Privacy Policy
UBS AG, Tokyo Branch
UBS AG Tokyo Branch (UBS) complies with the laws related to the protection of personal information etc., Guidelines for Financial Institution and Authorized personal information protection organization, and this Privacy Policy in order to acquire Personal Information as well as My Number (Personal Information etc.) appropriately, handle such information properly, and take all possible measures to implement security measures. UBS will neither obtain by unjust means nor utilize any such inappropriately obtained Personal Information etc. The basic policies of Personal Information protection described in this document will be continuously reviewed.
1. Scope
This Privacy Policy applies to Personal Information etc. of customers and external outsourced parties (Customers etc), which UBS acquires, collects, uses, etc.
2. Business UBS uses Personal Information etc.
UBS will use Personal Information etc. the following businesses.
- Deposits, exchange, loans, foreign exchange and all related businesses (including financial derivative transactions)
- Investment trust sales, securities intermediation, corporate bonds business etc., and any business that may be engaged in by a bank under law and all related businesses
- All other businesses that a bank may conduct as well as ancillary businesses (including all businesses that may be approved for handling in the future)
3. Purpose of Use of Personal Information excluding My Number
UBS will use Personal Information for the following purposes. Except for the cases recognized by the PIPL, UBS will not make use of such information beyond the necessary scope, without the prior consent of the principal individual. Moreover, in case the objective in using specific Personal Information is restricted by law etc., such information will not be used in excess of the original limitations of usage. Therefore, UBS will not use or offer to any third party information concerning race, creed, social status, lineage, locality where family registers are kept, health treatment (including medical history), crime history, fact of having suffered damage by crime or any other special non-public information for purposes other than to properly manage its business or for any other purposes deemed necessary.
- For application for financial products and/or services, such as account opening for various financial products
- For identification of an individual under the Law for Prevention of Transfer of Criminal Proceeds, the representative or agent of an entity or anyone responsible for a transaction in his capacity etc., and for identification of qualifications etc. to use financial products and/or services
- For transaction of business, such as preparing the status reports of deposit and loan transactions, and deposit balance reports, managing due dates and answering inquiries
- For decisions regarding loan applications and subsequent maintenance thereof etc.
- For determining appropriateness of products and services offered, based on judgment etc. of principle of suitability etc.
- For provision of information to a third party such as a Personal Credit Information Organization, within limits, to carry out appropriate tasks required for credit operations
- For managing any outsourced operations appropriately, in the case where Personal Information processing in full or in part has been outsourced to other enterprises
- For exercising rights or carrying out obligations based on contracts with customers or law
- For research and development of financial products and services based on carrying out market surveys, data analysis and/or questionnaires
- For monitoring the validity of transactional contents and risk (including checking to prevent insider transactions)
- For external and internal inspections
- For tax payment
- For use in complaint processing, mediation and lawsuits
- For statistical purposes
- For promotional use of various product and services, such as sending direct mail etc.
- For promotion of various products and services of allied companies, or the introduction of UBS related companies (including the responsible employee in-charge)
- For various transaction cancellation and their aftercare; and
- For other matters necessary to carry out transactions smoothly and adequately with customer
UBS will use both automated (including artificial intelligence) and manual methods to process your Personal Data for these purposes. Our automated methods often are related to and supported by our manual methods. For example, our artificial intelligence systems (e.g. Microsoft 365 Copilot) may analyse your data to identify patterns and trends, which are usually manually reviewed and interpreted by humans.
In case of modifying any of the above-mentioned purposes, UBS will not change beyond the scope recognized reasonably relevant to the original purpose.
4. Purpose of Use of My Number
UBS will use My Number of Customers, etc. only for the following purposes which are set out by the law (My Number related administration) unless recognized by the Act on the Use of Numbers to Identify a Specific Individual in the Administration Procedure" (My Number Act).
- Account opening and reporting for financial product transactions
- Creation and submission of legal documents related to financial product transactions
- Providing information related to financial product transactions to Securities Depository Centers, etc.
- Creation of legal documents related to overseas remittance etc.
