling personal data
Personal information management policy
- Personal information will only be collected in accordance with laws and regulations, and necessary measures will be taken to ensure that such personal information is accurate and up to date.
- Personal information will not be used beyond the scope of the purpose for which it was obtained. In addition, personal information will not be disclosed except in the following cases:
・When the relevant person has given consent to the disclosure.
・When it is necessary to protect the life, body or property of a person and it would be difficult to obtain the consent of the relevant person.
・When provision or disclosure is required by other laws and regulations.
・When the Company outsources the handling of personal information to a third party within the scope necessary for the purpose of use.
- Personal information may be handled by a subcontractor who has entered into a confidentiality agreement with the Company. The Company will select the subcontractor that meets sufficient standards for protecting personal information and personal information will be provided only after the confidentiality agreement has been concluded.
- The Company will dispose or erase personal information in a secure and appropriate manner if the retention period prescribed by the Company is expired. This does not include information such as statistical data which cannot be used to identify an individual or information held by the Company pursuant to laws and regulations.
- The Company is committed to reviewing and improving this policy on a continuous basis in order to handle personal information appropriately.
Security control measures for handling personal data
- （1）Establishment of rules for handling personal data
- In order to ensure the appropriate handling of personal data, the Company stipulates the basic principles regarding the protection of personal information in its “Personal Information Protection Regulations” and stipulates the necessary matters to ensure the security of information in its “Information Security Management Measures”.
- （2）Institutional security control measures
- Based on the “Information Security Management Measures,” the Company appoints a person responsible for the management of personal data (Personal Data Manager) from among its officers as well as a person managing personal data (Personal Data Administrator) from among its employees. The Personal Data Manager and Personal Data Administrator endeavor to ensure an appropriate level of information security in accordance with the “Practical Guidelines on Security Control Measures Under the Guidelines for Protection of Personal Information in the Finance Sector” established by the Personal Information Protection Commission and the Financial Services Agency. The Company has established a system under which when a leakage of personal data is discovered, they shall immediately report it to the Information Security Officer. The Company also periodically conducts self-inspections regarding the handing of personal data.
- （3）Physical security control measures
- The Company strictly controls the scope of personal data to which employees and others have access, and takes measures to prevent access from unauthorized persons. Measures are also taken to prevent the theft or loss of equipment, digital mediums and documents that contain personal data.
- （4）Technical security control measures
- The Company has implemented access controls to limit persons and their authority for the handling of personal data . In addition, the Company has developed prevention measures to protect the systems that handle personal date from unauthorized access by outsider or insider, or from malware.
- （5）Personnel security control measures
- Regular training is provided to employees regarding the handling of personal data. In addition, the Company stipulates matters concerning the maintenance of confidentiality including personal data in the rules of employment.
Use of Personal Information
The Company will obtain and use personal information for the following purposes in order to conduct business as an investment manager, an investment advisor, a Type II financial instruments business and any other related or subsidiary business in accordance with laws and regulations.
- To solicitate, sell or provide information regarding the products and services of Strategic Capital, such as discretionary investment contracts and collective investment schemes based on the Financial Instruments and Exchange Act.
- To determine the appropriateness of products and services in light of principles regarding suitability and other factors.
- To confirm the identity of the clients or agents acting on their behalf.
- To convey information to the clients such as transaction results, account balances and investment status.
- To conduct administration with respect to transactions with clients and business counterparties.
- To exercise rights and fulfill obligations pursuant to contracts with the client and any applicable laws.
- To provide information to the shareholders of the investee companies, exercise voting rights or make proxy solicitations.
- To research and develop financial products and services through market research, data analysis and questionnaires.
- To facilitate transaction with clients and business counterparties appropriately.
- To conduct business management and internal control of Strategic Capital.
Request for disclosure of personal information
The clients or their agents may request for notification or disclosure of the purpose of use; correction, addition, or deletion; cessation of use or cessation of disclosure to third parties, of their personal information (collectively “Disclosure request”). The Company shall charge a fee for Disclosure request.
・The Company will respond promptly to a Disclosure request in accordance with its corporate rules.
・The identity of the clients or their agents will be confirmed during the process.
・For details on how to make a Disclosure request, please contact us from the Contact Page on our website.
・The Company will not be able to respond to Disclosure request in the following cases. In such cases, the Company will promptly notify the client or agent making Disclosure request to that effect and the reason therefor.
1. When there is a risk to the life, body, property or other rights or interests of the client making Disclosure request or a third party.
2. When there is a risk of significant hindrance to the appropriate conduct of the business of the Company.
3. When responding Disclosure request will constitute a violation of laws and regulations.
4. When the payment of a fee for Disclosure request is not made within a certain period of time.