Mitsui Sumitomo Insurance Co., Ltd.

Given the importance of protecting personal information, and seeking to maximize public confidence in the general insurance business, Mitsui Sumitomo Insurance Co., Ltd. (hereinafter "we": Click here for company address and name of representative) will strictly comply with the Act on the Protection of Personal Information (hereinafter “Personal Information Protection Act”), the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures (hereinafter “My Number Act”), other applicable laws and regulations / other guidelines, as well as the Guidelines on Protection of Personal Information for General Insurance Companies (hereinafter “Guidelines for General Insurance Companies”) issued by the General Insurance Association of Japan, to properly handle personal information. We will also take appropriate secure management measures by following the practical guidelines issued by the Financial Services Agency and the General Insurance Association of Japan.
We will also ensure that personal information is not mishandled, and will properly educate and supervise those who are engaged in business operations in the appropriate handling of personal information.
We will continue to review and improve our handling of personal information and our methods for secure management.

1. Collection/Use of Personal Information

We will obtain and use personal information to the extent necessary for our business in a legitimate and fair manner.
We will collect personal information mainly from insurance application forms, contract forms, insurance claim forms, transaction documents, questionnaires, and other documents. We may also obtain personal information (excluding individual numbers and specific personal information as specified in 9 below) through means such as phone calls involving questions and consultations, which will be recorded to accurately record their content.

2. Purpose of Use of Personal Information

We will use personal information (excluding individual numbers and specific personal information; as specified in 9 below.) only to the extent necessary to accomplish the following purposes, or the purposes stated in item 5 below (herein referred to collectively as the "purposes of use"). We will define the purposes of use specifically as set forth below so that customers should understand them clearly and publish them on our website or in other ways. We will also limit the purposes of use to an extent relevant to specific cases where personal information is obtained and state them in insurance application forms, brochures, and other documents. If there are any changes in the purposes of use, we will either notify individuals of the details of the changes or publish them on our website or in other publications.

  • (1) Examination of underwriting, underwriting and execution associated with insurance contract applications
  • (2) Smooth and appropriate claims settlements in the case of occurrence of an insured event
  • (3) Maintenance and management of insurance contracts
  • (4) Conclusion of reinsurance contracts, notification based on reinsurance contracts, lodgment of claims for reinsurance money, and provision of personal information to underwriting insurers, etc. (including those located overseas) for such purposes
  • (5) Provision of services attached to insurance contracts
  • (6) Consulting work and operational management work entrusted in association with fixed contribution pensions
  • (7) Execution and management of derivatives transactions, such as weather derivatives and earthquake derivatives
  • (8) Establishment of transaction accounts, execution of various transactions and management/reporting of the balances of accounts in association with investment trusts, etc.
  • (9) Examination concerning financing, conclusion, execution and management of financing contracts
  • (10) Explanation, provision, representation, intermediation, introduction and management concerning products offered by the Company (such as non-life insurance, life insurance, investment trusts and defined contribution pension plans) and explanation, provision and management of services offered by the Company as well as other products and services offered by MS&AD Insurance Group companies, and planning, development, surveying and analyzing of new products and services.
    Products and services explained or provided by us and our Group companies
    • *Non-life insurance
    • *Life insurance
    • *Defined-contribution pensions
    • *Loans
    • *Investment trusts
    • *Weather and earthquake derivatives
    • *Health and nursing care services
    • *Risk management services
    • *Asset valuation services
    • *Other financial products and risk-related services
    • *Other services incidental to or relating to the above products and services
  • (11) Explanations and provision of products/services offered by our business partners, outsourcing partners and other entities, such as assistance in purchasing automobiles and arranging automobile inspections
  • (12) Explanations of events, campaigns and seminars, and provision of information
  • (13) Collection of our receivables;
  • (14) Insurance/financial product and service R&D, involving market research, data analyses, and questionnaires;
  • (15) Proper processing of personal information (personal data), in whole or in part, under contract for other companies
  • (16) Explanations of products/services based on analyses of data such as contract information, insured event information, complaints information, records of inquiries/consultations, etc.(*)
  • (17) Proper and smooth performance of transactions and other interactions with customers.

“Purpose of use” marked with (*) includes use through analyzing such information as policyholders' contract particulars, transaction records, and browsing records.

  • * Please refer to item 6 (1) below with respect to the MS&AD Group companies.

In cases where obtained personal information is intended to be used beyond the extent necessary to accomplish the purposes of use, we should acquire consent from the relevant individuals to such use unless it meet any item of Article 18, paragraph (3) of the Act on the Protection of Personal Information.

