Regarding Handling of Personal Information

The Japan Securities Dealers Association (hereinafter referred to as “JSDA”) is an organization authorized by the Prime Minister pursuant to the Financial Instruments and Exchange Act. JSDA is a corporate entity composed of members (hereinafter referred to as “Association Members”) that consist of Financial Instruments Business Operators conducting the Type I Financial Instruments Business and Registered Financial Institutions.

Purpose for Using Personal Information

In addition to the cases provided by laws and regulations, JSDA handles personal information such as name, gender, date of birth, address, email address, age, telephone number, occupation, employer, etc. within the scope necessary for the services provided by JSDA.
The main details of each service are as follows;

Self-regulatory services
Establishment and implementation of self-regulatory rules,
Implementation of inspection,
Enforcement of self-regulatory rules,
Services relating to the implementation of qualification examinations and training as well as registration of sales representatives,
Services relating to complaints, enquiries and mediation for financial instrument transactions,
Services relating to equity markets,
Services relating to the Green Sheet system and the Phoenix system,
Services relating to the equity based crowdfunding and shareholder community system,
Management of bond markets,
Services to promote the financial instruments business and sound development of the financial instruments markets
Researching, studying and expressing opinions in relation to the financial instruments markets,
Public relations as well as dissemination of knowledge and understanding about financial instruments and financial benchmarks as well as the financial instruments markets (Surveys and notification of events, etc.),
Facilitating mutual understanding of opinions with groups or persons concerned and coordinating opinions,
Information exchange concerning improvements to the operations and streamlining of Association Members as well as educate and train employees,
International operations and international exchange.
Services as an Accredited Personal Information Protection Organization
Processing complaints concerning personal information managed by Association Members,
Operations such as providing information to Association Members via the creation and public announcement of Personal Information Protection Policy, etc.,
Services such as directions, recommendations and other necessary measures to comply with the Guideline for Protection of Personal Information.
Services as an Institution for Managing Unjust Demands for Information under the Act on Prevention of Unjust Acts by Organized Crime Group Members
Management of JSDA’s Board of Governors and other structures
Employment screening of employees, and management of retirees
Employment screening of employees,
Management of retirees.

Acquisition of Personal Information

JSDA lawfully acquires personal information, etc. within the necessary scope to achieve JSDA’s purpose of use through such methods as the following;

In addition, JSDA may acquire and store images through security cameras and audio information, etc. through call records to prevent crime and accurately execute operations.

JSDA only retains or publishes personal information, etc. that is entirely legally acquired.

Prohibition on the Acquisition of Sensitive Information, etc.

JSDA, in principle, does not acquire or use sensitive information nor does it provide sensitive information to a third party. However, this does not apply in the following cases;

* Sensitive information refers to the “Sensitive Information“ stipulated in Article 5 of Guidelines on the Protection of Personal Information in the Financial Sector.

Provision of Personal Data to a Third Party

JSDA does not disclose or provide personal data to a third party without the prior consent of the person. However, this does not apply in the following cases;

Joint Use of Personal Data

JSDA may jointly use personal data with specific parties in the following cases.

Information concerning major shareholders
JSDA shall jointly use with an Association Member information concerning major shareholders of companies issuing securities listed on a Japanese Financial Instruments Exchange (limited to information about (1) shareholders’ names, (2) address, (3) shareholder ranking, (4) number of shares owned (units=stocks), and (5) shareholding ratio listed in annual reports) for the purpose of ensuring the accuracy of Insider Registration Cards prepared by the Association Member in accordance with the “Rules Concerning Solicitation for Investments and Management of Customers, Etc. by Association Members” prescribed by JSDA.

Information concerning executive officers of listed companies, etc.
JSDA shall jointly use with an Association Member information concerning executive officers of listed companies, etc. registered in J-IRISS ((1) executive officers’ name, (2) date of birth, (3) address (including postal code), (4) company name, and (5) job title) for the purpose of ensuring the accuracy of Insider Registration Cards prepared by the Association Member in accordance with the “Rules Concerning Solicitation for Investments and Management of Customers, Etc. by Association Members” prescribed by JSDA.

Information relating to public relations operations as well as dissemination of understanding and knowledge and awareness raising
JSDA conducts public relations activities as well as dissemination of understanding about finance, the economy and securities knowledge jointly with the organizations listed below. Therefore, personal data that JSDA acquires may be jointly used with the following organizations within the scope necessary to achieve the purpose of use of this business.

(Names of organizations)
  • Japan Exchange Group, Inc.
  • Tokyo Stock Exchange, Inc.
  • Osaka Exchange, Inc.
  • Nagoya Stock Exchange, Inc.
  • Fukuoka Stock Exchange
  • Sapporo Securities Exchange
  • The Investment Trusts Association, Japan

JSDA shall be responsible for managing the aforementioned personal data.

Safety Control Measures for Personal Information, etc.

Establishment and Development of Discipline
JSDA establishes the Privacy Policy and other internal rules in compliance with related laws and regulations to ensure the proper handling of personal information, etc. These rules clarify the handling methods at each management process, such as acquisition and input, use and processing, transfer and transmission, provision to a third party, and deletion and disposal, as well as the roles of each division.

Organizational Safety Control Measures
JSDA assigns persons responsible for handling of personal information, etc., clarifies range of executive officers and employees who handle personal information, etc. and scope of personal information, etc. handled by such executive officers and employees, and establishes a prompt reporting system for the cases where it is recognized that related laws and regulations, etc., and/or internal rules are violated or are liable to be violated.
In addition, JSDA conducts periodic self-inspections and internal audits of the status of handling of personal information, etc.

Personnel Safety Control Measures
JSDA conducts periodic training for its executive officers and employees regarding points to note for the handling of personal information, etc.
In addition, JSDA stipulates the confidentiality of personal information, etc. in the working regulations, and receives a written pledge of confidentiality.

Physical Safety Control Measures
JSDA controls the access of executive officers and employees to the areas where personal data is handled and restricts the use of devices, etc. there, as well as takes measures to prevent unauthorized persons from viewing personal data.
In addition, JSDA takes measures to prevent theft or loss, etc. of devices, electronic media and documents, etc. in which personal data is handled, and implements measures to ensure that personal data is not easily found when carrying electronic media and documents, etc.

Technical Security Control Measures
JSDA implements access control to limit the range of persons who handle personal data and the scope of personal information databases, etc. to be handled.
In addition, JSDA introduces a mechanism to protect the information systems in which personal data is handled from unauthorized external access or malicious software.

Supervision of Entrusted Parties, etc.
Where JSDA outsources the handling of personal data, JSDA establishes criteria for selecting the entrusted parties, selects the entrusted parties that meet such criteria, and periodically checks if they satisfy the criteria. In addition, JSDA concludes a confidentiality agreement with entrusted parties and establishes an effective supervision system for them, including management of parties to which the data is re-entrusted.

Understanding the Extraterritorial Environment
Where JSDA handles personal data in a foreign country, JSDA implements necessary and appropriate measures for the safety control of personal data with an understanding of the system, etc. for the protection of personal information in the country.

Disclosure, etc. of Retained Personal Data

JSDA confirms the identity of the person and endeavors to appropriately and promptly respond where a person requests to disclose, correct, delete, suspend the use, etc., or to disclose records of provision to a third party of personal data retained by JSDA in accordance with the method prescribed by JSDA. For the detailed procedures regarding request to disclose, etc., please refer to Procedures Concerning Requests to Disclose, Correct, Delete, and to Suspend its Use, etc.