1. PURPOSE
The following is the privacy notice statement of NIUM Japan kabushiki kaisha (which is licensed as a Funds Transfer Service Provider under the Payment Services Act of Japan with registration no: Kanto Local Finance Bureau, hereinafter, “NIUM” or ”We”) and sets forth our policies & practices in connection with personal data that we collect through our website, and any mobile sites, applications, or other mobile interactive features that are dedicated to Travelex International Money Transfer Service (IMT) (collectively, the “Platform”). Privacy Notice is to comply and ensure that our employees comply with the requirements of the Act on the Protection of Personal Information of Japan (APPI) and any other relevant privacy laws like The General Data Protection Regulation (EU) 2016/679 (GDPR) in the locations in which we operate. In order to use the IMT, you will have to share your personal data with us.
2. SCOPE
This Privacy Notice explains how we handle personal data you share with NIUM for the IMT.
3. PERSONAL DATA
“Personal data” is personally identifiable information that identifies you as an individual, such as your name, mailing address, email address, age range, and the like, which includes any other information that is defined as Personal Information under APPI. Personal data is basically obtained when you voluntarily provide the information to us. We use personal data to better understand your needs and interests and to provide you with better service.
4. DATA SUBJECTS
Individuals accessing the Platform or who are registering to use the services on the Platform, who voluntarily provide personal data to us and whom otherwise NIUM obtained personal data (“you” or “your”) are covered by this Privacy Notice.
5. NIUM PRIVACY PRINCIPLES
Your privacy matters to us. Our business has been built on trust between our customers and ourselves. To preserve the confidentiality of all information you provide to us, we shall maintain the following privacy principles:
- we will first obtain your consent to collect, use, or disclose your personal data unless it is unreasonably difficult to obtain such consent;
- we only collect personal data that we believe to be relevant and necessary, in order to help us conduct our business;
- we use your personal data to provide you with better customer services and products;
- where your consent has been provided, your personal data may be transferred to third parties, including NIUM companies or agents, as may be advised to you, either within or outside Japan, and as permitted by law unless it is practically difficult to obtain consent and such transfer or disclosure is permitted by law. Any contracts with these third parties will include the necessary provisions to safeguard the personal data that is being transferred to them in accordance with the APPI where it is required by law.;
- we may be required from time to time to disclose your personal information to governmental or judicial bodies or agencies or our regulators, if required to do so by law;
- we shall take reasonable measures to ensure that your personal data in our possession or control is accurate and up to date;
- we protect the personal data in our possession or under our control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, or disposal of such data.
By maintaining our commitment to these principles, we will ensure that we respect the inherent trust that you place in us. This notice shall stipulate:
- our purposes of personal data collection;
- the important controls we employ for protecting personal data;
- the classes of persons we can transfer personal data to;
- the data access and correction right of customers;
- our notice for data transfer;
- use of personal data in direct marketing;
- retention of personal data; and
- withdrawal of your consent.
6. PURPOSES OF DATA COLLECTION
- From time to time, it may be necessary for you to supply us your personal data in connection with the opening or continuation of accounts and the establishment or continuation of facilities or provision of opening or continuation of accounts and the establishment or continuation of facilities or provision of commercial services.
- Failure to supply such personal data may result in our inability to open or continue accounts or establish or continue facilities or provide services to you.
- We may also collect personal data in the ordinary course of the continuing our business relationship, for example, when you avail any of our other services through the Platform.
- We, or authorized third parties, may use your personal data for any one of the following purposes:
- conducting checks at the time of your application for our products
- maintaining our credit assessments;
- ensuring your ongoing credit worthiness;
- designing services or related products for your use;
- marketing services, promotional materials, or other services or products for which we may or may not be remunerated;
- determining the amount of indebtedness owed to or by you;
- enforcement of your obligations, including, without limitation, the collection of amounts outstanding from you (including disclosure to credit-reporting or debt collection agency in relation to the recovery of any overdue payments);
- complying with the obligations, requirements or arrangements for disclosing and using data that apply to us including: i.any law binding or applying to us existing currently and as may be amended and enacted in the future, from time to time; ii.any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers existing currently and in the future that apply to us; or iii.any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on us by reason of our financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations.
- complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within our intragroup companies, subsidiaries, or affiliates, and any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities; or
7. WHAT KIND OF PERSONAL DATA DO WE COLLECT AND RESERVE?
The types of personal data that we collect, and share depend on the product or service you avail with us. It includes, but is not limited to:
- contact and personal information: title, your first name, surname, date of birth, email address, mobile phone number, personal code(For My Number, please refer to h)), residential address and/or mailing address, data of the personal identity document, photo, signature, employment status, source of funds, driving license number, sex, citizenship;
- other information: video and audio records of video calls for identification, telephone conversations, IP address;
- details of visits to website, app and use of our Platform;
- for the purpose of direct marketing: name, surname, telephone no., e-mail address, address, date of birth, location, IP address, country of residence, nationality, industry type, employment status, cookies;
- for the purpose of recruitment: name, surname, nationality, address, employment/visa status, telephone no., e-mail address, education, work experience, current and previous employers contacts with candidates’ consent;
- for statistical, analytical and our services improvement purposes, we can use anonymized and aggregated datasets, which can be used not limited to modeling, reporting and analytics;
- representatives of legal entities (members of the management bodies and other representatives (for example, employees) who are authorized to represent the client in relations with the controller or acting on their behalf, representing the client on behalf of the client, according to corporate documents): personal identification number, identity document details, workplace, e-mail address, gender, position, surname, nationality, telephone number, name, photo, signature, bank account information (bank name and bank account number), monetary transaction or transaction date, amount, currency, the data on the beneficiary of the funds (natural person's name, date of birth, personal identification number or other unique character sequence assigned to this person for identifying the person; the legal entity's name, legal form, registered office, code if any).
