Privacy Policy

The Company will not use the personal information that it acquires (excluding individual numbers and specific personal information; see "9. Handling of specific personal information, etc.") beyond the scope necessary for the following purposes and for the purposes set forth in "6. Sharing of personal data" (hereinafter "Purposes of Use"). Purposes of Use will also be published on the company website as stated below in order to provide customers with greater clarity and specificity. The Company will in addition endeavor to limit Purposes of Use according to the circumstances of the information's acquisition and note them on applications and pamphlets, etc. Finally, any changes in the Purposes of Use will be notified to relevant individuals and also published on the company website.

• (1)Underwriting, underwriting decision and execution related to an insurance policy application
• (2)Smooth and appropriate payment of benefits after an insured event
• (3)Maintenance and management of insurance policies
• (4)Execution of reinsurance contracts, notifications pursuant to reinsurance contracts, claims for benefits of reinsurance, and provision of personal information to underwriting insurance companies, etc. (including entities in other countries) (including provision by an underwriting insurance company, etc. to another underwriting insurance company, etc.) to facilitate the said purposes
• (5)Provision of services ancillary to insurance policies
• (6)Consulting and operations management services associated with the acceptance in trust of defined-contribution pensions
• (7)Execution and management of weather and earthquake derivatives and other derivatives transactions
• (8)Opening of transaction accounts at investment trusts etc., execution of transactions, management and reporting of balances
• (9)Screening of loans, execution, performance and management of loan contracts
• (10)Provision of information on products (non-life insurance, life insurance, investment trusts, defined-contribution pensions, etc.) handled by the Company, provision of products, agency services, intermediary services, referral services, management services and other services by the Company, and provision of information on other products and services from companies in the MS&AD Insurance Group, as well as provision and management of said products and services and planning, development, surveying and analyzing of new products and services.

  Products and services promoted or provided by the Company and group companies

  • Non-life insurance
  • Life insurance
  • Defined-contribution pensions
  • Loans
  • Investment trusts
  • Weather and earthquake derivatives
  • Health and nursing care services
  • Risk management services
  • Asset appraisal services
  • Other services related to financial instruments and risks
  • Other services ancillary or related to the products and services above
• (11)Promotion and provision of products and services from partner companies and outsourcing companies
• (12)Provision of information on events, campaigns and seminars
• (13)Collection of credits held by the Company
• (14)Development and research of products and services related to insurance and finance through the implementation of market research, data analyses and surveys
• (15)Appropriate performance of entrusted operations when all or a part of the processing of personal information (personal data) is entrusted from another operator
• (16)Explanations of products/services based on analyses of data such as contract information, insured event information, complaints information, records of inquiries/consultations, etc.(*)
• (17)Other use for the appropriate and smooth performance of transactions, etc. with the customer
  "Purpose of use" marked with (*) includes use through analyzing such information as policyholders' contract particulars, transaction records, and browsing records.

• *See "6. Sharing of personal data (1) Sharing with group companies" for the companies in the MS&AD Insurance Group. The Company will obtain the consent of the individual when handling personal information beyond the range necessary to achieve the Purposes of Use, except in the circumstances set forth in the subparagraphs to Article 18 (3) of the Personal Information Protection Act.

• (1)The Company will not provide personal data (excluding individual numbers and specific personal information; see "9. Handling of specific personal information, etc.") to third parties without the consent of the individual except in the following circumstances.
  • a.When provided under applicable laws and ordinances
  • b.When provided to outsourcees (including entities in other countries), including insurance agencies, within the scope necessary for the performance of the operations of the Company to achieve the purpose of use and operate our business;
  • c.When provided to third parties under an "opt out" structure in accordance with procedures set forth in Article 27 (2) of the Personal Information Protection Act
  • d.When provided as a part of sharing with group companies, general insurance companies, the Ministry of Land, Infrastructure and Transport and Tourism and other parties (see "6. Sharing of personal data")
• (2)Except in circumstances set forth in applicable laws and ordinances, when providing personal data to third parties, the Company will record matters related to provision (what kind of personal data provided when and to whom, etc.), and when obtaining personal data from third parties(including when we obtain information relating to an individual specified in "4." below as personal data"), the Company will confirm and record matters related to acquisition (what kind of personal data obtained from which source and when, or how such third-party obtained the data, etc.).
• (3)With consent from the relevant individuals, we may provide their personal data to reinsurance underwriters, etc. (including those located overseas, and including provision of such data by those underwriters, etc. to other underwriters, etc.).

