1. Name and address of the Company and name of the representative
REVOLUT TECHNOLOGIES JAPAN, Inc.
ARK Hills South Tower, 1-4-5 Roppongi, Minato-ku, Tokyo
Representative Director Yoko Makiguchi
2. Acquisition of Personal Information etc.
The Company shall acquire Personal Information etc. in a lawful and fair manner and only to the extent necessary for the provision of its services. The Company shall establish a system to effectively manage and control Personal Information etc. it owns. In addition, the Company shall not acquire sensitive information except for certain exceptions such as when required by laws and regulations (including the Guidelines for the Protection of Personal Information in the Financial Sector).
3. Use of Personal Information etc. and Purpose of Use
The Company shall use Personal Information etc. within the scope of the purpose of use as published or notified when it is so obtained or specified in advance and will use it properly only to the extent necessary for the execution of our business as permitted by law and regulation and shall not use it for any other purposes. Specific purposes of use are as follows.
Purposes of Use
- To conduct KYC (know-your-customer) procedures in the course of creating User accounts;
- To offer services on our platform, such as transferring Users' funds to Revolut accounts, money exchange, money transfer, making refunds to Users, and the like;
- To provide answers to, or respond to inquiries or consultations by, Users;
- To introduce and publicise to the Users the services of the Company and the Revolut Ltd and its subsidiaries and affiliates (hereinafter collectively or individually referred to as the ‘’Group’’);
- To monitor and analyse how Revolut services are used for quality purposes;
- To conduct market research with respect to products and services of the Company and the Group and to research and develop financial products and services by data analysis and questionnaire, etc.;
- To provide maintenance and support for the services of the Company and the Group;
- To notify changes or updates of rules, agreements, regulations, guidelines, risk factors, policies, warnings and other rules (hereinafter collectively referred to as the "Rules") related to the services of the Company and the Group;
- To comply with laws and regulations regarding account utilisation by the Users (including responding to enquiries on and drafting and submitting to suspicious transaction reports to relevant authorities);
- To produce backup data necessary to provide the Revolut services;
- To issue a warning or take disciplinary action, etc. against a User who has, or is at risk of having, breached laws, regulations and the Rules;
- To conduct internal audits for the Company or the Group;
- To contact users in case of emergency;
- To perform work incidental to the above mentioned purposes and offer other services permitted to funds transfer service providers (including any potential business in future), and produce relevant legal and operational records; and
- Any other reason as required by laws and regulations (including submission of information or reports as required by relevant authorities of the Company and the Group).
Notwithstanding the purposes mentioned above, Individual Number and other Specific Personal Information are used only to the extent permitted by the My Number Act (including the preparation of legal documents related to overseas remittance transactions, the preparation of legal documents related to bullion transactions, and other uses) with appropriate security measures and system, which Revolut shall establish and maintain. In addition, notwithstanding the purpose mentioned above, the Company will not use Pseudonymously Processed Information to match it with other information for the purpose of identifying the person pertaining to the original Personal Information or to contact the Users.
Besides, the Company will not use sensitive information except for certain exceptions such as when required by laws and regulations (including the Guidelines for the Protection of Personal Information in the Financial Sector).
4. Changing the Purposes of Use
The Company may change the Purposes of Use to the extent deemed relevant and reasonable and the Company shall notify or make an announcement to the Users when it makes changes.
5. Restrictions on Use of Personal Information etc.
Except where permitted by the PIP Act and other laws and regulations (including the cases specified below), the Company shall not use Personal Information etc. outside of the scope as required to achieve the Purposes of Use, without obtaining User's consent.
- When required or permitted by laws or regulations;
- When necessary to protect life, body or property of an individual, and it is difficult to obtain User's consent;
- Where necessary to address public health or sound development of children, and it is difficult to obtain User's consent; and
- When necessary to cooperate with a government institution, local government, or an individual or entity retained thereby to perform duties or other execution set forth in law or regulation, there is a risk that obtaining the User's consent would hamper the due performance of such matters.
- When Personal Data is provided to an academic research institution, etc., and said academic research institution, etc. needs to handle said Personal Data for academic research purposes (including cases where part of the purpose of handling said Personal Data is for academic research purposes, and excluding cases where there is a risk of unjustified infringement of the rights and interests of individuals).
6. Joint use of Personal Data among the Group
The Company may jointly use Personal Data of Users (including Personal Data that is Pseudonymously Processed Information; hereinafter the same). However, this shall not apply to cases where the consent of Users is required by laws or regulations.
1) The categories of the jointly utilised Personal Data
All Personal Data held by the Company
2) The scope of jointly utilising companies
- Revolut Securities Japan, Inc.
- Revolut Ltd (United Kingdom)
- Revolut Bank UAB (Lithuania)
- Revolut Technologies Inc.
