PRIVACY POLICY

3-6-11 Ariake, Koutou-ku, Tokyo

SBI Art Auction Co., Ltd.

Representative Director Tomohiro Fujiyama

We, SBI Art Auction Co., Ltd. (“we”), have established and implemented the following basic policy for the protection of our customers’ personal information and announced the matters concerning the processing of personal information, to build an environment and system that enables customers to do business with us in peace, and in order to gain the trust of customers as a company that handles rare and highly valuable artworks, etc..

■ Compliance with Laws and Regulations

In addition to the Act on the Protection of Personal Information, we will comply with all laws, regulations and national guidelines and standards applicable to the processing of personal information held by us.

■ Acquisition and Use of Personal Information

In order to acquire our customers’ personal information in an appropriate and fair manner, we will disclose or expressly show the purposes of use in advance, or notify or disclose the purposes of use promptly after the acquisition.

In order to ensure that the scope and processing of personal information acquired by us does not exceed the scope necessary to achieve the purposes of use, we will not disclose or provide the acquired personal information to any third party without the relevant customer’s consent, except when permitted to do so as an exception under the laws and regulations. In addition, we will not acquire any special care-required personal information, except when permitted to do so as an exception under the laws and regulations.

■ Security Management of Personal Information

We will strictly manage personal information, and will establish and implement the necessary security control measures (see below) to prevent any leakage, loss or damage of personal information. We will also exercise the necessary and appropriate supervision over employees and contractors who handle personal information.

■ Response to Inquiries and Complaints

We will establish the system and procedure for receiving inquiries and complaints regarding personal information held by us, and will respond thereto within a reasonable period of time.

■ Continuous Improvement of Personal Information Protection System

In order to carry out operations based on this policy, we will establish an internal management system for the protection of personal information and continuously strive to improve such system.

Processing of Personal Information

The following is an explanation regarding how we process the personal information that we will acquire from our customers. Please read the following explanation before providing us with your personal information. If you are located in the European Economic Area or the United Kingdom, please see here.

1. Purposes of Use

We will use the customers’ personal information for the following purposes. If we use the same for purposes other than those listed below, we will obtain the customers’ consent.

  • ⑴ To engage in trading the products we deal with
  • ⑵ To hold and run auctions for sale
  • ⑶ To assess artworks, etc.
  • ⑷ To run a contracting business
  • ⑸ To manage customers regarding new and repeat transactions (including credit services for customers), including making inquiries, confirmations and communications regarding matters related to the transactions
  • ⑹ To distribute and send our magazines and catalogues etc. via e-mail or post
  • ⑺ To introduce services and products, etc. from us and our group companies (see “(2) Scope of Joint Users” of “4. Joint Use”) via e-mail and post
  • ⑻ To respond to customer opinions, enquiries, etc.
  • ⑼ To develop services and improve defects based on customer trends and order histories on the products we deal with
  • ⑽ To improve the convenience of web services: the technical information when the customers access our website is used.
  • ⑾ To engage in recruiting
  • ⑿ To provide the same to third parties, such as financial institutions: we will provide the relevant customer’s personal information, with the customer’s consent, to the banks which we have accounts in for the purpose of investigating measures against money laundering and financing of terrorism.

2. Subcontracting

We may subcontract the processing of our customers’ personal information, and provide the personal information to such subcontractor within the scope necessary to achieve the purposes of use. In such case, we will appropriately manage and supervise the subcontractor, including executing a contract with such subcontractor regarding the processing of the customers’ personal information.

3. Third-Party Disclosure / Provision

Except in those cases set forth below, we will not disclose or provide our customers’ personal information to any third parties:

  • ⑴ cases where we obtain the relevant customer’s consent;
  • ⑵ cases based on laws and regulations;
  • ⑶ cases in which there is a need to protect human life, body or property, and when it is difficult to obtain the customer’s consent;
  • ⑷ cases in which there is a special need to improve public hygiene or promote the fostering of healthy children, and when it is difficult to obtain the customer’s consent; or
  • ⑸ cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted thereby to perform affairs prescribed by laws and regulations, and when there is a possibility that obtaining the customer’s consent would interfere with the performance of the said affairs.

4. Joint Use

We may jointly use the personal information held by us as described in (1) below, with the parties as described in (2) below; provided, however, that we will only use the personal information on the applicants for recruitment described in (1)(d) below for the purposes described in (3)(e) below.

In addition, in cases where the joint use of personal information is restricted by the Financial Instruments and Exchange Act, the Insurance Business Act or other related laws and regulations, we will process the same in accordance with such laws and regulations.

