Mizuho’s Privacy Policy
Last Updated: 20240401
-
Mizuho’s Basic Policy on Protection of Personal Data
Mizuho Corporation (3-30-13, Hongo, Bunkyo-ku, Tokyo 113-0033, JAPAN President & CEO: Hiroshi Nemoto hereinafter referred to as “Mizuho” or “we”/”our”/”us”) recognizes that protection of personal data of our customers (hereinafter referred to as “you”/”your”) is an important corporate responsibility of Mizuho. Protecting personal data is also a practice that wins the trust of the international community including Japan, which is essential when engaging in business on a global basis.
Mizuho has adopted a privacy policy (hereinafter referred to as this “Privacy Policy”) on our collection and use (when used collectively, hereinafter referred to as “processing”) of your Personal Data (which means the “personal information” and “personal data” as defined in the Japanese Act on the Protection of Personal Information, “personal data” defined in the EU General Data Protection Regulation (“GDPR”), and California Consumer Privacy Act of 2018 (“CCPA”), collectively). We have also established a compliance framework, and will ensure that our officers and employees are fully aware of this Privacy Policy. -
Collection of Personal Data
-
Collection of Personal Data
In the course of providing goods or services to customers, Mizuho collects such Personal Data from you (including from your officers or employees) as your name, address, and contact information. In the course of collecting Personal Data from you, we will clearly indicate the purpose of collection and the scope of usage of the Personal Data, and collect Personal Data only to the extent necessary. Your submission of Personal Data to us is not a requirement of or condition to the execution of any contract between you and Mizuho, and you are under no obligation to provide Personal Data to us. You will not be adversely affected if you fail to provide us with your Personal Data.
-
How we collect Personal Data
In the course of transactions involving our products and services, Mizuho may collect Personal Data through the following means:
- Directly from you
Verbally, in writing, over the telephone, from business cards, or through the Internet - From a person duly authorized by you
Such authorized persons may include those authorized to make an application of our goods or service on behalf of you or to introduce a customer, and medical institute persons - From publicly available information
Newspapers, medical journals, telephone directories, publications, and other various information media - From our business partners
- Directly from you
-
Types of Personal Data Collected by Mizuho
Mizuho may collect the following Personal Data.
- Identifiers, such as:
Name, home address, date of birth, email address, telephone number, facsimile number and information on family members (names, relationships, dates of birth); and marriage and other anniversary dates - Customer records information, such as:
Name, contact information, and financial information (including credit card number) - Characteristics of protected classifications, such as:
Gender, marital status, and national origin - Commercial information, such as:
Transaction information and payment history - Professional or employment-related information, such as:
Occupation and workplace information (company name, address, telephone number, department, title) - Audio, electronic, visual and similar information, including details of communications with Mizuho, such as:
Information contained in emails, fax transmissions, or letters; or provided to us using our website data entry form or as answers to surveys - Internet or network activity information, including interactions with our online services, including our website, which is automatically obtained by websites of Mizuho, such as:
Cookies, IP address, browser type, and date and time of access
If CCPA applies, Personal Data collected or disclosed within the preceding 12-months for business purposes are, from the categories set forth in Items (1) through (7) above as follows:
The following chart includes: (1) categories of Personal Data, as listed in the CCPA, that we have collected and disclosed within the preceding 12 months; (2) the categories of third parties to which we disclosed Personal Data for our operation purposes within the preceding 12 months.
Category of Personal Data Disclosed to Identifiers Mizuho’s affiliates set forth in Paragraph 5-4 Customer records information Mizuho’s affiliates set forth in Paragraph 5-4 Characteristics of protected classifications Mizuho’s affiliates set forth in Paragraph 5-4 Commercial information Mizuho’s affiliates set forth in Paragraph 5-4 service providers, such as insurance and financing partners
Professional or employment-related information Mizuho’s affiliates set forth in Paragraph 5-4 Audio, electronic, visual and similar information Mizuho’s affiliates set forth in Paragraph 5-4 Internet or network activity information Mizuho’s affiliates set forth in Paragraph 5-4 service providers, such as vendors that assist Mizuho to enhance the safety and security of Mizuho services
As described above in Article 2-2, we collect this Personal Data from: you; persons authorized by you; publicly available sources; and our business partners. We may use this Personal Data as described below in Article 4.
