Deeper understanding leads to better outcomes
Privacy Notice
SMBC GROUP IN THE AMERICAS
Last Updated: February 2024
SMBC Americas Division and affiliates (“SMBCAD”, “us”, “we”) consider your privacy as fundamental to the products and services we provide. This Online Privacy Notice (“Notice”) explains what Personal Information (“PI”) we process about you, and how we collect, share, use, and protect your PI throughout your relationship with us. Contact details are provided in this Notice below. Specific privacy laws, principles, or policies could apply depending on how you interact with us, the financial products or services you may ultimately obtain from us, or the jurisdiction in which we are doing business with you.
This Notice describes the collection and use of PI through our websites, mobile applications, email, our social media sites, and other services that link to this Notice. This Notice, as well as any Addenda to the Notice, can be modified and/or amended at any time at the sole discretion of SMBC without prior notice. This serves as the Notice At Collection for California residents for purposes of the California Consumer Privacy Act (CCPA). In using the mentioned sites and services, you agree to the terms of this Notice.
Please see the following links for the sections that set forth additional information for specific jurisdictions:
If you are a resident of Brazil, please click HERE for additional Brazil-specific disclosures;
If you are a resident of California, please click HERE for additional California-specific disclosures;
If you are a resident of Canada, please click HERE for additional Canada-specific disclosures;
If you are a resident of the Cayman Islands, please click HERE for additional Cayman-specific disclosures;
If you are a resident of Mexico, please click HERE for additional Mexico-specific disclosures.
This Online Privacy Notice applies to you (“you”):
- As an individual related to SMBCAD, or a client, prospective client, or counterparty; specifically, an Employee, Consultant, Contractor, Consumer, Client, Legal Representative, Agent, Shareholder, Investor, or Beneficial Owner;
- If you are a beneficiary of a financial transaction (payment or shares) or contracts, policies or trust; an ultimate beneficial owner; a company shareholder; or an internet user;
- In certain rare circumstances we may collect information about you even if we do not have a direct relationship with you.
What types of Personal Information (“PI”) do we collect?
The PI that we collect pursuant to this Notice is defined as any information that:
- Identifies or can be used to identify you or members of your household;
- Relates back to, describes, may be associated with, or could be linked reasonably with your household;
- Can be used to authenticate you or provide access to an account;
- Relates to you, and may be classified as sensitive PI
The following categories of PI may be collected for business and commercial purposes described in this notice:
- Personal identifiers
- Social Security Number, Driver’s License, National ID, Passport, Visa, Green Card
- Characteristics, and Protected Classifications
- Gender, race, age, citizenship, military status (All considered Sensitive PI (“SPI”))
- Demographic Information
- Date of birth, relationship status
- Financial Information
- Tax ID, account numbers, credit history/score, debit/credit card number (SPI)
- Commercial Account and Transaction Information
- User ID, account holder credentials, authorized signature, account history
- Internet or other Network / Device information
- Usage data, web traffic, mobile carrier, device attributes
- Geolocation Information
- Precise physical location
- Professional Credentials, employment history
- Education, employment history, property ownership, criminal record, dependents, beneficiaries
- Biometric Information
- Signature, fingerprint, voice, retina
- Audio and Visual Information
- Personal photo, personal images, voice recordings
In addition to the PI described above, we collect certain information about your use of our online services. For example, we capture:
- the IP address of the device you use to connect to the online services;
- the type of operating system and browser you use;
- information about the site you came from;
- the parts of our online services you access; and
- the site(s) you visit.
As explained in more detail in our Cookie Notice, we and our third-party partners use cookies (as well as web beacons and other technologies) to collect and store this and other information about your visit to, or use of, our online services. We may later associate the usage and other information we collect online with PI about you, as permitted or required by law.
We work hard to protect your information.
We take our responsibility to protect the privacy and confidentiality of your PI, very seriously. We maintain physical, electronic, and procedural safeguards that comply with applicable legal standards to secure such information from unauthorized access and use, accidental or unlawful alteration and destruction, and other unlawful or unauthorized forms of processing. We hold our employees accountable for complying with relevant policies, procedures, rules, and regulations concerning the privacy and confidentiality of your information.
How, and for what purposes do we use your PI?
In some instances, we create PI about you, such as records of your interactions with us, and details of your accounts. We do not seek to collect or process PI unless it is required or permitted by law; necessary for the detection or prevention of crime; necessary to establish, exercise or defend legal rights; necessary to execute a legitimate business interest; or we have your prior explicit consent. Purposes of processing PI include but are not limited to:
- Authentication of individuals
- Providing products and services to consumers.
- Identifying and preventing fraud.
- Verifying your identity.
- Conducting data analysis and research.
- Improving products and services.
- Marketing and advertising.
- Maintaining internal systems and infrastructure.
- Ensuring compliance with all other applicable laws and regulations.
- Responding to individual, civil, criminal, or regulatory requests.
- Auditing related to a current interaction with the consumer.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity.
- Identifying and debugging errors that impair functionality.
- Permissible short-term transient use.
- For any other use disclosed at, or before the point of collecting the Personal Information.
We may use and otherwise process the information we collect from you to help us deliver our online services including; to administer, evaluate and improve our business (including developing new products and services, improving existing products and services, performing data analysis and other research tasks, communicating with you via any means, and performing accounting, auditing and other internal functions); manage our risks; to market our services and products; and to comply with and enforce applicable laws and regulations, relevant industry standards, contractual obligations and our policies. We also use data that we collect on an aggregate or anonymous basis (such that it does not identify any individuals or clients) for various business purposes, where permissible under applicable laws and regulations.
We collect and use your information based on a lawful basis and only collect what we need.
- Where we are required to establish a legal basis to process your PI as described in this Online Privacy Notice, we will do so on the basis that we have a legitimate business interest in the processing that is not overridden by your interests, fundamental rights, or freedoms, or the processing is needed to comply with applicable law or regulation, to perform under your contract(s) with us, or to protect the vital interests of any individual, or to protect credit, or where we have obtained your prior explicit consent to the processing.
- We take reasonable steps to ensure that the PI we collect and process is limited to what we require to fulfill a specific purpose in connection with the purposes set out in this Online Privacy Notice; it is accurate and, where necessary, kept up to date; and it is erased or rectified without delay if required or upon your valid request. From time to time we may ask you to confirm the accuracy of your PI.
How we use your PI through social media.
We sometimes collect information about you from additional online and off-line services including social media (to the extent you choose to make your PI public), and commercially available third-party sources, such as credit reporting agencies, or background screening services where applicable for applicant screening.
