Regarding Handling of Personal Information
The Japan Securities Dealers Association (hereinafter referred to as “JSDA”) is an organization authorized by the Prime Minister pursuant to the Financial Instruments and Exchange Act. JSDA is a corporate entity composed of members (hereinafter referred to as “Association Members”) that consist of Financial Instruments Business Operators conducting the Type I Financial Instruments Business and Registered Financial Institutions.
JSDA’s business mission is:
- (1)
- to contribute to the protection of investors by ensuring fair and smooth trading in securities or other transactions, etc. by Association Members; and
- (2)
- to promote various measures to activate the financial markets in order to contribute to the growth and development of Japan’s economy.
Purpose for Using Personal Information
In addition to the cases provided by laws and regulations, JSDA handles personal information such as name, gender, date of birth, address, email address, age, telephone number, occupation, employer, etc. within the scope necessary for the services provided by JSDA.
The main details of each service are as follows;
- (1)
- Self-regulatory services
- ⅰ
- Establishment and implementation of self-regulatory rules,
- ⅱ
- Implementation of inspection,
- ⅲ
- Enforcement of self-regulatory rules,
- ⅳ
- Services relating to the implementation of qualification examinations and training as well as registration of sales representatives,
- ⅴ
- Services relating to complaints, enquiries and mediation for financial instrument transactions,
- ⅵ
- Services relating to equity markets,
- ⅶ
- Services relating to the Green Sheet system and the Phoenix system,
- ⅷ
- Services relating to the equity based crowdfunding and shareholder community system,
- ⅸ
- Management of bond markets,
- (2)
- Services to promote the financial instruments business and sound development of the financial instruments markets
- ⅰ
- Researching, studying and expressing opinions in relation to the financial instruments markets,
- ⅱ
- Public relations as well as dissemination of knowledge and understanding about financial instruments and financial benchmarks as well as the financial instruments markets (Surveys and notification of events, etc.),
- ⅲ
- Facilitating mutual understanding of opinions with groups or persons concerned and coordinating opinions,
- ⅳ
- Information exchange concerning improvements to the operations and streamlining of Association Members as well as educate and train employees,
- ⅴ
- International operations and international exchange.
- (3)
- Services as an Accredited Personal Information Protection Organization
- ⅰ
- Processing complaints concerning personal information managed by Association Members,
- ⅱ
- Operations such as providing information to Association Members via the creation and public announcement of Personal Information Protection Policy, etc.,
- ⅲ
- Services such as directions, recommendations and other necessary measures to comply with the Guideline for Protection of Personal Information.
- (4)
- Services as an Institution for Managing Unjust Demands for Information under the Act on Prevention of Unjust Acts by Organized Crime Group Members
- (5)
- Management of JSDA’s Board of Governors and other structures
- (6)
- Employment screening of employees, and management of retirees
- ⅰ
- Employment screening of employees,
- ⅱ
- Management of retirees.
“[Cases] otherwise provided by laws and regulations” are as follows;
- A case based on laws and regulations (including ordinances; the same shall apply hereinafter),
- Where it is deemed necessary to protect a person’s life, body or property (including property of a juridical person), and it is otherwise difficult to obtain the person’s consent,
- Where it is deemed particularly necessary to improve public health and promote the healthy development of children, and it is otherwise difficult to obtain the person’s consent,
- Where it is deemed necessary to cooperate with a national government institution or local government, or a fiduciary thereof in executing operations prescribed by laws and regulations, and obtaining the person’s consent is likely to interfere with the execution of such operations,
- Where JSDA provides personal data to an academic research institution, etc., and it is deemed necessary for such academic research institution, etc. to handle such personal data for academic research purpose (including cases where part of the purpose of handling such personal data is for academic research purpose, but excluding cases where it is deemed liable to unjustifiably infringe on individuals’ rights and interests).
