HR Privacy Notice for California Residents

Last Updated: November 21, 2024

MUFG Americas Holding Corporation (“MUAH”) and its subsidiaries, including MUFG Securities Americas, Inc. (“MUSA”), First Sentier Investors (“FSI”), FSSA Investment Managers, Igneo Infrastructure Partners, Stewart Investors, MUFG Fund Services (USA) LLC (“MFS(USA)”), MUFG Investor Services (US), LLC, MUFG Capital Analytics, LLC, as well as Mitsubishi UFJ Trust and Banking Corporation, New York Branch (“MUTB-NY”) and all U.S. branch, agency, and other representative office operations of MUFG Bank, Ltd. (formerly The Bank of Tokyo-Mitsubishi UFK, Ltd.) (“MUFG Bank”) (hereinafter referred to as the “Company”) respect your concerns about privacy.  This HR Privacy Notice describes the types of personal information the Company collects about California residents who are current or former (1) Company employees, owners, directors, officers, and contractors (collectively, “Company Personnel”), (2) emergency contacts of Company Personnel, and (3) individuals related to Company Personnel for whom the Company administers benefits (collectively with Company Personnel, “HR Covered Individuals”). 

Company Personnel are responsible for providing this Privacy Notice to any HR Covered Individual whose personal information is provided to the Company-by-Company Personnel.  Certain terms used in this Notice have the meanings given to them in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Acts of 2020, and their implementing regulations (collectively the “CCPA/CPRA”).  

Personal Information the Company Collects

The Company may collect (and may have collected during the 12-month period prior to the Last Updated date of this HR Privacy Notice) the following categories of personal information about HR Covered Individuals:

• Identifiers: identifiers, such as a real name, alias, postal address, unique personal identifier (e.g., a device identifier, employee number, unique pseudonym, or user alias/ID), telephone number, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, visa number, date of birth, and other similar identifiers
   
• Additional Data Subject to California Civil Code § 1798.80: signature, physical characteristics or description, state identification card number, insurance policy number, education, bank account number, credit card number and debit card number, and other financial information, medical information, and health insurance information
   
• Protected Classifications: characteristics of protected classifications under California or federal law, such as race, color, national origin, religion, age, sex, gender, gender identity, gender expression, marital status, medical condition, ancestry, genetic information, disability, citizenship status, and military and veteran status
   
• Commercial Information: commercial information, including records of personal property, products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies
   
• Online Activity: Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites or applications 
   
• Geolocation Data
   
• Sensory Information: audio, electronic, visual, and similar information
   
• Employment Information: professional or employment-related information, such as compensation, benefits and payroll information (e.g., salary-related information, tax-related information, benefits elections and details regarding leaves of absence), information relating to your position (e.g., job title and job description), performance-related information (e.g., evaluations and training), talent management information (e.g., resumé information, occupation details, education details, certifications and professional associations, historical compensation details, previous employment details, and pre-employment screening and background check information, including criminal records information), emergency contact information, and dependent information
   
• Education Information: education information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99)
   
• Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

How the Company Uses the Personal Information

The Company may use (and may have used during the 12-month period prior to the Last Updated date of this HR Privacy Notice) personal information for the purpose of carrying out and supporting HR functions and activities, including the uses described below as they are described in the CCPA/CPRA.

• Managing work activities and personnel generally, including recruiting; performing background checks; determining suitability for employment or promotion; determining physical and/or mental fitness for work; reviewing and evaluating performance; determining eligibility for and processing salary increases, bonuses, and other incentive-based compensation; providing references; managing attendance, absences, leaves of absences, and vacations; administering payroll services; reimbursing expenses; administering health, dental, and other benefits; training and development; making travel arrangements; securing immigration statuses; monitoring staff; creating staff directories; investigating suspected misconduct or non-performance of duties; managing disciplinary matters, grievances, and terminations; reviewing staffing decisions; and providing access to facilities
• Ensuring business continuity; protecting the health and safety of our staff and others; safeguarding, monitoring, and maintaining our IT infrastructure, office equipment, facilities, and other property; detecting or preventing theft or fraud, or attempted theft or fraud; and facilitating communication with you and your designated contacts in an emergency
• Operating and managing our IT, communications systems and facilities, and monitoring the use of these resources; performing data analytics; improving our services; allocating and managing company assets and human resources; strategic planning; project management; compiling audit trails and other reporting tools; maintaining records relating to business activities, budgeting, and financial management; managing mergers, acquisitions, sales, reorganizations or disposals and integration with business partners
• Complying with legal requirements, such as tax, record-keeping and reporting obligations; conducting audits, management and resolution of health and safety matters; complying with requests from government or other public authorities; responding to legal process such as subpoenas and court orders; pursuing legal rights and remedies; defending litigation and managing internal complaints or claims; conducting investigations; and complying with internal policies and procedures
• Performing services
• Certain short-term, transient uses
• Helping to ensure security and integrity to the extent the use of personal information is reasonably necessary and proportionate for these purposes
• Debugging to identify and repair errors that impair existing intended functionality
• Undertaking internal research for technological development and demonstration
• Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us

The Company does not collect or process sensitive personal information with the purpose of inferring characteristics about HR Covered Individuals. 

