Handling of Personal Information

Corporate Message

Home > Handling of Personal Information

Handling of Personal Information

Tokio Marine International Assistance Co, Ltd.

With customer trust as the foundation of our corporate philosophy and all our activities, we aim to be a company that contributes to the development of society through providing our customers with a sense of security and safety. Guided by this philosophy and as a Data Controller, we comply with the Act on the Protection of Personal Information (the "Privacy Act"), the Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure (the "My Number Act") and other relevant laws and ordinances, the Personal Information Protection Guidelines in the Financial Sector and other relevant guidelines, the Personal Information Protection Guidelines of Non-Life Insurance Companies, issued by the General Insurance Association of Japan, and Tokio Marine Group Privacy Policy in handling personal information as well as individual numbers and specific personal information (hereinafter referred to as "Specific Personal Information, etc.") in a proper manner as described below. Tokio Marine & Nichido Fire Insurance Co., Ltd. ("the Company") takes appropriate measures to ensure that personal information and Specific Personal Information, etc. are secure and make every effort to train insurance agents and employees in the proper handling of information. The Company also performs reviews as needed in order to improve itself in this respect based on the contents outlined below.

* "Personal information" and "personal data" provided in this Privacy Policy exclude Specific Personal Information, etc.

1. Collection of Personal Information

(Please see Clause 7 “Handling of Specific Personal Information, etc.” below with respect to Specific Personal Information, etc.)
The Company collects personal information in a lawful and appropriate manner to the extent necessary in conducting business.

(1) Acquisition from the Individual
The Company acquires personal information through applications for insurance policies of outsourcers, written claims for insurance benefits of outsourcers, transaction documents, the provision of ancillary services, and surveys, etc. Furthermore, in order to accurately record the content of various notifications, inquiries, consultations, etc., the Company may collect personal information by recording telephone conversations, etc.

(2) Acquisition from Third Parties
The Company may acquire personal information from Tokio Marine Group companies, subcontractors, business partners, and other third parties or based on information that is publicly disclosed. The following are specific examples of personal information that the Company acquires from third parties.
o Examples of sources: families of the insured, his/her company or school staff members
o Examples of items of personal information that are acquired:
The insured’s local address, etc.
If the Company acquires personal data from a third party, we will confirm and record matters concerning that acquisition (such as what type of source it was acquired from, what type of personal data was acquired, and how the third-party source acquired the relevant data).

2. Purpose of Use of Personal Information

(Please see Clause 7 “Handling of Specific Personal Information, etc.” below with respect to Specific Personal Information, etc.)
The Company uses personal information only to the extent necessary for the purposes listed below and for the purposes described in Clause 5 “Joint Use with the Company's Group Companies and Business Partners” ” (hereinafter, "Purpose of Use").

(i)   Inquiries for insurance claims of outsourcers
(ii)   Consultation and medical interpreter arrangements
(iii)   Ambulance and car transfer arrangements
(iv) Accommodation and transportation arrangements for rescuers
(v) Body repatriation and local cremation arrangements
(vi) Preparation of medical analysis, evaluation, and specialist reports for each types of insurance
(vii) Introducing, offering, and managing the products and services we provide
(viii) Development of new products and services
(ix) Responding to inquiries and requests
(x) Managing of receivables and obligations held by the Company and the collection of receivables
(xi) Explanations of events, campaigns and seminars, and provision of information
(xii) Making inquiries about products, services provided by the Company
(xiii) Research and development of new products and services through market research, data analysis that includes gathering information on individual customers and comparing that information, and questionnaires, and quality improvement of the Company’s Products and Services that already exist
(xiv) Conservation of information systems, information assets, and business-use property, and security management of the Company’s facilities
(xv) Meetings, testing and other screening procedures pertaining to the hiring of the Company’s employees, communication of the results of screening, and procedures at the time of hiring
(xvi) Performance of contracted services if the processing of personal information was contracted by other business providers
(xvii) Research, development of new products and services, and quality improvement of the Company’s Products and Services that already exist that is carried out jointly with other business providers or research institutions, etc. (including cases of data analysis that includes gathering information on individual customers and comparing that information)
(xviii) Response to inquiries and requests, etc., and provision of information concerning the Company’s business and the Company’s Products and Services (xix) Improvement of business contents and procedures concerning (i) through (xviii) above
(xx) The performance of other businesses related to (i) to (xix) above, the ascertainment and management of various risks, the execution of business in order to smoothly and appropriately perform client transactions and the operation of the Company, and administrative management and shared or overlapping business of Tokio Marine Group companies through a holding company

The Purpose of Use is declared on its website and published within application forms and brochures. If the Company makes any changes to the Purpose of Use, the Company will issue appropriate notices regarding such changes or make a public announcement of such changes on its website.

