Basic Policy Regarding Information Security
ITOCHU REIT Management Co., Ltd. (hereinafter referred to as the “Company”) shall take initiatives as follows in order to realize appropriate protection for all information assets of the Company to continuously and stably operate as an asset management company of a real estate investment corporation.
- Responsibility of management
The Company will endeavor to properly protect information assets in a systematic and continuous manner under initiative of management.
- Establishment of an internal system
The Company shall set up an information management supervisory department to properly protect information assets.
In addition, the internal audit department will appropriately conduct internal audits concerning information assets and report any inappropriate events to the Board of Directors as necessary.
- Efforts by employees
Information assets are classified according to their degrees of importance and confidentiality, and we will work to protect information assets appropriately through a mechanism that can only be operated appropriately and based on necessity according to its purpose.
- Compliance with laws, regulations and contractual requirements
The Company complies with laws, regulations, restrictions, norms and contractual obligations related to the protection of information assets.
- Handling of violations and accidents
When outsourcing operations related to information assets, the Company will implement safety measures against various threats, prepare for recovery measures in case of failure, and establish a structure for reporting.
The Company will also take appropriate measures against legal violations, contract violations, and accidents related to the protection of information assets and prevent any recurrence.
I. Basic Policy in Relation to the Protection of Personal Information
The Company complies with the following basic policy in order to administer and manage personal information in a safe and appropriate manner, and to handle and protect personal information properly.
- Except in situations permitted by the Act on the Protection of Personal Information, etc., personal information obtained shall not be used for purposes other than those identified by the Company without first gaining approval of the individual in question. Personal information shall not be used in a way that may encourage or induce illegal or unjust acts.
- Personal information shall not be obtained through pretense or other dishonest methods.
- Except in situations permitted by the Act on the Protection of Personal Information, etc., special-care required personal information shall not be obtained without first gaining the approval of the individual in question.
- Except in situations permitted by laws and regulations such as the Act on the Protection of Personal Information, etc., when the Company acquires personal information from statements made in a document directly from the individual in question, the Company shall notify them in advance of the intended use of such information.
- An accurate and up-to-date record of personal data shall be maintained, within the scope required to achieve the intended use.
- The Company shall take necessary and appropriate measures to manage personal data securely, so as to prevent the leakage, loss or damage of personal data.
- Except in situations permitted by the Act on the Protection of Personal Information, etc., personal data and special-care required personal information shall not be provided to third parties without first gaining the approval of the individual in question.
II. Approach to the Protection of Personal Information
1．Operations in Which Personal Information is Handled
The Company may handle personal information during the following operations related to the investment corporation to which the Company entrusts asset management (hereinafter referred to as the “Investment Corporation”) and funds for which the Company entrusts operations based on a discretionary investment contract or an investment advisory contract (together with the Investment Corporation hereinafter collectively referred to as the “Investment Corporation, etc.”) and business related to the handling of private placement of securities stipulated in Article 2, Paragraph 8, Item 9 of the Financial Instruments and Exchange Act (hereinafter referred to as the “FIEA”) (including incidental business and hereinafter referred to as “Private Placement Business.”)
- Asset acquisition/transfer
- Asset management/operation
- Business incidental to the items above
- Other businesses that the Company may carry out and businesses incidental to those businesses (including those for which involvement is recognized in the future).
2．Purpose of Use of Personal Information
- For the acquisition of properties by the Investment Corporation, etc. (including real estate with trust beneficiary interests; hereinafter the same shall apply), and research and investigations made in advance of such acquisition, in addition to administrative operations after the fact
- For the sale of properties by the Investment Corporation, etc., and research of purchasers or new property management companies and sale investigations ahead of the sale, in addition to management after the fact
- For gaining an understanding of rental conditions for tenants at properties owned by the Investment Corporation, etc., and management thereof, in addition to management of rental income, and invoicing operations for expenses related to restoration of the property to its original condition
- For checking the credit status of tenants, or parties considering a tenancy, at properties owned by the Investment Corporation, etc., or properties that the Investment Corporation, etc. is considering acquiring (including cases involving purchasers or new property management companies), in addition to operations related to concluding tenancy agreements
- For analyzing information such as rental service improvement questionnaires for tenants, or parties considering a tenancy, at properties owned by the Investment Corporation, and providing information on new rental housing and services according to demand for real estate rentals and to perform other communication-related operations
- For the calculation of allowances for doubtful debts when closing the accounts of the Investment Corporation, etc., and operations related to other accounting and taxation
- For the performance of operations related to the exercising of rights of the Investment Corporation’s unitholders (hereinafter referred to as the “unitholders”) and the performance of the Investment Corporation’s duties in accordance with the Act on Investment Trusts and Investment Corporations, and other laws, regulations and rules (hereinafter referred to as “Investment Trust Law, etc.”) applicable to the Investment Corporation, such as the sending of asset management reports, notice of a general meeting of unitholders, notifications of payment of distributions, etc., to the unitholders
- For administrative operations related to information on the unitholders, such as the creation of data for the register of the Investment Corporation’s unitholders in accordance with the Investment Trust Law, etc.
- For operations involving the provision of information to the unitholders of the Investment Corporation regarding the Investment Corporation's earnings presentation meetings, meetings to report the state of business, and private viewings of properties, and the creation of date on attendance at the same events
- For operations related to inquiries and requests for materials from the unitholders of the Investment Corporation, or from parties considering the purchase of securities issued by the Investment Corporation
- For invoicing for nonlife insurance in relation to properties owned by the Investment Corporation, etc.