To whom do we disclose your PI?
- We may disclose your PI with the following:
- Affiliates; Subsidiaries and Business Partners:
- We share among our affiliates and business departments when necessary to execute the services we provide, but only in circumstances where such sharing conforms to law, any applicable confidentiality agreements, and our policies and practices.
- We reserve the right to share your PI in connection with a corporate change including a merger, acquisition, or sale of any relevant portion of our business or assets.
- We may need to share your PI with SMBC international affiliates or service providers, or other third parties that are located outside your home country. These countries may have different laws and data protection compliance requirements.
- Service providers; Third parties:
- In order to fulfil some of the purposes described in this Notice, and in accordance with the lawful basis described above, we may, where necessary, share your PI with external parties that perform services on our behalf (e.g., IT service providers, logistics, printing services, telecommunication, debt collection, advisory and distribution, and marketing).
- We may also, where necessary, share your PI with parties such as banking and commercial partners, independent agents, intermediaries or brokers, financial institutions, counterparties, trade repositories with which we have a relationship if such transmission is required to allow us to provide you with the services and products or execute our contractual or legal and/or regulatory obligations or process transactions (e.g., banks, correspondent banks, depositaries, custodians, issuers of securities, paying agents, exchange platforms, insurance companies, payment system operators, issuers or payment card intermediaries, mutual guarantee companies or financial guarantee institutions); service providers or third-party payment providers (information on your bank accounts), for the purposes of providing a payment initiation or account information service at your request; and certain regulated professions such as lawyers, notaries, or auditors particularly when needed under specific circumstances (litigation, audit, etc.) as well as to our insurers.
- We may share information with external parties for all of the purposes listed in this notice pursuant to the lawful basis described.
- Government entities and others who compel sharing or with whom we share for legal or regulatory purposes.
- We may disclose information we have about you as required or permitted by law with regulators and/or independent agencies, local or foreign financial, tax, administrative, criminal or judicial authorities, arbitrators or mediators, public authorities or institutions to which we, or any member of SMBCAD are required to disclose.
- For example, we share information with regulatory agencies and law enforcement officials when we believe in good faith that such disclosures are necessary to comply with legal and/or compliance obligations, in order to satisfy a regulatory request, or protect against fraud.
- Affiliates; Subsidiaries and Business Partners:
How long will we retain your PI?
- We will retain your information in accordance with local regulatory requirements, our records retention schedules, and/or other contractual or legal obligations.
- We will retain your PI for the longer of: a) the period required by applicable law; or b) such other period necessary for us to meet our operational obligations (such as: proper account maintenance, facilitating client relationship management, and/or responding to legal claims or regulatory requests).
- Most PI collected in relation to a specified client is kept for the duration of the contractual relationship plus a specified number of years after the end of the contractual relationship or as otherwise required by applicable law or regulation.
- The criteria used to determine our retention of your PI include but are not limited to:
- whether the information is necessary to manage our business, manage your relationship with us, or satisfy the purpose for which the information was collected,
- whether there is a legal obligation we are subject to (for example, certain laws require the retention of records related to certain transactions for a certain period),
- whether we are subject to a contractual obligation, or
- whether the information is reasonably required to protect or defend our legal rights or property (e.g., due to statutes of limitation, litigation, or regulatory investigations)
- PI collected by Canada Branch will generally be disposed of if it does not have a specific purpose or no longer fulfills its intended purpose.
SMBCAD Alumni
If you are a former employee of SMBC the data retention period begins when all existing benefits or obligations to you, granted to you when you were employed, have concluded. An example of this would be a pension obligation which may continue with you long after you leave SMBC. Once the obligation concludes, the data retention period for that information will begin.
We want to hear from you if you have any questions.
If you have any comments, questions, or concerns about any of the information in this Notice, or any other issues relating to the processing of your PI by SMBC under this Notice, please contact the SMBC America’s Division privacy office at:
1858-SMBC America’s Division, Privacy Office
277 Park Avenue, New York, NY 10017
Email: smbcprivacy@smbcgroup.com
Appendix – Jurisdiction-Specific Disclosures
- Brazil
- Purpose
- The Banco Sumitomo Mitsui Brasileiro S.A.'s ("SMBCB" “We”, “Us”), belongs to the SMBCAD team. Following the Online Privacy Notice standards of SMBC (“Notice”), SMBCB presents this Addendum to the Notice aiming at providing specific clarification on how Personal Information is processed, including its collection, use and protection within SMBCB, as well as what are the rights of data subjects and how they can be exercised within SMBCB’s privacy office, according to SMBCB’s internal procedures and the Brazilian Federal Law no. 13,709 of August 14th, 2018, as amended (Brazilian Privacy Act – “LGPD”).
- When you access or interact with SMBCB’s website or use our services (“Services”), We may store certain information (“Personal Information” or “PI”) about you. Therefore, this Addendum to the Notice applies to “you”, an individual related to SMBCB, or a client, prospective client, or counterparty; specifically, an employee, consultant, contractor, consumer, client, legal representative, agent, shareholder, investor, or beneficial owner, or if you are a beneficiary of a financial transaction (payment or shares) or contracts, policies or trust, or an ultimate beneficial owner, a company shareholder, or an internet user and all other users and customers of the Services, regardless of the tool of access to the Services, including, but not limited to access by computer, cell phone or tablet.
- Some electronic applications or channels of SMBCB may contain specific terms of use and privacy policies, these will complement and/or prevail over the terms of this Addendum, as applicable.
- Who are we?
- SMBCB, severally or jointly with any other company within SMBC, determines the purposes and means of the processing of your PI, therefore being the controller of your PI, responsible for ensuring security, respect for the purpose and transparency of the processing thereof. If you have any comments, questions, or concerns about any of the information in this Addendum, or any other issues relating to the processing of your PI by SMBCB under this Addendum please contact the SMBCB’s privacy office at:
Banco Sumitomo Mitsui Brasileiro S.A.
Address: Avenida Paulista no. 37, 11th and 12th floors, São Paulo/SP
Website: https://www.smbcgroup.com.br/
- SMBCB, severally or jointly with any other company within SMBC, determines the purposes and means of the processing of your PI, therefore being the controller of your PI, responsible for ensuring security, respect for the purpose and transparency of the processing thereof. If you have any comments, questions, or concerns about any of the information in this Addendum, or any other issues relating to the processing of your PI by SMBCB under this Addendum please contact the SMBCB’s privacy office at:
- Why do we process your PI?