3. Provision of Personal Data to Third Parties and Obtainment Thereof from Third Parties

  • (1)We will only offer personal data (excluding individual numbers and specific personal information; as specified in 9 below.) without consent to third parties in the following situations:
    • [1] When required to do so by laws and regulations;
    • [2] When offering the information to consigned companies, including insurance agents, (including those located overseas), to the extent necessary to achieve the purpose of use and operate our business;
    • [3] When offering the information to third parties via procedures based on Article 27, paragraph (2) of the Act on the Protection of Personal Information (i.e. opting out);
    • [4] When sharing information between our Group companies, with other non-life insurance companies, the Ministry of Land, Infrastructure, Transport and Tourism (“MLIT”), or other entities (please refer to item 6 below).
  • (2)When we have provided personal data to a third party, except when required to do so by laws and regulations, we will record the details about such provision (when, to whom, what personal data, etc.). When we have been provided with personal data by a third party (including when we obtain information relating to an individual specified in 4. below as personal data), we will confirm and record the details about such provision (when, from which party, what personal data, how the third party concerned obtained the personal data in question, etc.).
  • (3)With consent from the relevant individuals, we may provide their personal data to reinsurance underwriters, etc. (including those located overseas, and including provision of such data by those underwriters, etc. to other underwriters, etc.). Since underwriters, etc. who may receive such personal data are not finalized at the time of insurance contract applications, we are unable to specify in advance such details as countries where such underwriters, etc. are located, personal information protection systems operated in such countries, or secure management procedures for personal data implemented by such underwriters. However, countries in which such potential recipients of information (underwriters, etc.) are located include the following:(Click here for the reference.)

4. Handling of Information Relating to An Individual

  • (1)Where a third party is likely to obtain information relating to an individual (i.e., information relating to a living individual, and not corresponding to any of personal information, pseudonymously processed information, or anonymously processed information) as personal data, except in the case where such third party is required to do so by laws and regulations, we will provide the information concerned only after confirming that such third party has gained the consent of the relevant individual to the third party's obtaining such information.
  • (2)Where we expect that we will obtain information relating to an individual as personal data, except in the case where we are required to do so by any law and/or regulation, we will gain the consent of the individual concerned to our obtaining such information.

5. Consignment of Personal Data Handling

  • (1)We may provide a certain portion of obtained personal information (including individual numbers and specific personal information as specified in 9 below) to external third parties (including those located overseas) for consigned operations within the extent necessary to accomplish the purposes of use. According to pre-set criteria for selecting consigned companies, we will check their information management system and conduct other necessary and adequate supervision on the consigned company, prior to making an order and trusting personal data to it. Here are examples of our contract jobs which involve the handling of personal information as follows:
    • [1] Offering of insurance policies and jobs relating to investigations into insured events
    • [2] Administration of insurance policies and jobs relating to printing and mailing
    • [3] Jobs relating to development, maintenance and operation of the information systems
  • (2)When we consign handling of personal data to an overseas external third party, we ensure that we not only carry out the following secure management procedures but also conclude a consignment agreement with said third party which obligates it to implement procedures equivalent to the secure management procedures for personal data required under the Personal Information Protection Act (hereinafter “equivalent procedures”).
    • [1] The following items are checked in writing on an annual basis:
      • a) Status of implementation of equivalent procedures by the consigned third party; and
      • b) Existence or otherwise of any system in the country where said consigned third party is located which may impact on implementation of equivalent procedures.
    • [2] In the event of any hindrance to implementation of equivalent procedures, we will request that the situation be remedied. If it becomes difficult to ensure ongoing implementation of such equivalent procedures, we will discontinue provision of the personal data in question.
    • [3] The consignment agreement provides for such matters as that personal data is to be handled only within the scope of the agreement, that necessary and appropriate secure management procedures are to be implemented, that necessary and appropriate supervision is to be exercised over employees, need for prior approval before subcontracting consigned work, and prohibition of provision of personal data to any third party.
    • [4] Please contact the information desk below for queries regarding consignment of personal data handling to overseas external third parties.

6. Shared Use of Personal Data

  • (1) Shared use with the Group companies
    • [1]

      For MS&AD Insurance Group Holdings, Inc. (hereinafter, the "Holding Company") to manage the business of the MS&AD Insurance Group companies, MS&AD Insurance Group may share personal data(excluding individual numbers and specific personal information; See 8 below.) between the Holding Company and the MS&AD Insurance Group companies based on the following conditions.

