Mitsui & Co. Risk Solutions

Policy

  1. HOME>
  2. policy

Basic Policy on Personal Information Protection
Mitsui & Co. Risk Solutions Ltd.

Mitsui & Co. Risk Solutions Ltd. (hereinafter referred to as “the Company”) complies with the Act on the Protection of Personal Information (hereinafter referred to as the “APPI”) and other related laws and regulations, provides thorough training and guidance to employees to ensure that personal information is handled properly, and strives to maintain the accuracy and confidentiality of personal information.
In addition, the Company shall promptly respond to complaints and requests for consultations regarding personal information, and review and improve the appropriate measures for the secure handling and management of personal information as required.

Article1   Acquisition and Use of Personal Information
The Company shall obtain and use personal information to the extent necessary for business operations in a lawful and fair manner (personal identification numbers and specific personal information shall be handled pursuant to Article 10).

Article2   Purposes of Use of Personal Information
The Company shall not use the personal information obtained from customers beyond the scope necessary to achieve the following purposes and the purposes listed in Article 4 (hereinafter referred to as “purposes of use”; personal identification numbers and specific personal information shall be handled pursuant to Article 10). In the event that the purposes of use are to be changed, such change shall be made only to the extent that it is reasonably considered relevant to the purposes of use before the change, and the details of such change shall, as a general rule, be notified to the person concerned in writing (including electromagnetic records; the same shall apply hereinafter) or publicly announced on the Company’s website or by other means.
  • 1. For introducing, providing, and managing products and services handled by the Company
  • 2. For providing information on various events, sales campaigns, seminars, and other matters
  • 3. For Mitsui & Co. Insurance Holdings Ltd. to manage the businesses of the Company and Mitsui & Co. Insurance Ltd.
  • 4. For the proper handling of entrusted personal information (personal data) in cases where the Company is entrusted with all or part of the processing of such data by another entity, etc.
  • 5. For the proper and smooth execution of other transactions with customers, etc.
When handling personal information beyond the scope necessary to achieve the purposes of use, the Company shall obtain the consent of the individual to whom the information pertains, except in the cases listed in each item of Article 18, Paragraph 3, of the APPI.

Article 3   Entrustment of Personal Information
The obtained personal information may be provided to a subcontractor, etc. to the extent necessary to achieve the purposes of use. In such cases, the Company shall give due consideration to the selection of the subcontractor, strictly require the subcontractor to comply with the protection of personal information, and thoroughly manage and supervise the subcontractor.

Article 4   Shared Use of Personal Data
The Company may share the obtained personal data with Mitsui & Co. Insurance Holdings Ltd. and Mitsui & Co. Insurance Ltd. under the following conditions in order for Mitsui & Co. Insurance Holdings Ltd. to effectively manage the businesses of the Company and Mitsui & Co. Insurance.

<Personal Data Items to be Shared >
a. Shareholder information (name, address, number of shares held, etc.)
b. Customer information (name, address, telephone number, e-mail address, information on the customer's business card, gender, date of birth, and other information related to transactions with the customer, such as contract details and details related to policy-covered incidents as indicated on the application form) held by the Company and group companies*
*In this Basic Policy, “group companies” shall refer to the following companies.
    •   Mitsui & Co. Insurance Holdings Ltd.
    •   Mitsui & Co. Insurance Ltd.

<Scope of Shared Users>
Group companies

<Purpose of Use>
For the business management of the Company and Mitsui & Co. Insurance Ltd.

<Party Responsible for the Management of Personal Data for Shared Use>
Mitsui & Co. Insurance Holdings Ltd.
   Address: Shinkokusai Bldg. 2F
                      3choume 4-1 Marunouchi,Chiyoda-ku,Tokyo 100-0005
   President: Hideyuki Fukuta

