Privacy Policy

Privacy Policy

Mitsubishi HC Capital Group ("the Group") focuses on enhancing our internal management systems, such as risk management, compliance, internal audits, and other tasks, as one of the most important issues for our businesses.
Recognizing our social responsibility to handle all personal information, including the same of our customers appropriately, the Group sets out our privacy policy below. Through the observance of this policy by every officer and employee of the Group, we will take all possible means to ensure the protection of personal information.

  • In collecting personal information, the purposes of the processing shall be explicitly indicated, and the collected personal information shall be used and provided within the scope of the purposes of the processing.
  • Unless otherwise provided for by laws and ordinances, none of the collected personal information may be disclosed or provided to a third party without the prior consent of the relevant individual.
  • Personal information shall be collected by proper means and handled within the minimal scope required in light of the purposes of the processing.
  • The personal information retained by the Group shall be managed and maintained as accurate and updated information to the extent required for the purposes of the processing.
  • The collected personal information shall be managed appropriately, and sufficient security measures shall be pursued by taking actions to prevent and correct any unauthorized access, loss, disposal, modification, leakage, and other breaches.
  • In handling personal information, the purposes, types, controller, recipients of disclosure, and other related details shall be explicitly indicated to data subjects.
  • In receiving an inquiry about personal information, we will disclose the relevant details without delay after authenticating the inquirer's identity following the Group's predefined procedures, except for the cases set out by laws and ordinances. If any inaccurate information or data is found in the personal information retained by the Group after the disclosure above, we will correct it or suspend the use of the relevant personal information without undue delay. In addition, when we receive any complaint about the handling of personal information, we will respond appropriately and promptly.
  • Recognizing the importance of protecting personal information, we take accountability for compliance with laws, regulations, national guidelines, and other standards related to the protection of personal information. We will also establish internal rules, build internal systems, ensure systematic security for personal information protection, and continuously improve those initiatives.

Enacted April 1, 2021
Revised October 11, 2022
Mitsubishi HC Capital
Representative Director, President & CEO
Takahiro Yanai

GDPR Privacy Policy

Mitsubishi HC Capital (hereinafter the “Company” or “we”) in connection with the provision of the our service (the “Service”) to customers (the “Customers”) in the European Economic Area (the “EEA”, and the countries that are members of the EEA are individually or collectively referred to as “EEA member countries”), the Company shall comply with the EU General Data Protection Regulation (the “GDPR”), the GDPR guidelines, the applicable national laws, guidelines, etc. (“applicable laws”), and therefore hereby establishes this GDPR Privacy Policy in order to appropriately process the personal data of Customers in the EEA.

1. Processing Personal data

(1) Definitions

"Personal data" means any data relating to an identified or identifiable natural person, including, without limitation, Customers' names, addresses, dates of birth, telephone numbers, e-mail addresses.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(2) Types of personal data to be acquired

The types of personal data to be acquired will be specified prior to the provision of the Service by the Company.

(3) Purposes of use of personal data

The Company will collect personal data for the following purposes of use:

  • (i) to set up Customers' accounts;
  • (ii) to provide Services to Customers;
  • (iii) to improve and develop Services; and,
  • (iv) to conduct other activities related to Services.

The Company will process the personal data only within the scope of the purposes of use.
In the case of processing the Customers' personal data for purposes other than the above, the Company will notify Customers in advance of such new purposes of use and other matters as required by applicable laws.
By manifesting their intention to consent to GDPR Privacy Policy, Customers will be deemed to have consented to the processing of their personal data by the Company within the scope of the above purposes of use, and the Company will process the Customers' personal data based on such Customers' consent; provided, however, that Customers may withdraw such consent at any time. Even in that case, this will not affect any legitimate processing performed pursuant to consent before the Customers' withdrawal thereof.
The personal data that Customers are to provide is necessary in order for the Company to provide the Service to the Customers, and there may be cases in which Customers who have not provided such data will be unable to use Service.

(4) Retention Period

The Company will retain the Customers' personal data as long as the Company requires such data for achieving the purposes of use specified in 1(3) above, but will promptly delete the same in the case that such data is no longer necessary.

(5) Transfer

The Company may provide the Customers' personal data to third parties such as the subsidiaries and affiliates of the Company, cloud vendors and outside contractors of the Company, etc., to implement the purposes of use specified above. Countries located outside the EEA (including, without limitation, Japan, the same shall apply hereafter) are among the third parties to whom the Company will disclose the Customers' personal data, and the Customers shall be deemed to have consented to the following matters by consenting to this GDPR Privacy Policy:

  • (a) In the case that the country in which the third party is located is outside the EEA, such country does not have the same data protection laws as the EEA, i.e., many of the rights provided to data subjects in the EEA are not given;
  • (b) The Customers' personal data will be provided and processed for the purposes specified in 1(3) above by third parties outside the EEA; and
  • (c) The Customers' personal data will be provided to third parties located outside the EEA.

In addition to the above, in the case that the Company provides the Customers' personal data to a third party located in a country outside the EEA, the Company will ensure that adequate measures are taken concerning the protection of the Customers' personal data by executing standard contract clauses based on the GDPR, etc.

(6) Rights of Customers

The Customers may request from the Company access to, rectification or erasure of, and restriction of processing of their personal data, may object to the processing of the Customers' personal data, and may request data portability. The Company accepts such Customers' requests at the contact point set forth in "2. Contact" below.
The Company may refuse the Customers' requests if the Company deems that there is no basis for such Customers' requests or if they are deemed excessive.
The Customers may raise objections with the data protection authorities having jurisdiction over the location of the Customers' domicile with regard to the processing of their personal data.

2. Contact

In the event of Customers having any questions or concerns regarding this GDPR Privacy Policy or the processing of personal data by the Company, or having any requests concerning the access to, rectification of, erasure of, or restriction of processing of personal data, or regarding data portability, they are requested to please contact the Company. The contact information for the Company is as follows:

<Mitsubishi HC Capital>
Legal & Compliance Department
5-1, Marunouchi 1-chome, Chiyoda-ku, Tokyo, 100-6525, Japan

About Usage of Cookies and Web beacons

Mitsubishi HC Capital uses cookies*1 and Web beacons (clear GIF)*2 in part of the website to make it more conveniently to use for person.
A person can refuse to receive a cookie, or can display a warning message when receiving a cookie by changing the setting of a web browser. For more details, please see the instructions of a web browser you are using. Moreover, a person can reject a Web beacon by setting to refuse the receipt of a cookie.
But, in the first case, please note that a person may not be able to use the all or part of our services provided in the website.


  • Cookies:
    Mean information exchanged one another between a web server that controls a web site and a web browser that a person uses. Cookies may be saved as files in the disk of a person's PC. If you use a cookie, the web server can track and record information about which pages in the web site the particular computer visits etc. However, we cannot identify the person unless he or she enters the personal information into the web site.
  • Web Beacons:
    Mean technology that functions with a cookie to check how many times a person accesses a particular page. However, we cannot identify the person unless he or she enters the personal information when receiving cookies.

page top