• (1)Where a third party is likely to obtain information relating to an individual (i.e., information relating to a living individual, and not corresponding to any of personal information, pseudonymously processed information, or anonymously processed information) as personal data, except in the case where such third party is required to do so by laws and regulations, we will provide the information concerned only after confirming that such third party has gained the consent of the relevant individual to the third party's obtaining such information.
• (2)Where we expect that we will obtain information relating to an individual as personal data, except in the case where we are required to do so by any law and/or regulation, we will gain the consent of the individual concerned to our obtaining such information.

• (1)The Company may outsource (including entities in other countries) the handling of personal data (including individual numbers and specific personal information as set forth in "9. Handling of specific personal information, etc.") within the scope necessary to achieve the Purposes of Use. When outsourcing the handling of personal data, the Company will establish selection standards for outsources, will confirm the information management system of the outsource in advance, and will perform other necessary and appropriate supervision of the outsource.
  The Company may outsource the handling of personal data in the following circumstances (examples, not meant to be comprehensive).
  • a.Solicitation of insurance policies, operations related to loss adjustments
  • b.Clerical processing of insurance operations, printing and mailing operations
  • c.Operations related to the development, maintenance and administration of information systems
• (2)When we consign handling of personal data to an overseas external third party, we ensure that we not only carry out the following secure management procedures but also conclude a consignment agreement with said third party which obligates it to implement procedures equivalent to the secure management procedures for personal data required under the Personal Information Protection Act (hereinafter "equivalent procedures").
  • a.The following items are checked in writing on an annual basis:
    • (a)Status of implementation of equivalent procedures by the consigned third party; and
    • (b)Existence or otherwise of any system in the country where said consigned third party is located which may impact on implementation of equivalent procedures.
  • b.In the event of any hindrance to implementation of equivalent procedures, we will request that the situation be remedied. If it becomes difficult to ensure ongoing implementation of such equivalent procedures, we will discontinue provision of the personal data in question.
  • c.The consignment agreement provides for such matters as that personal data is to be handled only within the scope of the agreement, that necessary and appropriate secure management procedures are to be implemented, that necessary and appropriate supervision is to be exercised over employees, need for prior approval before subcontracting consigned work, and prohibition of provision of personal data to any third party.
  • d.Please contact the information desk below for queries regarding consignment of personal data handling to overseas external third parties.

• (1)Sharing with group companies
  • a.MS&AD Insurance Group Holdings, Inc. (hereinafter "Holding Company") performs business management for group companies, and MS&AD Insurance Group may share personal data (excluding individual numbers and specific personal information; see "9. Handling of specific personal information, etc.") with the Holding Company and group companies under the following terms and conditions.

    Personal data items

    • (a)Shareholder information (name, address, number of shares, etc.)
    • (b)Customer information (name, address, telephone number, email address, gender, date of birth, policy information noted on applications, descriptions of insured events, and other information on transactions with the customer) held by the Holding Company or the Company

    Scope of sharing and party responsible for management

    The scope of group companies sharing personal information is the domestic and international insurance companies, reinsurers and affiliated operating companies of the MS&AD Insurance Group. See "Sharing of Personal Information among Group Companies" on the Holding Company web site for a full list of group companies. The party responsible for management of sharing is the Holding Company.

  • b.The Company and group companies may share personal data for the promotion or provision of the products and services they handle, as well as planning, development and analyzing of new products and services under the following terms and conditions.

    Personal data items

    Name, address, telephone number, email address, gender, date of birth, policy information noted on applications, descriptions of insured events, and other information on transactions with the customer

    Scope of sharing and party responsible for management

    The scope of group companies sharing personal information is the domestic and international insurance companies, reinsurers and affiliated operating companies of the MS&AD Insurance Group. See "Sharing of Personal Information among Group Companies" on the Holding Company web site for a full list of group companies. The party responsible for management of sharing is the Holding Company.

  • c.The Company may share personal data on agency managers, salespeople and trainees, etc. for the purpose of outsourcing to, recruiting, managing and training agencies (including trainees).

    Personal data items

    Name, address, telephone number, gender, date of birth, salesperson qualification information, agency commission/hiring, matters related to notifications to government authorities, and other information on agency managers, salespeople and trainees, etc.

    Scope of sharing and party responsible for management

    The scope of group companies sharing personal information is the domestic insurance companies of the MS&AD Insurance Group. See "Sharing of Personal Information among Group Companies" on the Holding Company web site for a full list of domestic group insurance companies. The party responsible for management of sharing is the insurance company originally acquiring the personal data.

