Privacy PolicyPersonal Information Protection Policies

1 May, 2024

QUICK Corp. (“we”) serves as an information-infrastructure that supports the Japanese securities and financial markets. Our mission is to support the decision making of a wide range of customers, from securities firms and financial institutions to institutional investors, corporations, and individual investors.
Therefore, we have established the following policy on the protection of Personal Information, and we will make every effort to ensure that all employees are fully aware of this policy and to protect Personal Information.

  1. We will comply with the Act on the Protection of Personal Information and related laws and regulations, as well as the guidelines prepared by the competent authorities, and establish the following basic policies.
  2. We will acquire Personal Information in accordance with laws and regulations, and shall keep it accurate and up-to-date to the extent necessary to achieve the purpose of use. In addition, when the need to use Personal Information no longer exists, we shall make efforts to delete the relevant Personal Information without delay.
  3. We will use the acquired Personal Information (except Specific Personal Information (MY NUMBER and Personal Information which includes MY NUMBER in its contents)) for the purpose of use stated in the “Handling of Personal Information.” Special care-required Personal Information shall be obtained only with the consent of the person concerned, except in cases where it is handled as an exception under laws and regulations.
  4. We may provide Personal Data (which includes Personal Information that we have obtained or are about to obtain and that we plan to handle as Personal Data, but excludes Specific Personal Information such as MY NUMBER and Personal Information that includes MY NUMBER in its contents) to a third party if permitted by law or with the consent of the person concerned.
  5. In order to prevent the leakage, loss, damage or unauthorized use of Personal Data, we will take necessary and appropriate security control measures at each stage of acquisition, use, and storage of Personal Data.
  6. When we have our employees handle Personal Data, we will exercise necessary and appropriate supervision to ensure the security control of such Personal Data.
  7. In case that we entrust all or part of the handling of Personal Data to a third party, we shall exercise necessary and appropriate supervision over the third party in order to ensure the security control of Personal Information.
  8. We will promptly respond to the demand from the principal for disclosure, revision (correction, addition or deletion), suspension of use (suspension of use or deletion, or cease to provide to a third party) or disclosure of records of provision to a third party of Personal Information.
    Provided, however, this provision shall not apply if the Company determines that the exceptional requirements set forth in laws and regulations will be met.
    Regarding the procedures for disclosure requests, please refer to chapter 3 (Procedures for Disclosure Request) of the “Handling of Personal Information”
  9. We make continuous improvements in the handling of Personal Information.

Established on April 1, 2005
Revised on March 9, 2020
Revised on July 26, 2021
Revised on October 25, 2021
Revised on April 1, 2023
Revised on May 1, 2024

QUICK Corp.
Shinzo Takami
President, Chief Executive Officer

Personal Information Complaint/Consultation Desk

QUICK Corp.
Personal Information Protection Manager
〒103-8317
Nihonbashi Kabutocho 7-1 KABUTO ONE, Chuo-ku, Tokyo
Please contact us for any complaints or inquiries regarding the handling of Personal Information.

Handling of Personal Information

1 Intended use of Personal Information

  1. Personal Information of business partners, those who participated in seminars sponsored or co-hosted by us, those who answered to our surveys, those who we received inquiries, users of our services, and visitors to our website (hereinafter collectively referred to as “Customers”)
    1. In order to provide our services, our affiliated companies services and alliance partners services to Customers.
    2. To analyze information such as Customers usage history of our services and the history of viewing the websites we operate, and to inform Customers of the services or the seminars which we, our affiliated companies and alliance partners provide.
    3. For the purpose of exercising rights and fulfilling obligations under contracts with Customers and laws and regulations
    4. For clerical work related to Customers
    5. For the research and development of services
    6. For the purpose of responding to inquiries, questions, and sending brochures upon requests
  2. Personal Information of applicants for employment

    For managing our recruitment activities and for communicating with our recruitment applicants

  3. Personal Information of partner companies

    For personnel management in the execution of business

  4. Personal Information entrusted by business partners

    For the performance of the consigned services

  5. Personal Information of employees and retirees
    1. For personnel management, labor management, payment of salaries and bonuses, welfare, health management, safety management, etc. concerning employees
    2. Preparation of withholding tax forms for retirees, payment of retirement pensions, and communication

