Handling of Personal Information

As an entity that handles personal information, Chubb Insurance Japan (“we”, “us” or “our”) profoundly understand the importance of personal information protection; properly handle personal information (meaning personal information prescribed in the Act on the Protection of Personal Information (the “Privacy Act”)), individual numbers (meaning individual numbers prescribed in the Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure (the “My Number Act”)), and specific personal information (meaning specific personal information prescribed in the My Number Act); and continually review this Privacy Policy and the measures for information security management to enhance them as necessary in compliance with the Privacy Act, the My Number Act, the Guidelines on Personal Information Protection in the Financial Industry (the “FSA Guidelines”), and other applicable laws, regulations and guidelines.
We also continually educate our officers, employees and agents to ensure the proper handling of personal information, individual numbers and specific personal information.

*In the items 1 through 17 stipulated below, “personal information” and “personal data” do not include individual numbers and specific personal information.

  1. Collection of Personal Information
    (For individual numbers and specific personal information, please see the item 6 below.)
    We collect personal information by lawful and fair means and to the extent necessary for the business purposes. For example, we collect personal information through such as insurance application forms, statements of claim, transaction documents, questionnaires, and our Web pages, etc. In addition, we may obtain personal information by recording calls etc. to accurately record contents of various communication, inquiries, consultations, etc.

  2. Purposes of Use of Personal Information
    (For individual numbers and specific personal information, please see the item 6 below.)
    We use the collected personal information only to the extent necessary for the purposes stated below. We state these purposes on our website and on the documents for important information. When we change the purposes of use, we notify the changes to the individuals who can be identified by the collected personal information, or make an announcement on our website.
    The purposes of use are:
    (1) to provide you with our products or information of our products;
    (2) to manage or to provide you with our services/information about our services relating to the purpose (1) above;
    (3) to carry out pre-underwriting evaluations, to underwrite or to manage/provide services of insurance policies;
    (4) to appropriately settle insurance payments and benefit payments;
    (5) to provide you with information on the products and services of our group companies and partner companies;
    (6) to provide you with various information such as events, campaigns and seminars;
    (7) to enter into reinsurance contracts, to claim reinsurance money or to issue notices required under reinsurance contracts with both domestic and overseas reinsurers;
    (8) to collect our receivables;
    (9) to conduct market researches, data analyses or questionnaire surveys for development or study of new products and services;
    (10) to accomplish tasks of handling personal information entrusted by third parties;
    (11) to recruit officers, employees and agents;
    (12) to respond to your inquiries or requests; and
    (13) to provide any other services to successfully complete transactions with customers.

    When handling personal information beyond the extent necessary to achieve these purposes of use, we obtain consent from the individuals who can be identified by the collected personal information except in the cases prescribed in the Privacy Act.

    (See here to learn about the purposes of use of personal information of our directors, officers and employees. )

  3. Provision of Personal Data to Third Parties and Acquisition from Third Parties
    (1) We will not provide your personal data (meaning personal data prescribed in the Privacy Act) to any third parties without your consent except in the following cases:
    ① where your personal data is required by laws and regulations;
    ② where your personal data is shared with vendors or insurance agents working on our behalf to the extent necessary to conduct our business;
    ③ where your personal data is shared with our group companies and partner companies (for further details, please see the item 8 below);
    ④ where your personal data is shared with other non-life insurers (for further details, please see the item 9 below); or
    ⑤ where your personal data is shared with the Ministry of Land, Infrastructure, Transport and Tourism (MLIT) (for further details, please see the item 9 below).

    (2)Except when required by law, when personal data is provided to a third party, we will record the matters related to the provision (what kind of personal data was provided to what kind of recipient, etc.). When acquiring personal data from a third party, we will confirm and record the matters related to the acquisition (what kind of personal data was acquired from what kind of provider, how the third party of the provider acquired the data, etc.).

    (3) When providing reinsurance to domestic and overseas reinsurance companies, we could provide personal data to them based on the individual consent. At the time of application for insurance contract, it is not decided which reinsurance company will be the final reinsurer, and therefore it is not possible to specify in advance the country/region where the reinsurance company is located and information regarding measures taken by the reinsurance company to protect personal information. The countries/regions of foreign reinsurers to which personal data may be provided are listed here.

  4. Handling of Credit Information
    Pursuant to the Ordinance for Enforcement of the Insurance Business Act (the “Ordinance for Enforcement of the IBA”), we will not use credit information provided by credit information reference centers* for any other purposes than investigation of your debt paying ability.
    (*Credit information reference centers are the organizations which collect and provide us with information on your debt paying ability.)

  5. Handling of Sensitive Information
    Pursuant to the Privacy Act and other laws, regulations and guidelines, we will not collect, use or provide any third parties with sensitive information* (includes “special care-required personal information”) unless which is necessary for our business operation and other legitimate purposes. In such cases, we collect, use and provide your sensitive information with your consent to the extent necessary for our insurance services.