Article 5   Personal Data Security Control Measures
To prevent leakage, loss, or damage of the obtained personal data (including personal identification numbers and specific personal information as stipulated in Article 10) and to securely manage other personal data, the Company shall take adequate security measures, including the maintenance of handling rules, etc. for secure management and the establishment of operational systems, and will take appropriate measures to ensure the data is accurate and up-to-date to the extent necessary to achieve the purposes of use, and in the event of any problems, shall promptly take appropriate corrective measures.
The Company has established separate internal rules regarding security control measures for personal data, the specifics of which are primarily as follows. For inquiries regarding the security control measures, please contact the Company by referring to the contact information provided below.
1. Administration of this Basic Policy
In order to ensure the proper handling of personal data, this basic policy has been formulated and shall be revised as necessary with respect to “compliance with related laws and guidelines,” “matters concerning security control measures,” “contact point for handling inquiries and complaints,” etc.
2. Administration of the rules for the secure management of personal data
Regulations have been established for each stage of personal data handling, such as acquisition, usage, storage, provision, and deletion/disposal, with regard to handling methods, responsible persons/persons in charge and their duties, etc., and the regulations are reviewed as necessary.
3. Organizational security management measures
(1) Establishment of a Personal Data Manager, etc.
(2) Establishment of security management measures in the Employment Regulations, etc.
(3) Operation in accordance with the handling rules for the secure management of personal data
(4) Establishment of a means to confirm the status of personal data handling
(5) Establishment and implementation of a system for checking and auditing the status of personal data handling
(6) Establishment of a system to respond to incidents of leakage, etc.
4. Personnel-related security management measures
(1) Conclusion of personal data non-disclosure agreements, etc. with employees
(2) Clarification of employees’ roles, responsibilities, etc.
(3) Provision of employee education/training programs to ensure thorough familiarity with secure data management measures
(4) Verification of employee compliance with personal data management procedures
5. Physical security management measures
(1) Management of personal data handling areas, etc.
(2) Prevention of theft of equipment and electronic media, etc.
(3) Prevention of leakage, etc. during the transportation of electronic media, etc.
(4) Deletion of personal data and disposal of equipment, electronic media, etc.
6. Technological security management measures
(1) Identification and authentication of personal data users
(2) Establishment of personal data management categories and access control measures
(3) Management of access privileges to personal data
(4) Preparation of measures to prevent leakage or damage of personal data
(5) Recording and analysis of access to personal data
(6) Recording and analysis of the operational status of information systems used for handling personal data
(7) Monitoring and auditing of information systems used for handling personal data
7. Supervision of subcontractors
In the event the Company entrusts the handling of personal data to another party, it shall select a subcontractor that properly handles personal data, and to ensure the subcontractor implements security control measures, it has established handling rules pertaining to the entrustment of such data to an external party and regularly reviews such rules.
8. Understanding external markets
Security control measures are implemented based on an understanding of the systems for the protection of personal information in the countries where the personal data is handled.

Article 6   Provision of Personal Data to Third Parties and Acquisition of Personal Data from Third Parties
1. Regarding the provision of personal data handled by the Company to third parties, the Company shall not provide personal data to third parties without the consent of the individual to whom the data pertains, except in the following cases (personal identification numbers and specific personal information shall be handled as described in Article 10).
  • (1) When required by law
  • (2) When it is necessary for the protection of the life, person, or property of an individual and it is difficult to obtain the consent of the person concerned
  • (3) When there is a special need for the data for the sake of improving public health or promoting the sound nurturing of children and it is difficult to obtain the consent of the person concerned
  • (4) When it is necessary to cooperate with a national agency, a local government, or an individual or entity entrusted by either a national agency or local government to execute affairs prescribed by law, and obtaining the consent of the individual is likely to impede the execution of such affairs
  • (5) When the third party is an academic research institution, etc., and it is necessary for the third party to handle the said personal data for academic research purposes (including those cases where part of the purpose of handling the said personal data is for academic research purposes but excluding cases where there is a risk of unjustified infringement of an individual’s rights and interests)
2. When personal data is provided to a third party or obtained from a third party (including cases where person-related information is obtained as personal data), the circumstances of the provision or acquisition shall be verified in accordance with the provisions of the APPI and other related laws, regulations, guidelines, etc., and at the same time, the name and other details of the recipient/provider along with other items required by law shall be recorded and stored in accordance with the provisions of the APPI and other related laws, regulations, guidelines, etc.

Article 7   Handling of Information in Foreign Countries
1. When entrusting the handling of personal data to an external party located overseas, the Company takes the following security control measures and concludes an outsourcing agreement with the party that obliges the party to take measures equivalent to the security control measures for personal data required by the APPI (hereafter referred to as “equivalent measures”). The following items are regularly confirmed once a year in writing, etc.
  • (1) Status of implementation of equivalent measures by a third party to whom personal data has been transferred
  • (2) Existence or non-existence of any system that may affect the implementation of equivalent measures by a third party located in a foreign country to whom personal data has been transferred
2. In the event any hindrance arises in the implementation of equivalent measures, a request shall be made for the situation to be remedied, and if it becomes difficult to ensure the continued implementation of equivalent measures, the Company shall suspend its provision of the said personal data.
3. The outsourcing agreement includes provisions stipulating the handling of personal data within the scope of the outsourcing agreement, the implementation of necessary and appropriate security control measures, the provision of necessary and appropriate supervision of employees, the need to obtain prior consent if re-entrustment is necessary, and the prohibition of the provision of personal data to third parties.
4. For inquiries regarding the entrustment of personal data handling to an external party located overseas, please contact the Company by using the contact information below.

Article 8   Handling of Person-related Information
1.When a third party is expected to be provided with person-related information (information about a living individual that does not fall under any of the categories of personal information, pseudonymized information, or anonymized information) as personal data, the Company shall provide such information only after confirming that consent has been obtained from the individual to whom the personal information pertains, except as otherwise provided by law.
2.When the Company expects to obtain person-related information as personal data, it shall secure the consent to obtain the data from the individual to whom the person-related information pertains, except as otherwise provided by law.

Article 9   Handling of Sensitive Information
The Company shall not obtain, use, or provide to third parties any special care-required personal information as defined in Article 2, Paragraph 3 of the APPI (including information on race, creed, social status, medical history, previous conviction/personal history, and record as a victim of a crime) or personal information related to labor union membership, family origin, legal domicile, health care, or sexual orientation (hereinafter referred to as “sensitive information”), except as provided in the APPI, and other laws, regulations, or guidelines.

Article 10   Handling of Personal Identification Number and Specific Personal Information
The Company shall not obtain or use personal identification numbers or specific personal information for any purposes other than those specified in the limited scope of the law. Personal identification numbers and specific personal information shall not be provided to third parties, except in limited and explicit cases specified in the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures.

Article 11   Handling of Pseudonymized Information
1. Creation of pseudonymized information
In the event the Company creates pseudonymized information (information about an individual derived by processing the personal information using measures prescribed by law such that the individual cannot be identified), it shall take the following actions.
  • (1) Conduct proper processing in accordance with standards set forth in laws and regulations
  • (2) Take security control measures to prevent the leakage of deleted information and information on the method of processing in accordance with the standards prescribed by law
  • (3) Shall not cross-check the information with other information to identify the individual whose personal information is the source of the pseudonymized information
2. Purpose of use of pseudonymized information
In the event the Company changes the purpose of use of the pseudonymized information, it shall specify to the extent possible the purpose of use after the change, make it clear that it is related to the pseudonymized information, and publicly disclose the change.

Article 12   Handling of Anonymized Information
1. Creation of anonymized information In the event the Company creates anonymized information (information about an individual derived by processing the personal information using measures prescribed by law such that the specific individual cannot be identified, and such that the personal information cannot be restored), it shall take the following actions.
  • (1) Conduct proper processing in accordance with standards set forth in laws and regulations
  • (2) Take security control measures to prevent the leakage of deleted information and information on the method of processing in accordance with the standards prescribed by law
  • (3) Openly disclose the items of information contained in the anonymized information that has been created
  • (4) Shall not take any action to identify the individual whose personal information is the source of the created anonymized information
2. Provision of anonymized information
In the event the Company provides anonymized information to a third party, the Company shall openly disclose the items of information related to the individual(s) contained in the anonymized information to be provided and the method of provision, and clearly indicate to the third party that the information to be provided is anonymized information.

Article 13   Acquisition, use, and provision of information tied to cookies and other identifiers
1. A cookie is a text-format piece of information stored in a web browser that is sent by a website when a user visits a specific site. A web beacon is a technique by which a small image is embedded in a web page or e-mail to send information when a user visits that page or views the e-mail. This website uses cookies, web beacons, or similar technologies (hereinafter referred to as “cookies, etc.”) to store and use customer information.

2. The Company uses Google Analytics provided by Google Inc. as a service that enables it to statistically collect and analyze identifiers stored in cookies, etc. For information about information collection and information handling by Google Analytics using cookies, and for the privacy policy of the services provided by Google, please refer to the following websites:
https://marketingplatform.google.com/about/analytics/terms/us/
https://policies.google.com/technologies/ads?hl=en
Customers may opt out of Google Analytics through an opt-out browser add-on.

