Privacy Policy

PayPay Financial Group Privacy Policy

This Privacy Policy (Privacy Policy) provides the basic policy of the companies in PayPay Financial Group (*) (please see here) to which this Privacy Policy applies for its handling of information relating to the privacy as follows.

(*)“PayPay Financial Group” means the business group constituted by PayPay Corporation and the companies of which names include “PayPay” and which provide financial services, and their subsidiaries.

PayPay Financial Group regards the protection of the privacy of all persons concerned with PayPay Financial Group including customers as one of the most important management issues, so on handling the Personal Data (as defined below), it observes the Act on the Protection of Personal Information (Act No. 57 of 30 May 2003) and other related laws and regulations (hereinafter referred to as the “Related Laws and Regulations”). This Privacy Policy applies to the customers (including, but not limited to, users, Merchants, etc.) or potential customers of PayPay Financial Group’s services, or users of PayPay Financial Group’s website or contents (hereinafter collectively referred to as the “Users”), and stipulates PayPay Financial Group’s handling of all information by which the Users can be identified directly or indirectly such as the User’s name, contact point, birth date, cookie, usage history of services, etc. (hereinafter referred to as the “Personal Data”). The “Personal Information”, which is a kind of the “Personal Data”, means the “Personal Information” defined in the “Act on the Protection of Personal Information”.

1. Collection

PayPay Financial Group may, on the User’s own volition, collect the Personal Data in the following cases. Please note that the User may not be able to utilise each service etc. if it does not provide its Personal Data.

[1]The cases that PayPay Financial Group collects directly: （1）In the case that it is entered by the Users via device operation.

（2）In the case that it is provided by the Users via any medium such as writing, or oral communication etc.

（3）In the case that it is transmitted or provided in connection with the utilisation or viewing of services, products, application, webpage, advertisement or contents by the Users.
[2]The cases that PayPay Financial Group collects indirectly: （1）In the case that it is lawfully collected such as being provided by a business alliance partner or a third party under the Users’ consent.

（2）In the case that the Personally Referable Information such as history of behaviour, IP address, cookie, advertisement ID, device information, etc. on the webpage or service operated by a business alliance partner is provided by such business alliance partner. PayPay Financial Group may utilise the provided Personally Referable Information in combination with the Personal Data which PayPay Financial Group possesses for the purpose described in “2. Utilisation purpose”. In such a case, such information will be treated as the Personal Information.

（3）In the case that it is publicised on newspaper, website, phone book, etc.

2. Utilisation purpose

PayPay Financial Group may utilise the Personal Data only for the following purposes and may not utilise it for any other purpose. PayPay Financial Group also implements measures to prevent utilisation for other purpose.
Further, PayPay Financial Group may not utilise the Individual Number for any purpose other than those set forth in the laws and regulations.

（1）In order to provide the services which PayPay Financial Group operates (hereinafter referred to as the “Service”).: The following are the examples of purpose of utilisation:

In order to specify its contents or perform its transaction relating to the purchase of products or services by the User who utilises the Service.

In order to invoice and settle the payment for the products or paid services.

In order to carry out authentication, identity verification or examination of the User in utilising the Service or inquiring.

In order to offer points or coupons (including those issued by a third party).

In order to provide notifications relating to the Service.
（2）In order to advertise, send commercial message, or market.: The following are the examples of purpose of utilisation:

In order to advertise or send commercial message for the services of PayPay Financial Group or third party advertisers.

In order to market products and services of PayPay Financial Group or third parties.

In order to draw or send gifts relating to campaign etc.
（3）In order to plan the improvement of the Service, new services, etc.: The following are the examples of purpose of utilisation:

In order to improve the Service, and plan and develop new services.

In order to research and analyse the Service usage, or create and publicise its statistical data.

In order to evaluate the response of the contact person, and improve its response quality.
（4）In order to provide each User with optimised services and contents (i.e. personalising).: The following are the examples of purpose of utilisation:

In order to make profiling or segmentation.

