Site Search

MENU

検索

Back

About Kyushu Financial Group<

Kyushu Financial Group’s Vision Kyushu Financial Group’s Vision

Back
Back

IR Information

Back
Back

Sustainability

Initiatives for the creation of a sustainable society Initiatives for the creation of a sustainable society

Back

Site Search

閉じる

  1. TOP
  2. Basic Policy on the Protection of Personal Information

Basic Policy on the Protection of Personal Information

Kyushu Financial Group, Inc. (hereinafter “the Group”), its subsidiaries and affiliated companies (hereinafter, collectively also referred to as “the Group”) shall set forth and announce the following basic policy regarding the handling of customers’ personal information and individual numbers (hereinafter, “personal information”).

1. Policy for handling personal information

In handling customers’ personal information, the Group will comply with the items stipulated in this basic policy and various regulations of the Group, in addition to the “Act on the Protection of Personal Information” (hereinafter, “Protection of Personal Information Act”), the “Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures” (hereinafter, “Numbers Act”) and other relevant laws, regulations, and guidelines. Also, the Group will continue to improve the way it handles customers’ personal information.

2. Obtaining personal information appropriately

  1. The Group shall acquire the customers’ personal information through appropriate means
  2. The Group may obtain personal information from sources such as the following:

(Examples of sources of information)

  • Personal information provided directly by customers by way of application forms for creating a deposit account or other documents that the customer fills in and submits (documents such as application forms submitted directly by the customer, or data entered via forms on the website)
  • Personal information provided by third parties including joint users such as local clearinghouses and personal credit information agencies

3. Purpose of use

  1. The Group will specify the purpose of use related to customers’ personal information. When obtaining customers’ personal information, the Group will notify, announce or clearly indicate the purpose of use, and handle the information within the scope required to achieve the expressed purpose of use. If the purpose of use for specific personal information is otherwise limited based on laws and regulations, such as the use of individual numbers according to the Numbers Act, then the information will not be used other than for such purpose.
  2. The purpose of use by the Group for the personal information will be notified on the websites of the various companies in the Group.
  3. The Group will specifically define purposes of use so that it is clear to the individual, and we will work to limit the purposes of use based on the conditions in which the information was gained, such as responses to questionnaires only being used to tally such responses.
  4. Regarding use of personal information by the Group for solicitation using direct marketing such as direct mail or through telephone calls, such use of personal information shall be discontinued if a customer so requests.

4. Provision to third parties

  1. The Group will not provide personal information of a customer to any third party without prior consent by the individual, except as permitted by law. However, when outsourcing the handling of personal information within the scope necessary to achieve the purpose of use, or in the case of a merger and for joint-use with a person specified separately, we may provide customers’ personal information without obtaining their consent.
  2. Individual numbers will not be provided to third parties except as indicated on a limited-basis in the Numbers Act.

5. Handling of sensitive information

The Group shall not acquire, use, or provide to any third party customers’ sensitive information (refers to information specified in the “Guidelines for Protection of Personal Information in the Finance Sector”) except for cases listed in the guidelines such as when based on laws and regulations, or when consent of the customer is obtained to the extent necessary to carry out business operations.

6. Security control measures

The Group shall take necessary and appropriate security measures to prevent the loss, falsification, and leakage of customers’ personal information. The Group shall also supervise as necessary and appropriate employees and companies to which work is outsourced (including subcontractors) who handle customers’ personal information.

7. Outsourcing the handling of personal data

The Group outsources the handling of personal data for cases such as the following:

(Examples of outsourcing personal data)

  • Tasks related to mailing out itemized notification of transactions
  • External transaction business related to foreign exchange
  • Tasks related to sending out direct mail
  • Work related to information system operation and maintenance

8. Procedure for disclosure request

  1. The Group complies with the Protection of Personal Information Act to properly and promptly handle customers’ personal data, such as notification of the purpose of use, request for disclosure, modification/addition/deletion of incorrect data, deletion, and suspension of use/provision to third parties.
  2. Details of the procedures are available at sales offices of the Group companies and on their websites. Please direct requests for the Group to our CR Supervision Division at (TEL: 096-326-5588).

9. Contact information for inquiries or complaints

  1. The Group properly and promptly responds to opinions or requests regarding the handling of personal information.
  2. If you have any opinions, requests, or inquiries regarding the Group’s handling of personal information or regarding our security control measures, please contact the Group’s main office, branches, or CR Supervision Division (TEL: 096-326-5588).
  3. We are a member of the following organizations which are all certified personal information protection organizations under the Protection of Personal Information Act. The following organizations accept complaints and consultation regarding the handling of personal information by other member organizations.

(All Banks Personal Data Protection Council)
TEL: +81-3-5222-1700

http://www.abpdpc.gr.jp/

(Local bank consultation center)
Kumamoto TEL: +81-96-354-6655
Kagoshima TEL: +81-99-222-8178

Purposes of Use for Personal Information

We use customers’ personal information pursuant to the Protection of Personal Information Act for the following business and to the extent necessary to accomplish the purpose of use.

