Touchstone Capital Management (the “Company”) hereby sets out the following Personal Information Protection Policy (the “Privacy Policy”) based on the Act on the Protection of Personal Information (Law No. 57 of 2003; the “Personal Information Protection Act”) to implement and maintain the proper management of and protect personal information.
Privacy Policy
1.The Company name, address and the name of representative director
Touchstone Capital Management Co., Ltd.
HULIC JP Akasaka Building 12F, 2-5-8 Akasaka Minato-ku, Tokyo, 107-0052, Japan
Representative Director Masahide Matsumoto
2.Compliance with Applicable Laws and Regulations
The Company deeply understands the importance of protecting personal information and will abide by the Law concerning Protection of Personal Information, other related laws and ordinances, guidelines of competent authorities, and any other declarations by approved organizations representing the protection of personal information.
3.Acquisition and use of Personal Information
When the Company requests customers, business partner, etc. (in case of corporation, it refers to all of their officers and employees, hereinafter referred to as the “Person”) to provide their personal information, the Company will notify or publicly announce the purposes of use in advance. The Company will use personal information only within the scope of the purposes of use. Without the consent of the Person, the Company shall not use any personal information for any purpose other than the purposes of use.
4.Purposes of Use of Personal Information
The Company will use personal information obtained by it (such as name, address, date of birth, employer, phone number and email address) for the following purposes:
(1) To solicit, sell, and provide private placement, information, and services relating to securities and other financial products based on the Financial Instruments and Exchange Law
(2) To solicit, sell, and provide services and information relating to the financial products handled by the Company and its related and affiliated companies
(3) To provide advisory services and executing lease agreements in accordance with Building Lots and Buildings Transaction Business Act and related ordinances
(4) To review the suitability of the products and services offered by the Company under the principle of suitability
(5) To identify individual customers, their agents or, where the customer is a legal entity, the Person responsible for a particular transaction, including any representative or agent of such a legal entity
(6) To inform the Person of the outcome of a transaction, account balances or any other matters
(7) To carry out administrative work in connection with any transaction with the Person
(8) To deal with, check, and keep records of, inquiries or requests for consultation from the Person
(9) To provide information to the Person by direct mail, email or other means
(10) To introduce the Person to clients of the Company with the approval of the Person
(11) To respond to comments or requests from the Person
(12) To carry our research and development of financial products and services through market research, data analysis, and questionnaire surveys, etc.;
(13) To perform delegated services involving the handling of personal information in an appropriate manner when all or part of the processing of personal information is entrusted by other business operators
(14) To perform services incidental to the foregoing businesses and affairs; and
(15) To provide personal information or personal data of the Person to third parties to the extent necessary to achieve the foregoing purposes of use.
In addition, the Company in principal will not gather sensitive information such as information concerning special care-required personal information and information concerning membership of any labor union, family origin, registered domiciled, medical or health care records, and sexual activities and in the event it does acquire said information, it shall not use it or provide it to any third parties.
5.Provision of Personal Information
<Ⅰ> The Company will not disclose or provide any personal information received from the Person to any third party unless:
(1) Cases in which a principal has provided consent.
(2) Cases in which the provision of personal data is based on laws and regulations
(3) Cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain a principal’s consent
(4) Cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a principal’s consent
(5) Cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal’s consent would interfere with the performance of the said affairs
(6) Cases in which the Company entrusts such third party to perform a whole or part of the handling of the personal information to the extent necessary to achieve the purposes of use; (in which case, the Company will take measures such as entering into a confidentiality agreement) or
(7) Cases to take statistics or collect data in a state where the Person cannot be identified.
<Ⅱ>To the extent necessary to achieve the purposes of use, the Company may use personal information jointly with the Company’s group affiliates.
(1) Items of personal data which are jointly used
Any and all personal data of the Person, unless particularly otherwise requested by the Person
(2) Scope of joint users
Other affiliated companies of the Company’s group
(3) Purpose of use by joint users
Same as provided in 4. above.
(4) Name of the person or entity responsible for the management of the relevant personal data
The Company will be responsible for any personal data that is jointly used.
For our address and representative, please see 1 above.
For inquiries about jointly use, please contact the Company’s contact point in 11 below.
6.Handling of “Individual Number” and “Specific Personal Information” defined under “Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures”
Except for purposes specifically stipulated by relevant laws and regulations, the Company will not acquire or utilize “Individual Number” and “Specific Personal Information”. In addition, the Company will not provide these information to third parties, unless specifically stipulated by relevant laws and regulations.
7. Assurance of Accuracy of Personal Data
To the extent necessary for the implementation of the purpose of use, the Company will make efforts to keep the personal data accurate and up-to-date. Unless a retention period is set forth under applicable laws or ordinances, the Company will establish the retention period for personal data in custody according to its purpose of use, and will erase or dispose of the relevant personal data after the elapse of the applicable period.
8. Security Control Measures and Supervision over Outsourcing Parties
To protect personal information of the Person against unauthorized disclosure, loss or destruction, the Company will incorporate appropriate company organizations and strict security measures for the protection of personal information by means of establishing, and reviewing and revising from time to time, internal regulations regarding the protection of personal information (Including security control measures according to each stage of acquisition, use, maintenance, etc. of personal data).
[Formulation of Policies and Disciplines regarding personal information protection]
In order to ensure the proper handling of personal data, the company has formulated this Privacy Policy (Personal Information Protection Policy) regarding “Compliance with Applicable Laws and Regulations” and “Contact for Inquiries about Protection of Personal Information”, etc. In addition, the Company has formulated internal rules such as “Personal information handling regulations” for each stage of acquisition, use, storage, provision, deletion, disposal, etc. of personal data, regarding methods, responsible persons, and their duties.
