Established on April 15, 2014
Latest Revision on February 19, 2025
1. Basic Policy
SBI REIT Advisors Co., Ltd. (the “Company”) shall comply with the Act on the Protection of Personal Information (Act No. 57 of 2003, as amended), the Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure (Act No. 27 of 2013, as amended; the “Number Act”) and other relevant laws and regulations as well as guidelines (the “laws and regulations, etc.”), and endeavor to properly handle, protect and manage personal information which the Company has obtained.
2. Purposes of Use of Personal Information
2-1. Purposes of Use of Personal Information
The Company will use the personal information it has obtained only within the scope of the following purposes. Unless otherwise authorized by laws and regulations, etc., the Company will not use the personal information beyond the scope of the following purposes without obtaining consent from the relevant individuals in advance.
| (a) | Implementation of tasks in the exercise of rights by the unitholders and fulfilment of obligations of NIPPON REIT Investment Corporation (“NIPPON REIT”) that entrusts its asset management to the Company, pursuant to the Act on Investment Trusts and Investment Corporations and other relevant laws and regulations |
|---|---|
| (b) | Administration on information of NIPPON REIT unitholders and provision of information to the unitholders |
| (c) | Borrowing of funds, issuance of investment corporation bonds and offering of investment units by NIPPON REIT |
| (d) | Confirmation and responses with regard to such matters as inquiries to NIPPON REIT, requests for its materials and visitation of NIPPON REIT |
| (e) | Implementation of such tasks as surveys, analyses and investigations for asset management the Company is consigned to conduct |
| (f) | Implementation of tasks related to acquisition and transfer of assets by NIPPON REIT as well as leases, administration and operation of real properties (including verification at the time of transaction, credit research and surveys on right holders), which the Company is consigned to conduct |
| (g) | Proper and smooth implementation of IR activities the Company conducts for NIPPON REIT and other operations of the Company and NIPPON REIT, |
| (h) | Implementation of other operations or clerical works that are incidental or related to the items above and deemed necessary |
2-2. Purposes of Use of Specific Personal Information
Notwithstanding 2-1. above, the Company's purposes of use of specific personal information shall be as follows:
| (1) | Affairs related to Individual Numbers for officers and employees (including dependent relatives of the officers and employees) (including affairs related to the following) (a) Affairs related to withholding tax to be performed by the employer (b) Affairs related to inhabitants tax on individuals to be performed by the employer (c) Affairs related to employment insurance to be performed by the employer (d) Affairs related to health insurance (coverage / benefits payment) to be performed by the employer (e) Affairs related to employees' pension insurance (coverage) to be performed by the employer (f) Other affairs of preparing statutory records, etc. on which the provisions of laws and regulations require Individual Numbers to be stated |
|---|---|
| (2) | Affairs related to Individual Numbers other than for officers and employees (including dependent relatives of the officers and employees) (including affairs related to the following) (a) Affairs of preparing records of payment of remuneration, fees, etc. (b) Affairs of preparing records of payment of dividends, surplus funds, and interest on funds (c) Affairs of preparing records of payment of real estate usage fees, etc. (d) Affairs of preparing records of payment of compensation for acquisition of real estate, etc. (e) Affairs of preparing records for financial instruments transactions, etc. (f) Other affairs of preparing statutory records, etc. on which the provisions of laws and regulations require Individual Numbers to be stated |
3. Collection of Personal Information
3-1. Collection of Personal Information
When the Company collects personal information, it shall do so through legitimate and fair methods. In this regard, the Company shall not employ fraudulent or unjust means to collect personal information, and shall not obtain personal information from any third party that conducts unjust activities such as illegal collection of personal information when the Company knows that it is leaked personal information, etc.
When the Company directly obtains personal information from individuals in writing or through the website, etc., it shall clearly indicate the purposes of use to them in advance. However, indication of the purposes of use may be omitted when they are evidently understood from the circumstances in which such collection is made, or when such collection is based on laws and regulations, etc.
In terms of sensitive information, the Company shall not obtain, use or provide it to third perties without obtaining consent from the relevant individuals in advance, unless otherwise authorized by laws and regulations, etc..
3-2. Collection of Individual Numbers
Notwithstanding 3-1. above, the Company's right to request that the person or another person in charge of affairs related to Individual Numbers provide Individual Numbers shall be limited to cases where necessary for processing the affairs set forth in 2-2. In addition, the request for provision of Individual Numbers shall be made at the point in time when the need arises for processing the concerned affairs or at the point in time when it becomes foreseeable that the concerned affairs will take place.
