This notice is relevant to you if you are, or were formerly, an employee, consultant, contractor, worker, assignee, secondee, trainee, apprentice, work experience student, director or officer of ours, whether on a temporary or permanent basis. It informs you about how we collect, use, store, transfer and otherwise process your personal data for the effective running of our business before, during and after your working relationship with us and about your rights in relation to your personal data. This privacy notice does not form part of any contract of employment or other contract to provide services.

This privacy notice was last updated on 16 May 2018. We may provide you with other privacy notices on specific occasions.

Personal data we collect about you

Much of the personal data we collect about you will have been given to us directly, but it may also come from other internal sources, such as your manager and colleagues, or in some cases, external sources, such as referees, background check providers and employment agencies or from publicly available sources. To the extent permitted by EU or local law, this personal data includes, but is not limited to:

Personal details:

your title, name, e-mail and telephone details, home address, date and place of birth, gender, marital or civil partnership status, emergency contact information, outside business interests, personal account dealings, images of you, your partner's name, date of birth and profession, name and date of birth of kids at your charge;

Background:

your application letters, resume/CV, work background, references, education history, professional qualifications, membership of professional associations, other skills, information you provide about your personal life, interview feedback and credit check (where authorised by EU or local law);

Right to work/immigration:

your citizenship/nationality, passport/identity card information, and residency/work permit information;

Role:

your position, title, job grade, division, department, location, managers, reports, staff identification number, employment status and type, terms of employment including benefits information, employment contract, start date, termination date, length of service, and reason for leaving;

Pay and benefits:

  • For employees only: your pay, pay reviews, benefits, benefits selections, details of your beneficiaries, dependants and next of kin, tax/social security identification numbers, contributions to social, healthcare and pensions funds;
  • For all staff: bank account details;

Performance and conduct (for employees only):

facts and opinions regarding your performance, performance and talent ratings, development plans, promotions, training records, regulatory certifications, correspondence regarding your conduct and activities, performance improvement plans, records of disciplinary and grievance procedures and related correspondence; and

Work schedule and absences (for employees only):

your hours worked, building access, overtime, holiday, sickness leave and other absence records.

Please note that in some cases we are required by law or as a consequence of a contractual relationship we have with you to collect certain personal data about you, and your failure to provide the personal data may prevent or delay the fulfilment of these obligations.

We may also collect personal data about you through:

  • our information technology systems, which record emails, telephone conversations and other electronic communications and web usage on work systems and devices as described in our internal policies and procedures (Internet/World Wide Web Policy and other policies and procedures implemented in our Brussels branch); and
  • closed circuit TV systems and building access controls, which may record your attendance at our premises.

How we use your personal data

We process your personal data where applicable law permits or requires it, including where the processing is necessary for the performance of any contract we may have with you, where the processing is necessary to comply with a legal obligation that applies to us, or for our legitimate interests or the legitimate interests of third parties.

The purposes for which we process your personal data include, to the extent permitted by applicable law and regulation:

To manage our relationship with you:

We process your personal data for performing any contract we have with you and for our legitimate interest in administering, managing and exercising rights and obligations in relation to our relationship with you.

  • For employees only: this includes, but is not limited to, performing background checks and interviews as part of our recruitment process, assessing qualifications or suitability for a particular role or task, applying for work permits and confirming rights to work, assessing training and development needs, conducting performance reviews and determining performance requirements, managing absences, determining remuneration, administering payroll and benefits including making required income tax and social security deductions, processing work-related claims (for example expenses claims and insurance claims), investigating and managing grievances and disciplinary matters.
  • For all staff: this includes, but is not limited to, resolving disputes, providing references, and varying or terminating our relationship.

To comply with laws and regulation:

We process your personal data for the purpose of complying with laws and regulation and pursue our legitimate interests in directly or indirectly facilitating compliance with the requirements of the law, co-operating with our regulators and other authorities, complying with foreign laws, preventing or detecting financial and other crimes and regulatory breaches, and protecting our businesses and the integrity of the financial markets. This includes, but is not limited to, maintaining insider lists, personal account dealings, outside business interests, gifts and entertainment records, managing conflicts of interest, administering and keeping records of training, monitoring compliance with laws and internal policies including through monitoring telephone calls, email and other messaging and web usage, investigating, recording and reporting breaches or potential breaches of laws and internal policies and procedures including suspicious transactions or activities, making available and administering whistleblowing schemes, providing regulatory certifications and references, making registrations with regulatory bodies or other authorities, making conduct-related remuneration adjustments, and complying with information requirements and requests from regulatory, tax, law enforcement and other governmental agencies, exchanges, trading facilities, brokers or other intermediaries or counterparties and courts.

To ensure our systems and premises are secure:

We process your personal data for our legitimate interests in ensuring network and information security, including preventing unauthorised access to our computer and electronic communications systems, preventing malicious software distribution, testing our cyber resilience and ensuring compliance with our information security policies. This includes, but is not limited to, monitoring of emails, messaging and web usage, and undertaking phishing tests. We also process personal data obtained through closed circuit TV systems and building access controls to ensure the security and safety of our premises.

To manage our workforce and conduct our business:

We process your personal data for our legitimate interests in managing our workforce and resources, conducting our business, planning for the future and protecting our rights.

  • For employees only: this includes, but is not limited to, for the purposes of promotions, talent and succession planning, managing staff absences, staff transfers, secondments and assignments, compiling staff directories, investigating and managing staff grievances, disciplinary matters and terminations, making business travel arrangements, and administering corporate credit cards.
  • For all staff: this includes, but is not limited to, conducting business with our clients and counterparties, processing of expenses, administering our insurance, budgeting, accounting and auditing, managing and reporting our financial and non-financial performance, equal opportunities monitoring, performing workforce analysis and planning, undertaking staff surveys, managing mergers, acquisitions, disposals and business reorganisations, assessing and managing the risks facing our business, managing and improving our systems, processes and productivity, protecting the health and safety of staff and others, facilitating staff communication in an emergency, arranging events, seminars and CSR activities, including staff profiles in our publications, business continuity planning, handling complaints and enforcing and defending our legal rights and those of our clients, staff and affiliates.

If you provide us with personal data (including special categories of personal data - see below) about others, such as beneficiaries and emergency contacts, please inform them of the purpose for which you are providing the personal data and relevant information from this notice.

Special categories of personal data

Special categories of personal data includes race or ethnic origin, political opinion, religious or other beliefs, trade union membership, physical or mental health and sexual life and sexual orientation. Purposes for which we process special categories of personal data may include where the processing is necessary for us to exercise rights or carry out obligations in connection with employment (for example, processing health information for statutory sick pay purposes, making reasonable adjustments for disabilities, complying with health and safety obligations, administering health and life insurance policies) and for conducting, establishing, exercising or defending legal claims.

To whom do we disclose your personal data?

We disclose personal data about you, where reasonably necessary for the various purposes set out above, to a number of categories of recipients, including:

  • our staff, agents and third-party service providers who provide services to us or on our behalf. Third-party service providers include:
    - for employees only: payroll processors, benefits administration providers (including pension administration, insurance and occupational health and safety service providers), employment and recruitment agencies and corporate credit card providers;
    - for all staff: background check providers, training providers, cloud providers of our HR databases, archive service providers, business travel agencies, travel security service providers and providers of emergency staff notification systems;
  • other members of the worldwide MUFG group of companies, including for managing staff transfers, secondments and assignments, administering whistleblowing schemes, complying with requests from regulatory authorities, complying with internal policies and procedures, performing workforce analysis and planning, budgeting, accounting and auditing. Details of the group may be found at http://www.mufg.jp/english/profile/globalnetwork/;
  • our auditors and our legal, accounting and other professional advisors;
  • regulatory, tax, law enforcement and other governmental agencies, exchanges, trading facilities, brokers or other intermediaries, and courts;
  • clients, counterparties and other persons from whom we receive, or to whom we make payments or with whom we conduct transactions; and
  • persons who take over our business and assets, or relevant parts of them.

Because we operate as part of a global business, the recipients mentioned above may be located outside the country in which you are based, including countries outside the European Economic Area, which may not have similarly strict data privacy laws, such as Japan. Where the recipients are located in countries where data protection laws may not provide an equivalent level of protection to the laws of the European Economic Area, to protect your personal data, we will put in place appropriate safeguards such as data transfer agreements based on the European Commission's standard contractual clauses in accordance with article 46(2) of the EU General Data Protection Regulation. You may contact us for further information.

For how long do we keep your personal data?

We retain personal data only for as long as reasonably necessary for the purposes described above or as long as required by law or to resolve potential legal claims or disputes. Additional information is available in the data retention policy.

Your data protection rights

You have certain rights under data protection law regarding your personal data. These include rights to access your personal data (including the right to request a copy of the personal data we hold about you), rectify the personal data we hold about you, erase your personal data if there is no (longer a) lawful ground for us to process it, restrict our processing of your personal data, and to receive your personal data in a usable electronic format and have it transmitted to a third party (right to data portability), in each case in the circumstances and subject to the exceptions provided by data protection law. If you would like to discuss or exercise your data protection rights, please contact us at the details provided below.

You also have the right to object to our processing of your personal data for which we use legitimate interest as a legal basis, in which case we will cease the processing unless we have compelling legitimate grounds for the processing. If you would like to exercise this right please use the contact details below.

We encourage you to contact us to update or correct your personal data if it changes or if any personal data we hold about you is inaccurate.

You can lodge complaints with the local data protection authority in Belgium or other location where you live or work.

Who to contact

If you have any questions about this privacy notice or our processing of your personal data, or if you wish to exercise your data protection rights, please use the contact details below.

We are committed to working with you to obtain a fair resolution of any complaint or concerns about privacy.

MUFG Bank (Europe) N.V. The Netherlands
Data Protection Officer
MUFG Bank (Europe) N.V.
Address: World Trade Center, Tower I, Strawinskylaan 1887
1077 XX Amsterdam
The Netherlands
dpo@nl.mufg.jp

MUFG Bank (Europe) N.V. Brussels Branch
Data Protection Liaison Officer
MUFG Bank (Europe) N.V. Brussels Branch
Boulevard Louis Schmidt, 29
1040 Brussels
Belgium
compliance@be.mufg.jp