On 25 May 2018 the General Data Protection Regulation (the "GDPR") comes into force in the European Union ("EU"). As part of our implementation we are obliged to provide our customers, vendors and suppliers ("Customers") with a privacy notice. This is aimed at notifying you about the personal data that Japan Bank for International Cooperation ("JBIC") holds relating to you, how you can expect your personal data to be used and for what purposes.
JBIC is a "data controller". This means that we are responsible for deciding how we hold and use personal data about you.
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such information.
2. DATA PROTECTION PRINCIPLES
We will comply with data protection law. This says that the personal data we hold about you must be:
- (a) Used lawfully, fairly and in a transparent way.
- (b) Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- (c) Relevant to the purposes we have told you about and limited only to those purposes.
- (d) Accurate and kept up to date.
- (e) Kept only as long as necessary for the purposes we have told you about.
- (f) Kept securely.
3. THE KIND OF INFORMATION WE HOLD ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The personal data we collect about our Customers is very limited. We collect only information about their personnel (name, company name, department, title, photographs, company address, work email addresses, telephone numbers, fax numbers, educational background, work history, qualifications, bank account number, information about transactions and payment between us and Customers).
4. HOW YOUR PERSONAL DATA IS COLLECTED
We may collect personal data about you in a number of different ways including, but not limited to the following:
- in the course of our contracts with Customers; and/or
- from business cards.
5. HOW WE WILL USE YOUR PERSONAL DATA
5.1. Purpose of processing personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- (a) Where we need to perform the contract we have entered into with you.
- (b) Where we need to comply with any legal obligations.
- (c) Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal data in the following situations, which are likely to be rare:
- (i) Where we need to protect your interests (or someone else's interests).
- (ii) Where it is needed in the public interest or for official purposes.
5.2. Situations in which we will use your personal data
We may use your information for the following purposes:
|Purposes||Legal basis for processing|
|Pursue legitimate interests of our own
or those of third parties
|Entering into the contract with Customers||●||Business management and operations|
|Performing the contract we are about to enter into or have entered into with Customers||●||●|
|Maintaining and developing our relationship with Customers||●||Business management and operations|
|Facilitating our internal business operations including accounting, billing, collections, and payments||●||●||Business management and operations|
|Fulfilling our legal and regulatory obligations||●|
|For internal sharing of information necessary for our business||●||Ensuring corporate governance to comply with obligations under laws, regulations and norms; and Business management and operations|
This is not intended to be an exhaustive list and we may use personal data provided to us for related and/or ancillary purposes.
Visitors to Company offices
When attending our offices, you may be asked to provide identification documents to clear our security checks.
6. SHARING YOUR PERSONAL DATA
We may share your personal data:
- with other Company affiliated entities on a confidential basis for the performance of our contracts and/or in compliance with our legislative and regulatory requirements;
- for auditing and accounting purposes;
- with regulators, courts and law enforcement agencies as necessary; and
- in other circumstances where we have your express consent to do so.
7. DATA SECURITY
We will take reasonable steps to ensure that the information that we hold about you is kept confidential and secure. In addition to personal data being kept electronically, we may also store physical documents on file.
7.1 Transferring data abroad
We may transfer the personal data we collect about you from either of our representative offices in UK or France to our head office or other representative offices of JBIC outside the EEA and in order to perform the activities and our contract with you and more specifically, the activities set out in paragraph 7.4 above.
Moreover to ensure that your personal data receives adequate protection and is treated in a way that is consistent with and which respects EU laws on data protection, we have adopted the safeguards used in the model contract clauses approved by the European Commission.
Where a group entity outside the EEA needs to share your personal data with a third party (for example to its share transfer agents), it will only do so if it believes that the third party has adequate protection policies and procedures in place.
7.2 Updating your personal data
Should you wish to amend the personal data that we hold for you, please contact Chief Representative. We will not be responsible for any losses arising directly or indirectly from any inaccurate and/or incomplete information provided to us by you.
7.3 Retention of your personal data
We will retain your personal data only for as long as is reasonably necessary in the circumstances and in compliance with our legislative and regulatory requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
8. YOUR RIGHTS
In accordance with data privacy laws in certain jurisdictions in which we operate, you may have the right to:
- request access to the personal data which we hold about you;
- request correction of personal data;
- request the transfer of your personal data to another party;
- request the restriction of process; and
- request the deletion of your personal data if JBIC is no longer under a legal obligation to process such data. JBIC can also refuse to delete your data if in its view it requires the information for defence of legal claims against it.
If you wish to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact Chief Representative in writing.
We monitor visits to our website and record the IP addresses of visitors to our website. This information does not identify you as an individual, and allows you to navigate our website more easily.
10. STATUS OF THIS PRIVACY NOTICE
We review this privacy notice regularly and reserve the right to revise it or any part of it from time to time to reflect changes in the law, information security and technology practices or in the way in which we process your personal data.
11. CONTACT INFORMATION
If you have any questions about this privacy notice, or want to submit a written complaint to us about how we handle your personal data, please contact us at Chief Representative.
You may also have the right to submit a complaint to the relevant supervisory authority in your jurisdiction.