      Items of personal data
      • a) Shareholder information (name, address, number of shares, etc.)
      • b) Customer information held by the Holding Company or the Group companies (name, address, phone number, email address, gender, date of birth, other information related to customer transactions such as those noted in contract forms or information regarding insured events, etc.).
      Scope of users of shared information and management representative
      Users of shared information are domestic and overseas insurance companies, reinsurance companies, and related companies of the MS&AD Insurance Group. (Click here to see the users.) The management representative for the shared use of information will be the Holding Company.
    • [2]

      We and other Group companies may share personal data for the purpose of explaining or providing products and services, as well as planning, development and analyzing of new products and services under the following conditions:

      Items of personal data
      Name, address, telephone number, e-mail address, gender, date of birth, and other information related to customer transactions such as contract details noted in application forms or information regarding insured events, etc.
      Scope of users of shared information and management representative
      Users of shared information are domestic and overseas insurance companies, reinsurance companies, and related companies of the MS&AD Insurance Group. (Click here to see the users.) The management representative for the shared use of information will be the Holding Company.
    • [3]

      We may share for use personal data of insurance agent owners, solicitors, probationers, etc. for the purpose of contract, employment, management and education of agents, including probationers.

      Items of personal data
      Name, address, telephone number, gender, date of birth, solicitor qualification information, and information regarding insurance agent owner, solicitors, probationers, etc., such as matters concerning contract of agent, employment, and written notice filed to the competent authorities.
      Scope of users of shared information and management representative
      Users of shared information are domestic insurance companies, reinsurance companies of the MS&AD Insurance Group. (Click here to see the users.) The management representative for the shared use of information will be the respective insurance companies that initially obtained the relevant pieces of the information.
  • (2) Information sharing system of the non-life insurance industry

    We will share personal data with other non-life insurance companies, etc. to eliminate misconduct in the conclusion of insurance contracts or in the filing of insurance claims.
    We will also share personal data with the General Insurance Rating Organization of Japan to ensure proper payments of insurance benefits for compulsory automobile liability insurance. For details, please see the website of the General Insurance Association of Japan (https://www.sonpo.or.jp/en/) or the General Insurance Rating Organization of Japan (https://www.giroj.or.jp/english/).

  • (3) Provision of personal data to the Ministry of Land, Infrastructure, Transport and Tourism.

    We provide personal data concerning compulsory automobile liability insurance of motorized bicycles and small motorcycles to the MLIT. The Ministry needs to use the data to send postcards to owners of the aforementioned vehicles when their policy periods of compulsory automobile liability insurance are deemed to have expired. The Ministry thereby confirms if the owners have renewed their insurance, for the purpose of preventing use of uninsured motorized bicycles and small motorcycles. The management representative for the shared use of information is the MLIT.
    For details, please refer to the website of the MLIT (http://www.mlit.go.jp/jidosha/anzen/04relief/).

  • (4) Shared use of personal data concerning insurance agents, etc.

    We will share the personal data of employees of non-life insurance agents and other entities with other non-life insurance companies for the appropriate supervision of non-life insurance agents and for recruitment of staff. We will also use personal data including information about persons who have passed Non-Life Insurance Solicitors Examinations or other examinations undertaken by the General Insurance Association of Japan for commissioning as our insurance agents, or for other purposes. For details, please refer to the website of the General Insurance Association of Japan (https://www.sonpo.or.jp/en/).

7. Handling of Credit Information

In accordance with Article 53-9 of the Enforcement Regulation of Insurance Business Law, we will use information on the creditworthiness of individuals provided by credit information organizations (meaning organizations that collect information on the creditworthiness of individuals and that provide us with such information) only to the extent necessary to confirm the creditworthiness of individuals.

8. Handling of Sensitive Information

We will not obtain, use, or offer to third parties sensitive information such as 1) any type of information for which special care is required, as stipulated in Article 2 Paragraph 3 of the Personal Information Protection Act, or 2) any personal information relating to matters such as labor union membership, family background, domicile of origin, medical history and sexual orientation, except in the following situations:

  • (1) When the sensitive information is obtained, used, or provided to a third party to the extent necessary to ensure proper operation of insurance business and with consent from the corresponding person;
  • (2) When the sensitive information is obtained, used, or provided to a third party to the extent necessary to pay insurance benefits involving inheritance procedures, etc.;
  • (3) When sensitive information of employees, etc. concerning affiliation to, or membership of, political, religious, or other groups or labor unions, is obtained, used, or provided to a third party to the extent necessary to collect insurance premiums, etc.;
  • (4) When required to do so by laws and regulations;
  • (5) When required to do to protect a person's life, body, or property;
  • (6) When especially required to do so to improve public health or promote the sound development of children;
  • (7) When required to do so to cooperate with any government organizations, local public organizations or parties commissioned by such organizations in performing operations required by laws and regulations.

