Privacy Policy

We, SBI Digital Asset Holdings Co., Ltd. (hereinafter referred to as the “Company,” “we,” “our,” or “us” )are the company with a vision “to be a pioneer in digital assets and a global partner to the financial industry making full use of digital technology.” Our mission is to serve the interests of our customers by leveraging our extensive network to transform the value chain of financial markets through digital technology in cooperation with authorities. In order to achieve this, we consider the protection of personal information handled by the Company to be one of the highest management priorities in our business operation and have established the following “Personal Information Protection Policy (Privacy Policy)” as a policy for all officers and employees to handle, manage, and protect personal information in an appropriate manner.

*Note that the term, “Personal Information” in this policy includes, in addition to “personal information,” “retained personal data,” “anonymized personal information,” “pseudonymized personal information,” and “Specific Personal Information,” and so on.

  1. Purpose of Personal Information Protection
    The Company will ensure the “confidentiality,” “integrity,” and “availability” of the stored data concerning Personal Information held by the Company, and may delete or correct (hereinafter referred to as “Retained Personal Data”), and protect it from various threats (hereinafter referred to as “Personal Information Protection”). For this purpose, we will not only comply with laws and regulations, but also ensure a high level of security in order to contribute to the interests of our customers and stakeholders, taking into consideration ethical and social requirements and the latest trends in the handling of such information.
  2. Initiatives by the Board of Directors and Management
    Under the supervision of the board of directors, and under the initiative of the management, the Company will systematically and continuously implement measures for Personal Information Protection and strive to improve and enhance such measures.
  3. Establishment of a Personal Information Protection System
    The Company has established a Personal Information Protection system by appointing a person responsible for handling Personal Information (hereinafter referred to as the “Manager Responsible for Personal Information Protection”). We have clarified the Personal Information to be handled, and put in place a system for reporting to the Manager Responsible for Personal Information Protection when any fact or sign of violation of laws, regulations, or internal rules is detected. In addition, in order to protect and appropriately manage Personal Information, the Manager Responsible for Personal Information Protection has developed the “Proper Handling of Personal Information” as an integral part of this basic policy. In order to maintain and sustain our efforts at Personal Information Protection and to respond to changes in the internal and external environment, including the business environment and social conditions, we apply a management system for the Personal Information Protection (Personal Information Protection Management System) to all of our business operations.
  4. Compliance with Legal Requirements
    The Company will comply with all applicable laws, regulations, national guidelines, and other standards regarding the handling of Personal Information retained by the Company.
  5. Maintenance of Internal Rules, Etc.
    In order to protect and appropriately manage Personal Information, the Company has established regulations and standards, etc. regarding the Personal Information Protection based on the preceding articles and relevant domestic and international standards and criteria, technical trends, and stakeholders’ requests, etc., and will ensure that all the persons engaged in our business will be fully aware of and will comply with them. Moreover, we have separately established “Specific Personal Information Handling Rules” for the handling of Specific Personal Information, etc.
  6. Specification of Purpose of Use
    When acquiring Personal Information, the Company will limit the scope of use to the extent necessary for business activities, specify the purpose of its use as much as possible, acquire the information appropriately through legal and fair means to the extent necessary to achieve the purpose, and will not use it for any purpose other than the purpose of use (hereinafter referred to as the “Unauthorized Use”) in addition to taking necessary measures to ensure that the information will not be used for unintended purpose. Furthermore, except as otherwise provided by law or regulation, the Company will not handle Personal Information or provide such information to any third party beyond the scope necessary to achieve the specified purpose of use without obtaining the prior consent of the person who provided such information.
    *For details about “Purpose of Use,” “Method of Acquisition,” and “Provision and Disclosure to Third Parties,” please refer to “Proper Handling of Personal Information.
  7. Responding to Incidents
    The Company will choose and conduct the proper response that will contribute to prevent and correct the unauthorized access to, or loss, destruction, falsification, or leakage, etc. of Personal Information.
  8. Implementation of Outsourced Contractor Management
    When the Company outsources the handling of Personal Information to our partner company, we will single out a partner company that meets our prescribed standards for selecting outsourced contractors and will minimize the necessary amount of Personal Information to be outsourced to achieve the purpose of use, ensuring that such information will be managed appropriately.
  9. Implementation of Safety Control Measures
    In order to prevent leakage, loss, or damage of Personal Information and to properly manage Personal Information, the Company will take safety management measures such as clarification of employee responsibilities, development of internal rules, education and training of employees, and physical and technical measures to prevent information leakage and other accidents. We implement access control in accordance with the “Need to Know” principle, and limit the number of people in charge and the scope of Personal Information they handle.
  10. Responding to the Exercise of the Right as a Person Concerned
    The Company has established a point of contact for complaints, consultation, disclosure, correction, addition, deletion, etc., regarding the Personal Information of the person concerned, and will respond to any such inquiries without delay.
    *For details, please refer to “Proper Handling of Personal Information.”
  11. Regular Review and Continuous Improvement
    In order to maintain and sustain our efforts at Personal Information Protection and to respond to changes in the internal and external environment, such as the business environment and social conditions, the Company strives to continuously improve by regularly reviewing the content and implementation status, etc. of management measures, including the management system and internal rules, etc. regarding the Personal Information Protection(Personal Information Protection Management System).

Fernando Luis Vázquez Cao (CEO of the Company)
Manager Responsible for Personal Information Protection
SBI Digital Asset Holdings Co., Ltd.

Enacted on: April 1, 2020
Last revised on: June 1, 2024

For complaints, consultation, disclosure, or other inquiries regarding our Privacy Policy or Personal Information Protection, please e-mail to: ga@sbidah.com