- Revolut Payments Australia Pty Ltd
- Revolut Technologies Singapore Pte. Ltd.
- Other subsidiaries and affiliates of Revolut Ltd
3) Purpose of Use
The Company will jointly use the Personal Data within the scope of the Purposes of Use described in 3. above.
4) Name, address and representative of the company responsible for the management of Personal Data
The Company is responsible for the management of Personal Data it jointly uses. For the address and representative of the Company, please refer to 1. above.
To the extent necessary to achieve the Purposes of Use, the Company wholly or partly outsources its handling of Personal Data to a third party. The Company chooses as external vendors (including or subcontractors; hereinafter the same) entities which handle Personal Data pursuant to all applicable laws and regulations of Japan and other relevant jurisdictions. Such appointments are within the scope of the Purposes of Use. Upon entering into outsourcing agreements, the Company agrees to the terms of handling Personal Data with such vendors and appropriately oversight their operation.
8. Provision of Personal Data to Third Parties
Except in the case of joint use or outsourcing as described above, the Company, in principle, shall not provide Personal Data to any third party. However, where permitted by laws and regulations or consent of the Users have been obtained to provide the Revolut services, the Company may provide Personal Data to third parties provided that they comply with applicable laws and regulations. Individual Numbers will be provided to third parties only when permitted by laws and regulations. Sensitive information will not be provided to third parties, except for certain exceptions such as when required by laws and regulations (including the Guidelines for the Protection of Personal Information in the Financial Sector).
The Company may jointly use Personal Data with a third party in a foreign country as described in 6. above, and also wholly or partly outsources Personal Data handling operations to a third party in a foreign country. If Users would like to request information on the measures necessary to ensure the continuous implementation of equivalent measures by a third party, as stipulated in Article 28, Paragraph 3 of the PIP Act, regarding a third party in a foreign country (excluding those prescribed by rules of the Personal Information Protection Commission as a foreign country establishing a personal information protection system recognized to have equivalent standards to that in Japan in regard to the protection of an individual's rights and interests) to whom our Personal Data is provided, please contact the inquiry desk in 11. below.
9. Management of Personal Data etc.
- The Company implements appropriate safety measures to keep Users' Personal Data etc. accurate and up-to-date.
- The Company implements appropriate measures to prevent unauthorized access such as minimizing access to Users' Personal Data etc.
- To prevent loss, destruction, falsification and leakage of Personal Data etc., the Company implements appropriate security measures including countermeasures for unauthorized access and computer viruses and establishes and upgrades cybersecurity.
- The Company limits the departments that handle Users' Personal Data etc.and grants minimum access in accordance with the Purposes of Use.
- The Company oversees the operation of external vendors handling Personal Data etc. as needed to ensure the same level of safety measures are implemented.
10. Disclosure/Correction etc./Suspension of Usage/Deletion Based on Request from User
Where a User makes a request for disclosure, correction etc., suspension of use, deletion or suspension of provision to third parties of his/her Personal Data etc., or asks the Company whether it holds his/her Personal Data etc., the Company shall, upon verification of the identity of the requester, respond in accordance with the procedures prescribed by the Company, unless there are special or regulatory reasons not to do so. Fees may be charged if a User asks the Company to disclose or correct his/her information on the system.
Furthermore, a User may verify and correct his/her Personal Data such as name, address, contact information, etc. held by the Company on the Revolut app on the user’s profile page.
11. Contact Information
For requests for disclosure, correction etc., suspension of use, deletion or suspension of provision to third parties of Personal Data etc. or complaints, consultations or other questions concerning the handling of personal data, please contact the Company using the information below.
12. Voluntary Provision
The Company shall obtain Users' Personal Information etc. on this platform upon opening an account or using Revolut services as required by laws and regulations. The Company may request additional Personal Information etc. which is necessary to provide the Revolut services. Generally, provision of additional Personal Information etc. is on a voluntary as opposed to compulsory basis. However, the Company may not be able to provide its services if not provided.
13. Acquisition of Personal Related Information by a Method that a User Cannot Easily Recognize
When applying for the Company service, certain information related to Users that does not identify individuals may be automatically collected through cookies, Internet tags, web beacons etc. Such information may be provided to third parties, but shall not be used to identify any individual by such third parties.
14. Exclusion of Liability
The Company shall take stringent measures to protect Personal Information etc. from outside attacks or threats, but it is also always exposed to such attacks and threats. The Company cannot fully guarantee the effectiveness of its security measures or its ability to prevent unlawful access to its system by unauthorised third parties.
The Company, the Group, contractors and other related parties ,and their officers and employees shall bear no liability whatsoever for damages caused by or that relate to leakage of Personal Information etc. despite reasonable measures implemented by the Company.
16. Compliance with Laws and/or Regulations, Improvements and Enhancements