Acquisition of Personal Information
JSDA lawfully acquires personal information, etc. within the necessary scope to achieve JSDA’s purpose of use through such methods as the following;
- Various filings, reports and applications from Association Members,
- Registration to J-IRISS* from listed companies, etc.,
- Listings in the application forms for participating in seminars conducted by JSDA and surveys filled in by the person,
- Application to take an open examination for qualification conducted by JSDA,
- Receipt of request for disclosure of personal information or complaint about personal information,
- Provision by a recipient of the addresses for delivering information by JSDA’s e-mail newsletter and SNSs, etc.,
- Provision of necessary contact information, etc. provided by the person him– or herself for the business operation of JSDA’s organs, committees and management office,
- Recordings of audio and videos, etc. on the occasion of meetings, symposiums, seminars, events, etc. held by JSDA,
- Registration for using, etc. systems operated by JSDA.
In addition, JSDA may acquire and store images through security cameras and audio information, etc. through call records to prevent crime and accurately execute operations.
JSDA only retains or publishes personal information, etc. that is entirely legally acquired.
* J-IRISS
- J-IRISS: Japan-Insider Registration & Identification Support System is a system built by JSDA to prevent irregular trading activities and to maintain market transparency and fairness.
- Information of executive officers of listed companies, etc. recorded in this system is periodically reconciled with client accounts opened with securities companies that are the Association Members. If these results confirm that any customer account is of any of such executive officers, an Insider Registration Card will be prepared and used to prevent insider trading.
Prohibition on the Acquisition of Sensitive Information, etc.
JSDA, in principle, does not acquire or use sensitive information nor does it provide sensitive information to a third party. However, this does not apply in the following cases;
- A case based on laws and regulations,
- Where it is deemed necessary to protect a person’s life, body or property,
- Where it is deemed particularly necessary to improve public health and promote the healthy development of children,
- Where it is deemed necessary to cooperate with a national government institution or local government, or a fiduciary thereof in executing operations prescribed by laws and regulations,
- Where JSDA acquires sensitive information under the Article 20, Paragraph 2, Item 6 of the Act on the Protection of Personal Information (hereinafter referred to as “Protection Act”), JSDA uses sensitive information under the Article 18, Paragraph 3, Item 6 of the Protection Act, or JSDA provides sensitive information to a third party under the Article 27, Paragraph 1, Item 7 of the Protection Act.
* Sensitive information refers to the “Sensitive Information“ stipulated in Article 5 of Guidelines on the Protection of Personal Information in the Financial Sector.
Provision of Personal Data to a Third Party
JSDA does not disclose or provide personal data to a third party without the prior consent of the person. However, this does not apply in the following cases;
- A case based on laws and regulations,
- Where it is deemed necessary to protect a person’s life, body or property (including property of a juridical person), and it is otherwise difficult to obtain the person’s consent,
- Where it is deemed particularly necessary to improve public health and promote healthy development of children, and it is otherwise difficult to obtain the person’s consent,
- Where it is deemed necessary to cooperate with a national government institution or local government, or a fiduciary thereof in executing operations prescribed by laws and regulations, and where obtaining the person’s consent is likely to interfere with the execution of such operations,
- Where such third party is an academic research institution, etc., and it is deemed necessary for such third party to handle such personal data for academic research purpose (including cases where part of the purpose of handling such personal data is for academic research purpose, but excluding cases where it is deemed liable to unjustifiably infringe on individuals’ rights and interests).
Joint Use of Personal Data
JSDA may jointly use personal data with specific parties in the following cases.
Information concerning major shareholders
JSDA shall jointly use with an Association Member information concerning major shareholders of companies issuing securities listed on a Japanese Financial Instruments Exchange (limited to information about (1) shareholders’ names, (2) address, (3) shareholder ranking, (4) number of shares owned (units=stocks), and (5) shareholding ratio listed in annual reports) for the purpose of ensuring the accuracy of Insider Registration Cards prepared by the Association Member in accordance with the “Rules Concerning Solicitation for Investments and Management of Customers, Etc. by Association Members” prescribed by JSDA.