The Company will obtain your consent, except in the cases laid out in Paragraph 3 of Article 18 of the Privacy Act, if it handles personal information beyond the defined necessary extent.

3. Provision of Personal Data to Third Parties

(Please see Clause 7 “Handling of Specific Personal Information, etc.” below with respect to Specific Personal Information, etc. The Company may also provide personal data to third parties in foreign countries. Please click here for details.)

(1) The Company will not provide personal data to any third parties without prior consent except in the following cases.
o If provision is permitted under laws or ordinances
o If there is a need to protect the life, body, or property of an individual and it is difficult to obtain your consent
o If there is a special need to enhance public hygiene or promote the fostering of healthy children, and it is difficult to obtain your consent
o If there is need to cooperate with a national government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and there is a possibility that obtaining your consent would interfere with the performance of those affairs
o If the relevant third party is an academic research institution, etc., and that third party has a need to handle the relevant personal data for the purpose of academic research (including the case in which part of the purpose of handling that personal data is the purpose of academic research; excluding cases that risk unjustifiably infringing on the rights and interests of individuals)
o If providing personal data to outsourcers, including insurance agents, to the necessary extent required in order to do business (please see Clause 4 “Outsourcing the Handling of Personal Data and Specific Personal Information, etc.” below)
o If personal data is provided in conjunction with the succession of a business due to merger or other grounds
o If personal data is used jointly with the Company's group companies or business partners (Please see Clause 5 "Joint Use with the Company's Group Companies and Business Partners" );

(2) Unless otherwise prescribed by law, rule or regulation, the Company, when providing personal data or individual-related information to a third party (the provision to a third party of individual-related information is the case in which it is anticipated that the recipient will acquire it as personal data), shall record matters concerning the provision (what type of personal data was provided and to whom, etc.).

(3) The Company may use individual-related information received from third parties as personal information by, for example, linking it with other information possessed by the Company. In such cases, the Company will take appropriate measures in accordance with the Privacy Act and related guidelines, such as obtaining your consent.

4. Outsourcing the Handling of Personal Data and Specific Personal Information, etc.

The Company may outsource the handling of personal data and Specific Personal Information, etc. to the extent necessary for achieving the purpose of its utilization. Whenever the Company outsources the handling of personal data and Specific Personal Information, etc., it exercises the necessary and appropriate oversight of outsourcers, such as appropriately selecting outsourcers after setting criteria for their selection, executing outsourcing agreements, and checking their information management systems, including the status of the handling of personal information at the outsourcers.
For instance, the Company outsources the handling of personal data related to the following operations:

(i) Operations relating to assistance services
(ii) Operations relating to the maintenance and operation of information systems

5. Joint Use with the Company's Group Companies and Business Partners

(There is no joint use of Specific Personal Information, etc.)
The Company, Tokio Marine Group companies and their business partners may jointly use the following personal data.

(1) Purpose of Use
The same as the Purpose of Use set forth in (i) through (xx) of Clause 2.

(2) Personal Data:
Address
Name
Telephone number
E-mail address
Sex
Date of birth
Any other policy details and the details of events
Vital data
Data such as physical examination results, itemized statements of medical expenses, treatments, and medications
Work history and qualifications held, etc.
(3) Business operators, etc. that jointly use personal data
• Group companies
Please click here for group companies of Tokio Marine Holdings.
Please click here for group companies of Tokio Marine & Nichido Fire Insurance.
Please click here (Japanese) for group companies of Nisshin Fire & Marine Insurance.
Please click here (Japanese) for group companies of Tokio Marine & Nichido Life Insurance.
Please click here (Japanese) for group companies of Tokio Marine & Nichido Facilities.
• Business partners
The Company does not jointly use personal data with any business partners.

(4) Person responsible
Tokio Marine International Assistance Co, Ltd.
(Please see the Company Information page on our website for our address and the name of our representative, etc.)
* The preceding details do not cover the personal information, Specific Personal Information, etc., anonymously processed information, and pseudonymously processed information of persons engaged in the Company’s operations. The Company also does not jointly use Specific Personal Information, etc.

6. Handling of Sensitive Information

The Company will not collect or use personal information requiring special care and information concerning membership of labor unions, family, domicile of origin, health condition or medical treatment, or sexual orientation (except for information released by the individual himself/herself, government agency, local government, academic research institution, etc., or any party provided in each of the items in paragraph 1 of Article 57 of the Privacy Act or in each of the items in Article 6 of the Ordinance for Enforcement of the Privacy Act, or information which is collected through visual observation or by taking a photograph of the individual and hence the external appearance is evident) except for cases provided by the Privacy Act, other relevant laws, ordinances and guidelines.