- Identifiers, such as:
-
-
Consent
The provisions of this Article 3 apply only to processing of Personal Data for those residing in the European Economic Area (EEA) member countries.
-
Consent
As a general rule, the legal basis for the processing of Personal Data by Mizuho is your consent.
The legal bases for the processing of Personal Data when you have not given us your consent are when processing is needed (i) for Mizuho to perform our contract with the customer; complete procedures at your request prior to execution of a contract; comply with our legal obligations; protect your interests and interests of other persons concerning their life and body; perform our duties for the public interest, and (ii) for the protection of legitimate interests of Mizuho or other third parties. Legitimate interests of Mizuho or other third parties include improvements of our products and services, and improvements to the usability and security features of our website. -
Withdrawal of consent
You may withdraw their consent on the processing of Personal Data at any time. Your withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. You have the right to withdraw your consent by contacting Mizuho Personal Information Center.
-
-
Use of Personal Data
-
Purposes for which Personal Data is used
Mizuho will use your Personal Data within the scope and for the purposes set forth below in Paragraph 4-2.
-
Purposes of use of Personal Data collected by Mizuho
Mizuho will use your Personal Data for the following purposes:
- For communications (including sending emails and direct marketing catalogs) regarding transactions of products and services provided by Mizuho and/or Mizuho Group companies; and for handling of shipment of products, and payments and other related matters.
- For the manufacture and sales promotion of products handled by Mizuho and/or Mizuho Group companies; and for development of services, and to engage in activities that contribute to the offering and promotion of these services.
- To engage in activities related to improving the quality of products and services provided by Mizuho and/or Mizuho Group companies; and for handling after-sale services provided.
- For dissemination of notices regarding seminars, lectures, etc. hosted, jointly hosted, or supported by Mizuho and/or Mizuho Group companies.
- To engage in work (including conducting questionnaires and monitoring surveys) related to research and development of medical devices, etc. of Mizuho and/or Mizuho Group companies.
- To respond to your inquiries and take steps to resolve any issues or complaints made by you.
- For hiring of employees, etc. and for management of human resources.
- For management of facilities and equipment.
- To detect and prevent fraud and perform identity verification.
- To comply with law, legal process, and internal policies; maintain records.
- To carry out corporate transactions, such as mergers, joint ventures or acquisitions.
- To exercise and defend legal claims.
In addition to providing information directly to customers, Mizuho may also provide information in the form of direct mail and email marketing.
If Personal Data is to be processed for any purpose other than those listed above, Mizuho will notify you clearly setting forth the purpose and scope of the processing, and obtain their consent before such data is collected or used. -
Purposes of use of Sensitive Personal Data collected by Mizuho
Mizuho may collect, use, and disclose Sensitive Personal Data for purposes of performing services for our business, providing goods or services as requested by you, ensuring security and integrity, short term transient use such as displaying first party, non-personalized advertising, order processing and fulfillment, servicing accounts, providing customer service, verifying customer information, processing payments, providing financing, and activities relating to quality and safety control or product improvement.
-
Suspension of use of Personal Data
You may decide that you do not wish to have all or part of their Personal Data collected and owned by Mizuho used for the purpose of direct mail and email marketing. In such case, please contact Mizuho Personal Information Center at the contact address set forth in Article 9 below. We will do our best to meet your wishes.
-
-
Provision of and joint use of Personal Data with third parties
-
Restrictions on the provision of Personal Data to third parties
If we are to provide third parties with data identical to all or part of your Personal Data that we are keeping, we will transfer Personal Data as allowed under applicable law or with your consent. In such case, we will select third parties with care, and request that they take the same appropriate measures in the management of Personal Data in accordance with GDPR, etc., as taken by Mizuho.