(Business Description)

  • As a bank holding company, business management of banks and other corporations permissible as subsidiaries under the Banking Act and other business activities incidental to such management
  • In addition to abovementioned business activities, those for which the bank holding company can operate under the Banking Act (including business activities that will be approved in the future)

(Purposes of Use)

Personal information will be used for the following purposes related to business management of the Group.

  • To carry out procedures for audits, settlement of accounts, and internal control that arise for the Group over the course of conducting business activities
  • To exercise rights and fulfill obligations in contracts with the customers and by law
  • To provide to a third party within the scope necessary to carry out business activities appropriately.
  • To properly carry out entrusted business activities when other business operators outsource all or part of the personal information processing.
  • To study and develop financial products and services by implementing market research, data analysis, and questionnaires.
  • To make proposals related to financial products and services via direct mail or phone call.
    (Includes analyzing information obtained, such as browsing history and transaction history, to provide advertising and offer various products and services tailored to individual customer needs and interests.)
  • To propose the Group’s products and services.
    (Includes analyzing informaion obtained, such as browsing history and transaction history, to provide advertising and offer various products and services tailored to individual customer needs and interests.)
  • For cancellation procedures and the subsequent procedures.
  • To carry out customer transactions and communicate with our shareholders and the local communities smoothly and adequately.

Purposes of Use for Individual Numbers

We use customers’ individual numbers pursuant to the Protection of Personal Information Act and the Numbers Act to the extent necessary to accomplish the following purposes of use.

  • Preparation of payment records for remuneration and fees
  • Preparation of payment records for dividends, surplus distribution, and interest from funds
  • Preparation of payment records for usage fees of real estate
  • Preparation of payment records for payment of compensation for real estate
  • Preparation of other legal documents

Security Control Measures

The security control measures stipulated in our Basic Policy on the Protection of Personal Information consist of implementing the following measures based on various regulations of the Group, procedure manuals, and the like.

Organizational Security Control Measures

Implementation of organizational security control measures is as follows.

  • The Board of Directors is deemed the decision-making body for important matters concerning information asset management.
  • Officer in charge of the CR Supervision Division is deemed the person in charge of information management supervision.
  • The head of each department is deemed the person in charge of information asset management.
  • The CR Supervision Division is deemed the information management supervisory division.
  • The CR Committee has been set up as the committee to discuss matters pertaining information management.

Human Security Control Measures

Implementation of human security control measures is as follows.

  • Conclusion of nondisclosure agreements
    Disclosing customer information, confidential matters of the company, and internal affairs of officers to third parties; unauthorized use of the information system; acquiring and using information assets for purposes other than business are prohibited.
  • Defining the roles and responsibilities of employees
    Officers and employees must obey internal rules and promptly report to the person in charge of information asset management if a case of disclosure occurs or as soon as the possibility of the same is detected.
  • Implementation of education and training
    The person in charge of information asset management adheres to the instruction and guidance of the information management supervisory division and conducts education and training regarding the safe management of information assets.
  • Confirmation of compliance status
    The information management supervisory division prepares the framework, provides guidance and supervision, and monitors the status of its management.
  • Disciplinary action
    If a violation against prohibited acts is identified, it is subject to punishment laws and regulations as well as work regulations.

Physical Security Control Measures

Implementation of physical security control measures is as follows.

  • Management of facilities, etc.
    Entry into the Group and to the various departments is monitored, and electronic media is prohibited.
  • Management of systems, etc.
    Electronic media and paper documents are stored in a locked cabinet, and devices containing data are locked with security wires or other means.
  • Management of electronic media, etc.
    Electronic media and paper documents are prohibited from being removed from the worksite except for business purposes. Various safety precautions are in place when they must be taken out.
  • Disposal/deletion
    When data is to be disposed/deleted, a shredder or a furnace within/outside the company is used to destroy, burn or dissolve the material; dedicated data deletion software is used; or physically destroy the hard drive.

Technological Security Control Measures

Implementation of technological security control measures is as follows.

  • Management of access to information assets
    Information assets that can be accessed is limited, and access rights to the information system is limited.
    Verification is required when accessing the information system with authentication methods such as the use of a user ID, password, magnetic/IC card, etc.
    To prevent unauthorized access by external parties, a firewall has been established between the information system and external networks. Antivirus software has been installed and is being updated to the latest version, and logs are being analyzed to detect unauthorized access.
  • Management of system development and operations
    To prevent information leakage, communication information is encrypted in the communication path, data stored in the system is encrypted and passwords are set.

Assessment of External Environments

When providing personal data to a third party outside of Japan, we will expand the information regarding the handling of personal information provided to third parties, such as relevant systems in place in that country.

Handling of Personal Information on the Website

Use of Cookies

This website (hereinafter, “this Site”) may use cookies for a portion of its content.
Cookies are information stored on the web browser when a website is accessed, but we do not include personal information such as names and email addresses.
Information from cookies may be used to analyze access to this Site or to display relevant advertisement to the users. Cookies can be disabled by adjusting the browser settings.

Use of Google Analytics

This Site may use Google Analytics for usage statistics.
Analytics uses first-party cookies and collects the user information without identifying the specific individual. The methods of collecting access information and its use are stipulated by the Google Analytics Terms of Service and Google’s Privacy Policy.
Please refer to the following URL for details regarding Google Analytics.

Google Analytics Terms of Service

Google Policies and Terms