This notice is relevant to you if you are:

  • An individual associated with a client or potential client of an MUFG office, such as, an employee, other representative or beneficial owner of a client; or
  • An individual whose personal data are given to an MUFG office by a client or potential client, or which we otherwise receive, in the course of our dealings with that client or potential client.

This notice provides important information about how we process your personal data (Art. 4 (2) of the European General Data Protection Regulation and the UK GDPR respectively (hereinafter “GDPR") and your data protection rights.

For convenience, in this privacy statement we refer to our client or potential client whom you represent, or with whom you are otherwise associated, as our “Client". This privacy notice was last updated on 13 November 2023.

Please note that we may update this notice from time to time, for example, in order to reflect applicable changes in law. The current version of this notice can be accessed at the following website:

Personal data we collect about you

We may collect and process the following personal data about you:

Personal data that you give us:

  • This is personal data about you that you give to us when filling in forms that we (or our Client on our behalf) ask you to complete or corresponding with us by email, telephone, post or otherwise. It may include, for example, your name, address, email address and telephone number; information about your business relationship with us; information about your professional role and background; limited details of your personal life; and identification documentation for verification and authorisation purposes.
  • If you do not provide personal data that we request, we may not be able to provide (or continue providing) relevant services to or otherwise do business with you or our Client.
  • If you are providing us with personal data about other individuals, such as your colleagues, please inform them of the purpose for which you are providing us the personal data and ensure they are aware of this notice.

Personal data that our systems collect about you:

  • If you exchange emails, telephone or video conversations or other electronic communications with us and our staff members, our information technology systems may record details of those communications, including their content.
  • If you visit our websites they will collect some information about you and your visit, including the Internet protocol (IP) address used to connect your device to the Internet and some other information such as your browser type and the pages on our site that you visit. Our websites may also download "cookies" to your device as described in our separate cookie statements on our websites if applicable. [Our cookie statement can be found here: https://www.mufgemea.com/governance/cookies/]
  • Our premises have Closed Circuit TV (CCTV) systems and building access controls for security and safety purposes which may record you if you visit our premises in line with applicable laws and regulations.

Other personal data:

We may also collect personal data from other sources, which we lawfully obtain and are permitted to process. In particular:

  • Your employer or other business contacts, including other financial institutions, may give us personal data about you, such as your contact details or details of your role in our relationship with our Client. If we need to conduct anti-money-laundering or similar background checks involving you this may require more extensive personal data about you – for example, a copy of your passport.
  • We sometimes collect personal data from third party data providers, such as commercial registers, debtor directories, land registers, international sanctions lists, press, media, the internet or other publicly available sources for anti-money-laundering, background checking and similar purposes, and to protect our business and comply with our legal and regulatory obligations.

Why we process your personal data (purpose of the processing)

We process your personal data, as necessary to pursue our legitimate business (article 6 (1) f) GDPR) and other interests (performance of contractual obligations (article 6 (1) b) GDPR) or compliance with a legal obligation (article 6 (1) c) GDPR)), for the following purposes:

  • Providing our products and services to our Client, including to ensure that agreements with and instructions from our Client are authorised and validly executed;
  • Business development (including marketing of our products and services to our Client – we will not send marketing communications to you in your personal capacity or without your consent based on applicable law and only to the extent that you have not objected to having your data used) and managing our relationship with our Client;
  • Assessing and managing the risks facing our businesses, including detecting and preventing fraud and other financial crimes;
  • Managing and improving our systems and processes, including through monitoring and managing their usage;
  • Complying with, or directly or indirectly facilitating compliance with, the requirements in any jurisdiction of any exchange, trading facility, trading system, organised market, clearing house, settlement system, exchange or other infrastructure provider to facilitate clearing and settlement (a “Market");
  • Protecting the security and integrity of our premises, information technology systems and information;
  • Investigating and responding to complaints and other incidents affecting our or our clients' businesses; and
  • Enforcing and defending our legal rights and those of our clients, staff and affiliates, including potential legal claims or disputes.