In order to improve financial service or optimise crediting.
（5）In order to provide the Service safely.: The following are the examples of purpose of utilisation:

In order to detect the Users who are violating the terms of use etc. regarding the Service, or respond to violators against terms of use etc.

In order to investigate, detect, prevent the occurrence of, or respond to, wrongdoings such as fraud or unauthorised access using the Service.

In order to manage the Personal Data and ensure the data security.
（6）In order to resolve troubles relating to the utilisation or operation of the Service.
（7）In order to conduct the outsourced business properly if it is outsourced processing of all or part of the Personal Information from other business operator etc.

3. Provision

In addition to the cases which the laws and regulations permit, PayPay Financial Group may provide the Personal Data to a third party (including any third party being in foreign countries, the same shall apply hereinafter) after executing a contract with it in principle in the following cases:

（1）In the case of provision of any Personal Data which is required for registration, provision, etc. of the associated services to service alliance companies for the purpose of provision of the associated services in combination with other companies (including Affiliated Companies).

The following are the examples of case in which provision occurs:

In the case of provision of the Personal Data such as the User identifier (User ID etc.), password, name, display name, profile image, email address, actual location information, device battery information, balance information, phone number, camera usage, etc. to an operator of Mini-Application (defined below), in order to create and link an account of an application of the associated services provided in PayPay Financial Group’s application (hereinafter referred to as the “Mini-Application”) or provide associated services. With respect to some part of the Personal Data, the Users may, at its option, control whether it will be provided or not in some cases.
In the case of provision of the Personal Data such as the User identifier (User ID etc.), balance information, etc. to a service alliance company, so as to the Service can be utilised on its website (*) or application.
In the case of provision of the Personal Data such as the User’s cookie, device identifier, etc. (these do not include any information by which the Users can be directly identified, such as the User’s name, contact information, etc.) to a service alliance company, for the purpose that a service alliance company can provide the most suitable services and contents for the Users. Please see “8. Handling of Cookies etc.” for details of handling of cookies etc.

(*)The service alliance companies will be clearly specified on the confirmation page along with the main items of the Personal Data to be provided at the time of the first usage of the Mini-Application or the associated services.

（2）In the case of necessary provision of the Personal Data to another user on the Service, in order to provide any part of the Service which presupposes the disclosure it to other users.

The following are the examples of case in which provision occurs:

In the case of provision to any other user who the User has designated or has designated the User when utilising group payment in PayPay Application, remittance or receipt services (including cases where such other user is located in a foreign country. Please see here for the details).

（3）In the case that it is necessary for dispute resolution or protection of rights, property, etc. of PayPay Financial Group or third party.

（4）In the event that it is necessary for countermeasure or response for misuse of the Service or associated services.

The following are the examples of case in which provision occurs:

In the case that any misuse relating to credit cards, bank accounts, etc. registered to the Users’ PayPay Application has occurred or the suspicion thereof occurs, the Users’ registered information may be provided to credit card issuers, banks, etc. relating to such credit cards, bank accounts, etc. in order to investigate cases or prevent damage.
In the case that it receives an enquiry based on the laws and regulations from public agencies etc., the Users’ registered information may be provided.

（5）In the case of provision to a business successor in order to succeed business for reasons of merger, demerger, etc.

（6）In the case that each User gives its individual consent separately.

4. Joint utilisation

The Personal Information possessed by PayPay Financial Group may be utilised jointly as follows:
Notwithstanding the above, Specific Personal Information may not be utilised jointly.

【Items of the Personal Information subjecting to the joint utilisation】

All of the Personal Information possessed by PayPay Financial Group (excluding any information obtained from any personal credit information bureau.)

【Who may jointly utilise】

Any company in PayPay Financial Group (including any company in foreign countries, the same applies hereinafter); provided, however, that in the event that each PayPay Financial Group company utilises the Personal Information jointly, it enters into an agreement relating to the handling of the Personal Information in advance, and creates a structure to manage the Personal Information properly.
PayPay Financial Group companies which have entered into agreements relating to the handling of the Personal Information are set forth here.

