Last Updated: 4/14/2020

This Privacy Notice explains how SMBC collects, uses, discloses, and otherwise processes personal information.

When we use the terms “SMBC”, “we”, “us” or “our” we mean the following US Affiliates of Sumitomo Mitsui Banking Corporation:

  • SMBC Nikko Securities America, Inc.,
  • SMBC Capital Markets, Inc.,
  • SMBC Leasing and Finance, Inc.,
  • SMBC Rail Services LLC,
  • Sumitomo Mitsui DS Asset Management (USA) Inc.
  • Sumitomo Mitsui Finance and Leasing Co., Ltd. New York Branch
  • JRI America, Inc.

This Privacy Notice does not apply to Manufacturers Bank, which maintains its own separate privacy notice.

This Privacy Notice is not a contract and does not create any legal rights or obligations.

If you are a resident of the State of California in the United States, please click here for additional California-specific privacy disclosures.

Your Privacy is Protected

At SMBC, an important part of our commitment to you is our respect for your right to privacy. Protecting all the information we are either required to gather or which accumulates in the course of doing business with you is a cornerstone of our relationship with you. While the range of products and services we offer continues to expand, and the technology we use continues to change, our commitment to maintaining standards and procedures with respect to security remains constant.

Collection of Personal Information

The primary reason that we collect and maintain information is to more effectively administer our customer relationship with you. It allows us to identify, improve and develop products and services that we believe could be of benefit. It also permits us to provide efficient, accurate and responsive service, to help protect you from unauthorized use of your information and to comply with regulatory and other legal requirements. These include those related to institutional risk control and the resolution of disputes or inquiries.

Various sources are used to collect information about you, including (i) information you provide to us at the time you establish a relationship, (ii) information provided in applications, forms or instruction letters completed by you, (iii) information about your transactions with us, our affiliated companies or others, and/or (iv) information we receive through an outside source, such as a bank or credit bureau. In order to maintain the integrity of client information, we have procedures in place to update such information, as well as to delete it when appropriate. We encourage you to communicate such changes whenever necessary.

Disclosure of Personal Information

SMBC does not disclose any nonpublic, personal information (such as your name, address or tax identification number) about our clients or former clients to anyone, except as permitted or required by law. Consistent with the Fair Credit Reporting Act, we ask your permission before sharing nonpublic, personal information that is not directly related to our transaction or experience with you. We maintain physical, electronic and procedural safeguards to protect such information, and limit access to such information to those employees who require it in order to provide products or services to you.

The law permits us to share client information with companies within the SMBC family which provide financial, credit, insurance, legal, accounting and administrative services to SMBC or its clients. This allows us to enhance our relationship with you by providing a broader range of products to better meet your needs and to protect the assets you may hold with us by preserving the safety and soundness of our firm. You may, however, direct us not to share this information among the SMBC family.

Finally, we are also permitted to disclose nonpublic, personal information to unaffiliated outside parties who assist us with processing, marketing or servicing a financial product, transaction or service requested by you, administering benefits or claims relating to such a transaction, product or service, and/or providing confirmations, statements, valuations or other records or information produced on our behalf.

Updates to This Privacy Notice

SMBC is committed to upholding this Privacy Notice. We will update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the "Last Updated" date at the beginning of this Privacy Notice. All changes shall be effective from the date of publication unless otherwise provided.

Questions?

Call 1 (833) 994-2093 for answers to your questions about this Privacy Notice.

Additional California Privacy Disclosures
Last Updated: 12/27/2019

Scope of Disclosures

These Additional California Privacy Disclosures (the “CA Disclosures”) supplement the information contained in our Privacy Notice and apply solely to individual residents of the State of California (“consumers” or “you”).

These CA Disclosures provide additional information about how we collect, use, disclose and otherwise process personal information of individual residents of the State of California, either online or offline, within the scope of the California Consumer Privacy Act of 2018 (“CCPA”). 

Unless otherwise expressly stated, all terms in these CA Disclosures have the same meaning as defined in our Privacy Notice or as otherwise defined in the CCPA. 

Personal Information Disclosures

When we use the term “personal information” in these CA Disclosures, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

For the purposes of these Disclosures, personal information does not include:

  • Publicly available information from government records.
  • Deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to you.
  • Information excluded from the CCPA's scope, such as:
    • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
    • Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
  • Information reflecting communications or transactions between us and representatives of our customers and other third-party entities in connection with us considering, providing or receiving a product or service to or from the customer or other third-party entity.