  • ⑴ Items of Personal Information to be Jointly Used

    • (a) Information regarding personal attributes, such as name, address, date of birth, telephone number, e-mail address, information regarding transaction needs, public information
    • (b) Transaction-related information, such as transaction history, information on points, and types of traded products/services, etc.
    • (c) Information necessary for the management of transactions, such as customer numbers, transaction numbers and other control numbers
    • (d) Information on applicants for recruitment at SBI Group companies, such as name, gender, e-mail address, date of birth, address, telephone number, educational background, employment history and motivation for applying.
  • ⑵ Scope of Joint Users

    The scope of joint users is the SBI group companies listed on the following website (“SBI Group Companies”); provided, however, that such scope may be changed at any time.

    https://www.sbigroup.co.jp/english/company/group/

  • ⑶ Purposes of Joint Use

    • (a) When a customer uses services as a member of the services provided by SBI Group Companies

      When a customer uses the services as a registered member of SBI Group Companies, to improve the convenience of the members, such as personal authentication at and after login, and automatic display of member information on various screens

    • (b) Execution of transactions with SBI Group Companies

      When the customer applies to SBI Group companies for reservation or purchase of products or services, applications for prize competitions, etc., or other transactions, to deliver products or services, settle payments, respond to customer inquiries, provide inquiries from SBI Group companies, provide related after-sales services, and perform other operations necessary for the execution of transactions

    • (c) Advertising or Marketing of SBI Group Companies

      • ・To provide information such as various e-mail magazines delivered by SBI Group Companies
      • ・To provide information on the services of SBI Group Companies via e-mail, post or telephone, etc.
      • ・To enable SBI Group companies to provide the customer with content and advertisements based on the customer’s attributes such as gender, age, place of residence and hobbies/preferences, the customer’s purchase history, and the customer’s browsing history of the websites operated by SBI Group companies
      • ・To develop new services and improve existing services by analyzing the usage of the SBI Group companies' services.
      • ・To draw lots and send prizes for questionnaires, campaigns, prize competitions, etc., and to contact the applicants in relation to these activities
    • (d) Respond to inquiries

      To respond to customer inquiries to SBI Group companies via e-mail, post, telephone, etc.

    • (e) Recruitment and Employment

      To use the personal information of those who have submitted their resumes and other personnel information in order to apply for employment at SBI Group companies for the recruitment and selection activities of SBI Group companies

    • (f) Other cases incidental to our operations

    • (g) Others

      The SBI Group companies may use customer personal information for purposes other than those listed in (a) through (f) above in each service provided thereby. In such case, the relevant SBI Group company will post a notice to that effect on the website of the service provided thereby.

  • ⑷ Name of Party for Management of Jointly-Used Personal Information

    1-6-1 Roppongi, Minato-ku, Tokyo

    SBI Holdings, Inc.

    Representative Director, Senior Executive Vice President Takashi Nakagawa

  • ⑸ Contact Information for Joint Use

    SBI Holdings, Inc.
    General Affairs and Human Resources Department

    Telephone: +81-3-6229-0100 (Main telephone number)

5. Accepting Inquiries Related to Disclosure, etc.

If the customer or the customer’s representative requests notification of the purposes of use, disclosure (including disclosure of records of third-party provision), correction (including addition and deletion), suspension of use, erasure or suspension of third-party provision of the customer’s personal information (collectively, “Disclosure, etc.”), we will accept such request through the department responsible for the management of personal information as an information desk (the “Information Desk”) and handle such request as follows. Please click here for the information desk.

  • ⑴ Notification of Purposes of Use

    If the customer requests notification of the purposes of use of its personal information subject to disclosure held by us, we will respond to such request within a reasonable period and scope after verifying the customer’s identity.

  • ⑵ Disclosure

    If the customer requests the disclosure of such customer’s personal information or records of third-party provision in relation to personal information subject to disclosure held by us, we will respond to such request within a reasonable period and scope after verifying the customer’s identity.

  • ⑶ Correction, etc.

    If the customer requests the correction, addition or deletion of such customer’s personal information in relation to personal information subject to disclosure held by us, we will do so within a reasonable period and scope after verifying the customer’s identity.

  • ⑷ Suspension of Use, Erasure and Suspension of Third-Party Provision

    If the customer requests the suspension of use or erasure, or suspension of third-party provision of such customer’s personal information in relation to personal information subject to disclosure held by us, we will do so within a reasonable period and scope after verifying the customer’s identity.

    If we suspend the use of or erase all or part of such information, or suspend the third-party provision thereof, we may not be able to provide services which meet the customer’s request, so we ask for our customers’ understanding and cooperation in this regard.

    We may not be able to respond to requests for the suspension of use, erasure, or suspension of third-party provision of information held in accordance with relevant laws and regulations.

    • Information Desk Procedures

      Details regarding the information desk procedures will be explained when a request is made; provided, however, that, after confirming the identity of the customer or the customer's representative through the methods outlined below, we will respond in writing, by providing electromagnetic records, or by other methods agreed to by the customer (in principle, the method of disclosure shall be the one requested by the customer).

      Alternatively, there may be occasions when we will ask the customer to provide a written application prescribed by us owing to the content of the request.

    • Confirmation of the Identity of the Customer or the Customer's Representative

      When a request is received from a customer, we will confirm the identity of such customer by confirming the original or a copy of the following identification documents; driver’s license, passport, health insurance card, or seal registration certificate, etc. (provided, however, that this only applies to documents that are still within the expiration date or issued within the past three months). In addition, we will confirm the customer’s registered information, such as the name, address, telephone number, by contacting the customer at the registered telephone number the customer has registered with us.

