This notice is relevant to you if you are, are applying to be, or were formerly, an employee, consultant, contractor, worker, assignee, secondee, trainee, apprentice, work experience student, director or officer of ours, whether on a temporary or permanent basis. It informs you about how we collect, use, store, transfer and otherwise process your personal data for the effective running of our business before, during and after your working relationship with us and about your rights in relation to your personal data.
This privacy notice was last updated on 16 May 2018. We may provide you with other privacy notices on specific occasions.
Personal data we collect about you
Much of the personal data we collect about you will have been given to us directly, but it may also come from other internal sources, such as your manager and colleagues, or in some cases, external sources, such as referees, background check providers and employment agencies or from publicly available sources. To the extent permitted by EU or local law, this personal data includes, but is not limited to:
your title, name, e-mail and telephone details, home address, date and place of birth, gender, marital or civil partnership status, emergency contact information, outside business interests, personal account dealings, images of you;
your application letters, resume/CV, work background, references, education history, professional qualifications, membership of professional associations, other skills, information you provide about your personal life, interview feedback, credit check and criminal record check;
Right to work/immigration:
your citizenship/nationality, passport/identity card information, and residency/work permit information;
your position, title, job grade, division, department, location, managers, reports, staff identification number, employment status and type, terms of employment including benefits information, employment contract, start date, termination date, length of service, and reason for leaving;
Pay and benefits:
your pay, pay reviews, benefits, benefits selections, details of your beneficiaries, dependants and next of kin, tax/social security identification numbers, contributions to social, healthcare and pensions funds, and bank account details;
Performance and conduct:
facts and opinions regarding your performance, performance and talent ratings, development plans, promotions, training records, regulatory certifications, correspondence regarding your conduct and activities, performance improvement plans, records of disciplinary and grievance procedures and related correspondence; and
Work schedule and absences:
your hours worked, building access, overtime, holiday, sickness leave and other absence records.
Please note that in some cases we are required by law or as a consequence of a contractual relationship we have with you to collect certain personal data about you, and your failure to provide the personal data may prevent or delay the fulfilment of these obligations.
We may also collect personal data about you through:
- our information technology systems, which record emails, telephone conversations and other electronic communications and web usage on work systems and devices; and
- closed circuit TV systems and building access controls, which may record your attendance at our premises.
How we use your personal data
We process your personal data where applicable law permits or requires it, including where the processing is necessary for the performance of any contract we may have with you, where the processing is necessary to comply with a legal obligation that applies to us, or for our legitimate interests or the legitimate interests of third parties.
The purposes for which we process your personal data include, to the extent permitted by applicable law and regulation:
To manage our relationship with you:
We process your personal data for performing any contract we have with you and for our legitimate interest in administering, managing and exercising rights and obligations in relation to our relationship with you. This includes, but is not limited to, performing background checks and interviews as part of our recruitment process, assessing qualifications or suitability for a particular role or task, applying for work permits and confirming rights to work, assessing training and development needs, conducting performance reviews and determining performance requirements, managing absences, determining remuneration, administering payroll and benefits including making required income tax and social security deductions, processing work-related claims (for example expenses claims and insurance claims), investigating and managing grievances and disciplinary matters, resolving disputes, providing references, and varying or terminating our relationship.
To comply with laws and regulation:
We process your personal data for the purpose of complying with laws and regulation and pursue our legitimate interests in directly or indirectly facilitating compliance with the requirements of the law, co-operating with our regulators and other authorities, complying with foreign laws, preventing or detecting financial and other crimes and regulatory breaches, and protecting our businesses and the integrity of the financial markets. This includes, but is not limited to, maintaining insider lists, personal account dealings, outside business interests, gifts and entertainment records, managing conflicts of interest, administering and keeping records of training, monitoring compliance with laws and internal policies including through monitoring telephone calls, email and other messaging and web usage, investigating, recording and reporting breaches or potential breaches of laws and internal policies and procedures including suspicious transactions or activities, making available and administering whistleblowing schemes, providing regulatory certifications and references, making registrations with regulatory bodies or other authorities, making conduct-related remuneration adjustments, and complying with information requirements and requests from regulatory, tax, law enforcement and other governmental agencies, and courts.
To ensure our systems and premises are secure:
We process your personal data for our legitimate interests in ensuring network and information security, including preventing unauthorised access to our computer and electronic communications systems, preventing malicious software distribution, testing our cyber resilience and ensuring compliance with our information security policies. This includes, but is not limited to, monitoring of emails, messaging and web usage, and undertaking phishing tests. We also process personal data obtained through closed circuit TV systems and building access controls to ensure the security and safety of our premises.
To manage our workforce and conduct our business:
We process your personal data for our legitimate interests in managing our workforce and resources, conducting our business, planning for the future and protecting our rights. This includes, but is not limited to, for the purposes of promotions, talent and succession planning, managing staff absences, staff transfers, secondments and assignments, compiling staff directories, investigating and managing staff grievances, disciplinary matters and terminations, making business travel arrangements, administering corporate credit cards, conducting business with our clients and counterparties, processing of expenses, administering our insurance, budgeting, accounting and auditing, managing and reporting our financial and non-financial performance, equal opportunities monitoring, performing workforce analysis and planning, undertaking staff surveys, managing mergers, acquisitions, disposals and business reorganisations, assessing and managing the risks facing our business, managing and improving our systems, processes and productivity, protecting the health and safety of staff and others, facilitating staff communication in an emergency, arranging events, seminars and CSR activities, including staff profiles in our publications, business continuity planning, handling complaints and enforcing and defending our legal rights and those of our clients, staff and affiliates.
If you provide us with personal data (including special categories of personal data - see below) about others, such as beneficiaries and emergency contacts, please inform them of the purpose for which you are providing the personal data and relevant information from this notice.
Special categories of personal data
Special categories of personal data include medical information, management of trade union membership, by electronic means, and the management of employee representative bodies. Purposes for which we process special categories of personal data may include where the processing is necessary for us to exercise rights or carry out obligations in connection with employment (for example, processing medical information for statutory sick pay purposes, making reasonable adjustments for disabilities, complying with health and safety obligations, administering health and life insurance policies) and for conducting, establishing, exercising or defending legal claims.
To whom do we disclose your personal data?
We disclose personal data about you, where reasonably necessary for the various purposes set out above, to a number of categories of recipients, including:
- our staff, agents and third-party service providers who provide services to us or on our behalf. Third-party service providers include payroll processors, benefits administration providers (including pension administration, insurance and occupational health and safety service providers), employment and recruitment agencies, background check providers, training providers, cloud providers of our HR databases, archive service providers, business travel agencies, travel security service providers, corporate credit card providers and providers of emergency staff notification systems;
- other members of the worldwide MUFG group of companies, including for managing staff transfers, secondments and assignments, administering whistleblowing schemes, complying with requests from regulatory authorities, complying with internal policies and procedures, performing workforce analysis and planning, budgeting, accounting and auditing;
- our auditors and our legal, accounting and other professional advisors;
- regulatory, tax, law enforcement and other governmental agencies, and courts;
- clients, counterparties and other persons from whom we receive, or to whom we make payments or with whom we conduct transactions; and
- persons who take over our business and assets, or relevant parts of them.
Because we operate as part of a global business, the recipients mentioned above may be located outside the country in which you are based, including countries outside the European Economic Area, which may not have similarly strict data privacy laws, such as Japan. Where the recipients are located in countries where data protection laws may not provide an equivalent level of protection to the laws of the European Economic Area, to protect your personal data, we will put in place appropriate safeguards such as data transfer agreements based on the European Commission's standard contractual clauses in accordance with article 46(2) of the EU General Data Protection Regulation. You may contact us for further information.
For how long do we keep your personal data?
We retain personal data only for as long as reasonably necessary for the purposes described above or as long as required by law or to resolve potential legal claims or disputes.
Your data protection rights
You have certain rights under data protection law regarding your personal data. These include rights to access your personal data, rectify the personal data we hold about you, erase your personal data, restrict our processing of your personal data, and to receive your personal data in a usable electronic format and have it transmitted to a third party (right to data portability), in each case in the circumstances and subject to the exceptions provided by data protection law.
You also have the right to object to our processing of your personal data in certain circumstances. If you would like to exercise this right please use the contact details below.
We encourage you to contact us to update or correct your personal data if it changes or if any personal data we hold about you is inaccurate.
You can lodge complaints with the Commission Nationale de l'Informatique et des Libertés (« CNIL »), competent if you work or live in France an if the complaint is towards MUFG Paris .
Who to contact
If you have any questions about this privacy notice or our processing of your personal data, or if you wish to exercise your data protection rights, please use the contact details below.
We are committed to working with you to obtain a fair resolution of any complaint or concerns about privacy.
MUFG Bank, Ltd.
Data Protection Officer
MUFG Bank, Ltd., Paris Branch
Le Centorial, 18, rue du Quatre Septembre