3-3. Identity Verification
In receiving provision of Individual Numbers, identity verification shall be performed by the methods provided in Article 16 of the Number Act. In addition, in the case of an agent, confirmation of the agent's identity, confirmation of the authority of representation and confirmation of the person's Individual Number shall be performed by the methods provided in said Article.
4. Restrictions on Provision of Personal Information to Third Parties
4-1. Restrictions on Provision of Personal Data to Third Parties
Except for the following cases, the Company shall not disclose or provide personal information it owns to any third party.
| (a) | When consent has been obtained from the relevant individuals |
|---|---|
| (b) | When disclosure or provision is based on laws and regulations |
| (c) | When it is necessary to do so for protecting people's lives, bodies or estates, in cases when it is difficult to obtain consent from the relevant individuals |
| (d) | When it is necessary to do so particularly for improvement in public health or sound development of children, in cases when it is difficult to obtain consent from the relevant individuals |
| (e) | When it is necessary to cooperate with national administrative organs, local governments or parties entrusted by them in conducting administrative operations designated by laws and regulations, in cases when obtaining consent from relevant individuals may cause problems in conducting such operations |
| (f) | When the Company provides personal information to subcontractors which it supervises appropriately, within the scope necessary for achieving the purposes of use |
| (g) | When disclosure or provision is otherwise approved by laws and regulations, etc. |
4-2. Restrictions on Provision of Specific Personal Information to Third Parties
Notwithstanding 4-1. above, the Company shall not provide specific personal information to any third party except in the cases listed in the items of Article 19 of the Number Act.
4-3. Restrictions on Provision of Personal Data to Third Parties in Foreign Countries
The company shall not provide personal data to third parties in foreign countries without obtaining consent from the relevant individuals in advance, unless otherwise authorized by laws and reglations, etc..
5. Security Management of Personal Data
In managing personal data it handles, the Company shall take necessary and appropriate security management measures pursuant to laws and regulations, etc. in order to prevent leakage, losses or damages of the personal data and ensure its safety in other aspects. Necessary and appropriate security control measures include measures necessary and appropriate to prevent the leakage of personal information that The Company has acquired or intends to acquire and that is planned to be treated as personal data.
Specifically,
| (1) | We have established personal information protection rules and other related internal rules that stipulate basic policies and handling procedures, and strive to handle personal data appropriately. |
|---|---|
| (2) | The handling method, responsible person / person in charge, and their respective roles are determined for each stage of acquisition, use, provision, abolition, etc. In addition, we have established a contact and reporting system in the event of leak of information. |
| (3) | We regularly check the handling status of personal data and conduct internal and external audits. |
| (4) | We carry out in-house education and training on the handling of personal data. |
| (5) | In addition to controlling access to personal information, we are working to prevent unauthorized access from the outside by specifying the storage location and enhancing its security. |
When handling the acquired personal data in a foreign country, we will endeavor to take necessary and appropriate safety management measures after understanding the country specific rules and regulation on the protection of personal information. However, at present, we do not plan or intend to handle the acquired personal data in foreign countries.
6. Outsourcing of Handling of Personal Data
The Company may totally or partially outsource handling of personal data it has obtained within the scope necessary for achieving the purposes of its use. When it does so, necessary and appropriate supervision of the consigned parties, such as requiring strict safety management measures, so that they should securely manage the personal data.
7. Disclosure, Corrections, Deletions and Suspension of Use, Etc. of Holding Personal Data
When relevant individuals request for disclosure, corrections, deletions, suspension of use, etc. of their personal data the Company owns, the Company shall respond to their requests pursuant to laws and regulations, etc. after confirming their identities through predetermined procedures. For the reguests, please contact the following and you will be informed of necessary procedures and other matters. Furthermore, you may be reguested to bear predetermined fees for the reguests.
8. Inquiries Relating to Handling of Personal Information
Please contact the following for inguiries relating to handling of personal information.
<Contact for Inquiries>
| Name | SBI REIT Advisors Co., Ltd. Corporate Planning Department, Finance & Planning Division |
|---|---|
| Phone | +81-3-5501-0080 |
| URL | https://www.sbi-sra.co.jp/en/ |
| Operating hours | 9:00 a.m. - 5:30 p.m. (Japan standard time; Monday through Friday excluding public holidays) |
| Address |
1-18-1, Shimbashi, Minato-ku, Tokyo 105-0004 SBI REIT Advisors Co., Ltd. President & CEO Yasushi Iwasa |
9. Authorized Personal Information Protection Organization
The Company is affiliated with the following authorized personal information protection organization. Authorized personal information protection organizations accept complaints and requests for consultation with regard to handling of personal information by business entities affiliated with them. If you have any such complaint or request, please call the following contact for inquiries.