- For soliciting the acquisition of securities based on the FIEA in the Private Placement Business, and to provide information on services, etc.
- For judging suitability in providing financial products, services, etc. befitting customers in light of suitability rules, etc. in the Private Placement Business
- For confirming customers’ or their agents’ identification in the Private Placement Business
- For reporting various matters such as transaction results and financial product operation status to customers in the Private Placement Business
- For carrying out duties related to transactions with customers (including customer identification that is carried out based on the “Act on Prevention of Transfer of Criminal Proceeds”) in the Private Placement Business.
- For carrying out other operations incidental to or related to the above-mentioned items
- For obtaining advice from or issuing business requests to experts (attorneys, certified public accountants, tax accountants, real estate appraisers, judicial scriveners, etc.) in order to achieve intended uses in relation to the above-mentioned items
3．Supervision of Contractors
In cases when the Company entrusts a third party with the handling of personal information, in its entirety or in part, as a consequence of entrusting said party with the management of properties owned by the Investment Corporation, etc., the Company shall take appropriate and necessary steps to supervise the party receiving the personal information so as to ensure that it is managed securely.
4．Procedures for Disclosure, Correction, Discontinuance of Use of Personal Information
In accordance with the Act on the Protection of Personal Information and other related laws and regulations, the individual (or agent of the individual) to which personal information held by the Company pertains may request the disclosure (including disclosure by means of providing electromagnetic records, etc.), notification of intended use, correction, etc. (correction, addition, or deletion), discontinuance of use, erasure, and discontinuance of provision to third parties (hereinafter referred to as “Disclosure, etc.”) , and in such case the Company shall voluntarily comply with such requests. However, the Company may not be able to comply with requests for Disclosure, etc. such as in the event it will violate other laws and regulations. In this case, the Company will make effort in explaining the reason to the individual.
When making a request, it will be necessary for the individual to provide materials (an original driving license or certificate of residence, or a copy of the same) to confirm his/her identity (or in the case of a request by an agent of the individual, materials to confirm the right of the agent to act for the individual in question, such as a power of attorney letter from the individual, a copy of the individual’s family register, or an extract thereof). Please contact us via the details below.
The same applies to requests for the disclosure of records provided by third parties regarding the transfer of personal data.
5．Measures for the Security Management of Retained Personal Data
- Establishment of rules regarding the handling of personal data
Rules have been established regarding the handling of personal data at each of the stages including acquisition, use, storage, provision, deletion, disposal, etc. with regard to the handling method, person responsible/ person in charge, and their duties.
- Systematic safety management measures
Audits by other departments and outsiders are carried out in addition to regular self-inspections conducted regarding status on the handling of personal data.
- Physical safety management measures
In areas where personal data is handled, entry and exit of employees is controlled and equipment they are permitted to bring in is restricted. Measures are also taken to prevent unauthorized persons from viewing personal data.
- Human safety management measures
Employees are regularly educated and trained on precautions regarding the handling of personal data.
- Technical safety management measures
Access control is being implemented to limit the scope of persons in charge as well as the personal information database being handled. Mechanisms are in place to protect the information system handling personal data from external unauthorized access and illegal software.
The Company may share personal data in order that it may be used by specific third parties. In such cases, any other necessary measures will be taken in accordance with laws and regulations.
7．Main Sources for the Acquisition of Personal Information
The Company obtains personal information directly from the individual, through shared usage, or through provision by third parties. Specifically, the Company obtains personal information and other information from tenancy agreements with individuals occupying properties owned by the Investment Corporation, etc.
For questions, request of disclosures/corrections, complaints, etc. in relation to our handling of personal information, please contact us via the following details.
|Name||Sustainability Promotion Department, ITOCHU REIT Management Co., Ltd.|
|Address||17F, Jimbocho Mitsui Building, 1-105 Kanda Jimbocho, Chiyoda-ku, Tokyo 101-0051|
|Telephone||+81-3-3518-0480 (Main line)|
|Business hours||9:00 a.m. to 5:00 p.m.
(excluding weekends, national holidays, and days off at the end and beginning of the year)
9．Accredited Personal Information Protection Organizations
The Company is applicable as a business operator of the Investment Trusts Association, Japan and the Japan Investment Advisers Association, which are certified personal information organizations. For complaints or advice in relation to the protection of personal information by applicable business operators, please contact the following.
|Name||Investors Consultation Office, the Investment Trusts Association, Japan|
|Address||6F Tokyo Stock Exchange Building, 2-1 Nihonbashi-Kabutocho, Chuo-ku, Tokyo 103-0026|
|Telephone||+81-3-5614-8440 (Dedicated line)|
|Business hours||9:00 to 11:30 a.m., 12:30 to 5:00 p.m.
(Excluding weekends, national holidays, and days off at the end and beginning of the year)
|Name||Complaint Counseling Office (in charge of personal information), Secretariat Office of Japan Investment Advisers Association|
|Address||7F Tokyo Shoken Kaikan, 1-5-8 Nihonbashi-Kayabacho, Chuo-ku, Tokyo 103-0025|
|Business hours||9:00 a.m. to 5:00 p.m.
(Excluding weekends and public holidays)
10．Business Operator Handling Personal Information
|Name||ITOCHU REIT Management Co., Ltd.|
|Address||17F, Jimbocho Mitsui Building, 1-105 Kanda Jimbocho, Chiyoda-ku, Tokyo 101-0051|
|Representative||Junichi Shoji, Representative Director, President & CEO|