At Toyo Securities Co., Ltd. (“the Company”), we are committed to protecting the personal information and individual numbers of our customers (collectively referred to as “personal information”). We have established and publicly disclosed the following Privacy Policy Declaration to reflect this commitment.
Privacy Policy Declaration
(Revised March 1, 2024)
1. Compliance with Applicable Laws and Regulations
We comply with all applicable laws and regulations related to protecting personal information, the guidelines issued by the competent minister and policies set forth by accredited personal information protection organizations and the principles outlined in this Privacy Policy Declaration.
2. Purpose of Use
Unless we have obtained your consent or are permitted to do so under applicable laws and regulations, we will only use your personal information for purposes necessary to carry out our business activities. Your individual number will be used strictly within the legal scope defined by law.
Please refer to our website for more information about our business activities and the specific purposes for using personal information.
3. Security Measures
We take steps to ensure that your personal information remains accurate and up to date. We implement necessary and appropriate security measures to prevent unauthorized access, loss, leakage, or other incidents. We also supervise our officers, employees, and contractors to ensure proper handling of personal information.
For more details on our security practices, please refer to our website.
4. Ongoing Improvement
We are committed to the proper handling of personal information. To that end, we regularly review and update this Privacy Policy Declaration as appropriate and strive for continuous improvement.
5. Procedures for Requests such as Disclosure
When a customer makes a request for such actions as disclosure, correction, suspension of use, or disclosure of records of third-party provision regarding their retained personal data, we will confirm the identity of the individual and make every effort to respond appropriately and promptly.
If a request is made regarding the retention of an individual number, we will respond as to whether such information is held.
6. Requests for Information Regarding the Provision of Personal Data to Third Parties Located Abroad
If we provide your personal data to a third party located outside Japan and the recipient can be identified afterward, you may request information from us regarding: the name of the country, the personal information protection system in that country, and the protective measures taken by the third party.
Additionally, when we provide personal data to a third party that maintains a framework meeting the required standards for implementing measures equivalent to those required of personal information-handling businesses in Japan (“Equivalent Measures”), customer consent is not required. However, you may request the following information from us:
- How the third party has established its internal framework
- A summary of the Equivalent Measures in place
- How and how often we verify the implementation of those measures, the content thereof, and whether any foreign systems may affect them
- The name of the relevant country
- Whether any foreign systems might impact the Equivalent Measures and an overview of those systems
- Whether there are any obstacles to implementation and a summary of those issues
- A summary of the measures we take in response to such obstacles
A list of foreign countries to which third-party provision is expected is available on the Company’s website.
7. Inquiries, Opinions, and Complaints
We are committed to responding promptly and sincerely to any questions, opinions, or complaints from customers regarding their personal information. Please contact either the internal control officer at your branch or our Customer Service Office.
Contact Information
| Toyo Securities Co., Ltd. |
Norihiro Ogawa, President
|
| Customer Service Office |
Address:4-7-1 Hatchobori, Chuo-ku, Tokyo 104-8678
Telephone: +81-3-5117-1323 (Hours: 9:00 a.m. - 5:00 p.m.)
|
8. Accredited Personal Information Protection Organization
We are a member of the Japan Securities Dealers Association, an organization accredited by the Personal Information Protection Commission. The Association’s Personal Information Consultation Office accepts complaints and inquiries regarding the handling of personal information, pseudonymized information, and anonymized information by its members.
Contact Information
Japan Securities Dealers Association
Personal Information Consultation Office |
Telephone:+81-3-6665-6784
|
The primary sources from which we obtain personal information and the main operations we outsource are published on our website.
To further strengthen the protection of personal information and in accordance with changes in applicable laws and regulations, we may revise this Privacy Policy Declaration. Any updates will be posted on our website (https://www.toyo-sec.co.jp/), and we encourage you to review it periodically.
Business Activities and Purposes of Use of Personal Information
We obtain personal information through lawful and appropriate means and only to the extent necessary to fulfill the purposes described below. In line with Article 5 of the Guideline for Protection of Personal Information in the Financial Sector, we do not collect or use sensitive information—such as details related to race, criminal history, religious or philosophical beliefs, medical or health status, social status, experiences as a crime victim, criminal or juvenile proceedings, labor union membership, ancestry, registered domicile, or sexual orientation—except where explicitly permitted under the guidelines.
Business Activities
- Financial instruments business (e.g., trading, brokerage, underwriting of securities) and related services
- Insurance solicitation and other services legally permitted for financial instruments firms, including related operations
- Other activities that financial instruments firms are permitted to conduct and those ancillary to them, including those that may be approved in the future
Purposes of Use
- To provide information related to soliciting, selling, or providing financial instruments and related services in accordance with the Financial Instruments and Exchange Act
- To provide information related to soliciting, selling, or providing financial products and services offered by the Company, affiliates, or business partners
- To determine the appropriateness of products and services in accordance with suitability and other principles
- To verify the identity of customers or their representatives
- To provide reports on transaction results and account balances
- To perform administrative tasks related to transactions
- To exercise rights or fulfill obligations under contracts with customers or laws
- To conduct surveys, data analysis, market research, etc. for research and development
- To properly carry out operations entrusted by other companies that involve the handling of personal information
- To conduct transactions with customers appropriately and smoothly
- Individual numbers will only be used for legally permitted purposes, such as account opening and notification procedures for account opening and preparation/submission of statutory documents related to financial transactions
Security Measures for Personal Information
Basic Policy
We have established a basic policy to ensure proper handling of personal data. This policy includes compliance with applicable laws and guidelines as well as contact points for inquiries and complaints.