  • Sharing of Personal Information among Group Companies
• (2)General insurance industry information exchange system
  The Company shares personal data with other general insurance companies, etc. for the purpose of eliminating fraudulent actions in the execution of insurance policies and claims for benefit. It also shares personal data with the General Insurance Rating Organization of Japan for the purpose of appropriate payment of compulsory automobile liability insurance. For details see the web sites of the General Insurance Association of Japan and General Insurance Rating Organization of Japan.
  • General Insurance Association of Japan
  • General Insurance Rating Organization of Japan
• (3)Provision of personal data to the Ministry of Land, Infrastructure and Transport and Tourism
  The Company shares personal information concerning compulsory automobile liability insurance policies for motorized bicycles and motorcycles for displacement between 125-250 cc with the Ministry of Land, Infrastructure and Transport and Tourism (MLIT), and the MLIT serves as the party responsible for management. This is done to enable the MLIT to send postcards confirming enrollment in policies to policyholders for these vehicles whose compulsory automobile liability insurance is thought to be expired, thereby preventing the operation of these vehicles without compulsory automobile liability insurance.
• (4)Confirmation of agency, etc. information
  The Company shares personal data concerning the employees of general insurance agencies with other general insurance companies for the purposes of appropriate supervision of general insurance agencies and recruitment of employees by the Company, etc. In addition, the Company shares personal data on persons passing the General Insurance Agency Examination administered by the General Insurance Association of Japan for the purpose of consignments, etc. to general insurance agencies. See the web site of the General Insurance Association of Japan for details.
  • General Insurance Association of Japan

The Company does not acquire, use or provide to third parties special-care-required personal information as set forth in Article 2 (3) of the Personal Information Protection Act or personal information on labor union affiliation, birth, registered domicile, health or sexuality (hereinafter "Sensitive Information") except in the following circumstances.

• (1)Acquisition, use and provision to third parties of Sensitive Information when necessary for the appropriate administration of insurance services within the scope required for said administration and with the consent of the individual
• (2)Acquisition, use and provision to third parties of Sensitive Information only as necessary for the administration of benefit payments in conjunction with inheritance procedures
• (3)Acquisition, use and provision to third parties of Sensitive Information on employee affiliation with or membership in political and religious groups or labor unions within the scope required for the administration of premium receipts
• (4)When required under applicable laws and ordinances, etc.
• (5)When required for the protection of human life, body or property
• (6)When particularly required for the improvement of public health or the promotion of the sound development of children
• (7)When required to furnish cooperation for the performance of duties, as set forth in applicable laws and ordinances, by central government institutions, local governments, or parties commissioned by them

• (1)Inquiries concerning policy content and events
  Address inquiries concerning policy content and events to your agency, the contact point listed on the insurance policy document, or your local sales office. Inquiries concerning events may also be addressed to the event consultation contact listed on the insurance policy document. The inquiring party will be required to prove their identity before a response is issued.
• (2)Notification, disclosure, correction, and suspension of use, etc. of matters related to retained personal data pursuant to the Personal Information Protection Act
  Submit requests for notification, disclosure, correction or suspension of use of matters related to retained personal data (including individual numbers and specific personal information as set forth in "9. Handling of specific personal information, etc.") pursuant to the Personal Information Protection Act according to the "Procedures for the Disclosure, etc. of Matters Related to Retained Personal Data Pursuant to the Personal Information Protection Act" found on the company website. After confirming the identity of the person making the request, the Company will request that you fill in the standard form and comply with other standard procedures. Request will be answered at a later date using a method selected in accordance with the claimant's preference, such as in writing, mailing of external storage media, including CD-ROMs, or electronic mailing.
  Responses to disclosure requests are subject to the standard fees of the Company. If, as a result of required investigations, the Company determines that information concerning the individual is inaccurate, records will be updated to reflect accurate information as warranted by findings.

• Procedures for the Disclosure, etc. of Matters Related to Retained Personal Data Pursuant to the Personal Information Protection Act

The Company prepares handling rules, security measure implementation structures, and other security measures as necessary to prevent the unauthorized disclosure, loss or damage of the personal data that it handles (including individual numbers and specific personal information as set forth in "9. Handling of specific personal information, etc.") and manage the security of other personal data.