      When a request comes from the customer's representative, in addition to confirming the identity of the representative in the same manner as above, we will confirm that there is a proxy statement from the pertinent customer and the seal registration certificate for the seal on such proxy statement. In addition, we will confirm the customer’s registered information by calling the pertinent customer in the same manner as above.

    • Processing Fees

      We do not receive any processing fees from our customers regarding requests related to Disclosure, etc. However, the customer will be responsible for the fees generated when preparing materials for us related to confirming the above-mentioned identity, and for the travel and communication expenses from the customer to us.

6. Complaints and Inquiries

If the customer has any comments or inquiries about such customer’s personal information held by us, or if the customer wishes to make a complaint about our processing of such customer’s personal information subject to disclosure, please contact our information desk (see here).

7. Voluntariness of Information Provision

We are able to provide appropriate services by obtaining personal information from our customers to the extent and for the purposes necessary to carry out our business, so if we are unable to obtain the customer’s personal information which we request to be provided, we may not be able to provide a level of service which satisfies such customer, or conduct transactions or provide services to such customer.

8. Regarding the Use of Cookie Technology

We use cookies on our website for the purpose of user authentication, verification of login status and improvement of convenience. For the purpose of improving the usability of the website for our customers, the website may record an access log of the customer’s IP address, access date and time, link source, accessed files and browser used, etc. and user logs automatically saved on the server and a technology called “Web Beacons” for such records. While we do not use such technical information in relation to specific customers, the customer may disable cookies by changing the settings on their browser; however, please note that if the customer does so, their ability to use some of the services on the website may be limited. In addition, we have installed social media plug-ins such as Facebook, Twitter and Instagram on our website.

We also use the Google Analytics service provided by Google, Inc. to help us understand how often our customers visit our website. By using Google Analytics, Google, Inc. collects and records information about customer visits to our website based on the cookies we issue. We receive such results from Google, Inc. to understand customer visits to our website.

While the information collected and recorded by Google Analytics does not contain any information that identifies the customer as a specific individual, the customer may stop the collection of such information by disabling Google Analytics in their browser settings.

Security Control Measures

With regard to personal data, we have taken necessary and appropriate security control measures for security management, such as controlling access, restricting the means of removal, and preventing unauthorized access from outside our company, and preventing leakage, loss or damage (“Security Control Measures”) in accordance with the “Guidelines for the Act on the Protection of Personal Information (General Rules Edition)”.

⑴ Formulation of Basic Policy

We have formulated a basic policy to ensure proper processing as an organization as described at the beginning of this policy.

⑵ Establishment of Rules for Processing of Personal Data

In order to implement the following measures, etc., we have formulated Processing Regulations, etc., regarding processing methods, persons responsible or in charge, and their responsibilities, etc.

⑶ Systematic Security Control measures

We have established a meeting body to decide on information management policies, appointed a “Personal Information Protection Manager” and “Information System Management Manager” as the persons in charge of personal information management, and clarified the responsibilities and authority of employees regarding security management.

We have established a system for reporting and contacting the person in charge in the event that we recognize any violation of the law or the handling regulations, or any signs of such violation.

We will establish processing rules and manuals for security control, and conduct evaluations (including audits) of the status of compliance therewith. In addition, we will conduct a review of security control measures.

⑷ Personnel Security Control Measures

We will stipulate the obligation of employees (including dispatched employees) to maintain confidentiality and supervise the status of processing. In addition, we will provide regular training and development on proper processing.

⑸ Technical and Physical Security Control Measures

We have implemented access control measures (such as limiting authorized persons (including measures immediately disabling the accounts of employees who have moved or retired)) and monitoring access status (such as keeping access logs, managing entry and exit).

We have restricted the means by which personal data may be taken out of our company, such as prohibiting recording on external storage media without our permission and regulating e-mail between the inside and outside of our company.

We have also taken protection measures against unauthorized access, such as through the introduction of virus detection systems and the installation of firewalls.

⑹ Understanding of External Environment

For customers located in the European Economic Area or the United Kingdom, we have carried out the Security Control Measures based on our understanding of the personal information protection systems in those countries.

Updates to Policy

We may revise or update this policy from time to time. We will post the revised policy via our website and update the date of revision.

Department Responsible for Management of Personal Information

We have designated the following department as the department responsible for the management of personal information, and strive to process the personal information of customers and employees in an appropriate manner in accordance with the Act on the Protection of Personal Information.

If you have any questions regarding this policy, any comments or consultations regarding personal information, any requests for disclosure of personal information subject to disclosure, or any complaints regarding the processing of personal information subject to disclosure, please contact the following department via telephone, post or e-mail.

Administrative Department, SBI Art Auction Co., Ltd.

TFT Building East Wing, 3-6-11 Ariake, Koto-ku, Tokyo 135-0063 JAPAN

Tel: +81-3-3527-6692

E-mail: artauction@sbigroup.co.jp

Telephone calls are received Monday through Friday from 10:00 a.m. to 5:00 p.m. (JST)

We are closed on weekends, public holidays, and during the year-end and new-year holidays.