【Utilisation purpose of the joint users】

Utilisation purpose described in 2. above.
The following are the examples of purpose of utilisation:

[1]To implement measures against misuse (detection of, inspection of and precaution against misuse) as PayPay Financial Group
[2]To perform management works; arrange work processes; plan, develop, introduce and provide products, services, etc.; to respond to enquiries; and to perform all kinds of works in order to increase added value for the Users as PayPay Financial Group

Further, with respect to any information for which any special legal obligation is imposed on registration business etc. for the handling of customers’ information, PayPay Financial Group may jointly utilise it only after implement necessary measures to observe such obligation.

【Chief Administrator of Joint Utilisation】

PayPay Corporation
Ichiro NAKAYAMA, President
1-3, Kioi-cho, Chiyoda-ku, Tokyo

5. Outsourcing

PayPay Financial Group may, if it outsources its work to the outsourced party which has entered into a contract within the scope necessary to achieve its utilisation purpose, provide the Personal Information to the third party of such outsourced party.

6. Security

PayPay Financial Group handles the Personal Data properly in compliance with this Privacy Policy.
In order to handle the Personal Data properly, maintain the accuracy of the Personal Information and prevent incidents such as a leakage of Personal Information, it will implement organisational, human, physical and technical security management measures.
For example, the following measures have been implemented:

Establishment of internal rules and organisation to protect the Personal Information.
Implementation of management, monitoring, and employees training at joining Our Company and on regular basis thereafter, with respect to the handling of the Personal Information.
Information classification according to the importance of the Personal Data, and usage restriction of the Personal Data through establishment of work area.
Access control to the Personal Information, and adoption of proper encryption technique and hashing technique.
Implementation of security control measures after understanding the system of the Protection of Personal Information in the destination country of the Personal Information.

In the event that PayPay Financial Group outsources the handling of the Personal Information to any third party, PayPay Financial Group outsources it to the person who meets its standard for selection of outsourcee, and monitors outsourcee’s work properly by entering into an agreement with outsourcee.
PayPay Financial Group provides the Personal Information only to the third parties which implement security management measures which meets its standard.
In cases of incident such as leakage of the Personal Information, PayPay Financial Group will report it to the supervisory agency in compliance with the Related Laws and Regulations, and take necessary measures such as prevention of occurrence of similar incidents and prevention of reoccurrence in accordance with directions from such supervisory agency.

7. Handling of the sensitive information

PayPay Financial Group will not collect, utilise or provide third parties with, any sensitive information, except the certain exceptions such as the case under the laws and regulations, the Guidelines for Protection of Personal Information in the Finance Sector, etc.

8. Handling of Cookies etc.

PayPay Financial Group uses cookies on our website and the Service in order to improve the User experience and website. Further, PayPay Financial Group may allow third parties to place cookies thereon in order to survey the use of services and deliver more suitable advertisements for the Users.

9. Continuous Improvement

In order to handle the Personal Information properly, PayPay Financial Group performs this Privacy Policy by providing training about protection of the Personal Information and conducting regular audit regarding condition of handling of the Personal Information for all officers and employees, and makes efforts to improve it continuously.

10. Revision of Privacy Policy

This Privacy Policy may be revised. In the case of major revision, contents of the revision will be notified to the Users in advance.

Established on 4 November 2025 (Publicised on 17 September)

PayPay Bank’s conduct

1. Utilisation purposes

Based on the PayPay Financial Group Privacy Policy, the Bank shall utilise your personal information for the following services and within the scope necessary to achieve the following utilisation purposes.

（1）Services

Deposit services, domestic exchange services, currency exchange services, lending services and foreign exchange services, as well as the services related to any of the foregoing
Sale of investment trusts, sale of insurance, financial product intermediation, trust services, corporate bond services and other services that banks are permitted to provide under the applicable laws, as well as the services related to any of the foregoing
Other services that banks are permitted to provide and the services related thereto (including services which may be permitted in the future)

（2）Primary utilisation purposes

1.Receipt of applications for financial products and services

a）To accept applications for financial products and services, such as opening accounts for various financial products.
b）To conduct verification of identity in accordance with the Act on Prevention of Transfer of Criminal Proceeds, and verification of your eligibility as a customer to utilise the financial products and services.