Information concerning executive officers of listed companies, etc.
JSDA shall jointly use with an Association Member information concerning executive officers of listed companies, etc. registered in J-IRISS ((1) executive officers’ name, (2) date of birth, (3) address (including postal code), (4) company name, and (5) job title) for the purpose of ensuring the accuracy of Insider Registration Cards prepared by the Association Member in accordance with the “Rules Concerning Solicitation for Investments and Management of Customers, Etc. by Association Members” prescribed by JSDA.
Information relating to public relations operations as well as dissemination of understanding and knowledge and awareness raising
JSDA conducts public relations activities as well as dissemination of understanding about finance, the economy and securities knowledge jointly with the organizations listed below. Therefore, personal data that JSDA acquires may be jointly used with the following organizations within the scope necessary to achieve the purpose of use of this business.
- Japan Exchange Group, Inc.
- Tokyo Stock Exchange, Inc.
- Osaka Exchange, Inc.
- Nagoya Stock Exchange, Inc.
- Fukuoka Stock Exchange
- Sapporo Securities Exchange
- The Investment Trusts Association, Japan
JSDA shall be responsible for managing the aforementioned personal data.
Safety Control Measures for Personal Information, etc.
Establishment and Development of Discipline
JSDA establishes the Privacy Policy and other internal rules in compliance with related laws and regulations to ensure the proper handling of personal information, etc. These rules clarify the handling methods at each management process, such as acquisition and input, use and processing, transfer and transmission, provision to a third party, and deletion and disposal, as well as the roles of each division.
Organizational Safety Control Measures
JSDA assigns persons responsible for handling of personal information, etc., clarifies range of executive officers and employees who handle personal information, etc. and scope of personal information, etc. handled by such executive officers and employees, and establishes a prompt reporting system for the cases where it is recognized that related laws and regulations, etc., and/or internal rules are violated or are liable to be violated.
In addition, JSDA conducts periodic self-inspections and internal audits of the status of handling of personal information, etc.
Personnel Safety Control Measures
JSDA conducts periodic training for its executive officers and employees regarding points to note for the handling of personal information, etc.
In addition, JSDA stipulates the confidentiality of personal information, etc. in the working regulations, and receives a written pledge of confidentiality.
Physical Safety Control Measures
JSDA controls the access of executive officers and employees to the areas where personal data is handled and restricts the use of devices, etc. there, as well as takes measures to prevent unauthorized persons from viewing personal data.
In addition, JSDA takes measures to prevent theft or loss, etc. of devices, electronic media and documents, etc. in which personal data is handled, and implements measures to ensure that personal data is not easily found when carrying electronic media and documents, etc.
Technical Security Control Measures
JSDA implements access control to limit the range of persons who handle personal data and the scope of personal information databases, etc. to be handled.
In addition, JSDA introduces a mechanism to protect the information systems in which personal data is handled from unauthorized external access or malicious software.
Supervision of Entrusted Parties, etc.
Where JSDA outsources the handling of personal data, JSDA establishes criteria for selecting the entrusted parties, selects the entrusted parties that meet such criteria, and periodically checks if they satisfy the criteria. In addition, JSDA concludes a confidentiality agreement with entrusted parties and establishes an effective supervision system for them, including management of parties to which the data is re-entrusted.
Understanding the Extraterritorial Environment
Where JSDA handles personal data in a foreign country, JSDA implements necessary and appropriate measures for the safety control of personal data with an understanding of the system, etc. for the protection of personal information in the country.
Disclosure, etc. of Retained Personal Data
JSDA confirms the identity of the person and endeavors to appropriately and promptly respond where a person requests to disclose, correct, delete, suspend the use, etc., or to disclose records of provision to a third party of personal data retained by JSDA in accordance with the method prescribed by JSDA. For the detailed procedures regarding request to disclose, etc., please refer to Procedures Concerning Requests to Disclose, Correct, Delete, and to Suspend its Use, etc.