    * Sensitive information means the following information:
    - race, creed, social status;
    - medical history, health care and sex life;
    - criminal record, fact of having suffered a crime;
    - enrollment in a labor union;
    - family origin, registered domicile; and
    - other personal information which requires special care in handling so as not to cause unfair discrimination, prejudice or other disadvantages to the principal.

  6. Handling of Individual Numbers and Specific Personal Information
    The purposes of use of individual numbers and specific personal information is limited under the My Number Act, and we will not collect or use these numbers and information beyond the extent necessary to accomplish the limited purposes. Furthermore, we will not provide individual numbers and specific personal information to any third parties except as otherwise permitted by the My Number Act.

  7. Sharing of Personal Data, Individual Numbers and Specific Personal Information with Third Parties Working on Our Behalf
    We may share your personal data, individual numbers and specific personal information with third parties working on our behalf to the extent necessary for accomplishing the purposes of use. According to the predetermined criteria for selecting such third parties, we will check their information management systems prior to entering into contracts, and will conduct necessary and adequate supervision on such third parties.
    We may share your personal data, individual numbers and specific personal information with third parties working on our behalf in some cases including:
    (1) provision of insurance products and process of claims;
    (2) clerical, printing and mailing services concerning insurance contracts;
    (3) developments and operations of information systems; or
    (4) preparation and submission of payment records.
    (Item (4) above includes individual numbers and specific personal information.)

  8. Sharing of Personal Data with Group Companies and Partner Companies
    (We will not share individual numbers and specific personal information with our group companies and partner companies.)
    We may share the following items of your personal data with our group companies and partner companies for the purposes of provision of insurance products, services; provision of information on products and services; judgement concerning underwriting, endorsement or claims payment; data analysis; development and research of new products and services; or management of the group companies.
    (1) Items of personal data: address, full name, telephone number, email address, sex, date of birth, insurance coverage provided through application forms, statement of claims and other documents, other information regarding the purchase of other companies’ products and services related to the insurance policy, and information of insured events.
    (2) Administrator: Chubb Insurance Japan
    Please see here for the location and our representative.
    *For our group companies and partner companies, with which we may share your personal data, see the list of group companies and partner companies stated at the end of this Privacy Policy.

  9. Information Exchange System
    (Individual numbers and specific personal information are not subject to the information exchange system.)
    (1) In order to prevent insurance fraud, we will share your personal data with such parties as other non-life insurers. For more information, please visit the following website:
    Website of the General Insurance Association of Japan (GIAJ) (www.sonpo.or.jp/en/)
    (2) In order to properly oversee our agents, and to hire officers and employees; we will share such personal data as which of agents’ employees with other non-life insurers. We will also share such personal data as which of successful candidates for the qualification examination for insurance agents conducted by the GIAJ with other non-life insurers to enter into insurance agent agreements. For more information, please visit the GIAJ’s website above.
    (3) We will share your personal data with the Non-Life Insurance Rating Organization of Japan to ensure proper payment of compulsory automobile liability insurance. For more information, please visit the following website:
    Website of the Non-Life Insurance Rating Organization of Japan (www.giroj.or.jp/english/)
    (4) In order to eliminate uninsured scooters and small motorcycles with compulsory coverage, we will share the personal data of the insureds of compulsory coverage for such motorcycles with the Ministry of Land, Infrastructure, Transport and Tourism (MLIT) in order for the MLIT to send reminder postcards to the insureds whose insurance policies are expired. For more information, please visit the following website:
    Website of the MLIT (www.mlit.go.jp/index_e.html)

  10. Safeguarding Personal Data, Individual Numbers and Specific Personal Information
    (1) Basic Policy
    To ensure proper handling of personal data and specific personal information, we implement sufficient safeguard measures including development of manuals and implementation of a practical framework and continually enhance the implemented measures. The outline of the measures are as follows from (2) to (7).
    In cases where we share your personal data, individual numbers and specific personal information with third parties working on our behalf to the extent necessary for our business purposes, we determine the criteria for selecting such third parties, will check their information management systems prior to entering into contracts, and will conduct necessary and adequate supervision on such third parties.
    For any inquiries about our safeguards, please contact us at the item 17, “Contact Information”, below.
    (2) Establishment of Rules regarding Handling of Personal Data
    We have handling rules regarding acquisition, use, and storage of personal data.
    (3) Organizational Safety Management Measures
    In addition to defining responsibilities and authorities of employees, we regularly check that personal data is handled in accordance with handling rules.
    (4) Human Safety Management Measures
    We conclude non-disclosure contracts on personal data with employees and provide education and training to employees.
    (5) Physical Safety Management Measures
    We manage entry and exit in areas where personal data is handled, prevent theft of personal data, and physically protect equipment and devices.
    (6) Technical Safety Management Measures
    We control and monitor access to personal data and information systems that handle it.
    (7) Understanding of External Environment
    We implement safety management measures based on understanding of systems for protection of personal information in countries that handle personal data.