2.Decision-making regarding the provision of financial products and services

a）To make decisions regarding loan applications and continuous utilisation of loans.
b）To make decisions regarding the appropriateness of providing financial products and services, such as decisions based on the principle of suitability.

3.Provision of financial products and services, post-termination management and contract administration

a）To manage continuous transactions, such as managing due dates for deposit and loan transactions.
b）To exercise rights or fulfil obligations based on contracts with you or under applicable laws.
c）To terminate transactions or conduct post-termination management after termination of transactions.
d）To provide financial products and services, including accepting and processing your requests and notifying you of transaction details in the course of transactions.

4.Research, development, proposal and introduction of financial products and services

a）To research and develop financial products and services through market research, data analysis and surveys.
b）To make various introductions and proposals regarding financial products and services, such as sending direct mail.
c）To introduce and propose various products and services of alliance companies or other related parties.
d）To advertise or introduce products and services of other companies.

*For the purposes listed in (b) to (d) above, the Bank may optimize the content of the products and services according to your interests and preferences by analysing service utilisation, access history, or information the Bank has collected from third parties.

5.Provision to third parties and entrusted processing

a）To provide personal information to third parties within the scope necessary for the proper performance of services.
b）To appropriately perform all or part of the processing of personal information which is entrusted by other businesses.

6.Proper and smooth execution of transactions

a）In addition to the foregoing, to properly and smoothly execute transactions with you.

These utilisation purposes are posted on the Bank’s website. When notifying the individual concerned, the Bank shall do so in writing or by electromagnetic means.

Except in cases where the utilisation purpose is evident from the circumstances of collecting personal information, such as deposit or withdrawal transactions or funds transfer transactions, the Bank shall clearly specify these utilisation purposes to the individual concerned when the Bank collects personal information directly in writing from the individual upon conclusion of a contract with such individual.

2. Joint utilisation

In addition to the joint utilisation within the PayPay Financial Group, the Bank may jointly utilise your personal data as follows.
Should the Bank review its policy on the handling of joint utilisation, the Bank will publish the details in advance.

（1）Items of personal data subject to joint utilisation

Name of the drawer (for corporations: name, representative’s name, representative’s title), trade name (if applicable), address (for corporations: location, including postal code), name of the person requesting the opening of the current account (for corporations: name, representative’s name, representative’s title, trade name (if applicable)), date of birth, occupation, capital (for corporations only), type of bill or check, face value of the bill or check, exchange date (presentation date), paying bank (including department/branch name), presenting bank (including department/branch name), reason for dishonour, date of suspension of transaction, the clearing house where the paying bank (branch) of the dishonoured bill or check participates, and the bankers association to which that clearing house belongs

（2）Who may jointly utilise

Local clearing houses, participating financial institutions of local clearing houses, the Personal Credit Information Center established and operated by the Japanese Bankers Association, and local bankers associations which are special members of the Japanese Bankers Association (including transaction suspension reference centers of local bankers associations)
(For the list of joint users, please refer to the Japanese Bankers Association website)

Japanese Bankers Association website
https://www.zenginkyo.or.jp/ (external website)

（3）Utilisation purpose in joint utilisation

Ensuring the smooth circulation of bills and checks and making credit decisions within financial institutions

（4）Name of entity responsible for managing personal data

The bankers association to which the clearing house belongs, where the paying bank (branch) for dishonoured bills and checks participates
(For the addresses and names of representatives of each bankers association, please refer to the website of the Japanese Bankers Association (https://www.zenginkyo.or.jp/abstract/electronic/ (external website)).)

3. Security

The Bank shall take the following security control measures as appropriate to prevent your personal information from being lost, falsified, leaked or otherwise accessed by unauthorized persons.