 

Collection and Use of Personal Information

In the last 12 months, we have collected the following categories of personal information:

  • Identifiers, such as such as your name, physical address, phone number, email address, or other similar identifiers.
  • California Customer Records (Cal. Civ. Code § 1798.80(e)), such as email address, physical address, and phone number.
  • Commercial Information, such as products or services you may be interested in.
  • Professional/Employment Information, including the business or organization you are associated with and, where applicable, your title with that business or organization and information relating to your role with the business or organization.
  • Inferences, such as deriving products of interest from other personal information we have collected about you.

We collect this information directly from you, from third parties including our prospective and actual customers, agents, and service providers, and from public third-party platforms such as online databases or online directories.

We collect personal information for the purposes described in the Collection of Personal Information and Disclosure of Personal Information sections of our Privacy Notice.  


Disclosure of Personal Information

In the last 12 months, we have not sold personal information about you, but we have disclosed for a business purpose the categories of personal information we collect, explained above. 

Recipients of Personal Information

As described in the Disclosure of Personal Information section of our Privacy Notice, we share personal information within SMBC and with a variety of third parties for business purposes.  Please review our Privacy Notice for more information.

Your California Privacy Rights

As a California resident, you may be able to exercise the following rights in relation to the personal information about you that we have collected (subject to certain limitations at law):

 
The Right to Know

You have the right to request any or all of the following information relating to the personal information we have collected about you or disclosed in the last 12 months, upon verification of your identity:

  • The specific pieces of personal information we have collected about you;
  • The categories of personal information we have collected about you;
  • The categories of sources of the personal information we have collected about you;
  • The categories of personal information that we have disclosed about you to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
  • The categories of personal information we have sold about you (if any), and the categories of third parties to whom this information was sold; and
  • The business or commercial purposes for collecting or, if applicable, selling personal information about you.
The Right to Request Deletion

You have the right to request the deletion of personal information that we have collected from you, subject to certain exceptions.

The Right to Opt Out
of Personal Information Sales

You have the right to direct us not to sell personal information we have collected about you to third parties now or in the future.

If you are under the age of 16, you have the right to opt in, or to have a parent or guardian opt in on your behalf, to such sales.

The Right to Non-Discrimination

You have the right not to receive discriminatory treatment for exercising any of the rights described above.

However, please note that if the exercise of the rights described above limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products or services or engage with you in the same manner.


How to Exercise Your California Privacy Rights

To Exercise Your Right to Know or Right to Deletion

To exercise your right to know and/or right to deletion, please submit a request by:

We will need to verify your identity before processing your request, which may require us to request additional personal information from you or require you to log into your account, if you have one. We will only use personal information provided in connection with a Consumer Rights Request to review and comply with the request.

In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.

To Exercise Your Right to Opt-Out of Personal Information Sales

We do not “sell” personal information as most people think of that term. You may, however, exercise your right to opt out of any future potential sales by using the California privacy rights request.

You do not need to create an account with us to exercise your Right to Opt Out of Personal Information Sales. However, we may ask you to provide additional personal information so that we can properly identify you in our dataset and to track compliance with your opt out request. We will only use personal information provided in an opt out request to review and comply with the request. If you chose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.

Once you make an opt-out request, you may change your mind and opt back in to personal information sales at any time by contacting us using the California privacy rights request.

Additional Information

Updates to These CA Disclosures

We will update these CA Disclosures from time to time. When we make changes to these CA Disclosures, we will change the "Last Updated" date at the beginning of these Disclosures. All changes shall be effective from the date of publication unless otherwise provided in the notification.

Contact Us

If you have any questions or requests in connection with these CA Disclosures or other privacy-related matters, please contact us using the California privacy rights request.

Additional Cayman Islands Privacy Disclosures

The purpose of this notice is to provide you with information on SMBC's use of your personal data in accordance with the Cayman Islands Data Protection Law, 2017 and, in respect of any EU data subjects, the EU General Data Protection Regulation (together, the "Data Protection Legislation").

Your personal data will be processed by SMBC, and by persons engaged by SMBC.  Under the Data Protection Legislation, you have rights, and SMBC has obligations, with respect to your personal data.  The purpose of this notice is to explain how and why SMBC, and persons engaged by SMBC, will use, store, share and otherwise process your personal data. This notice also sets out your rights under the Data Protection Legislation, and how you may exercise them.
 

Your Personal Data

By virtue of being a customer of SMBC, you will provide us with certain personal information which constitutes personal data within the meaning of the Data Protection Legislation.

You may provide us with personal information related to any of our products or services you apply for, currently hold or have held in the past, through correspondence and conversations (including by email), and when you make transactions with respect to SMBC. 

We may also obtain personal data on you from other publicly accessible directories and sources. These may include websites; bankruptcy registers; tax authorities; governmental agencies and departments, and regulatory authorities, to whom we have regulatory obligations; credit reference agencies; sanctions screening databases; and fraud prevention and detection agencies and organizations, including law enforcement.