-
Monitoring of service providers
When using your Personal Data, Mizuho may entrust the handling, etc. of the Personal Data to third party service providers within the scope of the purposes of use. We will impose an obligation upon the service providers to strictly manage Personal Data at the same level as they are managed by Mizuho, and we will monitor the service providers in a suitable manner. When entrusting handling, etc. of Personal Data of customers residing in EEA member countries to service providers, we will comply with the security management of Personal Data by executing a contract including standard contractual clauses prescribed by GDPR.
-
Service providers of Mizuho
- If all or part of the handling of personal information is to be entrusted, the persons to whom Personal Data is entrusted;
- Persons who are business partners for products and services provided by Mizuho and/or Mizuho Group companies, or are service providers regarding these products and services;
- Business operators and professionals who provide professional advice on business management/operation and other matters;
- Trade counterparties, business partners, and intermediaries of Mizuho Group companies;
- Each of Mizuho Group companies
- If provision of Personal Data is required by law, persons receiving the Personal Data;
-
Personal Data to be used jointly, and persons who jointly use the Personal Data
Within the scope of the purpose of use set forth in Article 4-2, Mizuho may jointly use your Personal Data with Mizuho Group companies (Mizuho Medical Co., Ltd. http://www.mizuhomedical.co.jp/, Mizuho Urban Co., Ltd., Mizuho America, Inc. https://www.mizuho.com/ and Mizuho Service Europe GmbH). Personal Data that will be jointly used is as follows. The business operator that first collected such Personal Data is responsible for the management of such data.
- Basic information about you, such as:
Name, home address, gender, date of birth, nationality, email address, telephone number, facsimile number, and credit card number - Additional information about you, such as:
Occupation, workplace information (company name, address, telephone number, department, title); information on family members (names, relationships, dates of birth); and marriage and other anniversary dates - Details of communications with Mizuho, such as:
Information contained in emails, fax transmissions, or letters; or provided to us using our website data entry form or as answers to surveys - Information automatically obtained by websites of Mizuho
IP address, browser type, and date and time of access - Information required by instructions or directives issued by the relevant authorities or by law, regulations, ordinances, etc.
- (If CCPA applies) Information that is linkable to your household
- Basic information about you, such as:
-
Status of Personal Data Sales or Sharing (if CCPA applies)
Mizuho does not “sell” Personal Data (including sensitive personal data), and we do not “share” Personal Data (including sensitive personal data) for purposes of cross-context behavioral advertising, as defined under the CCPA. We have not engaged in such activities in the 12 months preceding the date this Policy was last updated.
Without limiting the foregoing, Mizuho does not sell or share Personal Data (including sensitive personal data) of minors under 16 years of age.
-
-
Handling of Personal Data Retained by Mizuho
-
Retention of accurate Personal Data
Mizuho will take appropriate measures to ensure that your Personal Data is kept accurate and up-to-date.
-
Retention period of Personal Data
Mizuho will retain Personal Data for as long as needed or permitted to fulfill the purpose(s) for which it was obtained, including to satisfy any legal, compliance, accounting, or reporting requirements, and consistent with applicable law. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide our products and services to you, for example, for as long as you continue to use our services;
- Whether there is a legal obligation to which we are subject, for example, to keep records of your transactions for a certain period of time; or
- Whether retention is advisable in light of our legal position, such as in regard to applicable statutes of limitations, litigation, or regulatory investigations.
Upon expiry of this retention period, we will erase, pseudonymize or anonymize the Personal Data in a manner ensuring their safety within a reasonable period. In the retention, erasure, pseudonymization, or anonymization of Personal Date, we will comply with laws, regulations, and other requirements of the territories in which Mizuho operates.