9. Handling of Specific Personal Information

We will neither acquire nor use individual numbers or specific personal information as provided by the My Number Act for any purpose other than those restrictively specified in said Act. We will not provide individual numbers or specific personal information to any third party except in those cases which are restrictively specified in the My Number Act. Furthermore, we will not use individual numbers or specific personal information in a shared manner, as stated in 6 above.

10. Request for Disclosure or Amendment or Discontinuation of Use, etc.

  • (1) Inquiry about details of insurance policies and insured events
    Please refer to the information desk below for any details of insurance policies and insured events. We will provide a response after verifying the identity of the claimant. We will correct any information held about the claimant that we find is incorrect.
  • (2) Notification, disclosure, corrections, etc. of personal information held under the Act on the Protection of Personal Information or discontinuation, etc. of its use
    Please refer to the information desk for requests for notification, disclosure, corrections etc. of the use of information that we hold under the Act on the Protection of Personal Information (including individual numbers and specific personal information as specified in 8 above) , or discontinuation, etc. of its use.
    We will reserve the right to verify the identity of the claimant, who will be required to complete the prescribed forms and the application procedure. Requests will be answered at a later date using a method selected in accordance with the claimant's preference, such as in writing, mailing of external storage media, including CD-ROMs, or electronic mailing. At the time of responding, we will require claimants to pay the standard fees for any requests for disclosure. (Click here for details of the procedure.)
    If we find that information about the claimant is incorrect, we will correct the information based on the results of our investigation as required.

11. Summary of Secure Management Procedures for Personal Data

We will make efforts to prevent leakage, damage, or defamation of personal data (including individual numbers and specific personal information as specified in 8 above). We will also ensure adequate security measures such as maintenance of policies regarding usage as well as that of systems in place for secure management procedures.

Main details of secure management procedures are as follows:
  • (1) Preparation of declaration of personal information protection

    In order to ensure appropriate handling of personal data, we publish such details as “compliance with relevant laws and regulations, guidelines, etc.” and “information desk for complaints and consultations” in the declaration of personal information protection (Privacy Policy), and we review such details as necessary.

  • (2) Development of rules, etc. for personal data handling

    We stipulate such details as handling methods, supervisors/persons-in-charge and their roles for each stage of acquisition, use, storage, provision, deletion/disposal, etc. in various company rules, including “Customer Information Management Regulations.”

  • (3) Organization-based secure management procedures
    • Installation of management supervisors, etc. for personal data;
    • Establishment of secure management procedures in the Working Regulations, etc.
    • Business operations in compliance with handling rules concerning secure management of personal data
    • Development of means for confirming the status of personal data handling
    • Development and implementation of a framework for checking and auditing the status of personal data handling
    • Development of a framework for dealing with cases such as information leakage
  • (4) Personnel-based secure management procedures
    • Conclusion of non-disclosure agreements, etc. for personal data with employees
    • Clarification of roles, responsibilities, etc. of employees
    • Ensuring of thorough understanding of secure management procedures among, and provision of relevant education and training to, employees.
    • Confirmation of status of employees' compliance with secure management procedures
  • (5) Physical secure management procedures
    • Management of areas, etc. where personal data is handled
    • Prevention of theft, etc. of equipment, electronic media, etc.
    • Prevention of information leakage, etc. during personal conveyance/transportation of electronic media, etc.
    • Deletion of personal data and disposal of equipment, electronic media, etc.
  • (6) Technological secure management procedures
    • Identification and validation of personal data users
    • Establishment of personal data management classification and access control
    • Administration of personal data access authorizations
    • Measures for preventing issues such as leakage of and/or damage to personal data
    • Recording and analyzing of attempts to access personal data
    • Recording and analyzing of operational status of information systems which handle personal data
    • Monitoring and auditing of information systems which handle personal data
  • (7) Supervision of consigned parties

    When consigning the handling of personal data externally, we ensure that parties which properly handle such data are selected. We have developed handling rules for external consignment and review them on a regular basis in order to ensure proper implementation of secure management procedures by consigned parties.