- Creation of payment record related to the fees/charges for an outsourced party as individual
- Creation of payment record for real estate rent fees
- Linking between My Numbers and deposit/saving accounts based on the The Act on Management of Deposit and Saving Accounts by Use of Individual Numbers based on the Will of Depositors (use of My Number only for the purpose of identifying deposit/saving accounts within UBS for the processes based on the Income Tax Act or other laws and regulations.)
UBS will obtain My Number only for the above purposes which are necessary to perform My Number related administrations.
5. Provision of Retained Personal Data to a Third Party
Except for the cases recognized by the PIPL1, UBS will not provide any Retained Personal Data (excluding My Number) to a third party without the prior consent of the individual. For My Number, UBS will provide such information to a third party only when it is required to process My Number related administration for the Customers, etc. (when submitting the payment record including My Number to the Tax Office Head, etc.)
UBS may provide Retained Personal Data (excluding My Number) to third parties located in foreign countries. In this case, except for the cases recognized by the PIPL, the consent of the individual will be obtained in advance after providing necessary information in accordance with the provisions of laws and regulations to allow the provision to a third party in a foreign country. In addition, if the third party and foreign country where such third party is located cannot be identified at the time of obtaining consent, information such as the name of the foreign country and the system for the protection of personal information in the foreign country in question can be requested after the fact. (However, if there is a risk of causing a significant hindrance to the proper execution of the business, UBS may not provide information on all or part of such information.) Please refer to section 17 below for UBS contact details in case you would like to request the information mentioned above.
As a global financial institution, UBS may provide personal data to regulatory or tax authorities in related countries or regions as necessary to be in compliance with the relevant laws and regulations, orders, etc.
The regulatory frameworks of countries/regions to which UBS may provide personal data are available at the website of Personal Information Protection Commission below.
Information on the system for the protection of personal information in foreign countries (Personal Information Protection Commission) https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/#gaikoku
6. Joint use of Personal Data excluding My Number
UBS will jointly use Retained Personal Data with the following UBS group companies, to the extent allowed by Firewall regulations, for the purposes given below. Management of this data will be the responsibility of UBS AG, Tokyo Branch, which will serve as the contact point for complaint processing etc.
Please click here for the address and the name of representative of UBS.
Companies that will use Retained Personal Data jointly:
- UBS Securities Japan Co., Ltd
- UBS SuMi TRUST Wealth Management Co., Ltd.
- UBS Asset Management (Japan) Ltd.
- UBS Japan Advisors Inc.
- Credit Suisse Securities (Japan) Limited
- UBS Group AG and UBS AG and its subsidiary and affiliate companies
Purpose of Joint Use of Retained Personal Data:
- To offer full-service as UBS Group (including cases of acting as intermediary for transactions between UBS Group companies and our customers, and vice versa Group companies acting as intermediary for transactions between UBS and customers)
- For risk management, operations and business management as a Group
Items of Retained Personal Data to Be Jointly Used:
- Customer’s name and address
- Phone number and fax number
- E-mail address
- Customer’s account number
- Customer’s financial information
- Information about customer’s occupation (employer and job title, etc.)
- Any data items as necessary to achieve the above-mentioned purposes.
My Number will not be jointly used with the group companies to be in line with my Number Act.
As for the joint usage of “dishonored” information, a notice will be posted in UBS’ offices containing items of Personal Data that will be jointly used, the scope of the joint users, purpose of use and the name of the person responsible for managing Personal Data.
7. Outsourcing Retained Personal Data Handling
In case of outsourcing Retained Personal Data handling to a third party, UBS will select appropriate agents and supervise them with necessary and appropriate attention in order to assure that customers’ Retained Personal Data are handled safely. In case of outsourcing (including sub-contracting) of My Number handling to a third party, UBS will ensure that the same level of security measures as UBS are implemented by such an outsourced party.
UBS may outsource the handling of Retained Personal Data to third parties in foreign countries.
In such a case, in addition to the above, UBS will take necessary and appropriate measures for the safe management of the Retained Personal Data after grasping the system for the protection of personal information in the foreign country in question, and periodically confirm the implementation status of the necessary measures taken by the third party.