Main details of secure management procedures are as follows:

• (1)Preparation of declaration of personal information protection
  In order to ensure appropriate handling of personal data, we publish such details as "compliance with relevant laws and regulations, guidelines, etc." and "information desk for complaints and consultations" in the declaration of personal information protection (Privacy Policy), and we review such details as necessary.
• (2)Development of rules, etc. for personal data handling
  We stipulate such details as handling methods, supervisors/persons-in-charge and their roles for each stage of acquisition, use, storage, provision, deletion/disposal, etc. in various company rules, including "Customer Information Management Regulations."
• (3)Organization-based secure management procedures
  • Installation of management supervisors, etc. for personal data;
  • Establishment of secure management procedures in the Working Regulations, etc.
  • Business operations in compliance with handling rules concerning secure management of personal data
  • Development of means for confirming the status of personal data handling
  • Development and implementation of a framework for checking and auditing the status of personal data handling
  • Development of a framework for dealing with cases such as information leakage
• (4)Personnel-based secure management procedures
  • Conclusion of non-disclosure agreements, etc. for personal data with employees
  • Clarification of roles, responsibilities, etc. of employees
  • Ensuring of thorough understanding of secure management procedures among, and provision of relevant education and training to, employees.
  • Confirmation of status of employees' compliance with secure management procedures
• (5)Physical secure management procedures
  • Management of areas, etc. where personal data is handled
  • Prevention of theft, etc. of equipment, electronic media, etc.
  • Prevention of information leakage, etc. during personal conveyance/transportation of electronic media, etc.
  • Deletion of personal data and disposal of equipment, electronic media, etc.
• (6)Technological secure management procedures
  • Identification and validation of personal data users
  • Establishment of personal data management classification and access control
  • Administration of personal data access authorizations
  • Measures for preventing issues such as leakage of and/or damage to personal data
  • Recording and analyzing of attempts to access personal data
  • Recording and analyzing of operational status of information systems which handle personal data
  • Monitoring and auditing of information systems which handle personal data
• (7)Supervision of consigned parties
  When consigning the handling of personal data externally, we ensure that parties which properly handle such data are selected. We have developed handling rules for external consignment and review them on a regular basis in order to ensure proper implementation of secure management procedures by consigned parties.
• (8)Understanding of external environment
  We have been carrying out secure management procedures based on good understanding of systems concerning personal information protection which are operated in countries where personal data is handled.

Address questions regarding security measures to the relevant contact point found in "12. Contact points."

• (1)Creation of pseudonymously processed information
  When creating pseudonymously processed information (information relating to an individual that can be created from processing personal information, by taking action stipulated in laws and regulations so as to make it impossible either to identify a specific individual or to restore the original personal information), we will observe the following requirements:
  • a.Information shall be processed appropriately in accordance with standards stipulated in laws and regulations.
  • b.Security control action shall be taken in accordance with standards stipulated in laws and regulations so as to prevent leakage of deleted information and information relating to processing methods.
  • c.No checking against other information shall be carried out to identify the first person relating to personal information used for creation.
• (2)Purpose of use of pseudonymously processed information
  If we have made a change to the purpose of use of pseudonymously processed information, we will define, to the extent possible, the purpose of use after such change and publish same while specifying that it relates to the pseudonymously processed information concerned.

• (1)Creation of anonymized information
  The Company takes the following measures when creating anonymized information (information on individuals obtained by processing personal information using measures set forth in applicable laws and ordinances so that specific individuals cannot be identified and the original personal information cannot be restored).
  • a.Appropriate processing under standards set forth in applicable laws and ordinances
  • b.Implementation of security measures to prevent the unauthorized disclosure of deleted information and information on processing methods in accordance with standards set forth in applicable laws and ordinances
  • c.Publication of information items included in the anonymized information created
  • d.Prohibition of actions for the identification of individuals in the source personal information
• (2)Provision of anonymized information
  When providing anonymized information to third parties, the Company publishes the information items included in the anonymized information and the method by which it will be provided, and explicitly states to the recipient third party that the information provided is anonymized information.

The Company responds appropriately and swiftly to complaints and consultations regarding the handling of personal information (including individual numbers and specific personal information as set forth in "9. Handling of specific personal information, etc.") and anonymized information. Address inquiries and consultations regarding the handling of personal information and anonymized information and regarding retained personal data, and questions regarding security measures, etc. to the following contact points.
Notify the following contact point if you do not wish to receive information on new products and services from the Company by direct mail, etc. Note that contacts regarding policy maturity, maintenance and management of insurance policies, payments of benefits and other similar matters cannot be suspended.

The Company is subject to the General Insurance Association of Japan and Japan Consumer Credit Association as authorized personal information protection organizations. These associations receive complaints and consultations regarding the handling of personal information and anonymized information by the businesses they cover.