To the extent the Company processes deidentified information, the Company will maintain and use the information in deidentified form and will not attempt to reidentify the information unless permitted by applicable law.

Retention of Personal Information

The Company retains personal information of HR Covered Individuals for the period reasonably necessary to achieve the purposes outlined in this HR Privacy Notice, unless a longer retention period is required or permitted by applicable law, taking into account applicable statutes of limitations and records retention requirements under applicable law.

Sources of Personal Information

During the 12-month period prior to the Last Updated date of this HR Privacy Notice, the Company may have obtained personal information about HR Covered Individuals from the following categories of sources:

• Directly from you;
   
• From your devices, such as when you visit our websites, online and mobile applications;
   
• Family or other individuals who provide information about you, for example, in connection with our provision of benefits or services;
   
• Customers or business partners who provide information about you, such as when they provide feedback;
   
• Our affiliates and subsidiaries;
   
• Vendors who provide services on our behalf;
   
• Government entities;
   
• Recruiting and talent agencies;
   
• Social networks; and
   
• Data Brokers, such as background check services.

Disclosure of Personal Information

During the 12-month period prior to the Last Updated date of this HR Privacy Notice, the Company may have disclosed the following categories of personal information about you for the business purposes listed above to the following categories of third parties:

In addition to the categories of third parties identified above, during the 12-month period prior to the Last Updated date of this HR Privacy Notice, the Company may have disclosed personal information about you to the following additional categories of third parties: government entities; self-regulatory organizations and third parties in connection with corporate transactions, such as mergers, acquisitions, or divestitures, that may assume or have assumed control of all or part of our business.

The Company does not sell or share for cross-context behavioral advertising purposes personal information about HR Covered Individuals.

Your California Privacy Rights

You have certain rights regarding your personal information, as described below.

Request to Know: You have the right to request, twice in a 12-month period, that the Company disclose to you the categories of personal information we have collected about you, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom the Company discloses personal information, and the specific pieces of personal information the Company has collected about you.

Request to Correct: You have the right to request that the Company correct the personal information the Company maintains about you, if that information is inaccurate.

Request to Delete: You have the right to request that the Company delete certain personal information the Company has collected from you.

How to Submit a Request

To submit an access, correction, or deletion request, please visit the Web Form which can also be accessed by visiting Homepage MUFG Americas scrolling to the bottom of the page, clicking on “California: Privacy” in the footer, navigating to the bottom of the page, and clicking on “California: Privacy” in the footer, navigating to the bottom of the page, and clicking on “Submit a request,” or call toll-free at 1-800-542-6015 (our menu will prompt you through your choices) Monday - Friday, 9:00 am - 5:00 pm (ET).

To submit a request as an authorized agent on behalf of another individual please email USPrivacy@us.mufg.jp and provide the details regarding your request. If you designate an authorized agent to make an access, correction, or deletion request on your behalf, the Company may require you to provide the authorized agent written permission to do so, or provide a power of attorney pursuant to Probate Code sections 4000 to 4465.

Verifying Requests

To help protect your privacy and maintain security, the Company will take steps to verify your identity before granting you access to your personal information or complying with your request.  If you request access to, correction of or deletion of your personal information, the Company may require you to provide any of the following information: first and last name, email address, phone number, date of birth, street address, city, state, zip code, worker id, or worker email.  If you designate an authorized agent to make an access, correction or deletion request on your behalf (a) the Company may require you to provide the authorized agent written permission to do so, and (b) for access, correction and deletion requests, the Company may require you to verify your own identity directly with us (as described above).

Additional Information

If you choose to exercise any of your rights under the CCPA/CPRA, you have the right to not receive discriminatory treatment by the Company. To the extent permitted by applicable law, the Company may charge a reasonable fee to comply with your request. 

How To Contact Us

If you have any questions regarding this HR Privacy Notice for California Residents or the Company’s privacy practices, please contact Human Resources or AskHR@us.mufg.jp.