[Organizational Security Control Measures]
In addition to defining the responsibility and authority for the handling of personal data, clarifying the officers and employees who handle personal data and scope of personal data handled by those, the Company has established a reporting and liaison system in the event of facts or signs of violations of the Personal Information Protection Law or Personal information handling regulations are identified. The Company also regularly conducts self-checks and audits regarding the handling of personal data.
[Human Security Control Measures]
The Company continuously provides educational training etc. to its officers and employees regarding matters to consider regarding the handling of personal data, and provide guidance and supervision to ensure security management.
The Company requires its officers and employees to submit a letter regarding confidentiality of information at the time of joining and resigning the Company, in order to maintain the confidentiality of personal information and not to use it outside of work. In addition, the Company has stipulated in our employment regulations that we must comply with the prohibition of information leakage of confidential information including personal information, and works to make it known.
[Physical Security Control Measures]
In addition to locked storage of important documents that contain personal information, by such as monitoring people who enter and exit the office with video recordings, the Company take measures to prevent unauthorized person from viewing personal data, and to prevent theft or loss of such as equipment, electronic media, documents to process personal data.
[Technical Security Control Measures]
In addition to implementing access control for the information system and limiting the scope of the personal information database, etc. and access right holders of them, the Company monitors the usage and handling status by managing access logs on the information system, etc. The Company takes measures to protect its information systems that process personal data from unauthorized external access or unauthorized software.
[Supervision over Outsourcing Parties]
When entrusting the handling of personal information, etc., the Company will make appropriate selection of outsourcing parties, and set up necessary and appropriate supervision over outsourcing parties to ensure its security.
[International Transfer of Personal Information associated with entrusting the handling]
When entrusting the handling of personal information to a foreign corporation, etc., the Company will do so only when the Person consents in advance, and will announce or notify the following matters regarding the entrustment.
(1) Method of providing personal information to the foreign contractor;
(2) Measures implemented by the foreign contractor;
(3) Systems concerning the protection of personal information in the foreign country;
(4) Frequency and method of confirmation regarding protection of personal information;
(5) Suspension of provision of personal information;
9.Request for Disclosure of, or Other Actions relating to, Personal Information
If the Person requests the Company to disclose, correct, suspend use of, erase, or take other actions relating to, any personal information of the Person held by the Company, the Company will verify the identification of the Person and endeavor to properly and quickly respond to the request.
Upon a request by the Person or his/her agent, the Company will take procedures to meet his/her request for disclosure or other actions in the following manner:
(1) Personal information which is retained by the Company and is subject to the procedures to meet a request for disclosure or other actions:
Information on names, addresses, phone numbers, dates of birth, employers, histories of transactions or the like
(2) Any request for disclosure or other actions shall be made by sending by a postal mail, etc. in a prescribed request form with necessary documents (see (3) below) attached to it to the following contact:
Touchstone Capital Management Co., Ltd.
Compliance Department
HULIC JP Akasaka Building 12F, 5-8 Akasaka 2-Chome, Minato-ku, Tokyo 107-0052, Japan
(3) Items to be submitted
・Application form which is available at our office (to be sent by email or other means);
・Document for verification of identification (such as a copy of a driver’s license);
Upon the acceptance of a request, the Company may request the Person to present matters necessary to identify the personal data which is
retained by the Company and is subject to the relevant request.
・In the case of a request by an agent, the Company will confirm the right of representation and request the agent to submit necessary documents
depending on his/her relationship with the Person.
(4) The Company will respond in writing at the office of the Company, or by sending a postal mail or e-mail to the address which is notified by the Person.
(5) Any personal information acquired in the course of the procedures of a disclosure request will be used for investigations for the procedures, verification of identification of the Person and his/her agent, and providing a response to the request.
(6) If the Company decides not to disclose personal information or take other actions, the Company will notify thereof and the reasons for such decision.
10.Others
In order to ensure the proper handling of personal information, the Company will review its management internal system for the protection of personal information as necessary in accordance with internal regulations and related manuals, and efforts to attain continuous improvement.
To further improve the protection of personal information and to deal with changes in laws, regulations or other rules, the Company may amend its Personal Information Protection Policy, Privacy Policy, procedures for disclosure, or other prescribed matters without any prior notice.
11.Contact for Inquiries about Protection of Personal Information
For inquiries, comments, requests or other communications concerning the handling of personal information, please contact the following personal information inquiry contact in writing, etc.
[Contact information for an inquiry etc.]
Touchstone Capital Management Co., Ltd.
Compliance Department
HULIC JP Akasaka Building 12F, 5-8 Akasaka 2-Chome, Minato-ku, Tokyo 107-0052, Japan
- Phone number: +81-3-5114-6622
- Office Hours: Weekdays from 9:30 a.m. through 5:00 p.m. (excluding Saturdays, Sundays, public holidays, and the year-end and New Year holidays)
[Accredited personal information protection organization]
The Company is a member of Japan Investment Advisers Association that are accredited personal information protection organizations approved by the Personal Information Protection Commission.
Grievance Desk of the Japan Investment Advisers Association will receive complaints and provide consultation with respect to its members’ handling of personal information and anonymously processed information.
Japan Investment Advisers Association Grievance Desk
Phone +81-3-3663-0505