  11. Inquiries about Coverage and Insured Events
    For any inquiries about coverage of your insurance policies or claims, please contact our sales offices or agents listed on the insurance certificate you have, or nearby sales offices or agents. We will respond to your inquiries after confirming that the inquirer is the insured or policyholder of the inquired policy.

  12. Notification, Disclosure, Correction, and Discontinuation of Use of Items Related to Personal Data under the Privacy Act
    For the requests under the Privacy Acts such as requests for notification, disclosure, correction and discontinuation of use of your personal data, please contact us at the item 17, “Contact Information”, below. We will firstly ask you to prove your identification, then process your request with your completed request form and respond at a later date.

  13.  Handling of Anonymously Processed Information
    (1) Creation of Anonymous Processed Information
    When creating anonymously processed information (information about individuals obtained by processing personal information with measures stipulated by laws in order not to identify a specific individual, and so that the personal information cannot be restored) we will take the following measures.
    ・Appropriate processing should be performed in accordance with the standards stipulated by law
    ・Take safety management measures to prevent leakage of deleted information and information on processing methods in accordance with the standards stipulated by law
    ・Publicize information items included in created anonymously processed information
    ・Do not act to identify the person of personal information that was source of creation
    (2) Provision of Anonymously Processed Information 
    When we provide anonymously processed information to a third party, we will disclose the items of information about individuals included in anonymously processed information to be provided and methods of provision, and clearly indicate to a third party that the information provided is anonymously processed information.

  14. Handling of Pseudonymized Information
    (1) Creation of Pseudonymized Information
    When we create pseudonymized information (information about an individual obtained by processing personal information with measures stipulated by law in order not to identify a specific individual unless it is collated with other information), we will take the following measures.
    ・Appropriate processing should be performed in accordance with the standards stipulated by law
    ・Take safety management measures to prevent leakage of deleted information and information on processing methods in accordance with the standards stipulated by law
    ・Do not act to identify the person of personal information that was source of creation
    (2) Provision of Pseudonymized Information
    We do not provide pseudonymized information to third parties except in the following cases.
    ① When required by law
    ② When personal data, which is also pseudonymized information, is provided in association with outsourcing to the extent necessary to achieve the purpose of use

  15. Handling of Personally Referable Information
    When we provide personally referable information to a third party who acquires it as personal data, we will confirm the following matters with the third party.
    ・The third party has consent from data subjects about the provision of personally referable information.
    ・If the third party is in a foreign country, data subjects are informed about the personal information protection system of the foreign country, the measures taken by the third party for protection of personal information, and other information that should be helpful for the data subjects.

  16. Acquisition, Use and Provision of Information associated with Identifiers such as Cookie
    Cookie is a textual information that is sent from a website when you browse it and is stored in your web browser. A web beacon is a mechanism that sends information when a customer browses a web page or an email by embedding a small image in them. The websites operated by us may store and use your information with cookie, web beacon, or similar technologies (hereinafter referred to as "cookie, etc.").

    In addition, we may acquire web browsing histories collected with cookie, etc. and their analysis results from a data management platform operated by a third party, may link these with customers' personal data, and then may use them for the purpose of advertisements, etc.

  17. Contact Information
    We will immediately and appropriately respond to your complaints and consultation requests concerning handling of personal information, individual numbers and specific personal information. For any inquiries or consultation requests about handling of personal information, individual numbers, specific personal information, personal data retained by us and information on measures necessary to ensure continuous implementation of equivalent measures by third parties in foreign countries, please inquire at:

    Garden City Shinagawa Gotenyama
    6-7-29 Kita-shinagawa
    Shinagawa-ku, Tokyo 141-8679
    www.chubb.com/jp
    Inquiries on the Internet:
    www.chubb.com/jp-jp/contact-us/online-inquiry.html

    Please see here for our representative.

    We are a member of the Foreign Non-Life Insurance Association of Japan, an authorized organization for personal information protection.

    (Authorized Organization for Personal Information Protection)
    Foreign Non-Life Insurance Association of Japan, Inc.
    7F Toranomon Suzuki Building
    3-20-4 Toranomon
    Minato-ku, Tokyo 105-0001
    www.fnlia.gr.jp/english

    Complaints and consultations regarding handling of personal information are accepted at the following contact.

    (Designated Financial ADR Organization)
    General Association Insurance Ombudsman, Inc.
    7F Toranomon Suzuki Building
    3-20-4 Toranomon
    Minato-ku, Tokyo 105-0001
    Tel: 03-5425-7963 (Monday to Friday, 9:00 – 12:00, 13:00 – 17:00, except public holidays)
    www.hoken-ombs.or.jp/(Japanese)

    (Group Companies)
    Our group companies and partner companies, which are referred to in the item 8, “Sharing of Personal Data with Group Companies and Partner Companies”, are as follows.

    Our group companies:  Chubb Limited, our holding company, its subsidiaries, and our subsidiary, Chubb SSI Japan.

    Partner companies: At this time, there is no partner company to share personal data. (As of October 1, 2023)