（1）General policies: The Bank has established general policies regarding compliance with the applicable laws, regulations, guidelines and other provisions, the department in charge of handling inquiries and complaints, and other necessary matters to ensure that personal information is handled properly.
（2）Rules for handling personal information: The Bank has established rules and procedures governing methods for collecting, utilising, storing, disclosing, deleting, disposing of and otherwise handling personal information, a responsible person and persons in charge as well as their duties.
（3）Organisational security control measures: The Bank has assigned a person responsible for handling personal information and clarified the scope of personal data that are accessible to each officer or employee who handles personal data and procedures for handling personal data. The Bank has also established a reporting system in which officers and employees can report suspected violation of laws or regulations, or leak of personal information to the responsible person as well as a system for taking appropriate measures.
The Bank requires officers and employees who handle personal information to regularly evaluate their compliance with the rules concerning the handling of personal data and also requires a compliance audit conducted by a different department.
（4）Human security control measures: The Bank has included provisions regarding the confidentiality of personal information in its employee manual and requires officers and employees to submit a statement of compliance with confidentiality requirements.
The Bank also provides regular training for officers and employees on compliance requirements for handling personal information.
（5）Physical security control measures: The Bank controls entry to and exit from areas where personal information is handled to prevent unauthorized persons from accessing personal information.
The Bank also takes measures to prevent devices, electronic media, documents or other items containing personal information from being stolen, lost or otherwise utilised by unauthorized persons as well as measures to prevent personal information from being easily identified by encrypting the information even when moving between rooms in the office. Personal information is deleted and devices, electronic media, documents or other items containing personal information are disposed of in such a way that they cannot be reconstructed.
（6）Technical security control measures: The Bank utilises access control to limit the number of persons in charge who can access personal information and limit the utilisation of databases containing personal information.
The Bank has also introduced a system to protect information systems for processing personal information from external illegal access or illegal software and prevent information leakage and other security issues.
（7）Understanding laws and regulations of other countries: When storing personal data outside Japan, the Bank takes the security control measures as appropriate by understanding the laws and regulations concerning the protection of personal information of the country where personal data are stored.

4. Inquiries

The Bank shall respond to your comments and requests regarding the Bank’s policies and procedures for handling personal information appropriately and promptly. For comments, requests and inquiries regarding the Bank’s policies and procedures for handling personal information and security control measures, please contact the Customer Center.

When providing personal information to third parties in foreign countries and measures are necessary on the part of the Bank to ensure the continuous implementation of appropriate measures by such third parties, the Bank will provide information regarding its measures, including the name of the foreign country, upon request by the individual concerned.

For complaints regarding the Bank’s policies and procedures for handling personal information, please contact the Customer Center.

5. Request for disclosure

Pursuant to paragraph (2) of Article 32, paragraph (1) of Article 33 (including cases applied mutatis mutandis under paragraph (5) of Article 33), paragraph (1) of Article 34, and paragraphs (1), (3) and (5) of Article 35 of the Act (hereinafter such procedures as stipulated in these provisions are collectively referred to as the “Procedures for Request for Disclosure”), the Bank will respond to the Procedures for Request for Disclosure at the request of the individuals concerned or their agent according to the following guidelines. Please note that if you wish to receive notification of the utilisation purpose pursuant to paragraph (2) of Article 32 of the Act, or if you request a suspension of utilisation of personal data possessed by the Bank pursuant to paragraph (1), (3) or (5) of Article 35 of the Act, please contact the Bank’s Customer Center.

（1）Items subject to Procedures for Request for Disclosure: Name, address, telephone number, date of birth, place of work (company name or occupation, telephone number), transaction balance (account item, account number, balance), transaction history information, etc.
Records of provision to third parties are also subject to the request for disclosure.
（2）Contact desk for Procedures for Request for Disclosure: Registered office

If submitting by mail, please request the designated application form from the Bank’s Customer Center. The Bank will mail the application form to you. Please complete the necessary information and mail the form back with the required documents attached.
（3）Documents to be submitted: Request for disclosure of personal information (for requests for notification of utilisation purposes under paragraph (2) of Article 32 of the Act and requests for disclosure under Article 33 of the Act)

Request for Correction or Suspension of Use of Personal Information (for requests for correction, addition or deletion under paragraph (2) of Article 34 of the Act)

Identification documents (one copy of driver’s license, passport, etc.)

