• HOME
  • Privacy Policy

Privacy Policy

Privacy Policy

Mitsubishi UFJ Lease & Finance (hereinafter "The Company") focus on enhancing the system of internal management such as risk management, compliances, and internal audits as one of the most important issue for businesses. The Company recognizes that it is our social responsibility to handle customer's individual information appropriately, and sets out Privacy Policy as follows. In addition, The Company management and employees observe this policy, and ensures the protection of personal information.

  1. The purpose of collecting personal information shall be clearly indicated, and the collected information shall be used and/or provided within the scope of the indicated purpose.
  2. Collected personal information shall be managed accurately and kept up to date to the extent required for the intended purpose.
  3. Collected personal information shall be managed strictly to prevent illegal access, loss, disposal, modification, and leakage; adequate security measures shall be taken.
  4. Individuals may review and edit their own personal information stored by the information provider after authenticating personal identification following our predefined procedure to the extent appropriate. If an error is discovered in the retained information after disclosure, it shall be corrected immediately.
  5. Recognizing the importance of protecting personal information, we shall establish an internal system for protection of personal information by implementing systematic security measures and continuously improve them.

Mitsubishi UFJ Lease & Finance
President & CEO Takahiro Yanai

GDPR Privacy Policy

Mitsubishi UFJ Lease & Finance (hereinafter the "Company" or "we") in connection with the provision of the our service (the "Service") to customers (the "Customers") in the European Economic Area (the "EEA", and the countries that are members of the EEA are individually or collectively referred to as "EEA member countries"), the Company shall comply with the EU General Data Protection Regulation (the "GDPR"), the GDPR guidelines, the applicable national laws, guidelines, etc. ("applicable laws"), and therefore hereby establishes this GDPR Privacy Policy in order to appropriately process the personal data of Customers in the EEA.

1. Processing Personal data

(1) Definitions

"Personal data" means any data relating to an identified or identifiable natural person, including, without limitation, Customers' names, addresses, dates of birth, telephone numbers, e-mail addresses.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(2) Types of personal data to be acquired

The types of personal data to be acquired will be specified prior to the provision of the Service by the Company.

(3) Purposes of use of personal data

The purposes of use of personal data collected by the Company will be specified at the time of such collection, and the Company will process the personal data only within the scope of the purposes of use.
In the case of processing the Customers' personal data for purposes other than the above, the Company will notify Customers in advance of such new purposes of use and other matters as required by applicable laws.
By manifesting their intention to consent to GDPR Privacy Policy, Customers will be deemed to have consented to the processing of their personal data by the Company within the scope of the above purposes of use, and the Company will process the Customers' personal data based on such Customers' consent; provided, however, that Customers may withdraw such consent at any time. Even in that case, this will not affect any legitimate processing performed pursuant to consent before the Customers' withdrawal thereof.
The personal data that Customers are to provide is necessary in order for the Company to provide the Service to the Customers, and there may be cases in which Customers who have not provided such data will be unable to use Service.

(4) Retention Period

The Company will retain the Customers' personal data as long as the Company requires such data for achieving the purposes of use specified in 1(3) above, but will promptly delete the same in the case that such data is no longer necessary.

(5) Transfer

The Company may provide the Customers' personal data to third parties such as the subsidiaries and affiliates of the Company, cloud vendors and outside contractors of the Company, etc., to implement the purposes of use specified above. Countries located outside the EEA (including, without limitation, Japan, the same shall apply hereafter) are among the third parties to whom the Company will disclose the Customers' personal data, and the Customers shall be deemed to have consented to the following matters by consenting to this GDPR Privacy Policy:

  • (a) In the case that the country in which the third party is located is outside the EEA, such country does not have the same data protection laws as the EEA, i.e., many of the rights provided to data subjects in the EEA are not given;
  • (b) The Customers' personal data will be provided and processed for the purposes specified in 1(3) above by third parties outside the EEA; and
  • (c) The Customers' personal data will be provided to third parties located outside the EEA.

In addition to the above, in the case that the Company provides the Customers' personal data to a third party located in a country outside the EEA, the Company will ensure that adequate measures are taken concerning the protection of the Customers' personal data by executing standard contract clauses based on the GDPR, etc.

(6) Rights of Customers

The Customers may request from the Company access to, rectification or erasure of, and restriction of processing of their personal data, may object to the processing of the Customers' personal data, and may request data portability. The Company accepts such Customers' requests at the contact point set forth in "2. Contact" below.
The Company may refuse the Customers' requests if the Company deems that there is no basis for such Customers' requests or if they are deemed excessive.
The Customers may raise objections with the data protection authorities having jurisdiction over the location of the Customers' domicile with regard to the processing of their personal data.

2. Contact

In the event of Customers having any questions or concerns regarding this GDPR Privacy Policy or the processing of personal data by the Company, or having any requests concerning the access to, rectification of, erasure of, or restriction of processing of personal data, or regarding data portability, they are requested to please contact the Company.
The contact information for the Company is as follows:

<Mitsubishi UFJ Lease & Finance>
International Legal & Compliance Department
1-5-1 Marunouchi, Chiyoda-ku, Tokyo, 100-6525, Japan
Tel: 010-81-3-6865-3015
Email: kojin_houmu@lf.mufg.jp