Article 14   Requests for Disclosure, Correction, Suspension of Use, etc. of Personal Information
For requests regarding disclosures (including confirmation and disclosure of records regarding provision of data to third parties), correction,suspension of use, etc., of personal data in the Company’s possession, as well as for complaints and consultations regarding the handling of personal information, please contact the Company by referring to the information provided below. The Company will respond to inquiries after confirming the identity of the person making the request.
[For Inquiries]
For requests for disclosure, correction, suspension of use, or any other inquiries regarding unclear points, please contact the Company as follows:

Company: Mitsui & Co. Insurance Holdings Ltd.
Address: Shinkokusai Bldg. 2F
                   3choume 4-1 Marunouchi,Chiyoda-ku,Tokyo 100-0005
Consultation Desk: Compliance Office
Office hours: 9:30 a.m.–5 p.m. (Mon.–Fri.)
Closed on public holidays and year-end/New Year holidays

Established on August 4, 2009
Revised on August 1, 2022
Revised on March 13, 2023



Solicitation Policy Pursuant to the
Act on the Provision of Financial Services


Please be informed that we have established the following solicitation policy for insurance products, pursuant to the Act on the Provision of Financial Services.

For financial product sales and other transactions, we shall comply with all applicable laws and regulations to ensure the appropriateness of such transactions.

  • ◇ For sales and other transactions, we shall comply with the Insurance Business Act, the Act on the Provision of Financial Services, the Consumer Contract Act, and other applicable laws and regulations.
  • ◇ To enable customers to fully understand the details of our products, we are committed to enhancing our knowledge base and ability to provide easy-to-understand explanations.
  • ◇ To make certain that sales and solicitation activities are conducted properly, we shall strive to strengthen internal controls and ensure compliance.

We shall comply with the obligation imposed on insurance brokers to provide customers with the best advice, and make every effort to select and offer financial products that best meet the customer's intentions and actual circumstances by comprehensively considering the customer's knowledge of and experience with insurance products, purpose of purchasing the products, financial resources, and other factors.

  • ◇For the sale of insurance and other financial services, we shall design appropriate products and conduct sales and solicitation activities in line with customers’ intentions and actual circumstances based on an analysis of the risks surrounding customers and through our consulting services.
  • ◇For products that are greatly influenced by market trends, we shall make consistent efforts to provide appropriate information to allow customers to conduct transactions based on their own judgment and responsibility.

For our product explanations for customers, we shall apply our ingenuity to devise creative customer-oriented approaches, adapted to the type of sales and solicitation.

  • ◇In our sales and solicitation activities, we shall fully take customer perspectives into consideration when deciding the time and place for such activities so as not to cause inconvenience.
  • ◇In the case of sales activities that do not involve direct face-to-face contact with customers, we shall do our best to ensure that our customers understand our products and services by devising effective explanation methods.

We shall make every effort to collect customer feedback and other information, and shall also do everything we can to boost customer satisfaction.

  • ◇In the event of the occurrence of a policy-covered incident, we shall spare no effort to provide appropriate advice regarding the filing of an insurance claim.
  • ◇We shall endeavor to collect various opinions and requests from customers and reflect them in our sales activities and other operations.


Established on September 1, 2009
Revised on March 1, 2022
Revised on March 13, 2023
Mitsui & Co. Risk Solutions Ltd.



Basic Policy Regarding Anti-Social Forces


The Company has established and complies with the following basic policy regarding anti-social forces.

Article 1  Severance of Relations with Anti-Social Forces
The Company takes a resolute stance against anti-social forces that threaten the order and safety of civil society, firmly rejects unjust and improper demands, and strives to sever all relationships with anti-social forces to maintain public trust and ensure the proper and sound conduct of business.

Article 2  Establishment of Systems and Cooperation with External Professionals
In addition to developing internal systems to prepare to handle unjustified demands by anti-social forces, the Company shall establish close cooperative relationships with external professional organizations, such as the police, the National Center for the Removal of Crime Organizations, and lawyers.

Article 3  Organizational Response, Legal Response, Prohibition of Backroom Transactions
In the event of any unreasonable demands, etc., by anti-social forces, the Company shall ensure the safety of its officers and employees as its top priority, and respond as a corporation without leaving the matter to the individual(s) in charge.
In addition, the Company shall not engage in transactions with anti-social forces in any form to provide funds or conceal facts, and shall take legal action based on both civil and criminal law.

Revised on March 1, 2022
Mitsui & Co. Risk Solutions Ltd.


CONTACT US

CONTACT