Last Updated: April 1, 2024

Handling of personal information

1. Introduction

Compliance with General Data Protection Regulation (hereinafter "GDPR") and applicable data protection laws and the proper handling of personal data that identifies individuals are vital social obligations of Daiwa Corporate Investment Co., Ltd. (hereinafter referred to as "DCI", "we", "our", or "us"). We have established the following basic policy for the protection of personal data and are constantly working on making improvements to measures for protecting your personal data. Please see https://www.daiwa-inv.co.jp/en/about/company/ for our address and the name of the representative.

2. What Personal Data DCI may collect from you

We will collect your personal data by using legal and proper methods and will not use any improper methods to receive it. We may collect or obtain personal data about you when you or your company gives it to us (for example through an inquiry form on our website, or an establishment of a business relationship with you or your company) and will use or disclose your personal data in accordance with the original purposes you have given. We may also collect or obtain your personal data because we observe or infer information about you from the way you interact with us or others. For example, in order to improve your experience when you visit our website and to ensure that it is functioning effectively, we (or our service providers) may use cookies (small text files stored in a user’s browser) and web beacons which may collect personal data.

The personal data that we collect or obtain in such circumstances may include but not limited to: your name, address, telephone number, e-mail address, cookies and web beacons.

3. Purposes of the processing of the personal data

We use your personal data in the following ways:

  • Examining the possibility of investment and recovery in investment operations by us or funds managed by us;

  • Executing appropriately the entrusted business in cases where all or part of the business including personal information is entrusted by other business entities, etc.;

  • Implementing various measures to facilitate the relationship with shareholders;

  • Receiving requests for materials, sending them, and providing various types of information;

  • Communicating with relevant government agencies, organizations, business partners, etc.;

  • Implementing security measures and risk management;

  • Responding to complaints, inquiries, etc.;

  • Making decisions regarding employment;

  • Used as a means of administrative contact and confirmation in the course of business; and

  • Other purposes that are necessary for the ordinary course of business.

4. Lawful basis for processing personal data

We may process personal data because:

  • It is necessary for legitimate interests pursued by us or a third party in carrying out our business activities, except where such interests are overridden by your interests or fundamental rights and freedoms; or

  • It is necessary to perform the contract with you.

The "legitimate interests" pursued by us or a third party are:

  • For management and audit of our business operations;

  • Managing our relationship with you and other parties;

  • Meeting and complying with our accountability requirements and regulatory obligations; and

  • To protect our business information, our premises and our officers and employees at those premises

Or where it is applicable, we may process personal data also when:

  • It is necessary for compliance with a legal obligation which we are subject to;

  • It is necessary for protection of your vital interests or another natural person’s vital interests;

  • It is necessary for performance of a task carried out in the public interest or in the exercise of official authority which we have; and

  • You have given us consent to process your personal data.

We do not process sensitive personal data, unless (i) you have given us your explicit consent to process that data for one or more specified purposes; (ii) the processing is necessary for the establishment, exercise or defense of legal claims or (iii) you have made the data manifestly public.

5. Disclosure of your data

In connection with one or more of the purposes said above, we may disclose your personal data to: other members of DCI’s group companies (collectively "Group Members", please see https://www.daiwa-grp.jp/english/about/group/. Please see https://www.daiwa-inv.co.jp/en/about/company/ for our address and the name of the representative); third parties that provide services to us and/or other Group Members (such as IT service providers, financial institutions, transportation service providers, suppliers of back office functions, research, analysis and communications agencies, accounting, legal and other professional advisors, etc.); competent authorities as required by laws, regulations, or orders (including courts and authorities regulating us or other Group Members) and other third parties that reasonably require access to personal data relating to you for one or more of the purposes said above.

6. International transfer of personal data

We will not disclose or provide your personal data to third parties in foreign countries (including the countries outside of the European Economic Area whose laws may not provide the same level of data protection) without obtaining your consent, except as permitted by laws and regulations. When obtaining your consent, we will provide information such as the name of the foreign country, the data protection regulations in the country, safeguards taken by the third parties to protect your personal data, and other relevant information. If we are unable to identify the specific third party when obtaining consent, we will provide you with the reasons and other relevant information. If the recipient third party is identified at a later date, you may request information from us regarding the country name, data protection regulations in that country, and safeguards taken by the third party to protect your personal data. We have established a system that complies with the standards set by the Personal Information Protection Commission and take necessary measures to ensure the continuous implementation of measures equivalent to those required of personal information handlers regarding the handling of personal data. You may request information from us regarding these necessary measures.

7. Retention period

We will not retain your personal data for longer than required for the purposes for which the personal data are processed. We will keep your personal data:

  • For as long as required by relevant laws or regulations;

  • Until we no longer have a valid reason for keeping it; and

  • Until we receive your request to delete.

8. Security

We will use necessary and suitable safety management measures for preventing the destruction, loss, alteration and other problems involving personal information (including personal information that we are seeking to obtain and intend to process as personal data). In order to prevent unauthorized access or disclosure, we have put in place appropriate technical and organizational measures to safeguard and secure your personal data in accordance with relevant rules and standards.

9. Your rights

You have various rights in relation to your personal data. In particular, you have the right to request access, obtain copy of, correct and delete your personal data which we hold, as well as the right to restrict certain types of processing of your personal data. Furthermore, you have the right to data portability. If the processing relies on your consent, you have the right to withdraw your consent at any time. The withdrawal shall not affect the processing of personal data you have given consent to.

Besides, you have the right to object to certain types of processing of personal data pursuant to Article 21 of GDPR.

10. Complaints

If you feel that DCI has not responded to your requests and have handled your personal data unlawfully, you have the right to submit a complaint to the relevant data protection authority.

11. Contractual or statutory obligation

The provision of personal data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. However, we reserve the right to reduce or terminate a contractual relation with you in case that you are not willing to provide the necessary personal data for the execution of an agreement.

12. Children

We do not knowingly collect personal data from persons under the age of 16. If you are a parent of a child under 16, we will seek your consent if you wish your child to provide his or her personal data to us.

13. Changes to our privacy policy

We may change this Privacy Policy from time to time in the future. Any such changes will be posted here, and we advise you to check back frequently to see any updates or changes.

14. Contact

If you have any questions, comments and requests regarding this Privacy Policy, please contact us at https://www.daiwa-inv.co.jp/en/contact/.

Daiwa Corporate Investment Co., Ltd.