NEOBANK 住信SBIネット銀行
ウィンドウを閉じる

Privacy Policy

SBI Sumishin Net Bank, Ltd. (hereinafter “we”, or “us”, or “our”) endeavors to thoroughly manage the valuable personal information, individual number and specific personal information (hereinafter individual number and specific personal information are referred to as “specific personal information, etc.”) of customers from the viewpoint of appropriate protection and use.

1. Compliance with personal information-related laws and regulations

We comply with the Act on the Protection of Personal Information, the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures, the guidelines of competent authorities and other norms for the appropriate protection and use of personal information and specific personal information, etc.

2. Appropriate collection and use

We acquire and use personal information and specific personal information, etc. of customers in an appropriate and lawful way to the extent necessary for business.

3. Restriction due to purposes of use

The personal information entrusted by customers is used to the extent necessary to achieve clearly indicated or publicly announced purposes of use, except where the data subject’s consent has been obtained in advance or in exceptional cases provided for by laws and regulations. Specific personal information, etc. is used only to the extent stipulated by law.

4. Management of personal information

We endeavor to keep the personal information we hold accurate and up to date. When managing personal information and specific personal information, etc., we take the personal data security control measures shown below to prevent unauthorized access, destruction, falsification, leakage, etc. and we also exercise necessary and adequate supervision over officers and employees and establish a system of accountability necessary for the protection of personal information and specific personal information, etc.

(1) Formulation of basic policy

To ensure the appropriate handling of personal data, we have formulated this privacy policy as a basic policy stipulating “Name of Business Operator,” “Compliance with Related Laws, Regulations, Guidelines and Other Requirements,” “Matters Concerning Security Control Measures,” “Question and Complain Handling Service” and other information.

(2) Development of rules on the handling of personal data

We have established a personal data register for properly managing and recording the collection, use, storage, provision, deletion, destruction, etc., of personal data, and we have also established internal regulations on information management including the handling of personal data, clearly specifying the roles and responsibilities of persons who are responsible or in charge of managing information and appropriate handling methods and procedures at each stage.

(3) Systematic security control measures

  • We have assigned persons responsible for the handling of personal data, clarified officers and employees who handle personal data and the scope of personal data to be handled by said officers and employees, and developed a system for reporting to management business units, etc. in the event of an incident such as leakage or discovery of an actual or suspected breach of relevant laws and regulations or internal rules.
  • We carry out self-inspections on a regular basis to check that personal data is being handled properly and are also audited by other business units.

(4) Human security control measures

  • We regularly provide training to officers and employees on compliance with laws, regulations and internal rules related to the appropriate handling of personal data.
  • We stipulate matters related to the confidentiality of personal data and grounds for disciplinary action in the event of a breach of confidentiality in our work rules, and we also have all officers and employees periodically submit a pledge to ensure a strict handling of personal data.

(5) Physical security control measures

  • In areas where personal data is handled, we restrict officer and employee access and the equipment which can be brought in and also take measures to prevent unauthorized persons from viewing personal data.
  • We take steps to prevent the theft, loss, etc. of equipment, electronic media, documents, etc. that contain personal data. Moreover, when carrying such equipment, electronic media, etc. inside offices and between offices and other locations, measures are taken to ensure that personal data cannot be easily accessed.

(6) Technological security control measures

  • We implement appropriate access restrictions, including limiting officers and employees who handle personal data as well as the scope of the personal information database handled by such officers and employees.
  • We have introduced frameworks to protect information systems that handle personal data against illegal access from outside or malware, and these frameworks are properly implemented.

(7) Assessment of external environment

When handling personal data overseas, we implement necessary and appropriate measures for the safe management of personal data based on an understanding of the systems used to protect personal information within that particular foreign country.

5. Outsourced management

We may outsource the processing of personal information and specific personal information, etc. entrusted to us to third parties within the extent of the purposes of use. Such third parties (including their outsourced management partners) are selected based on confirmation of adequate levels of security and are subject to necessary and adequate supervision via contracts and other means.

6. Response to customer requests for disclosure, etc.

When a customer requests the disclosure, correction or suspension of use of their personal data in our possession, or the disclosure of records of its provision to third parties, we endeavor to respond appropriately and promptly in accordance with laws and regulations after confirming the identity of the customer.

7. Response to customer inquiries, etc.

We respond promptly and accurately to inquiries about the handling of personal information and specific personal information, etc.

8. Provision of personal information to third parties

We do not provide personal information entrusted to us by a customer to any third party unless the customer has consented to its provision.
We may, however, provide personal information entrusted to us by a customer to a third party without the consent of the customer when provided in an outsourcing transaction, when provided as a result of business succession due to merger or other such circumstances, when provided to specific persons who have joint use of that data specified separately, or when done pursuant to applicable laws or regulations. We may also provide personal information to a third party when deemed necessary in accordance with other laws and regulations for the public good.
Specific personal information, etc. is not provided to any third party, whether with or without the data subject’s consent, except where permitted under the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures.

9. Ongoing review of Initiatives for protect personal information

Our Initiative for protect personal information are being constantly improved, and this policy is also reviewed and improved on an ongoing basis.
For further details of our handling of personal information, including matters related to procedures for publicly announcing purposes of use, joint use and disclosure, please refer to Handling of Personal Information published separately.

Terms of Use of Our Website, etc.

Please check the following for information on using our website.

Contact for inquiries

For inquiries or complaints regarding this policy, please contact us.

© SBI Sumishin Net Bank, Ltd.