- Handling of Personal Information in Telecommunications Business Field
- Handling of Personal Information in Installment Sales and Individual Financing Agency Business Fields
- Handling of Personal Information in Bank Agency Service and Insurance Agency Service Fields
In recognition of the importance of personal information, KDDI Corporation (hereinafter referred to as "KDDI") complies with the Telecommunications Business Law, Personal Information Protection Act, guidelines according to business fields as specified by a competent authority, including Guidelines Concerning Protection of Personal Information in Telecommunications Businesses, and other related laws and ordinances publicly in order to ensure the protection of personal information. In addition, KDDI handles personal information in the following manner:
1. Collection of Personal Information
We handle the information described in items 1 through 6 below, which is collected through legal and fair means. Personal Information collected on customers may be shared among the services and operations of KDDI. Personal Information of customers includes information on the Subscriber as well as personal information on all users obtained through the User Registration System for au Telecommunications Services. There may be cases where customer information is not considered personal information due to its content. We will, however, give due consideration to the handling that information.
- Information collected from written sources such as application forms filled in by customers, or a company website, or verbally collected in order for us to provide telecommunications services (including services associated with telecommunications services: see Attached Sheet 1) and other services. When answering a telephone call from a customer, we may record the call to verify the inquiry and improve our services.
- Information obtained as a result of the use of our services by a customer (access information obtained using technology such as cookies and web beacons, including information automatically obtained by our systems)
- Information obtained from a residence certificate or the like by making inquiries at a public institution
- Information obtained from various sources open to the public, such as telephone directories and official government gazettes
- Information obtained from credit information reference centers
- Information lawfully obtained from a third party by referral of a customer
2. Use of Personal Information
We will not use personal information in our possession beyond the extent necessary for fulfilling its intended purpose of use (see purpose of use by business field), except in the following cases:
- If a customer consents;
- If required by laws and ordinances;
- If such information is required for the protection of human life, body or property, and it is difficult to obtain a customer's consent;
- If such information is required especially for the improvement of public health or the promotion of sound nurturing of children, and it is difficult to obtain a customer's consent; or
- If it becomes necessary under applicable laws and ordinances to cooperate with a government agency, local public agency or parties authorized by them, and obtaining of consent from the customer is likely to hinder the execution of such duties.
3. Management of Personal Information
We take measures to control access to personal information, limit means for taking personal information outside the office, and prevent unauthorized external access. We also take measures to prevent personal information being leaked, lost or damaged and other necessary and appropriate measures for personal information security management (hereinafter referred to as "Security Management Measures").
When taking Security Management Measures, we properly implement technological and organizational protections as shown below by using the frameworks of the Info-Communications Safety and Reliability Standards (Ministry of Posts and Telecommunications Notice No. 73 of 1987) and Information Security Management System (ISMS).
(1) Technological Protection Measures
- We control access to personal information (limiting the number of employees authorized to access personal information regarding measures including the immediate cancellation of accounts of employees who are transferred or leave the company, the establishment of a system for monitoring access status such as longterm storage of access logs, the change of passwords at regular intervals, and room entry/exit supervision, etc.)
- We limit the means for taking personal information outside the office (prohibition of saving to external storage devices without due reasons and establishment of a monitoring system of e-mail between inside and outside the company in the company rules).
- We take measures to prevent unauthorized external access (installation of firewalls, etc.)
(2) Organizational Protection Measures
A) Supervision of employees (including temporary employees)
- As the designated person in charge of the management of personal information, we appoint a "Person in charge of information security" and define the responsibility and authority of an employee with respect to personal information security management.
- We establish internal rules and compile manuals concerning security management, instruct employees to comply with such rules and manuals, and perform appropriate audits on the status of compliance.
- We provide employees with training and education on personal information security management.
B) Supervision of contractors
We may contract all or part of our personal information handling operation. In such a case, we select a contractor who is expected to properly handle personal information, appropriately specify matters concerning handling of personal information such as Security Management Measures, confidentiality, terms and conditions of recontract, return of personal information upon expiration or termination of contract agreement, and perform necessary and appropriate supervision.
4. Discontinuation of Information by Direct Mail
If a customer does not wish to receive advertising material via direct mail, he/she may request us to cease delivery. However, delivery of information such as e-mail related to confirmation of an order for various services concerning telecommunication services that is necessary for operation of services is excluded from this opt-out provision. To request termination, contact us at the following locations:
"KDDI Customer Service Center"
- Customer using au mobile phone
From au phones: Dial 157 with no area code (Toll free)
From general fixed-line phones: 0077-7-111 (Toll free)
Open: 9:00 - 20:00 (including Saturdays, Sundays and national holidays)
* If you cannot use the above numbers: 0120-977-033
- Customers using Internet Phone Service
0077-777 (Toll free)
Open: 9:00 - 20:00 (including Saturdays, Sundays and national holidays)
* If you cannot use the above numbers: 0120-22-0077
5. Disclosure of Personal Information
We will respond without delay to requests from a customer or their agent for disclosure of relevant personal information, except in the following cases. Please note that a customer includes all users registered with the User Registration System for au Telecommunications Services, in addition to a subscriber.
- If there is a possibility of damaging life, body, property, or other rights or interests of the customer or any third party;
- If there is a possibility of significantly interfering with proper operation of our business; or.
- If it may violate laws or regulations.
For inquiries about personal information disclosure, contact us at the following location:
[KDDI Corporation Personal Information Disclosure Consultation Office]
KDDI Building 2-3-2 Nishi-Shinjuku, Shinjuku-ku, Tokyo 163-8509
03-6670-6684 (9:00 - 17:00 Every day except Saturdays, Sundays, national holidays and Year End/New Year holidays)
For more details of procedures for personal information disclosure, refer to Attached Sheet 2.
6. Response to Other Matters Concerning Personal Information
(1) Revision, etc. (revision, addition, deletion, stoppage of use, and stoppage of provision to third parties) of personal information
If requested by a customer or his/her agent to make a revision, etc. of relevant personal information, we will conduct an investigation without delay. We will promptly perform the revision, etc. if the results of the investigation determine that the relevant personal information is incorrect, the information retention period has expired, or the handling of the information is inappropriate.
To make a request for revision, etc. of personal information, contact the KDDI Corporation Personal Information Disclosure Consultation Office above.
(2) Notification of purpose of use
If requested by a customer or his/her agent to provide notification of the purpose of use of the personal information, we will provide notification without delay, except in the following cases:
- When the purpose of using the specified personal information is already clear to the customer;
- When provision of the notification poses a threat to the life, physical body, property, or other rights and interests of the customer or a third party;
- When provision of the notification poses a threat to the rights or legal interests of our company; or
- When we are required to cooperate with national institutions or local authorities in the execution of affairs prescribed by law, and when provision of the notification may constitute a hindrance to the execution of such affairs.
To make a request for notification of purpose of use of personal information, contact the KDDI Corporation Personal Information Disclosure Consultation Office above.
(3) Complaints on the handling of personal information
We will, in an appropriate and timely manner, respond to complaints regarding the use, provision, disclosure or revision of personal information, or other complaints regarding the handling of personal information.
To file a complaint, contact the KDDI Corporation Personal Information Disclosure Consultation Office above.
Please note that we are unable to accept any of the above requests made in person at our office.