We also process your personal data to comply with law and regulation (compliance with a legal obligation (article 6 (1) c) GDPR) or in the public interest (article 6 (1) e) GDPR)) and as necessary to pursue our legitimate interests (article 6 (1) f) GDPR) in directly or indirectly facilitating compliance with the requirements of the law, co-operating with our regulators and other authorities, complying with foreign laws, preventing or detecting financial and other crimes and regulatory breaches, and protecting our businesses and the integrity of the financial markets. This involves processing your personal data for the following purposes:

  • Carrying out know-your-client (“KYC"), anti-money laundering, anti-terrorism, anti-market-abuse, anti-bribery and corruption, anti-fraud / other financial crime and sanctions compliance activities, including identity checks and background screening ;
  • Monitoring transactions and reporting on them to competent authorities;
  • Keeping records of communications with our Client, including recording telephone, emails and instant messaging; and
  • Responding to enquires from, and otherwise co-operating with, regulatory, tax, law enforcement and other governmental agencies, Markets, brokers or other intermediaries or counterparties and courts.

Personal data collected by us to comply with a legal obligation (e.g. statutory requirements, including (but not limited to) tax laws, banking supervisory requirements or for the sole purpose of preventing money laundering and terrorist financing (article 6 (1) c) GDPR)) or in the public interest (e.g. responding to disclosure orders from law enforcement officers/agencies (article 6 (1) e) GDPR)) may not be processed in a manner incompatible with these purposes unless we have obtained the individual's express consent (article 6 (1) a) GDPR) or we are otherwise permitted by law.We also process your personal data insofar as you have consented to the processing of your personal data in accordance with article 6 (1) a) GDPR.

Certain processing activities may be outsourced to another MUFG office or a third party service provider for the purposes of carrying out the above processing activities. Relevant and necessary controls and safeguards are in place to ensure that any processing is proportionately carried out in line with our instructions. For more details around transfers of data, please see the section further below on data transfers.

To whom do we disclose your personal data?

We may disclose personal data about you, where reasonably required for the various purposes set out above, to:

  • Other members of the worldwide MUFG group of companies. Details of group may be found at https://www.mufg.jp/english/ourbrand/index.html
  • Your colleagues representing our Client;
  • Counterparty financial institutions, Markets and other persons from whom we receive, or to whom we make, payments, or with whom we conduct other transactions;
  • Our legal, accounting and other professional advisors, so that they can advise us;
  • Third party service providers, including cloud providers of client databases and communication systems, who hold or process your personal data on our behalf, under strict conditions of confidentiality and security;
  • Persons who take over our business and assets, or relevant parts of them;
  • Regulatory, tax, law enforcement or other governmental agencies, courts or litigation counterparties, in any country or territory; and
  • Other persons where we are required by law to disclose.

These disclosures may involve transferring your personal data abroad, including outside the United Kingdom. You should be aware that this may include transfers to so called third countries outside the EU and the European Economic Area (EEA), which do not have similarly strict data privacy laws such as UK/EU laws, including, for example, the United States of America and India. In those cases, we will put in place appropriate safeguards such as data transfer agreements based on the European Commission's standard contractual clauses and UK Addendum to the European Commission's standard contractual clauses ('Model clauses") in accordance with article 46(2) of the GDPR.

[For the purposes set out above, we may transfer your personal data to other entities within the MUFG group. To help govern such transfers, MUFG Group has in place intragroup arrangements which incorporate the Model Clauses as applicable.]

In general terms, we will only transfer personal data to a third country insofar as it is permitted under applicable UK/EU data protection law. Please contact us if you require further information.

Do we have technical and organisational measures in place?

We have put in place appropriate technical and organisational measures to [mitigate] the risks of personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, group entities and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Please contact us if you require further information.

For how long do we keep your personal data?

We retain personal data only for as long as reasonably required to fulfill the purposes described above including for the purposes of satisfying any legal, regulatory, tax related or commercial requirements or to resolve potential legal claims or disputes (e.g. preservation of evidence within the scope of statutes of limitations).

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax related, commercial, or other requirements.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Automated processing

We do not carry out automated decision-making or profiling in relation to your personal information.