Power of Attorney in the form designated by the Bank (for requests made by an agent)

Documents confirming the authority to act as a representative, in addition to the above item 3, for the request for disclosure by a legal representative
（4）Fees: For requests for notification of utilisation purposes of personal data possessed by the Bank under Article 32 of the Act and requests for disclosure under Article 33 of the Act, you will be required to pay the fee specified by the Bank by way of bank transfer or other payment method.

Information subject to disclosure request Fee
(Including consumption taxes; as of November 1, 2025)

Name, address, phone number, date of birth, place of work (company name or occupation, phone number) All listed items: JPY 1,100

Notification of utilisation purposes of personal data possessed by the Bank JPY 1,100 per copy

Record of provision to third parties JPY 1,100 per copy

Other information JPY 1,100 per item
（5）Response method: The Bank will respond without delay in writing or by electromagnetic means, either by handing the requested information over the counter at the registered office of the Bank or by mailing it to the address provided by the individual concerned. Please note that even if the request is made by an agent, the Bank may respond directly to the individual concerned.
（6）Utilisation purposes of personal information collected in relation to Procedures for Request for Disclosure: Personal information collected by the Bank in relation to any Procedures for Request for Disclosure will be utilised for conducting investigations for such Procedures, verifying the identity of the individuals concerned and their agent, collecting fees and responding to the request for disclosure.
（7）Handling when no disclosure is made: Please be advised that the Bank may be unable to disclose the requested information in the following cases. Should the Bank decide not to disclose, the Bank will notify you of this decision along with the reasons. Please note that the specified fee will still apply even if disclosure is not made.

If the identity of the individual concerned cannot be verified.

In case of a request made by an agent, if the authority of the agent cannot be verified.

If the required request documents are incomplete.

If the fee is not paid within the specified period.

If the requested information items do not correspond to the personal data possessed by the Bank or the record of provision to third parties.

If there is a risk of harming the life, body, property or other rights and interests of the individual concerned or a third party.

If there is a risk of causing significant hindrance to the proper execution of the Bank’s business.

If it would violate other laws or regulations.

Information subject to disclosure request	Fee (Including consumption taxes; as of November 1, 2025)
Name, address, phone number, date of birth, place of work (company name or occupation, phone number)	All listed items: JPY 1,100
Notification of utilisation purposes of personal data possessed by the Bank	JPY 1,100 per copy
Record of provision to third parties	JPY 1,100 per copy
Other information	JPY 1,100 per item

6. Names of the accredited personal information protection organisations and contacts for resolution of complaint relating to handling of personal information

The Bank is a member of the following accredited personal information protection organisations. These organisations listen to your complaints and provide you with consultations on their members’ policies and procedures for handling personal information.

（1）All Banks Personal Data Protection Council: https://www.abpdpc.gr.jp (external website)
[Contact information for complaints and consultations] Call 03-5222-1700 or visit the nearest JBA Banking Consultation Office (“Ginko Torihiki Sodansho”)
（2）Personal Information Consultation Office at Japan Securities Dealers Association: https://www.jsda.or.jp (external website)
[Contact information for complaints and consultations] Telephone number: 03-6665-6784
（3）Personal Information Complaint and Consultation Office at the Financial Futures Association of Japan: https://www.ffaj.or.jp (external website)
[Contact information for complaints and consultations] Telephone number: 03-5280-0881

7. Handling of your specific personal information, etc.

The following explains how the Bank handles your specific personal information.

Handling of Customers’ Specific Personal Information, Etc.

8. Name, etc. of personal information handling business operator

PayPay Bank Corporation
Tomohito TAKUSARI, CEO
1-6-1, Yotsuya, Shinjuku-ku, Tokyo

For Customers Opening a PayPay Bank Account