7. Handling of Specific Personal Information, etc.

The Purpose of Use of Specific Personal Information, etc. is limited under the My Number Act, and the Company will not collect or use Specific Personal Information, etc. beyond the prescribed Purpose of Use.
The Company will not provide Specific Personal Information, etc. to any third parties except in cases permitted under the My Number Act.

8. Inquiries Regarding Insurance Policies and Insured Events

Please direct inquiries regarding details of insurance policies to the office. The Company will respond after confirming that you are the requesting party.

9. Notice of Matters, Disclosure, Amendment, or Suspension of Use of Personal Data and Specific Personal Information, etc. Held by the Company under the Privacy Act

Please direct requests for any notice of matters, disclosure (including disclosure of third party-provided records), amendment, or suspension of use of personal data and Specific Personal Information, etc. held by the Company under the Privacy Act (“Disclosure, etc. Requests”) to the address listed in Clause 12 “Contact Office” below.
After confirming that you are the requesting party, the Company will ask that you to complete a form and will then provide a response. There will be a fee charged for this service.
Please click here for details of Disclosure, etc. Requests.

10. Security Management Measures

The Company takes security management measures for personal data and Specific Personal Information, etc. to prevent divulgence, loss or damage to retained personal data and Specific Personal Information, etc. Please click here for the details of specific security management measures.

11. Handling of Pseudonymously Processed Information and Anonymously Processed Information

The Company appropriately handles pseudonymously processed information and anonymously processed information. Please click here for details of the handling of pseudonymously processed information and anonymously processed information.

12. Contact Information

The Company will appropriately and promptly respond to any complaints or consultations regarding the handling of personal information, Specific Personal Information, etc., pseudonymously processed information (excluding any that is personal information), and anonymously processed information.
If you have any questions regarding the handling of personal information, Specific Personal Information, etc., pseudonymously processed information (excluding any that is personal information), and anonymously processed information by the Company, suggestions for the secure management of personal data, Specific Personal Information, etc. and anonymously processed information or any other inquiries or consultations, please contact the office below.
Please also contact the office below if you do not desire explanations of new products and services via e-mail or direct mail, etc. from the Company.

Contact Office
Tokio Marine International Assistance Co., Ltd.
(Telephone) 03-3572-8670
(open from 9:00 to 17:00 excluding Saturdays, Sundays, holidays and the new year holiday periods.)
Please see the Company Information page on our website for our address and the name of our representative, etc.

Provision of Personal Data to Third Parties in Foreign Countries

The Company may provide customers’ personal data to third parties in foreign countries as set forth below, and we hereby give notice of information that will be of reference in regard to such provision as follows.

Furthermore, the following countries are excluded from “foreign countries” because they are a “foreign country establishing a personal information protection system recognized to have equivalent standards to that in Japan in regard to the protection of an individual’s rights and interests.” Iceland, Ireland, Italy, the United Kingdom, Estonia, Austria, the Netherlands, Cyprus, Greece, Croatia, Sweden, Spain, Slovakia, Slovenia, the Czech Republic, Denmark, Germany, Norway, Hungary, Finland, France, Bulgaria, Belgium, Poland, Portugal, Malta, Latvia, Lithuania, Liechtenstein, Romania, and Luxembourg

1. If the Transferee Cannot be Identified in Advance When Providing Personal Data to a Third Party in a Foreign Country Based on a Customer’s Consent

The Company uses service providers to arrange assistance services for our overseas customers, as necessary; however, at the time of the customer’s consent, it may not be possible to determine the exact service provider the customer’s personal data will be transferred to, nor the foreign country they are located in.

The following are the main countries that are the locations of the business operators that are the candidates for service providers. (in alphabetical order) China, France, Thailand, the United States of America

Procedures for Disclosure, etc. Requests

1. Request Method

Please direct requests for any notice of the Purpose of Use, disclosure (including disclosure of third party-provided records), amendment, etc. (amendment, addition, or deletion), or suspension of use (suspension of use, deletion, or suspension of third-party provision) of retained personal data under the Privacy Act to the contact information listed below. We will send you the Company’s prescribed request document. Please send it to the Company’s designated contact information after filling out the necessary matters on the request document. At that time, please also send the following documents for the purpose of verifying the identity of the requesting party and identifying the requesting party’s retained personal data or third party-provided records. Please be aware that the requesting party will bear the expenses for sending the request document, etc.

