Privacy Policy

GDPR Global Privacy Policy

Nippon Export and Investment Insurance Co., Ltd. (hereinafter referred to as "NEXI") and its overseas offices listed in the Annex ("Overseas Offices") understand the importance of protecting personal data. NEXI and its Overseas Offices process personal data in compliance with this Privacy Policy and relevant legislations, in particular the European General Data Protection Regulation (hereinafter referred to as "GDPR").

This Privacy Policy provides information about the processing of personal data of NEXI and its Overseas Offices. This Privacy Policy applies with respect to the processing of personal data of NEXI customers (broadly including persons who have a business relationship with NEXI, such as counterparties to insured transactions as the purpose of insurance) subject to the GDPR (hereinafter, "Customer Personal Data").

Please note that the terms used in this Privacy Policy, such as "personal data" and "process (processing)", are defined in Article 4 of the GDPR.

1. Legal basis for Processing Customer Personal Data

NEXI and its Overseas Offices process Customer Personal Data for certain purposes, as such processing is necessary in the pursuit of the legitimate interests of NEXI and its Overseas Offices. The legal basis for the processing of Customer Personal Data in this case is pursuant to Article 6.1 (f) of the GDPR.

Specifically, for the purposes of (1) fronting, (2) underwriting services such as consultation on various issues and consultation on terms and conditions regarding insurance agreement, (3) examination of underwriting pertaining to insurance agreement applications (including environmental examination), (4) management of various issues, (5) management and collection of claims and liabilities held by NEXI or customers, (6) participation in various international meetings, (7) reinsurance agreement services, (8) registration of insured companies, (9) holding various seminars, and (10) sending e-mail newsletters, NEXI and its Overseas Offices collect and process personal data such as name, telephone number, address, e-mail address, fax number, company (institution) or department to which customers belong, title/status, and other information necessary for the solicitation, provision, maintenance, and management of NEXI products and services.

In doing so, NEXI may obtain personal data directly from customers and indirectly from third parties. Specifically, for each of the above purposes, NEXI and its Overseas Offices may obtain such personal data from Export Credit Agency ("ECA" refers to public organizations and the like established by governments of different countries for the purpose of trade insurance, guarantees, trade finance, etc. for the promotion of their exports and foreign investments), and international organizations ((2), (3), (4), (5), (6), (7) and (9) above), the International Union of Credit & Investment Insurers (BU) and OECD ((2), (3), (4), (6) and (9) above), sponsors, borrowers, lawyers, financial institutions, consultants and other project-related persons ((2), (3), (4) and (5) above), private insurance companies ((7) above), original non-life insurance companies ((7) above), reinsurance brokers ((7) above), reinsurers ((7) above), NEXI customers ((2), (3), (4), (5) and (8) above) and research companies ((5) and (8) above).

In addition, personal data such as name, telephone number, address, email address, fax number, company (institution) or department to which customers belong, and title/status may be obtained directly or through ECA, private insurance companies, government agencies, Paris Club Secretariat, NEXI customers, servicers, and original non-life insurance companies and external investigative agencies in order to contact relevant parties in the execution of the above services described in (1) through (10).

2. Entities Collecting Customer Personal Data

NEXI and its Overseas Offices obtain Customer Personal Data directly from customers. They also obtain Customer Personal Data indirectly from third parties.

3. Share and Disclose of Customer Personal Data

NEXI and its Overseas Offices will disclose Customer Personal Data that they collected to the following third parties for the purposes described in this Privacy Policy:

  1. service providers
  2. counterparties to reinsurance agreements
  3. organizations and groups that are jointly in charge of projects, etc.
  4. relevant government offices.

In addition, NEXI and its Overseas Offices will share and disclose Customer Personal Data to third parties (including, but not limited to, servicers involved in the collection of claims held by NEXI) to whom they have contracted services, only to the extent necessary to perform the contracted services. In such a case, NEXI and its Overseas Offices carefully select the third party service provider, will enter into necessary data processing agreements between NEXI and its Overseas Offices, and third party service provider, which allows regular monitoring of the processing of Customer Personal Data.

In connection with the above sharing and disclosure NEXI and its Overseas Offices may transfer Customer Personal Data to Japan which is outside the EU, or other countries which are outside the EU.

Of these transfers, when NEXI and its Overseas Offices transfer Customer Personal Data from within the EU to Japan, they will do so on the basis of mutual adequacy arrangement between Japan and the European Union.

In contrast, when NEXI and its Overseas Offices transfer Customer Personal Data to countries outside the EU other than Japan, NEXI and its Overseas Offices will take appropriate security measures by entering into a data processing agreement including standard contractual terms approved by the European Commission with the party to whom such personal data is transferred.

4. Retention Period of Customer Personal Data

NEXI and its Overseas Offices retain Customer Personal Data only as long as is necessary to achieve the purpose of processing or as otherwise required by laws. Therefore, Customer Personal Data will be deleted when it is no longer necessary to be retained for the purposes for which it is processed, or when the legal retention period has expired.

5. Security Management Measures for the Protection of Customer Personal Data

NEXI and its Overseas Offices will take the necessary security management measures to protect Customer Personal Data from unauthorized access, loss, misuse or destruction.

6. Customers' Rights

With respect to Customer Personal Data collected by NEXI and its Overseas Offices, Customers have the following rights in accordance with the provisions of the GDPR:

(1) Right to Request Information on the Processing of Customer Personal Data (Articles 13 and 14 of the GDPR)

(2) Right to Access Customer Personal Data (Article 15 of the GDPR)

(3) Right to Request Correction of Customer Personal Data (Article 16 of the GDPR)

(4) Right to Request Deletion of Customer Personal Data (Article 17 of the GDPR)

(5) Right to Request Restrictions on the Processing of Customer Personal Data (Article 18 of the GDPR)

(6) Right to Object to the Processing of Customer Personal Data (Article 21 of the GDPR)

(7) The Right to Receive Customer Personal Data in a Structured, Commonly Used and Machine-readable Format, and the Right to Request that Customer Personal Data be Transferred to Another Controller Unhindered by NEXI and its Overseas Offices (Article 20 of the GDPR)

To exercise the above rights, please contact NEXI and its Overseas Offices at the contact information listed in "8. Contact Information".

Customers may also file an objection to the processing of Customer Personal Data by NEXI and its Overseas Offices to the data protection supervisory authority of the customer’s place of residence, place of work or place of origin of violation of the GDPR.

7. Changes to this Privacy Policy

NEXI and its Overseas Offices may make changes to this Privacy Policy from time to time. In the event of substantial changes, NEXI and its Overseas Offices will notify customers in advance by posting the changed Privacy Policy on this website or by other appropriate means.

8. Contact information

If customers have any questions regarding this Privacy Policy, please contact us at the following contact address:

Reception desk: Chiyoda First Building, East Wing, 5th Floor, 3-8-1 Nishi-Kanda, Chiyoda-ku, Tokyo 101-8359
General Management and Public Relations Group, General Management and Administration Department, Nippon Export and Investment Insurance Co., Ltd.
Email address: info1114[at]nexi.go.jp
Reception hours: 9:00 to 17:30 (excluding Saturdays, Sundays, national holidays, year-end and New Year holidays and other holidays designated by NEXI).

[Established on March 6th, 2024]

PAGE UP