This includes information relating to you such as: name, residential address, email address, contact details, corporate contact information, signature, nationality, place of birth, date of birth, tax identification, credit history, correspondence records, passport number and bank account details. 
 

How SMBC May Use Your Personal Data

SMBC, as the data controller, may collect, store and use your personal data for purposes including the following.

The processing is necessary for the performance of a contract, including:
  • to deliver our products and services to you;
  • to carry out your instructions related to our products and services;
The processing is necessary for compliance with applicable legal or regulatory obligations, including:
  • undertaking customer due diligence including anti-money laundering and counter-terrorist financing checks, including verifying the identity and addresses of our customers (and, where applicable, their beneficial owners);
  • sanctions screening and complying with applicable sanctions and embargo legislation;
  • complying with requests from regulatory, governmental, tax and law enforcement authorities;
  • surveillance and investigation activities;
  • carrying out audit checks, and instructing our auditors;
  • maintaining statutory registers; and
  • preventing and detecting fraud.

In pursuance of our legitimate interests, or those of a third party to whom your personal data are disclosed, including:
  • complying with a legal, tax, accounting or regulatory obligation to which we or the third party are subject;
  • assessing and processing requests you make;
  • investigating any complaints, or pursuing or defending any claims, proceedings or disputes;
  • providing you with, and informing you about our products and services;
  • managing our risk and operations;
  • complying with audit requirements;
  • ensuring internal compliance with our policies and procedures;
  • protecting SMBC against fraud, breach of confidence or theft of proprietary materials;
  • seeking professional advice, including legal advice;
  • monitoring communications to/from us (where permitted by law); and
  • protecting the security and integrity of our IT systems.
We will only process your personal data in pursuance of our legitimate interests where we have considered that the processing is necessary and, on balance, our legitimate interests are not overridden by your legitimate interests, rights or freedoms.
 

Sharing Your Personal Data

We may share your personal data with our affiliates and delegates. In certain circumstances we may be legally obliged to share your personal data and other financial information with respect to your interest in SMBC with relevant regulatory authorities such as the Cayman Islands Monetary Authority or the Tax Information Authority. They, in turn, may exchange this information with foreign authorities, including tax authorities and other applicable regulatory authorities.

SMBC’s affiliates and delegates may process your personal data on SMBC's behalf, including with our banks, accountants, auditors and lawyers which may be data controllers.  SMBC's services providers are generally processors acting on the instructions of SMBC. SMBC continues to be a data controller even though it may engage service providers and other third parties to perform certain activities on SMBC's behalf.  Additionally, a service provider may use your personal data where it is necessary for compliance with a legal obligation to which it is directly subject (for example, to comply with applicable law in the area of anti-money laundering and counter terrorist financing or where mandated by a court order or regulatory sanction). The service provider, in respect of this specific use of personal data, acts as a data controller.

In exceptional circumstances, we will share your personal data with regulatory, prosecuting and other governmental agencies or departments, and parties to litigation (whether pending or threatened) in any country or territory.
 

Sending Your Personal Data Internationally

Due to the international nature of our business, your personal data may be transferred to jurisdictions that do not offer equivalent protection of personal data as under the Data Protection Legislation. In such cases, we will process personal data or procure that it be processed in accordance with the requirements of the Data Protection Legislation, which may include having appropriate contractual undertakings in legal agreements with service providers who process personal data on our behalf.
 

Retention and Deletion of Your Personal Data

We will keep your personal data for as long as it is required by us. For example, we may require it for our legitimate business purposes, to perform our contractual obligations, or where law or regulation obliges us to. We will generally retain your personal data in line with our data retention policy. Some personal data will be retained after your relationship with us ends.  We expect to delete your personal data (at the latest) once there is no longer any legal or regulatory requirement or legitimate business purpose for retaining your personal data.
 

Automated Decision-Making

We will not make decisions producing legal effects concerning you, or otherwise significantly affecting you, based solely on automated processing of your personal data, unless we have considered the proposed processing in a particular case and concluded in writing that it meets the applicable requirements under the Data Protection Legislation.
 

Your Rights

You have certain data protection rights, including the right to:

  • be informed about the purposes for which your personal data are processed;
  • access your personal data;
  • stop direct marketing;
  • restrict the processing of your personal data;
  • have incomplete or inaccurate personal data corrected;
  • ask us to stop processing your personal data;
  • be informed of a personal data breach (unless the breach is unlikely to be prejudicial to you);
  • complain to the Data Protection Ombudsman; and
  • require us to delete your personal data in some limited circumstances.
 

Contact Us

We are committed to processing your personal data lawfully and to respecting your data protection rights. Please contact us if you have any questions about this notice or the personal data we hold about you by: