This notice is relevant to you if you are, are applying to be, or were formerly, an employee, consultant, contractor, worker, assignee, secondee, trainee, apprentice, work experience student, director or officer of ours, whether on a temporary or permanent basis. It informs you about how we collect, use, store, transfer and otherwise process your personal data for the effective running of our business before, during and after your working relationship with us and about your rights in relation to your personal data. This privacy notice does not form part of any contract of employment or other contract to provide services.
This privacy notice was last updated on 18 May 2018. We may provide you with other privacy notices on specific occasions.
Personal data we collect about you
Much of the personal data we collect about you will have been given to us directly, but it may also come from other internal sources, such as your manager and colleagues, or in some cases, external sources, such as referees, background check providers and employment agencies or from publicly available sources. To the extent permitted by EU or local law, this personal data includes, but is not limited to:
your title, name, e-mail and telephone details, home address, date and place of birth, gender, marital or civil partnership status, emergency contact information, outside business interests, personal account dealings, images of you;
your application letters, resume/CV, work background, references, education history, professional qualifications, membership of professional associations, other skills, information you provide about your personal life, interview feedback, credit check and criminal record check (where authorised by EU or local law);
Right to work/immigration:
your citizenship/nationality, passport/identity card information, and residency/work permit information;
your position, title, job grade, division, department, location, managers, reports, staff identification number, employment status and type, terms of employment including benefits information, employment contract, start date, termination date, length of service, and reason for leaving;
Pay and benefits:
your pay, pay reviews, benefits, benefits selections, details of your beneficiaries, dependants and next of kin, tax/social security identification numbers, contributions to social, healthcare and pensions funds, and bank account details;
Performance and conduct:
facts and opinions regarding your performance, performance and talent ratings, development plans, promotions, training records, regulatory certifications, correspondence regarding your conduct and activities, performance improvement plans, records of disciplinary and grievance procedures and related correspondence; and
Work schedule and absences:
your hours worked, building access, overtime, holiday, sickness leave and other absence records.
Please note that in some cases we are required by law or as a consequence of a contractual relationship we have with you to collect certain personal data about you, and your failure to provide the personal data may prevent or delay the fulfilment of these obligations.
We may also collect personal data about you through:
- our information technology systems, which record emails, telephone conversations and other electronic communications and web usage on work systems and devices; and
- closed circuit TV systems and building access controls, which may record your attendance at our premises.
How we use your personal data
We process your personal data where applicable law permits or requires it, including where the processing is necessary for the performance of any contract we may have with you, where the processing is necessary to comply with a legal obligation that applies to us, or for our legitimate interests or the legitimate interests of third parties.
The purposes for which we process your personal data include, to the extent permitted by applicable local law:
To manage our relationship with you:
We process your personal data for performing any contract we have with you and for our legitimate interest in administering, managing and exercising rights and obligations in relation to our relationship with you. This includes, but is not limited to, performing background checks and interviews as part of our recruitment process, assessing qualifications or suitability for a particular role or task, applying for work permits and confirming rights to work, assessing training and development needs, conducting performance reviews and determining performance requirements, managing absences, determining remuneration, administering payroll and benefits including making required income tax and social security deductions, processing work-related claims (for example expenses claims and insurance claims), investigating and managing grievances and disciplinary matters, resolving disputes, providing references, and varying or terminating our relationship.
To comply with laws and regulation:
We process your personal data for the purpose of complying with laws and regulation and to pursue our legitimate interests in directly or indirectly facilitating compliance with the requirements of the law, co¬operating with our regulators and other authorities, complying with foreign laws, preventing or detecting financial and other crimes and regulatory breaches, and protecting our businesses and the integrity of the financial markets. This includes, but is not limited to, maintaining insider lists, personal account dealings, outside business interests, gifts and entertainment records, managing conflicts of interest, administering and keeping records of training, monitoring compliance with laws and internal policies including through monitoring telephone calls, email and other messaging and web usage, investigating, recording and reporting breaches or potential breaches of laws and internal policies and procedures including suspicious transactions or activities, making available and administering whistleblowing schemes, providing regulatory certifications and references, making registrations with regulatory bodies or other authorities, making conduct-related remuneration adjustments, and complying with information requirements and requests from regulatory, tax, law enforcement and other governmental agencies, exchanges, trading facilities, brokers or other intermediaries or counterparties and courts.
To ensure our systems and premises are secure:
We process your personal data for our legitimate interests in ensuring network and information security, including preventing unauthorised access to our computer and electronic communications systems, preventing malicious software distribution, testing our cyber resilience and ensuring compliance with our information security policies. This includes, but is not limited to, monitoring of emails, messaging and web usage, and undertaking phishing tests. We also process personal data obtained through closed circuit TV systems and building access controls to ensure the security and safety of our premises.
To manage our workforce and conduct our business:
We process your personal data for our legitimate interests in managing our workforce and resources, conducting our business, planning for the future and protecting our rights. This includes, but is not limited to, for the purposes of promotions, talent and succession planning, managing staff absences, staff transfers, secondments and assignments, compiling staff directories, investigating and managing staff grievances, disciplinary matters and terminations, making business travel arrangements, administering corporate credit cards, (upon specific request by you) granting funds and/or personal loans, conducting business with our clients and counterparties, processing of expenses, administering our insurance, budgeting, accounting and auditing, managing and reporting our financial and non-financial performance, equal opportunities monitoring, performing workforce analysis and planning, undertaking staff surveys, managing mergers, acquisitions, disposals and business reorganisations, assessing and managing the risks facing our business, managing and improving our systems, processes and productivity, protecting the health and safety of staff and others, facilitating staff communication in an emergency, arranging events, seminars and CSR activities, including staff profiles in our publications, business continuity planning, handling complaints and enforcing and defending our legal rights and those of our clients, staff and affiliates.
If you provide us with personal data (including special categories of personal data -see below) about others, such as beneficiaries and emergency contacts, please inform them of the purpose for which you are providing the personal data and relevant information from this notice.
Special categories of personal data
Special categories of personal data includes race or ethnic origin, political opinion, religious or other beliefs, trade union membership, physical or mental health and sexual life and sexual orientation. Purposes for which we process special categories of personal data may include where the processing is necessary for us to exercise rights or carry out obligations in connection with employment (for example, processing health information for statutory sick pay purposes, making reasonable adjustments for disabilities, complying with health and safety obligations, administering health and life insurance policies and equal opportunities monitoring where permitted by local law) and for conducting, establishing, exercising or defending legal claims.
To whom do we disclose your personal data?
We disclose personal data about you, where reasonably necessary for the various purposes set out above, to a number of categories of recipients, including:
- our staff, agents and third-party service providers who provide services to us or on our behalf. Third-party service providers include payroll processors, benefits administration providers (including pension administration, insurance and occupational health and safety service providers), employment and recruitment agencies, background check providers, training providers, cloud providers of our HR databases, archive service providers, business travel agencies, travel security service providers, corporate credit card providers and providers of emergency staff notification systems;
- other members of the worldwide MUFG group of companies, including for managing staff transfers, secondments and assignments, administering whistleblowing schemes, complying with requests from regulatory authorities, complying with internal policies and procedures, performing workforce analysis and planning, budgeting, accounting and auditing. Details of the group may be found at http://www.mufg.jp/english/profile/globalnetwork/;
- our auditors and our legal, accounting and other professional advisors;
- regulatory, tax, law enforcement and other governmental agencies, exchanges, trading facilities, brokers or other intermediaries, and courts;
- clients, counterparties and other persons from whom we receive, or to whom we make payments or with whom we conduct transactions; and
- persons who take over our business and assets, or relevant parts of them.
Because we operate as part of a global business, the recipients mentioned above may be located outside the country in which you are based, including countries outside the European Economic Area, which may not have similarly strict data privacy laws, such as Japan. Where the recipients are located in countries where data protection laws may not provide an equivalent level of protection to the laws of the European Economic Area, to protect your personal data, we will put in place appropriate safeguards such as data transfer agreements based on the European Commission's standard contractual clauses in accordance with article 46(2) of the EU General Data Protection Regulation. You may contact us for further information.
We maintain appropriate technical and organisational measures to protect against unauthorised or unlawful processing of your personal data and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage to your personal data. Where we engage third parties to process personal data on its behalf, we select processors that provide adequate technical and organisational security measures. These measures are aimed at ensuring the on-going integrity and confidentiality of your personal data.
For how long do we keep your personal data?
We retain personal data only for as long as reasonably necessary for the purposes described above or as long as required by law or to resolve potential legal claims or disputes.
Your data protection rights
You have certain rights under data protection law regarding your personal data. These include rights to access your personal data, rectify the personal data we hold about you, erase your personal data, restrict our processing of your personal data, and to receive your personal data in a usable electronic format and have it transmitted to a third party (right to data portability), in each case in the circumstances provided by data protection law. If you would like to discuss or exercise your data protection rights, please contact us at the details provided below.
You also have the right to object to our processing of your personal data in certain circumstances. If you would like to exercise this right please use the contact details below.
We encourage you to contact us to update or correct your personal data if it changes or if any personal data we hold about you is inaccurate.
You can lodge complaints with the local data protection authority in Italy or other location where you live or work.
Who to contact
If you have any questions about this privacy notice or our processing of your personal data, or if you wish to exercise your data protection rights, please use the contact details below.
We are committed to working with you to obtain a fair resolution of any complaint or concerns about privacy.
MUFG Bank, Ltd.
Data Protection Officer
MUFG Bank, Ltd., Milano Branch
Via Filippo Turati,
Republic of Italy