(1) If the requesting party is the individual in question:
o Original of the seal registration certificate (that states the current address and is within three months from the issuance date)
o Copy of a document issued by a public organization such as a driver’s license, health insurance card, or passport
o Copy of insurance policy certificate for the insurance policy for which the Disclosure, etc. Request is being made (only in the case of an insurance policyholder)

(2) If the requesting party is an agent:
o The identity verification documents set forth in (1) above
o Original of the agent’s own seal registration certificate (that states the current address and is within three months from the issuance date)
o Copy of a document issued by a public organization such as the agent’s own driver’s license, health insurance card, or passport
o In the case of a statutory agent, a document that allows confirmation that the agent has authority of statutory representation (such as a transcript of the family register or a written ruling of the commencement of guardianship) o Power of attorney in the case of a privately appointed agent

2. Fees

We will charge 1,000 yen (including consumption tax) as the fee for the request in regard to a notice of the Purpose of Use and a request for disclosure of retained personal data.
In addition, if it is clear that the expenses to implement disclosure, including for processing, etc. of data subject to disclosure, will exceed that amount, we may additionally charge the amount equal to the actual expenses corresponding to the details of your request. With regard to this point, we will separately contact you with an estimated fee amount in advance.
Please transfer the fees to the account designated by the Company. Please be aware that the requesting party will bear the transfer fees.

3. Response Method

We will confirm and investigate, etc. the request details for Disclosure, etc. Requests that we receive, and after confirming the deposit for requests that require fees, we will respond to you by an appropriate method (in principle, paper documents or PDF files). We will respond to the individual in question even in the case of a request by an agent, except in the case of a request by a statutory agent.
We may not be able to comply with your Disclosure, etc. Request if, for example, complying with your request would pose a risk to the life, body, or property or other rights or interests of a third party, if it would risk significantly impeding the appropriate conduct of the Company’s operations, or if it would violate laws and regulations, and in that case, we will communicate that reason to you.

4. Contact Information

(1) For requests and inquiries by telephone:
Tokio Marine International Assistance Co., Ltd.
(Telephone) 03-3572-8670
Hours: 9:00 to 17:00 excluding Saturdays, Sundays, holidays and the new year holiday periods

Security Management Measures

(1) Formulation of Basic Policy
We will formulate basic policies regarding, for example, “compliance with related laws, regulations, and guidelines, etc.” and a “point of contact for handling questions and complaints” in order to ensure the appropriate handling of personal data.

(2) Development of Rules for the Handling of Personal Data
We will formulate personal data handling regulations regarding the method of handling, person responsible or person in charge, and the duties, etc. thereof at each stage of acquisition or input, use or processing, retention or saving, transfer or transmission, deletion or destruction, and responses to leakage incidents, etc.

(3) Organizational Security Management Measures
Together with establishing a person responsible for the handling of personal data, we will clearly specify the employees who handle personal data and the scope of personal data handled by those employees, and develop a system for reporting and communication to the person responsible in the event there is awareness of the fact or an indication of a violation of laws or the handling regulations.

(4) Human Security Management Measures
We will conduct regular training for employees regarding matters to be conscious of regarding the handling of personal data.

(5) Physical Security Management Measures
In areas where personal data is handled, we will control the physical access of employees and restrict devices, etc. that can be brought in, and also take measures to prevent unauthorized persons from viewing personal data.
We will take measures to prevent the theft or loss, etc. of devices, electronic media, and documents, etc. that handle personal data, and also take measures so that personal data is not easily revealed if those devices or electronic media, etc. are transported, including being moved within the office. When destroying personal data, we will carry out deletion that cannot be easily restored or the physical destruction of media on which data is stated or recorded.

(6) Technical Security Management Measures
If information systems (including personal computers and other devices) are used to handle personal data (including the case of sending and receiving, etc. it externally through the Internet, etc.), we will carry out appropriate access control in order to limit the scope of the persons in charge and the personal information database, etc. that is being handled.
We will certify that an employee using an information system that handles personal data is a person with proper authority based on the results of identification.
We will introduce and appropriately operate a structure for protecting information systems that handle personal data from unauthorized external access or unauthorized software
We will implement and appropriately operate measures to prevent the leakage, etc. of personal data in connection with the use of information systems.

(7) Understanding of the External Environment
The Company implements security management measures based on our understanding of the systems for the protection of personal information in the countries in which we handle personal data.

Handling of Pseudonymously Processed Information and Anonymously Processed Information

1. Handling of Pseudonymously Processed Information

(1) Creation of Pseudonymously Processed Information
If the Company creates pseudonymously processed information (i.e., information concerning individuals produced from processing personal information so as to be unable to identify specific individuals without cross-checking it with other information by taking measures prescribed by laws and regulations), the Company will process it appropriately in accordance with standards prescribed in laws and regulations.

(2) Security Management Measures for Pseudonymously Processed Information, etc.
In addition to those prescribed in Clause 10 “Security Management Measures” of the Privacy Policy, the Company will take security management measures pursuant to the provisions of laws and regulations regarding pseudonymously processed information and deleted information, etc. pertaining to such pseudonymously processed information (e.g., descriptions, etc. and individual identification codes deleted from personal information that was used in the creation of pseudonymously processed information, and information on the processing method (limited to information that would allow the personal information that was used in the creation of pseudonymously processed information to be restored)).

(3) Handling of Pseudonymously Processed Information that is Personal Information The Company will implement the following if it handles pseudonymously processed information that is personal information.

o We will use pseudonymously processed information that is personal information to the extent required for the Purpose of Use set forth in Clause 2 “Purpose of Use of Personal Information,” and Clause 5 “Joint Use with the Company’s Group Companies and Business Partners” of the Privacy Policy, and if we will change the Purpose of Use and use it for another purpose, we will publicly announce the changed Purpose of Use
o We will make efforts to delete without delay any personal data that is pseudonymously processed information and deleted information, etc. that no longer needs to be used
o Except in the cases set forth in Paragraph (1) of Clause 3 “Provision of Personal Data to Third Parties” of the Privacy Policy, we will not provide personal data that is pseudonymously processed information to third parties
o We will not cross-check with other information for the purpose of identifying the individual pertaining to the personal information that is the source of the pseudonymously processed information that is personal information
o We will not use contact information or other information included in pseudonymously processed information that is personal information for the purpose of contacting, etc. the individual pertaining to the personal information that is the source of that pseudonymously processed information
o Except in cases permitted pursuant to laws and regulations, we will otherwise handle pseudonymously processed information that is personal information and personal data that is pseudonymously processed information in the same manner as ordinary personal information and personal data

(4) Handling of Pseudonymously Processed Information that is not Personal Information
The Company will implement the following if it handles pseudonymously processed information that is not personal information.

o Except in the cases set forth in Paragraph (1) of Clause 3 “Provision of Personal Data to Third Parties” of the Privacy Policy, we will not provide personal data that is pseudonymously processed information to third parties
o We will supervise employees who handle pseudonymously processed information that is not personal information as necessary and appropriate in accordance with standards prescribed by laws and regulations
o If we outsource the handling of pseudonymously processed information that is not personal information, we will supervise the outsourcers as necessary and appropriate in accordance with standards prescribed by laws and regulations
o We will not cross-check with other information for the purpose of identifying the individual pertaining to the personal information that is the source of the pseudonymously processed information that is not personal information
o We will not use contact information or other information included in pseudonymously processed information that is not personal information for the purpose of contacting, etc. the individual pertaining to the personal information that is the source of that pseudonymously processed information

(5) Changed Purpose of Use
Not applicable

2. Handling of Anonymously Processed Information

(1) Creation, etc. of Anonymously Processed Information
If the Company creates, etc. anonymously processed information (i.e., information concerning individuals produced from processing personal information so as to be unable to identify specific individuals by taking measures prescribed by laws and regulations, and so as to be unable to restore such personal information), we will implement the following.
o We will process it appropriately in accordance with standards prescribed in laws and regulations
o We will take security management measures to prevent the leakage of deleted information and information on processing methods in accordance with standards prescribed in laws and regulations
o We will publicly announce the categories of information that are included in the anonymously processed information that was created
o We will not take actions to identify the individual whose personal information was the source for the creation
o If we acquired anonymously processed information from a third party, we will not acquire deleted information or information on processing methods, or cross-check against other information, for the purpose of identifying the individual pertaining to the personal information that is source

(2) Provision of Anonymously Processed Information
If the Company provides anonymously processed information to a third party, we will publicly announce the categories of information concerning individuals that are included in the anonymously processed information that we intend to provide and the method of provision, and will also clearly state to the third-party recipient that the provided information is anonymously processed information.

(3) Categories of Information Included in Created Anonymously Processed Information
Not applicable

(4) Categories of Information Concerning Individuals Included in Anonymously Processed Information to be Provided and Method of Provision
Not applicable

3. Inquiries

The Company will respond appropriately and quickly to complaints and consultations concerning the handling of anonymously processed information and pseudonymously processed information that is not personal information. For contact information, please see Clause 12 “Contact Information” of the Privacy Policy.

top of page