-
Automated means
Mizuho will not make decisions based solely on automated processing, including profiling of Personal Data.
-
Your rights with respect to Personal Data
You have the following rights under GDPR, etc. (excluding CCPA; the same applies hereafter in this Article 6). You are able to exercise these rights by contacting (either by email or telephone) Mizuho Personal Information Center. When you notify us that you wish to exercise your rights, and after we verify your identification, we will, as a general rule, contact you within one (1) month from the date of receipt of your notice, unless the matter falls under any of the exceptions provided in GDPR, etc.
- Your right of access to Personal Data
You have the right to check whether your Personal Data is being processed and, if Personal Data has been collected and/or is being used, you have the right to access such Personal Data and other supplementary information. - Your right to rectification of Personal Data
You have the right to have inaccurate Personal Data rectified. - Your right to erasure of Personal Data
In certain circumstances, you have the right to have your Personal Data erased. - Your right to restrict processing of Personal Data
In certain circumstances, you have the right to restrict the use of your Personal Data. - Your right to object to the processing of Personal Data
You have the right to object to the processing of your Personal Data if the processing is based on legitimate interests of Mizuho or a third party. - Your right to data portability
You have the right to receive Personal Data you provided to Mizuho in a structured, commonly used and machine readable format. You also have the right to request that we transmit this data directly to another controller without our hindrance.
- Your right of access to Personal Data
-
Rights of “consumers” to Personal Data (if CCPA applies)
If CCPA applies, California residents are able to make the following requests by contacting (either by email or telephone) Mizuho Personal Information Center set forth in 9. below.
- Request to access to Personal Data
You may request that we disclose to you the following information:- The categories of Personal Data we collected about you and the categories of sources from which we collected such Personal Data;
- The specific pieces of Personal Data we collected about you;
- The business or commercial purpose for collecting Personal Data about you; and
- The categories of Personal Data about you that we otherwise disclosed, and the categories of third parties to whom we disclosed such Personal Data (if applicable).
- Request to Delete of Personal Data
You may request that we delete Personal Data we collected from you. In such case, if Mizuho provided such Personal Data to a service provider, we will instruct that service provider to make such deletion. - Request to Correct Personal Data
You may request that we correct inaccuracies in your Personal Data. - Your right not to be discriminated
You have the right not to be discriminated against because you exercised any of your rights under CCPA, such as being charged prices or rates different from those charged to other California residents, or being provided different services from them, or being denied goods or services.
If a California resident requests disclosure of his/her Personal Data pursuant to (1) above, Mizuho will respond to such request within the period required under CCPA after verification that the request is being made by the customer himself/herself (or on the customer’s behalf, such as by an authorized agent) in a manner set forth below. In any of the following cases, Mizuho may request submission of information that is only possessed by the California resident himself/herself.
- If a California resident is requesting disclosure of the categories of Personal Data that Mizuho has collected, verification will take the form of Mizuho asking two or more questions on Personal Data of the California resident that Mizuho considers appropriate for verification purpose, and receiving correct answers to these questions.
- If a California resident is requesting disclosure of specific pieces of Personal Data, verification will take the form of Mizuho asking three or more questions on Personal Data of the California resident that Mizuho considers appropriate for verification purpose, and receiving correct answers to these questions, and having the requestor sign and submit a signed declaration under penalty of perjury that the requestor is the California resident whose Personal Data is the subject to the disclosure request.
If, on the other hand, a California resident requests deletion or correction of his/her Personal Data pursuant to the above, Mizuho respond to the request within the period required by CCPA upon verifying the request by a method that Mizuho considers appropriate according to the category of Personal Data being deleted or corrected. In such case, Mizuho may request the California resident to provide information that only the California resident possesses to verify the request. If you make a request to delete, we may ask you to confirm your request before we delete your Personal Data.
You may make a request on behalf of a California resident who is under 13 years old if you are the child’s parent or legal guardian.