2 Matters concerning security control measures for Personal Data

  1. Formulation of the basic policy
    To ensure the proper handling of Personal Data (which includes Personal Information that we have obtained or are about to obtain and that we plan to handle as Personal Data), we have formulated and publicly announced our Personal Information Protection Policy as our basic policy.
  2. Disciplines concerning the handling of Personal Data
    In order to appropriately manage and record the acquisition, use, storage, provision, deletion, and discard of Personal Data, we have established the Personal Information management ledger. We have also established various internal rules, rules, and guidelines concerning information management, including the clarification of the roles and responsibilities of persons responsible for the management of Personal Information and persons responsible for the management of Personal Information, and the handling of Personal Data.
  3. Systematic security control measures
    We have appointed the Personal Information Protection Manager as the person responsible for the handling of Personal Information, and established the Personal Information Management Promotion Committee to implement internal controls on the protection of Personal Information.
    In addition, we have established a system in which employees are required to comply with various internal rules, rules, and guidelines concerning information management, including the handling of Personal Data, and to report to the Personal Information Supervisors when they are aware of a violation of the internal rules, etc.
    In addition, the Personal Information Management Promotion Committee meets regularly to assess the status of the handling of Personal Information, then review and improve the security control measures.
  4. Human security control measures
    We regularly provide employees with education and training on the proper handling of Personal Data.
  5. Physical security control measures
    We strictly control the scope of information assets that can be accessed by employees and implement measures to prevent unauthorized access to Personal Data.
    In addition, measures are taken to prevent the theft or loss of equipment, electronic media, and documents used for the handling of Personal Data.
  6. Technical security control measure
    We implement appropriate access controls, such as limiting the scope of Personal Information databases by employees who handle Personal Data.
    We have also introduced a system for protecting information systems that handle Personal Data from unauthorized access from outside or unauthorized software, and have implemented appropriate operations.
  7. Understanding of the external environment
    When handling Personal Data overseas, we will understand the system concerning the protection of Personal Information in the relevant foreign country and take the necessary and appropriate measures to ensure the safe management of Personal Data.

3 Procedures for Disclosure Request

If you are requesting a notification or disclosure of the purpose of use of our retained Personal Data (disclosure of retained Personal Data, correction, cease of use, or disclosure of records of provision to a third party), please follow the procedures below.

  1. Request method
    Disclosure requests are accepted only by mail.
    Please attach the necessary documents to the prescribed application form and send it by post.
    Please note that the application cannot be accepted if there is any omission or error in the application form.
    Please send us the application form by postal mail or registered mail, specifying your request such as “Application for Disclosure” on the envelope.
    We do not accept requests made by any means other than the above (including but not limited to direct visits to the company or by e-mail).
  2. Documents to be submitted
    Written application
    Please download the application form from here.
    Attached documents
    Document for identification of the applicant
    1. We will verify your identification.
    2. Please enclose a copy of your driver’s license, passport, health insurance card, residence card, or other identification document issued by a public organization (two copies among the above, if it is not a photo ID) when you send the application by mail.
    3. Please note that we will not be able to accept your request if the identification documents are not enclosed.
    4. If the person who is requested to disclose is the legal representative of the minor or the adult ward or the agent who entrusted the request for disclosure, please enclose the following documents.
      In the case of a statutory agent, one copy of a document (copy of the family register or, in the case of a person with parental authority, a copy of the health insurance card with dependents) to confirm that the person has the statutory agent, and one copy of a document (copy of the driver’s license, health insurance card, or passport) to confirm that the person is the statutory agent.
      In the case of a commissioned agent, one (1) copy of a driver’s license, passport, health insurance card, certificate of residence, or other identification document issued by a public organization (two copies among the above, if it is not a photo ID), and a power of attorney.

    Certificate of Payment of Fees
    1. 500 yen (including consumption tax) per application as a fee for notification of the Purpose of Use, disclosure of Personal Information, and disclosure of records of provision to third parties.
      If multiple requests are made simultaneously in a single application, the total amount shall be multiplied by the number of such requests.
    2. Please enclose a Fixed Amount Postal Money Order based on the fee.
    3. No fees shall be charged for correction, addition, deletion, suspension of use, deletion, or cease of provision of Personal Information to third parties.
    ※We will inform you of any shortage of the fixed amount of the commission or the absence of the fixed amount of the exchange. However, if you do not send us the fixed amount of the commission separately during the prescribed period, we will handle as if there was no request for disclosure.
  3. Address
    〒103-8317 Nihonbashi Kabutocho 7-1 KABUTO ONE, Chuo-ku, Tokyo
    QUICK Corp.
    Attention: Secretariat, Legal Affairs Office, Personal Information Control Promotion Committee
  4. Response
    Unless otherwise specified, responses to you will be provided in writing or by e-mail.
  5. Contact Information
    Please contact us here for any inquiries regarding requests for notice or disclosure of the purpose of use of our retained Personal Data.

4 Revision

We acknowledge that the contents of the Personal Information Protection Policy and the Handling of Personal Information may be changed, added, or deleted as we consider it is necessary.
The revised Personal Information Protection Policy and the handling of Personal Information will be announced on our website.

GDPR (General Data Protection Regulation of the EU) Supplementary Rules

1 April, 2023

QUICK Corp. (“QUICK”) will comply with the following supplementary rules in handling Personal Data provided from the EU(European Union, including its Member States and, in the light of the EEA Agreement, Iceland, Liechtenstein and Norway, collectively “EU”) or the United Kingdom (“UK”) based on an adequacy decision in accordance with the General Data Protection Regulation of the EU and its equivalent laws and regulations in the UK (collectively, “GDPR”).

  1. Special Care-required Personal Information
    In the event that Personal Data received from the EU or the UK based on an adequacy decision contains data concerning a natural person’s sex life, sexual orientation, or labor-union membership, which are defined as “Special Categories of Personal Data” under the GDPR, QUICK shall handle such Personal Data in the same manner as Special Care-required Personal Information within the meaning of Article 2, Paragraph 3 of the Act on the Protection of Personal Information of Japan (“Act”).
  2. Specifying the Purpose of Use and Restrictions on the Purpose of Use
    In the case where QUICK receives Personal Data from the EU or the UK based on an adequacy decision, the circumstances regarding the acquisition of the said Personal Data shall be confirmed and recorded as prescribed by Article 30, Paragraphs 1 and 3, including the utilization purpose for which it is received from the EU or the UK.
    Similarly, in the case where QUICK receives Personal Data from another Personal Information handling business operator, that was previously transferred to such business operator from the EU or the UK based on an adequacy decision, the circumstances regarding the acquisition of the said Personal Data shall be confirmed and recorded as prescribed by Article 30, Paragraphs 1 and 3, including the utilization purpose for which it was received.
    In the above-mentioned cases, QUICK shall specify the purpose of utilizing the said Personal Data within the scope of the utilization purpose for which the data was originally or subsequently received, as confirmed and recorded pursuant to Article 30, Paragraphs 1 and 3, and utilize that data within the said scope (as prescribed by Articles 17, Paragraph 1 and Article 18, Paragraph 1 of the Act).
  3. Restrictions on Provision to Third Parties in Foreign Countries
    When providing a third party in a foreign country with Personal Data that has been received from the EU or the UK based on an adequacy decision, QUICK shall obtain in advance the consent of the individual to the effect that the individual approves the provision of the Personal Data to the third party in the foreign country, after providing the individual with information on the circumstances surrounding the transfer destination necessary for the individual to make a decision regarding the consent, excluding the cases fall under one of the following (1) through (3).
    1. The third party is located in a country that is prescribed by the Rules of the Personal Information Protection Commission as a foreign country establishing a Personal Information protection system that is recognized to have equivalent standards to that in Japan in regard to the protection of an individual’s rights and interests.
    2. The third party located in a foreign country takes “measures in line with the purpose of the regulations in Chapter 4, Section 2 of the Act” in an “appropriated and reasonable manner”.
    3. Cases fall under each item of Article 27, Paragraph 1 of the Act.
  4. Anonymously Processed Information
    QUICK shall deem Personal Data received from the EU or the UK based on an adequacy decision to be Anonymously Processed Information within the meaning of Article 2, Paragraph 9 of the Act, only if QUICK takes measures that make the de-identification of the individual irreversible for anyone including by deleting processing method etc. related information (*).

(*) The processing method etc. related information means information relating to those descriptions etc. and individual identification codes which were deleted from Personal Information used to produce Anonymously Processed Information, and information relating to a processing method carried out pursuant to the provisions of Article 43, Paragraph 1 of the Act (limited to those which can restore the Personal Information by use of such relating information).