〈 Handling of personal information 〉
1. Introduction
Compliance with General Data Protection Regulation (hereinafter "GDPR") and applicable data protection laws and the proper handling of personal data that identifies individuals are vital social obligations of Daiwa Energy & Infrastructure Co. Ltd. (hereinafter referred to as "DEI", "we", "our", or "us"). We have established the following basic policy for the protection of personal data and are constantly working on making improvements to measures for protecting your personal data.
2. What Personal Data DEI may collect from you
We will collect your personal data by using legal and proper methods and will not use any improper methods to receive it. We may collect or obtain personal data about you when you or your company gives it to us (for example through an inquiry form on our website, or an establishment of a business relationship with you or your company) and will use or disclose your personal data in accordance with the original purposes you have given. We may also collect or obtain your personal data because we observe or infer information about you from the way you interact with us or others. For example, in order to improve your experience when you visit our website and to ensure that it is functioning effectively, we (or our service providers) may use cookies (small text files stored in a user’s browser) and web beacons which may collect personal data.
The personal data that we collect or obtain in such circumstances may include but not limited to: your name, address, telephone number, e-mail address, cookies and web beacons.
3. Purposes of the processing of the personal data
We use your personal data in the following ways:
Examining the possibility of investment and recovery in investment operations by us or funds managed by us;
Executing appropriately the entrusted business in cases where all or part of the business including personal information is entrusted by other business entities, etc.;
Implementing various measures to facilitate the relationship with shareholders;
Receiving requests for materials, sending them, and providing various types of information;
Communicating with relevant government agencies, organizations, business partners, etc.;
Implementing security measures and risk management;
Responding to complaints, inquiries, etc.;
Making decisions regarding employment;
Used as a means of administrative contact and confirmation in the course of business; and
Other purposes that are necessary for the ordinary course of business.
4. Lawful basis for processing personal data
We may process personal data because:
It is necessary for legitimate interests pursued by us or a third party in carrying out our business activities, except where such interests are overridden by your interests or fundamental rights and freedoms; or
It is necessary to perform the contract with you.
The "legitimate interests" pursued by us or a third party are:
For management and audit of our business operations;
Managing our relationship with you and other parties;
Meeting and complying with our accountability requirements and regulatory obligations; and
To protect our business information, our premises and our officers and employees at those premises
Or where it is applicable, we may process personal data also when:
It is necessary for compliance with a legal obligation which we are subject to;
It is necessary for protection of your vital interests or another natural person’s vital interests;
It is necessary for performance of a task carried out in the public interest or in the exercise of official authority which we have; and
You have given us consent to process your personal data.
We do not process sensitive personal data, unless (i) you have given us your explicit consent to process that data for one or more specified purposes; (ii) the processing is necessary for the establishment, exercise or defense of legal claims or (iii) you have made the data manifestly public.
5. Disclosure of your data
In connection with one or more of the purposes said above, we may disclose your personal data to: other members of DEI’s group companies (collectively "Group Members", please see https://www.daiwa-grp.jp/english/about/group/); third parties that provide services to us and/or other Group Members (such as IT service providers, financial institutions, transportation service providers, suppliers of back office functions, research, analysis and communications agencies, accounting, legal and other professional advisors, etc.); competent authorities as required by laws, regulations, or orders (including courts and authorities regulating us or other Group Members) and other third parties that reasonably require access to personal data relating to you for one or more of the purposes said above.
6. International transfer of personal data
Please note that your personal data referenced above may be transferred to and stored at countries outside of the European Economic Area whose laws may not provide the same level of data protection. In such cases, we will ensure that there are adequate safeguards in place to protect your personal data that comply with our legal obligations.
7. Retention period
We will not retain your personal data for longer than required for the purposes for which the personal data are processed. We will keep your personal data:
For as long as required by relevant laws or regulations;
Until we no longer have a valid reason for keeping it; and
Until we receive your request to delete.
8. Security
We will use necessary and suitable safety management measures for preventing the destruction, loss, alteration and other problems involving personal information. In order to prevent unauthorized access or disclosure, we have put in place appropriate technical and organizational measures to safeguard and secure your personal data in accordance with relevant rules and standards.
9. Your rights
You have various rights in relation to your personal data. In particular, you have the right to request access, obtain copy of, correct and delete your personal data which we hold, as well as the right to restrict certain types of processing of your personal data. Furthermore, you have the right to data portability. If the processing relies on your consent, you have the right to withdraw your consent at any time. The withdrawal shall not affect the processing of personal data you have given consent to.
Besides, you have the right to object to certain types of processing of personal data pursuant to Article 21 of GDPR.
10. Complaints
If you feel that DEI has not responded to your requests and have handled your personal data unlawfully, you have the right to submit a complaint to the relevant data protection authority.
11. Contractual or statutory obligation
The provision of personal data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. However, we reserve the right to reduce or terminate a contractual relation with you in case that you are not willing to provide the necessary personal data for the execution of an agreement.
12. Children
We do not knowingly collect personal data from persons under the age of 16. If you are a parent of a child under 16, we will seek your consent if you wish your child to provide his or her personal data to us.
13. Changes to our privacy policy
We may change this Privacy Policy from time to time in the future. Any such changes will be posted here, and we advise you to check back frequently to see any updates or changes.
14. Contact
If you have any questions, comments and requests regarding this Privacy Policy, please contact us at https://www.daiwa-ei.jp/en/contact/.