The Company has developed the following Personal Information Protection Policy that sets out its handling of customers' personal information:

1. Compliance with Relevant Laws and Regulations

When using personal information, the Company will comply with the Act on the Protection of Personal Information and other related laws and regulations for the protection of personal information, guidelines issued by the competent ministry, and this Personal Information Protection Policy.

2. Purpose of Use

The Company will only use customers' personal information to the extent necessary to achieve the Purpose of Use, unless the customer's consent for other use has been obtained, or unless the information is treated as an exception under laws and regulations. The Purpose of Use of personal information in the Company is posted on its website.

3. Provision to a Third Party

The Company will not provide personal data to any third party without the consent of the customer unless stipulated otherwise in laws and regulations.

4. Security Control

The Company will strive to keep customers' personal information accurate and updated. To prevent the unauthorized disclosure or other misuse of customers' personal information, the Company will take the necessary and appropriate security control measures and will supervise officers, employees, and outsourcing companies appropriately.

5. Continuous Revision

To handle customers' personal information appropriately, the Company will review the Protection Policy from time to time in order to improve it.

6. Procedures for Requesting Disclosure Etc

When the Company receives requests from customers for the disclosure, correction, termination of use or other requests regarding customers' personal information, the Company will identify the customers' identities and will strive to respond to the requests promptly and appropriately. Please request disclosure etc. through the Company's prescribed procedures.

7. Inquiries, Comments, Etc

For inquiries and comments, etc. about the personal information of customers, please contact the Company at the address given below.

Inquiries, comments, etc. about personal information

5-1, Nihonbashi 2-chome, Chuo-ku, Tokyo

Total Risk Control & Compliance Department, Tokai Tokyo Financial Holdings, Inc.

Tel: 03-3517-8403

Purpose of Use of Personal Information

The Company uses customers' personal information within the scope of the following business and purposes, to the extent that the use of the personal information is necessary to achieve these businesses and purposes, under the Act on the Protection of Personal Information (Law No. 57, May 30, 2003).

1. To exercise rights and perform obligations under the Company Law
2. To provide shareholders of the Company with information and services such as sending reports of the Tokai Tokyo Financial Group
3. To collect the statistical data necessary for the Company to conduct PR and IR activities
4. To conduct business administration and internal control of the Tokai Tokyo Financial Group

Shared Use

The Company may share personal information as described below:

1. Items of personal data to be shared

   • Information on customers, such as their name, address, date of birth, telephone number, occupation, and transaction needs
   • Information on transactions with customers, such as transaction details and the assets under custody

2. Companies that may share information

   The Company and consolidated subsidiaries named in the securities report, etc. of the Company

3. Purpose of use

   To conduct business administration and internal control, such as integrated management of compliance and risks of the Tokai Tokyo Financial Group

Management of Personal Information

The Company strictly controls customers' personal information, to prevent it from being leaked and lost.

Party Responsible for Managing the Personal Information

The Company

Appropriate Acquisition of Personal Information

The Company will acquire customers' personal information, taking their privacy into consideration, to the extent the information is necessary for performing the Company's businesses and achieving the Purpose of Use of information under the Act on the Protection of Personal Information (Law No. 57, May 30, 2003) as described below.

1. The Company will not obtain customers' personal information by false pretenses or other dishonest means.

2. The Company will not infringe customers' interests when obtaining their personal information from a third party and will not obtain personal information if the Company knows that the information has been leaked from a third party who has committed wrongdoing including fraudulent acquisition of personal information.

3. The Company may obtain customers' personal information by the following means:

   • Through third parties including database service providers.
   • Through audio recording, image recording, receiving e-mails, and other means.
   • Through information in official gazettes, newspapers, magazines, the Internet, and other sources.