Your data protection rights

You have a right of access to the personal data that we hold about you, and to some related information, under data protection law (article 15 GDPR). You can also request any inaccurate personal data to be corrected (article 16 GDPR) or deleted (article 17 GDPR).

You can object to our use of your personal data for direct marketing purposes at any time and you may have the right to object (article 21 GDPR) to our processing of some or all of your personal data (and require them to be deleted), or to restrict (article 18 GDPR) our processing of your information to the bare minimum, in some other circumstances, including a right to data portability (article 20 GDPR) subject to any legal requirements as stated above we may have to hold or share your data.

You have the right to object, on grounds relating to your individual situation, at any time to processing of personal data concerning you which is based on article 6 (1) e) GDPR (public interest) and article 6 (1) f) GDPR (legitimate interests). If you object, we will no longer process your personal data unless there are legal grounds for the processing of your personal data which override your interests or unless the processing is for the exercise or defense of legal claims.

Please contact us if you wish to exercise any of these rights.

You can also lodge complaints with the local data protection authority pursuant to article 77 GDPR, either where you live or work or where the relevant MUFG office is located.

If you have provided consent to have your personal data processed (article 6(1)(a)), then such consent can be revoked at any time. This also applies to any consent granted prior to the GDPR coming into force (prior to 25 May 2018). Please note that any revocation will not apply to lawful processing carried out prior thereto. If you withdraw your consent, we may not be able to continue providing you with certain products and services. We will advise you of this at the time you revoke your consent.

How to contact us

If you have any questions about this privacy notice or our processing of your personal data, or if you wish to exercise your data protection rights, our contact details are below. We are committed to working with you to obtain a fair resolution of any complaint or concerns about privacy.

United Kingdom
MUFG Bank, Ltd
Data Protection Officer
MUFG Bank, Ltd., London Branch
Ropemaker Place, 25 Ropemaker Street,
London EC2Y 9AN, United Kingdom
dpo@uk.mufg.jp

MUFG Securities EMEA plc

Data Protection Officer
MUFG Securities EMEA plc
Ropemaker Place, 25 Ropemaker Street,
London EC2Y 9AJ, United Kingdom
dpo@uk.mufg.jp

France
MUFG Bank, Ltd., Paris Branch
Data Protection Officer
Le Centorial, 18, rue du Quatre Septembre
75002 Paris
France
paris.dpo@fr.mufg.jp

MUFG Securities (Europe) N.V.
Data Protection Officer
Le Centorial, 18, rue du Quatre Septembre
75080 Paris
France
dpo@uk.mufg.jp

Italy
MUFG Bank, Ltd., Milano Branch
Data Protection Officer
Via Filippo Turati, 9
20121 Milano
Republic of Italy
dpo@ita.mufg.jp

The Netherlands, Austria, Belgium, Germany, Spain,

MUFG Bank (Europe) N.V.
Data Protection Officer
MUFG Bank (Europe) N.V.
World Trade Center, Tower I, Strawinskylaan 1887
1077 XX Amsterdam
The Netherlands
dpo@nl.mufg.jp

MUFG Securities (Europe) N.V.
Data Protection Officer
World Trade Center, Tower H, 11th Floor
Zuidplein 98
1077 XX Amsterdam
The Netherlands
dpo@uk.mufg.jp

MUFG Bank (Europe) N.V. Vienna Branch
Data Protection Officer
Schwarzenbergplatz 5/3.2
A-1030 Vienna
Austria
dpo@nl.mufg.jp


MUFG Bank (Europe) N.V. Brussels Branch
Data Protection Officer
Boulevard Louis Schmidt, 29
B-1040 Brussels
Kingdom of Belgium
dpo@nl.mufg.jp

MUFG Bank (Europe) N.V. Germany Branch
Data Protection Officer
Breite Straße 34
40213 Düsseldorf
Germany
dss-dpo@de.mufg.jp

MUFG Bank (Europe) N.V. Spain Branch
Data Protection Officer
C/ José Ortega y Gasset, 29 3 rd Floor
28006 Madrid
Spain
dpo@uk.mufg.jp