- My Number (Social Security and Tax Number of Japan), NIUM collects and use it only when the applicable laws and regulations requires and permits.
8. IMPORTANT CONTROLS EMPLOYED BY NIUM FOR PROTECTION OF PERSONAL DATA
- Personal data in our possession and under our control shall be kept confidential and private. We shall take reasonable technical and organizational precautions to prevent the loss, misuse or alteration of your personal data. We shall store all the personal data you provide on our secure servers.
- Physical copies shall be under lock and key with logged access.
- Unfortunately, however, no data transmission over the internet or data storage system can be guaranteed to be 100% secure. Any losses of personal data shall be handled at the outset as per legislated requirements or guidelines. Should there be none, we shall make arrangements to notify the relevant internal & external stakeholders. Periodic updates will be arranged to notify on actions and remedies taken with the final solution to be shared, on a fair and equitable basis. The final handling decision lies with us, based on legal and regulatory priorities firstly followed by its social responsibility.
9. CLASSES OF PERSONS WE CAN TRANSFER PERSONAL DATA
NIUM may provide such personal data for the purposes set out in Section 6 to the following third parties including, but not limited to:
- NIUM Pte Ltd.(our holding company) and its subsidiaries globally;
- any agent, contractor or third-party service provider who provides administrative, telecommunications, computer, payment, debt collection or other services to it in connection with the operation of its business;
- any other person or entity under a duty of confidentiality within our group companies which has to be in line with their nature of function on a need to know basis;
- any person or entity to whom we are obliged or otherwise required to make disclosure under the requirements of any law binding on or applying to our relevant group company, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which our relevant group company is expected to comply, or any disclosure pursuant to any contractual or other commitment of our relevant group company with local or foreign legal, regulatory, govern- mental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be existing currently and in the future applying to itself or its subsidiaries; or
- any other person or entity (including its associated companies or affiliates) who had established or proposes to establish any business relationship with it or recipient of the data. In all instances we shall ensure that our contracts with such third parties shall stipulate that the third parties shall act in accordance with the APPI with respect to your personal data.
10. ACCESS TO AND CORRECTION OF PERSONAL DATA
You have the right:
- to check whether we hold your personal data;
- to access and correct your personal data;
- to request that we correct any of your personal data that may be inaccurate or that we cease to use, transfer to a third party or delete any of your personal data that you do not wish to allow us to do so; and
- to inquire about our policies and practices in relation to personal data and to be informed of the kind of personal data held by us (including complaints).
The above requests can be addressed as follows: Attention to:
- The Compliance Officer (Contact us).
- We may require you to verify your identity before we provide you access to your personal data.
- We may suspend or terminate your use of service if the deleted information is essential for the service.
- We may charge you a fee in accordance with our Schedule of Fees and Guidelines to access to your personal data.
11. DATA TRANSFER
Upon obtaining your consent and/or when we follow applicable law requirements, your personal data may be processed, kept, transferred or disclosed in and to any country by us and in accordance with the laws, rules, regulations, or governmental orders of that (your) country. For international transfer, we will transfer personal data to third parties including our group companies located in these jurisdictions. Pursuant to APPI, you are advised to confirm in advance the following information, being summaries of the privacy protection regimes of the money transfer destination country to which your personal data will be transferred. (The information which the Japanese Bankers Association (Zenginkyo) compiled based on the information published by the United Nations Conference on Trade and Development (UNCTAD) and the latest research reports compiled by the Personal Information Protection Commission JAPAN). Should any jurisdiction be added, where necessary, we will explicitly notify you or obtain your consent.
Names of Foreign Third Parties |
Jurisdiction |
Overview of the Laws |
Privacy Protection Measures taken by the Parties |
NIUM Pte. Ltd. |
Singapore |
https://www.ppc.go.jp/files/pdf/singapore_report.pdf |
The parties take measures corresponding to all of the 8 principles in the OECD Privacy Principles. |
NIUM India Limited |
India |
https://www.ppc.go.jp/files/pdf/india_report.pdf |
|
UAB NIUM EU |
Lithuania |
EU country (A country the Personal Information Protection Commission recognizes as having a personal information protection system equivalent to that of Japan in protecting the rights and interests of individuals.) |
12. DISCLOSURE AND SHARING OF PERSONAL INFORMATION WITH TRAVELEX
Travelex Japan kabushiki kaisha (Travelex) is responsible for marketing and promotion of the IMT. You agree that NIUM may disclose your personal information to Travelex and Travelex may use your personal information in accordance with its privacy notice, which is available at: Link to Travelex page.
13. USE OF DATA IN DIRECT MARKETING
Before we use your personal data in direct marketing, we will obtain your explicit consent to do so. We are allowed to offer you similar goods or services when you signed a contract with us. If you do not wish us to use or provide to other persons your personal data for use in direct marketing as described above, you may exercise your opt-out right by notifying us (Contact us).
14. RETENTION OF PERSONAL DATA
We retain your personal data for the period necessary to carry out the purposes outlined in this Privacy Notice, unless a longer period is required or permitted by law.
15. WITHDRAWAL OF CONSENT
You may, at any time, withdraw your consent for our collection, use, or disclosure of your personal data for any purpose by contacting our Compliance Officer (Contact us).
16. CONTACT US
Address: NIUM Japan Kabushiki Kaisha
〒103-0026 Fingate Terrace 8-1, Nihombashi Kabuto Cho, Chuo, Tokyo
Attention to: Customer Service, Email: [email protected]
Nothing in this Privacy Notice shall limit your rights under applicable laws