  • (8) Understanding of external environment

    We have been carrying out secure management procedures based on good understanding of systems concerning personal information protection which are operated in countries where personal data is handled.

Please contact the information desk below for queries regarding secure management procedures.

12. Handling of Pseudonymously Processed Information

  • (1) Creation of pseudonymously processed information

    When creating pseudonymously processed information (information relating to an individual that can be created from processing personal information, by taking action stipulated in laws and regulations so as to make it impossible either to identify a specific individual or to restore the original personal information), we will observe the following requirements:

    • [1] Information shall be processed appropriately in accordance with standards stipulated in laws and regulations.
    • [2] Security control action shall be taken in accordance with standards stipulated in laws and regulations so as to prevent leakage of deleted information and information relating to processing methods.
    • [3]No checking against other information shall be carried out to identify the first person relating to personal information used for creation.
  • (2) Purpose of use of pseudonymously processed information

    If we have made a change to the purpose of use of pseudonymously processed information, we will define, to the extent possible, the purpose of use after such change and publish same while specifying that it relates to the pseudonymously processed information concerned.

  • (3) Shared use of pseudonymously processed information

    (Click here for the reference.)

13. Handling of Anonymously Processed Information

  • (1) Creation of Anonymously Processed Information

    When creating anonymously processed information (information relating to an individual that can be created from processing personal information, by taking action stipulated in laws and regulations so as to make it impossible either to identify a specific individual or to restore the original personal information), we will observe the following requirements:

    • [1] Information shall be processed appropriately in accordance with standards stipulated in laws and regulations.
    • [2] Security control action shall be taken in accordance with standards stipulated in laws and regulations so as to prevent leakage of deleted information and information relating to processing methods.
    • [3] Items of information contained in anonymously processed information shall be disclosed to the public.
    • [4] No action shall be taken to identify the first person relating to personal information used to create the anonymously processed information concerned.
  • (2) Provision of Anonymously Processed Information

    When providing anonymously processed information to a third party, we will disclose to the public the items of information relating to an individual contained in such anonymously processed information as well as the method of provision, and we will state to the third party explicitly to the effect that the information being provided is anonymously processed information.

14. Information Desk

We will respond quickly and appropriately to complaints and requests for consultations regarding our handling of personal information (including individual numbers and specific personal information as specified in 8 above).
If you would not wish to receive any information on our new products or services by e-mail, direct mail, or in other ways, please contact our desk to unsubscribe from the distribution list as set forth below, which, however, does not apply to maturity notices and communications for such as contract administration and for claims handling.
Please contact the desk below for enquiries, disclosure, corrections, etc. regarding the handling of personal information, requests for discontinuation, etc. of use of personal data, and questions about secure management procedures.

Contact Desk
Mitsui Sumitomo Insurance Co., Ltd., Customer Desk
Telephone Number: 0120-632-277 (toll free)
Business Hours: 9:00-18:00 (Monday through Friday)
9:00-17:00 (Saturday, Sunday and Holidays)
  • * The office is closed during the year-end and new-year period.

We are a member of the General Insurance Association of Japan, Japan Securities Dealers Association, and Japan Consumer Credit Association, which are authorized personal information protection organizations. These Associations accept complaints and request for consultations regarding the handling of personal information by member companies.

The General Insurance Association of Japan, Sonpo ADR Center Tokyo (General Insurance Counseling and ADR Center Tokyo)
Address: 2-105, 7F Waterasu Annex, Kanda Awajicho, Chiyoda-Ku, Tokyo 101-0063
Tel: 03-3255-1470 (open from 9:00 to 17:00 excluding Saturdays, Sundays, holidays and during the year-end and new-year period.)
URL: https://www.sonpo.or.jp/en/
Personal Information Consultation Office
Japan Securities Dealers Association
Address: 2-11-2, Nihombashi, chuo-ku, Tokyo 103-0027
Tel: 03-6665-6764 (open from 9:00 to 17:00 excluding Saturdays, Sundays, holidays and during the year-end and new-year period.)
URL: https://www.jsda.or.jp/en/
Japan Consumer Credit Association
Address: 14-1, 6F Sumisei Nihombashi Koami-cho Building, Koami-cho, Nihombashi, Chuo-ku, Tokyo 103-0016
Tel: 03-5645-3360 (open from 10:00 to 12:00 and 13:00 to 16:00 excluding Saturdays, Sundays, holidays and during the year-end and new-year period.)
URL: https://www.j-credit.or.jp/en/