- As permitted by law, Personal Information is processed by SMBCB for different purposes, including, but not limited to the ones listed below:
- Execution of services and/or contracts: provision of services by SMBCB, including but not limited to, payment processing, guarantee and/or collateral contracts, service agreements, service order execution, financial and securities transactions, financial contracts, business relationship and customer service.
- Compliance with legal and/or regulatory determinations: complying with regulations, instructions and sectorial norms (i.e. Central Bank of Brazil - BACEN, Securities and Exchange Commission - CVM, National Monetary Council - CMN), conducting compliance procedures such as Know Your Client ("KYC", or partners, employees and service providers), and/or sharing information with regulatory agencies when determined by applicable regulations or the regulatory agencies themselves.
- Regular exercise of SMBCB rights: processing is necessary for the establishment, exercise or defense of legal claims or whenever SMBCB is acting in its judicial capacity.
- Legitimate interests of SMBCB: when there is a relevant and appropriate business and/or legal relationship between SMBCB and you, provided that your interests or your fundamental rights and freedoms of are not overriding, taking into consideration your reasonable expectations based on your relationship with SMBCB.
- Credit protection: credit protection within Brazilian Financial System, such as assessing and managing credit limits and consulting SMBCB’s client's credit score.
- In activities aimed at fraud prevention: conducting internal investigations, such as to validate claims reports on such matter or identification and authentication procedures to access SMBCB platforms.
- Indirect product marketing: upon specific consent for such purpose.
- As permitted by law, Personal Information is processed by SMBCB for different purposes, including, but not limited to the ones listed below:
- How is the data collected?
- For SMBCB to provide its services and offer its products, certain information must be collected. We process Personal Information of persons who has or had a relationship with SMBCB such as, customers, attorneys, employees, persons related to entities/companies that has or had a relationship with SMBCB, among others. Only the data strictly necessary for achieving the purposes of the processing of PI will be collected.
- Personal Information provided directly by SMBCB’s customers: SMBCB will collect all Personal Information entered or actively forwarded by the user when registering on our website or through SMBCB’s Registration Form when hiring a certain product and/or service. The data collected varies according to the type of service contracted or registered in our channels. Examples of information collected are registration data (e.g. full name, cadastro de pessoa física “CPF” – equivalent to the US Social Security Number, e-mail, address, telephone, marital status); financial information (current account number, agency, income, investments).
- Personal Information provided by third parties: SMBCB may, in good faith, receive Personal Information from third parties, partners and service providers in order to be able to provide the services offered, as well as may collect data available from public sources or data manifestly made public by you.
- Data collected automatically: SMBCB may collect information automatically, including, but not limited to, access device characteristics, browser, IP address (date and time), IP source, click information, accessed pages. Such collection is performed using standard technologies, such as , Cookies. How we manage Cookies may be found in our Cookie Notice.
- For SMBCB to provide its services and offer its products, certain information must be collected. We process Personal Information of persons who has or had a relationship with SMBCB such as, customers, attorneys, employees, persons related to entities/companies that has or had a relationship with SMBCB, among others. Only the data strictly necessary for achieving the purposes of the processing of PI will be collected.
- With whom is the PI shared?
- It might be necessary to share your PI to achieve the purposes of the processing of your PI, and/or when needed to achieve the purposes of your relationship with SMBCB, for instance sharing for the rendering of services and products to you. Other non-exclusive situations, which sharing may occur are listed in the Notice at “To whom do we disclose your PI?”
- In case of international transfer of PI, SMBCB undertakes to adopt PI protection guarantees for such sharing and always respect the purposes set forth in this Addendum and/or in the processing itself, provided that applicable laws are duly observed
- How do we keep PI safe?
- Any PI held by SMBCB will be stored with the strictest security standards, which includes the adoption of certain security measures, including, but not limited to, protection against unauthorized accesses to our systems.
- Although SMBCB adopts the best efforts to preserve privacy and protect PI, no transmission of information is totally secure, and is always susceptible to technical failures, viruses, or similar actions. In the remote possibility of occurrence of such episodes, SMBCB will adopt all appropriate measures to remedy the consequences of the event, always ensuring due transparency to you.
- More information on how We protect your data can be found in our information security policy available at: Sumitomo Mitsui Banking Corporation - About Us (smbcgroup.com.br)
- How long is PI stored?
- We will retain your information in accordance with local regulatory and law requirements, our records retention schedules, and/or other contractual or legal obligations.
- We will retain your PI for the longer of: a) the period permitted by applicable law or regulation; or b) such other period necessary for us to meet the purpose of the processing of your PI; or c) when you request the deletion, except in the event where your PI needs to be kept by SMBCB in order to comply with a legal or regulatory obligation.
- What are the rights of the Data Subject and how can they be exercised?
- SMBCB, in compliance with the applicable laws and regulations, respects and guarantees the rights established by LGPD:
- Confirmation of the existence of processing;
- Access to data;
- Rectification of data
- Anonymization, blocking or deletion of unnecessary, excessive or processed data in violation of applicable laws;
- Data portability
- Erasure
- Obtaining information on the public or private entities with which the SMCBCB shares your PI;
- Objection
- Withdrawal of Consent.
- Your legal rights can be exercised upon a request to Our privacy office or directly through the following link Solicitação de direitos de titulares de dados (onetrust.com)
- SMBCB reserves the right, at its sole discretion, to modify at any time the provisions contained in this Addendum to the Notice, without prior notice to you.
- SMBCB, in compliance with the applicable laws and regulations, respects and guarantees the rights established by LGPD:
- Purpose
- California
- This California Privacy Notice supplements the information contained in our Privacy Notice and applies solely to California residents (“consumer” or “you”). Please note that this Notice does not apply to employees, contractors, or job applicants. If you are an employee, contractor, or job applicant, please refer to the notice we have made available to you.
- This Notice provides additional information about how we collect, use, disclose, and process personal information of California residents, online and offline, within the scope of the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”). This Notice also provides you with information about your rights under the CCPA.
- Unless otherwise expressly stated, all terms in this Notice have the same meaning as defined in our Privacy Notice or as otherwise defined in the CCPA.
- Personal Information We Collect
- Personal information is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
- In the last 12 months we have collected the following categories of personal information:
Category of Personal Information
Purpose for Collection, Use, & Disclosure of Personal Information
Identifiers, including your name, physical address, phone number, email address, or other similar identifiers
- Providing products and services
- Providing customer service and responding to requests
- Marketing and advertising our products
- Conducting data analysis and research
- Identifying and debugging errors that impair functionality
- Permissible short-term transient use
- Performing identity verification
- Improving products and services
- Auditing related to interaction with consumer
Personal information as defined in Cal. Civ. Code § 1798.80(e), such as contact information and financial information
- Providing products and services
- Providing customer service and responding to requests
- Marketing and advertising our products
- Conducting data analysis and research
- Performing identity verification
- Auditing related to interaction with consumer
Protected classifications under California or federal law, such as age, marital status, sex, and veteran or military status
- Providing products and services
- Providing customer service and responding to requests
- Conducting data analysis and research
- Performing identity verification
Commercial information, such as information about past transactions or purchases, and products or services of interest to you
- Providing products and services
- Providing customer service and responding to requests
- Marketing and advertising our products
- Conducting data analysis and research
- Permissible short-term transient use
- Performing identity verification
- Auditing related to interaction with consumer
Professional/Employment information, such as your employment history and current employer
- Providing products and services
- Marketing and advertising our products
- Permissible short-term transient use
- Performing identity verification
Internet or similar network activity information, such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement
- Marketing and advertising our products
- Conducting data analysis and research
- Identifying and debugging errors that impair functionality
- Permissible short-term transient use
Geolocation data, such as device location
- Marketing and advertising our products
- Conducting data analysis and research
- Identifying and debugging errors that impair functionality
- Permissible short-term transient use
Audio, electronic, visual, or similar information, such as call and video recordings
- Providing products and services
- Conducting data analysis and research
- Providing customer service and responding to requests
- Auditing related to interaction with consumer
Education information, such as education records and date of graduation
- Providing products and services
- Conducting data analysis and research
- Permissible short-term transient use
Inferences derived from another category of personal information, such as deriving products of interest from other personal information we have collected about you
- Providing products and services
- Marketing and advertising our products
- Conducting data analysis and research
The above categories of personal information may also be disclosed to prevent, detect, and investigate fraud, security breaches, violations of our policies, and potentially prohibited or illegal activities, and to comply with applicable laws, regulations, and other legal obligations.
- In addition to the above, we collect the following categories of sensitive personal information:
Category of Sensitive Personal Information
Purpose for Collection, Use, & Disclosure of Sensitive Personal Information
Information that reveals social security, driver’s license, state identification card, or passport number
- Providing products and services
- Providing customer service and responding to requests
- Performing identity verification
Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account
- Providing products and services
- Providing customer service and responding to requests
- Performing identity verification
- Identifying and debugging errors that impair functionality
A consumer’s precise geolocation
- Providing products and services
- Providing customer service and responding to requests
- Sources of Personal Information
- We collect personal information relating to California residents from the following sources:
- Directly from you, such as when you apply to open an account, engage in a transaction, visit our website, or engage with us on social media;
- Our affiliates, which are companies related to us by common ownership or control;
- Our business partners and service providers, such as marketing companies, information technology services companies, data providers, fraud prevention services, due diligence and investigatory services, and data analytics providers;
- Publicly available information, such as social media posts or other information you choose to make publicly available.
- We collect personal information relating to California residents from the following sources:
- Recipients of Personal Information
- described in the How We Share Personal Information section in our Privacy Notice, we disclose personal information within SMBC and with a variety of affiliates, service providers, and business partners for business purposes. Please review our Privacy Notice for more information.
- Your California Privacy Rights
- The Right to Know. You have the right to request any or all of the following information relating to the personal information we have collected about you or disclosed in the last 12 months:
- The categories of personal information we have collected about you.
- The categories of sources from which the personal information was collected.
- Our business or commercial purposes for collecting, and where applicable, selling or sharing your personal information.
- The categories of third parties to which we disclosed your personal information.
- The categories of personal information we sold or shared about you and the categories of third parties to which each category of personal information was sold or shared.
- The categories of personal information we disclosed about you for a business purpose and the categories of recipients to which it was disclosed.
- The specific pieces of personal information we have collected about you.
- The Right to Request Deletion of Personal Information. You have the right to request the deletion of personal information that we have collected from you, subject to certain exceptions.
- The Right to Opt Out of the Sale or Sharing of Personal Information. We do not engage in the sale or sharing of your personal information. If we decide to sell or share personal information in the future, we will update this Notice accordingly and provide a method of opting out of the sale or sharing.
- The Right to Correct Personal Information. You may request that we correct personal information that we maintain about you if you believe the information is inaccurate. We may request supporting documentation from you in connection with your request. You may also be able to correct certain personal information that we maintain about you by logging into your account.
- The Right to Limit the Use of Your Sensitive Personal Information. The CCPA grants individuals the right to limit the use and disclosure of their sensitive personal information to uses/disclosures that are reasonably necessary to provide goods and services, as needed to ensure security and integrity, to prevent fraud or illegal activity, for physical safety, for short-term, transient use, including for non-personalized advertising, to perform services on behalf of the business, to verify or maintain the quality or safety of a service controlled by the business, and to improve, upgrade, or enhance such services. Because we do not use nor disclose sensitive personal information to infer characteristics nor for other purposes not listed here, there is no need to submit a request to limit use and disclosure of your sensitive personal information.
- The Right to Non-Discrimination. You have the right not to receive discriminatory treatment for exercising any of the rights described above. However, please note that if the exercise of the rights described above limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products or services or engage with you in the same manner.
- The Right to Know. You have the right to request any or all of the following information relating to the personal information we have collected about you or disclosed in the last 12 months:
- How to Exercise Your CCPA Rights
- You may exercise these rights independently or through an authorized agent. Rights requests may be granted in whole, in part, or not at all, depending on applicable law. After verifying your identity, which may require us to request additional personal information from you or require you to log into your account, if you have one, we will notify you if we are able to fulfill your request. If we are unable to fulfill your request, we will outline the reasons why.
- To exercise your rights to your personal information see the following options:
- visit our Portal or
- call (833) 994-2093.
- Retention of Personal Information
- We retain personal information in compliance with our records retention schedule and for as long as needed based on the purpose(s) for which it was obtained and consistent with applicable law.
- The criteria used to determine our retention periods include:
- whether the information is necessary to manage our business, manage your relationship with us, or satisfy the purpose for which the information was collected,
- whether there is a legal obligation we are subject to (for example, certain laws require the retention of records related to certain transactions for a certain period),
- whether we are subject to a contractual obligation, or
- whether the information is reasonably required to protect or defend our legal rights or property (e.g., due to statutes of limitation, litigation, or regulatory investigations).
- Please note that your personal information may be used for more than one purpose and may be subject to different retention periods.
- Updates to this Notice
- Please note that your personal information may be used for more than one purpose and may be subject to different retention periods.
- Contact Us
- If you have any questions in connection with this Notice or other privacy-related matters, please contact us by emailing: SMBCPrivacy@smbcgroup.com.
- Or calling (833) 994-2093
- This California Privacy Notice supplements the information contained in our Privacy Notice and applies solely to California residents (“consumer” or “you”). Please note that this Notice does not apply to employees, contractors, or job applicants. If you are an employee, contractor, or job applicant, please refer to the notice we have made available to you.
- Canada
- Application
This Appendix supplements the Notice and applies to the collection, use, disclosure, and retention of personal data by SMBC Canada Branch and its Canadian affiliates. Except as noted below, nothing in this Canada-specific section changes or modifies this Notice. In case of conflict between the Notice and this Canada-specific section, the terms of the Canada-specific section shall prevail. - Canada Accountability
Sumitomo Mitsui Banking Corporation, Canada Branch (as follows, “SMBC Canada”, “The Bank”, “we” or “us”) collects Personal Information about individual clients and the authorized signatories, employees, directors, officers, and beneficial owners of entities that are clients (“you” or “your”). This information may be provided directly by the individual or by the entity that is the client.
The purpose of this Appendix is to provide additional details with respect to the type of Personal Information that we collect, use, and disclose. This Appendix is based on the Personal Information Protection and Electronic Documents Act and applies to any Personal Information we collect or receive about you, from any source. We are committed to keep your Personal Information accurate, confidential, secure and private.
SMBC Canada is accountable for all Personal Information in its possession or control, including any Personal Information transferred to third parties for processing. SMBC Canada has established policies and procedures to comply with the Notice and this Appendix and has designated one or more persons accountable for compliance. Senior Management of SMBC Canada will have ultimate accountability for protection of Personal Information. - What is Personal Information?
“Personal Information” is any information that is identifiable with you. This information may include but is not limited to your name (including name in a foreign language), date of birth, mailing address, email address, passport number or driver license number. - How Do We Collect Your Personal Information?
We will collect Personal Information by fair and lawful means. We collect Personal Information from you directly, through your company’s representative, from third party service providers, or from other groups or companies as permitted by law. - Your Consent
Your provision of Personal Information (expressly, implicitly or through an authorized representative) to the Bank means that you agree and consent that we may collect, use, and disclose your Personal Information in accordance with this Privacy Statement. The Bank will collect, use, or disclose Personal Information without an individual's consent only in limited circumstances as permitted by law.
Subject to certain legal and contractual restrictions and reasonable notice, you may refuse or withdraw your consent at any time by contacting your relationship manager at the Bank. If you choose not to provide us with any required Personal Information, we may not be able to provide product or service you request. - Disclosing Your Personal Information
In addition, to the section on disclosure of Personal Information discussed in the Notice above, please note that there are circumstances where the use and/or disclosure of Personal Information may be justified or permitted or where the Bank is obliged to disclose information without consent. Such circumstances may include:- Where required by law or by order or requirement of a court, administrative agency or governmental tribunal;
- Where the Bank believes, upon reasonable grounds, that it is necessary to protect the rights, privacy, safety or property of an identifiable person or group;
- Where it is necessary to permit the Bank to pursue available remedies or limit any damages that we may sustain; or
- Where obliged or permitted to disclose information without consent, the Bank will not disclose more information than is required.
- Accuracy and Retention of Your Personal Information
We will ensure that your Personal Information is kept as accurate and complete as is necessary for the purposes for which it is to be used. We will not routinely update your Personal Information, unless such a process is necessary. We expect you, from time to time, to supply us with written updates to your Personal Information, when required.
We keep your Personal Information only as long as it is required for the reasons it was collected. When your Personal Information is no longer required for the Bank's purposes, we have procedures to destroy or delete them. Currently, we keep the Personal Information that we collect at our Office at 222 Bay Street, Suite 1400, Toronto, Ontario, Canada.
We may retain anonymized information for statistical purposes after the information is no longer required for the purposes for which it was originally collected. - Access to Your Personal Information
The Bank permits the reasonable right of access and review of Personal Information the Bank has collected about an individual and will endeavor to provide the information in question within a reasonable time and no later than 30 days following a written request from a client of the Bank. To guard against fraudulent requests for access, we may require sufficient information to allow it to confirm that the person making the request is authorized to do so before granting access. We will make such Personal Information available to you in a form that is generally understandable.
The Bank reserves the right to decline to provide access to Personal Information where the information requested:- Is subject to solicitor-client or litigation privilege;
- not exist, is not held, or cannot be found by the Bank;
- May harm or interfere with law enforcement activities and other investigative or regulatory functions of a body authorized by law to perform such functions.
- Resolving Your Privacy Concerns
If you have questions or concerns regarding your Personal Information or SMBC’s Privacy Policy, such concerns should be forwarded to our Privacy Officer as follows:
In writing:
Privacy Officer
222 Bay Street, Suite 1400, P.O. Box 172
Toronto, Ontario, M5K 1H6
By telephone or email:
Telephone: 416-216-8986
Email: smbcc_compliance@smbcgroup.com
If your concern remains unresolved after contacting our Privacy Officer, you may contact the Office of the Privacy Commissioner of Canada.
- Application
- Cayman Islands
- To the extent an SMBC entity (“we”) is (1) established in the Cayman Islands and (2) is a controller of your personal data in the context of that establishment, the DPL will apply and those individuals who data is processed will be afforded rights under the DPL.
- The framework and application of the DPL is similar to that of the European General Data Protection Regulation, and accordingly the provisions of the Data Protection Notice broadly apply. In particular, your rights under the DPL are analogous to those listed in section 2 (How can you exercise your rights in the context of our personal data processing?). International data transfers will be subject to the same safeguards as those summarized in section 7 (International transfers of personal data).
- The competent supervisory authority for purposes of the DPL is the Ombudsman of the Cayman Islands.
- Should you have any questions in respect of the application of the DPL please write to smbcprivacy@smbcgroup.com.
- Mexico
- RESPONSABLE
SMBC, S.A.P.I. de C.V., SOFOM, E.N.R. (en lo sucesivo, “SMBC SOFOM”) con domicilio en Torre Virreyes - Pedregal No. 24, Piso 5, Int.502-A, Col. Molino del Rey, Delegación Miguel Hidalgo, Ciudad de México, C.P. 11040 al momento de recabar sus datos personales, es responsable del uso y protección de los mismos.
- DATOS PERSONALES
SMBC SOFOM recabará de Usted (en adelante el "Titular") los siguientes datos personales en su calidad de accionista de uno de nuestros clientes: (i) Datos de Contacto; (ii) Datos de Identificación; (iii) Datos de Localización; (iv) Datos Laborales; y (v) Datos Patrimoniales, según aplique.
