 |
|
|
KDDI Corporation (hereinafter referred to as "KDDI") recognizes the importance of personal information. In order to thoroughly protect such information, KDDI, in observing the Telecommunications Business Law, the Law Concerning Broadcast on Telecommunications Services, Personal Information Protection Act, Guidelines Concerning Protection of Personal Information in Telecommunications Businesses, Guidelines Concerning Protection of Personal Information of Broadcast Service Users, and other such laws and ordinances, publicly discloses and pledges to comply with this Privacy Policy.
| | |
KDDI collects personal information (such as names, addresses, telephone numbers, and e-mail addresses) of its customers to the extent necessary to provide its telecommunications services (including services concomitant to telecommunications services) and other services (see Attached Sheet 1). Personal Information collected on customers may be shared among the services.
In addition, when KDDI has collected or attempts to collect personal information from its customers, KDDI discloses to its customers and announces to (or notifies) its customers the intended purpose for which it will use such information.
| | |
| (1) |
Purpose of Use of Collected Personal Information
KDDI will not handle the personal information in its possession beyond the extent necessary for fulfilling its intended purpose of usage (see Attached Sheet 2), except in the following cases:
1)
|
In instances where the customer has granted their permission
|
2)
|
In instances where KDDI is required to do so by a legally-enforced order
|
3)
|
If such information is required for the protection of a person's life, body, or property, and the permission of the customer cannot be readily obtained
|
4)
|
If such information is required especially for the improvement of public health or the promotion of sound nurturing of children, and the permission of the customer cannot be readily obtained
|
5)
|
If it becomes necessary by legal ordinance to cooperate with a government agency, public authorities, or parties authorized by them, and there is concern that seeking permission of the customer may hinder the execution of the relevant duties
|
|
| (2) |
Sharing Customers' Personal Information with Third Parties
Apart from the aforementioned cases of use of personal information collected from customers, KDDI may also share this information with third parties in the following instances:
1)
|
KDDI may notify telecommunications companies (see Attached Sheet 4) of personal information of nonpaying customers or senders of commercial or other unsolicited e-mail ("spam") based on the terms of contracts.
|
2)
|
KDDI may provide the necessary personal information, based on the terms of contracts or upon receiving the permission of the customer, to other mobile phone companies involved with Mobile Number Portability (MNP) or telecommunications or other companies that have interconnection agreements with KDDI.
|
3)
|
KDDI may provide the customer information (such as the location from which a call was placed, name or address of the customer), based on the terms of contracts, to organizations that deal with emergencies (such as the police force, maritime safety headquarters, or the fire department).
|
|
| (3) |
Shared use of personal information
KDDI, with the purpose of providing the services listed in Attached Sheet 1, will share personal information on customers as follows;
1)
|
The particulars and purpose of using personal information is stated in Attached Sheet 2.
|
2)
|
KDDI will share information with operators who have been stipulated separately (see Attached Sheet 3).
|
3)
|
KDDI will be responsible for the management of personal information collected on customers.
|
|
| | |
KDDI takes measures to manage access to personal information, limit the steps of its handling, and prevent unauthorized outside access, as well as measures to prevent leakage, loss or damage (hereinafter referred to as "Leakage, etc.") and other necessary and appropriate measures (hereinafter referred to as "Safety Management Measures") in order to safely manage personal information.
In taking these Safety Management Measures, KDDI applies standards including Safety and Reliability Standards of Information Communications Networks (Notice No. 73, MPT, 1987).
Safety Management Measures are classified into two major categories, Technological Protection Measures and Organizational Protection Measures, and each category is implemented appropriately.
| (1) |
Technological Protection Measures
| 1) |
Management of access to personal information (limiting employees with authority to access information (including measures such as immediate deactivation of accounts of employees who have transferred or left the company), surveillance of access status (such as long-term storage of access logs), regular changing of passwords, room entry/exit supervision, etc.)
|
| 2) |
Limits to steps in handling of personal information (prohibition of storage to external storage devices without permission, setting internal guidelines to monitor internal/external E-mail correspondence, etc.)
|
| 3) |
Measures to prevent unauthorized outside access (establishing firewalls, etc.)
|
|
| (2) |
Organizational Protection Measures
| 1) |
Clearly regulating the responsibility and authority of employees and subcontracted parties engaged in safety management
|
| 2) |
Establishing internal codes of behavior and manuals regarding safety management, and instructing employees to comply with such codes and manuals, as well as supervising compliance with such codes and manuals where appropriate
|
| 3) |
Appropriate supervision of employees and subcontracted parties involved with safety management through measures such as confidentiality agreements with employees and subcontracted parties
|
| 4) |
Necessary training for employees involved with safety management
|
|
| | |
KDDI will answer, within a reasonable time period, requests from the customer or a party acting on behalf of the customer for disclosure of applicable personal information, except in the following cases:
| (1) |
If there is due concern of damage to the life, body, property, or other rights or interests of the customer or any third party
|
| (2) |
If there is due concern of a significant obstruction to the proper operations of KDDI
|
| (3) |
If there is the possibility of violation of any legal ordinances
|
For personal information disclosure procedures, please refer to Attached Sheet 5.
KDDI, if requested by the customer or a party acting on behalf of the customer to make amendments, additions, or deletions to the content of the applicable personal information (hereinafter referred to as "Amendments, etc.") will examine the request within a reasonable time period and, based on this examination, will carry out Amendments, etc. of the applicable personal information within the extent necessary to fulfill the intended purpose.
Please refer to Attached Sheet 6.
Please refer to Attached Sheet 7.
|
|