In addition, customers can request information on necessary measures, etc. implemented by the third party. (However, if there is a risk of causing a significant hindrance to the proper execution of the business, UBS may not provide information on all or part of such information.) Please refer to section 17 below for UBS contact details in case you would like to request the information mentioned above.
8. Measures taken to ensure the safety of Retained Personal Data
UBS will strive to keep the customers’ personal data accurate and up-to-date within the scope of the purpose of use. Also, in order to prevent the leakage, loss, or damage, etc. (“leakage, etc.”) of customers' personal information, UBS has established the basic policy to ensure the appropriate handling of personal data, and take the following measures. In addition, in the unlikely event that a situation arises such as leakage, etc. of customer's personal information, UBS will respond appropriately, such as reporting to a supervisory authority or notifying the person in question in accordance with the provisions of laws and regulations.
(Establishment of disciplines related to the handling of customers' personal information)
Formulated rules for the handling of customers' personal information related to handling methods, persons in charge, personnel, and their duties at each stage of acquisition, input, use and processing, storage, transfer and transmission, erasure and disposal.
(Organizational Safety Management Measures)
・ In addition to appointing a person responsible for the handling of customers' personal information, clarifying the scope of personal data handled by employees who handle personal data and those employees, and establishing a system to escalate to such a responsible person when the facts or signs that violate laws and internal rules established above.
・Conduct regular self-inspections of the status of the handling of customers' personal information, and conduct audits by other departments and external parties.
(Human Safety Management Measures)
・ Conduct regular training for employees on matters to be noted regarding the handling of customers' personal information
・ Matters related to confidentiality of customers' personal information are described in the rules of employment.
(Physical Safety Management Measures)
・ In areas that handle customers' personal information, UBS manages the entry and exit of employees and implement measures to prevent unauthorized persons from viewing customers’ personal information.
・Take measures to prevent theft or loss of equipment, electronic media, documents, etc. that handle customers' personal information, and take measures to prevent the identification of personal information easily when carrying such equipment, electronic media, etc., including movement within the office
(Technical Safety Management Measures)
・ Limited the scope of personal information databases, etc. and employees by implementing access control
・ Introduced a mechanism to protect information systems that handle customers' personal information from external unauthorized access or software
(Understanding the external environment)
・When handling customers' personal information in a foreign country, implement safety management measures after grasping the system for the protection of personal information in the foreign country concerned
Please contact us for the system for the protection of personal information for those foreign countries, etc. where Retained Personal Data is handled. (Please refer to section 17 below for UBS contact details.)
9. Matters concerning Retained Personal Data
Notification of objectives of using Retained Personal Data
UBS will be notifying individuals about its objectives of using Retained Personal Data upon inquiry. However, in the following cases, notification may not be made. In this case, the individual will be given the reason for the decision not to notify. In some cases, UBS may charge the cost of notification. In such cases, the amount will be informed in advance.
10. Disclosing Retained Personal Data
UBS will disclose Retained Personal Data, log for personal data provision in an agreed-upon method, when inquired by the individual (including confirmation that the retained personal data does not exist). However, in the following cases, disclosure may be refused. In such case, the individual will be given the reason for such decision. In some cases, UBS may charge the individual for costs incurred in disclosing such information. In such cases, the amount will be informed in advance.
In case of inquiry for disclosing the retention of My Number, UBS will provide the response on whether or not we retain the My Number.
11. Revisions etc. of Retained Personal Data
In case UBS receives a request from an individual to correct, add or delete (“Revision etc.”) the contents of Retained Personal Data for the reason that they are not correct based on the fact, then for within the range necessary for achieving the usage objective, UBS shall carry out an investigation without delay to determine the facts; and, if it is determined that the request is justified, all necessary Revisions etc. shall be carried out. The individual shall be notified of whether a Revision etc. has been carried out or not and the reason behind the decision.
12. Suspension of use of Retained Personal Data
Appropriate investigation shall be made when an individual requests suspension or deletion (“Suspension etc”.) of the Personal Data retained by UBS which he/she suspects is being used in a manner different from the usage purpose that has been publicly announced or notified or which was obtained by illegal means, is being used in an improper manner, or when it is no longer necessary to use, when a major incident occurred, or when there is a risk that the rights or legitimate interests of the customers may be harmed. If the request turns out to be well justified, then either Suspension etc. of data shall be carried out to correct the violation (reported) or alternative measures will be taken to protect the individual’s rights. The individual shall be notified of whether suspension etc. was carried out or not and the reason for it.
13. Suspension of Provision of Retained Personal Data to Third Party
Appropriate investigation shall be made when an individual requests suspension of provision to a third party (including foreign country) of the Personal Data retained by UBS which he/she suspects is being provided to a third party without either being within the confines recognized by the PIPL or without obtaining the individual’s prior consent. , or when it is no longer necessary to use, when a major incident occurred, or when there is a risk that the rights or legitimate interests of the customers may be harmed. If the request turns out to be well justified, then either the provision of such data to a third party will be suspended or other alternative measures shall be taken to protect the individual’s rights. The individual shall be notified of whether suspension etc. was carried out or not, and the reason for it.
14. Procedures for Request
The Personal Data Manager in the relevant Sales division or Compliance Department will receive all requests stipulated in section 9 through 13 given above. An individual may be asked to fill out UBS forms when making a request.
In general, our Compliance Department shall reply to all requests by a method requested by the customers; however, explanations about the replies may be made orally in some cases.
Identify of the individual is generally confirmed by his/her registered seal (impression) or signature already provided to UBS, if a request shall be made directly by the individual. If the requester is a corporation or the executive of another organization or an attorney for the customer, UBS shall confirm the relationship between the requester and the customer by asking for personal identification documents of the requester (as stated in the Law for Prevention of transfer of Criminal Proceeds) and documents to prove the relationship between the requester and the customer (power of attorney etc.).
15. Inquiries/Complaints Processing
UBS will make an effort to handle rapidly and sincerely when we receive any inquiries and/or comments regarding personal information from customers etc. Inquiries and/or complaints regarding security measures for handling of Personal Information may be made through the Personal Data Manager in the respective Sales divisions or also through the Compliance Department.
16. UBS participation in Recognized Personal Information Protection Organization
UBS is a member of the All Banks Personal Data Protection Council, which is recognized as a Personal Information Protection Organization by Personal Information Protection Commission. The Customer Inquiries window for complaints or consultation at the All Banks Personal Data Protection Council shall receive complaints and provide consultation in relation to the handling of Personal Information by its members.
All Banks Personal Data Protection Council: http://www.abpdpc.gr.jp/menu5.html
Customer Inquiries for complaints/consultation: 03-5222-1700
Also, in regard to the registered financial institutions business, UBS is a member of the Japan Securities Dealers Association, which is recognized as a Personal Information Protection Organization by Personal Information Protection Commission. The Customer Inquiries window for Personal Information at the Japan Securities Dealers Association will receive complaints and consultation in relation to handling of Personal Information of its members.
[Complaints, Inquiries window]
Japan Securities Dealers Association: http://www.jsda.or.jp
Customer Inquiries window for Personal Information: 03-6665-6784
Major outsourcing processes and the major method in which UBS obtains Personal Information are as follows:
[Major method of obtaining Personal Information (excluding specific personal information etc.)]
- Information provided by customers directly such as an application document for account opening, KYC documents, customer’s responses to a questionnaire prepared by UBS, RSVPs for a seminar organized by UBS etc
- Information obtained in the course of provisions of our products or services.
- Publicly available information through company quarterly journals, commercial books, news papers or internet etc.
- Personal Information will come into UBS’s possession including through recording of telephone conversation.
[Major outsourcing processes]
UBS outsources part of processes handling of Personal Information which are as follows:
- Printing or dispatching documents which need to be sent to our customers
- Legal or accounting advisory
- Maintenance and management of IT systems
- Safekeeping of documents
17. Contact
Inquiries about Retained Personal Data at UBS will be handled by Compliance Department.
UBS AG Tokyo Branch
Email address: OL-JPN-Data-Protection@ubs.com
Our address and the name of the representative: click here.