Internal Handling Rules
We have set internal rules for each stage of personal data handling, including collection, use, storage, provision, deletion, and disposal. These rules define how data is managed and specify the person in charge and their roles and responsibilities.
Organizational Measures
We appoint a dedicated officer responsible for overseeing the handling of personal data and clearly define who is authorized to access such data and to what extent. We maintain a system for reporting any violations or suspected violations of laws, guidelines, or company policies to the responsible officer. We are also committed to continuously improving our internal system, including internal rules.
Personnel Measures
We train our officers and employees to ensure they understand and thoroughly comply with all applicable laws and company policies related to personal information protection.
Physical Measures
We implement safeguards for devices, storage media, and documents containing personal data to prevent theft or loss. When data must be taken outside the office, we use various measures including password protection, lockable containers, traceable delivery methods, or approved submission methods as required by authorities.
Technical Measures
We manage access through authentication, authorization settings, controls, access logging, and system monitoring. We also apply countermeasures against malware and viruses and countermeasures during transmission such as encryption, along with clear responsibility assignment to secure personal data.
Monitoring of Foreign Conditions
When personal data is provided to third parties in foreign countries, we assess and confirm the personal data protection systems of those countries and implement necessary safeguards accordingly.
Information Provided When Obtaining Customer Consent for the Overseas Transfer of Personal Data
Requirement for Advance Consent Before Identifying the Recipient
In transactions involving foreign securities or depositary receipts, we may be required to provide your personal data to comply with the laws and regulations of the issuer’s country or exchange, or to facilitate the receipt of dividends, interest, or other distributions. If we are unable to respond in accordance with legally mandated deadlines or procedures, you may suffer disadvantages. To allow smooth execution of such transactions, we request your advance consent to providing personal data, only in cases stated explicitly in our terms and conditions.
Why the Destination Country Cannot Be Specified in Advance
Although the Personal Information Protection Act requires disclosure of the destination country and its personal data protection framework before obtaining consent, we cannot predict which financial products you may transact in the future or which foreign authorities or custodians may request your data. Therefore, we are unable to provide such details in advance.
List of Countries Where Third-Party Transfers May Occur
- Hong Kong
- China
- South Korea
- Switzerland
If the Third-Party Recipient Is Identified Later
If the specific third-party recipient is identified after the transfer, you may request details from us regarding the name of the country, its data protection system, and the protection measures implemented by the recipient.
Primary Sources of Personal Information and Main Outsourced Operations
The primary sources from which we obtain personal information and the main operations we outsource are as follows:
Primary Sources of Personal Information
We obtain personal information from the following sources:
- Information provided directly by customers through account applications, surveys, etc.
- Publicly available information found in commercial directories such as the Japan Company Handbook, newspapers, or online
- Information shared by customers during the course of product or service delivery
(Calls with customers may be recorded to ensure accuracy and improve service quality.)
- Information obtained from third-party list providers
Main Outsourced Operations
We outsource certain operations to external service providers.
The operations for which we entrust the handling of personal information to external parties include:
- Printing and mailing of documents sent to customers
- General administrative tasks and securities settlement operations
- Professional services such as legal or accounting support
- Operation and maintenance of business systems
- Storage of business records and documentation
- Intermediary services for financial products
Procedures for Requests Related to Disclosure, etc. of Retained Personal Data, etc.
How to Submit a Request
If you wish to request disclosure, correction, or suspension of use of your retained personal data (“Disclosure, etc.”), please complete the appropriate request form below and submit it, along with the required documentation, to your branch office.
We will confirm your identity before processing your request. If a representative is acting on your behalf, we will verify their authorization through procedures equivalent to those under the Act on Prevention of Transfer of Criminal Proceeds.
In such cases, identification documents for both the customer and the representative, as well as documents confirming the representative’s authority, must be submitted.
How We Respond
Responses will be sent by mail or to the email address provided in the request form.
Fees for Disclosure Requests
A fee of ¥1,100 (including tax) is charged for each disclosure request. You may pay via MRF account withdrawal or bank transfer to a designated Company account.
There is no charge for correction or suspension of use requests.
Use of Personal Information Collected Through Requests
Any personal information collected in the course of handling these requests will be used only as needed to process the request. Submitted documents will be stored for three years, after which they will be destroyed.
When We May Not Be Able to Respond
We may be unable to fulfill your request in the cases below. If so, we will notify you of the reason. Please note that the handling fee will still apply even if disclosure, etc. is not provided.
- If the address on your request form, identification documents, and our records do not match, making identity verification impossible
- If we cannot verify the authority of a representative submitting the request on your behalf
- If the request documents are incomplete or contain errors
- If the required fee has not been paid
- If the information requested does not qualify as “retained personal data”
- If fulfilling the request could harm the life, body, property, or other rights and interests of you or a third party
- If fulfilling the request would violate other laws or regulations
- If fulfilling the request would significantly hinder the proper execution of our business