- DATOS PERSONALES SENSIBLES
SMBC SOFOM no recaba ningún tipo de datos personales sensibles del Titular. Por datos personales sensibles debemos entender de conformidad con la Ley Federal de Protección de Datos Personales en Posesión de los Particulares (la “Ley”), aquellos datos personales que afecten la esfera más íntima de su Titular, o cuya utilización indebida pueda dar origen a discriminación o conlleve un riesgo grave para éste. En particular, se consideran sensibles aquellos que puedan revelar aspectos como origen racial o étnico, estado de salud presente y futuro, información genética, creencias religiosas, filosóficas y morales, afiliación sindical, opiniones políticas o preferencia sexual.
- MEDIOS DE OBTENCIÓN Y ACTUALIZACIÓN
Los datos personales serán obtenidos observando siempre el cumplimiento de los principios de licitud, consentimiento, información, calidad, finalidad, lealtad, proporcionalidad y responsabilidad. Dichos datos serán contenidos en bases de datos pertinentes y actualizadas a través de:
- Medios locales
- Remotos o electrónicos,
- Ópticos, o
- Mediante el uso de otras tecnologías que permitan recabar los datos de forma automática o simultánea al momento en que el Titular contacte a SMBC SOFOM.
- FINALIDADES DEL TRATAMIENTO
El tratamiento de datos personales únicamente se limitará al cumplimiento de las finalidades previstas en este apartado. Por esto mismo, el tratamiento de datos personales será exclusivamente el que resulte necesario, adecuado y relevante en relación con las finalidades previstas en este apartado.
- Las finalidades primarias que dan origen y son necesarias para el mantenimiento y cumplimiento de la relación jurídica entre SMBC SOFOM y el Titular son las siguientes:
- Llevar a cabo la identificación y conocimiento del Titular, así como la integración de su expediente;
- En su caso, incorporar sus datos en los instrumentos jurídicos necesarios para la formalización de los contratos que el cliente del cual Usted es accionista o representante, pretende celebrar con SMBC SOFOM;
- Ceder o transmitir a un tercero, mediante cualquier medio, los derechos y/u obligaciones derivadas de los contratos antes señalados;
- Utilizar los datos personales, en cualquier tipo de acto o diligencia de cobranza judicial o extrajudicial, y
- Cumplir con todas las leyes, reglamentos y disposiciones de carácter general aplicables.
- Las finalidades secundarias que no son necesarias para el mantenimiento y cumplimiento de la relación jurídica entre SMBC SOFOM y el Titular, son las siguientes:
- Envío de noticias, invitaciones a eventos de SMBC SOFOM y de SUMITOMO MITSUI BANKING CORPORATION y/o sus subsidiarias y filiales.
- Encuestas para mejorar nuestro servicio.
- La mercadotecnia, publicidad y/o promoción de los productos y/o servicios que sean ofrecidos por SMBC SOFOM al Titular, por cualquier medio material y/o electrónico.
- Por favor indicar si Usted desea y autoriza que sus datos sean tratados para finalidades secundarias. SI □ NO □
- Las finalidades primarias que dan origen y son necesarias para el mantenimiento y cumplimiento de la relación jurídica entre SMBC SOFOM y el Titular son las siguientes:
- TRANSFERENCIA DE DATOS
Los datos personales del Titular se transferirán a nivel nacional e internacional, a las personas o entidades ubicadas en los siguientes tipos, categorías o sectores, quienes asumirán las mismas obligaciones que le corresponden a SMBC SOFOM. Dicha transferencia de datos se hará exclusivamente con las siguientes finalidades:
- SUMITOMO MITSUI BANKING CORPORATION, a otras sociedades controladoras, subsidiarias o afiliadas bajo el control común de SMBC SOFOM, o a una sociedad matriz o a cualquier sociedad del mismo grupo de SMBC SOFOM, que operen bajo los mismos procesos y políticas internas, con la finalidad de:
- Llevar a cabo la identificación y conocimiento del Titular, así como la integración de su expediente;
- En su caso, incorporar sus datos en los instrumentos jurídicos necesarios para la formalización de los contratos que el cliente del cual Usted es accionista o representante, pretende celebrar con SMBC SOFOM;
- Ceder o transmitir a un tercero, mediante cualquier medio, los derechos y/u obligaciones derivadas de los contratos antes señalados, siempre y cuando dicho contrato sea en interés del Titular;
- Utilizar los datos personales, en cualquier tipo de acto o diligencia de cobranza judicial o extrajudicial,
- Cumplir con todas las leyes, reglamentos y disposiciones de carácter general aplicables; y
- Compartirlo a las autoridades nacionales y extranjeras competentes, con la finalidad de dar cumplimiento a alguna ley, reglamento o disposición legal aplicable.
- Cualquier otra transferencia permitida conforme a la Ley.
- Por favor indicar si Usted autoriza que sus datos puedan ser transferidos en términos de la sección anterior. SI □ NO □
Por favor considerar que no será necesario tener su consentimiento para llevar a cabo: (i) la transferencia indicada en el inciso A. de la sección anterior, por encontrarse en el supuesto establecido en la fracción III del artículo 37 de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares y (ii) aquellas transferencias que se encuentren dentro de los supuestos establecidos en el Artículo 37 de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares.
- SUMITOMO MITSUI BANKING CORPORATION, a otras sociedades controladoras, subsidiarias o afiliadas bajo el control común de SMBC SOFOM, o a una sociedad matriz o a cualquier sociedad del mismo grupo de SMBC SOFOM, que operen bajo los mismos procesos y políticas internas, con la finalidad de:
- DERECHOS “ARCO”
Si en cualquier momento el Titular por sí o mediante su representante legal debidamente autorizado, desea ejercer sus derechos de acceso, rectificación, cancelación u oposición al tratamiento de sus datos personales (los “Derechos ARCO”) podrá solicitar un formato para ejercer dichos derechos, a través de cualquiera de los siguientes medios:
- Asistir personalmente al “Departamento de Protección de Datos Personales” con domicilio en Torre Virreyes - Pedregal No. 24, Piso 5, Int.502-A, Col. Molino del Rey, Delegación Miguel Hidalgo, Ciudad de México, C.P. 11040 teléfonos 2623 1411 y, en un horario de atención de lunes a viernes de [9:00 a 14:00 horas y de 16:00 a 19:00] horas; o
- Mediante el envío de un correo electrónico a la dirección anabel_castañeda@smbcsofom.com, a la atención de Departamento de “Protección de Datos Personales” con el nombre y los datos de contacto del Titular.
- El formato de ejercicio de Derechos ARCO se deberá llenar, firmar y presentarse acompañado de la siguiente documentación, a fin de que pueda llevarse a cabo la autenticación del Titular:
- Identificación oficial vigente del Titular (Credencial del Instituto Nacional Electoral, Pasaporte, Cartilla del servicio Militar Nacional o Cédula Profesional).
- En los casos en que el ejercicio de los Derechos ARCO se realice a través del representante legal del Titular, deberá acompañarse la identificación oficial del representante, así como el poder correspondiente protocolizado que acredite la representación legal conferida por el Titular.
- Un comprobante de domicilio o cualquier otro medio para comunicarle la respuesta de su solicitud al Titular.
- La descripción clara y precisa de los datos personales respecto del derecho que se pretende ejercer. Es especialmente importante que cuando se ejerza el derecho de rectificación, se exhiba la documentación que acredite el cambio solicitado de acuerdo con los datos personales a rectificar.
- SMBC SOFOM responderá a dicho formato después de 20 (veinte) días hábiles contados a partir de la fecha en que fue recibida dicha solicitud. La resolución adoptada por SMBC SOFOM será comunicada al Titular a través de las opciones elegidas por éste en el formato de ejercicio de Derechos ARCO. Asimismo, en caso de que dicha resolución sea procedente, SMBC SOFOM la hará efectiva en un plazo de 15 (quince) días siguientes a la fecha en que se comunica la respuesta. Es menester mencionar que dichos plazos podrán ser ampliados en una única ocasión y sólo por un periodo igual, siempre y cuando así lo justifiquen las circunstancias del caso, previa notificación al Titular.
En caso de que Usted desee revocar su consentimiento o negarse al tratamiento de sus datos personales para las finalidades Secundarias, con posterioridad a la firma del presente Aviso de Privacidad, deberá acudir al Departamento de Protección de Datos Personales o enviar un correo electrónico a la dirección indicada en la sección anterior. Tratándose de datos personales que no se hubieren recabado directamente del Titular, éste tendrá 5 (cinco) días hábiles para manifestar su negativa al tratamiento de sus datos personales.
- MEDIOS PARA LIMITAR EL USO Y DIVULGACIÓN DE LOS DATOS PERSONALES
SMBC SOFOM ha creado un listado de exclusión para personas que no deseen recibir publicidad o información de SMBC SOFOM mediante el cual Usted podrá limitar el uso de sus datos personales. Si Usted recibe publicidad o información de SMBC SOFOM y no desea seguir recibiéndola, podrá enviar un correo electrónico con su nombre completo a anabel_castañeda@smbcsofom.com, solicitando su eliminación de la lista de distribución con base en la cual se lleva a cabo el envío de la información o publicidad. En el mismo correo electrónico podrá solicitar más datos acerca de este listado.
Adicionalmente, el Titular podrá inscribirse en el Registro Público de Usuarios conforme a la Ley de Protección y Defensa al Usuario de Servicios Financieros con la finalidad de limitar el uso y divulgación de sus datos personales. Este registro (REUS), permite que el Titular se inscriba en una base de datos a fin de restringir llamadas promocionales o correos electrónicos, buscando mantener a salvo su privacidad y evitar las molestias que causan estas llamadas o envío de información. El Titular podrá registrarse al REUS a través de los medios que se establecen en la siguiente página de Internet: www.condusef.gob.mx.
- CAMBIOS AL AVISO DE PRIVACIDAD
El presente aviso de privacidad se pondrá a disposición del Titular a través de formatos impresos, digitales y visuales, y estará disponible para su consulta en la página de internet de SMBC SOFOM https://www.smbcgroup.com/disclosures#SOFOM. De igual forma, las modificaciones que se hagan al presente aviso de privacidad, serán enviadas al Titular por dichos medios.
Se toma nota de que el presente aviso de privacidad se transcribe en idioma inglés y español, en el entendido de que, en caso de cualquier controversia sobre su interpretación, la versión en español prevalecerá.
Al firmar el presente aviso de privacidad, el Titular consiente que sus datos personales sean tratados por SMBC SOFOM conformidad con lo previsto en el presente aviso de privacidad, destinados para las finalidades indicadas en el presente y transferidos a los terceros establecidos aquí establecidos
- DATA CONTROLLER
SMBC, S.A.P.I. de C.V., SOFOM, E.N.R. (hereinafter, “SMBC SOFOM”) with legal domicile in Torre Virreyes - Pedregal No. 24, Piso 5, Int.502-A, Col. Molino del Rey, Delegación Miguel Hidalgo, Ciudad de México, C.P. 11040, when collecting your personal data, is responsible for its use and protection.
- PERSONAL DATA
SMBC SOFOM shall collect from You (hereinafter the “Data Subject”) the following personal data as shareholder of one of our clients: (i) Contact Data; (ii) Identification Data; (iii) Location Data; (iv) Employment Data; and (v) Economic Data, as applicable.
- SENSITIVE PERSONAL DATA
SMBC SOFOM doesn’t collect any sort of sensitive data from the Data Subject. By sensitive personal data we may understand any personal data that intrudes the most intimate circle of the Data Subject or that if used inappropriately, it could lead to discrimination or severe risk for the Data Subject in accordance to the Mexican Data Privacy Law (the “Law”). It is considered particularly sensible all data that could reveal racial or ethnic origin, present or future health conditions, genetic information, religious, philosophical, or moral beliefs, trade union membership, political opinions or sexual preference.
- COLLECTING MEANS AND UPDATE
The personal data will be collected while always observing the fulfilment of principles such as lawfulness, consent, information, quality, finality, proportionality, and responsibility. Personal data will be collected in proper and updated databases by:
- Local Means;
- Remote or electronic;
- Optical; or
- Other technologies which allow to gather the data automatically or at the same time the Data Subject contacts SMBC SOFOM
- PROCESSING PURPOSES
The processing of personal data will constringe exclusively to the fulfilment of the purposes foreseen in this section. Therefore, the processing of personal data will exclusively be the one that results necessary, adequate and relevant in terms with the purposes listed in this section.
- The primary purposes, which originate and are necessary, to maintain and comply the legal relationship between SMBC SOFOM and the Data Subject, are the following:
- Identify the Data Subject and integrate his file;
- Incorporate data on legal instruments to formalize the agreements, in which the client you represent or from whom you are shareholder, pretends to contract with SMBC SOFOM, if applicable;
- Assign or transfer to a third party, by any means, rights and/or obligations derived from said contracts;
- Use the personal data, in any action or procedure for judicial or extrajudicial recovery; and
- Comply with all applicable laws, regulations and general dispositions.
- The secondary purposes that aren’t necessary for the maintenance and fulfilment of the legal relationship between SMBC SOFOM and the Data Subject, are the following:
- Delivery of news, invitations to SMBC SOFOM and SUMITOMO MITSUI BANKING CORPORATION’s events and/or its’ subsidiaries.
- Surveys for improving our services.
- Publicity, marketing and/or product advertising, and/or services offered by SMBC SOFOM to the Data Subject, by any material or electronic mean.
- Please indicate whether You wish and authorize the use of your data for the listed secondary purposes. YES □ NO □
- The primary purposes, which originate and are necessary, to maintain and comply the legal relationship between SMBC SOFOM and the Data Subject, are the following:
- DATA TRANSFERS
The personal data of the Data Subject shall be transferred in a national and international level, to individuals or entities located within the following types, categories or sectors, who will assume the same obligations that SMBC SOFOM has. Said data transfer will be done exclusively with the following purposes:
- To SUMITOMO MITSUI BANKING CORPORATION, to other parent companies, subsidiaries or affiliates under the control of SMBC SOFOM, or to other holding companies or any corporation belonging to the SMBC SOFOM group that operates under the same internal procedures and policies, with the purpose of:
- Identify the Data Subject and integrate his file.
- Incorporate data on legal instruments to formalize the agreements, in which the client you represent or from whom you are shareholder, pretends to contract with SMBC SOFOM, if applicable;
- Assign or transfer to a third party, by any means, rights and/or obligations derived from said contracts, provided that it is in the interest of the Data Subject;
- Use the personal data, in any action or procedure for judicial or extrajudicial recovery;
- Comply with all applicable laws, regulations and general dispositions; and
- Share it with national and international authorities to fulfil any law, regulation or legal disposition, if appliable.
- Any other permitted transfer pursuant to Law.
- Please indicate if You authorize the transference of your personal data upon the aforementioned section. YES □ NO □
Please consider that your consent shall not be needed to carry out: (i) the transfer described in the aforementioned section A., because is the hypothesis provided by the section III of article 37 of the Federal Law on Protection of Personal Data Held by Private Parties and (ii) those transferences within the hypothesis provided by the article 37 of the Federal Law on Protection of Personal Data Held by Private Parties.
- To SUMITOMO MITSUI BANKING CORPORATION, to other parent companies, subsidiaries or affiliates under the control of SMBC SOFOM, or to other holding companies or any corporation belonging to the SMBC SOFOM group that operates under the same internal procedures and policies, with the purpose of:
- ARCO RIGHTS
If at any moment the Data Subject by himself or through a legal representative duly authorized, wishes to exercise his rights to access, rectification, cancelation or opposition to process his personal data (the “ARCO Rights”), he might request a format to exercise such rights by any of the following means:
- Asist personally to the “Personal Data Protection Department” domiciled in Torre Virreyes - Pedregal No. 24, Piso 5, Int.502-A, Col. Molino del Rey, Delegación Miguel Hidalgo, Ciudad de México, C.P. 11040, phone 2623 1411 within the following operating hours: Monday to Friday from [9:00 to 14:00 and 16:00 to 19:00] hours; or
- Via e-mail to anabel_castañeda@smbcsofom.com, addressed to the “Personal Data Protection Department”, with the name and contact data of the Data Subject.
The format to exercise of ARCO Rights shall be filled out, signed and filed along with the following documents in order to authenticate the Data Subject:
- Official and valid ID of the Data Subject (INE credential, Passport, Military Service Document or Professional Certificate).
- In case of exercising the ARCO Rights is done through the legal representative of the Data Subject, you shall provide the official ID of the representative along with the notarized power of attorney which acknowledges the legal of the Data Subject.
- A proof of residency or any other means to communicate the response to the Data Subject’s request.
- The clear and previse description of the personal data according to the ARCO Right wished to claim. It is especially important when exercising the rectification, to include documentation which proofs the modification requested according to the personal data that wants to be rectified.
SMBC SOFOM shall reply to such form 20 (twenty) business days following the date in which the form was received. The resolution adopted by SMBC SOFOM shall be notified to the Data Subject by means elected by the Data Subject in the form for the exercise of ARCO Rights. In case the resolution adopted is proceeding, SMBC SOFOM will make it effective in the following 15 (fifteen) days to the date in which the resolution is notified. It’s important to mention that these time frames may be extended only once and in the same time period when and if the circumstances justify it, with previous notification of the Data Subject.
In the case You wish to revoke your consent or refuse to the process of your personal data for the Secondary Purposes, after this Privacy Notice is signed, You shall go to the Personal Data Protection Department or send an e-mail to the aforementioned address. Regarding personal data not collected directly from the Data Subject, he shall have 5 (five) business days to refuse to the process of his personal data.
- MEANS TO LIMIT THE USE AND DISCLOSURE OF PERSONAL DATA
SMBC SOFOM has created an exclusion list for individuals that do not wish to receive advertisement or information from SMBC SOFOM, by means of which You could limit the use of your personal data. If You receive advertisement or information from SMBC SOFOM and You don’t want to keep receiving it, You shall send an e-mail with your full name to anabel_castañeda@smbcsofom.com, requesting your elimination from said list. Through that same e-mail You might ask for more information regarding said list.
Additionally, the Data Subject can register in the Public Registry of Users provided by the Federal Law on Protection and Defense of the User of Financial Services with the purpose of limiting the use and disclosure of his personal data. This Registry (REUS), allows to the Data Subject to register in a database to limit promotional calls or e-mails, seeking to maintain the safety of his privacy and avoid the troubles caused by said calls or e-mails. The Data Subject shall be able to register to the REUS through the process established in the following website: http://www.condusef.gob.mx/
- CHANGES TO THE PRIVACY NOTICE
This privacy notice will be made available to the Data Subject through printed, digital and visual formats, and will be available at SMBC SOFOM’s web page https://www.smbcgroup.com/disclosures#SOFOM. Likewise, the amendments made to this privacy notice will be sent to the Data Subject by said means.
It is hereby noted that this privacy notice is made in Spanish and English, on the understanding that, in the event of any controversy arising from their interpretation, the Spanish version shall prevail.
By singing this privacy notice, the Data Subject consents that his personal data shall be processed by SMBC SOFOM, as provided by privacy notice, intended for the purposes aforementioned and transferred only to the third parties provided herein.