<Contact for Inquiries>
| Name | Investors Enquiry Section The Investment Trusts Association, Japan |
|---|---|
| Phone | +81-3-5614-8440 |
| Operating hours | 9:00 a.m. - 11:30 a.m.; and 12:30 p.m. - 5:00 p.m. (Japan standard time; Monday through Friday excluding public holidays) |
10. Continuous Improvement of the Personal Information Protection System
This privacy policy may be revised due to revisions to laws and regulations, etc. and other reasons. Furthermore, the Company shall work to reinforce and improve its initiatives on protecting personal information by reviewing this privacy policy as needed in addition to its changes pursuant to revisions and abolitions of laws and regulations, etc.
(Reference)
Established on 27 February, 2019
Latest Revision on November 30, 2022
SBI REIT Advisors Co., Ltd. Privacy Notice
in relation to
General Data Protection Regulation
TABLE OF CONTENTS
| 1. | PERSONAL INFORMATION WE USE |
|---|---|
| 2. | PURPOSES AND LEGAL BASIS OF OUR USE OF YOUR PERSONAL INFORMATION |
| 3. | YOUR RIGHTS OVER YOUR PERSONAL INFORMATION |
| 4. | INFORMATION SHARING |
| 5. | INFORMATION SECURITY AND STORAGE |
| 6. | INTERNATIONAL DATA TRANSFER |
| 7. | CONTACT US |
| 8. | CHANGES TO THIS PRIVACY NOTICE |
This privacy notice describes how SBI REIT Advisors Co., Ltd. ('SBI', 'we' or 'us') collects and processes personal information about an individual in the European Economic Area (‘Personal Information’), how we use and protect your Personal Information, and your rights in relation to your Personal Information.
This privacy notice applies to all Personal Information we collect or process about you. Personal Information is information, or a combination of pieces of information that could reasonably allow you to be identified.
1. PERSONAL INFORMATION WE USE
We will collect Personal Information about you from a variety of sources. We may collect your Personal Information from you directly (e.g. when you contact us) or from other sources such as public registrars, credit research agencies, recruiting agencies, employment screening agencies.
1.1 Information we collect directly from you
The categories of information that we collect directly from you are:
| (a) | personal details (e.g. name, date of birth) |
|---|---|
| (b) | contact details (e.g. phone or mobile number, email address, postal address) |
| (c) | educational details (e.g. educational history, qualifications, certifications, skills) |
| (d) | citizenship or immigration information |
| (e) | professional experience |
| (f) | any other information you may choose to provide us in your dealings with us. |
We may be required by law or as a consequence of any contractual relationship we have with you to collect certain Personal Information from you. In such case, your failure to provide the information may prevent or delay the fulfilment of our obligations under the law or the contract.
1.2 Information we collect from other sources:
The categories of information that we collect about you from other sources are:
| (a) | personal details (e.g. name, date of birth) |
|---|---|
| (b) | contact details (e.g. phone number, email address, postal address or mobile number) |
| (c) | background check information |
| (d) | publicly available professional profiles on websites or social media (e.g. LinkedIn) |
| (e) | information about your creditability or reputation |
1.3 Special categories of Personal Information
Some of the categories of information that we collect are special categories of Personal Information (also known as sensitive personal information). In particular, we may process Personal Information that may reveal your racial or ethnic origin, religion or that may relate to your health, such as your medical history and reports on medical diagnoses, injuries and treatment.
We collect such kind of Personal Information only when you give us an explicit consent or as permitted or required by law.
2. PURPOSES AND LEGAL BASIS OF OUR USE OF YOUR PERSONAL INFORMATION
2.1 We use your Personal Information to:
| (a) | perform and enforce any contractual obligation under a contract with us |
|---|---|
| (b) | provide and personalise our services |
| (c) | deal with your enquiries and requests |
| (d) | comply with legal obligations to which we are subject and cooperate with regulators and law enforcement bodies |
| (e) | contact you with marketing and offers relating to products and services offered by us and/or other members of SBI Group Companies (defined in section 4) (unless you have opted out of marketing, or we are otherwise prevented by law from doing so) |
| (f) | personalise the marketing messages we send you to make them more relevant and interesting |
2.2 We must have a legal basis to process your Personal Information. In most cases the legal basis will be one of the following:
| (a) | to fulfil our contractual obligations to you, for example to provide the services, to ensure that invoices are paid correctly, and to ensure you are able to access our premises when required |
|---|---|
| (b) | to fulfil our contractual obligations to you, for example your contact details and bank account details |
| (c) | to comply with our legal obligations, for example obtaining proof of your identity to enable us to meet our anti-money laundering obligations |
| (d) | to comply with our legal obligations to you, for example health and safety obligations while you are on our premises or to a third party (e.g. the taxation authorities) |
| (e) | to meet our legitimate interests, for example screening your background for anti-corruption purpose or to understand how you use our services or products and to enable us to derive knowledge from that enable us to develop new services or products. When we process Personal Information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms |
| (f) | to protect your or another person’s vital interests, for example by providing your health information to a doctor in case of a medical emergency situation. |
| (g) | when you gave us consent to the processing of your Personal Information for the specific purposes (When the legal basis to process your Personal Information is based on your consent, you may withdraw your consent at any time by contacting us using the details at the end of this privacy notice.) |
3. YOUR RIGHTS OVER YOUR PERSONAL INFORMATION
You have certain rights regarding your Personal Information, subject to local law. These include the following rights to:
| ● | access your Personal Information |
|---|---|
| ● | rectify your Personal Information |
| ● | erase your Personal Information |
| ● | restrict our use of your Personal Information |
| ● | object to our use of your Personal Information |
| ● | receive your Personal Information in a usable electronic format and transmit it to a third party (right to data portability) |
| ● | withdraw your consent where our processing is based on your consent |
| ● | lodge a complaint with your local data protection authority. |
We encourage you to contact us to update or correct your information if it changes or if the Personal Information we hold about you is inaccurate.
We will contact you if we need additional information from you in order to honour your requests.
If you would like to discuss or exercise such rights, please contact us at the details below.
4. INFORMATION SHARING
We may share your Personal Information with third parties under the following circumstances:
| ● | Service providers and business partners. We may share your Personal Information with our service providers and business partners that perform marketing services and other business operations for us. For example, we may partner with other companies to process secure payments, fulfil orders, optimize our services, send newsletters and marketing emails, support email and messaging services and analyse information. |
|---|---|
| ● | Our group companies. We work closely with other businesses and companies that fall under SBI Financial Services Co., Ltd. (19F Izumi Garden Tower 1-6-1, Roppongi, Minato-ku, Tokyo 106-6019 Japan) (‘SBI Group Companies’). We may share your Personal Information with SBI Group Companies for marketing purposes or anti-corruption compliance purposes. |
| ● | Law enforcement agency, court, regulator, government authority or other third party. We may share your Personal Information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party. |
| ● | Asset purchasers. We may share your Personal Information with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your Personal Information uses it in a manner that is consistent with this privacy notice. |
Because we operate business globally, the recipients referred to above may be located outside the jurisdiction in which you are located (or in which we provide the services). See section 6 (International Data Transfer) for more information.
5. INFORMATION SECURITY AND STORAGE
We implement reasonable technical and organisational measures to ensure a level of security appropriate to the risk to the Personal Information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of Personal Information. We evaluate these measures on a regular basis to ensure the security of the processing.
We will keep your Personal Information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your Personal Information for a period of time that that in our opinion will enable us to:
| ● | Maintain business records for analysis and/or audit purposes |
|---|---|
| ● | Comply with record retention requirements under the law or under applicable record retention policies |
| ● | Defend or bring any existing or potential legal claims |
| ● | Deal with any complaints regarding the services, to the extent it is reasonably possible for us |
We will delete your Personal Information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.
6. INTERNATIONAL DATA TRANSFER
Your Personal Information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information by the European Commission.
We have and shall put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your personal information is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
7. CONTACT US
SBI REIT Advisors Co., Ltd. (18-1, Shimbashi 1-chome, Minato-ku, Tokyo 105-0004, Japan) is the controller responsible for your Personal Information we collect and process.
If you have questions or concerns regarding the way in which your personal information has been used, please contact cpd@sbi-sra.co.jp.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection authority in your country.
8. CHANGES TO THIS PRIVACY NOTICE
We may modify or update this privacy notice from time to time.
If we change this privacy notice, we will notify you of the changes. Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights.