Privacy Policy
The Association for Promotion of Sustainable Finance Platform (hereinafter referred to as “the Association”) has established a privacy policy (hereinafter referred to as “the Policy”) to stipulate how the Association should handle personal information, as follows.
1. Personal Information
In the Policy, “Personal Information” refers to personal information as defined in the Act on the Protection of Personal Information (hereinafter referred to as “the Personal Information Protection Law”).
2. Acquisition of Personal Information and the purposes of use
The Association acquires and uses the following Personal Information for the following purposes:
(1) Personal Information to be acquired
-
① Information provided by a person who, for example, submits an inquiry to the Association or expresses their wish to use the Sustainable Finance Platform / Engagement Support Service (hereinafter referred to as “the Service”), which is provided by the Association
- Full name of the person
- Company/department information (including company name, department name, company address)
- Contact information (including phone number, email address)
- Description of the inquiry
-
② Personal Information to be acquired when a person uses the Service
- User ID (email address)
- Logs of use of the Service (including functions used, date and time of use)
(2) Purposes of use
-
① Personal Information to be acquired from inquiry by telephone, by email, or by the inquiry entry form of the Association
- Replying to the inquiry, opinion, or request.
- Note that the Association can keep a record of opinions and requests for the purpose of correct understanding of inquiries.
-
② Personal Information to be acquired from the membership application form of the Association
- Verifying information in the membership application form or provide and send invoices or other documents.
- Sending notifications about the Association’s operations (including event information) to members.
-
③ Personal Information to be acquired as a result of participation in (or a request for participation in) events, seminars, etc. hosted by the Association
- Hosting, running, and managing events, seminars, and the like.
- Analyzing the acquired Personal Information and thereby planning, improving, and refining the events or seminars.
- Providing information about events and seminars hosted by the Association and activities and services run by the Association.
-
④ Personal Information related to business partners of the Association
- Selecting suppliers, managing business dealings, and carrying out other tasks related to these tasks.
-
⑤ Personal Information about staff members in the Association (including contract workers engaged in business operations in the Association)
- Carrying out business operations in the Association.
-
⑥ Personal Information to be acquired as a result of business activities performed by the Association
- Providing notifications or holding meetings about business activities.
-
⑦ Personal Information about persons who submit an application for using the Service and about users of the Service
- Carrying out contracting procedures related to the Service, performing user management tasks, and performing other tasks related to these procedures and tasks.
- Providing user support related to the Service.
- Analyzing information such as browsing logs and usage logs and providing or recommending functions to improve usability for users, taking into consideration usage frequency and users’ interests.
- Analyzing and taking advantage of information such as browsing logs and usage logs, in order to be able to provide new services, develop functions, carry out marketing activities, and the like, taking into consideration usage frequency and users’ interests.
- Ensuring the security of the Service provided by the Association.
- Providing notifications necessary to run the Association’s services (for example, maintenance information about the Service, notifications about changes in the terms of use, and other important notifications).
- Making requests for interviews, questionnaire surveys, campaigns, monitoring activities, and the like.
- Provide replies to opinions and inquiries about the Association or services provided by the Association.
3. Shared use or provision of Personal Information to third parties
(1) The Association will not provide Personal Information to any third parties without prior consent from the person. However, this does not apply if any of the following applies:
- Provision of Personal Information is in accordance with laws and regulations.
- Provision of Personal Information is necessary to protect the life, body, or properties of a person, and it is difficult to gain consent from the person.
- Provision of Personal Information is especially necessary for improvement of public health or sound nurturing of children, and it is difficult to gain consent from the person.
- There is a need to cooperate with a national government organ, local government, or person entrusted thereby with performing the functions prescribed by laws and regulations, and obtaining the consent of the person is likely to interfere with the performance of those functions.
- The Association entrusts all or part of the handling of Personal Information within the scope necessary for achieving the purpose of use.
- Personal Information is provided as a result of business succession due to a merger or other such circumstances.
(2) If the Association provides a service jointly with a member company, the Association can jointly use Personal Information with the member company, as explained below. In this case, the Association will implement appropriate information management measures and clarify the scope of information to be jointly used.
Personal Information items to jointly used |
Personal Information mentioned above in item 2. |
Scope of parties that will jointly use Personal Information |
Member companies of the Association and their group companies (MS&AD Insurance Group Holdings, Inc. (Aioi Nissay Dowa Insurance Co., Ltd, Mitsui Sumitomo Insurance Company, Limited); Sompo Japan Insurance Inc.; Tokio Marine & Nichido Fire Insurance Co., Ltd.; Nippon Life Insurance Company; Hitachi, Ltd.; Mizuho Bank, Ltd.; Sumitomo Mitsui Banking Corporation; and MUFG Bank, Ltd.) |
Purposes of shared use by those parties |
Same as those stated above in item 2. (However, when you read the statements about the purposes of use, please replace “the Association” with “the Association and the member companies”.) |
Manager responsible for joint use |
Personal Information Manager at the Association |
4. Use of cookies, etc. and acquisition of usage status information, attribute information, etc.
(1) A cookie (which hereinafter refer to cookies and their related technologies) is a small text file that the website sends to your device for the purpose of keeping records. It identifies your device, typically your web browser, but it cannot directly identify you.
(2) There are two types of Cookies : those that are set by the domain of the Association’s website and those that are set by third-party partners of the Association.
(3) Cookies that are set by the domain of the Association’s website can be used on part of the Association’s website, for the purpose of making the Service more convenient for users.
(4) Some cookies are necessary to operate our website (e.g. for establishing and keeping sessions), while other cookies may be used for the following purposes:
-Delivering advertisements that may be of interest to you from us or our advertising partners based on information collected by tracking users across the internet;
(5) You can choose whether to allow us or third-parties (e.g. our advertising partners) to set cookies which are not strictly necessary for the functioning of the website via the cookie banner or cookie settings interface provided on the website. In that case, however, part of the Service might become unavailable or adversely affected.
5. Security management measures related to Personal Information
As explained below, the Association will properly implement security management measures related to personal information in accordance with the Personal Information Protection Law and other related laws, regulations, and guidelines.
(1) Formulation of the basic policy
- With the goal of ensuring proper handling of Personal Information, the Policy is established as the basic policy about compliance with laws and regulations, implementation of appropriate security measures, and the like.
(2) Establishment of rules on handling of Personal Information
- Internal rules are established to define, for example, how to acquire, use, save, delete, and dispose of Personal Information.
(3) Organizational security management measures
- The Association assigns a manager responsible for handling Personal Information and clearly specifies persons in charge for each type of Personal Information. The Association also performs periodic reviews of access permissions.
- A reporting line to the responsible manager is established for reporting of occurrences or signs of incidents such as a violation against an internal rule or a leak of Personal Information.
- The Association periodically checks how Personal Information is handled and revises the methods for handling Personal Information as necessary.
(4) Personal security management measures
- The Association is engaged in periodic efforts to raise awareness of their team management staff about points to note when handling Personal Information.
(5) Physical security management measures
- The Association will implement safe measures to prevent information leaks that might result from, for example, loss or theft of Personal Information. For example, if someone needs to take electronic devices containing Personal Information out of the office, the person must protect the data with passwords.
(6) Technical security management measures
- The Association limits the number of persons responsible for handling Personal Information and the types of Personal Information that they handle and specifies access permissions accordingly.
- When handling Personal Information, the Association uses a system that has capabilities to protect against illegal software or unauthorized access from external entities.
(7) Understanding of external environments
- If Personal Information is to be handled in countries outside Japan, the Association will ascertain personal information protection rules or systems in those countries and implement appropriate and necessary measures for security management purposes.
6. Request for disclosure of Personal Information
If a person requests disclosure of their Personal Information in accordance with the Personal Information Protection Law, the Association will verify that the request is actually made by that particular person and disclose the Personal Information without delay to that person. However, this does not apply if the Personal Information Protection Law or other laws or regulations indicate that the Association has no obligation to disclose Personal Information. The Association will request payment of a service fee of 1,000 yen for each personal information disclosure request.
7. Correction of Personal Information, discontinuation of use of Personal Information, etc.
If a person claims that Personal Information about that person is false and then requests correction, addition, or deletion of the Personal Information (hereinafter referred to as “correction or another operation” in this Article) in accordance with the Personal Information Protection Law, the Association will verify that the request is actually made by that particular person, perform necessary investigations without delay, perform correction or another operation on the Personal Information based on the investigation results, and provide a notification to that effect to that person. If the Association decides not to perform correction or another operation, the Association will provide a notification to that effect to that person without delay.
If a person claims that Personal Information about that person is handled beyond the disclosed purpose of use or is collected through deceit or other wrongful means and then requests discontinuation of use of the Personal Information or erasure of the Personal Information (hereinafter referred to as “discontinuation of use or another operation” in this Article) in accordance with the Personal Information Protection Law, the Association will verify that the request is actually made by that particular person, perform necessary investigations without delay, perform discontinuation of use or another operation on the Personal Information based on the investigation results, and provide a notification to that effect to that person. If the Association decides not to perform discontinuation of use or another operation, the Association will provide a notification to that effect to that person without delay. However, this does not apply if the Association finds it difficult to perform discontinuation of use or another operation (for example, if a considerable amount of money is required to perform discontinuation of use or another operation) and thus needs to implement alternative measures to protect the rights and benefits of that person.
8. Corrections and changes to the Policy
The Association can correct or change the Policy as needed. In that case, the company will post a notice on the Association’s website about the changes to the Policy and the effective date of those changes or take other appropriate means to provide such a notification. Note that if the Association makes changes that require consent from a person due to legal reasons, the changes in the Policy will apply only to the person who gives consent to those changes.
9. Point of contact
If you have any opinion, question, complaint, or inquiry about Personal Information, please contact the following:
Yoshihiro Kanaoka
Personal Information Manager and Representative Director
The Association for Promotion of Sustainable Finance Platform
6-1, Marunouchi 1-chome, Chiyoda-ku, Tokyo, 100-8220
Email:@