- Request to access to Personal Data
-
Your right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority of a country, territory, international organization, etc. in accordance with GDPR, etc. regarding Mizuho’s handling of their Personal Data.
-
Request by agent
A California resident may exercise the right set forth in 6-5 through an authorized agent. If you want to make an access or deletion request as an authorized agent on behalf of a California resident, you may use the submission methods noted above. As part of our verification process, we may request that you provide, as applicable, proof concerning your status as an authorized agent, which also may include: proof of a power of attorney from the resident pursuant to Probate Code sections 4121-4130.
If you are an authorized agent and have not provided us with a power of attorney from the California resident pursuant to Probate Code sections 4121-4130, we may also require the resident to: (i) Verify the resident’s own identity directly with us; or (ii) Directly confirm with us that the resident provided you permission to make the request.
-
-
Transfers of Personal Data to third countries, etc.
Mizuho expects to transfer Personal Data collected from EEA member countries to Japan or other countries, territories or international organizations, etc. within/outside EEA. Countries to which we intend to transfer Personal Data include countries recognized in GDPR as providing adequate level of data protection (which includes Japan as well as Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, and Uruguay) but also countries for which an adequacy decision has not been adopted. Mizuho will not transfer your Personal Data to a country without an adequacy decision unless we receive your explicit consent to the transfer, or the receiver has either signed a contract to comply with binding corporate rules (“BCR”) based on GDPR, or we have entered into contract with the receiver containing standard contractual clauses (“SCC”) which are found to offer adequate protection under GDPR. If you submitted the relevant Personal Data, we will disclose a copy of these contracts if any has been executed, after masking any confidential information, if you request for such disclosure.
-
Security Management of Personal Data
-
Compliance with relevant laws, regulations, and guidelines
Mizuho complies with the applicable laws, regulations, and industry guidelines.
-
Security management measures
Mizuho makes every effort to protect customers’ Personal Data, including taking with preventive and security measures to protect against unauthorized access, destruction, tampering, or divulgence.
-
Compliance system within Mizuho
Mizuho has an organizational system in place for the protection of Personal Information, including a Data Protection Officer (“DPO”) to oversee compliance, and personal information management officers in each department. See Article 9 for the DPO’s contact information.
-
In-house rules for the handling and management of Personal Data
Mizuho has established rules on the handling of Personal Data setting standards on appropriate acquisition, maintenance, use, and disposal of Personal Data, and ensuring that these standards are strictly complied. We also adopted a code of conduct and concrete rules for the prevention of unauthorized access, destruction, tampering and divulgence of Personal Data.
-
In-house training
Mizuho has in-house training programs on protection of Personal Data. We are committed to protecting Personal Data by ensuring that our employees are made fully aware of the details of personal data protection.
-
Review of in-house rules on the handling and management of Personal Data on an on-going basis
Mizuho reviews and improves the rules on the handling of Personal Data and the organizational system for implementing those rules on an on-going basis, to ensure that their implementation continues to be effective and appropriate.
-
De-Identified information
Where Mizuho maintains or uses de-identified information, we will continue to maintain and use the de-identified information only in a de-identified fashion and will not attempt to re-identify the information.
-
-
Contact for Inquiries and Complaints
Mizuho has established a customer service desk to respond to your inquiries, comments, and complaints regarding your Personal Data collected and kept by Mizuho. After conducting the required verification of your identification or the identification of your agent, we will provide a response that we determine in good faith to be reasonably necessary. Please note that depending on the inquiry, comment, or complaint, it may take some time for us to provide a response.
- ●Mizuho Personal Information Center
- Mizuho Corporation General Affairs & Human Resources Department
TEL: 03-3815-3191
(for call from overseas)
+81-3-3815-3191
personaldata@mizuho.co.jp
- ●Data Protection Officer
- personaldata@mizuho.co.jp
-
Update of this Privacy Policy
Mizuho will update this Privacy Policy as it deems necessary. The “LAST UPDATED” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy.